M I C R O S O F T
20409B
L E A R N I N G
P R O D U C T
MCT USE ONLY. STUDENT USE PROHIBITED
O F F I C I A L
Server Virtualization with Windows Server Hyper-V® and System Center
Server Virtualization with Windows Server Hyper-V® and System Center
MCT USE ONLY. STUDENT USE PROHIBITED
ii
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. © 2014 Microsoft Corporation. All rights reserved. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty /Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.
Product Number: 20409B Part Number: X19-32457 Released: 02/2014
MCT USE ONLY. STUDENT USE PROHIBITED
MICROSOFT LICENSE TERMS MICROSOFT INSTRUCTOR-LED COURSEWARE
These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which includes the media on which you received it, if any. These license terms also apply to Trainer Content and any updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms apply. BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT. If you comply with these license terms, you have the rights below for each license you acquire. 1.
DEFINITIONS.
a. “Authorized Learning Center” means a Microsoft IT Academy Program Member, Microsoft Learning Competency Member, or such other entity as Microsoft may designate from time to time.
b. “Authorized Training Session” means the instructor-led training class using Microsoft Instructor-Led Courseware conducted by a Trainer at or through an Authorized Learning Center. c.
“Classroom Device” means one (1) dedicated, secure computer that an Authorized Learning Center owns or controls that is located at an Authorized Learning Center’s training facilities that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware.
d. “End User” means an individual who is (i) duly enrolled in and attending an Authorized Training Session or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee. e. “Licensed Content” means the content accompanying this agreement which may include the Microsoft Instructor-Led Courseware or Trainer Content. f.
“Microsoft Certified Trainer” or “MCT” means an individual who is (i) engaged to teach a training session to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a Microsoft Certified Trainer under the Microsoft Certification Program.
g. “Microsoft Instructor-Led Courseware” means the Microsoft-branded instructor-led training course that educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware. h. “Microsoft IT Academy Program Member” means an active member of the Microsoft IT Academy Program. i.
“Microsoft Learning Competency Member” means an active member of the Microsoft Partner Network program in good standing that currently holds the Learning Competency status.
j.
“MOC” means the “Official Microsoft Learning Product” instructor-led courseware known as Microsoft Official Course that educates IT professionals and developers on Microsoft technologies.
k. “MPN Member” means an active Microsoft Partner Network program member in good standing.
MCT USE ONLY. STUDENT USE PROHIBITED
l.
“Personal Device” means one (1) personal computer, device, workstation or other digital electronic device that you personally own or control that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware.
m. “Private Training Session” means the instructor-led training classes provided by MPN Members for corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware. These classes are not advertised or promoted to the general public and class attendance is restricted to individuals employed by or contracted by the corporate customer. n. “Trainer” means (i) an academically accredited educator engaged by a Microsoft IT Academy Program Member to teach an Authorized Training Session, and/or (ii) a MCT.
o. “Trainer Content” means the trainer version of the Microsoft Instructor-Led Courseware and additional supplemental content designated solely for Trainers’ use to teach a training session using the Microsoft Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Prerelease course feedback form. To clarify, Trainer Content does not include any software, virtual hard disks or virtual machines. 2.
USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed Content.
2.1
Below are five separate sets of use rights. Only one set of rights apply to you.
a. If you are a Microsoft IT Academy Program Member: i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. ii. For each license you acquire on behalf of an End User or Trainer, you may either: 1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User who is enrolled in the Authorized Training Session, and only immediately prior to the commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or 2. provide one (1) End User with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or 3. provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content, provided you comply with the following: iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content, iv. you will ensure each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session, v. you will ensure that each End User provided with the hard-copy version of the Microsoft InstructorLed Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware, vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session,
MCT USE ONLY. STUDENT USE PROHIBITED
vii. you will only use qualified Trainers who have in-depth knowledge of and experience with the Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Authorized Training Sessions, viii. you will only deliver a maximum of 15 hours of training per week for each Authorized Training Session that uses a MOC title, and ix. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer resources for the Microsoft Instructor-Led Courseware.
b. If you are a Microsoft Learning Competency Member: i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. ii. For each license you acquire on behalf of an End User or Trainer, you may either: 1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Authorized Training Session and only immediately prior to the commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware provided, or 2. provide one (1) End User attending the Authorized Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft InstructorLed Courseware, or 3. you will provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content, provided you comply with the following: iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content, iv. you will ensure that each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session, v. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware, vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session, vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training Sessions, viii. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Authorized Training Sessions using MOC, ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and x. you will only provide access to the Trainer Content to Trainers.
MCT USE ONLY. STUDENT USE PROHIBITED
c.
If you are a MPN Member: i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. ii. For each license you acquire on behalf of an End User or Trainer, you may either: 1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Private Training Session, and only immediately prior to the commencement of the Private Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or 2. provide one (1) End User who is attending the Private Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or 3. you will provide one (1) Trainer who is teaching the Private Training Session with the unique redemption code and instructions on how they can access one (1) Trainer Content, provided you comply with the following: iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content, iv. you will ensure that each End User attending an Private Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session, v. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware, vi. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Private Training Session, vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training Sessions, viii. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Private Training Sessions using MOC, ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and x. you will only provide access to the Trainer Content to Trainers.
d. If you are an End User: For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for your personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you may access the Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to three (3) Personal Devices. You may also print one (1) copy of the Microsoft Instructor-Led Courseware. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. e. If you are a Trainer. i. For each license you acquire, you may install and use one (1) copy of the Trainer Content in the form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized Training Session or Private Training Session, and install one (1) additional copy on another Personal Device as a backup copy, which may be used only to reinstall the Trainer Content. You may not install or use a copy of the Trainer Content on a device you do not own or control. You may also print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training Session or Private Training Session.
MCT USE ONLY. STUDENT USE PROHIBITED
ii.
You may customize the written portions of the Trainer Content that are logically associated with instruction of a training session in accordance with the most recent version of the MCT agreement. If you elect to exercise the foregoing rights, you agree to comply with the following: (i) customizations may only be used for teaching Authorized Training Sessions and Private Training Sessions, and (ii) all customizations will comply with this agreement. For clarity, any use of “customize” refers only to changing the order of slides and content, and/or not using all the slides or content, it does not mean changing or modifying any slide or content.
2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not separate their components and install them on different devices.
2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any third parties without the express written permission of Microsoft. 2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included for your information only. 2.5 Additional Terms. Some Licensed Content may contain components with additional terms, conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also apply to your use of that respective component and supplements the terms described in this agreement. 3.
LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Content’s subject matter is based on a pre-release version of Microsoft technology (“Pre-release”), then in addition to the other provisions in this agreement, these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of the Microsoft technology. The technology may not work the way a final version of the technology will and we may change the technology for the final version. We also may not release a final version. Licensed Content based on the final version of the technology may not contain the same information as the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you with any further content, including any Licensed Content based on the final version of the technology. b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or through its third party designee, you give to Microsoft without charge, the right to use, share and commercialize your feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback. You will not give feedback that is subject to a license that requires Microsoft to license its technology, technologies, or products to third parties because we include your feedback in them. These rights survive this agreement. c.
Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the technology that is the subject of the Licensed Content, whichever is earliest (“Pre-release term”). Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies of the Licensed Content in your possession or under your control.
MCT USE ONLY. STUDENT USE PROHIBITED
4.
SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the Licensed Content only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not: • access or allow any individual to access the Licensed Content if they have not acquired a valid license for the Licensed Content, • alter, remove or obscure any copyright or other protective notices (including watermarks), branding or identifications contained in the Licensed Content, • modify or create a derivative work of any Licensed Content, • publicly display, or make the Licensed Content available for others to access or use, • copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or distribute the Licensed Content to any third party, • work around any technical limitations in the Licensed Content, or • reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the Licensed Content except and only to the extent that applicable law expressly permits, despite this limitation.
5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the Licensed Content. 6.
EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the Licensed Content. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting.
7.
SUPPORT SERVICES. Because the Licensed Content is “as is”, we may not provide support services for it.
8.
TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail to comply with the terms and conditions of this agreement. Upon termination of this agreement for any reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in your possession or under your control.
9.
LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for the contents of any third party sites, any links contained in third party sites, or any changes or updates to third party sites. Microsoft is not responsible for webcasting or any other form of transmission received from any third party sites. Microsoft is providing these links to third party sites to you only as a convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party site.
10.
ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and supplements are the entire agreement for the Licensed Content, updates and supplements.
11.
APPLICABLE LAW. a. United States. If you acquired the Licensed Content in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.
MCT USE ONLY. STUDENT USE PROHIBITED
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that country apply. 12.
LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the Licensed Content. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.
13.
DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
14.
LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to o anything related to the Licensed Content, services, content (including code) on third party Internet sites or third-party programs; and o claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law. It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French. Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en français.
EXONÉRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues.
LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices. Cette limitation concerne: • tout ce qui est relié au le contenu sous licence, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers; et. • les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité stricte, de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur.
MCT USE ONLY. STUDENT USE PROHIBITED
Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre égard.
EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre pays si celles-ci ne le permettent pas. Revised July 2013
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
xi
Server Virtualization with Windows Server Hyper-V® and System Center
Acknowledgments
MCT USE ONLY. STUDENT USE PROHIBITED
xii
Microsoft Learning wants to acknowledge and thank the following for their contribution toward developing this title. Their effort at various stages in the development has ensured that you have a good classroom experience.
Slavko Kukrika – Content Developer
Slavko Kukrika has been a Microsoft Certified Trainer (MCT) for more than 15 years. He holds many technical certifications, and he is honored to be one of Microsoft Most Valuable Professionals (MVPs). He has worked with virtualization since the early days of Windows Virtual PC, and he cannot imagine life without it. He regularly presents at technical conferences, and he is author of several Microsoft Official Courses. In his private life, Slavko is the proud father of two sons, and he tries to extend each day to at least 25 hours!
Dave Franklyn – Content Developer
Dave Franklyn, MCT, Microsoft Certified Solutions Expert (MCSE), Microsoft Certified IT Professional (MCITP), Microsoft MVP Windows Expert--It Pro, is a Senior Information Technology Trainer and Consultant at Auburn University in Montgomery, Alabama, and is the owner of DaveMCT, Inc. LLC. He also is an East U.S.A. Microsoft Regional Lead MCT. Dave has been a Microsoft MVP since 2011, and has been teaching at Auburn University since 1998. Working with computers since 1976, Dave started out in the mainframe world, and moved early into the networking arena. Before joining Auburn University, Dave spent 22 years in the US Air Force as an electronic communications and computer systems specialist, retiring in 1998. Dave is president of the Montgomery Windows IT Professional Group.
Orin Thomas – Subject Matter Expert
Orin Thomas is an MVP, an MCT and has a string of Microsoft MCSE and MCITP certifications. He has written more than 20 books for Microsoft Press and is a contributing editor at Windows IT Pro magazine. He has been working in IT since the early 1990s. He is a regular speaker at events such as TechED in Australia and around the world on Windows Server, Windows Client, System Center, and security topics. Orin founded and runs the Melbourne System Center Users Group.
Mitch Garvis – Technical Reviewer
Mitch Garvis is a renaissance man of the IT world. In addition to being a Virtual Technical Evangelist for Microsoft Canada, he also is a senior partner with SWMI Consulting Group. Among his numerous certifications are several MCITPs, as well as the new MCSE: Private Cloud. He lectures and trains on a variety of topics, including System Center, server virtualization, desktop deployment, and security. You can read his blog at www.garvis.ca, and follow him on Twitter as @MGarvis. In his spare time, he likes to break things, and has recently earned his Second Degree Black Belt in Taekwondo. He makes his home outside Toronto, Canada, where he has a wife, two kids, two dogs, and three minutes to himself every day.
Contents Module 1: Evaluating the Environment for Virtualization Lesson 1: Overview of Microsoft Virtualization
1-2
Lesson 2: Overview of System Center 2012 R2 Components
1-9
Lesson 3: Evaluating the Current Environment for Virtualization
1-16
Lesson 4: Extending Virtualization to the Cloud Environment
1-25
Lab: Evaluating the Environment for Virtualization
1-29
Module 2: Installing and Configuring the Hyper-V Role Lesson 1: Installing the Hyper-V Role
2-2
Lesson 2: Managing Hyper-V
2-12
Lesson 3: Configuring Hyper-V Settings
2-20
Lesson 4: Hyper-V Host Storage and Networking
2-26
Lab: Installing and Configuring the Hyper-V Role
2-33
Module 3: Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints Lesson 1: Creating and Configuring Virtual Hard Disks
3-3
Lesson 2: Creating and Configuring Virtual Machines
3-14
Lab A: Creating and Managing Virtual Hard Disks and Virtual Machines
3-24
Lesson 3: Installing and Importing Virtual Machines
3-30
Lesson 4: Managing Virtual Machine Checkpoints
3-37
Lesson 5: Monitoring Hyper-V
3-46
Lesson 6: Designing Virtual Machines for Server Roles and Services
3-53
Lab B: Creating and Managing Checkpoints and Monitoring Hyper-V
3-60
Module 4: Creating and Configuring Virtual Machine Networks Lesson 1: Creating and Using Hyper-V Virtual Switches
4-2
Lab A: Creating and Using Hyper-V Virtual Switches
4-9
Lesson 2: Advanced Hyper-V Networking Features
4-13
Lab B: Creating and Using Advanced Virtual Switch Features
4-23
Lesson 3: Configuring and Using Hyper-V Network Virtualization
4-26
Lab C: Configuring and Testing Hyper-V Network Virtualization
4-34
Module 5: Virtual Machine Movement and Hyper-V Replica Lesson 1: Providing High Availability and Redundancy for Virtualization
5-2
Lesson 2: Implementing Virtual Machine Movement
5-8
Lab A: Moving Virtual Machine and Configuring Constrained Delegation
5-14
Lesson 3: Implementing and Managing Hyper-V Replica
5-18
Lab B: Configuring and Using Hyper-V Replica
5-29
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
xiii
Server Virtualization with Windows Server Hyper-V® and System Center
Module 6: Implementing Failover Clustering with Hyper-V Lesson 1: Overview of Failover Clustering
6-2
Lesson 2: Configuring and Using Shared Storage
6-12
Lesson 3: Implementing and Managing Failover Clustering with Hyper-V
6-22
Lab: Implementing Failover Clustering with Hyper-V
6-31
Module 7: Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager Lesson 1: Integrating System Center and Server Virtualization
7-2
Lesson 2: Overview of VMM
7-13
Lesson 3: Installing VMM
7-19
Lesson 4: Adding Hosts and Managing Host Groups
7-28
Lab: Installing and Configuring System Center 2012 R2 Virtual Machine Manager
7-41
Module 8: Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager Lesson 1: Managing Networking Infrastructure
8-2
Lab A: Network Infrastructure Management
8-18
Lesson 2: Managing Storage Infrastructure
8-22
Lab B: Managing Infrastructure Storage
8-32
Lesson 3: Managing Infrastructure Updates
8-36
Lab C: Infrastructure Updates Management
8-42
Module 9: Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager Lesson 1: Virtual Machine Management Tasks in VMM
9-2
Lesson 2: Creating, Cloning, and Converting Virtual Machines
9-13
Lesson 3: Overview of Virtual Machine Updating
9-22
Lab: Creating and Managing Virtual Machines by Using System Center 2012 R2 Virtual Machine Manager
9-26
Module 10: Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects Lesson 1: Overview of the Virtual Machine Manager Library
10-2
Lesson 2: Working with Profiles and Templates
10-9
Lab: Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
10-23
MCT USE ONLY. STUDENT USE PROHIBITED
xiv
Module 11: Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager Lesson 1: Introduction to Clouds
11-2
Lesson 2: Creating and Managing a Cloud
11-11
Lesson 3: Working With User Roles in Virtual Machine Manager
11-19
Lab: Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
11-27
Module 12: Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller Lesson 1: Understanding Services in VMM Lesson 2: Creating and Managing Services in VMM Lesson 3: Using App Controller
12-2 12-9 12-16
Lab: Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
12-24
Module 13: Protecting and Monitoring Virtualization Infrastructure Lesson 1: Overview of Backup and Restore Options for Virtual Machines
13-2
Lesson 2: Protecting Virtualization Infrastructure by Using DPM
13-9
Lesson 3: Using Operations Manager for Monitoring and Reporting
13-21
Lesson 4: Integrating VMM with Operations Manager
13-29
Lab: Monitoring and Reporting Virtualization Infrastructure
13-35
Module Review and Takeaways
13-40
Lab Answer Keys Module 1 Lab: Evaluating the Environment for Virtualization
L1-1
Module 2 Lab: Installing and Configuring the Hyper-V Role
L2-7
Module 3 Lab A: Creating and Managing Virtual Hard Disks and Virtual Machines
L3-17
Module 3 Lab B: Creating and Managing Checkpoints and Monitoring Hyper-V
L3-25
Module 4 Lab A: Creating and Using Hyper-V Virtual Switches
L4-35
Module 4 Lab B: Creating and Using Advanced Virtual Switch Features
L4-40
Module 4 Lab C: Configuring and Testing Hyper-V Network Virtualization
L4-43
Module 5 Lab A: Moving Virtual Machine and Configuring Constrained Delegation
L5-47
Module 5 Lab B: Configuring and Using Hyper-V Replica
L5-52
Module 6 Lab: Implementing Failover Clustering with Hyper-V
L6-57
Module 7 Lab: Installing and Configuring System Center 2012 R2 Virtual Machine Manager
L7-65
Module 8 Lab A: Network Infrastructure Management
L8-73
Module 8 Lab B: Managing Infrastructure Storage
L8-78
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
xv
Server Virtualization with Windows Server Hyper-V® and System Center
Module 8 Lab C: Infrastructure Updates Management
L8-81
Module 9 Lab: Creating and Managing Virtual Machines by Using System Center 2012 R2 Virtual Machine Manager
L9-83
Module 10 Lab: Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
L10-87
Module 11 Lab: Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
L11-91
Module 12 Lab: Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
L12-99
Module 13 Lab: Monitoring and Reporting Virtualization Infrastructure
L13-105
MCT USE ONLY. STUDENT USE PROHIBITED
xvi
About This Course This section provides a brief description of the course, audience, suggested prerequisites, and course objectives.
Course Description
MCT USE ONLY. STUDENT USE PROHIBITED
About This Course
xvii
This course will provide you with the knowledge and skills necessary to create, maintain, monitor, and protect a virtualization infrastructure. You will learn about creating and managing virtual machines, managing virtual machine networks, and providing high availability for a Windows Server® 2012 R2 Hyper-V® environment. This course also will describe how to create and manage virtual machines, clouds, and services by using Microsoft® System Center 2012 R2 Virtual Machine Manager (VMM).
Audience
This course is intended for IT professionals who design, implement, manage, and maintain virtualization infrastructures, and for IT decision makers who will determine which virtualization product to implement in their data centers. This course also is suitable for IT professionals who want to learn about current Microsoft virtualization technologies.
Student Prerequisites This course requires that you meet the following prerequisites: •
An understanding of TCP/IP, iSCSI, and networking.
•
An understanding of different storage technologies.
•
The ability to work on a team or a virtual team.
•
Good documentation and communication skills to create proposals and make budget recommendations.
•
An understanding of Windows PowerShell®.
Course Objectives After completing this course, students will be able to: •
Evaluate their organization’s virtualization requirements and plan for server virtualization.
•
Install and configure the Hyper-V role.
•
Create virtual machines, create and manage virtual hard disks, and work with checkpoints.
•
Create and configure virtual machine networks in a Hyper-V environment.
•
Implement virtual machine movement and the Hyper-V Replica feature.
•
Provide high availability for a Hyper-V environment by implementing failover clustering.
•
Manage a virtual environment by using VMM.
•
Manage networking and storage infrastructure in VMM.
•
Create and manage virtual machines by using VMM.
•
Configure and manage a VMM library and library objects.
•
Create and manage clouds by using VMM.
•
Create and manage services in VMM.
•
Protect virtualization infrastructure by using Windows Server Backup and Data Protection Manager.
About This Course
Course Outline The course outline is as follows:
MCT USE ONLY. STUDENT USE PROHIBITED
xviii
Module 1, “Evaluating the Environment for Virtualization" describes the Microsoft virtualization products and System Center 2012 R2 components. It provides a broad overview of virtualization and a foundation for the following modules.
Module 2, “Installing and Configuring the Hyper-V Role" describes the Windows Server 2012 R2 features that are beneficial for Hyper-V. It also describes how to add the Hyper-V role to Windows Server 2012 R2, and how to configure the role.
Module 3, “Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints" describes how to create and configure virtual hard disks, virtual machines, and their components in the Hyper-V environment. It also describes checkpoints and how to manage them in the Hyper-V environment. Module 4, “Creating and Configuring Virtual Machine Networks" describes Hyper-V virtual machine networking options and explains how network virtualization works in the Hyper-V environment. It also describes the different types of virtual switches, and how you can create and manage them.
Module 5, “Virtual Machine Movement and Hyper-V Replica" describes the configuration and use of Hyper-V, and the options that you can use to provide high availability in the Hyper-V environment. It also describes how to move virtual machines between Hyper-V hosts and how to use Hyper-V Replica. Module 6, “Implementing Failover Clustering with Hyper-V" describes failover clustering, and how you can implement and manage it in the Hyper-V virtual environment. It also describes how you can use failover clustering to provide high availability for the Hyper-V environment.
Module 7, “Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager" describes how to install VMM, and explains its main features. It also describes how to add virtualization hosts to VMM, and manage virtualization hosts and host groups.
Module 8, “Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager" describes VMM networking options, and how to manage storage infrastructure and infrastructure updates in VMM. Module 9, “Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager" describes how to create and manage virtual machines in VMM, and how to configure virtual machine updating. Module 10, “Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects" describes how to use and manage the Virtual Machine Manager library, and how to configure library settings. It also explains how to use profiles and templates in VMM.
Module 11, “Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager" describes how to create and manage clouds and user roles in VMM.
Module 12, “Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller" describes services in VMM and App Controller, and how to manage them. It also explains how to use App Controller for cloud management. Module 13, “Protecting and Monitoring Virtualization Infrastructure" describes how to use the backup and restore options in VMM, and how to protect the virtualization infrastructure by using DPM. It also describes how to monitor the virtualization infrastructure and generate reports by using System Center 2012 R2 Operations Manager, and how to configure Operations Manager integration with VMM.
Course Materials The following materials are included with your kit: •
Course Handbook: a succinct classroom learning guide that provides the critical technical information in a crisp, tightly-focused format, which is essential for an effective in-class learning experience.
MCT USE ONLY. STUDENT USE PROHIBITED
About This Course
xix
•
Lessons: guide you through the learning objectives and provide the key points that are critical to the success of the in-class learning experience.
•
Labs: provide a real-world, hands-on platform for you to apply the knowledge and skills learned in the module.
•
Module Reviews and Takeaways: provide on-the-job reference material to boost knowledge and skills retention.
•
Lab Answer Keys: provide step-by-step lab solution guidance.
Course Companion Content on the http://www.microsoft.com/learning/en/us /companion-moc.aspx Site: searchable, easy-to-browse digital content with integrated premium online resources that supplement the Course Handbook. •
Modules: include companion content, such as questions and answers, detailed demo steps and additional reading links, for each lesson. Additionally, they include Lab Review questions and answers and Module Reviews and Takeaways sections, which contain the review questions and answers, best practices, common issues and troubleshooting tips with answers, and real-world issues and scenarios with answers.
•
Resources: include well-categorized additional resources that give you immediate access to the most current premium content on TechNet, MSDN®, or Microsoft® Press®.
Student Course files on the http://www.microsoft.com/learning/en/us/companion-moc.aspx Site: includes the Allfiles.exe, a self-extracting executable file that contains all required files for the labs and demonstrations. •
Course evaluation: At the end of the course, you will have the opportunity to complete an online evaluation to provide feedback on the course, training facility, and instructor. •
To provide additional comments or feedback on the course, send an email to
[email protected]. To inquire about the Microsoft Certification Program, send an email to
[email protected].
About This Course
Virtual Machine Environment
MCT USE ONLY. STUDENT USE PROHIBITED
xx
This section provides the information for setting up the classroom environment to support the business scenario of the course.
Virtual Machine Configuration In this course, you will use Microsoft Hyper-V to perform the labs. The following table shows the role of each virtual machine that is used in this course: Virtual machine
Role �
20409B-LON-HOST1
Boot to VHD image – one of a pair
20409B-LON-HOST2
Boot to VHD image – second server in the pair
20409B-LON-DC1
Domain controller in the Adatum.com domain
20409B-LON-SVR1
Member server in the Adatum.com domain
20409B-LON-SVR2
Member server in the Adatum.com domain
20409B-LON-VMM1
Member server in the Adatum.com domain, Microsoft System Center 2012 R2 VMM and Microsoft System Center 2012 R2 App Controller will be installed on this server
20409B-LON-SS1
Windows Server 2012 R2 with Internet small computer system interface (iSCSI) target
20409B-LON-OM1
Microsoft System Center 2012 R2 Operations Manager (Operations Manager)
20409B-LON-WSUS
A Window Server Update Services server
20409B-LON-CL1
Windows 8.1 client with Microsoft Office 2013 installed
20409B-LON-CL2
Windows 8.1 client with Office 2013 installed
20409B-LON-TEST1
Stand-alone server
20409B-LON-TEST2
Stand-alone server
20409B-LON-PROD1
Stand-alone Windows 8.1 client
20409B-LON-PROD2
Stand-alone Windows 8.1 client
Classroom Setup
This course requires two host computers for the instructor and for each student (or pair of students working in a team). The two computers for each person must have network connectivity with each other, but must not be able to communicate with other computers on the network.
The two host computers will be configured to run Hyper-V as part of the classroom installation, or as part of the student labs. Each host computer will also host several virtual machines.
Course Hardware Level
MCT USE ONLY. STUDENT USE PROHIBITED
About This Course
To ensure a satisfactory student experience, Microsoft Learning requires a minimum equipment configuration for trainer and student computers in all Microsoft Certified Partner for Learning Solutions (CPLS) classrooms in which Official Microsoft Learning Product courseware is taught. Hardware Level 7 •
64-bit Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor (2.8 gigahertz [GHz] dual core or more recommended)
•
Dual 500 gigabyte (GB) hard disks, 7200 RPM Serial ATA (SATA) or faster. Each hard disk must be configured as a separate drive labeled Drive C and Drive D
•
16 GB RAM
•
DVD (dual layer recommended)
•
Network adapter
•
Dual SVGA monitors that are 17 inches or larger, supporting 1,440 x 900 minimum resolution
•
Microsoft mouse or compatible pointing device
•
Sound card with amplified speakers
Additionally, the instructor computer must be connected to a projection display device that supports 1,280 x 1,024 pixels, with 16-bit color.
Navigation in Windows Server 2012 R2 or Windows 8.1 If you are not familiar with the user interface in Windows Server 2012 R2 or Windows 8.1, then the following information will help orient you to the new interface. •
Sign in and Sign out replace Log in and Log out.
•
Administrative tools are found in the Tools menu of Server Manager.
•
Move your mouse to the lower right corner of the desktop to open a menu with: •
Settings: This includes Control Panel and Power.
•
Start menu: This provides access to some applications.
•
Search: This allows you to search applications, settings, and files.
You also may find the following shortcut keys useful: •
Windows: Opens the Start menu.
•
Windows+C: Opens the same menu as moving the mouse to the lower right corner.
•
Windows+I: Opens Settings.
•
Windows+R: Opens the Run window.
xxi
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED 1-1
Module 1 Evaluating the Environment for Virtualization Contents: Module Overview
1-1
Lesson 1: Overview of Microsoft Virtualization
1-2
Lesson 2: Overview of System Center 2012 R2 Components
1-9
Lesson 3: Evaluating the Current Environment for Virtualization
1-16
Lesson 4: Extending Virtualization to the Cloud Environment
1-25
Lab: Evaluating the Environment for Virtualization
1-29
Module Review and Takeaways
1-33
Module Overview
Microsoft offers several virtualization technologies that organizations can use to resolve challenges that they encounter when running traditional server computing environments. For example, server virtualization can help reduce the number of physical servers, and provide a flexible and resilient server solution for businesses. This module provides an overview of the different Microsoft virtualization technologies, and explains how you can use these technologies to manage both virtualization and traditional infrastructures. This module also describes how to evaluate your business environment to plan for virtualization. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.
Objectives After completing this module, you will be able to: •
Describe the various virtualization technologies and the scenarios where you would apply each technology.
•
Describe the different Microsoft System Center 2012 R2 components, and explain how you can use them to manage both traditional and modern infrastructure solutions.
•
Evaluate your organization’s virtualization requirements and plan for server virtualization.
Lesson 1
Overview of Microsoft Virtualization
MCT USE ONLY. STUDENT USE PROHIBITED
1-2 Evaluating the Environment for Virtualization
Microsoft offers a number of virtualization technologies that administrators and infrastructure architects can use to create and administer a virtual environment. To use these tools effectively, it is important for administrators and infrastructure architects to know how and when to apply which Microsoft technology. In many cases, you can combine multiple technologies to build an effective virtualized business solution. For example, a new email infrastructure may consist of a server and several client systems, and you may want to consider the various virtualization technologies available before deciding on and implementing the one that best meets your business requirements. This lesson describes the different types of virtualization technologies and the principles of cloud computing.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the different types of virtualization technologies.
•
Explain the scenarios where you would implement server virtualization.
•
Describe the features and benefits of network virtualization.
•
Describe the features and benefits of user state virtualization.
•
Describe the features and benefits of presentation virtualization.
•
Describe the features and benefits of application virtualization.
•
Describe the features and benefits of cloud computing.
Different Types of Virtualization Microsoft provides a host of virtualization options, each of which you can use to meet a specific set of challenges. The following list provides an overview of each type of virtualization: •
Server virtualization. You can use server virtualization to host a large number of virtual machines. Server Virtualization uses the Windows Server 2012 Hyper-V platform.
•
Desktop virtualization. Desktop virtualization can refer to either client side virtualization, such as the Hyper-V client on a computer running Windows 8.1, or virtual desktop infrastructure, where the client computer operating systems run on a server virtualization host.
•
User state virtualization. User state virtualization captures and centralizes application and Windows operating system settings for users. This enables users to sign in to any device while retaining their settings.
•
Presentation virtualization. Presentation virtualization allows desktops and applications that are running on a Remote Desktop Services server to display on remote clients.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-3
•
Network virtualization. Network virtualization enables you to isolate networks used in server virtualization without requiring the implementation of virtual local area networks (VLANs).
•
Application virtualization. You can use application virtualization to virtualize applications, which then enables applications to run in or be streamed to special containers on a host operating system.
Note: Later topics in this lesson discuss in more detail each type of virtualization and the scenarios in which you would deploy them.
What Is Server Virtualization?
In Microsoft environments, server virtualization involves running virtual machines on a host that is running the Hyper-V role. Server virtualization abstracts a physical server’s resources, and then presents the resources to each virtual machine that is running on the physical host. For example, server virtualization allows y multiple virtual machines to share the same physical hardware, yet appear as separate servers on the organization network. Virtual machines (known as guests) that run on a Hyper-V server (known as a host) can run any supported operating system including Windows Server, Windows client operating systems (such as Windows 8) and supported distributions of Linux.
Server virtualization allows you to use hardware resources more efficiently. Consider a scenario where you have separate computers running Microsoft Exchange Server 2013, Microsoft SQL Server 2012, Microsoft SharePoint Server 2013, file and print services, Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP). Additionally, you have another server functioning as an Active Directory domain controller. If you use server virtualization, you can instead configure a single appropriately provisioned server and run each of these separate computers as virtual machine guests. You can even make these virtual machines highly available by deploying additional appropriately provisioned servers running Hyper-V and configuring them in a failover cluster relationship. Server virtualization allows you to detach the computer that is hosting a particular service or workload from the hardware on which that service or workload runs. For example, you may have a virtualized computer that hosts a SQL Server 2012 instance that is a guest on a Hyper-V host with other virtualized computers. If the virtualized computer that hosts the SQL Server 2012 instance requires more computing resources than are available on the current host, you can simply move the virtual machine to another Hyper-V host that has resources that better meet the requirements of the workload.
What Is Desktop Virtualization? Desktop virtualization often represents two separate concepts: •
Client-side virtualization. A hypervisor runs on a desktop operating system such as Windows 8.1 and hosts a small number of virtual machines that the user will utilize.
•
Virtual Desktop Infrastructure (VDI). The client operating system runs on a remote server, and users connect to it by using a Remote Desktop client.
Client-Side Virtualization
MCT USE ONLY. STUDENT USE PROHIBITED
1-4 Evaluating the Environment for Virtualization
Client-side virtualization uses the Hyper-V role on supported operating system editions and hardware running Windows 8 and Windows 8.1. Virtual machines running on Hyper-V client are compatible with servers running Hyper-V. Client-side virtualization is often used as an application compatibility solution, allowing individual users to run multiple versions of the Windows client operating system simultaneously on their client computer hardware. You would typically use client-side virtualization in scenarios where you need to provide application compatibility to a small number of users. When larger numbers of users require an application compatibility solution, you should instead host the previous version of the Windows client operating system on a server running Hyper-V.
For example, consider a scenario where in an organization of several hundred people you have five users that need to run a series of applications on the Windows XP operating system for several months until a replacement solution can be found. All users in this organization have desktop computers that run the Windows 8.1 operating system. In this scenario, you should consider deploying Windows XP in a virtual machine that runs client Hyper-V. If you have a large number of users that need to run a series of incompatible applications, or the incompatible applications need to be used on a long-term basis, you might consider a different solution such as VDI or System Center 2012 R2 Application Virtualization (App-V).
VDI
VDI enables you to run some or all of an organization’s client computers as virtual machines. Users can connect to those virtual machines by using a Remote Desktop Client from any compatible computer or device. Client computers in a VDI deployment run as a pool of virtual machines, which provides organizations with the following benefits: •
One client accessible through any device. Because the client operating system runs independently of hardware, users can access their personal client virtual machine by using a variety of devices. VDI provides a solution for Bring Your Own Device (BYOD) environments, ensuring that a standardized environment is available even if each user has their own unique device.
•
Reduced hardware costs. Instead of having to manage and maintain a client computer for each user, you only need to meet the minimum requirement of a keyboard, a mouse, and a display capable of running a Remote Desktop client.
•
Simplified updates. Rather than updating clients individually, you can update virtual machines in a VDI deployment in a centralized way.
•
Simplified deployment. You can deploy a new computer quickly from the existing virtual machine pool. This is simpler than having to install and manage the operating system, applications, hardware, and updates for each individual computer that you deploy.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-5
•
High availability. Because the client computer is a virtual machine, you can make it highly available by running it on highly available virtualization hosts. In the event that the hardware or device on which the client virtual machine runs experiences a hardware failure, you can issue a replacement without the user losing access to applications or data. This is because the operating system, applications, and data are kept separate from any client computer hardware.
•
Backup and recovery. Because virtual machines are data, VDI simplifies the process of centrally backing up client computers.
What Is Network Virtualization? Network virtualization provides a way to isolate virtual networks and the virtual machines that connect to them, without having to implement VLANs. Network virtualization is of primary interest to organizations that host large numbers of virtual machines that require isolation of one group of virtual machines from another. Isolation may be required because the different groups of virtual machines use the same IP address scheme, or there may be political or regulatory reasons why one set of virtual machines must be isolated from other groups of virtual machines.
By using gateways or virtual private network (VPN) extensions, you can extend virtualized networks for isolated communication between Hyper-V hosts. Network virtualization provides many of the benefits that VLANs provide without requiring you to configure physical switches with appropriate VLAN IDs. Hyper-V Network Virtualization technical details http://go.microsoft.com/fwlink/?LinkID=285279
What Is User State Virtualization? User State Virtualization allows users to sign in to any device while retaining their operating system and application settings. This provides users with a consistent Windows operating system and application experience. UE-V works with locally installed desktops or VDI with any combination of locally installed applications, App-V–sequenced application, and applications that use RemoteApp.
User Experience Virtualization (UE-V) is a System Center 2012 tool that enables users to synchronize their user settings for both applications and operating system across multiple computers. Virtualizing user settings is also known as user state virtualization. UE-V includes the following components: •
Settings storage location. This is a file share that the UE-V agent uses to store the settings.
MCT USE ONLY. STUDENT USE PROHIBITED
1-6 Evaluating the Environment for Virtualization
•
User Experience Virtualization agent. This agent is installed on each computer that will synchronize the settings stored in the Settings storage location.
•
Settings location templates. These are XML files that define what settings UE-V should monitor. The UE-V installation includes these templates.
•
Settings package. These packages are generated by the UE-V agent, and are then copied to the Settings storage location.
User state virtualization is useful in environments where users might sign in to different computers or devices but need to access their customized and configured operating system and application settings. One example might be in a call center environment where users are assigned a separate desk each time they arrive at work, but where policies allow them to configure their own desktop background (including shortcuts) and operating system settings. High-Level Architecture for UE-V 1.0 http://go.microsoft.com/fwlink/?LinkID=386654
What Is Presentation Virtualization? Presentation virtualization is another way of describing the Remote Desktop and RemoteApp functionality of the Remote Desktop Services role in Windows Server 2012 R2. With presentation virtualization, the application, or the entire remote desktop runs on the server. The application user interface, or the computer’s desktop, displays on the client’s device.
Presentation virtualization allows applications that would normally not be able to run on a client because of resource constraints, to be accessible on that client because the application runs on the server. For example, you can use RemoteApp to run an app that requires 4 gigabytes (GB) of random access memory (RAM), on a computer with 2 GB of RAM. This is possible because the app will be executing on the Remote Desktop server. Remote App supports file associations on some client operating systems. For example, if a user double clicks on a Microsoft Visio document file, a Visio RemoteApp session may open to a Remote Desktop Services server that is hosting the Visio app.
Remote Desktop client software exists for devices running the Windows RT, Windows Phone, Apple iOS, Mac OSX, and Android operating systems. This makes Remote Desktop another possible solution in BYOD environments where users may need to run apps that you do not want to or cannot run locally for architectural or resource reasons.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
What Is App-V? Application Virtualization (App-V) is a System Center tool that virtualizes apps by abstracting them from the operating system. App-V allows apps to run without having to install them on the computer or server that the user is accessing. As App-V apps run in a separate virtualized silo, it allows you to run apps side by side that would otherwise cause conflicts. For example, using App-V you can run different versions of a Microsoft Office application concurrently, which is not possible without App-V. App-V benefits include:
1-7
•
Running applications that would otherwise conflict. For example, you can run two different versions of Microsoft Office on the same computer or in an RD Session Host server. Each application has all the necessary sequenced files that it requires to run.
•
Virtualized applications display as if they are installed locally. Users can start applications from the Start Screen, from desktop icons, and by file extension association. App-V applications use local resources+ and display in Task Manager.
•
App-V applications can be streamed on demand from an App-V server. This allows an application not present locally to be started more quickly.
•
App-V applications can be stored locally once they have completely streamed from the host server. App-V apps can also be installed.
•
Simplified management and deployment. With streaming, virtual applications are delivered on demand from a server, thereby allowing users to download them automatically when they are required. Administrators can update applications on the server and the App-V Desktop Client will download the newer version automatically the next time the user runs the application.
What Is Cloud Computing? Cloud computing is a term that describes the delivery and consumption of computing and application resources from a remote location, often but not necessarily over the Internet. Users can subscribe to cloud computing resources, which are usually then measured and billed similar to utility services. Cloud computing applications are typically independent of an operating system, and they are available to users across a wide variety of devices. From an administrative perspective, cloud computing infrastructure should be pooled, should be able to deliver multitenant services, and should allow rapid scalability.
Cloud computing service models include software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Cloud computing has three main deployment models:
MCT USE ONLY. STUDENT USE PROHIBITED
1-8 Evaluating the Environment for Virtualization
•
Public cloud. Public clouds are infrastructure, platform, or application services that are delivered from a cloud service provider for access and consumption by the public.
•
Private cloud. Private clouds are privately owned and managed clouds that offer similar benefits to that of public clouds, but are designed and secured for use by a single organization.
•
Hybrid cloud. In a hybrid cloud, a technology binds two separate clouds (public and private) together for the specific purpose of obtaining resources from both.
Microsoft cloud services provide technology and applications across all of these cloud computing models. Some examples of Microsoft cloud services are: •
•
Microsoft public cloud services: o
Windows Azure. Windows Azure is a public cloud environment that offers PaaS, SaaS, and IaaS. Developers can subscribe to Windows Azure services and create software, which is delivered as SaaS. Microsoft cloud services uses Windows Azure to deliver some of its own SaaS applications.
o
Microsoft Office 365. Office 365 delivers online versions of the Microsoft Office applications and online business collaboration tools.
o
Microsoft Dynamics CRM Online. Microsoft Dynamics CRM Online is the Microsoft-hosted version of the on-premises Microsoft Dynamics CRM application.
Microsoft private cloud: o
•
Hyper-V in Windows Server 2012 R2 combines with System Center 2012 R2 to create the foundation for building private clouds. By implementing these products as a combined solution, you can deliver much of the same functionality offered by public clouds.
Microsoft hybrid cloud: o
Microsoft provides a number of hybrid cloud solutions that enable you to:
Back up an on-premises cloud application to a service provider.
Manage, monitor, and move virtual machines between different clouds.
Connect and federate directory services that allow your users to access applications that are constructed across a combination of on-premises, service provider, and public cloud types.
You can reduce the computing costs of your organization by using Microsoft cloud computing technologies. You can also improve the delivery times for infrastructure and application services, ensure that they are always available, and monitor their performance.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Lesson 2
Overview of System Center 2012 R2 Components
1-9
System Center 2012 R2 includes several integrated technologies that you can use to deploy, configure, and manage servers, clients, mobile devices, services, and applications. In this lesson, you will review the various technologies included in System Center 2012 R2, and explore their features and functionalities.
Lesson Objectives After completing this lesson, you will be able to: •
Explain how to use System Center 2012 R2 to manage a data center.
•
Describe the features and functionalities of System Center 2012 R2 Virtual Machine Manager.
•
Describe the features and functionalities of System Center 2012 R2 App Controller.
•
Describe the features and functionalities of System Center 2012 R2 Operations Manager.
•
Describe the features and functionalities of System Center 2012 R2 Orchestrator.
•
Describe the features and functionalities of System Center 2012 R2 Service Manager.
•
Describe the features and functionalities of System Center 2012 R2 Data Protection Manager.
Using Microsoft System Center 2012 R2 to Manage a Data Center System Center 2012 R2 is a group of integrated management technologies that predominantly IT professionals use to deploy, manage, maintain, monitor, and automate servers, computers, mobile devices, services and applications. The following list summarizes the components and their purpose.
System Center 2012 R2 Virtual Machine Manager
System Center 2012 R2 Virtual Machine Manager (VMM) provides administrators with a single administrative tool for deploying and managing a virtualization infrastructure, including managing components such as hosts, storage, networks, libraries, and update servers. VMM also provides the foundation for managing virtual machines configuration and deployment.
System Center 2012 R2 App Controller
System Center 2012 R2 App Controller (App Controller) provides a self-service portal for administrators who are deploying and managing applications and services across one or more sites. App Controller enables you to access and manage resources from one or more VMM servers, and from multiple Windows Azure subscriptions.
System Center 2012 R2 Service Manager
System Center 2012 R2 Service Manager (Service Manager) offers service management, process automation, asset tracking, and a self-service portal to access resources that are defined in a service catalog. Service Manager offers an easy-to-build configuration management database, which pulls data from Active Directory Domain Services (AD DS) and System Center components. This allows companies to
establish and use controls and operations based on guidelines of either the Information Technology Infrastructure Library or Microsoft Operations Framework.
System Center 2012 R2 Orchestrator System Center 2012 R2 Orchestrator (Orchestrator) is a runbook automation component that allows administrators to integrate and automate their data centers. Orchestrator utilizes integration packs, including many built-in authored packs that allow administrators to connect different systems.
System Center 2012 R2 Operations Manager
MCT USE ONLY. STUDENT USE PROHIBITED
1-10 Evaluating the Environment for Virtualization
System Center 2012 R2 Operations Manager (Operations Manager) is the management component that you use to monitor applications and performance. You can integrate Operations Manager with VMM, Service Manager, Orchestrator, and DPM. Operations Manager utilizes vendor-authored management packs that provide detailed information about the application and health-state monitoring.
System Center 2012 R2 DPM System Center 2012 R2 DPM () is an enterprise backup component that performs application-aware block-level backups. It utilizes Volume Shadow Copy Service (VSS) writers to help protect and recover applications such as SQL Server, Exchange Server, SharePoint Server 2012, and AD DS. Additionally, it provides specific VSS writers for System Center 2012 components. For more information on what is new in the System Center 2012 R2 components, see: What's New in System Center 2012 R2 http://go.microsoft.com/fwlink/?LinkID=386653 Note: The following topics will examine each of the System Center components, their features, and their integration capabilities in more depth.
Overview of VMM VMM provides you with a single administrative tool for deploying and managing a virtualization infrastructure. You use VMM to manage large numbers of virtual machine hosts and virtual machines. Using VMM, you can deploy and manage all components of your virtual machine and virtual machine host infrastructure. You can use VMM to manage a single virtual machine host computer, or to manage as many as 400 hosts and 8,000 guests. You can use VMM to perform the following tasks: •
Bare-metal deployment of hosts. You can automate deployment of Windows Server host machines on physical servers.
•
Host and cluster creation. You can create Hyper-V hosts and clusters easily by using the VMM console, which simplifies manual deployment and reduces the possibility of configuration errors.
•
Host groups. You can group hosts for manage multiple hosts.
•
Cross-platform management. VMM supports Citrix XenServer host and pool management, and supports VMware ESX hosts through integration with VMware vSphere.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-11
•
Storage configuration. Configure and manage storage.
•
Network configuration. Allows you to create and manage virtual networks.
•
Intelligent placement. Intelligent placement helps you select an appropriate host for a virtual machine based on available resources.
•
Dynamic optimization. VMM can balance workloads automatically, according to configurable thresholds for core resources such as CPU, memory, disk, and network utilization.
•
Power optimization. You can configure VMM to use power thresholds that you specify. This enables VMM to evaluate the performance requirements of a Hyper-V host cluster, and shut down hosts if they are not required to provide adequate performance.
•
Performance and Resource Optimization (PRO). PRO allows you to ensure that virtual machines are moved automatically when there is resource contention.
•
Microsoft Server Application Virtualization (Server App-V). Server App-V enables you to virtualize server-based applications. What’s New in System Center 2012 - Virtual Machine Manager http://go.microsoft.com/fwlink/?LinkId=253224
Overview of App Controller App Controller is a self-service portal that enables administrators and end users to control, deploy, and configure applications and virtual machines across VMM deployments and public clouds. App Controller provides self-service capabilities that enable administrators to deploy and administer resources across multiple VMM servers, and across Window Azure and service-provider data center resources.
You can configure App Controller to use up to five VMM servers and their resources. App Controller provides web-based access through which you can control applications, virtual machines, and virtual machine resources, including libraries and shares.
App Controller can control as many as 20 Windows Azure subscriptions. It allows you to upload virtual hard disks and images to Windows Azure from a library or from network shares, and add virtual machines to deployed services in Windows Azure. Additionally, you can manipulate and migrate virtual machines to and from Windows Azure.
Overview of Operations Manager Operations Manager is a cross-platform monitoring and alerting solution that provides application and infrastructure monitoring. Operations Manager can monitor both physical and virtual layers, and it introduces a fabric health dashboard and cloud health dashboard. These dashboards provide status information such as host state, storage pool state, network node state, file share, and logical unit number (LUN) state. Other benefits of integrating VMM with Operations Manager, include:
MCT USE ONLY. STUDENT USE PROHIBITED
1-12 Evaluating the Environment for Virtualization
•
Monitoring the health and availability of the VMM management server, the VMM database server, and the Virtual Machine Manager library servers. You can also monitor a VMware-based virtual environment.
•
Viewing diagram views of your virtualized environment from within the Operations console.
•
Implementing PRO tips, which collect performance data from host machines, virtual machines, and applications. PRO tips enable you to automate changes to the VMM and host environment, based on the performance information that Operations Manager provides. For example, if a physical hard disk fails, an alert in Operations Manager can trigger the migration of all virtual machines from a host with a degraded disk subsystem. Another example could be using performance information to automatically scale out a web farm in response to increased transactions in VMM. The reports are available in the VMM console, but display data is retrieved from Operations Manager.
•
Enabling maintenance-mode integration. When you place hosts in maintenance mode, VMM attempts to put them in maintenance mode in Operations Manager.
•
Integrating SQL Server Analysis Services (SSAS), which allows you to run forecasting reports that can predict host activity based on history of disk space, memory, network I/O, disk I/O, and CPU usage. SSAS also supports using a SAN for usage forecasting. How to Connect VMM with Operations Manager http://go.microsoft.com/fwlink/?LinkID=286069
Overview of Orchestrator Orchestrator is the Microsoft runbook automation platform. You use Orchestrator to automate virtualization management tasks. Orchestrator allows you to create automation using the Orchestrator Runbook Designer. The Runbook Designer is a simple drag-and-drop interface that makes it easier to design processes to help accomplish complex tasks. This allows you to create quick automation without having to create and manage complex Windows PowerShell scripts.
Orchestrator has a number of built-in runbook activities that perform a wide range of functions, and that you can extend with integration packs. Integrations packs contain Runbook activities and objects
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-13
that allow Orchestrator to extend its capabilities to other Microsoft and non-Microsoft components. The Virtual Machine Manager integration pack includes tasks related to the management of VMM, virtualization hosts, and virtual guests.
Overview of Service Manager Service Manager is a System Center component that you use to automate business processes and implement service management as defined in the Information Technology Infrastructure Library and the Microsoft Operations Framework. Many prebuilt products exist for incident and problem management, and change, release, and life cycle management. Virtualization environments are dynamic by nature. Therefore, you should manage them by using documented processes and procedures that are based around the Information Technology Infrastructure Library or Microsoft Operations Framework. Service Manager can help you govern virtualization or private cloud computing with the following functionality: •
Management of incidents, problems, changes, and releases. For application and infrastructure owners, administrators, service analysts, and end users, Service Manager offers a single location from which to govern and manage deployment changes, and administrate a complex virtualization environment. Service Manager provides a SharePoint–based portal that you can customize and configure with a software or service catalogue that you can link to self-service request offerings. You can configure request offerings to trigger business approval processes and system processes that deliver the request. This provides a level of automation that significantly increases efficiency.
•
Compliance. Service Manager has a downloadable management pack that can assist you with managing and automating IT governance, risk, and compliance responsibilities, and can help you connect complex business objectives to Microsoft infrastructure.
Note: Management packs extend System Center 2012 R2 functionality, and enable integration between System Center components. You can download and install a wide variety of management packs for most System Center components. •
An integrated platform. Service Manager has several available connectors to leverage Service Manager’s full integration capabilities. You can use these connectors to import data into the Service Manager Configuration Management database from AD DS, .csvc files, and other System Center components.
Overview of DPM Data Protection Manager (DPM) is a data backup and recovery solution that works with disk-to-disk and disk-to-tape backups. You can use DPM to back up and restore Windows Servers operating system servers, and application servers such as: •
SQL Server
•
Exchange Server
•
Hyper-V
•
File servers
•
AD DS
•
SharePoint Server
DPM also includes support for system state and bare-metal recovery, offers protection for Windows desktop clients, and provides some elements of self-service.
MCT USE ONLY. STUDENT USE PROHIBITED
1-14 Evaluating the Environment for Virtualization
When planning a virtualization environment, you need to implement a backup system that will back up the following items: •
Virtual machines. Sometimes referred to as virtual machine backups, in-guest backups, or traditional backups, these backups are usually unaware of virtualization and are designed with an application in mind. For example, Exchange backups should protect Exchange components such as stores and mailboxes. Additionally, if you want to protect your entire server structure, you should perform a system-state backup and include data drivers. If you must recover your entire server structure, you must use a recovery copy that includes a full backup of all components.
•
Host server backup. Not to be confused with backing up the host itself, a host-level backup is a Hyper-V–aware backup designed to protect the virtualization files that comprise a virtual machine. Virtualization files may include virtual machine configuration files, .vhd files, and snapshots. DPM uses VSS to back up files while they run. You can use this form of backup to recover an entire virtual machine or one of its disks, in place, to the same virtualization host server, or to an alternate virtualization host server.
DPM provides the following important data center backup system features: •
VSS backups. DPM uses VSS to protect data sources while the data source continues to run. This means that applications and servers do not have to be taken offline while DPM provides the protection for them. After an initial full backup is complete, DPM can back up just the block changes, incrementally, which allows for faster and more efficient backup and recovery.
•
Hyper-V item-level recovery support. DPM can recover specific files, folders, volumes, and virtual hard disks from a host-level backup of Hyper-V virtual machines.
•
Hyper-V host and guest support. DPM supports host-based protection when the agent is installed on the host computer, and guest-based protection when the agent is installed on the virtual machine. For guests running Windows Server 2003 and newer Windows Server versions, DPM provides online backups that ensure that DPM does not impact the performance of the protected virtual machine when providing protection.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-15
•
Integration with Operations Manager. Integrating DPM with Operations Manager provides monitoring for the DPM environment via the DPM Management Pack. The DPM Central Console, which is built on Operations Manager, allows you to monitor all DPM servers from a central computer. You can use the Central Console to open a DPM Administrator Console to manage DPM remotely.
•
Integration with other System Center 2012 components. With the integration of DPM and Orchestrator, you can automate functions such as data protection and recovery. Using Service Manager and the Self-Service Portal together with DPM and Orchestrator, you can also offer these functions as services to private cloud users.
•
Self-service functionality. DPM also has a self-service function that administrators can use to configure and delegate restore functionality to self-service users. You can grant permission to restore to the same server, or to restore to an alternate server, including to which alternate servers.
•
Windows Azure Backup. You can back up DPM data to Windows Azure.
•
Linux virtual machine backup. DPM provides support for Linux virtual machines.
Note: When building a virtualization solution (or any solution), it is important to test and validate data by using the restore functionality. Ensure that you can restore each type of backup, and be sure to implement a plan with periodic testing of backup integrity.
Lesson 3
Evaluating the Current Environment for Virtualization
MCT USE ONLY. STUDENT USE PROHIBITED
1-16 Evaluating the Environment for Virtualization
Prior to implementing virtualization into your organization, you must first determine key evaluation factors that you can use to assess your organization’s virtualization requirements. You will learn about some of the available resources, including solution accelerators such as the Microsoft Assessment and Planning Toolkit (MAP). This lesson also describes some of the principal design factors for implementing a server virtualization solution.
Lesson Objectives After completing this lesson, you will be able to: •
Evaluate your organization’s requirements for server virtualization.
•
Describe the virtualization solution accelerators.
•
Describe the assessment features of MAP.
•
Assess the computing environment by using MAP.
•
Design a solution for server virtualization.
Evaluating Server Virtualization Factors When you consider the challenges presented by the traditional computer and application environments, server virtualization is an effective way to resolve many of the known issues. Planning your server virtualization project is a very important first step, and evaluating factors that will contribute to a successful virtualization project is the beginning of this process. Some of the important evaluation factors are as follows: •
Project scope. You should define the virtualization project scope as early on as possible. You should determine the business factors driving the project, the staff that is responsible for determining these factors, and their goals.
You should also determine how you will measure success. For example, if your company is migrating from Exchange Server 2007 to Exchange Server 2013, your migration project scope may include server virtualization elements, but the overall success is measured by a transparent upgrade of the organization’s email platform. However if your project scope is to implement or upgrade a server virtualization strategy, Exchange Server may just be a milestone goal of the overall consolidation or improvement program. Understanding budgets and documenting the project are also important factors. •
Resource and performance. Assessing the resource and performance of the servers to be virtualized is another evaluation factor. You can use MAP to provide detailed information on the number of hosts and the host hardware requirements. Typically, virtual machines require approximately the same resources as a physical server. For example, if a physical server is currently utilizing 1-GB RAM, you should expect the virtual machine to use the same amount of RAM, assuming that it runs the same operating system and applications as
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-17
the physical server. If a single virtual machine consumes more than half of your host’s workload, you should consider whether virtualization is appropriate or if the host’s sizing is adequate.
Hardware is not the only consideration when implementing a server virtualization solution. You also should review all aspects of a service or application’s requirements before deciding whether you can host it virtually. Some factors to consider when determining whether to virtualize server workloads are: •
Compatibility. You must determine whether the application can run in a virtualization environment. Business applications range from simple programs to complex, distributed multiple tier applications. You need to consider requirements for specific components of distributed applications, such as specific needs for communication with other infrastructure components, or requirements for direct access to the system hardware. While you can virtualize some servers easily, other components may need to continue running on dedicated hardware.
•
Applications and services. Applications and services that have specific hardware or driver requirements generally are not well suited for virtualization. An application may not be a good candidate for application virtualization if it contains low-level drivers that require direct access to the system hardware. This may not be possible through a virtualization interface, or it may affect performance negatively.
•
Supportability. You need to evaluate if a virtualized environment will support your operating system and requisite applications. Verify vendor support policies for operating system and application deployment using the virtualization technologies.
•
Licensing. You also need to evaluate whether you can license the application for use in a virtual environment. Reduced licensing costs for multiple applications or operating systems could add up and make a strong financial case for using virtualization.
•
Availability requirements. Most organizations have some applications that must always be available in a virtual environment for users. Some applications provide built-in options for enabling high availability, while other applications may be more difficult to make highly available outside of a virtual machine environment. When considering whether to virtualize a server, evaluate whether the application has high availability options, whether a virtual machine environment supports those options, and whether you can use failover clustering to make the virtual machine highly available.
The goal in most organizations is to utilize all servers adequately, whether they are physical or virtual. You can fully utilize some server roles such as SQL Server or Exchange Server Mailbox servers, by deploying additional SQL Server instances or moving more mailboxes to the server. In some cases, you can virtualize server workloads in one scenario, but not in another. For example, in a very large domain with thousands of users logging on simultaneously, it may not be practical to virtualize a domain controller. However, in a smaller domain or in a branch office deployment, virtualizing domain controllers may be your best option.
Overview of Virtualization Solution Accelerators You can use MAP to conduct network-wide deployment readiness assessments, and to determine whether you can migrate Microsoft technologies such as servers, desktops, and applications, to a virtual environment. Using MAP, you now can determine which servers you can upgrade to Windows Server 2012, which servers you can migrate to virtual machines on Hyper-V in Windows Server 2008, and which client computers you can upgrade to Windows 7. MAP is the primary tool to help you identify which applications, desktops, and servers would make ideal candidates for virtualization. You can use MAP to perform the following key functions: •
Hardware inventory. MAP uses a secure process, which does not utilize an agent, to collect and organize system resources and device information across your network from a single networked computer. Some of the examples of the information that MAP returns includes operating system information, system memory details, installed drivers, and installed applications. MAP saves this information in a local database, and then uses it to provide you with specific reports and recommendations.
MCT USE ONLY. STUDENT USE PROHIBITED
1-18 Evaluating the Environment for Virtualization
MAP uses technologies that are already available in your IT environment to perform inventory and assessments. These technologies include Windows Management Instrumentation (WMI), the Remote Registry service, Simple Network Management Protocol (SNMP), AD DS, and the Computer Browser service. You can use MAP to inventory the following operating systems: o
Windows 8
o
Windows 7
o
Windows Vista
o
Windows XP Professional
o
Microsoft Office 2010 and previous Office versions
o
Windows Server 2012
o
Windows Server 2008 or Windows Server 2008 R2
o
Windows Server 2003 or Windows Server 2003 R2
o
Windows 2000 Professional or Windows 2000 Server
o
Windows Internet Explorer 9 and previous versions
o
Hyper-V
o
Microsoft Lync
o
System Center Configuration Manager
o
System Center Endpoint Protection
o
SQL Server
o
VMware vSphere
o
VMware vCenter
o
VMware ESX
o
VMware ESXi
o
VMware Server
o
Select Linux distributions
o
LAMP application stack discovery
o
MySQL
o
Oracle
o
Sybase
o
Data analysis. MAP performs a detailed analysis of hardware and device compatibility for migration to:
Windows 8
Windows 7
Windows Server 2012
Windows Server 2008 R2
SQL Server 2012
SQL Server 2008 R2
Microsoft Office 2010
Office 365
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-19
MAP helps to gather performance metrics, and then generates server consolidation recommendations. These recommendations identify candidates for server virtualization, including how you might place the physical servers in a virtualized environment. •
Readiness reporting. MAP generates reports containing both summary and detailed assessment results for each migration scenario. MAP provides these results in Microsoft Excel and Microsoft Word documents. Readiness reports are available for many technologies including Windows 8 and Windows Server 2012. MAP also helps to gather performance metrics and generates server consolidation recommendations. These recommendations identify the candidates for server virtualization, and makes suggestions for how you might place the physical servers in a virtualized environment.
The latest version of MAP includes planning for migrating to Office 2013, migrating to the latest Windows Server and Windows client operating systems, and migrating workloads to Windows Azure.
Infrastructure Planning and Design Guides
The Infrastructure Planning and Design guides are free guides that describe architectural considerations, and streamline the design processes for planning Microsoft infrastructure technologies. Each guide addresses a unique infrastructure technology or scenario, including server virtualization, application virtualization, and Remote Desktop Services implementations.
Windows Server Virtualization Guide The Windows Server Virtualization Guide focuses on an earlier version of Hyper-V. However, it still provides guidance on how to plan and implement server virtualization on Hyper-V.
Hyper-V Security Guide
Implementing virtualization can increase the number of security issues that you must consider. This is because you must secure both the host computer and the virtual machines. The Hyper-V Security guide provides guidance and recommendations to address key security concerns about server virtualization.
Assessment Features of the MAP Toolkit Microsoft provides MAP as the primary tool for server virtualization planning. It is easy to install and it guides administrators through evaluation by making use of built-in wizards, configurations, and reports.
MCT USE ONLY. STUDENT USE PROHIBITED
1-20 Evaluating the Environment for Virtualization
Gathering information over time is one evaluation factor. You may already have evaluation data suitable for inclusion. For example, if you use Operations Manager to monitor your physical servers and virtual machines, your inventory and performance data may already be collected. You could use these Operations Manager reports to gather useful information. When you want to plan for capacity and growth, you can use DPM to review data trends by running capacity reports. The following section summarizes MAP features that you can use for server virtualization assessments.
MAP Discovery
MAP can discover Windows, Linux, Unix, and VMware servers, computers, and virtual machines. It has the following discovery methods and requirements for creating an inventory: •
AD DS. Requires domain credentials. You can use this method to discover all computers in all domains, or in specified domains, containers, and organization units.
•
Windows networking protocols, using WIN32 LAN Manager application programming interface (API). Requires the Computer Browser service to be running on the computer, or the server running MAP. You can use this method to discover Windows workgroups and Windows NT 4.0 domains.
•
Configuration Manager. MAP can use either Configuration Manager or Microsoft Systems Management Server (an older version of Configuration Manager), for discovery. For discovery, you require the primary site server name and appropriate credentials for Configuration Manager or Systems Management Server.
•
IP Address Range. You can scan for computer and servers using one or more IP address ranges, up to a maximum of 100,000 addresses.
•
NetBIOS names. You also can discover computers and servers by entering their NetBIOS names manually, or by importing the names from a text file.
MAP Performance Metrics After you have an inventory of discovered hardware, you can collect performance metrics for your assessment. To gather performance metrics, you must run the Performance Metrics Wizard. You can collect metrics for Windows and Linux-based machines by using WMI or Secure Shell. The minimum collection period is 30 minutes. You are prompted to schedule an end date and time for when the collection should stop. Note: If required, you can use the Performance Metrics Wizard to collect additional metrics. You must choose either to discard previous metrics or append the new ones to existing data. While the performance metric data collection is running, you may not be able to perform other tasks with MAP.
MAP Hardware Configuration
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-21
MAP hardware configuration provides you with details for the proposed hardware that you should use for your virtualization host servers. When you run the Hardware Library Wizard, you can enter the resources such as the number and type of processors, amount of RAM, and storage capacity. After configuring these hardware parameters, you can determine the number of host servers required. If required, you also can create a configuration for shared storage and network configurations, which will help ensure that you plan clusters and share components correctly.
MAP Server Consolidation The MAP Server Virtualization and Consolidation Wizard can help provide planning guidance for the following versions of Hyper-V: •
Window Server 2012 Hyper-V
•
Window Server 2008 R2 Service Pack 1 (SP1) Hyper-V
•
Window Server 2008 R2 Hyper-V
•
Window Server 2008 Hyper-V
To use the wizard, you must first complete an inventory, gather performance metrics, and input the hardware configuration. When you run the wizard, you can select a utilization ceiling on the proposed hardware, which allows for periodic spikes in utilization. The utilization settings include processor, memory, storage capacity, storage I/O operations per second, and network throughput. Upon completing this wizard, MAP will provide you with the recommended number of hosts.
MAP Private Cloud Fast Track
The MAP Private Cloud Fast Track Wizard provides guidance based upon a program that is a joint effort between Microsoft and its hardware partners. The goal of the program is to help organizations decrease the time, complexity, and risk of implementing private clouds.
Demonstration: Assessing the Computing Environment by Using MAP In this demonstration, you will see how to use MAP for planning server virtualization, including: •
Install MAP.
•
Use MAP to collect inventory data.
•
Use MAP to collect performance data.
•
Create a hardware configuration.
Demonstration Steps Install MAP 1.
Sign in to LON-CL1, and then navigate to and run the file \\lon-dc1\e$\labfiles\mapsetup.exe.
2.
In the Microsoft Assessment and Planning Toolkit Setup Wizard, on the Installation Successful page, ensure that the Open the Microsoft Assessment and Planning and Toolkit check box is selected, and then click Finish.
3.
On the Datasource page, in the Create or select a database section in the Name text box, type Demo, and then click OK.
Use MAP to collect inventory data 1.
In MAP, click Server Virtualization, and then click Collect inventory data.
2.
In the Inventory and Assessment Wizard, on the Inventory Scenarios page, select both Windows computers and Use Active Directory Domain Services (AD DS).
3.
On the Active Directory Credentials page, use the following credentials: o
Domain: Adatum
o
Account name: administrator
o
Password: Pa$$w0rd
MCT USE ONLY. STUDENT USE PROHIBITED
1-22 Evaluating the Environment for Virtualization
4.
On the Active Directory Options page, ensure that Find all computers in all domains, containers, and organizational units is selected, and then click Next.
5.
On the All Computer Credentials page, use the following credentials: o
Domain: Adatum
o
Account name: administrator
o
Password: Pa$$w0rd
6.
Complete the wizard.
7.
When the Inventory and Assessment page opens, review the results of the data collection, wait for the assessment to show as complete, and then close the page.
Use MAP to collect performance data 1.
Run the Performance Metrics Wizard.
2.
In the wizard, select all computers.
3.
On the All Computer Credential page, ensure that the adatum\administrator account is selected.
4.
Review the details on the metrics page, and then close the window.
Create a hardware configuration
Before you can work with MAP features, you must first cancel the running process that was initiated in the previous step. 1.
At the bottom left of the MAP console screen, in the running task drop-down list box, click Cancel processing, and then click Yes.
2.
Under the Steps to complete section, click Create hardware configuration.
3.
On the Choose Scenarios page, click General Server Consolidation/Desktop Virtualization, and then click Next.
4.
On the Hardware Configuration page, click Create New, and in the Create New text box, type Server-Type1.
5.
Complete the wizard using approximate values based on a server that you might use.
Designing a Solution for Server Virtualization Many organizations that adopt server virtualization develop a server implementation policy to virtualize all new and replaced systems. These organizations opt for deploying physical hardware as an alternative to virtualization only when a valid reason exists, such as when custom server hardware is incompatible with server virtualization, or when a server application vendor does not support their application on virtualized servers.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-23
You now can use Windows Server 2012 R2 to deploy servers with up to 320 logical processors and 4 terabytes (TB) of system memory. This, in turn, allows new capabilities for virtual workloads and is a significant improvement over earlier hypervisors. Implementing a new virtualization solution can often include assessing physical and virtual servers, or assessing an existing virtualization solution. A new virtualization solution can provide an opportunity to consolidate physical servers, and in an existing server virtualization solution, it can improve virtual machine density per host, possibly by virtualizing some more demanding workloads. As a general guideline, each virtualization project should include the following steps: 1.
Determine the virtualization scope. The first step in planning a virtualization solution is to define the project’s scope. You may have one or more projects, each working to address different parts of an overall server virtualization strategy. To ensure that a project is successful, you need to define scope, milestones, and goals.
2.
Determine the workloads. Create a list of potential workloads that you want to virtualize, identify the workloads that cannot be virtualized, then use MAP to discover and inventory all the remaining servers. Collect the performance metrics of the required servers for a suitable period of time.
3.
Determine backup and fault-tolerance requirements for each workload. You use these requirements when designing the virtual server deployment. For example, some server workloads may require frequent and consistent backup of data located inside the virtual machine, while other server workloads may require just a virtual machine-level or configuration information backup. You use the fault-tolerance requirements for the server workload when you deploy clustered virtual machines, or to provide another method for ensuring high availability for the virtual machine.
4.
Use MAP to aid in the design of the virtualization hosts. Use the hardware configurations and the MAP Server Virtualization and Consolidation Wizard to assist in the design of the host server infrastructure. As a best practice, to simplify host server management you should consider creating a standard design for all virtualization hosts. Decide if you will require a maintenance host. As part of the host server design, you also need to consider the number of virtual machines that each host computer will be running.
5.
Map workloads to hosts. After designing the host server hardware, you can start mapping the virtual machines to the host servers. There are many factors that you need to consider during this design, including: o
Host server capacity. How many virtual machines can you place on a host?
o
Reserve capacity. How much of a resource buffer do you want to implement on each host computer?
o
MCT USE ONLY. STUDENT USE PROHIBITED
1-24 Evaluating the Environment for Virtualization
Virtual machine performance characteristics and resource utilization. Can you characterize the network, CPU, disk, and memory utilization for each of the virtual machines on a host? You may choose to deploy virtual machines with different resource requirements on the same host.
6.
Design host backup and fault tolerance. Use the information that you collected on the backup and fault tolerance requirements for the virtual machines to design a backup and high availability solution for the host computers.
7.
Determine storage requirements. As part of the server workload discovery, you should have documented the storage requirements for each virtual machine. Before moving the server workloads to virtual machines, ensure that you have space for both the operating system virtual hard disks and the data associated with each virtual machine. You also need to include storage availability and performance requirements. You can use the MAP share infrastructure configuration to assist.
8.
Determine network requirements. As a final step in the virtual machine design process, you also should plan the network design. When planning your network design, you should consider a number of factors: o
What type of network access do the virtual machines require? Most virtual machines likely will require access to the physical network, but some virtual machines may only need to communicate with other virtual machines on the same host computer.
o
How much network bandwidth does each virtual machine require?
o
What are the network reliability requirements for each virtual machine?
o
Will Network Virtualization be used?
o
What non-Microsoft virtual switches will be required?
Note: A successful virtualization project is a well-documented project. Often, when adopting a new virtualization technology, a proof of concept (POC) can be of great help in determining the final infrastructure. A POC can also help bring staff up to speed on the deployment and management technologies that will be used in the final solution.
Lesson 4
Extending Virtualization to the Cloud Environment
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-25
In this lesson, you will review some of the features in Window Azure, the public cloud services offering from Microsoft. You will also learn about how and why you might want to join an on-premises infrastructure to a public cloud infrastructure, and how you could make use of a hybrid cloud computing solution.
Lesson Objectives After completing this lesson, you should be able to: •
Describe the purpose and features of Windows Azure.
•
Describe Windows Azure services.
•
Explain how to create and run virtual machines in Windows Azure.
•
Explain how to extend a data center.
What Is Windows Azure? Windows Azure is the name for the public cloud services offering from Microsoft. Window Azure services are delivered over the Internet from Microsoft data centers. Microsoft customers can subscribe to a variety of the Windows Azure services that are running in these data centers, and at a fraction of the cost of purchasing and hosting their own hardware or building their own services and software. Windows Azure delivers services such as PaaS, IaaS, and SaaS.
Individuals, customers, and Microsoft partners can use several methods to access Window Azure– based services. Partners have access to programs such as Windows Azure platform Cloud Essentials for Partners, and Cloud Accelerate. Both customers and partners can access resources through MSDN and through the Microsoft BizSpark program, each of which provides a predefined amount of resources and services to build solutions. Windows Azure Free Trial http://www.windowsazure.com/en-us/pricing/free-trial/
Windows Azure Services Windows Azure services are grouped into four categories: compute, data services, app services, and virtual networks.
Compute
MCT USE ONLY. STUDENT USE PROHIBITED
1-26 Evaluating the Environment for Virtualization
•
Websites. You can use website services to develop and deploy more secure and scalable websites, which includes integration with many source control technologies. Windows Azure supports many languages including ASP.NET (sometimes known as classic ASP), PHP, Node.js, and Python. You can also deploy a choice of SQL Server databases, or deploy MySQL. The Web Application Gallery has many open source applications, frameworks, and templates available, including WordPress, Umbraco, DotNetNuke, Drupal, Django, CakePHP, and Express.
•
Virtual machines. You can build virtual machine instances from scratch, from templates, or you can build them on your own site, and then transfer them to Windows Azure (or the other way around). Virtual machines can run a variety of workloads including many Microsoft-certified workloads such SQL Server, SharePoint Server, and BizTalk Server.
•
Mobile services. You can use these services to build mobile phone apps, including storage, authentication, and notification services for Windows apps, Android apps, and Apple iOS apps.
Data Services •
SQL Database. Windows Azure includes a SQL Database offering, previously known as SQL Azure Database. SQL Database provides interoperability, enabling customers to build applications using most development frameworks.
•
HD Insight. Windows Azure HDInsight is the Hadoop-based solution from Microsoft. Hadoop is used to process and analyze Big Data.
•
Backup. You can back up directly to Windows Azure. You can configure the cloud backups from the backup tools in Windows Server 2012 R2, or from System Center 2012 R2.
App Services •
Media Services. You can use media services to create, manage, and distribute media across a large variety of devices such as Xbox, computers running the Windows operating system, MacOS, iOS, and Android.
•
Messaging. The Windows Azure Service Bus provides the messaging channel for connecting cloud applications to on-premises applications, services, and systems.
•
Windows Azure Active Directory (Windows Azure AD). This is a modern, Representational State Transfer-based service that provides identity management and access control capabilities for cloud applications. It is the identity service used across Windows Azure, Office 365, Microsoft Dynamics CRM Online, Windows Intune, and other non-Microsoft cloud services. Windows Azure AD also can integrate with on-premises Active Directory deployments.
Network
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-27
•
Windows Azure Virtual Network. You can use the Windows Azure Virtual Network (Virtual Network) to create a logically isolated section in Windows Azure, and then connect it securely either to your on-premises data center, or to a single client machine, using an IPsec connection. Virtual Network is discussed more in-depth in the next topic.
•
Windows Azure Traffic Manager. Windows Azure Traffic Manager (Traffic Manager) is used to loadbalance inbound traffic across multiple Windows Azure services. This ensures the performance, availability, and resiliency of applications.
Virtual Machines in Windows Azure With Windows Azure, you can create and run your own virtual machines in the same way that you create and run on-premises servers. Windows Azure virtual machines are highly available and can be consumed when and as you need them.
Creating Virtual Machines After you log on to Windows Azure, you use a simple, intuitive interface that displays a list of technologies that you can work with and deploy. You can create a virtual machine by clicking the Virtual Machines icon, and from there you can choose to create a new virtual machine from scratch, or you can use templates to create the virtual machine. Templates may have the base operating system installed, and in some cases, they may include an additional application that is ready for you to work with or evaluate. The following list are few of the available virtual machine templates in the Windows Azure gallery: •
Windows Server 2012 Datacenter
•
Windows Server 2012 R2
•
Windows Server 2008 R2 SP1
•
SharePoint Server 2013
•
SQL Server 2014 Community Technology Preview 1 (CTP1) Evaluation Edition
•
SQL Server 2012 SP1 Standard Edition
•
BizTalk Server 2013 Enterprise
•
BizTalk Server 2013 Evaluation
In addition to the above lists, the Windows Azure gallery includes many Linux installation templates.
Apart from deploying a virtual machine from a template, you can create and capture your own images using familiar tools such as Sysprep, or you can create virtual machines on-premises, and then import the virtual machines into Windows Azure. Creating and Uploading a Virtual Hard Disk that Contains the Windows Server Operating System http://go.microsoft.com/fwlink/?LinkID=386656
Extending Your Data Center Virtual Network makes it easier to extend your data center by using Windows Azure in the same way that you might connect to a remote office. You manage the network topology and configuration in the same way you would for your on-premises infrastructure. You might want to connect your own infrastructure to your private Windows Azure network to meet the demands of several different scenarios. For example, you may want to connect your infrastructure and your private Windows Azure network if you are: •
Building a distributed application that is scalable on Windows Azure-hosted web servers, and are building a database or data store that resides on your own physical infrastructure.
•
Creating a client extranet.
•
Building a test lab or development environment.
•
Needing to extend you own infrastructure rapidly. Create a Virtual Network for Site-to-Site Cross-Premises Connectivity http://go.microsoft.com/fwlink/?LinkID=386655
MCT USE ONLY. STUDENT USE PROHIBITED
1-28 Evaluating the Environment for Virtualization
The Windows Azure Pack includes Windows Azure technologies that you can run inside your data center, and that enable you to offer your customers self-service and multi-tenant services.
Windows Azure Pack integrates with System Center 2012 R2 and Windows Server 2012 R2, and provides an interface that has the look and feel of the Windows Azure Management Portal. The Windows Azure Management Portal is customizable and offers a self-service user experience for provisioning, monitoring, and managing services such as Web Sites, Virtual Machines, and Service Bus. The Windows Azure Pack also has automation capabilities and additional custom services that include a runbook editor, and an execution environment. To find out more about the Windows Azure Pack for Windows Server, you can download and read the whitepaper from the following link: Windows Azure Pack for Windows Server http://go.microsoft.com/fwlink/?LinkID=386652
Lab: Evaluating the Environment for Virtualization Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-29
A. Datum Corporation is a medium-sized manufacturing company that has four subsidiaries. Each subsidiary has several hundred employees and its own data center. All subsidiaries are connected with high-speed network connections. A. Datum IT infrastructure uses only physical servers.
A. Datum is rapidly expanding. To provide greater flexibility and the capability to respond quickly to rapidly changing business environments, IT management has decided to virtualize many of the existing servers, and deploy as many new servers as possible as virtual machines. A. Datum is planning to adopt Hyper-V on Windows Server 2012 R2 as their virtualization platform.
As a senior server administrator at A. Datum, you are responsible for planning and implementing the virtualized infrastructure. The first step in deploying the virtual environment is to analyze the current A. Datum IT infrastructure, and to identify the appropriate virtualization methods for different business requirements. In addition, you also need to evaluate the existing servers and identify which servers would be appropriate candidates for virtualization.
Objectives After completing this lab, you will be able to: •
Determine which virtualization method you should use, based on the scenario.
•
Install MAP, and use it to evaluate the existing environment.
•
Perform virtualization candidate assessments.
Lab Setup Estimated Time: 45 minutes Virtual machines: 20409B-LON-CL1, 20409B-LON-DC1 User name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin, you must complete the following steps: 1.
On the host computer, start Hyper-V Manager.
2.
In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start.
3.
Repeat step 2 for 20409B-LON-CL1.
4.
Click 20409B-LON-CL1, and then In the Actions pane, click Connect. Wait until the virtual machine starts.
5.
Sign in by using the following credentials: o
User name: Administrator
o
Password: Pa$$w0rd
o
Domain: Adatum
Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines at the end of this lab. However, you can shut down all virtual machines after finishing this lab.
Exercise 1: Selecting the Appropriate Virtualization Method Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
1-30 Evaluating the Environment for Virtualization
In this paper-based exercise, you will select the appropriate virtualization method for a given scenario. Several different scenarios will be presented (including application compatibility issues, hardware consolidation, and application centralization), and you will decide which virtualization method you should use. The main tasks for this exercise are as follows: 1.
Design a virtualization solution to resolve a remote worker application scenario.
2.
Design a solution for a Microsoft Office upgrade.
3.
Design a solution for the development team.
4.
Respond to the CEO’s green initiative enquiry.
Task 1: Design a virtualization solution to resolve a remote worker application scenario A. Datum has just passed a remote worker policy that allows up to an additional 50 people to work remotely. Until now, only a few designated on-call IT staff were approved to work remotely, and they all have fixed lines and secure virtual private networks (VPNs). Remote workers will be required to use their own devices, although they should run the company’s applications, and ideally keep data such as documents, reports, and spreadsheets within the company network. 1.
Which virtualization technology can assist with the remote worker requirements?
2.
What are three of the components required to deliver the remote worker solution?
3.
Approximately four months after A. Datum has gone live with the remote worker solution, users begin to complain they cannot access the company systems from home. What could be a likely problem?
4.
When designing the virtualization solution, you must be able to accommodate a physical server failure by providing reasonable fast recovery. What are the options to achieve a fast recovery?
Task 2: Design a solution for a Microsoft Office upgrade
A. Datum urgently needs to upgrade from Office 2007 to Office 2010 for all staff. However, the remote workers, some senior managers and most the IT staff should be piloting Office 2013 at the same time. Remote workers will need to have access to both Office 2010 and Office 2013.
Providing separate computers is not an option, and application compatibility issues might exist between different versions of Microsoft Office. 1.
Which virtualization technology could help you with these requirements?
2.
You create packages for the following products: o
Microsoft Office 2010
o
Office 2013
o
Windows 7 Professional
o
Windows 8 Professional
For which other operating system do you need to create packages?
Task 3: Design a solution for the development team
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-31
A. Datum developers use Microsoft SharePoint and Microsoft SQL Server extensively. They frequently need hardware, more disk space, and extra memory for their computers that are running client hypervisors. Developers also frequently contact the helpdesk with requests for restores, or to confirm that their databases are backed up. You have some additional budget that you could use for hardware and software to help the development team, and to reduce the administrative and operation task load that they create. 1.
Which virtualization and management technology could you implement to improve the development department infrastructure?
2.
What tool can you use to find out how big the Hyper-V hosts must be to accommodate the developers’ current systems?
3.
Which System Center 2012 R2 component could help you delegate some virtual machine administration, and provide some elements of self-service to the developers?
Task 4: Respond to the CEO’s green initiative enquiry
The Chief Executive Officer (CEO) of A. Datum has asked you to provide some feedback on how your new virtualization project will meet the company’s green initiatives. Your predecessor had already obtained quotes for more power and cooling feeds to each of the company’s five data centers, to accommodate high-density blade centers that would provide the core virtualization infrastructure. •
List a few suggestions that could form part of a report to the CEO.
Results: After completing this exercise, you should have evaluated a given scenario and selected the appropriate virtualization method for that scenario.
Exercise 2: Assessing the Environment by Using MAP Scenario
In this exercise, you will install MAP and assess your environment. As the classroom environment is limiting, you will use pre-created sample database to generate different reports including a consolidation report. You also will run the Server Consolidation Wizard. The main tasks for this exercise are as follows: 1.
Install MAP.
2.
Review assessments.
Task 1: Install MAP 1.
On LON-CL1, navigate to and run the file \\lon-dc1\e$\labfiles\mapsetup.exe, and then click OK.
2.
In the Microsoft Assessment and Planning Toolkit Setup Wizard, on the Installation Successful page, ensure that the Open the Microsoft Assessment and Planning and Toolkit check box is selected, and then click Finish.
3.
On the Datasource page, in the Create or select a database section, in the Name text box, type Demo, and then click OK.
4.
Leave the MAP console open for the next task.
5.
Locate and extract the file MAP_Training_Kit.zip from \\lon-dc1\e$\labfiles to c:\map.
6.
From the Microsoft Assessment and Planning Toolkit, import map_sampleDB.bak, and use the database name of MAPDEMO.
7.
On the upgrade warning page, click Yes. This process may take a minute or two.
8.
When the sample map database has imported and upgraded successfully, click OK, and then click Close.
9.
Click File, click Select a Database, click MAPDEMO, and then click OK.
Task 2: Review assessments
MCT USE ONLY. STUDENT USE PROHIBITED
1-32 Evaluating the Environment for Virtualization
1.
On LON-CL1, run the Server Consolidation Wizard.
2.
For virtualization technology, choose Windows Server 2012 Hyper-V, and then click Sample host.
3.
On the Utilization Settings page, type 75 in each field.
4.
On the Computer List page, select all the computers, and then complete the assessment.
5.
On the Summary page, review the settings, and then click Finish.
6.
When the assessment process completes, click Close.
7.
In the MAP console, on the Server Virtualization page, review the server consolidation information, and then run the Server Virtualization Report.
8.
In File Explorer, locate and open the report.
9.
At the bottom of the Excel workbook, click each tab and review the information in the report.
10. When finished, close Excel, and then close File Explorer.
Results: After completing this exercise, you should have installed MAP and assessed a virtualization environment.
Module Review and Takeaways Review Questions Question: What are some of the reasons that you would not virtualize a server or server application? Question: Which technology can assist you in managing large volumes of virtual machines and Hyper-V clusters?
Best Practice
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1-33
When working with the MAP toolkit, consider backing up your database regularly. If you are running assessments over a long period of time, the data could become critical to the timeframe of your project.
Common Issues and Troubleshooting Tips Common Issue In MAP, when you click on most operations, you receive a warning that states, “The task processor is currently busy. You cannot perform this operation while the task processor is running. Please wait for the task processor to complete or cancel the task process before retrying this operation.”
Troubleshooting Tip
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED 2-1
Module 2 Installing and Configuring the Hyper-V Role Contents: Module Overview
2-1
Lesson 1: Installing the Hyper-V Role
2-2
Lesson 2: Managing Hyper-V
2-12
Lesson 3: Configuring Hyper-V Settings
2-20
Lesson 4: Hyper-V Host Storage and Networking
2-26
Lab: Installing and Configuring the Hyper-V Role
2-33
Module Review and Takeaways
2-39
Module Overview
In production environments, a majority of the new servers are installed on virtual machines, and not on physical machines. Windows Server 2012 R2 supports virtualization, and you can run virtual machines on it as soon as you install the Windows Server Hyper-V role. With virtualization, many virtual machines are running on the same hardware. Therefore, it is important that Hyper-V is scalable and can utilize all resources that the physical host can provide. As you will typically manage Hyper-V host remotely, you should be familiar with how to use Hyper-V Manager, and how to use Windows PowerShell for day-to-day and repetitive tasks.
This module describes how to install the Hyper-V role on Windows Server 2012 R2 operating system, and how to perform basic configuration of the Hyper-V role. You will learn that Hyper-V is available as part of Windows Server 2012 R2, and as part of Microsoft Hyper-V Server 2012 R2, which is freely available on the Microsoft website. This module also describes Hyper-V scalability, the security model that Hyper-V uses, and some of the changes that will occur when you install the Hyper-V role. You will also learn how to manage Hyper-V from a GUI, and by using Windows PowerShell. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.
Objectives After completing this module, you will be able to: •
Install the Microsoft Hyper-V role.
•
Manage Hyper-V.
•
Configure Hyper-V settings.
•
Describe Hyper-V host storage and networking.
Lesson 1
Installing the Hyper-V Role Before you can use virtualization on Windows Server 2012, you must first install the Hyper-V role. The Hyper-V role is included in the following Windows products: •
Windows Server 2008 (64-bit edition)
•
Windows Server 2008 R2
•
Windows Server 2012
•
Windows Server 2012 R2
•
Windows 8 and Windows 8.1 Pro
•
Windows 8 and Windows 8.1 Enterprise
MCT USE ONLY. STUDENT USE PROHIBITED
2-2 Installing and Configuring the Hyper-V Role
Client Hyper-V is the Hyper-V feature that comes with the Windows 8 and Windows 8.1 client operating systems. In addition to having Client Hyper-V available as a role in these products, Microsoft Hyper-V Server 2012 is available as a free download. You can install the free edition on new hosts as the underlying operating system. Hyper-V is a Layer 1 Hypervisor virtualization platform, which can run multiple isolated virtual machines on the same physical host machine. Because many virtual machines may be running on the same physical hardware, you must ensure that enough resources are available. When planning for the server hardware, you should consider the required resources such as disks, storage, networking, and high availability.
This course refers to the Windows Server 2012 R2 server with the Hyper-V role installed as a Hyper-V host. Hyper-V Server is a separate operating system, which also includes the Hyper-V feature.
Lesson Objectives After completing this lesson, you will be able to: •
Identify server platforms that provide Hyper-V as a feature.
•
Describe Hyper-V and virtual machine scalability.
•
Describe Hyper-V architecture.
•
Describe considerations for disk and storage.
•
Describe considerations for networking.
•
Describe considerations for high availability.
•
Explain changes on the host after installing the Hyper-V role.
•
Install the Hyper-V role.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Server Platforms That Provide Hyper-V Hyper-V is the Microsoft hypervisor (virtualization platform) that you can use to run multiple virtual machines on the same physical computer. Microsoft first introduced Hyper-V in Windows Server 2008, and has included it with the newer Windows Server operating systems. You can also obtain Hyper-V as part of the Hyper-V Server standalone product, and with Windows 8 or newer Windows client operating systems.
2-3
Hyper-V requires 64-bit architecture, whereas virtual machines that run in Hyper-V can be either 32-bit or 64-bit. The Hyper-V role is part of both the Standard and Datacenter editions of Windows Server 2012 R2, and Windows Server 2012 R2 is available only as a 64-bit operating system. Hyper-V Server 2012 R2 is a 64-bit operating system, and the Hyper-V feature is available only with the 64-bit version of Windows client operating systems, which are the Pro and Enterprise editions only.
Comparison of Hyper-V Features on Different Platforms
When you compare Hyper-V features on different platforms, you may notice that the Hyper-V role in Windows Server 2012 R2 has the same features as in Hyper-V Server 2012 R2. In fact, Hyper-V Server is a Server Core installation of Windows Server 2012 R2 on which only one role (Hyper-V) is available. You can manage this iteration of Hyper-V Server locally only from a command line. In comparison, Windows Server includes additional roles and features (such as Dynamic Host Configuration Protocol (DHCP) server), and you can manage the Hyper-V role locally from either a GUI or a command line. Hyper-V Server 2012 R2 is a free product, but it does not include any license for operating systems in virtual machines. This means that you should consider licensing for your virtual machines in your planning process.
Standard vs. Datacenter Editions
Windows Server 2012 R2 Standard and Windows Server 2012 R2 Datacenter editions are both licensed per physical processor, and include licenses either for two virtual machines running the Windows Server Standard operating system, or for unlimited virtual machines running the Windows Server Datacenter operating system.
Aside from virtualization rights, the only other difference between the Windows Server 2012 R2 Standard and Datacenter editions is that the Windows Server 2012 R2 Datacenter edition provides automatic activation of virtual machines (qualifying Windows Server operating systems), whereas the Windows Server 2012 R2 Standard edition has no such feature. Currently, the only qualified Windows Server 2012 R2 operating systems that are activated automatically are the Standard, Datacenter, and Essentials editions. Hyper-V Server 2012 R2 has the same virtualization capabilities as Windows Server 2012 R2, including high availability and live migration; however, it does not include any GUI interfaces, or any additional roles, or virtualization rights.
Client Operating Systems
Client Hyper-V in Windows client operating systems does not provide server-level features such as high availability or live migration. However, Client Hyper-V has the same foundation, and uses the same technology and file formats, which means that virtual machines that you create on Windows client
MCT USE ONLY. STUDENT USE PROHIBITED
2-4 Installing and Configuring the Hyper-V Role
operating systems can be used on Windows Server 2012 or Windows Server 2012 R2 and vice versa. You can use Hyper-V management tools that are included with Windows client operating systems for managing Hyper-V in Windows Server 2012 or Windows Server 2012 R2—for example, on Hyper-V Server 2012 R2. Licensing Windows Server 2012 for use with virtualization technologies http://go.microsoft.com/fwlink/?LinkID=386661 Competitive Advantages of Microsoft Hyper-V Server 2012 over the VMware vSphere Hypervisor http://go.microsoft.com/fwlink/?LinkID=386662 Automatic virtual machine activation http://go.microsoft.com/fwlink/?LinkID=386667 Windows Server 2012 R2 http://go.microsoft.com/fwlink/?LinkID=386676 Question: Your company is using Hyper-V in Windows Server 2012 R2 as a virtualization infrastructure. You are evaluating Virtual Desktop Infrastructure (VDI) for your company, which would provide Windows 8.1 desktops to 20 employees in the Finance department. Can you use Windows Server 2012 R2 Datacenter virtualization rights for setting up virtual desktops for the users in the Finance department?
Hyper-V and Virtual Machine Scalability When you are using virtualization, typically you are running multiple virtual machines on the same physical hardware. It is important that the physical hardware has enough resources (CPU, random access memory (RAM), storage, and network bandwidth) to run multiple loads, and to provide high availability and redundancy. In addition, the operating system on the physical server must be able to utilize all available resources. Previous releases of Hyper-V had some limitations. For example, previous Hyper-V versions supported up to 1 terabyte (TB) of physical RAM and up to 64 CPUs. However, Hyper-V in Windows Server 2012 and Windows Server 2012 R2 support significantly larger configurations and can fully utilize the most powerful servers.
Hyper-V enables you to create virtual machines with up to 64 virtual CPUs and 1 TB of virtual RAM, which means that you can virtualize high-performance, scale-up workloads. Virtual hard disks can be up to 64 TB in size, and virtual machines can have virtual Fibre Channel adapters to access Fibre Channel storage area networks (SANs) directly. Hyper-V in Windows Server 2012 R2 adds Generation 2 virtual machines, which support Unified Extensible Firmware Interface (UEFI), Secure Boot, and booting from small computer system interface (SCSI) controllers.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-5
Because today’s physical servers are more powerful and have more resources, it is important that the virtualization platform can utilize them. The following table lists the maximum resources that Hyper-V can utilize. Component
Maximum
Logical processors
320
Running virtual machines per server
1,024
Virtual processors per server
2,048
Memory
4 TB
Physical network adapters
No limits imposed by Hyper-V
Note
This is the number of cores that Hyper-V can utilize.
No virtual processor per logical processor ratio is imposed by Hyper-V.
Each external virtual switch requires a separate adapter.
The following table lists the maximum resources that you can configure on each virtual machine. Component
Maximum
Virtual processors
64
Memory
1 TB
Virtual hard disk capacity
64 TB / 2 TB
Virtual integrated device electronics (IDE) disks
4
Virtual SCSI disks
256
Virtual Fibre Channel adapters
4
Checkpoints
50
Virtual network adapters
12
Note: The .vhdx format supports 64 TB, and the .vhd format supports 2 TB.
With virtualization, multiple virtual machines are running on the same physical host. Therefore, the virtualization platform should be highly available. To meet this requirement, Hyper-V utilizes the failover clustering feature. The following table lists the maximum number of components that apply to a Hyper-V failover clustering environment. Component
Maximum
Nodes per failover cluster
64
Running virtual machines per cluster
8,000
Note
Nodes should have enough resources if failover happens.
Hyper-V Scalability in Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=386675 Question: You plan to virtualize a computer that is running Microsoft SQL Server. The computer has 8 processors and 96 gigabytes (GB) RAM. Can you virtualize the computer on Hyper-V in Windows Server 2012 R2 and have the same resources? Can you virtualize it on Hyper-V on servers running Windows Server operating systems prior to Windows Server 2012?
Hyper-V Architecture When you install Windows Server 2012 R2, the operating system accesses the server hardware directly by using device drivers. Device drivers run in the kernel mode and have full system access. Programs such as Microsoft Office are executing in the user mode and have limited access to the system.
MCT USE ONLY. STUDENT USE PROHIBITED
2-6 Installing and Configuring the Hyper-V Role
After you add the Hyper-V role to Windows Server 2012 R2, a thin hypervisor layer between the operating system and the server hardware is added, which is one of the reasons a system restart is required. The currently installed operating system moves into the parent partition, from where you can create and manage child partitions. Child partitions are isolated and often called virtual machines. The virtualization stack runs within the parent partition, and by using device drivers in the parent partition, has direct access to server hardware. Child partitions cannot access server hardware directly. Instead, they are presented with virtual devices, which communicate through the virtual machine bus (VMBus) with virtual service providers in the parent partition. Device access requests from child partitions are redirected either through the VMBus or through the hypervisor to the device drivers in the parent partition. The VMBus manages the requests, and it is a logical and the fastest communication channel between parent and child partitions. The parent partition hosts virtual Service Providers, and child partitions host Virtual Service Clients, which redirect device requests to virtual Service Providers in the parent partition through the VMBus. Hyper-V provides software infrastructure and management tools that you can use to create and manage child partitions. You can install a 32-bit or 64-bit operating system into child partitions. Newer operating systems such as Windows Server 2012 R2, Windows 8.1, or certain Linux distributions are aware that they are running in virtual environment and that they include VMBus support. Older operating systems such as Windows Server 2008 do not include VMBus support by default, but you can add support by installing Integration Services. Legacy operating systems that are not supported by Integration Services can still run in the child partition, but they will not be able to use VMBus, and device emulation will be used for all virtual devices. Hyper-V architecture http://go.microsoft.com/fwlink/?LinkID=386663 Question: You install Windows Server 2012 R2 on a virtual machine named VM1. Can you monitor disk input/output (I/O) for the physical server from VM1?
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Considerations for Disk and Storage Each server role has different disk and storage requirements, and the same is true for the Hyper-V role. Hyper-V hosts run multiple virtual machines, and each virtual machine requires enough storage and disk access that is also as fast as possible and high availability. To provide faster access, Hyper-V hosts will typically have multiple disks. solid-state drives (SSDs) are not uncommon, because they provide much higher access and throughput. Most Hyper-V hosts also use shared storage, which is recommended for high availability.
2-7
Although you can configure virtual machines to access disks directly, they typically use virtual hard disks, which are managed by the Hyper-V host. Hyper-V can use the following different types of physical storage to store virtual hard disks: •
Direct-attached storage (DAS). DAS is storage that is directly attached to the physical host. You can use different bus types for attaching DAS, such as SCSI, Serial Attached SCSI, Serial ATA (SATA), external Serial Advanced Technology Attachment, or USB. USB is never recommended for server environments.
•
SAN. SAN is storage that the operating system on the host accesses over a dedicated or nondedicated network. SAN provides block-based access, and is presented as local storage by the host. You can use protocols such as Internet SCSI (iSCSI), Serial Attached SCSI, or Fibre Channel for attaching SAN storage. You can use SAN for shared storage, and it is often used for this purpose.
•
Network-attached storage (NAS). NAS is storage that the host operating system accesses over a network, and it provides file-based access. Windows Server 2012 and newer versions can use file shares as the storage for storing virtual hard disks over Server Message Block (SMB) 3.0 or newer protocols. Shared folders are increasingly popular, because they are an inexpensive option for shared storage, and they provide additional benefits such as SMB Transparent Failover, SMB Multichannel, and SMB Direct.
Aside from the operating system on the Hyper-V host, each virtual machine requires additional storage for its data files. Virtual machines can utilize much more storage than is required for the virtual machine operating system, installed programs, and data files. It is also important to remember that virtual machine storage requirements can increase through time. Virtual machines use storage for: •
.vhd and .vhdx files. These files include the entire hard disk content, as the virtual machine sees it. This includes operating system files, applications, and user and data files. Based on the virtual hard disk type, .vhd or .vhdx files can be single or multiple files, and they can have fixed size or can be dynamically expanding. Although a single virtual machine typically does not have many virtual hard disk files, their size is considerable and can be measured in gigabytes.
•
Configuration. Configuration stores virtual machine settings, and specifies which virtual devices are for use by the virtual machine. Configuration settings are stored in XML format, and are a few kilobytes in size.
•
Checkpoints. Checkpoints are optional, and enable you to revert a virtual machine to an earlier state. Checkpoint size depends on the virtual machine state (is the virtual machine running or not), and the RAM that is assigned to the virtual machine. Prior to Windows Server 2012 R2, checkpoints were also referred to as snapshots.
•
MCT USE ONLY. STUDENT USE PROHIBITED
2-8 Installing and Configuring the Hyper-V Role
Saved state. Saved state is created when you save a virtual machine. It includes the virtual machine memory, which is written to the hard disk. Saved state size is approximately the same size as the virtual machine RAM.
Note: Later in this module, you will find more extensive and in-depth information on how the Hyper-V host uses disk and storage. Question: Which virtual machine component requires the most storage space?
Considerations for Networking For some workloads, a single network interface card (NIC) may be sufficient; however, Hyper-V hosts will often have multiple NICs. Although a Hyper-V host can be fully functional with a single NIC, we do not recommend this. A single NIC does not provide redundancy, and if the NIC fails, the Hyper-V host and all the virtual machines that are running on that host will lose network connectivity. A Hyper-V host may need to have more NICs for a number of reasons, including higher bandwidth for multiple virtual servers sharing the same pipe, better performance, management, and redundancy. There is no single best recommendation on how many NICs a Hyper-V host should have, and different factors such as virtualization load, storage type used, and Hyper-V features used, can all influence that number. Consider the following recommendations as basic guidance: •
A dedicated NIC for host management. Because you may manage the Hyper-V host remotely, you may want to have a dedicated NIC just for that purpose. We typically do not recommend that you use the same NIC for virtual machine access and Hyper-V management.
•
At least one NIC for virtual machine networks. If you want to provide virtual machines with connectivity to an external network, you should dedicate at least one NIC for that purpose. This number can increase for more complex virtual network scenarios, or if redundancy (such as NLB) is required. If some of your virtual machines require higher network bandwidth, then we recommend creating a network team of NICs within the host operating system, and then attaching the NIC network to the external network.
•
At least one (and in some cases multiple) NICs for accessing shared storage (iSCSI or Fibre Channel). Storage communication should have a dedicated network, and the second NIC provides redundancy (multipath). This network also is used for accessing Cluster Shared Volumes (CSVs), if you are using Hyper-V failover clustering.
•
A dedicated NIC for failover clustering. We recommend that cluster nodes send heartbeat and other inter-node cluster communication over a dedicated network.
•
At least one NIC for live migration. Hyper-V can migrate virtual machine components such as virtual disks, configuration, and checkpoints between Hyper-V hosts. It can also migrate between Hyper-V hosts entire virtual machines that are running. You should use a dedicated network for live migration.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-9
Windows Server 2012 R2 includes Network Adapter Teaming (NIC Teaming), which you can use to consolidate multiple NICs and use them as a single interface. This provides higher network throughput and redundancy. You can also enable bandwidth management to limit bandwidth available to each network adapter in the virtual machine. Note: Module 4 provides a more details on NIC Teaming. Windows Server 2012 Hyper-V Best Practices http://go.microsoft.com/fwlink/?LinkID=386657 Question: Why would you not use the same network adapter in a Hyper-V host for performing remote Hyper-V administration, and for providing network access to virtual machines that are running on the Hyper-V host?
Considerations for Providing High Availability High availability enables service or virtual machines to be available even in a case of physical component failure. Without high availability, if a server fails, everything on that server is no longer available. If a server is running a single server load, outage caused by failure can be considerable. However, with virtualization, if a single server is running multiple virtual machines, outages caused by server failure multiply. Therefore, It is critical that virtual machines and services are highly available. When planning Hyper-V deployment, you should consider how to provide high availability for your load. When implementing virtual machines in Hyper-V, you have the following options: •
Hyper-V host-based failover clustering. You can implement failover clustering on the Hyper-V host servers, and then use the Failover Cluster Manager to configure the virtual machines to be highly available. You must configure Hyper-V hosts as Cluster Nodes, and configure them with properly configured shared storage. The shared storage must be able to store highly available virtual machines. If the Hyper-V host fails, the highly available virtual machine will fail over to another Hyper-V host in the failover cluster, and the cluster will attempt to restart the virtual machine. This will make the virtual machine available even if the Hyper-V host fails.
•
Guest failover clustering. This option provides high availability for cluster roles that are running inside virtual machines. You must configure virtual machines with shared storage, which can be on an iSCSI target, a Fibre Channel SAN, or a shared virtual hard disk that is stored on an SMB 3.0 share or scaleout file server. If a virtual machine fails, cluster roles that are running on the virtual machine will fail over to another virtual machine in the failover cluster, and the cluster will attempt to restart the failed virtual machine. This will make cluster roles available even if the individual virtual machine fails. You can use this approach with services and applications that are configurable as clustered roles.
•
Virtual machine-based Network Load Balancing (NLB). You can use NLB inside virtual machines just as you use NLB with physical servers. NLB provides fault tolerance for stateless applications by distributing inbound traffic across multiple virtual machines running the same application. If a virtual
MCT USE ONLY. STUDENT USE PROHIBITED
2-10 Installing and Configuring the Hyper-V Role
machine fails, remaining virtual machines in NLB will pick up the requests. When you implement NLB in a virtual machine environment, you should configure virtual machines on different Hyper-V hosts to be NLB members. With such configuration, the application that virtual machines provide is not disrupted if a Hyper-V host or virtual machine fails. •
Application-specific clustering. Some enterprise applications such as SQL Server or Microsoft Exchange Server have built-in failover capabilities. These applications can utilize failover clustering, but also include their own features such as database mirroring and continuous replication.
Each of these options provides a high availability solution in a Hyper-V environment. You should select the most appropriate option for each virtualized workload. Microsoft High Availability Overview http://go.microsoft.com/fwlink/?LinkID=386660 Question: You need to provide virtual machine-based failover clustering. What can you use for shared storage?
Host Changes After Installing the Hyper-V Role Hyper-V in Windows Server it is not installed by default. Based on your needs and preferences, you can install it locally or remotely by using different approaches. If you prefer using a GUI, you can add the Hyper-V role by using the Add Roles and Features Wizard from Server Manager. You can also add the role by using the Windows PowerShell Install-WindowsFeature cmdlet, or by using the dism.exe command in a Command Prompt window. After you add the Hyper-V role, you must restart the server twice before you can use Hyper-V. Installation of the Hyper-V role results in the following important changes to the host: •
The previously installed operating system is moved into the parent partition.
•
A hypervisor is added between the operating system and server hardware, and is configured to start automatically.
•
Hyper-V management tools such as the Hyper-V Manager snap-in, the Virtual Machine Connection tool, and the Hyper-V Windows PowerShell module are added to the parent partition.
•
Installing the Hyper-V role also adds several services, including Performance Monitor counters, Applications and Services logs, and Windows Firewall rules, and it creates the Hyper-V Administrators group in the parent partition. Question: How can you verify that you have added Hyper-V hypervisor successfully and configured it to start automatically on the host? Question: You installed the Hyper-V role in Windows Server 2012 R2. Do you need to create Windows Firewall rules to enable remote management of Hyper-V?
Demonstration: Installing the Hyper-V Role In this demonstration, you will see how to install the Hyper-V role.
Demonstration Steps
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-11
1.
On LON-HOST2, in Windows PowerShell, use the Get-WindowsFeature cmdlet to verify that the Hyper-V role is not installed.
2.
In Windows PowerShell, use the Get-Command –Module Hyper-V cmdlet to verify that the Hyper-V module is not yet installed.
3.
In Windows PowerShell, use bcdedit.exe to verify whether the hypervisor is configured to start automatically.
4.
On the Start screen, search for and confirm that no program with the word hyper in the name is installed.
5.
Confirm that only one counter starts with the word Hyper-V in Performance Monitor, Hyper-V Dynamic Memory Integration Service.
6.
Confirm that no inbound Windows Firewall rules that start with the word Hyper-V display.
7.
Install Hyper-V role on LON-HOST2 by using the Windows PowerShell cmdlet Install-WindowsFeature with the –IncludeManagementTools parameter.
8.
Switch to LON-HOST1.
9.
On LON-HOST1, in Windows PowerShell, use the Get-WindowsFeature cmdlet to verify that Hyper-V is installed.
10. In Windows PowerShell, use the Get-Command –Module Hyper-V cmdlet to verify that the Hyper-V module is installed. 11. In Windows PowerShell, use bcdedit.exe to verify that hypervisor is configured to start automatically. 12. Confirm that Hyper-V Manager and Hyper-V Virtual Machine Connection programs are installed. 13. Confirm that now there are multiple counters available in Performance Monitor that start with the word Hyper-V. 14. Confirm that now there are inbound Windows Firewall rules that start with the word Hyper-V.
Lesson 2
Managing Hyper-V
MCT USE ONLY. STUDENT USE PROHIBITED
2-12 Installing and Configuring the Hyper-V Role
You will usually manage Hyper-V remotely, and not locally on the server where you installed it. Regardless of from where you manage Hyper-V, you have two options: you can administer it in a GUI by using Hyper-V Manager, or by using Windows PowerShell. When you manage Hyper-V remotely, you must install the administrative tools locally on your remote machine. Ensure that you can connect to the server that is hosting the Hyper-V role, and that you have appropriate permissions that allow you to manage Hyper-V.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the Hyper-V Manager console.
•
Explain the addition of the Hyper-V Manager console.
•
Install and use Hyper-V Manager.
•
Explain how to use Windows PowerShell to manage Hyper-V.
•
Explain how to manage Hyper-V in a workgroup environment.
•
Describe the Hyper-V Best Practices Analyzer.
•
Describe the Hyper-V security model.
Overview of the Hyper-V Manager Console You can use the Hyper-V Manager console to manage the Hyper-V host, and any virtual machines that you configure on the Hyper-V host. You can access this console in several ways, such as from Start screen, in Server Manager, from Administrative Tools in Control Panel, or by adding the Hyper-V Manager snap-in to a blank Microsoft Management Console (MMC). You can use Hyper-V Manager to administer multiple Hyper-V hosts, but for larger deployments, you should use other tools such as the Microsoft System Center 2012 – Virtual Machine Manager. Note: System Center 2012 R2 is required to manage Windows Server 2012 R2. System Center 2012 with Service Pack 1 (SP1) (or a newer version) is required to manage Windows Server 2012.
The Hyper-V Manager console has three panes. The navigation pane on the left provides a listing of all connected Hyper-V hosts. The details pane in the middle provides information about the virtual machines on the selected Hyper-V host. Detailed information includes their state, CPU usage, and assigned memory. You can also add or remove additional columns in this pane. The details pane also lists checkpoints (point-in-time snapshots), summary, memory, networking, and replication details for selected virtual machine. The Actions pane on the right is divided into two parts: at the top are the actions available for managing the Hyper-V host; below that is the contextual Actions pane that allows you to manage the
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-13
selected virtual machine. The same actions are available when you right-click the host in the navigation pane, or right-click the virtual machine in the details pane. Question: Your virtualization environment has three Hyper-V hosts. In Hyper-V Manager, can you view Manager the virtual machines on all three Hyper-V hosts simultaneously?
Adding the Hyper-V Manager Console When you install Hyper-V role by using the Add Roles and Features Wizard, the Hyper-V Manager console is added automatically. However, when you install the role by using the Install-WindowsFeature cmdlet, you must add the -IncludeManagementTools parameter. Otherwise, the Hyper-V Manager will not be installed. In addition, if you install Hyper-V with dism.exe, the Hyper-V Manager console is not added automatically. The Hyper-V Manager console and the Hyper-V Module for Windows PowerShell are Windows roles (and role services), and you can add them to any Windows Server 2012 R2 computers. This is especially useful if you need to manage Hyper-V from a server that does not have the Hyper-V role. You can also use Hyper-V Manager to manage Hyper-V Server 2012 R2 remotely from a GUI.
If you want to administer Hyper-V from a Windows 8 or newer Windows client operating system computer, you need only to turn on the Hyper-V Management Tools feature. This is because Hyper-V is part of the Windows client operating system. If you need to administer Hyper-V from a Windows 7 computer, you must first download and install Remote Server Administration Tools (RSAT) for Windows 7, and then you can turn on the Hyper-V Management Tools feature. You should be aware that if you want to administer Hyper-V from older operating systems such as Window 7 or Windows Server 2008 R2, you will not be able to configure all Windows Server 2012 R2 Hyper-V features. You can administer Hyper-V from your device even if Hyper-V Manager is not available for the device, provided it supports Remote Desktop Protocol (RDP). You can allow remote desktop connections to a computer where Hyper-V Manager is installed, and then connect to it from your device. Question: Do you need to install RSAT on a Windows 8.1 workstation if you want to use it for managing Hyper-V hosts?
Demonstration: Installing and Using Hyper-V Manager In this demonstration, you will see how to install and use Hyper-V Manager.
Demonstration Steps 1.
Sign in to LON-CL1 with the user name Adatum\Administrator and password Pa$$w0rd.
2.
Confirm that no program that has the word hyper in the name is installed on LON-CL1.
3.
In Windows PowerShell, use the Get-WindowsOptionalFeature cmdlet to confirm that Hyper-V management tools are not installed.
4.
Use the Windows Features window to enable the Hyper-V Management Tools feature.
5.
In Windows PowerShell, use the Get-Command –Module Hyper-V cmdlet to confirm that the Hyper-V module has been installed.
6.
Confirm that two programs, Hyper-V Manager and Hyper-V Virtual Machine Connection, are installed on LON-CL1.
7.
Add LON-HOST1 to Hyper-V Manager, and review Hyper-V Settings for LON-HOST1.
Using Windows PowerShell to Manage Hyper-V
MCT USE ONLY. STUDENT USE PROHIBITED
2-14 Installing and Configuring the Hyper-V Role
You can manage Hyper-V from the GUI by using the Hyper-V Manager console. However, that is not always practical, especially when you need to automate administrative tasks or perform the same task on multiple Hyper-V hosts or virtual machines. In such situations, Windows PowerShell is a solution that also works for administrators who prefer to use a command-line interface. Windows PowerShell is part of Windows Server, and it is designed for users to control and automate the administration of Windows operating systems. Everything that you can configure through a Windows GUI, you can also configure by using Windows PowerShell. This is also true for managing the Hyper-V role. In Hyper-V Manager, you can view available options either in the Actions pane, or when you right-click an object. To list all the Windows PowerShell commands (called cmdlets) that you can use to manage Hyper-V, from a Windows PowerShell window, simply run the following cmdlet: Get-Command -Module Hyper-V
You can pipe the result to the Measure alias by using the following command: Get-Command –Module Hyper-V | Measure
When you do this, you will discover that Windows Server 2012 R2 includes 178 cmdlets in the Hyper-V module. If you need the detailed cmdlet syntax, you can use the following command: Get-Help
If you remember only part of the cmdlet, you can use the following command, where part of name is the part of the cmdlet that you can remember: Get-Command cmdlet (Get-Command *part of name*)
Parts of Cmdlets Cmdlets have consistent verb-noun names, so in most cases you will know from a cmdlet name what action it will perform. Some examples are as follows: •
Cmdlets starting with Get- will return the object property values, and will not modify objects in any way.
•
Cmdlets starting with Set- will set object property values, and you can use these cmdlets for configuring objects.
•
Cmdlets starting with Disable- will disable objects.
•
Cmdlets starting with Enable- will enable objects.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-15
The second part of a cmdlet name specifies the object type on which the cmdlet will act. Some examples are as follows: •
Get-VMHost lists Hyper-V host information.
•
Set-VMSwitch configures a virtual switch by setting its properties.
•
Enable-VMMigration enables migration on one or more virtual machine hosts.
You can specify the server on which you want to run the cmdlet by using the -ServerName parameter. You also can specify more than one server: Get-VMHost -ServerName LON-DC1, LON-SVR1
Another Windows PowerShell feature is pipeline ( | ), which you can use to pass results between cmdlets. For example, if you want to save all virtual machines on LON-HOST1, you can run the following command: Get-VM -HostName LON-HOST1 | Save-VM
If you want to start only virtual machines that have DC in their name and are hosted on LON-HOST1, you can run the following command: Start-VM -Name *DC* -HostName LON-HOST1
When you run some cmdlets (for example Get-VMHost), you cannot see the entire output because of formatting. However, you can always format output differently, for example by directing the output to the Format-Table cmdlet (or to the ft alias): Get-VMHost -HostName LON-HOST1 | ft
These examples are very basic examples of what you can do with Windows PowerShell. By using these basic commands, you can start exploring Hyper-V with Windows PowerShell. You can also use Windows PowerShell Integrated Scripting Environment (ISE), which includes an editor in which you can run cmdlets. You also can use Windows PowerShell ISE to write, test, and debug scripts in a single GUI with multiline editing, tab completion, syntax coloring, selective execution, and context-sensitive help. Question: What must you do to be able to administer Hyper-V by using Windows PowerShell?
Managing Hyper-V in a Workgroup Environment A Hyper-V host can be an Active Directory Domain Services (AD DS) member, or a member of a workgroup. This has no effect on the virtual machines that are running on the Hyper-V host. However, AD DS membership greatly simplifies Hyper-V host management. AD DS does require additional infrastructure because domain controllers and a DNS server are required, but in most environments, they are already available and in use.
MCT USE ONLY. STUDENT USE PROHIBITED
2-16 Installing and Configuring the Hyper-V Role
When you install the Hyper-V role, Windows Firewall rules for remote management of Hyper-V are created, and by default, enable remote connections and management. If the Hyper-V host is an AD DS member, domain Group Policies apply to it. In this case, you can use your domain credentials to manage Hyper-V remotely if your user account has sufficient permissions, without any additional configuration. However, if Hyper-V host is not an AD DS member (which can be the case in small, high security, or test environments), additional configuration is required if you want to manage the Hyper-V host remotely. You must ensure that Windows Firewall allows remote management. In a server with a GUI, you create and enable firewall rules by default when you install the Hyper-V role. However, in a Server Core installation or in Hyper-V Server, you must enable firewall rules manually.
Remote management is enabled by default in Windows Server 2012 R2, but you still need to grant administrative rights remotely to local users, which you can do by running the command winrm quickconfig. You must also create a local user with the same username and password as the domain user that will be managing Hyper-V host, and then grant the local user sufficient permissions by adding him or her to the Hyper-V Administrators local group. Because Component Object Model (COM) security is set to allow remote access for Everyone by default, no further configuration on the Hyper-V host is required. Make sure that Hyper-V management tools are installed on the computer from which you want to manage the Hyper-V host remotely. Then, when you open the Hyper-V Manager console, you should be able to connect to the remote Hyper-V host and manage it remotely. Best Practice: To simplify configuration of a workgroup member Hyper-V host for remote management, use the Hyper-V Remote Management Configuration Utility (HVRemote). Hyper-V Remote Management Configuration Utility (HVRemote) http://go.microsoft.com/fwlink/?LinkID=386659 Question: Can you join virtual machines to the domain if they are running on a Hyper-V host that is a member of a workgroup?
Hyper-V Best Practices Analyzer Best practices for configuring a server are guidelines on how you should configure a server to be as effective and as secure as possible in a typical environment. For example, a best practice is to keep open only ports that the server requires to communicate with other computers, and to block all other unused ports. However, sometimes it is not possible to follow all best practices. This is not necessarily problematic, but it is helpful if you are aware of the best practices you are not implementing, and you can explain why you are configuring your server differently from the guidelines provided in the best practices.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-17
The Best Practices Analyzer (BPA) is a rule-driven framework that can scan server roles for compliance with best practices. The Hyper-V BPA in Windows Server 2012 R2 is installed as part of the Hyper-V role, and includes over 110 rules, which are grouped in several categories. Some of these categories are Hyper-V and virtual machine configuration, Networking, Storage, and Backup. Hyper-V BPA rules includes many best practice recommendations, such as the following: •
Hyper-V should be the only enabled role on the server.
•
The Server Core installation option for Windows Server 2012 is recommended for servers running Hyper-V.
•
Domain membership is recommended for servers running Hyper-V.
•
Virtual machines should be backed up at least once a week.
•
All networks for live migration traffic should have a link speed of at least 1 gigabits per second (Gbps).
BPA is available as part of Server Manager or as Windows PowerShell cmdlets, contained in the BestPractices module. You can use BPA to increase best practices compliance by scanning one or multiple roles simultaneously, on either local or remote Hyper-V hosts, and regardless of whether you run scans using the Best Practices Analyzer tile in Server Manager, or use Windows PowerShell cmdlets. You also can instruct BPA to exclude or ignore scan results that you do not want to view. BPA measures compliance with each best practice rule. Results can have one of the three following security levels: •
Error. Configuration is not compliant with best practices, and can potentially cause functionality problems.
•
Information. Configuration is compliant and in accordance with best practice rules.
•
Warning. Configuration is not compliant, and the results of noncompliance can cause problems if changes are not made. The configuration might be compliant as currently operating, but may not be compliant if changes are not made.
After you perform a BPA scan in Server Manager, you can view compliance results in the BPA section. When you select a result in this section, a preview pane in the section displays result properties, including an indication of whether the role is compliant with the best practice. If a result is not compliant, and if you want to know how to resolve the problem, you click links in the Error and Warning result properties section.
Run Best Practices Analyzer Scans and Manage Scan Results http://go.microsoft.com/fwlink/?LinkID=386668 Question: Should you always configure your Hyper-V host as best practices rules suggest?
Hyper-V Security Model You implement security for Hyper-V differently than for most other Windows components that control access to objects by using access control lists (ACLs). Hyper-V uses a role-based access control (RBAC) role, which means that resources are owned by the system, and users are granted access to these resources by being assigned to predefined roles. The Authorization Manager framework is used to configure RBAC for Hyper-V. Authorization Manager is deprecated in Windows Server 2012, but it is still available in Windows Server 2012 R2.
MCT USE ONLY. STUDENT USE PROHIBITED
2-18 Installing and Configuring the Hyper-V Role
Authorization Manager uses an authorization store for storing authorization information, and this store can either be located in Active Directory, an XML file, or SQL Server. The default Hyper-V authorization store is located in the C:\ProgramData\Microsoft\Windows\Hyper-V\InitialStore.xml file. Authorization Manager is not often used, and many Hyper-V Administrators prefer to use either scripting or VMM to implement security.
Simple Authorization
Two types of users work with Hyper-V authorization: administrators in enterprises who require complex authorization policy, and administrators in smaller environments. Administrators in enterprises typically use VMM, which hides Authorization Manager from them. If administrators in smaller environments are not using VMM, then they must use Authorization Manager, even for a simple authorization policies. By doing this, administrators can avoid having to make users who need to manage Hyper-V, local administrators.
Hyper-V in Windows Server 2012 R2 uses a new security model called Simple Authorization. Simple Authorization provides an alternative to using Authorization Manager to manage simple authorization policy. It also improves the experience of granting Hyper-V administrator privileges to accounts, without granting local administrator privileges on the Hyper-V host. As a result, security of the Hyper-V host is improved. You implement Simple Authorization on the Hyper-V host by creating a local security group named Hyper-V Administrators. A group with the same name is also added at the domain level. Both groups (local and domain) are empty by default. The Hyper-V Administrators group is also included in the Authorization Manager authorization store. The local group is included in the workgroup Hyper-V host, but as soon as the server is joined to the domain, the domain group replaces the local group in the authorization store.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Members of the Hyper-V Administrators group have complete and unrestricted access to all Hyper-V features. They are granted permissions in: •
Authorization Manager
•
DCOM permissions
•
Windows Management Instrumentation (WMI) virtualization namespace permissions
•
Common Information Model version 2 (CIMv2) namespace permissions Configure Hyper-V for Role-based Access Control http://go.microsoft.com/fwlink/?LinkID=386664 Question: You need to allow a user to manage virtual machines on a Hyper-V host, but this user must not be able to manage Hyper-V host settings. What should you do?
2-19
Lesson 3
Configuring Hyper-V Settings
MCT USE ONLY. STUDENT USE PROHIBITED
2-20 Installing and Configuring the Hyper-V Role
Hyper-V settings control the Hyper-V host. For example, Hyper-V settings determine where new virtual machines will be created by default, whether Hyper-V is configured with RemoteFX adapters, whether virtual machines and virtual machine storage can be transferred via live migration, and if the host is configured as a Hyper-V replica. You can configure Hyper-V settings in Hyper-V Manager, or in Windows PowerShell. You should be familiar with available options (such as non-uniform memory access (NUMA) spanning or enhanced session mode policy) before configuring them.
Lesson Objectives After completing this lesson, you will be able to: •
Describe Hyper-V settings.
•
Configure Hyper-V settings.
•
Describe NUMA.
•
Describe RemoteFX.
•
Describe enhanced session mode.
•
Describe resource pools.
Overview of Hyper-V Settings You can use the Hyper-V Manager console or Windows PowerShell to manage Hyper-V settings. If you want to change the Hyper-V settings, you can right-click Hyper-V host in the navigation pane of Hyper-V Manager, and then click Hyper-V Settings, or click Settings in the Actions pane. You can configure the following settings in the Settings window: •
Virtual Hard Disks. This setting specifies the default folder location for virtual hard disks that you create on the Hyper-V host. When you are running the New Virtual Hard Disk Wizard, the location that you configure here will be used. By default, virtual hard disks are created in the Public profile, and you should modify this default location.
When you are determining where to store the .vhdx and .vhd files, you should consider performance, high availability, and available space. You should consider storing .vhd files on a separate disk, and then distribute the .vhd files across as many disks as are available. If a SAN is available, you may consider configuring this setting to point to a SAN logical unit number (LUN). If SMB 3.0 shares are available, you can configure settings to point to this network location also. •
Virtual Machines. This setting specifies the default folder location for storing virtual machine configuration files. When running the New Virtual Machine Wizard, the location that you configure here will be used. You should have similar considerations as with virtual hard disks, and if you want virtual machines to be highly available, this location should point to a shared location on either a SAN or SMB 3.0 share.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-21
•
Physical GPUs. This setting applies to Remote Desktop Virtualization and the VDI implementation. If you want to enable RemoteFX 3D Video Adapters in virtual machines, you must install the Remote Desktop Virtualization Host role service, and the Hyper-V host must have a physical graphics processing unit (GPU) that supports RemoteFX.
•
NUMA Spanning. This setting allows virtual machines to span across NUMA nodes when CPU or memory resources are needed. The default setting is to allow spanning, but administrators should consider whether this is the optimal configuration for the applications and services that are running in their virtual machines.
•
Live Migrations. This setting defines whether Hyper-V host can participate in virtual machine live migrations. This setting is not enabled by default. If you enable this setting, there are additional configuration options from which to choose, such as authentication protocol, maximum number of simultaneous live migrations, which networks can be used for live migrations, and performance options.
•
Storage Migrations. This setting controls how many storage migrations can occur simultaneously on the Hyper-V host. The default setting is 2.
•
Enhanced Session Mode Policy. This setting defines whether redirection of local devices and resources to virtual machines is allowed. The default Enhanced Session Mode Policy setting is to not allow redirection. Enhanced session mode requires a supported operating system on the virtual machine and requires additional virtual machine configuration.
•
Replication Configuration. This setting determines when Hyper-V host can be used as a Hyper-V Replica server. The default setting is that Hyper-V is not enabled as a replica server. If you enable it as a replica server, you can configure additional settings such as authentication, and from which servers replication is allowed.
You can also configure the following user settings: •
Keyboard. This setting controls how Windows key combinations (for example, Alt+Tab) are used when using the Virtual Machine Connection interface. The default setting is to allow use of key combinations with the virtual machine.
•
Mouse Release Key. This setting controls the key combination for releasing the mouse in the Virtual Machine Connection interface, when the guest operating system does not have Integration Services installed.
•
Enhanced Session Mode. This setting controls whether you want to use enhanced session mode with Virtual Machine Connection, when an enhanced session mode is available in a guest operating system. This setting is enabled by default. This setting allows the use of full Remote Desktop capability when connecting to a virtual machine, including shared clipboard and device redirection.
•
Reset Check Boxes. When you click the Reset button here, all check boxes are cleared that when checked, hide pages and messages. Question: You want all virtual machines that you create on Hyper-V host to be stored in the same folder. Which Hyper-V setting should you configure: Virtual Hard Disks, or Virtual Machines?
Demonstration: Configuring Hyper-V Settings In this demonstration, you will see how to configure Hyper-V settings.
Demonstration Steps
MCT USE ONLY. STUDENT USE PROHIBITED
2-22 Installing and Configuring the Hyper-V Role
1.
On LON-HOST1, in Hyper-V Manager, start the New Virtual Hard Disk Wizard, and confirm default location for creating new virtual hard disks.
2.
In Hyper-V Manager, confirm that the same location is set as Virtual Hard Disk location Hyper-V Setting.
3.
Set the Virtual Hard Disk location Hyper-V Setting to C:\Users and confirm that this location is used as a default location when creating new virtual hard disks.
4.
In Windows PowerShell, use the Set-VMHost cmdlet with the VirtualHardDiskPath parameter to set virtual hard disk location to \\LON-HOST2\VHDs.
5.
Use Hyper-V Manager to confirm that it was set successfully.
6.
In Windows PowerShell, use the Set-VMHost cmdlet to disable NUMA Spanning, and set the maximum simultaneous storage migrations to 4.
7.
Use Hyper-V Manager to confirm the changes that you made in Windows PowerShell.
8.
Enable NUMA Spanning.
What Is NUMA? A computer with a single processor has a single bus for accessing memory, and that single processor can access all of a computer’s memory with the same latency. However, many modern computers have multiple processors with multiple cores. Each physical CPU uses its own bus for accessing physical memory.
NUMA is a computer architecture that multiprocessor systems use, in which the time required for a CPU to access memory depends on the memory’s location relative to the processor. Some memory regions are located and connected directly to one or more CPUs. All memory is accessible by all CPUs, but a CPU can access local memory (memory attached directly to the CPU) faster than it can access remote memory (memory that is local to another CPU in the system). This is why NUMA architecture divides memory and processors into groups, called NUMA nodes. For large, multiple CPU systems, using NUMA architecture can result in increased system performance. Modern operating systems and high-performance applications include optimizations that can recognize and consider using system NUMA topology when scheduling threads or allocating memory to increase system performance. To avoid remote access delays, a NUMA–aware application attempts to allocate storage and schedule threads to access data in the same NUMA node.
When a virtual machine starts, Hyper-V attempts to allocate all the memory for the virtual machine from a single NUMA node, if enough memory is available. If the single NUMA node does not have enough memory, Hyper-V also allocates memory from other NUMA nodes—this is known as NUMA spanning. At the Hyper-V host level, a single check box controls whether to allow NUMA spanning. If this setting is
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-23
enabled (which is the default configuration, and which means that NUMA spanning is allowed), virtual machines can span NUMA nodes and provide virtual machines with additional memory. However, when a virtual machine allocates memory from multiple NUMA nodes, there is a performance cost because CPU access to remote memory takes longer than when CPU accesses local memory in the same NUMA node.
Hyper-V in Windows Server 2012 and Windows Server 2012 R2 projects a virtualized NUMA topology to virtual machines. By default, this virtual NUMA topology is optimized to match the NUMA topology of the physical host. Projecting a virtual NUMA topology into a virtual machine enables optimal performance and workload scalability in large virtual machines by allowing the guest operating system and applications such as SQL Server to leverage their NUMA performance optimizations. You can configure virtual NUMA topology at a virtual machine level. You can specify the maximum amount of memory, maximum number of virtual processors, and the maximum number of virtual NUMA nodes. By default, these values are set to align with the physical NUMA topology. If you change the settings, you can restore the default virtual NUMA topology by clicking the Use Hardware Topology button. Hyper-V Virtual NUMA Overview http://go.microsoft.com/fwlink/?LinkID=386666 Question: Can you modify your server’s NUMA topology?
What Is Enhanced Session Mode? Hyper-V uses the Virtual Machine Connection tool to connect to virtual machines by using RDP. Prior to Windows Server 2012 R2, the Virtual Machine Connection tool provided only basic redirection of the virtual machine screen, keyboard, and a mouse, such as a Keyboard Video Mouse switch over IP. The tool also provided limited Copy and Paste functionality, which was limited to text and did not support any other content such as graphics or files.
With Windows Server 2012 R2, you still use the same method to connect to virtual machines, but Hyper-V also supports enhanced session mode. Enhanced session mode utilizes the Remote Desktop Services component in virtual machines, and establishes full Remote Desktop sessions over VMBus. This means that even if the virtual machine has no network connectivity (and there is network connectivity to the Hyper-V host on which virtual machine is running), you can connect to the virtual machine by using the Virtual Machine Connection tool using enhanced session mode. This means that you can redirect local resources (such as smart cards, printers, drives, USB devices or any other supported Plug and Play devices) to virtual machines. You also can use folder redirection, and use shared Clipboard for copying content to virtual machines. In addition, you can copy files into virtual machines by dragging and dropping them onto the virtual machine, even if the virtual machine does not have network connectivity. Enhanced session mode and full Remote Desktop are available even when virtual machines are running on Hyper-V on Server Core or Hyper-V Server 2012 R2.
You can configure enhanced session mode at following levels: •
MCT USE ONLY. STUDENT USE PROHIBITED
2-24 Installing and Configuring the Hyper-V Role
Server settings - Enhanced Session Mode Policy. This setting affects all virtual machines that are running on the Hyper-V host. If this setting is enabled, enhanced session mode connections to virtual machines on this Hyper-V host will be allowed.
Note: The default setting for the Allow enhanced session mode is set to Disabled on Hyper-V in Windows Server 2012 R2, and is set to Enabled on Windows 8.1. •
User settings - Enhanced Session Mode. This setting determines if the Virtual Machine Connection tool attempts to use enhanced session mode.
•
Guest operating system. Enhanced session mode is available only if you connect to virtual machines that are running Windows Server 2012 R2 or Windows 8.1. Remote Desktop Service must be running on the virtual machine, and the user account you will be using to sign in to the virtual machine must be a member of the Remote Desktop Users local group. Virtual Machine Connection - Enhanced Session Mode Overview http://go.microsoft.com/fwlink/?LinkID=386665 Question: Can you use enhanced session mode to connect to a Windows Server 2012 R2 virtual machine that is running on a Hyper-V host on Windows Server 2012?
What Are Resource Pools? Resource pools in Windows Server 2012 R2 provide a layer of abstraction between virtual machines and the underlying physical hardware on the Hyper-V host. You configure Hyper-V resource pools by using Windows PowerShell. You cannot create them in Hyper-V Manager. Resource pools are especially useful when used with virtual machine mobility—for example with Live Migration, when settings such as the location for storing virtual machine files and virtual switch names are different on different servers.
Resource pools provide a way to abstract those configurations, because the only requirement is that the resource pool configurations are the same on each Hyper-V host. For example, if you add virtual switches to a network pool named Pool1, virtual machines will be able to connect to new virtual switches automatically if they are configured to use Pool1. Resource pools allow administrators to configure the environment for virtual machine mobility. Resource pools also enable administrators to group virtual machine resources and then collect metrics on the pool for chargeback purposes. For example, the hosting company could configure resource pools for each customer, and then collect resource usage data.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-25
You implement resource pools in Hyper-V by resource type. There are different resource pool types such as Processor, Memory, Ethernet and virtual hard disk. By default, primordial pools are created automatically for each resource type when you install the Hyper-V role. Using the Windows PowerShell cmdlet Get-VMResourcePool, the default primordial pools display. You can also create new resource pools, for example by running following cmdlet: New-VMResourcePool -Name "Contoso Network" -ResourcePoolType Ethernet
Once you create the Network (Ethernet) and Storage (virtual hard disk) resource pools, the configuration settings that are available for the virtual machine display in Hyper-V Manager. Question: How can you configure a virtual machine to use a virtual hard drive from a specific resource pool?
Lesson 4
Hyper-V Host Storage and Networking You must properly configure storage and networking for a Hyper-V host, so that the virtualization platform and the virtual machines that are running on that platform can use the available resources at optimal performance. Features such as storage spaces, disk deduplication, and network teaming are Windows Server features that Hyper-V can utilize when they are available. For example, Hyper-V can store virtual machines on SMB 3.0 network shares, and disk deduplication in Windows Server 2012 R2 can minimize disk space used by running virtual machine in a VDI scenario.
Lesson Objectives After completing this lesson, you will be able to: •
Describe storage spaces.
•
Describe disk deduplication.
•
Describe Offloaded Data Transfer.
•
Describe SMB 3.0.
•
Explain how Hyper-V benefits from SMB 3.0.
•
Describe network teaming.
Overview of Storage Spaces Storage Spaces is a storage virtualization subsystem in Windows Server operating systems and Windows client operating systems. Storage Spaces is built on top of storage pools, which are a collection of physical disks. Physical disks can be of different sizes, and can be connected locally by using different bus types such as SATA, Serial Attached SCSI, external SCSI, SCSI, or USB. Remote storage such as NAS or SANs cannot be part of storage pools. Storage pools enables you to aggregate storage, expand capacity flexibly, and delegate administration. Storage Spaces is represented as virtual disks built on top of storage pools. Storage Spaces can have different levels of redundancy, can use all allocated space when created (fixed provisioning) or expand dynamically (thin provisioning), and can have automatic or controlled allocation on heterogeneous storage.
MCT USE ONLY. STUDENT USE PROHIBITED
2-26 Installing and Configuring the Hyper-V Role
You can use Storage Spaces to add physical disks of any type and size to a storage pool, and then create highly available virtual disks from the storage pool. The primary advantage of Storage Spaces is that you can manage multiple disks as one unit, instead of managing single disks. Storage Spaces includes the following features: •
Resilient storage. Storage Spaces support two resiliency modes: mirroring, and parity. You can configure layout and resiliency for each storage pool independently. You can also configure per-pool support for disks that are reserved for replacing failed disks (or hot spares).
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-27
•
Continuous availability. Storage Spaces is fully integrated with failover clustering, which provides continuous availability. You can cluster pools across multiple nodes within a single cluster. Storage Spaces can be created on individual nodes, and if failure occurs, the storage will fail over to a different node. Storage Spaces supports integration with CSVs, which enables scale-out access to data.
•
Optimal storage use. Storage Spaces supports thin provisioning to allocate space as needed. If data is deleted inside a virtual machine, Hyper-V supports automatic storage reclamation for deleted files.
•
Storage Tiering: In Windows Server 2012 R2, you can enable storage tiers on virtual disk, which enable automatic movement of the most frequently accessed files to faster SSD storage.
•
Multitenancy. Administration of storage pools is controlled through ACLs, and is delegated on a perpool basis. Each storage pool can be isolated, and access is integrated with AD DS. Storage Spaces Overview http://go.microsoft.com/fwlink/?LinkID=386672 Question: Can you include an iSCSI disk that is connected to your Hyper-V host, in Storage Spaces?
Overview of Disk Deduplication
When you store files on a file server, many files can contain blocks of the same data. This is also the case for virtual hard disks, especially when they have the same guest operating system installed. Data deduplication is a process that runs in the background after a file is saved. It analyzes the files, and finds and removes duplicated blocks without compromising file integrity. The goal of data deduplication is to store more data in less space by segmenting files into small variable-sized chunks (32–128 kilobytes (KB)), identifying duplicate chunks, and maintaining a single copy of each chunk. Duplicated copies of the chunks are then replaced by a reference to the single copy. The chunks are compressed, and then organized into special container files in the System Volume Information folder. Access to deduplicated files is the same as access to files that are not deduplicated. You can enable data deduplication in Server Manager, or by using Windows PowerShell. You enable data deduplication only for an entire volume. The volume must be formatted with NTFS file system, and must not be a system or boot volume. You can use data deduplication on shared storage, and failover clustering is fully supported. Windows Server 2012 R2 adds support for data deduplication on CSVs. Data deduplication can be effective for optimizing storage and reducing the disk space used for storing data. A virtualization library that stores virtual hard disks is a good example of how Data Deduplication reduces disk space usage. By using data deduplication, you can reduce the virtualization library size by 80 percent or more. Windows Server 2012 can dedupicate only files that are not constantly open, and because of this, virtual hard disks of running virtual machines cannot be deduplicated.
MCT USE ONLY. STUDENT USE PROHIBITED
2-28 Installing and Configuring the Hyper-V Role
Windows Server 2012 R2 improves deduplication performance and adds support for deduplication of open files. As a result, Windows Server 2012 R2 can deduplicate the virtual hard disks of the running virtual machines that you used for VDI, and that are stored on an SMB 3.0 network share. Deduplication of running virtual machines that are not part of VDI or that are not stored on a network share may work, but this scenario is not supported. Data Deduplication Overview http://go.microsoft.com/fwlink/?LinkID=386669 Question: You plan to enable data deduplication on a file server. How can you enable data deduplication, and what must you install first?
What Is Offloaded Data Transfer? When you use a traditional data copy model, the data for copying must first be read from the source storage (SAN), transferred over the network, and then written into the server memory. Next, the data must be transferred over the network again to the destination storage (SAN), and then written to the disk. This approach has several drawbacks, such as high utilization of server processor and memory, and transferring data to a server and then back to storage, even if data is copied inside the same SAN.
To avoid this inefficiency, Windows Server 2012 and newer versions support Windows Offloaded Data Transfer. Offloaded Data Transfer uses a tokenbased mechanism for reading and writing data within or between intelligent SANs. Instead of reading and writing the data through the server, a token is copied between the source and destination storage. The token serves as a point-in-time representation of the data, and the copy manager of the SAN performs the data movement according to the token. For example, when you copy a file or a virtual hard disk between storage locations on the same SAN or between the SANs, a token representing the virtual hard disk file is copied. The server does not need to copy the underlying virtual hard disk, because the storage (SAN) that supports Offloaded Data Transfer will copy the virtual hard disk file more effectively and without utilizing the server. You can use Offloaded Data Transfer to interact with the storage device to move large files or data through the high-speed storage network. Offloaded Data Transfer reduces client-server network traffic and CPU usage considerably during large data transfers, because all data movement is performed by the storage. If you want to use Offloaded Data Transfer, source and destination SANs must: •
Support Offloaded Data Transfer, must be connected by using iSCSI, Fibre Channel, Fibre Channel over Ethernet, or Serial Attached SCSI.
•
Must be managed by the same storage manager.
Hyper-V supports Offloaded Data Transfer, and when Offloaded Data Transfer also is supported by a storage array, performance improvements can be considerable. For example, if the creation of a 10-GB fixed-size virtual hard disk takes almost three minutes, the same operation takes less than a second when using Offloaded Data Transfer. In addition, when using Offloaded Data Transfer you can perform other related Hyper-V operations much faster, such as expanding virtual hard disks, merging virtual hard disks, or live storage migration.
Windows Offloaded Data Transfers Overview http://go.microsoft.com/fwlink/?LinkID=386670 Question: Can you use Offloaded Data Transfer when you copy a 10-GB file between file shares?
What Is SMB 3.0? SMB is a network file sharing protocol that Windows operating systems use on top of the TCP/IP protocol for accessing files on network shares. SMB has several backward-compatible versions, and Windows Server 2012 adds support for SMB 3.0. SMB 3.0 has several new and useful features, including the following features:
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-29
•
SMB Transparent Failover. This feature is available in a failover cluster with at least two nodes. It allows clients to access an SMB file share without interruption even if the SMB file server node to which the client is connected fails. A failover cluster preserves information on the server side, and allows the client to reconnect automatically to the same share on the remaining file server cluster node. This enables administrators to perform hardware or software maintenance on file server cluster nodes by moving file shares between nodes without client interruption.
•
SMB Scale Out. Administrators can use this feature to create file shares in failover clusters on CSVs that provide simultaneous access to files, with direct I/O, through all nodes in a file server cluster. This feature helps provide load-balancing of clients and better utilization of network bandwidth.
•
SMB Multichannel. This feature provides the ability to use multiple network interfaces for aggregation of network bandwidth and network fault tolerance, if multiple paths exist between the client and the server. Server applications can utilize aggregated network bandwidth, and are resilient in case of a network failure.
•
SMB Direct. This feature provides the ability to use network adapters that have Remote Direct Memory Access (RDMA) capability. Network adapters that have RDMA can function at full speed with very low latency by using minimal CPU resources.
•
SMB Encryption. This feature enables file encryption while files are transferred over the network, and without using public key infrastructure (PKI). You can configure SMB Encryption per share, or for the entire server.
•
VSS for SMB file shares. Volume Shadow Copy Service (VSS) is a framework that enables volume backups while applications continue to write to the volumes. The VSS provider for SMB file shares enables VSS–aware backup applications to perform application-consistent shadow copies of VSSaware server applications that are storing data on SMB 3.0 file shares. Prior to this feature, VSS only supported performing shadow copies of data stored on local volumes.
Note: Windows Server Backup in Windows Server 2012 does not support VSS for SMB file shares.
•
MCT USE ONLY. STUDENT USE PROHIBITED
2-30 Installing and Configuring the Hyper-V Role
SMB share management. If you prefer graphical tools, you can use Server Manager to create and configure file shares by using a simple set of wizards. However, when you need to manage a significant number of shares or automate the configuration, you should use Windows PowerShell. Windows PowerShell can also be help you to understand better the inner workings of SMB 3.0. For example, you can create a new file share by running the following Windows PowerShell cmdlet: New-SmbShare
You then can add required permissions by running the following Windows PowerShell cmdlet: Grant-SmbShareAccess
You can view other SMB–related cmdlets by running the following Windows PowerShell cmdlet: Get-Command -Module smbshare
Server Message Block overview http://go.microsoft.com/fwlink/?LinkID=386673 Updated links on Windows Server 2012 File Server and SMB 3.0 http://go.microsoft.com/fwlink/?LinkID=386658 Question: Is SMB 3.0 used when you access and copy files from a Windows Server 2008 R2 file server to a Windows Server 2012 R2 server?
Hyper-V Over SMB Prior to Windows Server 2012, Hyper-V could run virtual machines only if virtual hard disks of the virtual machine were stored locally or on a SAN. Hyper-V in Windows Server 2012 provides added support for storing virtual machine data files (such as configuration, virtual hard disks, and checkpoints), on network shares, which must be accessible over SMB 3.0 protocol or newer. When virtual machines are stored on an SMB share, the file server that provides the SMB share must not be the Hyper-V host that is storing virtual machine data files on that share. In such a case, you should configure the Hyper-V host to store virtual machine data files locally.
Because computer accounts are used for configuring file share permissions, the Hyper-V host and the file server that hosts the SMB share must be members of the same AD DS domain. If data files of the running virtual machine are stored on the SMB share, you can also configure data deduplication for the volume that is hosting the SMB share. This requires Windows Server 2012 R2, and is only supported if the virtual machine is part of a VDI implementation.
Storing virtual machine data files on an SMB 3.0 file share provides a similar level of reliability, availability, manageability, and performance, as when virtual machine data files are stored on a SAN storage. This means that you can also use an SMB share as shared storage for high availability scenarios. When accessing an SMB 3.0 file share, you can use features such as SMB Transparent Failover, SMB Scale Out, SMB Multichannel, SMB Direct, and SMB Encryption.
Some of the advantages of using file shares to store virtual machine data files include:
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-31
•
Easier provisioning and management. Instead of managing SANs and LUNs, you can create and configure file shares, with which all administrators are familiar.
•
Use existing infrastructure. You can use the existing file servers and networks. You do not have to add specialized storage hardware such as SANs, or networking such as Fibre Channel.
•
Use existing knowledge. All administrators are familiar with creating and configuring file shares. Deploy Hyper-V over SMB http://go.microsoft.com/fwlink/?LinkID=386674 Question: Can you store and run virtual machines on an SMB 3.0 share on a Windows Server 2012 R2 file server that is not a domain member?
Overview of NIC Teaming
You can use Windows Server 2012 R2 to configure multiple NICs in the same server into a team. This feature is known as NIC Teaming. NIC Teaming allows multiple network interfaces to work together as a team, and prevents connectivity loss if one of the network interfaces in a team fails. It also provides bandwidth aggregation for the network interfaces in a team. NIC Teaming is not a feature specific to Hyper-V, but Hyper-V can utilize NIC Teaming to provide faster and more reliable network connections for both the Hyper-V host and virtual machines. When you are using NIC Teaming in Windows Server 2012 R2, you can put network adapters from different vendors and supporting different network speeds in the same team. NIC Teaming in Windows Server 2012 is supported by Microsoft. When you put two or more physical network adapters into a NIC Team, this is then presented to the operating system as one or more virtual adapters—known also as team network adapters. Two basic sets of algorithms that distribute inbound and outbound traffic between the physical network adapters in the team are: •
Switch-independent modes. Algorithms do not require the switch to participate in NIC Teaming. Because the switch does not have the knowledge that the network adapter is part of a team, you can connect the team network adapters to different switches. However, this configuration is not required. These modes do not require any configuration of a switch, and they protect against switch failures.
•
Switch-dependent modes. Algorithms require the switch to participate in NIC Teaming. These algorithms require that all network adapters in a team are connected to the same switch, and that the switch is configured properly.
The NIC Teaming feature also works within a virtual machine. This allows a virtual machine to have virtual network adapters that are connected to more than one Hyper-V switch, and still have connectivity even if the network adapter under that switch becomes disconnected. You manage NIC Teaming in Server Manager using the NIC Teaming interface, or by using Windows PowerShell cmdlets. You can view the cmdlets for managing NIC Teaming by running Get-Command -Module NetLbfo.
NIC Teaming Overview http://go.microsoft.com/fwlink/?LinkID=386671 Question: Do you need to configure network switches if you want to use NIC Teaming in Windows Server 2012 R2?
MCT USE ONLY. STUDENT USE PROHIBITED
2-32 Installing and Configuring the Hyper-V Role
Lab: Installing and Configuring the Hyper-V Role Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-33
Based on the analysis of the current server environment, A. Datum Corporation has identified several servers that can be virtualized on Hyper-V. A. Datum is now ready to begin a pilot project to implement virtualization in one of their branch offices.
The first step in the implementation project is to deploy the Hyper-V hosts in the branch office. Technicians at the branch office have installed the hardware in the branch office, and have installed Windows Server 2012 R2 on the servers. You have already configured LON-HOST1 and you now need to install and configure Hyper-V on LON-HOST2.
Because all of the servers are located in a remote data center, you will use Windows 8.1 as an administrative workstation. To become familiar with the different options for managing the Hyper-V hosts, you will use both Server Manager and Windows PowerShell to manage the Hyper-V role remotely.
Objectives After completing this lab, you will be able to: •
Install the Hyper-V role.
•
Configure Hyper-V settings.
•
Access and manage Hyper-V remotely.
Lab Setup Estimated Time: 60 minutes
Virtual Machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-CL1, and 20409B-LON-CL2 User name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps: 1.
Sign in to the LON-HOSTx computer as Adatum\Administrator with the password of Pa$$w0rd.
2.
On LON-HOST1 start Hyper-V Manager.
3.
In Microsoft Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.
4.
In the Actions pane, click Connect. Wait until the virtual machine starts.
5.
Sign in by using the following credentials: o
User name: Adatum\Administrator
o
Password: Pa$$w0rd
Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines at the end of this lab. However, you can shut down all virtual machines after finishing this lab. You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.
Exercise 1: Installing the Hyper-V Role Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
2-34 Installing and Configuring the Hyper-V Role
In this exercise, you will install the Hyper-V role. You can install Window Server roles in several different ways, and in this exercise, you will install the Hyper-V role by using Server Manager and Windows PowerShell. You will also verify changes on the server after you have installed the Hyper-V role. The main tasks for this exercise are as follows: 1.
Write down your LON-HOST number.
2.
Verify that the LON-HOST2 computer does not have the Hyper-V role installed.
3.
Install the Hyper-V role by using Server Manager.
4.
Verify that the Hyper-V role was installed successfully.
Task 1: Write down your LON-HOST number Note: One of the students in a pair will be working on LON-HOST1, and the other student will be working on LON-HOST2. •
Write down your LON-HOST number on a piece of paper. If your LON-HOST number is 1, your partner’s number will be 2, and vice-versa.
Task 2: Verify that the LON-HOST2 computer does not have the Hyper-V role installed 1.
On LON-HOST2, in Server Manager, confirm that the Hyper-V role is not installed.
2.
In Windows PowerShell, use the Get-WindowsFeature cmdlet to confirm that neither Hyper-V nor Hyper-V Management Tools are installed.
3.
In Windows PowerShell, use the Get-Command –Module Hyper-V cmdlet to verify that the Hyper-V module is not installed.
4.
In Windows PowerShell, use bcdedit.exe to verify whether hypervisor is configured to start automatically.
5.
Use Windows Search to confirm that no program that has the word hyper in the name is installed.
6.
Confirm that there is no Applications and Services Logs node that starts with word Hyper-V in Event Viewer.
7.
In Performance Monitor, confirm that there is only one counter available that starts with the word Hyper-V, Hyper-V Dynamic Memory Integration Service.
8.
Confirm that there are no inbound Windows Firewall rules that start with the word Hyper-V.
9.
Confirm that six services display that start with the word Hyper-V, but that Hyper-V Virtual Machine Management service is not present among the services on LON-HOST2.
Task 3: Install the Hyper-V role by using Server Manager 1.
On LON-HOST2, use Server Manager to install the Hyper-V role with default options, and select the option to restart the server automatically if required.
2.
Wait until LON-HOST2 restarts, and then sign in with the user name Adatum\Administrator and the password Pa$$w0rd.
Task 4: Verify that the Hyper-V role was installed successfully
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-35
1.
On LON-HOST2, use Server Manager to confirm that the Hyper-V role is installed.
2.
In Windows PowerShell, use the Get-WindowsFeature cmdlet to confirm that both Hyper-V and Hyper-V Management Tools are installed.
3.
In Windows PowerShell, use the Get-Command –Module Hyper-V cmdlet to confirm that the Hyper-V module has been installed.
4.
In Windows PowerShell, use the bcdedit.exe command to verify that hypervisor is configured to start automatically.
5.
Confirm that the Hyper-V Manager and Hyper-V Virtual Machine Connection programs are installed.
6.
In Event Viewer, confirm that multiple Applications and Services Logs nodes that start with the word Hyper-V display.
7.
In Performance Monitor, confirm that multiple counters that start with the word Hyper-V are available.
8.
In Performance Monitor, confirm that multiple inbound Windows Firewall rules that start with the word Hyper-V display.
9.
In Performance Monitor, confirm that multiple services that start with the word Hyper-V display, including a service named Hyper-V Virtual Machine Management, which has a status of Running.
10. On LON-HOST2, run the following script: C:\Labfiles\Mod02-LON-HOST2.ps1 to prepare the environment. Note: This script will import three virtual machines: 20409B-LON-PROD2, 20409B-LONTEST2, and 20409B-LON-CL2. The script will ask for the drive letter on which the base images were extracted and the drive letter on which the course images were extracted. Theses drive letters will depend on the physical server configuration. If you are unsure about what are the drive letters, ask the instructor.
Results: After completing this exercise, you should have installed the Hyper-V role.
Exercise 2: Configuring Hyper-V Settings Scenario
Before using the virtualization infrastructure, you should be familiar with and configure Hyper-V Settings. In this exercise, you will use Hyper-V Manager and Windows PowerShell to review and configure some of the settings, such as a default virtual hard disk location, NUMA spanning, and enhanced session mode policy. The main tasks for this exercise are as follows: 1.
Create a network share for storing virtual machines.
2.
Configure a virtual hard disk location.
3.
Configure Hyper-V settings by using Windows PowerShell and Hyper-V Manager.
Task 1: Create a network share for storing virtual machines Note: Complete the following task on both LON-HOST1 and LON-HOST2.
MCT USE ONLY. STUDENT USE PROHIBITED
2-36 Installing and Configuring the Hyper-V Role
1.
On LON-HOSTx, use Server Manager to create a share by using the SMB Share – Applications share profile.
2.
Create a share on drive C. Name the share VHDs, and grant the Domain Users group Full Control permissions to the share.
Task 2: Configure a virtual hard disk location Note: Complete the following task on both LON-HOST1 and LON-HOST2. 1.
On LON-HOSTx, in Hyper-V Manager, start the New Virtual Hard Disk Wizard, and confirm the default location for creating new virtual hard disks.
2.
In Hyper-V Manager, confirm that the same location is set as the Virtual Hard Disk location Hyper-V Setting.
3.
In Hyper-V Manager, set the Virtual Hard Disk location Hyper-V Setting to C:\Users, and confirm that this location is the default location when creating new virtual hard disks using the New Virtual Hard Disk Wizard.
4.
In Windows PowerShell, use Set-VMHost cmdlet with the VirtualHardDiskPath parameter to set virtual hard disk location to \\LON-HOSTy\VHDs, where y is number of your partner’s host. For example, if you are using HOST1, then y represents 2, and if you are using HOST2, then y represents 1.
5.
Use Hyper-V Manager to confirm that the Virtual Hard Disk location Hyper-V Setting is successfully set to \\LON-HOSTy\VHDs.
Task 3: Configure Hyper-V settings by using Windows PowerShell and Hyper-V Manager Note: Complete the following task on both LON-HOST1 and LON-HOST2. 1.
2.
On LON-HOSTx, in Hyper-V Manager, confirm the following Hyper-V Settings: o
Virtual Machines: C:\ProgramData\Microsoft\Windows\Hyper-V
o
NUMA Spanning: Enabled
o
Storage Migration: 2
o
Enhanced Session Mode Policy: Disabled
In Windows PowerShell, use the Set-VMHost cmdlet with appropriate parameters to configure following settings: o
Virtual Machines: \\LON-HOSTy\VHDs (where y is number of your partner’s host)
o
NUMA Spanning: Disabled
o
Storage Migrations: 4
o
Enhanced Session Mode Policy: Enabled
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-37
3.
In Hyper-V Manager, confirm that all settings that you set by using Windows PowerShell are present.
4.
In Hyper-V Manager, modify the following Hyper-V Settings: o
NUMA Spanning: Enabled
o
Enhanced Session Mode Policy: Disabled
Results: After completing this exercise, you should have configured Hyper-V settings.
Exercise 3: Accessing and Managing Hyper-V Remotely Scenario
Administrators typically administer Hyper-V remotely. In this exercise, you will enable Hyper-V Manager and Hyper-V Module for Windows PowerShell on a Windows 8.1 workstation, and then manage the Hyper-V host remotely. The main tasks for this exercise are as follows: 1.
Turn on the Hyper-V Management Tools feature.
2.
Connect to the Hyper-V host and manage it remotely.
Task 1: Turn on the Hyper-V Management Tools feature Note: Complete the following task on both LON-HOST1 and LON-HOST2. 1.
On LON-HOSTx, use Hyper-V Manager to start and connect to 20409B-LON-CLx.
2.
Sign in to LON-CLx with the user name Adatum\Administrator and the password Pa$$w0rd.
3.
Use Search to confirm that no program with the word hyper in the name is installed on LON-CLx.
4.
In Windows PowerShell, use the cmdlet Get-Command with the Module parameter to confirm that the Hyper-V module is not installed.
5.
Use the Turn Windows Features on or off program to turn on the Hyper-V Management Tools feature.
6.
In Windows PowerShell, use the cmdlet Get-Command with the Module parameter to confirm that the Hyper-V module is now installed.
7.
Confirm that two programs containing word hyper are now installed: Hyper-V Manager, and Hyper-V Virtual Machine Connection.
Task 2: Connect to the Hyper-V host and manage it remotely Note: Complete the following task on both LON-HOST1 and LON-HOST2. 1.
On LON-CLx, start Hyper-V Manager, and connect it to LON-HOSTx.
2.
Review Hyper-V Settings for LON-HOSTx, and verify that the settings are configured as you configured them in the previous exercise: o
Virtual Hard Disks: HOSTy\VHDs
o
Virtual Machines: HOSTy\VHDs
o
NUMA Spanning: Enabled
o
Storage Migrations: 4
o
Enhanced Session Mode Policy: Disabled
3.
Open Windows PowerShell and review the Hyper-V configuration of LON-HOSTx by using the Get-VMHost cmdlet.
4.
Use the Get-VMHost cmdlet to set the Storage Migrations setting on LON-HOSTx to 3.
5.
Confirm the setting in Hyper-V Manager.
Note: Do not forget to Refresh the settings to view the updated settings in Hyper-V Manager.
Results: After completing this exercise, you should have accessed and managed Hyper-V remotely.
MCT USE ONLY. STUDENT USE PROHIBITED
2-38 Installing and Configuring the Hyper-V Role
Module Review and Takeaways Review Questions Question: You need to manage Hyper-V in Windows Server 2012 from a Windows 7 client computer. Will you be able to administer all Hyper-V features? Question: Can you virtualize a file server that is using a Fibre Channel SAN for storing shared folders? Question: You have a Windows 8.1 virtual machine that must be highly available. Can you use virtual machine-based failover clustering to make it highly available?
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
2-39
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED 3-1
Module 3
Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints Contents: Module Overview
3-1
Lesson 1: Creating and Configuring Virtual Hard Disks
3-3
Lesson 2: Creating and Configuring Virtual Machines
3-14
Lab A: Creating and Managing Virtual Hard Disks and Virtual Machines
3-24
Lesson 3: Installing and Importing Virtual Machines
3-30
Lesson 4: Managing Virtual Machine Checkpoints
3-37
Lesson 5: Monitoring Hyper-V
3-46
Lesson 6: Designing Virtual Machines for Server Roles and Services
3-53
Lab B: Creating and Managing Checkpoints and Monitoring Hyper-V
3-60
Module Review and Takeaways
3-66
Module Overview
After installing the Hyper-V role and configuring the server properties, you are ready to begin creating virtual machines and virtual hard disks. In this module, you will learn that Hyper-V in Windows Server 2012 supports two virtual disk file formats (.vhdx and .vhd) and three disk types (fixed-size, dynamically expanding, and differencing). You will learn about the differences between the various disk formats and disk types. You will also learn how to create these disks and configure a virtual machine to use disks that are directly attached.
You are probably familiar with the virtual machines that Windows Server 2012 R2 Hyper-V refers to as Generation 1 virtual machines. In Windows Server 2012 R2, you can also create Generation 2 virtual machines, which can have fewer types of virtual hardware, but conversely, provide advanced features such as Unified Extensible Firmware Interface (UEFI), Secure Boot, and boot from the small computer system interface (SCSI) device. Virtual Machine Connection is a Hyper-V management tool. In Windows Server 2012 R2, this tool has enhanced session mode, which provides a rich Remote Desktop experience when connecting to virtual machines that support it. You can also use this tool to copy and paste data between virtual machines, and to redirect devices such as those connected to it, including physical USB ports, to virtual machines.
In Windows Server 2012 R2, snapshots—a popular feature of previous releases—have been renamed checkpoints. A major improvement in Windows Server 2012 Hyper-V is that virtual machines can detect when a checkpoint was applied by using the Generation ID value. You should still use checkpoints carefully in a production environment unless they are supported explicitly. In this module, you will also learn about monitoring the Hyper-V environment by using performance monitoring and resource metering.
Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.
Objectives After completing this module, you will be able to: •
Create and configure virtual hard disks.
•
Create and configure virtual machines.
•
Install and import virtual machines.
•
Manage virtual machine checkpoints.
•
Monitor Hyper-V.
•
Design and manage virtual machines for server roles and services.
MCT USE ONLY. STUDENT USE PROHIBITED
3-2 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Lesson 1
Creating and Configuring Virtual Hard Disks
3-3
Just as physical computers store data on physical hard disks, virtual machines store data on virtual hard disks, which actually are files that reside on physical hard disks. There are different types of virtual hard disks available, and this lesson explains the differences between them. In the past, fixed-size disks provided considerably better performance than dynamically expanding disks. In Windows Server 2012, the performance difference between them is minimal. You also can configure virtual machines to use directly attached disks, but such disks do not support snapshots and are less suitable for migration because they are not encapsulated in a single file. Virtual hard disks can be in one of two formats: .vhd (legacy), and .vhdx (modern). Although virtual hard disks are just that, the modern Windows operating system also can access their content from physical computers.
Lesson Objectives After completing this lesson, you will be able to: •
Describe storage options for virtual machines.
•
Describe the Hyper-V virtual hard disk formats.
•
Explain the difference between fixed-size and dynamically expanding virtual hard disks.
•
Describe differencing virtual hard disks.
•
Create a virtual hard disk.
•
Describe directly attached disks.
•
Explain virtual hard disk sharing.
•
Explain Quality of Service (QoS) management.
•
Describe Hyper-V considerations for virtual hard disk storage.
•
Manage virtual hard disks.
What Are the Storage Options for Virtual Machines?
Virtual machines have different options for storing their data. Just as virtual machines are isolated when running on a Hyper-V host, you can also isolate their hard disks and encapsulate their content in a single virtual hard disk file with the .vhd or .vhdx extension. From inside the virtual machine, virtual hard disks are seen as physical disks, and virtual machines use them as if they were physical disks. You also can configure virtual machines to connect directly to a physical volume by configuring a directly attached disk. Directly attached disks are seen as offline by the Hyper-V host and are managed directly by the operating system within the virtual machine. Directly attached disks either can be a physical disk in the host, or a logical unit number (LUN) on a storage area network (SAN) device over Internet SCSI (iSCSI) or Fibre Channel.
MCT USE ONLY. STUDENT USE PROHIBITED
3-4 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
You can connect virtual machines to storage by using two different storage controller types—SCSI, and integrated device electronics (IDE). A virtual machine can access a disk either as a virtual Advanced Technology Attachment (ATA) device on a virtual IDE controller or as a virtual SCSI disk device on a virtual SCSI controller. Virtual storage controllers have the following characteristics: •
IDE controllers are available only in Generation 1 virtual machines. Each virtual machine has two IDE controllers and can have up to two devices (hard drives or DVD drives) attached to each controller.
•
An IDE controller is first emulated, which means that it is available when the virtual machine starts and later it is synthetic, which provides better performance.
•
While the virtual machine is running, you cannot add devices to or remove devices from an IDE controller.
•
A Generation 1 virtual machine can start only from an IDE controller.
•
SCSI controllers are available in all virtual machines. Generation 1 virtual machines can use a SCSI controller only as a data disk, whereas Generation 2 virtual machines start from the SCSI controller– attached disks or DVD drives.
•
A SCSI controller is synthetic, and you can add disks to or remove disks from a SCSI controller while a virtual machine is running. A virtual machine can have up to four SCSI controllers, and each SCSI controller supports up to 64 devices, which means that each virtual machine can have as many as 256 virtual SCSI disks.
•
SCSI controllers include support for Windows Offloaded Data Transfers, which is not available for disks that are attached to an IDE controller.
•
You can use different hard disk types, such as fixed-size, dynamically expanding, differencing, and attached physical disks, with both controller types.
•
A virtual machine uses storage controllers for accessing storage. The type of storage controller that the virtual machine uses does not have to be the same type that Hyper-V is using. For example, a Hyper-V host can have only physical SCSI storage, but you can configure virtual machines with IDE controllers, and use IDE-attached virtual hard disks, which are stored on the SCSI storage of the Hyper-V host.
Note: Although physical SCSI and IDE hard disk I/O performance can be significantly different, this is not the case for virtual SCSI and IDE hard disks. They both offer equally fast I/O performance.
You can store virtual machine virtual hard disks locally on Hyper-V host, on Server Message Block (SMB) 3.0 file shares, or on a SAN LUN. You can configure virtual machines to use directly attached disks over iSCSI or Fibre Channel protocol. Such directly attached disks are accessed directly and are not contained in a virtual hard disk file. In addition, you cannot use them for starting virtual machines. However, directly attached disks are important when configuring guest failover clustering because you can use them as a shared storage.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
The following table describes the various storage configuration options that are available to virtual machines. Locally stored IDE virtual hard disk
Locally stored SCSI virtual hard disk
Directly attached disk
3-5
Storage type
Direct-attached storage (DAS)
DAS
DAS – local SAN, Fibre Channel/iSCSI – remote
Exposed to a Hyper-V host as
Virtual hard disk on NTFS file system
Virtual hard disk on NTFS file system
Physical disk directly attached to a virtual machine
Maximum supported disk size
64 terabytes (TB)
64 TB
No size limit
Virtual hard disk checkpoints supported
Yes
Yes
No
Dynamically expanding virtual hard disk
Yes
Yes
No
Differencing virtual hard disk
Yes
Yes
No
Add or remove storage while virtual machine is running
No
Yes
No
Question: Is there any difference between connecting a virtual hard disk to a virtual machine by using an IDE virtual controller or a SCSI virtual controller?
Overview of the Hyper-V Virtual Hard Disk Formats Virtual machines can access physical hard disks directly (directly attached disks), can use virtual hard disk files, or can use both. A virtual hard disk can be either a single file or a hierarchy of files. Both present to the virtual machine as a whole hard drive. This means that from inside the virtual machine, you can partition virtual hard disks and format them with various file systems, such as NTFS, FAT, or Resilient File System. In addition, you can copy files or install an entire operating system on a virtual hard disk. Although a virtual hard disk is visible as a single file to the Hyper-V host, it encapsulates the content of an entire virtual machine hard disk.
MCT USE ONLY. STUDENT USE PROHIBITED
3-6 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
The virtual hard disk format specification is available publicly. Developers can use the specification to develop solutions to access virtual hard disk data and content, and they can use it to extend the virtual hard disk. The virtual hard disk format has evolved over time, and Hyper-V in Windows Server 2012 R2 supports two virtual hard disk formats: •
.vhd. This format supports virtual hard disks up to 2,040 gigabytes (GB) in size. This format has been available since Microsoft Virtual Server 2005 was released, which means that you can use the .vhd format with older Hyper-V hosts and with legacy Microsoft virtualization products.
•
.vhdx. This format supports virtual hard disks up to 64 TB in size. This format has been available since Windows Server 2012, and it is not compatible with older Hyper-V hosts. Experience with the .vhd format guided the .vhdx format improvements. The .vhdx format provides better data corruption protection and optimizes structural alignments on large sector physical disks.
When you compare the .vhd and .vhdx formats, the .vhdx format provides the following benefits: •
Support for larger virtual hard disk sizes, up to 64 TB.
•
Protection against data corruption by logging updates to the .vhdx metadata structures, which can be especially important during power failures.
•
The ability to store custom metadata about a file, such as which operating system is installed in .vhdx, or which patches are applied to it.
•
Improved alignment of the virtual hard disk format to work better with large sector disks.
•
Larger block sizes for dynamic and differential disks, which improves their performance.
•
4 kilobytes (KB) logical sector virtual disk, which increases performance when used by applications that are designed for 4 KB sectors.
•
Efficiency in data representation, which results in smaller file size so that underlying physical storage device can reclaim unused space (trim operation).
Note: You can convert .vhd files to the .vhdx format when you upgrade to Windows Server 2012 or Windows Server 2012 R2 because of the improvements of the .vhdx format. The only reason why you should not convert the files is when you still need to move a virtual disk to an older version of Hyper-V that does not support the .vhdx format.
When you create a new virtual hard disk on Windows Server 2012 R2, it selects the .vhdx format by default. Hyper-V also provides the capability to convert .vhd files to .vhdx, and .vhdx files to .vhd, as long as they are not larger than 2,040 GB. You can create new virtual hard disks from Windows PowerShell by using the New-VHD cmdlet. You can also convert virtual hard disks between .vhd and .vhdx formats by using the Convert-VHD cmdlet. Note: Virtual hard disks are not only usable with virtual machines. You can also access, mount, and use virtual hard disk content from physical host computers. You can use them even without Hyper-V virtualization. From Windows Server 2012 R2 or Windows 8.1, you can rightclick the virtual hard disk file, mount it, and then perform operations on it just like any other hard drive. In older Windows versions, you cannot mount virtual hard disk files by using Windows Explorer (File Explorer in Windows 8 and Windows 8.1), but you can use Disk Management or Diskpart tools instead. You can also use native boot from a virtual hard disk, where a physical computer starts from a .vhd or .vhdx file.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Additional information about virtual hard disk formats http://go.microsoft.com/fwlink/?LinkID=386686 Virtual hard disk architecture http://go.microsoft.com/fwlink/?LinkID=386678 Question: On a Windows 8 computer, how can you view and access the content of a virtual hard disk that is in .vhdx format?
Fixed-Size and Dynamically Expanding Virtual Hard Disks You can create three types of virtual hard disks: fixed-size, dynamically expanding, and differencing. After you create a virtual hard disk, you can edit it and change its format. Some of the features of the fixed-size and dynamically expanding virtual hard disk formats are as follows:
3-7
•
Fixed size. When you create a fixed-size virtual hard disk, Hyper-V allocates space for the entire virtual hard disk. For example, if you create a 100-GB fixed-size virtual hard disk, Hyper-V will create a 100-GB file even when it does not include any data. Creating large fixed-size virtual hard disks can take significant time when physical storage does not support Windows Offloaded Data Transfers because Hyper-V has to create the file to the entire specified size and fill its content with zero values. Because Hyper-V allocates all of the storage space when it creates the virtual hard disk, the size of a fixed-size virtual hard disk does not change. This minimizes fragmentation and space on a fixed-size disk, which is as contiguous as possible when it is created. You cannot create fixed-size virtual hard disks that require more space than is available on the physical storage—you cannot overcommit your physical storage. Fixed-size virtual hard disks are larger than dynamically expanding virtual hard disks, and as such, moving them can be more time-consuming. Traditionally, fixed-size virtual hard disks offered better performance than dynamically expanding virtual hard disks (and are almost identical to directly attached disk). However, since Windows Server 2012, this performance difference is minimal.
•
Dynamically expanding. When you create a dynamically expanding virtual hard disk, Hyper-V creates a small file on the Hyper-V host. That file then grows as you write data to the virtual hard disk until it reaches its fully allocated size. The size of the dynamically expanding disk only grows. It does not shrink even if you delete data. For example, if you create a 100-GB dynamically expanding virtual hard disk, Hyper-V will create a file that will be only a few megabytes (MB) in size. When you write into that virtual hard disk file, it will grow; however, when you delete information from the virtual hard disk it will not shrink. When you start using the dynamically expanding virtual hard disk, for example, by formatting partitions and installing an operating system onto it, it will start growing until it reaches its maximum size of 100 GB. Hyper-V creates the dynamically expanding virtual hard disk much faster because it does not allocate all the space at once. However, when you add data to the virtual hard disk, it might fragment in the same way that any file would on your volume. You can create dynamically expanding virtual hard disks that would require more space on the storage subsystem than is currently available—you can overcommit storage. Dynamically expanding virtual hard disks are smaller than other virtual hard disk types until reaching their maximum size.
MCT USE ONLY. STUDENT USE PROHIBITED
3-8 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
Historically, dynamically expanding virtual hard disks had inferior performance as compared with fixed-size disks. However, in Windows Server 2012, this performance difference is minimal. Companies typically use dynamically expanding virtual hard disks in test and development environments. However, with live storage migration, the smaller size of dynamically expanding disks also is attractive. When you create a new .vhd virtual hard disk in Windows Server 2012 R2, the New Virtual Hard Disk Wizard selects fixed-size by default. If you create a .vhdx virtual hard disk, the New Virtual Hard Disk Wizard selects the dynamically expanding type by default. After Hyper-V creates a dynamically expanding virtual hard disk, you can convert it to fixed-size, and vice versa. Note: The fixed-size type virtual disk is a better choice when you are using the .vhd format because it offers better resiliency and performance compared with the other virtual hard disk types. When using the .vhdx format, it is beneficial to use the dynamically expanding type. In addition to space savings, it offers resiliency. The fixed-size type is also a good choice for both virtual disk formats when the storage on the Hyper-V host is not actively monitored. Performance Tuning Guidelines for Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=386680 Question: Do you benefit from Windows Offloaded Data Transfers when you are creating a dynamically expanding virtual hard disk?
Differencing Virtual Hard Disks A differencing virtual hard disk always links to another virtual hard disk in a parent/child relationship. It cannot exist on its own. The parent virtual hard disk can be fixed-size or dynamically expanding, but as soon as it becomes a base disk for a differencing disk, it cannot be written to, so it will neither grow not contract. The differencing virtual hard disk is always dynamically expanding. You can also chain differencing virtual hard disks, as long as all base disks are not written to. In this scenario, one differencing virtual hard disk is using another differencing virtual hard disk as a base (parent) disk.
The differencing virtual hard disk stores changes for the parent disk and provides a way to isolate changes without altering the parent disk. When you use a differencing virtual hard disk, you can access all the data from the parent disk, and changes you make are written only to the differencing virtual hard disk, not to the parent disk. In other words, reads for modified data are served from the differencing virtual hard disk, and reads of all other data are served from the parent virtual hard disk. Metadata is used in both cases to determine from where data should be read, which results in differencing virtual hard disks having slower performance than fixed-size or dynamically expanding virtual hard disks. Differencing virtual hard disks must use the same format as the parent disks—either .vhd or .vhdx.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Note: While differencing virtual hard disks do have their place in production environments, especially with Virtual Desktop Infrastructure (VDI) pooled desktops, they should be used sparingly and only after careful planning in other scenarios.
3-9
The differencing virtual hard disk expands dynamically because data that is intended for the parent disk is written to the differencing virtual hard disk. The base/differencing relationship is based on the integrity of the base disk. Therefore, you should not write to the parent disk because any change made to the parent disk will invalidate all differencing virtual hard disks that are linked to that parent. Note: A differencing disk references a parent disk and stores the changes. Therefore, you should avoid making any changes to a parent disk. As a best practice, you should configure a parent disk as read-only. Be aware that a Merge operation changes the parent disk and invalidates any other differencing disks that use that parent disk.
You cannot specify a size for a differencing virtual hard disk. Differencing virtual hard disks can grow as large as the parent’s disk size limit. However, unlike dynamically expanding disks, you cannot compact differencing virtual hard disks directly. You can compact a differencing virtual hard disk only after it merges with its parent disk.
Differencing virtual hard disks can be beneficial in some scenarios. For example, you could use a virtual hard disk that has a clean installation of the Windows Server 2012 R2 operating system as a parent, and then use a new differencing virtual hard disk as the virtual machine hard disk. You could even create multiple differencing virtual hard disks for multiple virtual machines that would use the same Windows Server 2012 R2 virtual disk as their parent disk. Note: Differencing virtual hard disks can be useful in a testing or training environment. Question: Can Hyper-V allocate more storage space to a differencing virtual hard disk than to the parent disk to which it links?
Demonstration: Creating a Virtual Hard Disk In this demonstration, you will see how to create a virtual hard disk.
Demonstration Steps 1.
2.
Use Hyper-V Manager to create a new virtual hard disk with following settings: o
Format: VHDX
o
Type: Dynamically expanding
o
Name: Dynamic.vhdx
o
Size: 100 GB
Use Hyper-V Manager to create a new virtual hard disk with following settings: o
Format: VHD
o
Type: Differencing
o
Name: Differencing.vhd
o
Parent: E:\Program Files\Microsoft Learning\base\Base14A-WS12R2.vhd
3.
4.
In Windows PowerShell, use the cmdlet New-VHD to create a new virtual hard disk with the following settings: o
Path: C:\Shares\VHDs\Fixed.vhdx
o
Size: 1 GB
o
Type: Fixed size
MCT USE ONLY. STUDENT USE PROHIBITED
3-10 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
On LON-HOST1, in File Explorer, browse to C:\Shares\VHDx, and then confirm that Fixed.vhdx allocates 1 GB disk space, while both Dynamic.vhdx and Differencing.vhd are allocated less disk space.
Directly Attached Disks
Virtual machines can use virtual hard disk files or physical disks that are directly attached to a virtual machine as their hard drives. Directly attached physical disks enable virtual machines to bypass the Hyper-V host and access storage directly, without first configuring the volume on the Hyper-V host. The directly attached disk can be an internal Hyper-V host physical disk. It can also be a SAN LUN that is mapped to the Hyper-V host or is mapped directly by the operating system that is running on the virtual machine. The virtual machine must have exclusive access to the directly attached disk, which means that the disk must be set in an offline state. The directly attached disk is not limited in size, and it can be larger than the virtual hard disk size limit. Note: LUN is a logical reference to a portion of a SAN.
Features of Directly Attached Disks Some of the main features of directly attached disks are: •
When a virtual machine is using a directly attached disk, there is no associated virtual hard disk involved because the virtual machine is accessing a physical disk.
•
Directly attached disks provide superior performance, similar to physical disks, because there is no overhead involved. On Windows Server 2012 and newer versions, fixed-size virtual hard disks provide similar performance. Dynamically expanding virtual hard disks have only slightly lower performance.
•
If a virtual machine will access a directly attached disk on a SAN, you do not need to mount the LUN on a Hyper-V host by using iSCSI or Fibre Channel.
•
Accessing directly attached disks requires lower CPU utilization because it does not involve any overhead on the Hyper-V host.
•
Directly attached disks have no size limitation, and they can be larger than 64 TB.
•
You cannot use differencing virtual hard disks with directly attached disks.
•
Checkpoints are not available on directly attached disks.
•
The physical disk must be set to offline state on the Hyper-V host before you can configure it as a directly attached disk for a virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-11
•
You cannot expand directly attached disks dynamically unless such functionality is provided in the SAN.
•
The Hyper-V Volume Shadow Copy Service (VSS) writer cannot back up directly attached disks, and you cannot use Windows Server Backup in the parent partition to back up such disks. In such a case, you should use the backup program that is installed on the virtual machine.
Note: You cannot use Live Migration to move virtual machines between Hyper-V hosts that are not in the same failover cluster if the virtual machines are using directly attached disks.
If you want to configure a virtual machine to use an internal Hyper-V host physical disk or a LUN that is connected to a Hyper-V host as a directly attached disk, you can access it over a virtual IDE or SCSI controller. You can do so by modifying the virtual machine hard disk settings to use a physical disk instead of a virtual hard disk. If you want to use a SAN directly from inside a virtual machine, you should either configure an iSCSI initiator in the virtual machine or add a virtual Fibre Channel adapter to the virtual machine, depending on how you will access the SAN. Virtual Hard Disk Performance http://go.microsoft.com/fwlink/?LinkID=386681 Question: Can you view a directly attached disk that a virtual machine is using from the Disk Management tool that is running on the Hyper-V host on which the virtual machine is running?
Virtual Hard Disk Sharing Prior to Hyper-V in Windows Server 2012 R2, virtual machines used virtual hard disks exclusively. This means that while one virtual machine was using a virtual hard disk, no other virtual machine could use the same virtual disk. With Windows Server 2012 R2, you can share virtual hard disks between multiple virtual machines. This can be especially useful when configuring failover clustering in virtual machines. Prior to Windows Server 2012 R2, you could use only iSCSI or Fibre Channel SAN for shared storage. In Hyper-V in Windows Server 2012 R2, you can use shared virtual hard disks for the same purpose.
You can enable virtual hard disk sharing only for .vhdx files that are connected to a virtual SCSI controller. You cannot use virtual hard disk sharing for .vhd files that are connected to a virtual IDE controller. You can store the shared .vhdx file only on a failover cluster. This can be a Cluster Shared Volume (CSV) on block storage, which includes clustered storage spaces, or a scale-out file server with SMB 3.0 on filebased storage. You cannot enable virtual hard disk sharing if these prerequisites are not met. For example, if the .vhdx file is connected to a virtual SCSI controller but is stored locally or on a SMB 3.0 share. Virtual Hard Disk Sharing Overview http://go.microsoft.com/fwlink/?LinkID=386688 Question: When would you use shared virtual hard disks?
Quality of Service Management In older versions of Hyper-V, it was not possible to limit I/O operations per second (IOPS) per virtual machine. If a virtual machine had an application that was storage-intensive with a large number of read and write operations to the storage, the virtual machine could monopolize the Hyper-V host, and other virtual machines could have slower access to storage. In Windows Server 2012 R2, Hyper-V includes an option to configure QoS parameters when virtual machines are accessing the storage, so that you can provide enough IOPS to each virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
3-12 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
You can configure storage QoS for each virtual hard disk. By specifying the maximum IOPS value on the advanced features of the virtual hard disk, you can balance and throttle the storage I/O between virtual machines and prevent a virtual machine from consuming excessive storage I/O operations, which could affect other virtual machines. You can also configure the minimum IOPS value and receive a notification when the IOPS for that virtual hard disk is below the configured value. In addition, the virtual machine metrics infrastructure is updated with storage-related parameters so that you can monitor the performance and chargeback for used resources. Note: Virtual disk maximum IOPS settings are specified in terms of normalized IOPS. IOPS are measured in 8 KB increments. Note: Storage QoS is not available if you are using shared virtual hard disks. Storage Quality of Service for Hyper-V http://go.microsoft.com/fwlink/?LinkID=386689
Hyper-V Considerations for Virtual Hard Disk Storage When working with virtual machines, virtual hard disks require by far the largest amount of storage space. In addition, virtual hard disks should have the highest possible access speed and throughput, and you should store them on redundant, highly available storage. The main Hyper-V considerations for virtual hard disks are as follows: •
Virtual hard disks encapsulate the content of the entire virtual machine hard disk. They can be very large, and their size increases through time if they are dynamically expanding or differencing. You should ensure that there is enough space for the virtual hard disks on the storage and implement monitoring to increase available space when needed.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-13
•
Virtual machines that are running on the same Hyper-V host are in competition for disk I/O. To improve performance, you should have as many of the fastest physical disks as possible.
•
Windows Server 2012 includes storage spaces so that you can create redundant storage for virtual hard disks.
•
If available, you should use solid-state drives (SSDs) for best possible performance. They do not have moving parts, and they provide fast access speed and high throughput.
•
Windows Server 2012 R2 introduces tiered storage, which you can use to combine classical spindle base disks and SSDs in the same storage. Tiered storage significantly increases access speed and throughput.
•
You can store the virtual hard disks of running virtual machines on an SMB 3.0 share. Windows Server 2012 introduced this capability, and it provides a similar level of availability and performance as storing virtual hard disks on a SAN. When accessing an SMB 3.0 file share, you can use features such as SMB transparent failover, SMB scale-out, SMB multichannel, and SMB direct.
•
You can use SAN for storing virtual hard disks. SAN provides several benefits, such as high performance and high availability, and the possibility to expand LUNs dynamically if you need additional storage.
•
Antivirus software should exclude Hyper-V-specific files, including virtual hard disks (.vhd and .vhdx). Question: For storing virtual machines, what are the benefits of SAN compared to local storage?
Demonstration: Managing Virtual Hard Disks In this demonstration, you will see how to manage virtual hard disks.
Demonstration Steps 1.
On LON-HOST1, use the Edit Virtual Hard Disk Wizard to expand Fixed.vhdx to 2 GB.
2.
Use the Edit Virtual Hard Disk Wizard to expand Dynamic.vhdx to 200 GB.
3.
On LON-CL1, use Disk Management to confirm that Disk 1 and Disk 2 have expanded, and now have 2 GB and 200 GB of unallocated space.
Lesson 2
Creating and Configuring Virtual Machines
MCT USE ONLY. STUDENT USE PROHIBITED
3-14 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
Hyper-V is the infrastructure that you use for running virtual machines. You can create virtual machines in several different ways. This lesson explains how you can create virtual machines by using Hyper-V Manager and Windows PowerShell. This lesson also explores hardware components of the virtual machine and explains the differences between Generation 1 and Generation 2 virtual machines. You will also learn about Integration Services, which provides support for synthetic devices, in addition to any communication required between the parent and the guest operating system, such as heartbeat and time sync. A SCSI controller and a virtual Fibre Channel adapter are examples of synthetic devices. Virtual machines use synthetic devices to access storage directly on Fibre Channel SANs.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the components of a Generation 1 virtual machine.
•
Describe Generation 2 virtual machines.
•
Create virtual machines.
•
Describe the configuration of virtual machine settings.
•
Describe dynamic memory.
•
Describe smart paging.
•
Describe Integration Services.
•
Configure Integration Services.
•
Describe the use of virtual Fibre Channel adapters.
What Are the Components of a Generation 1 Virtual Machine? A virtual machine represents a physical computer in a virtualization environment. Virtual computers have components that are similar to physical computers. However, virtual computers can only use components that are part of Hyper-V virtualization. A virtual machine cannot use components that you can attach to the physical Hyper-V host unless they are properly configured to do so. Virtual hardware is either emulated, synthetic, or in rare cases, such as with single-root I/O virtualization (SR-IOV) network adapters, directly mapped to virtual machines. Hyper-V can present devices to a virtual machine in the following two ways: •
Hyper-V presents an emulated device to the virtual machine as if it is actual hardware, although such a physical component does not exist in the Hyper-V host. Emulated devices present standard and well-known functionalities that are universal to all devices of that type. This means that almost any operating system supports them. Emulated devices are available when the virtual machine starts, and
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-15
the virtual machine can start from them. These emulated devices include IDE controllers or legacy network devices. However, because these devices are emulated, they do not perform as well and present additional overhead for the Hyper-V host. •
Hyper-V does not present synthetic components to the virtual machine as actual hardware. It presents them to the operating system on the virtual machine as a functionality that the device driver can use. When an operating system has support for that functionality, it can pass the communication with it through virtual machine bus (VMBus). Operating systems must support VMBus, and device drivers for that functionality must be loaded for the virtual machine to be able to use synthetic components. This is why synthetic components are not available during startup, and why you cannot start a Generation 1 virtual machine from a SCSI controller.
Until Windows Server 2012 R2, you could create only one type of virtual machine—Generation 1. A Generation 1 virtual machine contains the components in the following table. Component
Description
BIOS
Specifies startup order of the boot devices.
Memory
Configures the amount of memory assigned to the virtual machine, the dynamic range of memory that can be used, and memory weight. When the virtual machine is running, that memory allocates exclusively and cannot be used by other virtual machines or by the Hyper-V host.
Processor
Configures the number of processors that are available to the virtual machine, the resource control, the processor compatibility settings, and the non-uniform memory access (NUMA) settings.
IDE controller
Connects IDE virtual disks and DVD to the virtual machine. Generation 1 virtual machines have two IDE controllers. Devices that connect to IDE controllers can be used to start the virtual machine.
SCSI controller
Connects SCSI virtual disks to the virtual machine. SCSI controllers are synthetic, which means that a Generation 1 virtual machine cannot start from a virtual disk that is connected to it.
Network adapter
Connects a virtual machine with the virtual switch. A network adapter is synthetic, which means that Generation 1 virtual machines cannot use it for Pre-Boot Execution Environment (PXE) startup.
Legacy network adapter
Connects the virtual machine with the virtual switch. A legacy network adapter is emulated, which means that it is available during startup, and Generation 1 virtual machines can use it for PXE.
Fibre Channel adapter
Accesses Fibre Channel–based storage directly from the virtual machine. This is a synthetic device, which means that it is not available during startup.
RemoteFX 3D video adapter
Enables a rich graphic experience in virtual machines.
COM port
Configures the virtual COM port to communicate with the physical server through a named pipe.
Diskette drive
Connects virtual floppy disks to the virtual machine.
In addition to virtual hardware components, you can also configure virtual machine management components such as Integration Services, checkpoint file location, smart paging file location, automatic start action, and automatic stop action.
Overview of Generation 2 Virtual Machines Virtual machines work the same way that physical computers do. Most operating systems and applications that run in virtual machines will not be aware that they are virtualized. By using emulated hardware, operating systems that are not virtualization-aware can still run in virtual machines. In machines that are run enlightened operating systems, Integration Services allow the virtual machines to access synthetic devices, and thus, perform better. With the broad adoption of virtualization, many modern operating systems now include Integration Services.
MCT USE ONLY. STUDENT USE PROHIBITED
3-16 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
Windows Server 2012 R2 changes all of this. It still fully supports the existing type of virtual machines by naming them Generation 1 virtual machines, but it also provides support for the new type of virtual machines, called Generation 2 virtual machines. Generation 2 is built on the assumption that operating systems are virtualization-aware. Generation 2 removes all the legacy and emulated virtual hardware devices and uses only synthetic devices. BIOS-based firmware is replaced by advanced UEFI firmware, which supports Secure Boot. Virtual machines start from a SCSI controller or by using PXE from a network adapter. All the legacy and emulated devices are removed from Generation 2 virtual machines, and the remaining virtual devices use VMBus to communicate with parent partitions.
Generation 1 and Generation 2 virtual machines have similar performance, except during startup and when installing operating system. In these instances, Generation 2 is considerably faster. You can run Generation 1 and Generation 2 virtual machines side-by-side on the same Hyper-V host. You select virtual machine generation when you create a new virtual machine and you cannot change it later. Generation 1 virtual machines will still be in use for a long time because you can install almost any operating system on such virtual machines. Generation 2 virtual machines currently support only Windows Server 2012, Windows 8 (64-bit), and newer 64-bit Windows operating systems. Generation 2 Virtual Machine Overview http://go.microsoft.com/fwlink/?LinkID=386690 Question: Can you convert a Generation 1 Windows Server 2012 R2 virtual machine to a Generation 2 virtual machine?
Demonstration: Creating Virtual Machines In this demonstration, you will see how to create a virtual machine.
Demonstration Steps 1.
On LON-HOST1, use Hyper-V Manager to create a new virtual machine with the following settings: o
Name: LON-VM2
o
Generation: Generation 2
o
Startup Memory: 1024 MB
o
Use Dynamic Memory: Enabled
2.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-17
Use the Windows PowerShell cmdlet New-VM to create a new virtual machine with the following settings: o
Name: LON-VM1
o
Generation: Generation 1
o
Startup Memory: 1 GB
o
Boot Device: IDE
3.
Use the cmdlet Add-VMHardDiskDrive to add the C:\Shares\VHDs\Differencing.vhd disk to the IDE Controller of LON-VM1.
4.
On LON-HOST1, use Hyper-V Manager to confirm that there are three types of hardware listed in the Add Hardware section in the details pane for LON-VM2. Confirm also that no BIOS, IDE Controllers, COM ports or Diskette Drive are listed, but that Firmware is listed.
5.
Use Hyper-V Manager to confirm that you can add five hardware types to LON-VM1. Confirm also that BIOS, IDE Controllers, COM ports and a Diskette Drive display, but no Firmware displays.
Configuring Virtual Machine Settings
When you create a virtual machine by using the New Virtual Machine Wizard or the Windows PowerShell New-VM cmdlet, you can configure only a limited number of options. For example, you cannot adjust dynamic memory settings, add more than one virtual hard disk to the virtual machine, or configure the virtual machine with a directly attached or differencing disk. However, after you create the virtual machine, you have many more options that you can configure. You can configure most of the virtual machine settings and modifications to hardware configuration only when the virtual machine is turned off (not paused or in saved state). However, you can configure options such as the virtual switch to which network adapter is connected, or add a virtual hard disk to the SCSI controller while the virtual machine is running. Configuration options also depend slightly on the virtual machine generation because some virtual hardware is available only for Generation 1 virtual machines. You can enable safe boot for Generation 2 virtual machines, whereas Generation 1 does not have such an option. You can configure virtual machine settings in Hyper-V Manager or by using Windows PowerShell. In Hyper-V Manager, you right-click the virtual machine, click Settings, and then modify properties of the hardware component that you want to configure. In Windows PowerShell, you can use several different cmdlets to configure a virtual machine, depending on whether you want to configure virtual machine settings (Set-VM), add virtual hardware components (Add-VMHardDiskDrive, Add-VMNetworkAdapter) or modify existing hardware component settings (Set-VMHardDiskDrive, Set-VMNetworkAdapter).
MCT USE ONLY. STUDENT USE PROHIBITED
3-18 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
As part of the virtual machine settings, you can also configure management settings. In the Management section, you can configure the components that are listed in the following table. Component
Description
Name
Specify the name of the virtual machine and add comments about it.
Integration Services
Enable services that the Hyper-V host will offer to the virtual machine. To use any of the services, Integration Services must be installed and supported on the virtual machine operating system.
Checkpoint File Location
Specify the folder in which checkpoint files for the virtual machine will be stored. You can modify this location until the first checkpoint is created.
Smart Paging File Location
Specify the folder in which the Smart Paging file for the virtual machine will be created, if necessary.
Automatic Start Action
Specify whether to start the virtual machine automatically after the Hyper-V host restarts, and how long after Hyper-V is running to start them.
Automatic Stop Action
Specify the state in which to place the virtual machine once the Hyper-V host shuts down.
Question: Can you modify virtual machine memory settings while the virtual machine is running?
What Is Dynamic Memory?
Physical computers have a static amount of memory, which does not change until you shut down the computer and add additional physical RAM. The experience with virtual machines is the same when you do not configure them to use dynamic memory. Virtual machines are assigned the same amount of memory while they are running. However, with Hyper-V, you can configure virtual machines to use dynamic memory, which enables more efficient use of the available physical memory. If you enable dynamic memory, the memory is treated as a shared resource, which can be reallocated automatically between running virtual machines. Dynamic memory adjusts the amount of memory that is available to a virtual machine based on memory demand, available memory on the Hyper-V host, and the virtual machine memory configuration. This can make it possible to run more virtual machines simultaneously on the Hyper-V host. This can be especially beneficial in environments that have many idle or low-load virtual machines, such as pooled VDI environments.
You can configure virtual machine memory usage on the Memory Settings page for each virtual machine. On this page, you can configure the following settings: •
Startup RAM. Use this setting to configure the amount of memory that will be available to the virtual machine at startup time. If dynamic memory is not enabled, the virtual machine will use this memory all the time while it is running (static memory).
•
•
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-19
Enable Dynamic Memory. Use this setting to configure the virtual machine to use dynamic memory by enabling this option. If you enable this setting, the following three options become available: o
Minimum RAM. Use this option to set the minimum amount of memory that the virtual machine can use while it is running. The virtual machine cannot use less than this amount. You can decrease this value while the virtual machine is running.
o
Maximum RAM. Use this option to set the maximum amount of memory that a virtual machine can use while it is running. The virtual machine cannot use more than this amount of memory. You can increase this value while the virtual machine is running.
o
Memory buffer. Use this option to specify the percentage of memory that Hyper-V should reserve as a buffer. Hyper-V uses the percentage and the current memory demand to determine an amount of memory for the buffer.
Memory weight. Use this option to specify how to prioritize the memory availability for the virtual machine compared to other virtual machines that are running on the same Hyper-V host.
As with most other virtual machine settings, you cannot modify virtual machine memory settings while the virtual machine is running. If you enable dynamic memory, however, you can decrease virtual machine minimum RAM settings and increase maximum RAM while the virtual machine is running.
When enabled, dynamic memory results in more efficient use of the physical memory and enables more virtual machines to run simultaneously. For example, consider a Hyper-V host with 8 GB of available physical RAM, and four virtual machines created for the Finance, Engineering, Sales, and Services departments. Each virtual machine has dynamic memory enabled and is configured with 1 GB of startup RAM, 512 MB of minimal RAM, and 4 GB maximum RAM. In this scenario, when you start three virtual machines, they will each be allocated 1 GB of RAM, which presents 37.5 percent utilization of the Hyper-V host’s physical RAM. After a few minutes, the operating systems on all virtual machines will be running. In the Finance and Engineering departments, running virtual machine applications require more RAM, and memory utilization will increase to 3 GB and 2 GB, and the Sales virtual machine will still use 1 GB of memory. All three virtual machines will be using 6 GB of memory total, which is 75 percent of the Hyper-V host’s physical RAM. After another 15 minutes, the Finance virtual machine load lessens and no longer needs as much memory. Dynamic memory will automatically decrease the memory that is assigned to the Finance virtual machine to 2 GB. The Sales virtual machine, which is inactive for a long time, has a decrease to 512 MB RAM. The Engineering virtual machine, which becomes even more active, has more dynamic memory assigned to it. It now uses 4 GB of RAM, which is the maximum amount of configured RAM allowed. Now that you have enough available resources, you can also start the fourth virtual machine for the Services department. This results in Hyper-V using 7.5 GB of RAM, which is near its limit, and is 94 percent RAM utilization of the Hyper-V host. Hyper-V Dynamic Memory Overview http://go.microsoft.com/fwlink/?LinkID=386694 Question: How does dynamic memory enable you to run more virtual machines on the same amount of physical RAM?
What Is Smart Paging?
MCT USE ONLY. STUDENT USE PROHIBITED
3-20 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
When you enable dynamic memory for a virtual machine, minimum RAM setting can be less than the startup RAM assigned to a virtual machine. This is because operating systems typically need more memory during startup than when they are running with high idle. Startup and minimum RAM settings allow the Hyper-V host to reclaim memory that the virtual machine no longer needs. However, if the Hyper-V host is low on memory, it can also result in insufficient available memory (startup RAM), when the virtual machine is restarted. In such a case, Hyper-V needs additional memory to restart the virtual machine. It uses smart paging to bridge the memory gap between minimum and startup memory.
Smart Paging
Smart paging is a memory management technique. It pages memory to the physical disk as additional, temporary memory when more memory is required to restart a virtual machine. This approach provides a reliable way to keep virtual machines running when there is not enough available physical memory. However, it degrades virtual machine performance because disk access is much slower than memory access. The default location for the smart paging file is configurable per virtual machine.
To minimize the performance impact of smart paging, Hyper-V uses it only when it is absolutely needed, and if all of the following three conditions are met: •
The virtual machine is restarted.
•
There is not enough available physical memory on the Hyper-V host.
•
Memory cannot be reclaimed from other virtual machines on the Hyper-V host.
Smart paging is not used in any other situation, including the following three situations: •
The virtual machine is being started from an Off state.
•
You want to configure the virtual machine with more memory than is physically available.
•
The virtual machine is moved over or failed over from another Hyper-V cluster node.
Guest Paging
Hyper-V relies on guest paging (operating system paging inside the virtual machine) because it is more effective than smart paging. With guest paging, the memory manager performs the paging operation inside virtual machines. The memory manager has more information about memory usage within a virtual machine than does the Hyper-V host. This means that the memory manager can provide Hyper-V with better information to use when it is choosing the memory to be paged. Because of this, internal guest paging incurs less overhead to the system compared with smart paging. To reduce the impact of smart paging further, Hyper-V removes memory from the virtual machine after it completes the restart process. It accomplishes this by coordinating with dynamic memory components inside the virtual machine so that the virtual machine stops using smart paging. This process is also called ballooning. The use of smart paging is temporary and is not longer than 10 minutes.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-21
To continue the example from the previous topic, if you assume that the Finance and Engineering virtual machines use all 8 GB of available physical memory on the Hyper-V host, you can restart the other two virtual machines only when using smart paging. However, you can only restart them if they are already running. If they are off already, and if there are not enough resources to start them, you will get an error when you try to start the virtual machines. Question: Does Hyper-V use smart paging if a virtual machine is configured with the same amount of startup and minimum RAM?
Overview of Integration Services When an operating system is not virtualization-aware, it behaves the same on a virtual machine as it does on a physical computer that does not have proper device drivers for some hardware. It can still use emulated virtual devices, but not synthetic virtual devices. It also is unable to use features that are available only on virtual machines, such as time synchronization with the Hyper-V host, or releasing the mouse when the cursor reaches the edge of the virtual machine window.
By default, newer operating systems that are virtualization-aware already include support for synthetic devices, VMBus, and other virtualization-specific features. If the operating system is supported by Hyper-V but it does not include virtualization support, then you should install Hyper-V Integration Services on the virtual machine with that operating system. If the operating system includes Integration Services, but Hyper-V provides newer version of Integration Services, you should install them into operating system on the virtual machine. Integration Services provide better interoperability with the Hyper-V environment and support for VMBus, synthetic devices, and other virtualization-specific features. Hyper-V Integration Services that are available in virtual machines are: •
Hyper-V Guest Shutdown Service. If you want to shut down a virtual machine without interacting directly with the operating system on the virtual machine, the Hyper-V Guest Shutdown Service provides a virtual machine shutdown function. Hyper-V initiates the shutdown request by using a Windows Management Instrumentation call.
•
Hyper-V Time Synchronization Service. This service synchronizes the time on the virtual machine with the time on the Hyper-V host.
•
Hyper-V Data Exchange Service. This service provides a method to set, delete, enumerate, and exchange specific registry key values between the virtual machine and the Hyper-V host.
•
Hyper-V Heartbeat Service. The Hyper-V host uses this service to verify if an operating system that is running on a virtual machine is responding to requests.
•
Hyper-V Volume Shadow Copy Requestor. When operating systems on virtual machines support VSS, the Hyper-V Volume Shadow Copy Requestor service allows the Hyper-V host to request the synchronization and backup of a running virtual machine.
•
Hyper-V Remote Desktop Virtualization Service. This service enables the Remote Desktop Virtualization Host to communicate with and manage virtual machines that are part of a VDI collection.
•
MCT USE ONLY. STUDENT USE PROHIBITED
3-22 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
Hyper-V Guest Service Interface. This is a new integration service in Hyper-V in Windows Server 2012 R2. It enables enhanced session mode communication with virtual machines, including device redirection, shared Clipboard, and drag-and-drop functionality between the Hyper-V host and virtual machines.
In virtual machine settings, on the Integration Services page, you can control which Integration Services will be offered to a virtual machine. To use Integration Services, you must install it and ensure that the operating system that is running on the virtual machine supports it. When you have installed Integration Services on the virtual machine, you can see the services among other services on the virtual machine. By default, all Integration Services except Hyper-V Guest Service Interface are enabled for the virtual machines that you create in Hyper-V in Windows Server 2012 R2. You can find out which version of Integration Services is installed on a virtual machine by running the following cmdlet: Get-VM | Get-VMIntegrationService | ft VMName,PrimaryStatusDescription,OperationStatus
Note: Integration Services are available for Windows operating systems and supported Linux operating systems. The current release of Integration Services for Linux adds support for dynamic memory and for backing up a Linux virtual machine while it is running, in the same manner as Windows-based virtual machines. Question: Do you need to install Integration Services on a virtual machine if the operating system on the virtual machine already includes it and is aware that it is running in a virtualized environment?
Demonstration: Configuring Integration Services In this demonstration, you will see how to configure Integration Services.
Demonstration Steps 1.
On LON-CL1, use a command prompt to make note of the local time, and then reset it to 11:00.
2.
On LON-CL1, verify the local time again, and then confirm that it was set back automatically to its previous value.
3.
On LON-HOST1, use Hyper-V Manager, to disable Time synchronization Integration Service for 20409B-LON-CL1.
4.
On LON-CL1, use a command prompt to set the local time to 11:00.
5.
Confirm that the local time is now a few second after 11:00, as the time in virtual machine is no longer synchronizing with the Hyper-V host.
6.
Use Device Manager to confirm that virtual machine is using the Microsoft Hyper-V Video adapter and several System devices with Hyper-V in their name, including Microsoft Hyper-V Dynamic Memory. All those of these virtual devices are provided as part of Integration Services.
Using a Virtual Fibre Channel Adapter The virtual Fibre Channel adapter in Hyper-V provides an operating system on a virtual machine with direct access to a Fibre Channel SAN by using a standard World Wide Name (WWN), which is associated with each adapter. This enables you to virtualize servers that require access to the Fibre Channel SAN, for example, as shared storage in guest failover cluster scenarios.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-23
Before using a virtual Fibre Channel adapter, you must create virtual SANs on the Hyper-V host. You can connect a Hyper-V host to multiple Fibre Channel SANs through multiple Fibre Channel ports. A virtual SAN defines a named group of physical Fibre Channel ports that are connected to the same physical SAN. For example, a Hyper-V host can connect through two physical Fibre Channel ports to a production SAN and a test SAN. You could configure two virtual SANs: one named Production SAN with two physical Fibre Channel ports connected to the production SAN, and one named Test SAN, which has two physical Fibre Channel ports connected to the test SAN. You can then use the same approach to name two separate paths to a single storage target. Virtual machines can have up to four virtual Fibre Channel adapters, and you can associate each with a different virtual SAN. Each virtual Fibre Channel adapter connects with one or two WWN addresses. Two WWN addresses are required for highly available virtual machines, and to maintain Fibre Channel connectivity during live migration. You can set a WWN address automatically or manually. If you want to use a virtual Fibre Channel adapter, your environment must meet the following requirements: •
The Hyper-V host must have one or more physical Fibre Channel host bus adapters (HBAs), which support N_Port ID Virtualization.
•
Virtual machines must have Windows Server 2008 or a newer Windows Server operating system installed to be able to use a virtual Fibre Channel adapter. Windows client operating systems do not support the virtual Fibre Channel adapter.
•
A virtual Fibre Channel adapter is a synthetic adapter. Virtual machines can use a Fibre Channel SAN for storing data, but storage that is accessed through a virtual Fibre Channel adapter cannot be used as boot media.
When a virtual machine has virtual Fibre Channel adapters, consider the following limitations: •
You cannot create checkpoints of the volumes that are stored on a Fibre Channel SAN.
•
Backups that are created on the Hyper-V host-by using the Hyper-V VSS provider do not include SAN data. If you want to create a backup of the data on a Fibre Channel SAN, you should use a backup program or a backup agent that is on the virtual machine.
•
Hyper-V cannot perform live migration of data that is stored on a Fibre Channel SAN. Hyper-V Virtual Fibre Channel Overview http://go.microsoft.com/fwlink/?LinkID=386691 Question: You have a Hyper-V host that has a Fibre Channel host bus adapter (HBA) and access to a Fibre Channel SAN. Can you add a virtual Fibre Channel adapter to a virtual machine that has Windows 8.1 installed and is on that Hyper-V host?
Lab A: Creating and Managing Virtual Hard Disks and Virtual Machines Scenario A. Datum Corporation is continuing with its pilot virtualization project. You have deployed the virtualization hosts by installing Hyper-V on Windows Server 2012 R2 in one of the subsidiaries. The next step is to deploy virtual machines on these hosts. Because the virtualization platform is new to A. Datum, you need to spend some time familiarizing yourself with the Hyper-V features and components. To do this, you decide to deploy and evaluate different hard disk types and virtual machine configurations.
Objectives After completing this lab, you will be able to: •
Create and manage virtual hard disks.
•
Create and manage virtual machines.
Lab Setup Estimated Time: 70 minutes Virtual machines: 20409B-LON-HOSTx, 20409B-LON-CLx, 20409B-LON-DC1, 20409B-LON-SS1 User name: Adatum\Administrator Password: Pa$$w0rd
MCT USE ONLY. STUDENT USE PROHIBITED
3-24 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps: 1.
Sign in to the LON-HOSTx computer as Adatum\Administrator with the password of Pa$$w0rd.
2.
On LON-HOST1, start Hyper-V Manager.
3.
In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.
4.
In the Actions pane, click Connect. Wait until the virtual machine starts.
5.
Sign in by using the following credentials: o
User name: Adatum\Administrator
o
Password: Pa$$w0rd
6.
Repeat steps 3 and 4 for 20409B-LON-SS1.
7.
Repeat steps 3 through 5 for 20409B-LON-CLx. The letter x is 1 for the first student in the team, and 2 for the second student in the team.
Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines. You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.
Exercise 1: Creating and Managing Virtual Hard Disks Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-25
In this exercise, you will create different types of virtual hard disks. You will use Hyper-V Manager and Windows PowerShell to create the virtual hard disks and to explore the differences between them. You will confirm that differencing virtual hard disks can already have some content when created, while a fixed-size disk allocates its full size on the storage when created. You will also confirm that the differencing virtual hard disk expands when you add data to it. You will add virtual disks to the virtual machine and expand them while the virtual machine is running. You will also see how you can add a directly attached disk to the virtual machine. The main tasks for this exercise are as follows: 1.
Create virtual hard disks.
2.
Explore different virtual hard disk types.
3.
Manage virtual hard disks.
4.
Add a directly attached disk.
Task 1: Create virtual hard disks 1.
On LON-HOSTx, use the Set-VMHost cmdlet to set the virtual hard disk path to C:\Shares\VHDs, and to set the virtual machine path to C:\Shares.
2.
Use the New Virtual Hard Disk Wizard in Hyper-V Manager to confirm that the default disk type for VHD hard disk is Fixed size, and that the maximum size is 2,040 GB.
3.
Use Hyper-V Manager to create a new virtual hard disk with the following settings:
4.
o
Format: VHDX
o
Type: Dynamically expanding
o
Name: Dynamic.vhdx
o
Size: 100 GB
Use Hyper-V Manager to create a new virtual hard disk with the following settings: o
Format: VHD
o
Type: Differencing
o
Name: Differencing.vhd
o
Parent: E:\Program Files\Microsoft Learning\base\Base14A-WS12R2.vhd
Note: The actual drive letter on which base images are stored can be different and, it depends on the physical server configuration. Drive E is used in the instructions, but you should use the drive on which base images are stored in your environment. 5.
In Windows PowerShell, use the New-VHD cmdlet to create a new virtual hard disk with the following settings: o
Path: C:\Shares\VHDs\Fixed.vhdx
o
Size: 1 GB
o
Type: Fixed size
Task 2: Explore different virtual hard disk types
MCT USE ONLY. STUDENT USE PROHIBITED
3-26 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
1.
On LON-HOSTx, in File Explorer, browse to C:\Shares\VHDx, and then confirm that Fixed.vhdx allocates 1 GB disk space, while Dynamic.vhdx and Differencing.vhd allocates much less disk space.
2.
Use Hyper-V Manager to add Fixed.vhdx as a SCSI disk to LON-CLx.
3.
Use the Windows PowerShell Add-VMHardDiskDrive cmdlet twice to add both Dynamic.vhdx and Differencing.vhd as SCSI disks to 20409B-LON-CLx.
4.
On LON-CLx, use Disk Management to confirm the following: o
The computer now has multiple disks.
o
The last three disks have 1023 MB (1 GB), 100 GB, and 127 GB.
o
The last disk has two partitions, which are assigned letters E: and F:.
o
The first two disks have only unallocated space.
Note: Those are fixed, dynamically expanding, and differencing virtual hard disks that you added in this task. 5.
Create a Simple Volume with default values on Disk 1.
6.
Create a Simple Volume with default values on Disk 2.
7.
Use File Explorer to confirm that there are multiple folders on volume F:.
8.
Copy folder C:\Windows\Inf to volumes F:, G:, and H:.
9.
On LON-HOSTx, in File Explorer, browse to C:\Shares\VHDx, and then confirm that Fixed.vhdx still allocates 1 GB of disk space, while the size of Dynamic.vhdx and Differencing.vhd has increased. This is because you copied content to them, but they are still allocating less space than Fixed.vhdx.
Task 3: Manage virtual hard disks 1.
On LON-HOSTx, use the Edit Virtual Hard Disk Wizard to expand Fixed.vhdx to 2 GB.
2.
Use the Edit Virtual Hard Disk Wizard to expand Dynamic.vhdx to 200 GB.
3.
On LON-CLx, use Disk Management to confirm that Disk 1 and Disk 2 have expanded and now have 1 GB and 100 GB of unallocated space. Note that Hyper-V expanded the virtual hard disks while the virtual machine was running.
4.
On LON-HOSTx, use the Windows PowerShell cmdlet Remove-VMHardDiskDrive twice to remove SCSI disks on locations 0 and 1 from 20409B-LON-CLx.
5.
Use the Edit Virtual Hard Disk Wizard to convert Dynamic.vhdx to VHD format, and then save it as C:\Shares\VHDs\Converted.vhd.
6.
On LON-HOSTx, use File Explorer to confirm that Converted.vhd is created, and that that size of Fixed.vhdx is now 2 GB.
Task 4: Add a directly attached disk 1.
On LON-HOSTx, use the iSCSI Initiator to connect to the target with Lab3 in the name, on the iSCSI target with IP address 172.16.0.14.
2.
Use Disk Management to confirm that the disk is added to LON-HOSTx, and that it has a status of Offline. Make note of its size.
Note: Two disks are added on LON-HOST1. One disk is added on LON-HOST2.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-27
3.
In the Settings for LON-CLx virtual machine, modify the settings of the SCSI Hard Disk to use Physical hard disk.
4.
On LON-CLx, use Disk Management to confirm that Disk 1 displays that it has the same size as the disk that was added to LON-HOSTx, and that it is not initialized. This is directly attached disk that was added to LON-CLx.
5.
Create Simple Volume with default values on Disk 1.
6.
On LON-HOSTx, use the Windows PowerShell cmdlet Remove-VMHardDiskDrive to remove the SCSI virtual hard disks from 20409B-LON-CLx.
7.
On LON-CLx, use Disk Management to confirm that Disk 1 no longer displays.
8.
On LON-HOSTx, use the iSCSI Initiator to disconnect the existing iSCSI target.
Results: After completing this exercise, you should have created and managed virtual hard disks.
Exercise 2: Creating and Managing Virtual Machines Scenario
You were asked to create and demonstrate the differences between Generation 1 and Generation 2 virtual machines. You first will create the virtual machines by using different administrative tools, and then you will review this configuration and modify it. You will also explore how to enable dynamic memory and how virtual machines use it. You will also see how to configure storage for QoS. In the last task, you will configure Integration Services for virtual machines and explore how the time synchronization service works. The main tasks for this exercise are as follows: 1.
Create virtual machines.
2.
Manage virtual machines.
3.
Work with dynamic memory.
4.
Work with storage Quality of Service management.
5.
Configure Integration Services.
Task 1: Create virtual machines 1.
On LON-HOSTx, use Hyper-V Manager to create a new virtual machine with the following settings: o
Name: LON-VM2
o
Generation: Generation 2
o
Startup Memory: 1024 MB
o
Use Dynamic Memory: Enabled
2.
3.
Use the Windows PowerShell cmdlet New-VM to create a new virtual machine with the following settings: o
Name: LON-VM1
o
Generation: Generation 1
o
Startup Memory: 1 GB
o
Boot Device: IDE
Use the Windows PowerShell cmdlet Add-VMHardDiskDrive to add the C:\Shares\VHDs\Differencing.vhd disk to the IDE Controller of LON-VM1.
Task 2: Manage virtual machines
MCT USE ONLY. STUDENT USE PROHIBITED
3-28 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
1.
On LON-HOSTx, use Hyper-V Manager to confirm that three types of hardware display in the Add Hardware section in the details pane for LON-VM2. Confirm also that no BIOS, IDE Controllers, COM ports and Diskette Drive display, but Firmware does displays.
2.
Set Hard Drive as the first boot device for LON-VM2.
3.
For LON-VM1, use Hyper-V Manager to confirm that you can add five hardware types to LON-VM1. Confirm also that BIOS, IDE Controllers, COM ports, and Diskette Drive display, but Firmware does not display.
4.
Confirm that you can change Startup order, but you cannot set Secure Boot for LON-VM1. Also, confirm that LON-VM1 is not configured to use Dynamic Memory, and it has a single Network Adapter.
5.
Use the Windows PowerShell cmdlet Set-VM to enable dynamic memory for LON-VM1.
6.
Use the Windows PowerShell cmdlet Add-VMNetworkAdapter to add a network adapter to LON-VM1.
7.
Use Hyper-V Manager to confirm that LON-VM1 is using Dynamic Memory, and that LON-VM1 has two Network Adapters.
Task 3: Work with dynamic memory 1.
Use Hyper-V Manager to confirm that LON-CLx is configured to use Dynamic Memory.
2.
In Hyper-V Manager, make note of the currently Assigned Memory for the LON-CLx virtual machine.
3.
On LON-CLx, run the following two commands: C:\LabFiles\Mod03 .\TestLimit64.exe –d 400 –c 1
4.
On LON-HOSTx, use Hyper-V Manager to confirm that LON-CLx is using more memory.
5.
Wait a few minutes, and then verify that the Assigned Memory for LON-CLx has decreased.
Task 4: Work with storage Quality of Service management 1.
On LON-CLx, run the following command: C:\LabFiles\Mod03\sqlio.exe
2.
After the test completes, make note of the IOs/sec result.
3.
On LON-HOSTx, use Hyper-V Manager to select Enable Quality of Service management, type 100 as Minimum and 200 as Maximum for Hard Drive under IDE Controller 0.
4.
On LON-CLx, run the following command again: C:\LabFiles\Mod03\sqlio.exe
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-29
5.
After the test completes, verify the IOs/sec result, and then confirm that it is close to 200, which is the limit you set and that it is considerably lower than the first result.
6.
On LON-HOSTx, in Windows PowerShell, use the cmdlet Set-VMHardDiskDrive to disable Quality of Service management for IDE Hard Disk on 20409B-LON-CLx.
Task 5: Configure Integration Services 1.
On LON-CLx, open the Services console, and then confirm that Hyper-V Time Synchronization Service is running.
2.
On LON-CLx, verify the local time, and set it to 11:00.
3.
On LON-CLx, verify the local time again, and then confirm that it was set back automatically to its previous value, as Integration Services automatically synchronizes the time on LON-CLx with the time on LON-HOSTx.
4.
On LON-HOSTx, use Hyper-V Manager to disable the Time synchronization Integration Service for LON-CLx.
5.
On LON-CLx, confirm that Hyper-V Time Synchronization Service is not running.
6.
On LON-CLx, set the local time to 11:00. Confirm that the local time is now a few seconds after 11:00, as time on the virtual machine is no longer synchronizing with the Hyper-V host.
7.
Use Device Manager to confirm that the virtual machine is using the Microsoft Hyper-V Video adapter, and several System devices with Hyper-V in their name, including Microsoft Hyper-V Dynamic Memory. All of these virtual devices are provided as part of Integration Services.
8.
On LON-HOSTx, use the Windows PowerShell cmdlet Enable-VMIntegrationService to enable time synchronization for 20409B-LON-CLx.
9.
On LON-CLx, confirm that the time on the virtual machine is synchronized once again with the time on LON-HOSTx.
Results: After completing this exercise, you should have created and managed virtual machines.
Lesson 3
Installing and Importing Virtual Machines
MCT USE ONLY. STUDENT USE PROHIBITED
3-30 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
When you need to install an operating system on a virtual machine, you have more options than when you install an operating system on a physical computer. In both cases, you can use network installation or installation media such as a CD, DVD, or .iso image. However, with virtual machines, you also have the options of importing a virtual machine by using a differencing virtual hard disk and then pointing it to a virtual hard disk with a preinstalled operating system, or by migrating an existing physical computer. In this lesson, you will learn about the different methods of installing an operating system on a virtual machine. You will learn about Virtual Machine Connection and how to customize it. This lesson also describes enhanced session mode and explains its benefits.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the various methods of installing a virtual machine.
•
Describe the process of importing virtual machines.
•
Import a virtual machine.
•
Describe the process of virtualizing a physical computer.
•
Describe the Virtual Machine Connection application.
•
Describe enhanced session mode.
•
Use enhanced session mode.
Virtual Machine Installation Methods After you create and configure a virtual machine, you can install an operating system on it. On a Generation 1 virtual machine, you can install any operating system that does not have specific hardware requirements, including non-Microsoft operating systems. The operating system might not be virtualization-aware. However, on a Generation 2 virtual machine, you can only install Windows Server 2012, 64-bit Windows 8, and newer 64-bit Windows operating systems.
Installing an operating system on a virtual machine is not much different from installing an operating system on a physical computer. However, you can benefit from some virtualization features that are not available with physical computers, such as differencing virtual hard disks. When installing an operating system on a virtual machine, you have the following options: •
Install an operating system from a bootable CD or DVD. A virtual machine can start from physical CD or DVD media that is attached to the Hyper-V host. You should be aware that only one virtual machine can use the physical drive at a time on the Hyper-V host. To use this option, insert the installation media in the Hyper-V host drive, and then start the virtual machine. If you have already
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-31
created the virtual machine, you first will need to capture the physical CD/DVD drive. The virtual machine will start from the physical media, and installation will progress as it would on a physical computer. •
Install an operating system from an .iso file. Installing a virtual machine from an .iso file is very similar to the previous method, the only difference being that it uses an .iso image instead of physical media. The benefit of this method is that multiple virtual machines can use the same .iso image simultaneously.
•
Install an operating system from a network-based installation server. If you have Windows Deployment Services (DS) on the network, you can use this option to install the operating system on the virtual machines. A Generation 1 virtual machine can start from the network by using PXE only if you configured it with a legacy network adapter, whereas a Generation 2 virtual machine has no such limitations. When the virtual machine starts from the network adapter, the installation procedure is the same as on a physical computer, where you typically have to press the F12 key to connect to Windows DS.
•
Copy a virtual hard disk file. If you have a virtual machine that already has an operating system, you can copy its virtual hard disk file, and then use the copied disk file for the new virtual machine. This process is similar to cloning physical computers, and you should generalize the virtual hard disk before copying it by running the Sysprep command to avoid duplicate name and security identifier (SID).
•
Use differencing virtual hard disks. If you have a virtual hard disk with an installed operating system, you can use it as a parent for a differencing virtual hard disk, and then configure the virtual machine to use the differencing virtual hard disk. You should first generalize the parent disk. Keep in mind that you should not modify a parent virtual hard disk after you have connected child differencing virtual hard disks to it. Question: Can you install an operating system on a virtual machine by using a USB flash drive?
Importing Virtual Machines Prior to Hyper-V in Windows Server 2012, if you wanted to move a virtual machine between Hyper-V hosts, you first had to export the virtual machine, copy the exported files to the target Hyper-V host, and then import the virtual machine. If the Hyper-V hosts were configured differently, for example, if they were not configured with the virtual switch with the same name, then the imported virtual machine potentially would not start, or it would not have network connectivity.
In Hyper-V in Windows Server 2012, the same export and import process still works, but the import process has been enhanced considerably, and the export process is no longer required. You can simply copy virtual machine data files between Hyper-V hosts and then run the Import Virtual Machine Wizard at the destination Hyper-V host to import virtual machines. The Import Virtual Machine Wizard detects and fixes more than 40 types of incompatibilities between Hyper-V hosts. It prompts you to provide missing information, such as the location of a parent virtual hard disk or virtual switch to which the virtual machine should be connected, when the appropriate
virtual switch is not available at the destination Hyper-V host. When importing a virtual machine, the Import Virtual Machine Wizard performs the following steps:
MCT USE ONLY. STUDENT USE PROHIBITED
3-32 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
1.
Creates a copy of the virtual machine configuration file as a precaution for an unexpected reboot, for example, because of a power outage.
2.
Validates hardware and compares the information in the virtual machine configuration file with the physical hardware on the target Hyper-V host. For example, consider a scenario in which the source Hyper-V host has 16 processors, and the virtual machine is configured to use all of them. However, the destination Hyper-V host has only eight processors. The wizard will detect such issues.
3.
Compiles a list of incompatibilities. The list identifies which virtual machine settings you should reconfigure to import the virtual machine successfully. For example, if a virtual machine is using a virtual switch that is not available on the target Hyper-V host, you should connect the virtual machine to a different virtual switch. The incompatibilities determine which pages appear next in the wizard.
4.
Displays the relevant pages, one category at a time. The wizard identifies incompatibilities and asks you for the new configuration so that virtual machine settings are compatible with the target Hyper-V host.
5.
Removes the copy of the configuration file. After the wizard finishes running, the virtual machine is imported, and you can start it.
When you are importing virtual machines from previous Hyper-V versions, you should consider the following limitations: •
You cannot start an imported virtual machine from a saved state if it was created on Hyper-V prior to Windows Server 2012 or on a different CPU architecture.
•
You cannot start an imported virtual machine from a checkpoint if it was created while the virtual machine was running on Hyper-V prior to Windows Server 2012 or on a different CPU architecture.
After the virtual machine import completes, you should update Integration Services on the virtual machine. Simplified Import Overview http://go.microsoft.com/fwlink/?LinkID=386692 Question: Can you import a virtual machine that is configured with 16 processors to a Hyper-V host that has two quad core CPUs?
Demonstration: Importing a Virtual Machine In this demonstration, you will see how to import a virtual machine.
Demonstration Steps 1.
2.
On LON-HOST1, use Hyper-V Manager to import a virtual machine by using the following settings: o
Virtual Machine in Folder: C:\VirtualMachines\LON-EXPORT\
o
Number of virtual processors: 1
o
Connect to Network: External Network
You will receive an error message because the parent virtual hard disk was not found.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-33
3.
In Hyper-V Manager, use the Edit Virtual Hard Disk Wizard to link the C:\VirtualMachines \LON-EXPORT\Virtual Hard Disks\LON-EXPORT.vhd virtual hard disk to the following parent disk: E:\Program Files\Microsoft Learning\Base\Base14A-WS12R2.vhd. Note that this path might differ based on the host machine.
4.
Use Hyper-V Manager to import the LON-EXPORT virtual machine again.
Virtualizing a Physical Computer When you create a new virtual machine in Hyper-V Manager, it contains an empty virtual hard disk by default. However, sometimes you need to create a virtual machine that already has an installed operating system, or you need to convert a physical computer to a virtual machine. To create a new virtual machine with an installed operating system, you can use one of the following options: •
Create a virtual machine and perform the operating system installation.
•
Create a virtual machine that uses an existing virtual hard disk with a preinstalled operating system.
•
Create a differencing virtual hard disk that uses a virtual hard disk with a generalized operating system as its parent, and configure a virtual machine to use that differencing virtual hard disk.
•
Virtualize the content of the existing physical computer.
Remember that Hyper-V does not include virtual-to-physical functionality. Products such as Microsoft System Center 2012 - VMM include real physical-to-virtual machine conversion (P2V conversion) solutions. However, you can still use Hyper-V to move the content of physical disks into the virtual hard disks.
When you create a new virtual hard disk, you can use Hyper-V to duplicate the contents of a physical disk into a new virtual hard disk. Before you use the New Virtual Hard Disk Wizard method of migrating data from a physical disk to a virtual hard disk, you should consider several factors. One of these factors is that the wizard is limited to copying the entire physical disk only, not a volume or a partition. In addition, the wizard should be used only with data disks because migrating physical disks that contain operating systems (boot and system disks) is not supported. Depending on the size of the physical disk, this process can take a considerable amount of time. Once you create the virtual hard disk, you then can add it to the virtual machine and access data on it. Note: You can also create a new virtual hard disk by using the Disk Management or Diskpart tool, attaching a virtual hard disk as a new disk on a Hyper-V host, and then copying the content to the disk.
Disk2vhd
When you want to create a virtual hard disk from the content of a physical disk, including system and boot partitions, you can use the Disk2vhd tool. The Disk2vhd tool is available on the Microsoft website as a free download. When you run Disk2vhd on a physical computer, it will show you the available volumes
that you can convert. The tool uses VSS, which is part of the Windows operating system, to create consistent, point-in-time snapshots and write them into virtual hard disks while the physical computer is running. Disk2vhd v2.0 http://go.microsoft.com/fwlink/?LinkID=386697
MCT USE ONLY. STUDENT USE PROHIBITED
3-34 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
After Disk2vhd creates a virtual hard disk, you can attach it to a virtual machine. If a virtual hard disk contains only data files, you can add it to any virtual storage controller. If you used Disk2vhd to convert a system partition and you want the virtual machine to be able to start from that virtual hard disk, you should add it to the virtual IDE controller of a Generation 1 virtual machine or the virtual SCSI controller of a Generation 2 virtual machine. When you start the virtual machine that is using the virtual hard disk for the first time, the Windows operating system will detect different hardware and will install appropriate drivers automatically. You should not forget to install or update Integration Services on the virtual machine. Note: Remember that the virtual machine has the same identity as the original system; you should not connect it to the same network as the physical computer. Question: Do you need to shut down a physical computer during the P2V conversion process?
The Virtual Machine Connection Application Virtual Machine Connection is a Hyper-V feature that you can use to connect to and manage virtual machines that run on a local or remote Hyper-V host. This tool is installed as part of the Hyper-V role or the Remote Server Administration Tools (RSAT) feature. There are several ways to connect to virtual machines by using Virtual Machine Connection. You can double-click the virtual machine in Hyper-V Manager, or right-click the virtual machine and then click Connect, or run Vmconnect.exe.
Regardless of how you connect, each virtual machine opens in a separate Virtual Connection Manager window, with the name of the virtual machine appearing in the title bar along with the Hyper-V host the virtual machine is running. In this way, you can distinguish between connections.
By default, Virtual Machine Connection connects remotely by using TCP port 2179, which you can modify in the registry at HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization. Virtual Machine Connection uses the Remote Desktop Protocol (RDP) to connect to the Virtual Machine Management service on the Hyper-V host, which listens for incoming connection requests on TCP port 2179. Although Virtual Machine Connection uses RDP to connect to virtual machines, the operating system on the virtual machine does not have to support Remote Desktop connections to connect to the virtual machine. Virtual Machine Connection simply is a shell and uses the same ActiveX control that the Remote Desktop Connection client uses to connect to virtual machines.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-35
You can use Virtual Machine Connection to establish only a single connection to the virtual machine. If a connection is already established and the second user establishes a connection to the same virtual machine, the first user will disconnect and the second user will take over the session. This can cause privacy and security issues because the second user will be able to view the first user's desktop, documents, and applications.
Any user with Console Read or Console Read/Write operations permissions in the authorization policy can connect to the virtual machine. This includes members of Hyper-V Administrators and Administrators groups on the Hyper-V host. You can use the Windows PowerShell Grant-VMConnectAccess and Revoke-VMConnectAccess cmdlets to grant and revoke permissions to a virtual machine. For example, if you want to grant permissions to a user named User1 in the Contoso domain for connecting to a virtual machine named VM1, you could run the following cmdlet: Grant-VMConnectAccess -VMName VM1 -UserName "Contoso\user1"
Question: Do you have to use Virtual Machine Connection if you want to connect to a virtual machine?
Overview of Enhanced Session Mode Hyper-V uses the Virtual Machine Connection application to connect to virtual machines by using RDP. Until Windows Server 2012 R2, Virtual Machine Connection provided only basic redirection of the virtual machine screen, keyboard, and a mouse, similar to how a KVM (Keyboard Video Mouse) switch over IP does. Virtual Machine Connection also historically provided limited copy and paste functionality, which only supported text and not any other content, such as graphics or files. To work around this, you could configure and use Remote Desktop on a virtual machine for a richer experience, but this requires the virtual machine to have network connectivity and uses one of the available Remote Desktop connections on the virtual machine. In addition, the Windows client operating system supports only one Remote Desktop connection.
Virtual Machine Connection in Windows Server 2012 R2 is improved and includes support for enhanced session mode. This functionality has specific requirements. For example, the Hyper-V host policy must allow it, and an enhanced session can be used only with virtual machines that are running supported operating systems. When using enhanced session mode, you get a considerably better experience and the same features as Remote Desktop Services (RDS), but without requiring the virtual machine to have network connectivity or using the Remote Desktop functionality of the guest operating system. With enhanced session mode, you can redirect local drives, printers, USB, and other devices to the virtual machine, and you can use a shared Clipboard, redirected folders, rich copy and paste for copying files or graphics, and redirected sound from virtual machines.
Enhanced session mode depends on RDS in the virtual machine, which is why it is available only when the virtual machine is running a supported operating system. Currently supported operating systems are Windows 8.1 and Windows Server 2012 R2.
Enhanced session mode establishes a Remote Desktop session over VMBus, which is available even when the virtual machine is not connected to the virtual switch, and when connecting to virtual machines that are running on a local or remote Hyper-V host. When you use enhanced session mode for connecting to
MCT USE ONLY. STUDENT USE PROHIBITED
3-36 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
virtual machines, you have access to the entire Remote Desktop experience. This includes configuring the parameters of a session that you can save for future connections to the same virtual machine. You can also sign in to the virtual machine. When you use simple mode, you connect to the virtual machine without having to sign in. You can use enhanced session mode to connect only to virtual machines that are already running. If the virtual machine is turned off, you can connect to it only by using simple mode. You configure enhanced session mode at three different levels. On the Hyper-V host level, you configure Enhanced Session Mode Policy, which controls if the Hyper-V host will allow enhanced session mode connections to virtual machines that are running on this server. At the user settings level, you configure enhanced session mode, which controls whether Virtual Machine Connection will attempt to use enhanced session mode when establishing connections with virtual machines. On the virtual machine level, you can control whether Guest services Integration Service is enabled (in other words, if the virtual machine offers enhanced session mode.) In addition, the operating system in a virtual machine must support enhanced session mode, which means that it must be either Windows 8.1 or Windows Server 2012 R2. Virtual Machine Connection - Enhanced Session Mode Overview http://go.microsoft.com/fwlink/?LinkID=386665 Question: Can you use enhanced session mode to start a virtual machine from a USB device?
Demonstration: Using Enhanced Session Mode In this demonstration, you will see how to use enhanced session mode.
Demonstration Steps 1.
On LON-HOST1, confirm that when Virtual Machine Connection with LON-CL1 opens, your previous session displays.
2.
On LON-HOST1, use Hyper-V Manager to configure Allow enhanced session mode.
3.
Use Hyper-V Manager to connect to 20409B-LON-CL1. Confirm that local drives are redirected.
4.
Confirm that you are not signed in automatically to LON-CL1, and then sign in as ADATUM\administrator, with Pa$$w0rd as the password.
5.
On LON-HOST1, use File Explorer to browse to C:\Windows, and then copy Write.exe.
6.
On LON-CL1, paste Write.exe on the desktop.
7.
On LON-CL1, use File Explorer to confirm that drives from LON-HOST1 are mapped to a virtual machine.
8.
On LON-CL1, confirm that Remote Desktop is disabled.
Lesson 4
Managing Virtual Machine Checkpoints
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-37
A Checkpoint is a Hyper-V feature that you can use to create a point-in-time snapshot of a virtual machine, and then revert to it if needed. In previous versions of Hyper-V, this feature was called a snapshot, and you can still see references to it. The primary benefit of checkpoints in Hyper-V is that you can use them to create hierarchies of changes quickly and easily, and then revert to them at any time. Checkpoints can be quite useful in some scenarios, such as when testing Windows operating system updates. However, you must use checkpoints carefully to avoid issues, especially when reverting virtual machines in distributed environments such as Active Directory Domain Services (AD DS). This lesson describes how to create and work with virtual machine checkpoints.
Lesson Objectives After completing this lesson, you will be able to: •
Describe virtual machine checkpoints.
•
Explain how Hyper-V implements checkpoints.
•
Describe checkpoints at file level.
•
Describe how to export virtual machines and checkpoints.
•
Work with checkpoints.
•
Describe issues with checkpoints in distributed environments.
•
Describe checkpoints and virtual machine Generation ID.
What Are Virtual Machine Checkpoints?
When a virtual machine is running, changes are written to both its memory and virtual hard disk. Checkpoints are a Hyper-V feature that you can use to create a point-in-time snapshot of a virtual machine, including its configuration, memory, and disk state. You can create checkpoints when a virtual machine is running, turned off, or in a saved state, but not when it is in a paused state. You can create multiple checkpoints of a virtual machine and revert it to any of the previous states for which checkpoints exist by applying a checkpoint to the virtual machine. Checkpoints do not affect the running state of a virtual machine, but they can affect virtual machine performance, as they are implemented by using differencing virtual hard disks. Note: Do not edit or modify a virtual hard disk file when it is used by a virtual machine that has checkpoints.
Checkpoints can be useful when you need to revert virtual machines to an earlier state. You can undo all the changes that took place after the specified state, such as those that occurred during testing, development, or in a training environment. Conversely, checkpoints in production environments can cause serious issues, such as losing user data. When running on a virtual machine, Windows Server 2012
works much better at detecting if the virtual machine was reverted, and if so, to avoid issues that this might cause. Some functionality, such as Hyper-V Replica or pooled desktops in VDI deployments, depends on the use of checkpoints.
Creating Checkpoints
MCT USE ONLY. STUDENT USE PROHIBITED
3-38 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
When you create a checkpoint, the result is always the same, irrespective of the method you choose. After you create a checkpoint, you should not modify its files directly on the disk because this could cause problems with the checkpoint or even with the running virtual machine. You can create checkpoints in one of the following ways: •
In Hyper-V Manager, you can highlight a virtual machine, right-click it, and then click Checkpoint, or in the Action pane, click Checkpoint.
•
You can use Virtual Machine Connection by clicking Checkpoint in the Action menu, or by using the Windows PowerShell cmdlet Checkpoint-VM.
Factors to Consider When you are considering checkpoints, you should be aware of the following factors: •
When you create a checkpoint of a virtual machine, the virtual machine is configured with a differencing virtual hard disk even if it was using a fixed-size virtual hard disk before. Differencing virtual hard disks might perform slower than normal disks because the two files (base and differencing) need to be read from.
•
If a virtual machine is using directly attached disks, you cannot create checkpoints of those disks because they do not support differencing virtual hard disks.
•
Checkpoints require additional storage space. If you create a checkpoint of a running virtual machine, it also contains a virtual machine memory snapshot, and taking multiple checkpoints can use up a large amount of storage space.
•
Although you can use checkpoints to revert a virtual machine to an earlier point in time, you should not consider them backups. Even if you use checkpoints, you should still make regular backups.
•
If you no longer need a checkpoint, you should delete it immediately. However, this can cause merging of differencing virtual hard disks. Prior to Windows Server 2012, merging of the differencing virtual hard disks happened only after you turned off the virtual machine. In Windows Server 2012 and newer, the merging process happens asynchronously in the background while the virtual machine is running.
•
A virtual machine is limited to 50 checkpoints. The actual number of checkpoints might be lower, depending on the available storage. Hyper-V Virtual Machine Snapshots: FAQ http://go.microsoft.com/fwlink/?LinkID=386687 Question: Which checkpoint requires more space: a checkpoint of a running virtual machine, or a checkpoint of a virtual machine that is turned off?
Implementing Hyper-V Checkpoints Checkpoints consist of several files that represent the complete state of a virtual machine at a certain moment in the past. Because you cannot modify a previous state, checkpoints are readonly, and you cannot modify one after you create it. You can only view a checkpoint, change its name, or delete it. You use checkpoints to revert virtual machines back to the state they were in when you created the checkpoints.
Creating Checkpoints When you create a checkpoint, Hyper-V performs the following steps in the background:
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-39
1.
Pauses the virtual machine.
2.
For each virtual hard disk that the virtual machine is using, Hyper-V creates a differencing virtual hard disk, configures it to use the virtual machine's virtual hard disk as a parent, and then updates virtual machine settings to use the created differencing virtual hard disk.
3.
Creates a copy of the virtual machine configuration file.
4.
Resumes the running of the virtual machine.
5.
Saves the content of the virtual machine memory to disk.
Because the virtual machine is paused before the checkpoint is created, you cannot create a checkpoint of a virtual machine that is in a paused state. As the virtual machine resumes, while the memory is saving to the disk, Hyper-V intercepts memory changes that have not yet been written to the disk, writes the memory pages to the disk, and then modifies the virtual machine memory. Creating a checkpoint can take considerable time, depending on virtual machine memory, Hyper-V host utilization, storage speed, and what is running on the virtual machine. However, the process is transparent, and users who are connected to the virtual machine do not experience any outage.
Virtual Machine Checkpoint Files A virtual machine checkpoint can consist of the following files: •
Virtual machine configuration file (*.xml)
•
Virtual machine saved state file (*.vsv)
•
Virtual machine memory content (*.bin)
•
Checkpoint differencing virtual hard disks (*.avhd)
Hyper-V creates the virtual machine saved state file and the virtual machine memory content file only if a checkpoint is created while the virtual machine is running, and not if the virtual machine is turned off.
The location of virtual machine checkpoint files is configured for each virtual machine, and by default, it is the same location where the virtual machine configuration is stored. When you create the first checkpoint, Hyper-V creates a Snapshots subfolder and stores checkpoint files there. You can modify the location of the checkpoint files only until the first checkpoint is created. After this, the checkpoint file location setting is read-only. You can modify this setting only after deleting all checkpoints or by using live storage migration in Hyper-V Manager (the Move Virtual Machine Wizard).
Using Checkpoints When you select a checkpoint, the following options are available in the Actions pane:
MCT USE ONLY. STUDENT USE PROHIBITED
3-40 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
•
Settings. Opens the virtual machine settings that were effective at the moment the checkpoint was created. All of the settings are read-only because you cannot change the configuration that was used in the past. The only settings that you can modify are the checkpoint name and the notes that are associated with the checkpoint.
•
Apply. Applies a checkpoint to a virtual machine, which means that you want to return the virtual machine to the exact historical state it was in. When you apply a checkpoint, any change in the virtual machine since the last checkpoint was made is lost. Before applying a checkpoint, Hyper-V prompts you to create a new checkpoint to avoid possible data loss.
•
Export. Exports a virtual machine checkpoint, which will create an exact copy of the virtual machine as it existed at the moment you created the checkpoint.
•
Rename. Renames the checkpoint to provide better information about the state of the virtual machine when you created the checkpoint. The checkpoint name is independent of the checkpoint content, and by default, it contains the date and time of checkpoint creation.
•
Delete Checkpoint. Deletes a checkpoint if you no longer want to be able to revert a virtual machine to the state it was in when you created the checkpoint.
•
Delete Checkpoint Subtree. Deletes the selected checkpoint and any checkpoints that originate from it. Checkpoints that originate from it are listed below it in the Checkpoint pane.
When you right-click a virtual machine with at least one checkpoint, you can also click the Revert option. This returns a virtual machine to the last checkpoint. Question: Can you modify the configuration of a virtual machine checkpoint if you created that checkpoint when the virtual machine was turned off?
Overview of Checkpoints at File Level
When you create a checkpoint of a running virtual machine, Hyper-V creates several files. Some of these files, such as virtual machine configuration, are quite small. Others, such as virtual machine memory content, can be considerably larger, and their sizes depend on the size of the memory that the virtual machine is configured to use. However, the largest in size and the greatest impact on virtual machine performance are the differencing virtual hard disks that checkpoints create. A differencing virtual hard disk is small when you create it, but its size increases through time because it stores all the changes that the virtual machine writes to its virtual hard disk. Of all the disk types that a virtual machine can use, differencing virtual hard disks have the worst performance, and its performance can become even worse when you use multiple levels of differencing virtual hard disks in a hierarchy, such as when you create multiple checkpoints for a virtual machine.
Each time you create a checkpoint, a new differencing virtual hard disk is created and configured to use the previous virtual machine disk as a parent. For example, consider a virtual machine that is configured with a fixed-size virtual hard disk named Disk1.vhd. When you create a checkpoint, a differencing virtual hard disk is created, and it is configured to use Disk1.vhd as a parent. The virtual machine settings are
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-41
updated to use the differencing virtual hard disk as its virtual hard disk. The same sequence repeats when you create a second checkpoint. The only difference is that it uses the previous differencing virtual hard disk as its parent, and the virtual machine now has three virtual hard disks in a hierarchy. All changes that the virtual machine makes are written into the last (differencing) virtual hard disk. If you decide to apply the last checkpoint to the virtual machine, which effectively reverts it to the moment when the last checkpoint was created, the last differencing virtual hard disk will be deleted. All changes that were performed in the virtual machine since the last checkpoint will be lost, and a new differencing virtual hard disk will be created with the same parent as the previous one.
When you no longer need the ability to revert a virtual machine to a first checkpoint, you can delete it. This will delete the virtual machine configuration and virtual memory content from that checkpoint. However, you cannot delete the differencing virtual hard disk that was created at that time—you still need it because the current disk content depends on it. When you delete the first checkpoint, the differencing virtual hard disk will merge dynamically with the fixed parent virtual disk while the virtual machine is running. Note: Prior to Windows Server 2012, Hyper-V would merge virtual hard disks only after the virtual machine was turned off.
If you want to apply the first checkpoint and create a branch, Hyper-V will delete the content of the differencing virtual hard disk that was created during the last checkpoint. You will have the option to create a new checkpoint prior to this. Hyper-V will create a new differencing virtual hard disk that will use a fixed-size virtual hard disk as its parent. You can use checkpoint branches to have multiple different states of the same virtual machine, where each state is independent from the others. When you no longer need the last checkpoint and decide to delete it, you are effectively telling Hyper-V that you no longer need to return to that moment in time. Because no other checkpoint depends on it, if you want to delete the last checkpoint in a hierarchy, Hyper-V can in this case delete all checkpoint files, including the differencing virtual hard disk. Question: If a virtual machine is running and you delete a checkpoint, when will the parent disk merge with the differencing virtual hard disk? Question: How are multiple branches created in a checkpoint tree?
Exporting Virtual Machines and Checkpoints In Hyper-V in Windows Server 2012 and newer, you no longer need to export a virtual machine to be able to import it later. You can simply copy a virtual machine and its files to the new Hyper-V host and then use the Import Virtual Machine Wizard to specify the location of the virtual machine and update its settings, if required. This registers the virtual machine at the target Hyper-V host and makes it available for use. You can also transfer the virtual machine to removable media, and recover virtual machines if the system disk fails, but the data disk that stores the virtual machines is still working.
MCT USE ONLY. STUDENT USE PROHIBITED
3-42 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
In Windows Server 2012 R2, you can perform a live export of a virtual machine or checkpoint. You can export them while the virtual machine is running. In Hyper-V on Windows Server 2012, you first have to save the state or shut down the virtual machine prior to performing the export. When you want to perform an export, you need to specify a location to export the files. Export creates a subfolder and consolidates virtual machine files there. If, for example, a virtual machine uses virtual disks from different locations, after the export, all the virtual disks will be stored in the same folder. If a virtual machine is using differencing virtual hard disks, Hyper-V exports all the parent disks. If multiple virtual machines are exported and they all use the same parent disk, the parent disk is exported for each machine. This can increase the total size of export considerably when you compare it to the size of virtual machines prior to export. When you export a virtual machine, Hyper-V also exports all the checkpoints of that virtual machine. Exporting checkpoint exports only a single point-in-time snapshot of the virtual machine. The exported virtual machine is the exact copy of the virtual machine at the moment you created the checkpoint. If there are additional checkpoints in a hierarchy before the one you are exporting, which means that the virtual machine is using the hierarchy of differencing virtual hard disks, all those differencing virtual hard disks will be merged for the exported virtual machine.
After you import an exported virtual machine (when you export a checkpoint, the virtual machine is exported without a checkpoint), you should update Integration Services on the virtual machine, especially if the target Hyper-V host is running a newer version of Hyper-V. You should also be aware that if the imported virtual machine contains a saved state or a checkpoint that was created when the virtual machine was running, you will have to discard its memory content, if the saved state or checkpoint was created on the Hyper-V host prior to Windows Server 2012, or if the Hyper-V host was running on a different hardware architecture, such as Intel or AMD. You can export a virtual machine or a checkpoint in the Hyper-V Manager console by right-clicking it and then clicking Export. You can also use the Windows PowerShell cmdlets Export-VM and Export-VMSnapshot to export a virtual machine or a checkpoint. Question: Can you export a virtual machine checkpoint on a Hyper-V host that is running on a physical server with Intel processors, and then import it to a Hyper-V host that has AMD processors?
Demonstration: Working with Checkpoints In this demonstration, you will see how to work with checkpoints.
Demonstration Steps 1.
Confirm that LON-VM1 is using the Differencing.vhd virtual hard disk.
2.
Create a checkpoint for LON-VM1.
3.
Start LON-VM1.
4.
Complete the setup by clicking Next, and then clicking I accept.
5.
On the Settings page, provide the password Pa$$w0rd.
6.
Sign in as Administrator by using the password Pa$$w0rd.
7.
Confirm that LON-VM1 is now using a virtual hard disk with a GUID in its name.
8.
On LON-VM1, create a folder named Folder1 on the desktop.
9.
Create a checkpoint for LON-VM1, and name it Folder1.
10. On LON-VM1, create a folder named Folder2 on the desktop.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-43
11. On LON-HOST1, use the Windows PowerShell cmdlet Checkpoint-VM to create a checkpoint for LON-VM1, and name it Folder2. 12. Use the cmdlet Get-VMSnapshot to view existing checkpoints for LON-VM1. 13. Use Hyper-V Manager to confirm that LON-VM1 has three checkpoints. Apply the Folder1 checkpoint. 14. On LON-VM1, confirm that there is only one folder named Folder1 on the desktop. 15. On LON-VM1, on the desktop, create a folder named Folder1.1. 16. Use Hyper-V Manager to create a checkpoint for LON-VM1, and then rename it Folder1.1.
17. On LON-HOST1, use File Explorer to browse to C:\Shares\Snapshots, and then confirm that there are four .xml files and four subfolders.
18. Confirm that the size of the oldest folder in the details pane is 0. This is because the first checkpoint was created when LON-VM1 was turned off. 19. Confirm that each of other folders have larger sizes, as the other checkpoints were created while LON-VM1 was running.
Issues with Checkpoints in Distributed Environments Checkpoints are point-in-time snapshots of a virtual machine. When you apply a checkpoint, you effectively revert the virtual machine back to the moment when you created the checkpoint. Depending on the virtual machine’s role and the applications that are installed on it, taking a virtual machine back to a previous checkpoint can have disastrous implications and might result in data corruption. The following two types of applications can be negatively affected when you take a virtual machine back in time: •
Cryptographic applications. Windows provides API functions that generate random values with a high level of entropy. The checkpoint captures the logic for creating these random values when you create a checkpoint, and this can severely reduce the entropy of the random data. For example, consider the generation of GUIDs. When the GUID value generates, it should be unique and never repeated. However, if you request a GUID immediately after applying a checkpoint, there is a high probability that a duplicate GUID value will generate each time the checkpoint is applied.
•
Applications that use vector-clock synchronization. Applying a checkpoint to a virtual machine can corrupt applications that use vector-clock synchronization. Examples of such applications are AD DS, Distributed File System (DFS) Replication, and Microsoft SQL Server replication. For these applications to work, each member of a replica set must maintain a monotonically increasing logical clock. When you apply a checkpoint, it reverts back the logical clock on the virtual machine, causing clock values to associate to different transactions. As a result, members of the replica set will not converge to the same state, thereby causing data corruption.
A checkpoint contains an exact snapshot of a virtual machine. Applications that run on a virtual machine have no knowledge of checkpoints and have no way of detecting when you create or apply a checkpoint
MCT USE ONLY. STUDENT USE PROHIBITED
3-44 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
to a virtual machine. When you apply the checkpoint, you also undo all the changes in a virtual machine that you made after creating the checkpoint. This can result in data loss and reversal of passwords to their previous values. Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100) http://go.microsoft.com/fwlink/?LinkID=386693 Question: Can you prevent checkpoint creation from inside a virtual machine?
Checkpoints and Virtual Machine Generation ID To address situations in which virtual machines are reverted back to a previous checkpoint, Hyper-V in Windows Server 2012 uses the virtual machine Generation ID feature. Generation ID is a 64-bit integer value that is associated with an instance of a virtual machine configuration file. Every checkpoint has its own configuration file, which also means that it has a different Generation ID value. The Generation ID value is accessible to the operating system through the virtual machine BIOS, and it is unique across all virtual machine configurations. An application in a virtual machine can read the Generation ID value when the virtual machine starts or resumes and then compare it with the last value of which the application is aware. If both values are the same, the state of the virtual machine did not change. For example, the virtual machine was not cloned and a checkpoint was not applied, so the application can continue to run normally.
If the previous and current Generation ID values are different, this means that the virtual machine identity is not the same. This can be the result of different actions, such as creating a new virtual machine and attaching it to a virtual hard disk with an installed operating system, restoring a system backup to a different virtual machine, or applying the checkpoint to the existing virtual machine. When the application detects a change in Generation ID, it should consider that it is running in a different virtual machine and act accordingly. For example, when AD DS detects a change in Generation ID value, it updates its InvocationID value and effectively modifies the identity of the domain controller. To use the virtual machine Generation ID from inside a virtual machine, the following prerequisites apply: •
The virtual machine must be running on a hypervisor that implements support for virtual machine Generation ID. Several virtualization platforms meet this requirement, including Windows 8, Windows Server 2012, and newer Windows operating systems, and VMware vSphere 5.0 update 2 and newer.
•
The virtual machine must be running an operating system that is aware of and is using Generation ID. Windows 8, Windows Server 2012, and newer Windows operating systems meet this requirement: o
If a virtual machine has Integration Services installed from Windows 8 or Windows Server 2012, applications on other operating systems such as Windows Server 2008 Service Pack 2 or Windows 7 Service Pack 1 can also read the Generation ID value. These older operating systems are not Generation ID–aware, but applications that are running on the virtual machine can still read the Generation ID value.
Note: The Generation ID value is projected into a virtual machine through an emulated BIOS device, and Integration Services presents it as a Hyper-V Generation Counter. Because of this, operating systems on a virtual machine can access the Generation ID value only if it has Integration Services installed from Windows 8, Windows Server 2012, or newer. Actions that will cause the Generation ID to change include: •
The virtual machine starts from a checkpoint.
•
The same checkpoint is applied multiple times.
•
The virtual machine is restored from a backup.
•
The virtual machine is migrated by using System Center 2012 - VMM (Export and Import).
•
The virtual machine is imported.
Actions that will not cause the Generation ID to change include: •
The virtual machine is live-migrated.
•
The virtual machine is paused or resumed.
•
The virtual machine is restarted.
•
The Hyper-V host is restarted. Note: Virtualized domain controller cloning takes advantage of the Generation ID feature.
For more information, refer to the Virtual Machine Generation ID paper from the following website: Microsoft Download Center http://go.microsoft.com/fwlink/?LinkId=260709 Virtual machine generation identifier http://go.microsoft.com/fwlink/?LinkID=386685 Question: Can you use Generation ID in a Windows Server 2008 R2 virtual machine?
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-45
Lesson 5
Monitoring Hyper-V
MCT USE ONLY. STUDENT USE PROHIBITED
3-46 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
Monitoring your virtualization environment is important. You are most likely already familiar with the monitoring tools included with Windows Server 2012 R2, but you should remember that not all of them are virtualization-aware. Only Performance Monitor can provide you with real performance data, and when you install the Hyper-V role, many additional performance counters are added to Performance Monitor. If you are more interested in chargeback data, you should enable and use resource metering, which is included with Hyper-V in Windows Server 2012 and newer Windows Server operating systems.
Lesson Objectives After completing this lesson, you should be able to: •
Describe performance monitoring.
•
Explain different aspects of monitoring a Hyper-V host.
•
Describe virtual machine monitoring.
•
Use Performance Monitor to monitor Hyper-V.
•
Describe Hyper-V resource metering.
Overview of Performance Monitoring Every application that runs on a server, including the operating system itself, uses system resources. Performance monitoring is the process of capturing and analyzing data on how resources, including memory, processors, disks, and networks, are used. Regular performance monitoring ensures that you have up-to-date information on how your server is operating. Performance data helps you recognize trends, detect performance issues, and optimize system resource usage. When you are troubleshooting system problems, performance data provides an insight into the behavior of system resources at the time the problem occurs. It also helps you decide when to upgrade the server, and then determine whether the upgrade improved the server’s performance. Windows Server 2012 R2 includes the following tools for monitoring system performance: •
Task Manager. Task Manager displays real-time monitoring data for a local server. You can view information related to running processes, performance data, resource use by connected users, and detailed information on running processes and Windows Server services. You can customize Task Manager, for example, to configure update speed or view additional details of running processes. You can also start new tasks, disconnect users, and end tasks from the Task Manager.
Task Manager is often the first tool to use when performance-related problems occur. For example, you might examine the running processes in Task Manager to determine if a particular program is using excessive CPU resources. However, Task Manager only shows real-time utilization for the local server. You cannot use it to monitor remote servers or to store performance data.
Note: The Performance tab in Task Manager shows overall CPU utilization. If you want to view individual processor utilization on a multiprocessor server, you must change the graph to the Logical Processor view.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-47
•
Resource Monitor. Resource Monitor provides an in-depth look at real-time performance for a local server. You can use it to monitor the use and performance of CPU, disk, network, and memory. By using Resource Monitor, you can identify and resolve resource conflicts and bottlenecks. By expanding the monitored elements, you can identify which processes are using which resources. Resource Monitor shows only real-time utilization for a local server.
•
Event Viewer. You can use Event Viewer to work with Windows events. Events are collected in event logs and can occur locally, or they can be collected from remote computers. Events include information, warnings, and errors on Windows components and installed applications. Events also include performance events, such as a disk is almost full. You can filter events, create custom views, and attach tasks to the events.
•
Reliability Monitor. Reliability Monitor provides an historical view of server reliability and problem history. It assesses server stability on a scale from 1 to 10 and can show you hardware and software problems that impacted the server during a specific period. If you want Reliability Monitor to start collecting data, you first must enable the RACTask scheduled task.
•
Performance Monitor. This is the most robust and complete monitoring tool in Windows operating systems. You can use it to view real-time performance for local and remote servers and to store and view historical data, which is gathered by using data collector sets. In Performance Monitor, you can also create performance counter alerts, which generate alerts and start tasks when the performance counter is either less than or more than the specified value. You can monitor operating system performance through performance objects and counters in the objects. When you install an additional role, for example, Hyper-V, additional performance objects are added in Performance Monitor.
Each server role uses processor, memory, disks, and networks, but it uses them differently. Performance counters that are relevant for monitoring servers are different, based on the server roles. For example, you should monitor different performance counters on a file server than on a Hyper-V host or a domain controller. Note: Microsoft System Center 2012 R2 - Operations Manager provides infrastructure monitoring, alerts, and reporting for an enterprise environment.
For more information, refer to the Performance Tuning Guidelines for Windows Server 2012 paper from the following website: Microsoft Download Center http://go.microsoft.com/fwlink/?LinkID=285313 Question: Which of the monitoring tools in Windows Server 2012 R2 must you first enable to provide you with data after at least a few hours?
Monitoring a Hyper-V Host Although Windows Server 2012 R2 includes several tools for monitoring system performance, not all of them are appropriate for monitoring Hyper-V host performance. Tools such as Task Manager and Resource Monitor are not virtualization-aware. As such, they only display utilization of the resources that are available inside the virtual environment in which they run, either the virtual machine or parent partition. For example, a Hyper-V host can have the processor at 60 percent utilization, but the Task Manager in the parent partition is aware of and displays only 10 percent utilization because virtual machines use most of the processor resources.
MCT USE ONLY. STUDENT USE PROHIBITED
3-48 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
You should use Performance Monitor to monitor Hyper-V host performance. You can monitor memory, disk, and network performance on the Hyper-V host in the same way, and by using the same performance counters as on any other server. For example, you can monitor: •
Disk latency by using the \Logical Disk(*)\Avg. sec/Read and \Logical Disk(*)\Avg. sec/Write Performance Monitor counters. These performance counters measure the time that read and write operations take to respond to the operating system. Requests from virtual machines and the parent partition affect this counter. If one virtual machine accesses the disk heavily, this will increase disk latency.
•
Available memory by monitoring the \Memory\Available MBytes Performance Monitor counter on the Hyper-V host. This counter reports the amount of available physical memory in the parent partition. When a virtual machine starts, its memory is no longer available for the parent partition and is subtracted from this counter value. You can use the following two counters to provide you with better insight into available memory to the Hyper-V host:
•
o
\Memory\Available Mbytes. This counter measures the amount of available physical memory to processes that are running in the parent partition, expressed as a percentage of total physical memory.
o
\Memory\Pages/sec. This counter measures the rate at which pages are read and written to disk to resolve hard page faults. To resolve hard page faults, the Hyper-V host must swap the contents of memory to disk. A high value for this counter in correlation with low available physical memory might indicate insufficient physical memory on the Hyper-V host.
Network utilization on the Hyper-V host by using \Network Interface(*)\Bytes Total/sec and \Network Interface(*)\Output Queue Length Performance Monitor counters.
Processor utilization on a Hyper-V host is measured differently than on a physical server. On a physical server, you would monitor processor utilization by using the \Processor(*)\% Processor Time Performance Monitor counter. However, on the Hyper-V host, this counter is not appropriate, because the parent partition is treated as another virtual machine. Therefore, this counter monitors utilization of available processor resources for the parent partition, not the entire physical Hyper-V host. To monitor total processor utilization on the Hyper-V host, which includes parent partition and virtual machines, you should use the \Hyper-V Hypervisor Logical Processor(_Total)\% Total Run Time Performance Monitor counter. This counter measures the total percentage of time spent by the processor for running the Hyper-V host and all the virtual machines on the Hyper-V host.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-49
You can use the following Performance Monitor counters to monitor processor usage on a Hyper-V host: •
Hyper-V Hypervisor\Partitions. Monitors the number of virtual machines.
•
Hyper-V Hypervisor\Logical Processors. Monitors the number of logical processors.
•
Hyper-V Hypervisor\Virtual Processors. Monitors the number of virtual processors.
•
Hyper-V Hypervisor Logical Processor\% Total Run Time. Monitors the total non-idle time of the logical processors.
•
Hyper-V Hypervisor Logical Processor\% Hypervisor Run Time. Monitors the non-idle time of the logical processors for the Hyper-V host only.
•
Hyper-V Hypervisor Root Virtual Processor. Monitors processor utilization for the host (Hyper-V host) operating system only. Question: Can you use Performance Monitor in virtual machines to monitor Hyper-V host performance?
Monitoring Virtual Machines
If you want to monitor virtual machine performance, you should be aware that Hyper-V counters are not available in Performance Monitor, which is running on the virtual machine. The monitoring tools on a virtual machine are not aware that they are running inside of a virtual environment. Although the virtual machine is allocated only part of the Hyper-V host resources, monitoring tools that are running on the virtual machine see them as complete resources because they would be running on a physical server. Task Manager on the virtual machine, otherwise known as the \Processor(*)\% Processor Time Performance Monitor counter, reports processor utilization relative to the number of processors allocated to the virtual machine. If you add more processors to the virtual machine, the value reported for the \Processor (*)\% Processor Time Performance Monitor counter will be lower, even if processor utilization of the Hyper-V host is an issue. This happens because virtual processors use the physical processors in a round robin fashion, and each virtual processor is allocated a share of the overall system processor resources. In a physical four-processor system with virtual machines that utilize four virtual processors, each virtual processor will be able to use 25 percent of the physical processor resources. If eight virtual processors are used on the same Hyper-V host, for example, if there are four virtual machines with two processors each, the combined virtual processors will attempt to use 200 percent of the physical processor capacity. In such an environment, each virtual processor will report low \Processor(*)\% Processor Time utilization because utilization is low for the level it expects. Excessive context switching between virtual processors will result in poor performance for each virtual machine. On a Hyper-V host, you have Hyper-V hypervisor performance counters to monitor the performance of both logical and virtual processors. A logical processor correlates directly to the number of processors on the physical server. For example, single quad core processors correlate to four logical processors. Virtual machines use virtual processors to execute the code. The virtual processors perform all the execution in the parent partition and the virtual machines.
MCT USE ONLY. STUDENT USE PROHIBITED
3-50 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
You can use processor settings for the virtual machine to configure resource control and limit the processor resources that the virtual machine can use. In the Resource control section, you can configure the following settings: •
Virtual machine reserve (percentage). Use this setting to reserve a certain portion of the Hyper-V host processor resources for the virtual machine. By configuring this setting, you can ensure that the virtual machine will always have at least that part of processor resources available to it. By default, the virtual machine reserve is set to 0, which means that no processor resources are reserved.
•
Virtual machine limit (percentage). This setting limits processor resources that are available to the virtual machine and prevents it from consuming an excessive amount of processor resources.
•
Percent of total system resources. This setting is read-only, and its value is set based on the virtual machine limit, number of virtual processors, and the number of physical processors in the Hyper-V host. For example, consider a virtual machine that is allowed to use 100 percent of the processor, has a single virtual processor, and four physical processors in the Hyper-V host. In this case, the percentage of total system resources is set to 25, because 100 percent utilization of one processor is equal to 25 percent utilization of total Hyper-V processor resources.
•
Relative weight. Virtual machines with higher relative weights receive more processor time, and virtual machines with lower relative weights receive less processor time. By default, all virtual machines are assigned a relative weight of 100. Question: How can you limit processor resources that a virtual machine can use?
Demonstration: Using Performance Monitor to Monitor Hyper-V In this demonstration, you will see how to use Performance Monitor to monitor Hyper-V.
Demonstration Steps 1.
On LON-HOST1, start Performance Monitor, and then add the following counters: o
Hyper-V Hypervisor Virtual Processor\% Guest Run Time for LON-CL1 instance
o
Hyper-V Virtual Storage Device\Read Operations/sec for the instance that refers to 20409B-LON-CLx
o
LogicalDisk\Disk Reads/sec for the C: instance
2.
Set Scale Selected Counters for Disk Reads/sec and Read Operations/Sec.
3.
On LON-CL1, run C:\LabFiles\Mod03\sqlio.exe in Windows PowerShell.
4.
On LON-HOST1, use Performance Monitor to follow how disk access increased in virtual machine and on the Hyper-V host while sqlio.exe is running on the virtual machine.
5.
On LON-CL1, run C:\LabFiles\Mod03\Cpustres.exe in Windows PowerShell.
6.
In CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread Priority to Highest and Activity to Busy.
7.
On LON-HOST1, use Performance Monitor to follow how processor utilization in a virtual machine and on Hyper-V increases.
8.
On LON-HOST1, use Hyper-V Manager to view CPU Usage for the LON-CL1 virtual machine.
9.
Set Virtual machine limit (percentage) for LON-CL1 to 10.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-51
10. Use Hyper-V Manager to confirm that CPU Usage for the LON-CL1 virtual machine is considerably lower. 11. On LON-CL1, close CPU Stress and Task Manager.
Resource Metering in Hyper-V
In a virtualized environment, you often need data on resources that are used by virtual machines in a given period. For example, you might need resource data so that you can charge back the business units that are using them. When you create a virtual machine, you configure it with processors, memory, disks, and network adapters. It would be misleading to provide chargeback data based only on virtual machine configuration because resources that are used by virtual machines change through time. For example, virtual machine memory utilization is between the minimum and maximum RAM configured when dynamic memory is used, processor utilization varies depending on load, and the size of dynamically expanding disks increases until it reaches its configured maximum size. Performance Monitor can provide real-time information on resources that virtual machines use, but the tool is not practical for providing chargeback data. Hyper-V in Windows Server 2012 includes resource metering, a feature that you can use to monitor resource consumption over time, per virtual machine or resource pool. Resource pools are logical containers that collect resources of the virtual machines that one business unit uses. When you use resource pools, you can enable resource metering and query on resource use in the same way as for a single virtual machine. Resource metering works with all Hyper-V operations. The movement of virtual machines between Hyper-V hosts, for example, by using live migration, does not affect the data collection process. The following cmdlets are used for resource metering: •
Enable-VMResourceMetering. Enables resource metering for a virtual machine.
•
Disable-VMResourceMetering. Disables resource metering for a virtual machine.
•
Reset-VMResourceMetering. Resets resource metering counters for a virtual machine.
•
Measure-VM. Displays resource metering data for a virtual machine.
•
Measure-VMResourcePool. Displays resource metering data for a resource pool.
For example, you can enable resource metering and view all of the resource metering data for the LON-DC virtual machine by running the following cmdlets: Get-VM -Name LON-DC | Enable-VMResourceMetering Get-VM –Name LON-DC | Measure-VM
Resource metering in Hyper-V collects and reports on the following resource use data: •
Average CPU use. The average CPU, in megahertz (MHz), that a virtual machine uses over a period.
•
Average memory use. The average physical memory, in MB, that a virtual machine uses over a period.
MCT USE ONLY. STUDENT USE PROHIBITED
3-52 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
•
Minimum memory use. The lowest amount of physical memory, in MB, assigned to a virtual machine over a period.
•
Maximum memory use. The highest amount of physical memory, in MB, assigned to a virtual machine over a period.
•
Maximum disk allocation. The highest amount of disk space capacity, in MB, allocated to a virtual machine over a period.
•
Incoming network traffic. The total incoming network traffic, in MB, for a virtual network adapter over a period.
•
Outgoing network traffic. The total outgoing network traffic, in MB, for a virtual network adapter over a period.
Before you can obtain data on resources that are used by virtual machines, you first must enable resource metering. You can use Windows PowerShell to enable resource metering and retrieve collected data. Windows Server 2012 R2 does not include a graphical reporting tool on virtual machine resource utilization, but you can use one of the non-Microsoft tools, or develop your own tool.
Lesson 6
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-53
Designing Virtual Machines for Server Roles and Services
You can use Hyper-V Manager to manage multiple Hyper-V hosts, but it is not the optimal tool when you have to manage an enterprise environment. The Hyper-V module for Windows PowerShell is a better tool when you need to automate operations or perform repetitive tasks on multiple servers. However, not all administrators like to work with a command shell. For environments with multiple Hyper-V hosts, System Center 2012 - VMM is the recommended tool, although, you must obtain it separately.
Hyper-V does not support the concept of templates, but copying a virtual hard disk that has an installed operating system or the use of differencing virtual hard disks can achieve similar results. By using that approach, companies can create libraries of virtual disks with different operating systems and applications and then use them as templates. In this lesson, you will learn about recommendations for running domain controllers, Microsoft SQL Server, and Microsoft Exchange Server on virtual machines.
Lesson Objectives After completing this lesson, you will be able to: •
Plan Hyper-V host management.
•
Plan virtual machine management.
•
Design virtual machines for a domain controller.
•
Design virtual machines for SQL Server.
•
Design virtual machines for Exchange Server.
Planning Hyper-V Host Management Hyper-V hosts are the infrastructure for running virtual machines. It is important that you carefully plan and deploy a standard server configuration, configure high availability, implement remote management, and regularly monitor the infrastructure. Consider the following best practices for configuring and administering Hyper-V hosts: •
Simplify and standardize the platform on which you will deploy server virtualization. Use a standard configuration for the operating system and Hyper-V to make it easier to deploy and manage the environment. Automate the deployment and use the latest version of Windows Server 2012 because it provides new and improved features.
•
Use a Server Core installation (or better yet, Microsoft Hyper-V Server 2012 R2) for Hyper-V hosts. A Server Core installation has fewer components than the full server installation, which means that there are fewer components to update and less overhead. A Server Core installation also provides the same virtualization features and remote management as a GUI installation of Windows Server 2012 and Windows Server 2012 R2.
MCT USE ONLY. STUDENT USE PROHIBITED
3-54 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
•
Servers that you will use for virtualization should have only the Hyper-V role installed to minimize overhead and the potential attack surface. If you plan to implement a highly available environment, you should also consider installing failover clustering and multipath I/O features.
•
Test and apply updates to Hyper-V hosts. This includes hardware updates (for example, firmware updates), and Microsoft updates. Always test updates before deploying them in a production environment.
•
Implement shared storage and high availability. Shared storage is required for high availability, and you can use SAN or SMB 3.0 file shares for shared storage. A highly available virtualization infrastructure is critical, for which you should implement Hyper-V failover clusters.
•
Monitor performance to optimize and manage server utilization. Server workloads change over time, and you must ensure that the Hyper-V host is not overused.
•
Automate and standardize administration of the Hyper-V host environment. Large organizations might have hundreds of Hyper-V hosts, and the only way to manage them efficiently is to standardize deployment and then automate management tasks. To do so, you can: o
Standardize the Hyper-V configuration. For example, consider using the same path for storing virtual machines, and create virtual switches with the same name on all Hyper-V hosts.
o
Join Hyper-V hosts to the domain unless your security policy states differently. Domain membership makes it possible to centralize the management of policies for identity, security, and auditing. Hyper-V hosts must be domain members if you want to create a Hyper-V failover cluster.
o
Implement remote management. Administering servers locally is not practical, for example, when they are running a Server Core installation or Hyper-V Server, or you do not have physical access to them. You can use remote management to centralize administration and automate procedures.
o
Use Windows PowerShell whenever possible. You can use Windows PowerShell cmdlets and scripts to manage Hyper-V hosts. Windows PowerShell is installed by default, and you can use it to automate and standardize administration.
o
Consider implementing VMM, which provides tools for simplifying administrative tasks to manage a large virtualization environment. For example, a company can use VMM to store templates and to automate virtual machine deployment.
Windows Server 2012 Hyper-V Best Practices (In Easy Checklist Form) http://go.microsoft.com/fwlink/?LinkID=386657 Question: How can you standardize Hyper-V host management?
Planning Virtual Machine Management By now, you should be aware that when working with virtual machines, you can perform complete administration by using Hyper-V Manager and Windows PowerShell. However, when you have more than a few Hyper-V hosts and several virtual machines to manage, you should try to standardize and automate administration as much as possible. This implies that you should use standard configurations, scripting, and enterprise management tools such as VMM, if possible. However, even without standardization, and by using only tools that are part of Windows Server 2012 R2, it is possible to achieve a level of automation.
Virtual Machine Templates
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-55
Virtual machine templates are beneficial when you want to standardize virtual machine configurations and make their deployment as fast as possible. Unfortunately, Hyper-V does not understand the concept of templates. However, you can mimic virtual machine templates by storing virtual hard disks with a generalized installation of an operating system in a library, which can be a shared folder. You can then copy the appropriate virtual disk for each new virtual machine that you create. In test environments, you can even create differencing virtual hard disks and point them to use the same parent disk. By doing so, you will reduce storage space by many gigabytes, but the downside will be inferior performance.
Windows PowerShell
When you create new virtual machines, you should provide them with appropriate virtual hardware, which can be based on the recommendations for the physical servers. Multiple virtual machines run on the same Hyper-V infrastructure, but you should be careful not to oversubscribe processor resources because it can result in poor performance. Some applications, such as Exchange Server or SQL Server, are only supported if the P2V conversion processor ratio is 1:2 or lower. To avoid creating virtual machines with the same configuration manually, and if VMM is not an option, you should use Windows PowerShell for virtual machine creation and for other administrative tasks.
Operating System
If possible, use the latest Windows Server operating system when building virtual machines because it provides new and improved features such as Generation ID for detecting when a checkpoint was applied. Newer Windows operating systems (Windows Server 2008 R2 and newer versions, and Windows 7 and newer versions) also include Integration Services, and virtual machines should always run the latest version of integration services.
Monitoring
It is important that your virtualization infrastructure is not overused and that virtual machines have enough available resources. In smaller environments, you should implement monitoring by using Performance Monitor. In enterprise environments, you should also use Operations Manager. Remember that if you are using both products, Operations Manager can integrate with VMM, and System Center components must be implemented in your environment. Question: How can you use Hyper-V Manager to create a virtual machine with four processors, two virtual hard disks, and two network adapters?
Designing Virtual Machines for a Domain Controller When planning virtual machines for a domain controller, you should follow the same recommendations as for other virtual machines. However, several recommendations and best practices are specific to virtualized domain controllers. The following list includes some of these best practices:
MCT USE ONLY. STUDENT USE PROHIBITED
3-56 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
•
Avoid a single point of failure. You should always have at least two domain controllers for a domain, and when virtualized, they should be running on different physical servers.
•
A Hyper-V host should be just as secure as a domain controller. A Hyper-V administrator has full permissions in a virtualization infrastructure and could potentially perform an elevation-of-privilege attack. Such an attack could compromise all virtual machines, domains, and forests that Hyper-V is hosting: o
If a Hyper-V host is a domain member in a domain for which it hosts virtual domain controllers, then domain administrators have administrative permissions on the Hyper-V host.
o
Consider applying different Group Policy Objects to your Hyper-V hosts and to your domain controllers to secure them both.
•
The virtual hard disk of a virtualized domain controller is equivalent to the physical hard drive of a physical domain controller. It stores important identity data, and you should protect it just as you protect the disks of physical domain controllers.
•
Avoid using differencing virtual hard disks for a domain controller. They have more overhead than other disk types, and they provide slower performance.
•
Avoid using checkpoints for domain controllers. If a domain controller is running an operating system prior to Windows Server 2012, you should not use checkpoints at all, because they can cause an update sequence number (USN) rollback. Domain controllers that run Windows Server 2012 or newer detect that a checkpoint was applied by monitoring the Generation ID and resolve the USN rollback situation.
•
Disable time synchronization of a virtual domain controller with a Hyper-V host. Windows Time Service has its own algorithm for time synchronization within a domain. You should only disable the time synchronization service, but still use other Integration Services.
•
Store AD DS files on a different virtual hard disk than the operating system, and connect that virtual hard disk to the virtual SCSI controller. Virtual hard disks that are attached to a virtual SCSI controller provide better performance than virtual hard disks that are attached to a virtual IDE controller. They also support additional functions such as forced unit access. Forced unit access ensures that the operating system writes and reads data directly from the disk and bypasses all caching mechanisms.
•
Windows Server 2012 includes virtualization-safe capabilities and enables faster deployment of virtual domain controllers by using cloning. Running Domain Controllers in Hyper-V http://go.microsoft.com/fwlink/?LinkID=386696
Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100) http://go.microsoft.com/fwlink/?LinkID=386693
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-57
Active Directory Virtualization Safeguards and Domain Controller Cloning with Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=386679 Question: How can you disable virtual domain controller time synchronization in a Hyper-V virtual machine?
Designing Virtual Machines for SQL Server Virtual machines for SQL Server should follow similar best practices as virtual machines for any other server load. For example, you should always install the latest version of Integration Services because it improves I/O throughput and decreases CPU usage of virtual machines. You should also avoid using emulated devices because they can cause significant CPU overhead. When configuring a virtual machine for SQL Server, you should also consider the following recommendations: •
SQL Server should have sufficient resources. Memory and processors are the most critical resources. Allocate SQL Server enough memory so that it can handle the expected loads. Do not overcommit processors. Minimize background activities and services, and do not install any additional applications on the SQL Server virtual machine.
•
Hyper-V on Windows Server 2012 provides considerably better scalability than older versions, and SQL Server can better take advantage of that scalability.
•
Use fixed-size virtual hard disks or directly attached disks for SQL Server. Do not use dynamically expanding or differencing virtual hard disks.
•
Do not use checkpoints on a SQL Server virtual machine. Checkpoints can cause significant issues, including slower performance and data loss.
•
Ensure high availability for SQL Server. You can use different features to ensure high availability for SQL Server, such as Hyper-V failover clustering, guest clustering, and AlwaysOn Availability Groups.
•
Attach the SQL Server virtual hard disks to the Virtual SCSI controller for more flexibility.
•
If you use virtual Fibre Channel, use Multipath I/O (MPIO) inside the virtual machine to ensure resilient connections from the virtual machine to storage.
•
Monitor performance of the Hyper-V host on which the SQL Server virtual machine is running, in addition to the performance of the virtual machine.
•
Consider using SQL optimization for better performance. The database administrator will most likely perform this tuning, which includes the following: o
Configure SQL Server to use large page allocations (/T834 startup flag) to reduce memory overhead.
MCT USE ONLY. STUDENT USE PROHIBITED
3-58 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
o
Set Max Worker Threads to the number of maximum concurrent user connections.
o
Consider dynamic memory to reduce I/O overhead.
o
Grant user rights for Lock pages in memory to the SQL Server service account. This helps when dynamic memory is trying to reduce the virtual machine memory because it will prevent Windows Server from paging out a large amount of buffer pool memory.
o
Set the SQL Server processor affinity mask to isolate system resources for the SQL Server instance from other SQL Server instances, or other applications that are running on the same virtual machine.
o
Set a fixed amount of memory for the SQL Server process to use. About three percent of the total available memory is used for the system, and another one percent is used for memory management structures. Use the following equation to calculate the total memory to be used by SQL Server: Memory – (1%memory * (NUMA_nodes)) – 3%memory – 1GB
SQL Server 2012 supports cloning by using the System Preparation Tool (Sysprep). You can use Sysprep to install SQL Server on a virtual machine, generalize the operating system, and use it as a template when creating new virtual machines. By using this approach, you can create a new virtual machine that has SQL Server installed, which is considerably faster than if you installed it again. Best Practices for Virtualizing and Managing SQL Server http://go.microsoft.com/fwlink/?LinkID=386683 Install SQL Server 2012 Using SysPrep http://go.microsoft.com/fwlink/?LinkID=386684 Question: Can you only use virtual hard disks attached to a virtual SCSI controller for a SQL Server virtual machine?
Designing Virtual Machines for Exchange Server When designing virtual machines, you should be aware that with Exchange Server 2013, all of the Exchange Server roles, including the Unified Messaging server role, are supported in the virtual environment. This enables you to virtualize the entire Exchange Server infrastructure. When virtualizing Exchange Servers, you should consider the following guidelines: •
The Hyper-V host should not have any other role and should not run any other application, such as SQL Server, AD DS, or Exchange Server. You should install only management software, such as antivirus software, backup agents, or virtual machine management software on the Hyper-V host.
•
Hyper-V in Windows Server 2012 R2 does not enforce a limit on the virtual processor-to-logical processor ratio. You can have as many virtual processors used by virtual machines as the physical hardware allows. Exchange supports a physical-to-logical processor ratio no greater than 2:1,
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-59
although the recommended ratio is 1:1. For example, a dual processor system that uses quad core processors contains 8 logical processors in the host system. On a system with this configuration, do not allocate more than 16 virtual processors to all the guest virtual machines. Oversubscribing the processor on the Hyper-V host decreases performance, depending on how much CPU is oversubscribed. •
Exchange 2013 is not NUMA-aware, but it can benefit from NUMA in the same way as any other application that is not NUMA-aware, by taking advantage of the Windows scheduler algorithms that keep threads isolated to particular NUMA nodes.
•
Dynamic memory is not supported for virtual machines that run any of the Exchange Server 2013 roles. Exchange Server 2013 uses in-memory data caching to provide better performance and faster I/O operations. For this, Exchange Server 2013 needs sufficient memory at all times and full control over the memory. If Exchange Server 2013 does not have full control of the memory that is allocated to the virtual machine, system performance is considerably lower. Because of this, dynamic memory is not supported for Exchange Server 2013.
•
Differencing and dynamically expanding virtual hard disks are not supported in Exchange Server 2013 virtual machines. Thin provisioned dynamically expanding disks can overcommit the available storage, and as they are growing, the underlying storage could run out of space if not monitored closely. When you create fixed-size virtual hard disks, they are allocated their full size on the physical storage, which ensures that storage will not later run out of space.
•
Virtual machine checkpoints are not supported. When you create a checkpoint, Hyper-V creates a new differencing virtual hard disk for the virtual machine. Changes are written only on the differencing virtual hard disk, and data is read from both disks, which increases overhead and reduces performance. You can also use checkpoints to revert a virtual machine back to any of the previous states. Exchange Server 2013 is not checkpoint-aware, and applying checkpoints can have unintended consequences for applications such as Exchange Server, which maintains state data.
•
Exchange Server virtual machines, including Exchange Mailbox virtual machines that are part of database availability group (DAG), might be protected by Hyper-V failover clustering and migration technology. When failover happens, it must result in a system restart when the virtual machine is started on a different node.
•
Hyper-V Replica is not supported for Exchange Server. Replica makes sense for applications that do not include disaster recovery capability. You should use DAG with Exchange Server 2013. Exchange 2013 Virtualization http://go.microsoft.com/fwlink/?LinkID=386695 Best Practices for Virtualizing and Managing Exchange 2013 http://go.microsoft.com/fwlink/?LinkID=386682 Exchange 2013 Server Role Requirements Calculator http://go.microsoft.com/fwlink/?LinkID=386677 Question: How many virtual processors at most can you assign to Exchange Server virtual machines that are running on a test Hyper-V host with two double-core CPUs?
Lab B: Creating and Managing Checkpoints and Monitoring Hyper-V Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
3-60 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
A. Datum is continuing with its pilot virtualization project. You have deployed the virtualization hosts by installing Windows Server 2012 R2 Hyper-V in one of the subsidiaries. The next step is to deploy virtual machines on these hosts.
Because the virtualization platform is new to A. Datum, you need to spend some time becoming familiar with Hyper-V features and components, including checkpoints. As the pilot project continues, you will need to be able to monitor server performance to ensure that virtual machines are configured properly. For now, you will familiarize yourself with the monitoring tools that are available in Windows Server 2012 R2 and Hyper-V.
Objectives After completing this lab, you will be able to: •
Import virtual machines and work with checkpoints.
•
Monitor Hyper-V.
Lab Setup Estimated Time: 60 minutes Virtual machines: 20409B-LON-HOSTx, 20409B-LON-CLx, 20409B-LON-DC1 User name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps: 1.
Sign in to LON-HOSTx as Adatum\Administrator with the password of Pa$$w0rd.
2.
On LON-HOST1, start Hyper-V Manager.
3.
In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.
4.
In the Actions pane, click Connect. Wait until the virtual machine starts.
5.
Sign in by using the following credentials:
6.
o
User name: Adatum\Administrator
o
Password: Pa$$w0rd
Repeat steps 3 through 5 for 20409B-LON-CLx. The letter x is 1 for the first student in the team, and 2 for the second student in the team.
Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines. However, you can shut down all virtual machines after finishing this lab. You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.
Exercise 1: Importing Virtual Machines and Working with Checkpoints Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-61
Your colleague has heard about the enhanced session mode when connecting to a virtual machine, but he has never seen it. You want to demonstrate to your colleague how to configure it, use it, and show the benefits of the enhanced session mode. You are aware that you should avoid using checkpoints in the production environment, but you want to test them for use in training and explore how to implement checkpoints at the file level. You would also like to see how a virtual machine can detect whether a checkpoint was applied. The main tasks for this exercise are as follows: 1.
Import a virtual machine.
2.
Use enhanced session mode.
3.
Create checkpoints.
4.
Manage checkpoints.
5.
Explore Generation ID.
Task 1: Import a virtual machine 1.
On LON-HOSTx, use Hyper-V Manager to import a virtual machine by using the following data: o
Virtual Machine in Folder: C:\VirtualMachines\LON-EXPORT\
o
Number of virtual processors: 1
o
Connect to Network: External Network
2.
You will get an error message because the parent virtual hard disk was not found.
3.
In Hyper-V Manager, use the Edit Disk feature to link the C:\VirtualMachines\LON-EXPORT \Virtual Hard Disks\LON-EXPORT.vhd virtual hard disk to the parent disk E:\Program Files \Microsoft Learning\Base\Base14A-WS12R2.vhd. Note that this path might differ on your host machine.
4.
Use Hyper-V Manager to import the LON-EXPORT virtual machine again from C:\VirtualMachines\LON-EXPORT\.
5.
Use Hyper-V Manager to confirm that LON-EXPORT is imported, that it is configured with a single virtual processor, and that it is connected to a virtual switch named External Network.
Task 2: Use enhanced session mode 1.
On LON-HOSTx, copy a few line of text from the C:\Windows\Win.ini file.
2.
On LON-CLx, confirm that the Paste option in Notepad is disabled.
3.
In Virtual Machine Connection to LON-CLx, from the Clipboard menu, click Type clipboard text. Confirm that the text that you copied from the Win.ini file displays. Close the LON-CLx window.
4.
On LON-HOSTx, use Hyper-V Manager to configure Allow enhanced session mode.
5.
Use Hyper-V Manager to connect to LON-CLx. Configure the option to redirect the local drives.
6.
Confirm that you are not signed in automatically to LON-CLx, and then sign in as ADATUM\administrator, with Pa$$w0rd as the password.
7.
In Notepad, paste the copied text from Win.ini.
8.
On LON-HOSTx, use File Explorer to copy the C:\Windows\Write.exe file.
9.
On LON-CLx, paste Write.exe to the desktop.
10. On LON-CLx, use File Explorer to confirm that drives from LON-HOSTx are mapped to the virtual machine. 11. On LON-CLx, confirm that Remote Desktop is disabled. 12. Turn Off 20409B-LON-CLx. 13. On LON-HOSTx, start the LON-CLx virtual machine, and then connect to it. 14. Confirm that after LON-CLx is started and the sign-in screen displays, the Connect to LON-CLx window opens. Note: Because Integration Services are not available during system start, enhanced session mode is available only after the operating system is fully started. 15. On LON-HOSTx, use Hyper-V Manager to disable enhanced session mode.
Task 3: Create checkpoints 1.
On LON-HOSTx, confirm that LON-VM1 is using the Differencing.vhd virtual hard disk.
2.
Create a checkpoint for LON-VM1.
3.
Start LON-VM1.
4.
Confirm that LON-VM1 is now using a virtual hard disk with a GUID in its name.
5.
Complete the setup by clicking Next, and then clicking I accept.
6.
On the Settings page, provide the password of Pa$$w0rd.
7.
Sign in as Administrator by using the password Pa$$w0rd.
8.
On LON-VM1, on the desktop, create a folder named Folder1.
9.
Create a checkpoint for LON-VM1, and name it Folder1.
10. On LON-VM1, on the desktop, create a folder named Folder2. 11. Create a checkpoint for LON-VM1, and name it Folder2. 12. On LON-VM1, on the desktop, create a folder named Folder3. 13. On LON-HOSTx, use the Windows PowerShell cmdlet Checkpoint-VM to create checkpoint for LON-VM1, and then name it Folder3. 14. Use the cmdlet Get-VMSnapshot to view existing checkpoints for LON-VM1. 15. Use Hyper-V Manager to confirm that LON-VM1 has four checkpoints. 16. Apply the Folder1 checkpoint. 17. Confirm that on the LON-VM1 desktop, there is only one folder named Folder1. 18. On LON-VM1, on the desktop, create a folder named Folder1.1. 19. Use Hyper-V Manager to create a checkpoint for LON-VM1, and then rename it Folder1.1.
MCT USE ONLY. STUDENT USE PROHIBITED
3-62 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
20. On LON-HOSTx, use File Explorer to browse to C:\Shares\Snapshots, and then confirm that there are five .xml files and five subfolders.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-63
21. Confirm that Size of the oldest folder in the details pane is 0, as the first checkpoint that you created was when LON-VM1 was turned off. 22. Confirm that each of other folders has larger sizes, as the other checkpoints were created while LON-VM1 was running.
Task 4: Manage checkpoints 1.
On LON-HOSTx, use the Windows PowerShell cmdlet Get-VMSnapshot to view checkpoints for LON-VM1, and then view how they relate to each other.
2.
Use the Windows PowerShell cmdlet Export-VMSnapshot to export the Folder2 checkpoint of LON-VM1 to the C:\Exported folder.
3.
On LON-HOSTx, use File Explorer to confirm that in C:\Exported\LON-VM1 there is no Snapshots subfolder. Double-click the Virtual Hard Disks folder, and then confirm that it contains multiple virtual hard disks, the Differencing.vhd virtual hard disk, and all of its parent disks.
4.
Rename folder LON-VM1 to Folder2.
5.
Use the Windows PowerShell cmdlet Export-VM to export LON-VM1 to the C:\Exported folder.
6.
Use File Explorer to confirm that there is a Snapshots subfolder in C:\Exported\LON-VM1.
7.
Double-click the Virtual Hard Disks folder, and then confirm that it contains the Differencing.vhd virtual hard disk, its parent disk, and all of the differencing virtual hard disks that the checkpoints created.
8.
Use the Windows PowerShell cmdlet Restore-VMSnapshot to apply the Folder3 checkpoint to LON-VM1.
9.
On LON-VM1, confirm that on the desktop, there are three folders named Folder1, Folder2, and Folder3.
10. Use Hyper-V Manager to confirm that you cannot modify Folder2 checkpoint settings, except for the Name and Description. 11. Use Hyper-V Manager to delete the Folder1 checkpoint and its subtree.
12. Use Hyper-V Manager to confirm that all checkpoints for LON-VM1 except the first checkpoint are deleted instantly. 13. On LON-HOSTx, use File Explorer to confirm that there is single .xml file, and one subfolder in the C:\Shares\Snapshots folder.
Task 5: Explore Generation ID 1.
On LON-HOSTx, on LON-VM1, use Device Manager to confirm that the Microsoft Hyper-V Generation Counter system device is present. This is how virtual machine presents Generation ID to the operating system.
2.
Turn off LON-VM1.
Results: After completing this exercise, you should have imported virtual machines and worked with checkpoints.
Exercise 2: Monitoring Hyper-V Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
3-64 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
One of your colleagues is sure that you can monitor Hyper-V host utilization by using Task Manager. You want to show your colleague that this is incorrect. You also want to demonstrate the proper way to monitor the Hyper-V host and virtual machines and how to retrieve chargeback information for the running virtual machines. The main tasks for this exercise are as follows: 1.
Use Task Manager.
2.
Use Performance Monitor to monitor Hyper-V performance.
3.
Use Resource Metering.
Task 1: Use Task Manager 1.
On LON-HOSTx, open Task Manager, and then click the Performance tab.
2.
On LON-CLx, sign in as Adatum\Administrator with the password Pa$$w0rd. Open Task Manager, and then click the Performance tab.
3.
On LON-CLx, use Windows PowerShell to run the C:\LabFiles\Mod03\Cpustres.exe command.
4.
In CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread Priority to Highest, and set Activity to Busy.
5.
Confirm that the LON-CLx Task Manager shows high utilization, while the LON-HOSTx Task Manager shows low utilization.
Note: As each Task Manager is reporting utilization of its own virtual environment, the utilization shown is very different. 6.
In CPU Stress, in the Thread 1 section, set Thread Priority to Idle, and set Activity to Low.
7.
On LON-HOSTx, in Task Manager, click Open Resource Monitor. The Resource Monitor opens.
8.
On LON-CLx, run the Windows PowerShell command C:\LabFiles\Mod03\sqlio.exe.
9.
Confirm that on LON-CLx, Task Manager reports almost 100 percent Disk 0 utilization. Resource Monitor on LON-HOSTx reports only a slight increase in disk activity.
Task 2: Use Performance Monitor to monitor Hyper-V performance 1.
On LON-HOSTx, start Performance Monitor, and then add the following counters: o
Hyper-V Hypervisor Virtual Processor\% Guest Run Time for the 20409B-LON-CLx instance
o
Hyper-V Virtual Storage Device\Read Operations/sec for the instance that refers to 20409B-LON-CLx
o
LogicalDisk\Disk Reads/sec for the C: instance
2.
Set Scale Selected Counters for Disk Reads/sec and Read Operations/Sec.
3.
On LON-CLx, run the Windows PowerShell command C:\LabFiles\Mod03\sqlio.exe.
4.
On LON-HOSTx, use Performance Monitor to follow how disk access increases in the virtual machine and on the Hyper-V host while sqlio.exe is running on the virtual machine.
5.
On LON-CLx, in CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread Priority to Highest and Activity to Busy.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
3-65
6.
On LON-HOSTx, use Performance Monitor to follow how processor utilization on the virtual machine and on Hyper-V increases.
7.
On LON-HOSTx, use Hyper-V Manager to view CPU Usage for the LON-CLx virtual machine.
8.
Set Virtual machine limit (percentage) for 20409B-LON-CLx to 10.
9.
Use Hyper-V Manager to confirm that CPU Usage for the LON-CLx virtual machine is considerably lower.
10. On LON-CLx, close both CPU Stress and Task Manager. 11. On LON-HOSTx, close Performance Monitor, Resource Monitor, and Task Manager. 12. In Hyper-V Manager, set Virtual machine limit (percentage) for LON-CLx to 100.
Task 3: Use Resource Metering 1.
On LON-HOSTx, use the Windows PowerShell cmdlet Get-VM to view whether resource metering is enabled for 20409B-LON-CLx.
2.
Use the Windows PowerShell cmdlet Enable-VMResourceMetering to enable resource metering for 20409B-LON-CLx.
3.
Use the Windows PowerShell cmdlet Measure-VM to view resource metering data for 20409B-LON-CLx.
4.
On LON-CLx, run the Windows PowerShell command C:\LabFiles\Mod03\Cpustres.exe.
5.
In CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread Priority to Highest, and then set Activity to Busy.
6.
Run the Windows PowerShell command C:\LabFiles\Mod03\TestLimit64.exe –d 400 –c 5.
7.
On LON-HOSTx, use the Windows PowerShell cmdlet Measure-VM to view resource metering data for 20409B-LON-CLx. Compare the data with previous results, and then notice the increase in use of AvgRAM(M) and AvgCPU(MHz).
8.
On LON-CLx, close CPU Stress.
9.
On LON-HOSTx, use the Windows PowerShell cmdlet Disable-VMResourceMetering to disable resource metering for LON-CLx.
Results: After completing this exercise, you should have monitored Hyper-V.
Module Review and Takeaways Review Questions Question: Are synthetic devices available in all operating systems that you install on a virtual machine? Question: Can you use shared virtual hard disks with two virtual machines that have Windows 8.1 installed? Question: Can you use virtual machine settings to discover whether it is Generation 1 or Generation 2? Question: Can you use enhanced session mode to connect to a Windows Server 2012 R2 virtual machine that is running on Windows Server 2012 Hyper-V host? Question: Which monitoring tool can you use to monitor multiple servers simultaneously and to provide you with alerts when the performance of servers is different than normal?
MCT USE ONLY. STUDENT USE PROHIBITED
3-66 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
MCT USE ONLY. STUDENT USE PROHIBITED 4-1
Module 4 Creating and Configuring Virtual Machine Networks Contents: Module Overview
4-1
Lesson 1: Creating and Using Hyper-V Virtual Switches
4-2
Lab A: Creating and Using Hyper-V Virtual Switches
4-9
Lesson 2: Advanced Hyper-V Networking Features
4-13
Lab B: Creating and Using Advanced Virtual Switch Features
4-23
Lesson 3: Configuring and Using Hyper-V Network Virtualization
4-26
Lab C: Configuring and Testing Hyper-V Network Virtualization
4-34
Module Review and Takeaways
4-38
Module Overview
Virtual machines are isolated, even when they are running on the same Hyper-V host and are communicating only over the network. Hyper-V in Windows Server 2012 and Windows Server 2012 R2 includes an entirely redesigned and extensible virtual switch, which enables basic network packet forwarding and more advanced features such as support for network virtualization. You can connect a virtual switch to different networks, and based on this connection, you can create a private, internal, or external virtual switch. If supported by server hardware, you can also use features such as single root I/O virtualization (SR-IOV) and Dynamic Virtual Machine Queue, which enable higher network throughput and lower CPU utilization.
On the Hyper-V host, the host operating system (for example Windows Server 2012 R2) is also running in the virtual machine (parent partition), which means that its traffic can be controlled by a virtual switch. One of the new features of the Hyper-V virtual switch is support for network virtualization, which you can use to create multiple isolated tenant networks on the same physical network. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.
Objectives After completing this module, you will be able to: •
Create and use Hyper-V virtual switches.
•
Describe advanced Hyper-V networking features.
•
Configure and use Hyper-V network virtualization.
Lesson 1
Creating and Using Hyper-V Virtual Switches
MCT USE ONLY. STUDENT USE PROHIBITED
4-2 Creating and Configuring Virtual Machine Networks
Virtual machines are rarely disconnected from a network. Most users typically will want virtual machines to communicate with other computers. To provide virtual machines with network connectivity, you must first connect them to a virtual switch. The virtual switch in Windows Server 2012 and Windows Server 2012 R2 is fully extensible, and provides advanced features such as port access control lists (ACLs), network traffic monitoring, packet inspection, and network virtualization. The virtual switch also enables basic features such creating different virtual switch types, and using virtual local area network (VLAN) tagging. In this module, you will learn about basic Hyper-V virtual switch management, the different types of virtual switches, and how to configure virtual switches by using Virtual Switch Manager and Windows PowerShell.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the Hyper-V virtual switch.
•
Describe the different types of virtual switches.
•
Describe VLAN tagging.
•
Use Virtual Switch Manager.
•
Explain the use of dynamic switch ports.
•
Configure and use VLANs.
Overview of the Hyper-V Virtual Switch When you have multiple physical computers that you want to connect inside the same network segment, you typically connect them by using network switches. Switches operate at Layer 2 (data-link layer) of the Open Systems Interconnection (OSI) model. Switches act as network hubs, except with an intelligent layer added to them. Network switches can inspect data packets, determine the source and destination of each data packet, and then forward the data packets appropriately. By delivering packets only to the intended connected device, network switches conserve network bandwidth and offer better performance than network hubs.
The Hyper-V virtual switch offers similar functionalities as hardware network switches. The Hyper-V virtual switch is a software-implemented Layer 2 network switch that is available as part of the Hyper-V role. You can use the Hyper-V virtual switch to connect virtual machines to virtual networks and physical networks. On the Hyper-V host, the host operating system, for example Windows Server 2012 R2, is also running in the virtual machine (parent partition). This means that the Hyper-V virtual switch can be used when the parent partition connects to the network. Prior to Windows Server 2012, Hyper-V included a simple network switch that was not extensible and provided only basic networking features. The Hyper-V Virtual Switch in Windows Server 2012 and Windows Server 2012 R2 is fully extensible. It provides advanced features such as policy enforcement,
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-3
tenant isolation, traffic shaping, and protection against malicious virtual machines. You can also extend it with non-Microsoft extensions.
The Hyper-V virtual switch provides ways to extend the virtual switch without replacing the entire switch; for example, to add monitoring, filtering, or forwarding functionality. You implement extensions by using network device interface specification (NDIS) filter drivers and Windows Filtering Platform (WFP) callout drivers. NDIS and WPF are two public platforms for extending the Windows networking functionality. If you extend the virtual switch, the virtual switch extensions are listed in the Virtual Switch Manager feature of Hyper-V Manager. You can manage Hyper-V virtual switches by using the Virtual Switch Manager, or by using Windows PowerShell cmdlets. For example, the following cmdlet lists all of the Hyper-V virtual switches on a Hyper-V host: Get-VMSwitch
VMNetworkAdapter is the primary noun that you can use to manage various security features, Quality of Service (QoS), port mirroring, and other features. You can get more information on these features by running the following cmdlet: Get-Help Set-VMNetworkAdapter
The host operating system on Hyper-V host is also running inside a virtual machine (parent partition), which means that you can add and manage virtual network adapters to it in a similar manner as to other virtual machines. Each virtual network adapter can be connected to a separate Hyper-V virtual switch, or to the same Hyper-V virtual switch as other adapters. You can create multiple parent virtual network adapters that you then use for different purposes such as live migration, accessing the storage area network (SAN), and parent operating system management. You can also limit bandwidth for each virtual network adapter by assigning the QoS policy to the adapter. If you want to create a virtual network adapter in the parent partition, run the following Windows PowerShell cmdlets: Add-VMNetworkAdapter –ManagementOS –Name Management Add-VMNetworkAdapter –ManagementOS –Name Storage Add-VMNetworkAdapter –ManagementOS –Name “Live Migration”
Question: Do you need to create a virtual switch on a Hyper-V host?
Types of Virtual Switches Hyper-V Manager includes the Virtual Switch Manager, which you can use to create and manage virtual switches. If you want virtual machines to be able to communicate on a network, you must first create at least one virtual switch, and then connect virtual machine network adapter(s) to the virtual switch. The parent partition is an exception to the rule. It can communicate on the network even if a network switch is not created. Note: The parent partition is a virtual machine in which you can manage and monitor Hyper-V, and in which device drivers for accessing Hyper-V physical hardware are installed.
MCT USE ONLY. STUDENT USE PROHIBITED
4-4 Creating and Configuring Virtual Machine Networks
You can connect only one virtual switch to a specific physical network adapter, wireless adapter, or network interface card (NIC) team. Once you connect a Hyper-V virtual switch to a network adapter, all other protocols are automatically unbound from that network adapter and reassigned to the virtual network adapter.
Hyper-V supports three types of virtual switches: external, internal, and private. There is no limit on how many virtual switches you can create on a Hyper-V host, or how many virtual machines you can connect to a virtual switch. However, you cannot have more external virtual switches than the number of network adapters on the Hyper-V host. Virtual switches can connect to three types of networks: •
Private network. A virtual switch that you connect to a private network provides connectivity only between virtual machines on the same Hyper-V host, and that connect to the same virtual switch. Virtual machines cannot communicate with virtual machines that are connected on a different virtual switch, Hyper-V host, or external physical network. You can use a private switch if you need to isolate virtual machines for security reasons, or if you are using them for testing and you do not want them to access the company network inadvertently. When you create a private switch, there is no new network connection added in the parent partition.
•
Internal network. A virtual switch that you connect to an internal network provides connectivity between virtual machines on the same Hyper-V host, and with the Hyper-V host itself. Virtual machines that connect to an internal switch cannot communicate with any physical network, unless the Hyper-V host provides network address translation (NAT) functionality. You use an internal virtual switch when virtual machines must have network connectivity to a Hyper-V host, but not to external resources. When you create an internal virtual switch, an additional virtual network connection is added in the parent partition, and it is connected to the virtual switch.
•
External network. A virtual switch is connected to a physical network adapter, wireless adapter, or NIC team on the Hyper-V host, and it enables virtual machine connectivity to a physical network. You use an external switch to provide virtual machines with access to external resources, or to the Internet. When you create a new external virtual switch, Hyper-V creates a virtual network adapter in the parent partition, unless you clear the option to Allow management operating system to share this network adapter.
Note: If you create an external virtual switch and clear the Allow management operating system to share this network adapter option, the physical network adapter will be available only to virtual machines, and will not be accessible by the Hyper-V host. This is recommended, because you should separate the production network from the network used to manage Hyper-V host.
After you create a virtual switch, you can view and manage virtual switch extensions. By default, Hyper-V includes two virtual switch extensions: Microsoft NDIS Capture, and Microsoft Windows Filtering Platform. The Microsoft NDIS Capture extension enables the capture of network packets traversing the virtual switch, which is the same functionality as is included in the Microsoft Network Monitor packet capturing utility. The Microsoft NDIS Capture extension is not enabled by default. The Microsoft Windows Filtering Platform processes network traffic as it traverses the virtual switch, and it is enabled by default for each virtual switch that you create in Hyper-V.
You can create virtual switches by using the New Virtual Switch Wizard, which is part of Hyper-V Manager. Alternatively, you also can use the new Windows PowerShell cmdlet New-VMSwitch. The cmdlet syntax is determined by the type of virtual switch that you want to create.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-5
The external virtual switch type is associated with a physical network adapter that is present in the Hyper-V host. When you create an external virtual switch, the Hyper-V Extensible Virtual Switch protocol is bound to a physical adapter. All other bindings are moved to the virtual adapter that is created, and display in the Network Connections interface. When you create an internal virtual switch, an additional virtual adapter is created, which allows the host to connect to the virtual machines. If you create a private virtual switch, no virtual adapter is created on the host. Question: Can a virtual machine access the Internet if it is connected to an internal virtual switch? Question: What will happen in the parent partition when you create a new internal virtual switch? Will it be the same as when you create a new private virtual switch?
Demonstration: Using Virtual Switch Manager
In this demonstration, you will see how to use Virtual Switch Manager for configuring virtual switches. You will also see how to connect virtual machines to virtual switches, and how virtual machines do not have connectivity when they are connected to different virtual switches.
Demonstration Steps 1.
On LON-HOST1, in Hyper-V Manager, confirm that there is one virtual switch present named External Network.
2.
On LON-HOST1, in Hyper-V Manager, create a private virtual switch named Private Switch.
3.
On LON-HOST1, connect the 20409B-LON-PROD1 and 20409B-LON-TEST1 virtual machines to the Private Switch virtual switch.
4.
On LON-PROD1, attempt to ping IP address 10.0.0.16.
5.
Confirm that four replies are received, and that LON-TEST1 has an IP address of 10.0.0.16.
6.
On LON-HOSTx, connect the 20409B-LON-PROD1 virtual machine to the External Network virtual switch.
7.
On LON-PROD1, try to ping IP address 10.0.0.16, and confirm that it does not have connectivity with LON-TEST1.
8.
On LON-PRODx, in Windows PowerShell, use the cmdlet Set-NetIPInterface to enable dynamic TCP/IP configuration for Ethernet network connection.
9.
In Windows PowerShell, use ipconfig to confirm that LON-PRODx obtained the IP address from the Dynamic Host Configuration Protocol (DHCP) server that is running on LON-DC.
What Is VLAN Tagging? When you want to isolate and partition logical networks that are using the same networking infrastructure, you can use VLAN tagging to separate the networks. By using VLAN tagging, you can create multiple distinct broadcast domains that are mutually isolated, and networking traffic can only pass between them if a router is used.
MCT USE ONLY. STUDENT USE PROHIBITED
4-6 Creating and Configuring Virtual Machine Networks
VLANs are the method that most organizations use currently to provide address space reuse and tenant isolation. VLAN uses explicit tagging in the Ethernet frames, and it relies on the switches to enforce isolation and restrict traffic to network adapters that are configured with the same tag. You can specify VLAN tags for the virtual machine network adapter, and for the internal and external virtual switches. If you specify the VLAN tag for the internal and external virtual switches, the VLAN tag is applied to the virtual network adapter in the parent partition. Note: The word virtual in the VLAN definition has nothing to do with server virtualization, although server virtualization supports it. VLANs have been in use for more than thirty years.
VLAN cannot span multiple logical subnets. This limits the number of computers within a single VLAN, and restricts the placement of virtual machines based on physical location. Even though VLANs can be stretched across physical sites, the stretched VLAN must be all on the same subnet. A VLAN ID is 12 bits long, which limits the value of VLAN IDs to 4,094. When you need to move a virtual machine that is configured with a VLAN ID, you must ensure that you have reconfigured the underlying networking infrastructure properly.
To enable VLAN Identification (VLAN ID) for management operating systems, you must enable the VLAN ID for an external or internal virtual switch, and specify an ID. You can specify the VLAN ID in Hyper-V Manager, on the Virtual Switch Manager page, under Switch Properties. Note: The VLAN ID that you configure for the virtual switch specifies the VLAN that the management operating system is using for all network communications through this network adapter. This setting does not affect virtual machine networking. To enable VLAN ID for a virtual machine, open Virtual Machine Settings, select the virtual network adapter, select the Enable virtual LAN identification check box and then specify an ID that you want the virtual machine connection to use. A virtual machine may have multiple network adapters, and the adapters may use either the same or different VLAN IDs. You must perform this configuration on each network adapter.
Hyper-V on Windows Server 2012 and Hyper-V on Windows Server 2012 R2 supports enhanced functionality and simple VLAN tagging, which includes private VLAN and trunk mode to a virtual machine. Question: Why can you create only a maximum of 4,094 VLAN networks?
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Demonstration: Configuring and Using VLANs In this demonstration, you will see how to configure and use VLANs on the Hyper-V virtualization platform.
Demonstration Steps
4-7
1.
On LON-HOSTx, connect the 20409B-LON-TESTx virtual machine to the External virtual switch.
2.
On LON-PROD1, try to ping IP address 10.0.0.16 and verify that four replies are received. This confirms that LON-PROD1 and LON-TEST1 have network connectivity.
3.
On LON-HOST1, in Hyper-V Manager, configure the network adapter for the 20409B-LON-PROD1 virtual machine with a virtual LAN identification value of 2.
4.
On LON-PROD1, try to ping IP address 10.0.0.16. Confirm that destination host is now not reachable. This is because LON-PROD1 is connected to different VLAN as LON-TEST1.
5.
On LON-HOST1, in Hyper-V Manager, configure the network adapter for the LON-TEST1 virtual machine with a virtual LAN identification value of 2.
6.
On LON-PROD1, try to ping IP address 10.0.0.16. Confirm that four replies are returned. LON-PROD1 and LON-TEST1 have network connectivity because now they are connected to the same VLAN.
Ethernet Resource Pool The Hyper-V virtual switch is designed to provide multiple data streams to and from virtual machines using the physical network adapters in the Hyper-V host. You create a virtual switch and connect the virtual machine network adapter to the virtual switch to gain network connectivity. The virtual switch type defines the scope of network connectivity available to a virtual machine. For example, access to a company network over a physical Hyper-V network adapter requires an external virtual switch.
The virtual switch type and other configurations such as VLAN settings, bandwidth requirements, and security parameters are not included as part of the virtual machine configuration, but are stored as part of the virtual switch configuration on the Hyper-V host. You can move a virtual machine to a different Hyper-V host by using live migration, or by using the Import Virtual Machine Wizard. When you move the virtual machine, you could encounter a problem if the destination Hyper-V host does not have a virtual switch with the same name, and is not configured identically. When using Ethernet resource pools, virtual machines do not connect to precreated and preconfigured ports in a virtual switch. The virtual machine is configured to connect to one or more virtual switches in a pool of virtual switches. By default, every virtual switch is placed in the default primordial pool automatically until other pools of type Ethernet are created.
MCT USE ONLY. STUDENT USE PROHIBITED
4-8 Creating and Configuring Virtual Machine Networks
You can create resource pools by using the New-VMResourcePool Windows PowerShell cmdlet. You cannot use Hyper-V Manager to create resource pools. However, if resource pools already exist, you can use Hyper-V Manager to configure virtual machines to use a virtual switch from the resource pool. When configured properly, you can move virtual machines between Hyper-V hosts with compatible pool configurations without having to do any reconfiguration. When you configure a virtual machine to connect to an Ethernet resource pool, the Hyper-V management layer configures the connections when a virtual machine is started. Ports of the virtual switches in a pool are reclaimed automatically when they are no longer in use. The virtual machine switch port configuration becomes an integral part of a virtual machine overall configuration, and it is migrated automatically in all mobility scenarios. Note: You can also use resource pools to collect resource pool usage information for chargeback purposes. Question: Is there any default Ethernet resource pool in Hyper-V? Question: Can you configure a virtual network adapter to connect to a virtual switch in the Ethernet resource pool by using Hyper-V Manager?
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Lab A: Creating and Using Hyper-V Virtual Switches Scenario
4-9
A. Datum Corporation has implemented the Hyper-V virtualization platform in one of their subsidiaries. You have created several test virtual machines and familiarized yourself with many of the configuration options. The next step is to implement and test network connectivity for the virtual machines. You have been asked to verify current Hyper-V networking, and explore the differences between various Hyper-V virtual switch types.
Objectives After completing this lab, you will be able to: •
Create and use Hyper-V virtual switches.
Lab Setup Estimated Time: 20 minutes
Virtual machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-PROD1, 20409B-LON-PROD2, 20409B-LON-TEST1, and 20409B-LON-TEST2 User name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps: 1.
Sign in to the LON-HOSTx computer as Adatum\Administrator with the password of Pa$$w0rd.
2.
On LON-HOST1 start Hyper-V Manager.
3.
In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.
4.
In the Actions pane, click Connect. Wait until the virtual machine starts.
5.
Sign in by using the following credentials: o
User name: Adatum\Administrator
o
Password: Pa$$w0rd
6.
Repeat steps 2 and 3 for 20409B-LON-TESTx and 20409B-LON-PRODx. The letter x is 1 for the first student in the team, and 2 for the second student in the team.
7.
For 20409B-LON-TESTx and 20409B-LON-PRODx, sign in as Administrator. For both accounts, use the password Pa$$w0rd.
LON-HOST1 and LON-HOST2 are sometimes referenced as LON-HOSTx, which indicates that each student performs the lab tasks on his or her computer. Note: You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.
Exercise 1: Creating and Using Windows Server 2012 R2 Hyper-V Virtual Switches Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
4-10 Creating and Configuring Virtual Machine Networks
The Hyper-V virtualization platform is now installed, and you need to demonstrate to junior administrators the different networking options that you can configure in Hyper-V. You will first show them the current Hyper-V host networking configuration. After that, you will create new virtual network adapters in a parent partition, and then show them as new network connections. You will also create different types of Hyper-V virtual switches, and explore with junior administrators the connectivity options when using each of them. The main tasks for this exercise are as follows: 1.
Verify current Hyper-V network configuration.
2.
Create virtual network adapters in a parent partition.
3.
Create virtual switches.
4.
Use Hyper-V virtual switches.
Task 1: Verify current Hyper-V network configuration 1.
On LON-HOSTx, in Hyper-V Manager, confirm that External Network is the only virtual switch present.
2.
Confirm that LON-HOSTx has two network connections: Ethernet 2 and vEthernet (External Network).
3.
View the properties of the Ethernet 2 network connection, and confirm that it is using only the Hyper-V Extensible Virtual Switch, and that the check boxes for all other items are not selected.
4.
View the properties of the vEthernet (External Network) network connection, and confirm that it is using most items, but is not using the Hyper-V Extensible Virtual Switch, which is the only item for which the check box is not selected.
Task 2: Create virtual network adapters in a parent partition 1.
On LON-HOSTx, in Windows PowerShell, use the cmdlet Get-VMNetworkAdapter with the All parameter to confirm that one network adapter named External Network, is present on the system.
2.
Use the Windows PowerShell cmdlet Add-VMNetworkAdapter with the ManagementOS parameter to add the following three virtual network adapters to the parent partition:
3.
o
Management
o
Storage
o
Live Migration
Use the Network Connections window to confirm that three network connections have been added to LON-HOSTx, and that they are named: o
vEthernet (Management)
o
vEthernet (Storage)
o
vEthernet (Live Migration)
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-11
4.
View the properties of the vEthernet (Management) network connection, and confirm that the network connection is using most items, including Internet Protocol Version 4 (TCP/IPv4), but it is not using the Hyper-V Extensible Virtual Switch.
5.
In Windows PowerShell, use the cmdlet Get-VMNetworkAdapter with the All parameter to confirm that the network adapters that you added by using Windows PowerShell are present on the system.
Task 3: Create virtual switches 1.
On LON-HOSTx, in Hyper-V Manager, try to create an external virtual switch.
Note: You should get an error, because the physical network adapter is already bound to the external switch. 2.
In Hyper-V Manager, create an internal virtual switch and name it Internal Switch.
3.
Use the Network Connections window to confirm that a network connection is added and that it is named vEthernet (Internal Switch).
4.
View the properties of vEthernet (Internal Switch), and confirm that the network connection is using most items, including Internet Protocol Version 4 (TCP/IPv4), but that it is not using Hyper-V Extensible Virtual Switch.
5.
Use the Windows PowerShell cmdlet Get-VMNetworkAdapter with the All parameter to confirm that there is a network adapter named Internal Switch present on the system.
6.
On LON-HOSTx, in Hyper-V Manager, create a private virtual switch, and name it Private Switch.
7.
Use the Network Connections window to confirm that no network connection was added when you created the private virtual switch.
8.
In Windows PowerShell, use the Get-VMNetworkAdapter cmdlet with the All parameter to confirm that no network connection was added when you created the private virtual switch.
9.
Use Hyper-V Manager to confirm that External Network, Internal Switch and Private Switch have the same two extensions available: Microsoft NDIS Capture, which is not enabled, and Microsoft Windows Filtering Platform, which is enabled.
Task 4: Use Hyper-V virtual switches 1.
On LON-HOSTx, connect both the LON-PRODx and LON-TESTx virtual machines to the Private Switch virtual switch.
2.
Confirm that LON-PRODx has an IPv4 address of 10.0.0.x5 (where x is 1 if you are using LON-HOST1, and x is 2 if you are using LON-HOST2).
3.
Open Windows PowerShell in Administrator mode, and to try to ping IP address 10.0.0.x6.
4.
Confirm that four replies are received Note: LON-TESTx has an IP address of 10.0.0.x6.
5.
On LON-HOSTx, connect the LON-PRODx virtual machine to an Internal Switch.
6.
On LON-PRODx, try to ping the IP address 10.0.0.x6, and confirm that it does not have connectivity with LON-TESTx.
7.
On LON-HOSTx, try to ping IP address 10.0.0.x5.
Note: Confirm that the destination host is unreachable. This is because the virtual network adapter in LON-HOSTx that is connected to the Internal switch does not have IP address from the same subnet as LON-PRODx. 8.
9.
MCT USE ONLY. STUDENT USE PROHIBITED
4-12 Creating and Configuring Virtual Machine Networks
On LON-HOSTx, configure the vEthernet (Internal Switch) network connection with the following settings: o
IP address: 10.0.0.100
o
Subnet mask: 255.255.255.0
On LON-HOSTx, try to ping IP address 10.0.0.x5. Confirm that four replies are returned, which confirms that LON-HOSTx and LON-PRODx now have network connectivity.
10. On LON-HOSTx, connect the LON-PRODx virtual machine to the External Network virtual switch.
11. On LON-PRODx, use the Windows PowerShell cmdlet Set-NetIPInterface to enable dynamic TCP/IP configuration for the Ethernet network connection. To do this, you will need to run Windows PowerShell in Administrator mode. 12. In Windows PowerShell, use ipconfig to confirm that LON-PRODx obtained the IP address from the DHCP server. Write down the LON-PRODx IPv4 address.
13. On LON-HOSTx, try to ping the IP address of LON-PRODx, and confirm that four replies are returned. 14. On LON-DC1, try to ping the IP address of LON-PRODx, and confirm that four replies are returned. Note: Leave the virtual machines running, as you will use them in the next lab.
Results: After completing this exercise, you should have created and used Hyper-V virtual switches.
Lesson 2
Advanced Hyper-V Networking Features
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-13
The Hyper-V virtual switch provides many other features in addition to the basic packed forwarding functionality It supports the following features, if they are supported by the physical network adapters in the Hyper-V host hardware: •
Virtual local area networks (LANs)
•
Private VLANs
•
Port ACLs
•
Network traffic monitoring
•
Basic packet inspection
•
Capabilities such as SR-IOV and Dynamic Virtual Machine Queue
The Hyper-V virtual switch is fully extensible, which means that you can extend or replace existing switch functionalities. You can configure some of the advanced virtual switch functionalities by using a GUI, and at virtual switch levels and at virtual network adapter levels. However, by using Windows PowerShell you can configure many more functionalities.
Lesson Objectives After completing this lesson, you will be able to: •
Explain virtual switch expanded functionality.
•
Explain virtual switch extensibility.
•
Describe SR-IOV.
•
Describe Dynamic Virtual Machine Queue.
•
Describe the network adapter advanced features.
•
Describe the Network Adapter Teaming (NIC Teaming) feature in virtual machines.
•
Configure network adapter advanced features.
Virtual Switch Expanded Functionality The Hyper-V virtual switch is a software-implemented Layer 2 networking switch that provides network connectivity between virtual machines, the Hyper-V host, and physical networks. The Hyper-V virtual switch provides more functionality than simply forwarding data packets between computers that are connected to virtual switch ports. It also provides the following functions: •
Inspect network packets.
•
Limit bandwidth.
•
Allow connectivity only between certain virtual switch ports.
•
Block suspicious network activity.
•
Perform network virtualization.
MCT USE ONLY. STUDENT USE PROHIBITED
4-14 Creating and Configuring Virtual Machine Networks
You can use Hyper-V Manager to configure some of the Hyper-V virtual switch functionality and expanded features, such as configuring virtual machine networking adapter settings. However, you must use Windows PowerShell to configure some of the other features. The Hyper-V virtual switch expanded functionality includes the following features: •
ARP/ Neighbor Discovery Poisoning (spoofing) protection. This feature provides protection against malicious virtual machines that try to use Address Resolution Protocol (ARP) spoofing to associate their media access control (MAC) addresses with the IP addresses of another virtual machine. By doing this, they effectively steal IP addresses and intercept network traffic that is being sent to other virtual machines. This feature also provides protection against attackers who use IPv6 Neighbor Discovery spoofing.
You can enable this feature in the Advanced Features settings for the virtual machine network adapter by selecting the Enable router advertisement guard option. You can also enable it by using the Windows PowerShell cmdlet Set-VMNetworkAdapter. For example, if you want to enable this feature on a network adapter in a virtual machine named VM1, you would run the following cmdlets: $vmNIC = Get-VMNetworkAdapter -VMName VM1 Set-VMNetworkAdapter -VMNetworkAdapter $vmNIC -RouterGuard On
•
DHCP guard protection. This feature protects against a malicious virtual machine that is running a rogue DHCP server that can be used for man-in-the-middle attacks. If you enable the DHCP guard protection option, the virtual switch drops DHCP acknowledgement packets that the virtual machine sends. This effectively prevents other computers from obtaining TCP/IP configuration from the DHCP server that is running in the malicious virtual machine. You can enable this feature in the Advanced Features settings for the virtual machine network adapter, by selecting the Enable DHCP guard option. You also can enable this feature by using the Windows PowerShell cmdlet Set-VMNetworkAdapter. For example, if you want to enable this feature on a network adapter in virtual machine named VM1, you can run the following cmdlets: $vmNIC = Get-VMNetworkAdapter -VMName VM1 Set-VMNetworkAdapter -VMNetworkAdapter $vmNIC -DHCPGuard On
•
Port ACLs. The virtual switch performs traffic filtering based on MAC or IP addresses and ranges. With this feature, you can set up virtual network isolation by creating two lists: a list of computers with which a virtual switch port can communicate (white list), and a list of computers with which a virtual switch port cannot communicate (black list). A network port ACL has several entries, which include a network address and an associated permit, deny, or meter action. When a network packet matches one of the entries, the virtual switch takes the appropriate action.
Port ACLs can be based on MAC address, IPv4 address, or IPv6 address. You can configure this feature only by using Windows PowerShell, by running the Add-VMNetworkAdapterAcl cmdlet. For example, if you want to allow network traffic in both directions between a virtual machine named VM1 and computers on the 10.0.0.0/8 subnet, you can run the following cmdlet: Add-VMNetworkAdapterAcl -VMName VM1 -RemoteIPAddress 10.0.0.0/8 -Direction Both -Action Allow
•
Trunk mode to a VM. A VLAN logically isolates computers that are connected to the same local network, irrespective of their actual physical location. By using VLANs, you can assign computers on different switches to the same Layer 2 broadcast domain. This enables network communication between the computers while they are isolated from the other computers that are either assigned to
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-15
a different broadcast domain or have a different VLAN ID. A VLAN trunk enables traffic from multiple VLANs to be visible and accessible on the same network adapter, as defined in the IEEE 802.1Q standard.
Prior to Windows Server 2012 Hyper-V, the virtual switch did not have the ability to set a switch port to trunk mode, and you could not have multiple VLANs assigned to the same virtual NIC. Hyper-V in Windows Server 2012 supports the IEEE 802.1Q standard, and can forward traffic from multiple different VLANs to the same network adapter. You can configure this feature only by using Windows PowerShell, by running the cmdlet Set-VMNetworkAdapterVlan. For example, if you want to enable trunk mode to a virtual machine named VM1, you would run the following cmdlets: $vmNIC = Get-VMNetworkAdapter -VMName VM1 Set-VMNetworkAdapterVlan $vmNIC -Trunk -AllowedVlanIdList 1-100 -NativeVlanId 10
•
Network traffic monitoring. You can use this feature to monitor and review all incoming or outgoing network traffic that the network switch is forwarding to a specific virtual machine network adapter. When you configure this feature, network traffic is copied and you can view it inside a virtual machine by using a packet capture tool such as Network Monitor. You can enable this feature in the Advanced Features settings for the virtual machine network adapter by configuring the port mirroring mode. You can also configure it by using the Windows PowerShell cmdlet Set-VMNetworkAdapter. For example, if you want to configure network traffic monitoring for a virtual machine named VM1, you would run the following cmdlets: $vmNIC = Get-VMNetworkAdapter -VMName VM1 Set-VMNetworkAdapter $vmNIC -PortMirroring Source
•
Isolated VLAN or private VLAN. Private VLANs were introduced to help with VLAN scalability issues. A private VLAN consists of a primary VLAN, which has secondary VLANs. The secondary VLAN IDs differentiate the various private VLANs, and all secondary VLANs share the same primary VLAN ID. Private VLANs are designed to reduce the number of IP subnets and VLANs for some types of network configurations. The virtual switch supports private VLANs to restrict communication between computers on the same VLAN or network segment. Private VLANs support an isolated mode in which virtual machines can share the same VLAN ID, but can only communicate externally. You can configure this feature only by using Windows PowerShell, by running the cmdlet Set-VMNetworkAdapterVlan. For example, if you want to configure private VLAN for a virtual machine named VM1 and configure it with primary VLAN ID 10 and secondary VLAN ID 200, you would run the following cmdlet: $vmNIC = Get-VMNetworkAdapter -VMName VM1 Set-VMNetworkAdapter $vmNIC -Isolated -PrimaryVlanId 10 -SecondaryVlanId 200
•
Bandwidth limits and burst support. By setting a minimum bandwidth, you can guarantees at least that amount of bandwidth for the virtual machine network adapter. The maximum bandwidth setting specifies the maximum amount of bandwidth that a virtual machine network adapter can consume. You can enable and configure this feature only for network adapters, and not for legacy network adapters.
You can enable and configure this feature on the virtual machine network adapter settings, or by using the Windows PowerShell cmdlet Set-VMNetworkAdapter. For example, for a network adapter in a virtual machine named M1, if you want to specify a minimum bandwidth of 10 megabytes (MB) and maximum bandwidth of 1 gigabyte (GB), you can run following cmdlets: $vmNIC = Get-VMNetworkAdapter -VMName VM1 Set-VMNetworkAdapter $vmNIC -MinimumBandwidthAbsolute 10MB -MaximumBandwidth 1GB
Question: Do you need to enable DHCP guard protection on each virtual machine that you want to protect from obtaining TCP/IP configuration from the rogue DHCP server?
Virtual Switch Extensibility Prior to Windows Server 2012, Hyper-V included a simple virtual switch that was built on a closed architecture. It provided only basic networking functionality and was not extensible in any way. Windows Server 2012 Hyper-V uses a completely redesigned virtual switch, which is built on an open framework, is extensible, and allows developers to extend existing features and add new features into the virtual switch. For example, other companies can add their own monitoring, filtering, and forwarding features without having to replace all of the Hyper-V virtual switch functionality.
MCT USE ONLY. STUDENT USE PROHIBITED
4-16 Creating and Configuring Virtual Machine Networks
You can also implement extensions by using NDIS filter drivers or Windows Filtering Platform (WFP) callout drivers, which are two public Windows platforms used for extending the Windows networking functionality. Both platforms are available in Windows Server 2008 and newer Windows Server platforms, and you can use them to extend a virtual switch in different ways. NDIS filter drivers or WFP callout drivers have the following characteristics: •
NDIS filter driver. The NDIS filter driver is a filtering service that monitors and modifies network packets in Windows operating systems. For example, you can use the NDIS filter driver to perform packet inspection, to modify packets when transiting a virtual switch, or to perform packet forwarding based on their content. NDIS filters were introduced with the NDIS 6.0 specification, which was first implemented in Windows Server 2008 and Windows Vista.
•
WFP callout drivers. Developers can use WFP callout drivers to filter and modify TCP/IP packets, and to monitor or authorize connections, filter Internet Protocol security (IPsec)–protected traffic, and filter remote procedure calls (RPCs). Filtering and modifying TCP/IP packets provides unlimited access to the TCP/IP traffic that passes through the virtual switch. WFP callout divers can examine and modify outgoing and incoming packets before additional processing occurs. By using WFP callout drivers, developers can create firewalls, antivirus software, diagnostic software, intrusion detection software, and other types of applications and services. WFP callout drivers were first implemented in Windows Server 2008 and Windows Vista.
Non-Microsoft Extension Support
Non-Microsoft extensions can extend three aspects of the switching process: inbound (ingress) filtering, destination look-up and forwarding, and outbound (egress) filtering. Monitoring extensions also can gather statistical data by monitoring traffic at different layers of the virtual switch. You can add multiple monitoring and filtering extensions to a virtual switch. However, you can only use one instance of the forwarding extension per switch instance, and if you use a non-Microsoft forwarding extension, it will override the default forwarding of the virtual switch.
After you install virtual switch extensions, you can control them on the Extensions settings for the virtual switch, or by using Windows PowerShell. By default, there are two virtual switch extensions included with Hyper-V. These virtual switch extensions are the Microsoft NDIS Capture monitoring extension, which is disabled by default, and the Microsoft Windows Filtering Platform filtering extension, which is enabled by default.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-17
The following table lists some of the virtual switch extensions, functionalities they provide, and which platform you can use to provide such functionality. Extension
Purpose
Extensibility component
Network packet inspection
Inspects network packets that are exchanged between virtual machines and passed through a virtual switch. Network packets cannot be modified.
NDIS filter driver
Network packet filter
Creates, filters, and modifies network packets that are entering or leaving the virtual switch.
NDIS filter driver
Network forwarding
Provides network packets with a forwarding logic extension. This extension replaces the default forwarding extension, because the virtual switch can have only one forwarding extension.
NDIS filter driver
Intrusion detection or firewall
Filters and modifies network packets, monitors or authorizes connections, and filters traffic based on different criteria (for example, if the network packets are protected by IPsec).
WFP callout driver
Getting Started Writing a Hyper-V Extensible Switch Extension http://go.microsoft.com/fwlink/?LinkID=386699 Question: Can you write Hyper-V virtual switch extensions in Windows PowerShell?
What Is SR-IOV? SR-IOV is a standard that specifies how a hardware device can make its functionality available for direct use by virtual machines. These functionalities are called virtual functions, and are associated with physical functions. Physical functions are what the parent partition uses in Hyper-V.
SR-IOV in Hyper-V uses remapping of interrupts and direct memory access (DMA), and allows SR-IOV–capable devices to be assigned directly to a virtual machine. Hyper-V enables support for SR-IOV–capable network devices, and allows an SR-IOV Virtual Function of a physical network adapter to be assigned directly to a virtual machine. By doing this, the network adapter bypasses the virtual switch, and as a result network throughput increases, and the network latency and CPU overhead on the Hyper-V host decrease. If you want to use SR-IOV, both the Hyper-V host hardware and the network device and its device driver must support it. Because SR-IOV requires compliant hardware, it can be only associated with an external virtual switch that maps to an SR-IOV–capable network adapter in the Hyper-V host. You can only configure SR-IOV at the time that you create the virtual switch. You cannot convert an external virtual switch with SR-IOV enabled, to an internal or private switch. You can enable SR-IOV on virtual machine network adapters.
MCT USE ONLY. STUDENT USE PROHIBITED
4-18 Creating and Configuring Virtual Machine Networks
In Windows Server 2012 and newer Windows Server operating systems, you can use live migration to move running virtual machines without noticeable downtime, even when virtual machines are configured to use SR-IOV. During live migration, Hyper-V can check whether the destination server has SR-IOV capabilities, and if so, move the virtual machine to that server. You also can configure live migration to refuse migrations of SR-IOV–dependent virtual machines to a Hyper-V host that does not have SR-IOV capabilities.
You also can use live migration to move virtual machines that are configured to use SR-IOV between Hyper-V hosts even if Hyper-V hosts have different SR-IOV–enabled network adapters. When you move a virtual machine, you will notice that it is using a different network adapter, but the configuration and network connectivity will be preserved.
SR-IOV Requirements When you want to enable and use SR-IOV, the Hyper-V host must meet the following requirements: •
Server hardware must support SR-IOV, which includes chipset support for interrupt, and DMA remapping and firmware support to enable and make the hardware system SR-IOV capabilities available to the Windows Server operating system.
•
An SR-IOV–capable network adapter and network adapter device driver must be present on the Hyper-V host (in the parent partition). The network adapter device driver also must be present in each virtual machine, where an SR-IOV–capable network adapter (its virtual function) is assigned.
Note: When using SR-IOV, virtual machine traffic bypasses the Hyper-V virtual switch. If any switch port policies are set, SR-IOV functionality is disabled for that virtual machine. Everything you wanted to know about SR-IOV in Hyper-V. Part 1 http://go.microsoft.com/fwlink/?LinkID=386698 Question: Can you configure a Hyper-V virtual switch to use SR-IOV after you have created it?
What Is Dynamic Virtual Machine Queue? The Virtual Machine Queue (VMQ) was first supported in Hyper-V on Windows Server 2008 R2. VMQ provides support for virtual machines similar to how Receive Side Scaling provides support for multicore systems. Receive Side Scaling enables network adapters to distribute the network processing load across multiple processors in multicore computers, which makes it possible to support higher network bandwidth than a single CPU core can process.
Hyper-V host supports the multiple unicast MAC addresses per network adapter feature. If a network adapter also supports this feature, it can receive network packets with a destination MAC address that matches any of the unicast MAC addresses that are set on the adapter, without being in promiscuous mode. Such an adapter can allocate a receive queue for each MAC address, and then route incoming
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-19
traffic to the corresponding queue. For VMQ support, you must have both the multiple unicast MAC addresses per network adapter feature, and the ability to create queues in the memory address space that is assigned to the virtual machines. VMQ uses network adapter queues to: •
Classify received packets.
•
Group received packets.
•
Apply VLAN filtering.
•
Provide concurrent processing on the network traffic for multiple virtual machines.
•
Distribute interrupts to multiple cores for multiple virtual machines.
•
Avoid copying receive buffers to virtual machine address spaces.
VMQ allows the efficient transfer of the incoming network traffic to a virtual machine. A VMQ-capable network adapter can use DMA to transfer incoming packets to the appropriate virtual machine. This reduces CPU overhead when transferring packets to the virtual machines, which can be beneficial when virtual machines are receiving large amounts of traffic when performing tasks such as file backup, database replication, or data mirroring.
Hyper-V in Windows Server 2008 R2 associated the VMQ queue with virtual machine statically. In Windows Server 2012 and newer versions, Hyper-V provides automatic configuration and tuning for VMQ queues. This is accomplished by allowing VMQ to be associated with a processor dynamically, based on processor networking and CPU load. The number of processors that network processing uses can increase or decrease automatically, based on the network load. This allows the Hyper-V host to process more networking traffic and support higher network bandwidth. The ability to dynamically adjust number of processor cores that are used for processing VMQ queues is called Dynamic Virtual Machine Queue. Dynamic Virtual Machine Queue is enabled automatically in the virtual switch whenever an administrator enables VMQ on the virtual network adapter that is connected to the switch. The only ways to disable the VMQ feature either is to disable VMQ in the virtual network adapter Hardware Acceleration settings, or to use the Windows PowerShell cmdlet Set-VMNetworkAdapter. Note: VMQ requires a physical network adapter that supports this feature. If the VMQ feature is enabled on a virtual network adapter, but the Hyper-V host does not have a physical adapter that supports VMQ, this feature cannot be used. Question: Is VMQ beneficial when a virtual machine has to perform complex calculations and database searches?
Network Adapter Advanced Features The Hyper-V virtual switch provides expanded switch functionality, which developers can also extend. You also can replace the Hyper-V virtual switch entirely, with a non-Microsoft virtual switch implementation. Hyper-V is built on an open and extensible framework.
MCT USE ONLY. STUDENT USE PROHIBITED
4-20 Creating and Configuring Virtual Machine Networks
You can manage some of the more advanced Hyper-V virtual switch features, but only by using Windows PowerShell. However, you can configure other features by using graphical tools such as Hyper-V Manager. Some virtual switch settings such as virtual switch type, VLAN ID, SR-IOV or virtual switch extension used are configured for virtual switch by using Virtual Switch Manager. You can configure other settings that also rely on Hyper-V virtual switch functionality, as properties of the virtual network adapter. You can configure the following network adapter advanced features: •
MAC Addresses. By using this setting, you can configure a virtual machine either to use a dynamic MAC address assignment (which is the default configuration), or to specify a static MAC address that the virtual machine will use. As with most other settings, you can configure this setting only if the virtual machine is not running. In this setting, you can also enable MAC Address spoofing, which allows virtual machines to change the source MAC addresses in outgoing packets to one that is not assigned to them. This can be beneficial when the virtual machine is a node in the Network Load Balancing (NLB) cluster, in which nodes should be using the same MAC address for outgoing traffic. If a virtual machine has NIC Teaming configured, MAC address spoofing must be enabled.
•
DHCP guard. This is a security feature that can prevent a rogue DHCP server that is running in a virtual machine from providing TCP/IP settings on the network. This option is disabled by default, which means that the virtual switch is forwarding DHCP Acknowledge packets from the virtual machine. If you enable this option, the DHCP server that is running in the virtual machine will not be able to offer TCP/IP settings over the virtual network adapter that has this feature enabled.
•
Router guard. This is also a security feature that can prevent virtual machines from sending router advertisements and redirection messages, and prevent man-in-the-middle type attacks. This option is disabled by default. If you enable it, the virtual switch will drop router advertisements and redirection messages, which are sent from the virtual machine over a virtual network adapter that has this feature enabled.
•
Protected network. This option is enabled by default, and enables network health detection and recovery. If a virtual machine is running on a Hyper-V host cluster and a network is disconnected on a protected virtual network, the failover cluster will use live migration to move the affected virtual machine to a Hyper-V node on which that external virtual network is available.
•
Port mirroring. This feature enables monitoring of the incoming and outgoing traffic for a virtual machine. You can configure port mirroring as either the source or as the destination, and the virtual switch will copy all traffic from the source virtual network adapter to the destination adapter. In a virtual machine that has the virtual network adapter configured as a destination, you should typically be running a network monitoring application.
•
NIC Teaming. By using this setting, you can add multiple network adapters that are configured in a virtual machine to a network team. This aggregates their bandwidth and provides redundancy, even if NIC Teaming is not configured on the Hyper-V host itself.
Note: You can configure the same network adapter advanced features for network adapters, legacy network adapters, and network adapters that are used in Generation 2 virtual machines. Question: How can you monitor network traffic when you enable port mirroring for a network adapter?
NIC Teaming in Virtual Machines NIC Teaming is one of the features in Windows Server 2012 R2 that you can use to consolidate up to 32 physical network adapters, and then use them as a single interface. This strategy provides both higher network throughput and redundancy. NIC Teaming is not a Hyper-V–specific feature. Because of this, all applications that are running at the system level on Windows Server 2012 R2 can benefit from it, including Hyper-V.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-21
NIC Teaming is also available to guest operating systems that are running inside virtual machines, regardless of whether NIC Teaming is used at the system level or not. This enables virtual machines with multiple virtual network adapters to team the adapters and still have connectivity, even when one of the adapters is disconnected or one of the virtual switches (physical network adapter that is connected to the virtual switch) fails. This is especially important when using SR-IOV, because SR-IOV traffic bypasses the virtual switch and cannot benefit from NIC Teaming at the system level, whereas the Hyper-V virtual switch can use it.
Using NIC Teaming
To benefit from virtual machine NIC Teaming, you should create at least two external virtual switches, and then connect virtual machine network adapters to them. Physical network adapters that connect to virtual switches can be configured to use SR-IOV, although this is not mandatory. If virtual machine network adapters are connected to SR-IOV–enabled virtual switches, the virtual machine will install virtual functions for them and will be able to use them in an NIC team. If one of the physical network adapters is disconnected or fails, the virtual machine will continue to use the virtual functions of the remaining SR-IOV–enabled network adapters, and will still have network connectivity.
If virtual switches are connected to physical network adapters that are not SR-IOV–enabled, the end result will be the same. However, physical network adapters will not be directly mapped to the virtual machine by using virtual function, but will map instead by using the Hyper-V virtual network adapter. Another option is to use a combination of adapters that are SR-IOV–enabled, and those which are not in the same virtual machine NIC team. You can enable virtual machine NIC Teaming either from the Advanced Properties settings page of the virtual network adapter, or by using the Windows PowerShell cmdlet Set-VmNetworkAdapter. Virtual machine NIC Teaming is not enabled by default. If you do not enable it, and if one of the physical network adapters stops working, the NIC team that is created in the guest operating system in the virtual machine will lose connectivity.
Note: Because failover between network adapters in a virtual machine results in traffic being sent with the MAC address of the other network adapter, each virtual network adapter that is using NIC Teaming must be set to allow MAC address spoofing, or must have the “AllowTeaming=On” parameter set by using the Windows PowerShell cmdlet Set-VmNetworkAdapter.
MCT USE ONLY. STUDENT USE PROHIBITED
4-22 Creating and Configuring Virtual Machine Networks
At the Hyper-V host level, NIC Teaming is not supported when physical network adapters are using SRIOV or Remote Direct Memory Access (RDMA). This is because network traffic is delivered directly to the adapter, thereby bypassing the network stack, and not allowing path redirection. When you configure NIC Teaming at the virtual machine level, physical network adapters that are connected to virtual switches can be using SR-IOV. Question: Are there any special hardware requirements if you want to use NIC Teaming in virtual machines?
Demonstration: Configuring Network Adapter Advanced Features In this demonstration, you will see how to configure advanced Hyper-V virtual switch features, such as bandwidth management and DHCP guard.
Demonstration Steps 1.
On LON-PROD1, in File Explorer, copy the C:\Windows\Inf folder and paste it to the network share \\10.0.0.16\share. Be aware of the copy speed and how long the process takes.
2.
After the copy finishes, delete the copied Inf folder.
3.
On LON-HOST1, in Hyper-V Manager, enable bandwidth management for the network adapter in the LON-PROD1 virtual machine. Type 10 as both the Minimum bandwidth and Maximum bandwidth.
4.
On LON-PROD1, in File Explorer, copy the C:\Windows\Inf folder, and paste it again to the network share \\10.0.0.16\share. Notice that copy process takes noticeably longer to complete.
5.
On LON-PROD1, in Windows PowerShell, use the ipconfig command to release and renew TCP/IP settings.
6.
On LON-HOST1, in Hyper-V Manager, enable DHCP guard on the network adapter of the 20409B-LON-DC1 virtual computer.
7.
On LON-PROD1, in Windows PowerShell, use the ipconfig command to release renew TCP/IP settings. Notice that this time the process takes considerably longer, and LON-PROD1 is not able to obtain TCP/IP settings.
Lab B: Creating and Using Advanced Virtual Switch Features Scenario IT management has identified several cases of client computers obtaining network settings from unauthorized DHCP servers. You have been asked to demonstrate how Hyper-V can prevent rogue DHCP servers from providing network settings. You also need to demonstrate some of the advanced virtual switch settings, and demonstrate how to limit bandwidth that virtual machines can use.
Objectives After completing this lab, you will be able to: •
Configure and use advanced virtual switch features.
Lab Setup Estimated Time: 20 minutes
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-23
Virtual machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-PROD1, 20409B-LON-PROD2, 20409B-LON-TEST1, and 20409B-LON-TEST2 User name: Adatum\Administrator Password: Pa$$w0rd For this lab, you will use the available virtual machine environment. Note: You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.
Exercise 1: Configuring and Using Advanced Virtual Switch Features Scenario
One of your managers would like to see how the Hyper-V virtual switch can protect network clients from rogue DHCP servers. You plan to demonstrate how to configure DHCP guard, and at the same time, demonstrate how to configure VLANs and bandwidth management. The main tasks for this exercise are as follows: 1.
Configure and use DHCP guard.
2.
Configure and use VLANs.
3.
Configure and use bandwidth management.
Task 1: Configure and use DHCP guard Note: In this exercise you will see how you can prevent rogue DHCP servers on your network. Because your partner is also using the same DHCP server, you should synchronize this task with him or her. 1.
On LON-PRODx, use ipconfig to release and renew TCP/IP settings.
2.
On LON-HOSTx, in Hyper-V Manager, on the network adapter of the 20409B-LON-PRODx virtual computer, enable DHCP guard.
3.
On LON-PRODx, use ipconfig to release and renew TCP/IP settings.
Note: This step confirms that the DHCP guard setting on the virtual network adapter has no effect on whether or not the virtual machine can obtain TCP/IP settings over that adapter or not. Note: The following lab steps will also affect your lab partner, so let him or her know that you will perform the change on the LON-DC virtual machine. Your partner should wait until you finish this change, and then proceed. 4.
On LON-HOST1, in Hyper-V Manager, enable the DHCP guard on the network adapter of the 20409B-LON-DC1 virtual computer.
5.
On LON-PRODx, use ipconfig to release and renew TCP/IP settings.
Note: Notice that this time it takes considerably longer, and that LON-PRODx is not able to obtain TCP/IP settings. 6.
On LON-HOST1, use the Windows PowerShell Set-VMNetworkAdapter cmdlet to disable DHCP guard on the LON-DC1 virtual computer. Note: The DHCP server in LON-DC1 can once again offer TCP/IP settings.
Note: In step 6 you disabled DHCP guard on LON-DC1, so now your partner can now perform steps 4 through 6.
Task 2: Configure and use VLANs 1.
On LON-HOSTx, connect the virtual machine 20409B-LON-TESTx to the External Network virtual switch.
2.
On LON-PRODx, configure the Ethernet network connection with the following settings: o
IP address: 10.0.0.x5
o
Subnet mask: 255.255.255.0
MCT USE ONLY. STUDENT USE PROHIBITED
4-24 Creating and Configuring Virtual Machine Networks
3.
On LON-PRODx, try to ping IP address 10.0.0.x6, and verify that four replies are received, which confirms that LON-PRODx and LON-TESTx have network connectivity.
4.
On LON-HOSTx, in Hyper-V Manager, configure the LON-PRODx virtual machine network adapter with the virtual LAN identification value of 2.
5.
On LON-PRODx, try to ping IP address 10.0.0.x6. Confirm that the destination host is no longer reachable. This is because LON-PRODx is connected to a VLAN different from LON-TESTx.
6.
On LON-HOSTx, in Hyper-V Manager, disable virtual LAN identification for the network adapter in the LON-PRODx virtual machine.
Task 3: Configure and use bandwidth management
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-25
1.
On LON-PRODx, in File Explorer, copy the C:\Windows\Inf folder, and then paste it to the \\10.0.0.x6\share network share. Make note of the copy speed and how long the process takes.
2.
After the copy completes, delete the copied Inf folder.
3.
On LON-HOSTx, in Hyper-V Manager, enable bandwidth management for the network adapter in the 20409B-LON-PRODx virtual machine. For the values of both the Minimum bandwidth and the Maximum bandwidth, type 10.
4.
On LON-PRODx, in File Explorer, copy the C:\Windows\Inf folder, and paste it to the \\10.0.0.x6\share network share. Notice that the copy process takes noticeably longer to complete.
5.
On LON-HOSTx, in Hyper-V Manager, disable Bandwidth management for the network adapter in the 20409B-LON-PRODx virtual machine. Note: Leave the virtual machines running, as you will use them in the next lab.
Results: After completing this exercise, you should have configured and used advanced virtual switch features.
Lesson 3
Configuring and Using Hyper-V Network Virtualization
MCT USE ONLY. STUDENT USE PROHIBITED
4-26 Creating and Configuring Virtual Machine Networks
Network virtualization, which was introduced with Hyper-V in Windows Server 2012, provides similar functionality to network traffic as does server virtualization to the server load. With network virtualization, network traffic between different computers is isolated, even when it is on the same physical network. You can isolate network traffic by using different features such as VLANs, private VLANs, and Port ACLs. However, all of these features have limitations. Therefore, for Hyper-V network virtualization (which is an implementation of Software Defined Networking, you use Network Virtualization Generic Routing Encapsulation. You can configure network virtualization by using Windows PowerShell, but this process is much easier when you use tools such as VMM.
Lesson Objectives After completing this lesson, you will be able to: •
Describe solutions to provide network isolation in a multi-tenant environment.
•
Describe network virtualization.
•
Explain the benefits of network virtualization.
•
Describe Network Virtualization Generic Routing Encapsulation.
•
Describe network virtualization policies.
•
Configure network virtualization.
Providing Multitenant Network Isolation
Virtualization provides many benefits, including consolidation, better hardware utilization, and virtual machine separation from the physical server hardware. As a result, many companies are virtualizing most of their server load. With virtualization and the ability to host virtual machines from different departments or even from multiple companies in the same data center, it is important to be able to separate and isolate those virtual machines. One of the basic requirements is to isolate virtual machines that are running on the same physical hardware. Until recently, there was no easy, inexpensive, and scalable solution to separate or isolate the network traffic generated on the same network infrastructure by different tenants. Tenants are the virtual machines that belong to different departments or organizations, or for which you need to isolate network traffic for any other reason. You could always use physical network separation, but this option is neither scalable nor inexpensive.
The different solutions that you can use to provide network isolation in a multiple tenant environment are: •
VLANs. This is the solution that most organizations use today to support address space reuse and multiple tenant isolation. A VLAN uses an additional header that contains a VLAN ID. It relies on switches to enforce isolation of network traffic between computers that are connected on the same network but use different VLAN IDs. One of the drawbacks of VLAN is that it provides limited scalability. Because VLAN ID only uses 12 bits, you can theoretically have a maximum of 4,094
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-27
different VLANs on the same infrastructure. However, many switches can support much less than 4,094 VLANs. The second drawback is that VLANs cannot span multiple logical subnets. This limits the number of computers in a single VLAN, and restricts the placement of virtual machines based on physical location.
Although you can enhance or stretch VLANs across physical locations, a stretched VLAN must be on the same subnet. You should also be aware that switches and routers should be configured to support VLANs and you need to reconfigure them whenever virtual machines or isolation boundaries move in the dynamic data center. This can be automated to a certain extent, but it increases risk of an inadvertent network outage due to incorrectly performed reconfiguration. •
Private VLANs. You can use private VLANs to avoid some of the VLAN scalability limitations. You implement private VLANs in a similar way as you implement VLANs, but you can use private VLANs to divide a VLAN into a number of separate and isolated subnetworks, which you can then assign to tenants. Private VLANs consist of a primary and secondary VLAN pair, and share the IP subnet that is assigned to the parent VLAN. Although computers that are connected to different private VLANs still belong to the same IP subnet, they require a router to communicate with each other, and with resources on any other network.
When you use private VLANs, you can assign a large number of tenants to the same primary VLAN and have isolated secondary VLAN IDs. For example, if you have 4,000 tenants and you could not use private VLANs, you would need 4,000 VLANs to provide isolation. However, if you use private VLANs, you can use only one primary VLAN, and assign each tenant a different secondary VLAN. When using such a configuration, you would need only a single VLAN ID, instead of 4,000. •
Port ACLs. You can use port ACLs to configure network traffic filtering based on MAC or IP addresses or IP ranges. By using port ACLs, you can configure virtual network isolation by creating two lists: one list contains addresses of computers with which a virtual switch port can communicate, and the second list contains addresses of computers with which a virtual switch port cannot communicate or share data.
When you add a new virtual machine or move an existing virtual machine, you must manage and update these two lists, which can be challenging and error-prone. Technically, it is possible to provide multiple tenancy isolation by using only port ACLs. However, you typically do not use the port ACLs feature for this purpose. Instead, you typically use port ACLs to ensure that virtual machines do not pretend to have different IP or MAC addresses than what they are assigned. All three solutions—VLANs, PVLANs and port ACLs—are also supported and can be implemented by using the Hyper-V virtual switch. However, the virtual switch also supports network virtualization, and this is the best solution for providing multitenant networking. Question: Can two virtual machines always communicate if they are connected to an external virtual switch?
What Is Network Virtualization? Network virtualization provides similar functionality to network traffic as server virtualization provides to virtual machines. You can use server virtualization to run multiple virtual machines on the same physical server. Each virtual machine is isolated from other virtual machines. From each virtual machine, it seems as though that virtual machine is the only one running on the physical server, even when multiple virtual machines are running on the same physical server simultaneously.
MCT USE ONLY. STUDENT USE PROHIBITED
4-28 Creating and Configuring Virtual Machine Networks
The same is true for network virtualization, which separates the network configuration from the physical network infrastructure. You can have multiple virtual networks that are logically isolated, and potentially each virtual network is using overlapping IP address space on the same physical network infrastructure. From each virtual network, it seems as if only that virtual network is using the physical network infrastructure, even though multiple virtual networks could be using the same physical infrastructure at the same time. This enables scenarios in which you want to isolate multiple networks on the same physical network infrastructure, such as when a company is using the same physical network for testing and production environments. Network virtualization also simplifies virtual machine movement, because you do not need to change the virtual machine networking configuration when you move it to a different data center. Network virtualization is an implementation of Software Defined Networking. It provides a layer of abstraction between the physical network and network traffic. To achieve this abstraction, the virtualization platform has to support it.
The Hyper-V virtual switch in Windows Server 2012 and newer Windows Server versions supports this virtualization by using two IP addresses for each virtual machine. By using two IP addresses, network virtualization enables you to keep the logical network topology (which is virtualized), and kept separate from the actual underlying physical network topology and addresses that are used on the physical network. This enables you to run virtual machines and provide them with the same network access without any modification on any Hyper-V host, assuming that the Hyper-V hosts are configured to map between both IP addresses. Question: Can you use network virtualization to allow virtual machines that are running on multiple segments to communicate, while isolating that traffic from other network traffic?
Benefits of Network Virtualization
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-29
Network virtualization provides a layer of abstraction between a physical network and network traffic. Virtual machines can run on physical servers, while being unaware that they are virtualized. Similarly, networks can be virtualized and can use their own IP address space, regardless of the IP address space used on the physical network. You can implement network isolation by using different solutions such as VLANs, private VLANs, and port ACLs. However, network virtualization avoids their limitations related to scalability and complex configuration, and provides a scalable, standard-based, and inexpensive solution for providing multitenant network isolation. Network virtualization provides the following benefits: •
Flexible virtual machine placement. Network virtualization provides abstraction and separates virtual machine IP addresses (customer address) from the physical network IP addresses (provider address). This way, you can place virtual machine on any Hyper-V host in the data center, and placement is no longer restricted by the IP address assignment or VLAN isolation restrictions of the physical network.
•
Multitenant network isolation without VLANs. You can define and enforce network traffic isolation without using VLANs or reconfiguring physical network switches. You are also not limited to 4,094 VLAN IDs. In addition, with network virtualization, when you move existing virtual machines or create new ones, you do not need to manually reconfigure the physical hardware.
•
IP address reuse. Virtual machines in different virtual networks can use the same or overlapping IP address space, even when they are deployed on the same physical network. Virtual networks are isolated, and they can use the same address space without any conflict or issue.
•
Live migration across subnets. Previously, virtual machine live migration was limited to the same IP subnet or VLAN, because when a virtual machine was moved to different subnets, it should have changed its IP address. With network virtualization, you can use live migration to move a virtual machine between two Hyper-V hosts in different subnets, without needing to change the virtual machine IP address. With network virtualization, the virtual machine location change is updated and synchronized among computers that have ongoing communication with the migrated virtual machine.
•
Compatibility with the existing network infrastructure. Network virtualization is compatible with existing network infrastructure, and you can deploy it in an existing data center.
•
Transparent moving virtual machines to a shared infrastructure as a service (IaaS) cloud. When you use network virtualization, IP addresses, IP policies, and virtual machine configurations remain unchanged, regardless of on which Hyper-V host the virtual machine is running. As a result, you can move virtual machines between Hyper-V hosts in your data center, between Hyper-V hosts in different data centers, and between Hyper-V hosts in your data center and shared IaaS cloud.
•
Configuration by Windows PowerShell. Network virtualization supports Windows PowerShell for configuring the network virtualization and isolation policies. The Hyper-V module includes cmdlets that you can use to configure, monitor, and troubleshoot network virtualization. You should use tools such as VMM to configure and manage network virtualization. Question: Do you need to modify a network virtualization configuration when you migrate virtual machines between Hyper-V hosts?
What Is Network Virtualization Generic Routing Encapsulation? Windows Server 2012 Hyper-V and newer versions use Network Virtualization Generic Routing Encapsulation to implement network virtualization. When using network virtualization, each virtual network adapter is associated with two IP addresses:
MCT USE ONLY. STUDENT USE PROHIBITED
4-30 Creating and Configuring Virtual Machine Networks
•
Customer Address. This is the IP address that the virtual machine configures and uses. You configure this address in the properties of the virtual network adapter, by the guest operating system that is running on the virtual machine, irrespective of whether network virtualization is used. Virtual machines use customer addresses when communicating with other systems, and if you migrate a virtual machine to a different Hyper-V host, the customer addresses can remain the same.
•
Provider Address. This is the IP address that the virtualization platform (Hyper-V) assigns, and is dependent on the physical network infrastructure where Hyper-V host is connected. When network virtualization is being used and the virtual machine sends network traffic, the Hyper-V host encapsulates the packets and includes the provider address as the source address from where packets were sent. The provider address is visible on the physical network, but not to the virtual machine. If you migrate a virtual machine to a different Hyper-V host, the provider address changes.
Using Network Virtualization Generic Routing Encapsulation
When a virtual machine has to communicate over a network, Network Virtualization Generic Routing Encapsulation encapsulates its packets. For example, assume that one virtual machine is configured with the IP address 10.1.1.11 (customer address 1), and is running on a Hyper-V host that uses IP address 192.168.2.22 (provider address 1). The second virtual machine is configured with IP address 10.1.1.12 (customer address 2) and is running on a Hyper-V host with IP address 192.168.5.55 (provider address 2). If those two virtual machines need to communicate, they must communicate over the network, as they are running on two different Hyper-V hosts. However, if you use network virtualization, the first Hyper-V host will use Network Virtualization Generic Routing Encapsulation to encapsulate virtual machine packets. These packets contain the source IP address (customer address 1) and destination IP address (customer address 2), which are encapsulated into an envelope that uses its own IP address (provider address 1) as a source and IP address of the Hyper-V host on which second virtual machine is running (provider address 2) as the destination. Encapsulated packages will be sent on the physical network, and it will appear as network traffic between two Hyper-V hosts. The destination Hyper-V host (provider address 2) will separate the envelope from the encapsulated packet, and then pass it on to the destination virtual machine (customer address 2), which is running on that Hyper-V host.
You can configure several virtual machines with the same IP addresses, but when they are on the different virtual networks, Network Virtualization Generic Routing Encapsulation can isolate their traffic. In the GRE envelope header, aside from the new source and destination addresses (provider address 1 and provider address 2), there is also a file named Key, which represent the virtual subnet ID. The virtual subnet ID is used to separate and isolate traffic from different virtual networks, and enables the Hyper-V host to pass the traffic only to virtual machines on the same virtual network. When multiple virtual machines (customer address) on the same Hyper-V host (provider address) have the same IP address (customer address), the Hyper-V host can still differentiate between them, based on which virtual network the virtual machine is connected.
Question: How many customer addresses does a virtual machine have? Question: Does a virtual machine customer address change when you move the virtual machine between Hyper-V hosts?
What Are Network Virtualization Policies? If you configure network virtualization, and if two virtual machines have to communicate, the Hyper-V host on which the first virtual machine is running must be aware on which Hyper-V host the second virtual machine is running before it can encapsulate network packets into GRE envelopes. If both virtual machines are running on the same Hyper-V host, Hyper-V already has this knowledge. In reality, virtual machines are usually running on different Hyper-V hosts, and you must configure network virtualization.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-31
You can configure network virtualization by deploying network virtualization policies. These policies define mappings between the IP address spaces that the virtual machines use (customer address space), and the IP addresses of Hyper-V hosts on which those virtual machines are running (provider address space). Before sending traffic on the physical network, the Hyper-V host consults network virtualization policies, discovers on which Hyper-V host the target virtual machine is running, and encapsulates the traffic with a GRE envelope. Only after that is the encapsulated traffic sent on the physical network. For example, assume that you are hosting two companies, Blue Yonder Airlines and Woodgrove Bank, with the following configuration: •
Blue Yonder Airlines is running Microsoft SQL Server in a virtual machine with the IP address 10.1.1.1, and a web server in a virtual machine with the IP address 10.1.1.2. The web server is using SQL Server as a database for storing transactions.
•
Woodgrove Bank is running SQL Server in a virtual machine with the same IP address 10.1.1.1, and a web server in a virtual machine with the IP address 10.1.1.2. The web server is using SQL Server as a database for storing transactions.
SQL servers for both companies are running on Hyper-V Host 1, which has the IP address 192.168.1.10. Web servers for both companies are running on Hyper-V Host 2, which has the IP address 192.168.1.12. Therefore, the virtual machines have the following customer addresses: Company Name
SQL
Web
Blue Yonder Airlines
10.1.1.1
10.1.1.2
Woodgrove Bank
10.1.1.1
10.1.1.2
MCT USE ONLY. STUDENT USE PROHIBITED
4-32 Creating and Configuring Virtual Machine Networks
Based on which Hyper-V host the virtual machines are running on, the virtual machines are also assigned the following provider addresses: Company Name
SQL
Web
Blue Yonder Airlines
192.168.1.10
192.168.1.12
Woodgrove Bank
192.168.1.10
192.168.1.12
When you configure virtual networks, Blue Yonder Airlines is assigned virtual subnet ID of 5001, and Woodgrove Bank is assigned virtual subnet ID of 6001. You also need to create network virtualization policies for both companies, and then apply policies to Hyper-V Host 1 and Hyper-V Host 2.
When the Blue Yonder Airlines web virtual machine on Hyper-V Host 2 queries its SQL Server at 10.1.1.11, the following happens: 1.
2.
Hyper-V Host 2, based on its policy settings, translates the addresses in the packet: a.
From source: 10.1.1.2 (the customer address of Blue Yonder Airlines web)
b.
To destination: 10.1.1.1 (the customer address of Blue Yonder Airlines SQL Server)
Into the encapsulated packet, that contains: a.
GRE header with virtual subnet ID: 5001
b.
Source: 192.168.2.12 (the provider address for Blue Yonder Airlines web)
c.
Destination: 192.168.1.10 (the provider address for Blue Yonder Airlines SQL Server)
Note: The encapsulated packet also contains the original packet. When Hyper-V Host 1 receives the packet, based on its policy settings, it unencapsulates the Network Virtualization Generic Routing Encapsulation packet, sees that it is for the Blue Yonder Airlines virtual network (virtual subnet ID 5001), and then passes it on to the virtual machine with IP address 10.1.1.1, as specified in the original (encapsulated) packet. Note: You can configure network virtualization policies by using Windows PowerShell, but this can be a daunting and error-prone task. Instead, this configuration is easier to perform with tools such as VMM.
You can use network virtualization and network virtualization policies to move virtual machines between Hyper-V hosts while preserving their network configuration. When you move a virtual machine, you only need to update the network virtualization policies to reflect the new Hyper-V host on which the virtual machine is running. The virtual machine network configuration stays the same, and it is still connected to the same virtual network. If you are using network virtualization between virtual machines, you do not need any additional infrastructure. However, when you need to provide connectivity between the Hyper-V network virtualization environment and resources that are not part of the same Hyper-V network virtualization environment, you will need a network virtualization gateway. Windows Server Gateway is an example of such a gateway, which is a virtual machine-based router that is built on Windows Server 2012 R2. Windows Server Gateway http://go.microsoft.com/fwlink/?LinkID=386700
Question: Why do you need network virtualization policies needed using network virtualization?
Demonstration: Configuring Network Virtualization
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-33
In this demonstration, you will see that network virtualization is not configured at first. Because all computers (LON-PROD1, LON-PROD2, LON-TEST1, and LON-TEST2) are connected to an external virtual switch, each computer can ping the other three. Next, you will see how to configure network virtualization and virtualization policies for LON-PRODx computers by defining on which Hyper-V host they are running. Finally, you will see that after network virtualization is enabled, the LON-PRODx computers can ping each other, but they cannot ping LON-TESTx computers, which are not on the same virtual network.
Demonstration Steps 1.
On LON-PROD1, ping the following IP addresses: o
LON-TEST1: 10.0.0.16
o
LON-PROD2: 10.0.0.25
o
LON-TEST2: 10.0.0.26
2.
Confirm that LON-PROD1 has connectivity with the other three virtual machines.
3.
On LON-HOST1, use the Windows PowerShell cmdlet Get-VMNetworkAdapter to confirm that LON-PROD1 has a VirtualSubnetId property value of 0, which means that virtual subnets are not being used.
4.
Use the Get-NetAdapter cmdlet to determine the Ethernet index number for the network adapters on LON-HOST1 and LON-HOST2. Write these numbers down.
5.
On LON-HOST1, open the file C:\LabFiles\Mod04\ConfigureNWx.ps1 in Windows PowerShell ISE.
6.
Review the Windows PowerShell script to see how network virtualization is being configured. Review the variables as well, which are defined at the start.
7.
In Windows PowerShell ISE, on the toolbar, click Run Script. (Alternatively, you can also press the F5 key).
8.
When prompted, enter the index numbers of LON-HOST1 network adapter and the-HOST2 network adapter that you recorded in step 4.
9.
On LON-HOST1, use the cmdlet Get-VMNetworkAdapter to confirm that LON-PROD1 has the VirtualSubnetId property with a value 5001, which you configured with the Windows PowerShell script.
10. On LON-PROD1, ping the following IP addresses: o
LON-TEST1: 10.0.0.16
o
LON-PROD2: 10.0.0.25
o
LON-TEST2: 10.0.0.26
11. Verify that four replies are returned, but only from IP address 10.0.0.25. Note: This confirms that LON-PROD1 has connectivity with LON-PROD2, but it does not have connectivity with LON-TEST1 or LON-TEST2.
Lab C: Configuring and Testing Hyper-V Network Virtualization Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
4-34 Creating and Configuring Virtual Machine Networks
You have been asked to demonstrate how you can use network virtualization to separate test and preproduction environments that are using the same network infrastructure. IT management would like to ensure that the servers in both environments can use the same IP addresses, and can communicate with other servers that are part of the same environment.
Objectives After completing this lab, you will be able to: •
Configure Hyper-V network virtualization.
Lab Setup Estimated Time: 20 minutes Virtual machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-PROD1, 20409B-LON-PROD2, 20409B-LON-TEST1, and 20409B-LON-TEST2 User name: Adatum\Administrator Password: Pa$$w0rd For this lab, you will use the available virtual machine environment. Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines. However, you can shut down all virtual machines after finishing this lab. You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.
Exercise 1: Configuring Hyper-V Network Virtualization Scenario
Your company is using VLANs to isolate network traffic between test and production environments. While this solution is sufficient, reconfiguring network equipment while removing servers and adding new virtual machines is challenging. As a result, you have been asked to demonstrate how network virtualization can achieve the same goal. To do this, you need to set up a proof of concept environment with four virtual machines. You then will use these virtual machines to demonstrate how to configure Hyper-V network virtualization. The main tasks for this exercise are as follows: 1.
Verify that network virtualization is not configured on LON-HOST1.
2.
Verify that network virtualization is not configured on LON-HOST2.
3.
Configure Hyper-V network virtualization.
4.
Test Hyper-V network virtualization.
5.
Remove Hyper-V network virtualization.
Task 1: Verify that network virtualization is not configured on LON-HOST1 Note: Only the student who is using LON-HOST1 performs this task. 1.
On LON-PROD1, ping the IP addresses of the following virtual machines: o
LON-TEST1: 10.0.0.16
o
LON-PROD2: 10.0.0.25
o
LON-TEST2: 10.0.0.26
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-35
2.
Confirm that LON-PROD1 has connectivity with all three virtual machines.
3.
On LON-HOST1, in Windows PowerShell, use the Get-VMNetworkAdapter cmdlet to confirm that 20409B-LON-PROD1 has a VirtualSubnetId property value of 0, which means that virtual subnets are not in use.
4.
On LON-HOST1, use the Get-NetVirtualizationLookupRecord cmdlet to verify that no virtualization lookup records are defined.
5.
On LON-HOST1, use the Get-NetVirtualizationCustomerRoute cmdlet to verify that no virtualization customer routes are defined.
6.
In Windows PowerShell, run the Get-NetAdapter cmdlet.
7.
For the physical network adapter, under the ifIndex column, write down the Index number.
Task 2: Verify that network virtualization is not configured on LON-HOST2 Note: Only the student who is using LON-HOST2 performs this task. 1.
On LON-TEST2, ping IP addresses of the following virtual machines: o
LON-PROD1: 10.0.0.15
o
LON-TEST1 10.0.0.16
o
LON-PROD2: 10.0.0.25
2.
Confirm that LON-TEST2 has connectivity with the three virtual machines.
3.
On LON-HOST2, use the Get-VMNetworkAdapter cmdlet to confirm that 20409B-LON-TEST2 has a VirtualSubnetId property value of 0, which means that virtual subnets are not in use.
4.
On LON-HOST2, use the Get-NetVirtualizationLookupRecord cmdlet to verify that virtualization lookup records are not yet defined.
5.
On LON-HOST2, use the Get-NetVirtualizationCustomerRoute cmdlet to verify that virtualization customer routes have yet to be defined.
6.
In Windows PowerShell, run the Get-NetAdapter cmdlet.
7.
For the physical network adapter, under the ifIndex column, write down the Index number.
Task 3: Configure Hyper-V network virtualization
MCT USE ONLY. STUDENT USE PROHIBITED
4-36 Creating and Configuring Virtual Machine Networks
1.
On LON-HOSTx, open the file C:\LabFiles\Mod04\ConfigureNWx.ps1 in Windows PowerShell ISE.
2.
Review the Windows PowerShell script to see how network virtualization is configured. Review also the variables that are defined at the start.
3.
In Windows PowerShell ISE, on the toolbar, press Run Script, or press F5. If you run the script on LON-HOST1, enter the index number of your physical server network adapter and the index number of your partner physical server network adapter that were recorded earlier.
Task 4: Test Hyper-V network virtualization 1.
On LON-HOSTx, in Windows PowerShell ISE, use the Get-NetVirtualizationLookupRecord cmdlet to confirm that virtualization records are created for the IP addresses of LON-PRODx and LON-TESTx virtual machines.
2.
Use the Get-NetVirtualizationCustomerRoute cmdlet to confirm that one virtualization route is defined. Note: Only the student who is using LON-HOST1 will perform steps 3 and 4.
3.
On LON-HOST1, use the Get-VMNetworkAdapter cmdlet to confirm that 20409B-LON-PROD1 has a VirtualSubnetId property with the value 5001, which you configured with the Windows PowerShell script.
4.
On LON-PROD1, ping the following IP addresses:
5.
o
LON-TEST1: 10.0.0.16
o
LON-PROD2: 10.0.0.25
o
LON-TEST2: 10.0.0.26
Verify that four replies are returned, but only from IP 10.0.0.25, which confirms that LON-PROD1 has connectivity with LON-PROD2, but it does not have connectivity with LON-TEST1 and LON-TEST2. Note: Only the student who is using LON-HOST2 will perform steps 6 and 7.
6.
On LON-HOST2, use the Get-VMNetworkAdapter cmdlet to confirm that 20409B-LON-TEST2 has a VirtualSubnetId property with the value 6001, which you configured with the Windows PowerShell script.
7.
On LON-TEST2, ping the following IP addresses:
8.
o
LON-TEST1: 10.0.0.16
o
LON-PROD1: 10.0.0.15
o
LON-PROD2: 10.0.0.25
Verify that four replies are returned, but only from IP 10.0.0.16, which confirms that LON-TEST2 has connectivity with LON-TEST1, but it does not have connectivity with LON-PROD1 and LON-PROD2.
Task 5: Remove Hyper-V network virtualization
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
4-37
1.
On LON-HOSTx, open the file C:\LabFiles\Mod04\RemoveNWx.ps1 in Windows PowerShell ISE.
2.
Review the script to see how network virtualization configuration is removed.
3.
In Windows PowerShell ISE, on the toolbar, press Run Script, or press F5. If you run the script on LON-HOST1, enter the index number of your physical server network adapter and the index number of your partner’s physical server network adapter that you recorded earlier.
4.
After network virtualization is removed, confirm network connectivity by performing the following steps: a.
b.
If you are using LON-HOST1, on LON-PROD1, ping the IP addresses of the following virtual machines:
LON-TEST1: 10.0.0.16
LON-PROD2: 10.0.0.25
LON-TEST2: 10.0.0.26
If you are using LON-HOST2, on LON-TEST2, ping the IP addresses of the following virtual machines:
LON-PROD1: 10.0.0.15
LON-TEST1: 10.0.0.16
LON-PROD2: 10.0.0.25
Results: After completing this exercise, you should have configured Hyper-V network virtualization.
Module Review and Takeaways Review Questions Question: Where can you configure extended virtual switch functionalities, such as traffic monitoring and DHCP guard protection? Question: Is there a limit on how many virtual switches you can create on a Hyper-V host? Question: Why is it that you can configure VLAN IDs for external and internal virtual switches, but you cannot configure VLAN ID for a private virtual switch?
MCT USE ONLY. STUDENT USE PROHIBITED
4-38 Creating and Configuring Virtual Machine Networks
MCT USE ONLY. STUDENT USE PROHIBITED 5-1
Module 5 Virtual Machine Movement and Hyper-V Replica Contents: Module Overview
5-1
Lesson 1: Providing High Availability and Redundancy for Virtualization
5-2
Lesson 2: Implementing Virtual Machine Movement
5-8
Lab A: Moving Virtual Machine and Configuring Constrained Delegation
5-14
Lesson 3: Implementing and Managing Hyper-V Replica
5-18
Lab B: Configuring and Using Hyper-V Replica
5-29
Module Review and Takeaways
5-33
Module Overview
Using virtualization to host server loads provides you with multiple benefits, such as the ability to make virtual machines highly available, and the ability to move them around within the same failover cluster. With Windows Server 2012, you can move running virtual machines and their storage between two Hyper-V hosts, even when they are not part of a failover cluster. This feature is called live migration, and in this module, you will learn how to implement the Live Migration feature, and how to utilize live migration. Throughout this module, you will see how to move virtual hard disks while a virtual machine is running, and you will test this feature in the lab. You will also learn how to use Hyper-V Replica (a feature of Windows Server 2012 Hyper-V) to protect virtual machines on one site by replicating them to another site.
Objectives After completing this module, you will be able to: •
Explain the importance of providing high availability and redundancy for virtualization.
•
Implement virtual machine movement.
•
Implement and manage Hyper-V Replica.
Lesson 1
Providing High Availability and Redundancy for Virtualization
MCT USE ONLY. STUDENT USE PROHIBITED
5-2 Virtual Machine Movement and Hyper-V Replica
When providing redundancy and high availability for virtual machines, you can choose from a variety, or even a combination of methods. Some of these, such as failover clustering, Network Load Balancing (NLB), and Network Adapter Teaming (NIC Teaming) are part of the operating system. Other applications, such as Microsoft Exchange Server 2013 and Microsoft SQL Server 2012, also include their own high availability features. In this lesson, you will learn about high availability features, their requirements, and the situations in which you can benefit from high availability.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the importance of high availability.
•
Explain redundancy in Windows Server 2012 R2 and Hyper-V.
•
Describe the use of NLB to achieve high availability at the operating-system level.
•
Describe the use of clustering to achieve high availability at the operating-system level.
•
Describe high availability at the application level.
Why Is High Availability Important? In an ideal computer environment, servers would always be available and free of failure. Bandwidth and other resources would be infinite, and you would not need to worry about high availability. In reality, server downtime is unavoidable, and you need to consider this when you are planning to provide uninterrupted services that must be constantly available. Such uninterruptable services include virtual machines, because some virtual machines will host critical systems, such as email, databases, or file servers.
What Is High Availability?
High availability means that systems and services are up and running, regardless of what happens. The goal of high availability is to make systems and services as constantly available as possible, and to eliminate as many potential single points of failure. Availability is often expressed numerically, as the percentage of time that a service is available. For example, a requirement for 99.9 percent availability allows 8.75 hours of downtime per year, or approximately 40 minutes of downtime every four weeks. However, with 99.999 percent up time, the allowed service downtime reduces to only five minutes per year. If your service or virtual machine is running on a single system, these high availability rates are virtually unachievable, because a single restart will most likely use up those five minutes. In addition, many actions such as upgrading hardware or applying updates require system restart. No matter how reliable the hardware is, components fail from time to time. Although rare, power outages or natural disasters such as earthquakes or hurricanes are always a possibility as well. To make a virtual machine highly available, you must first ensure that the hardware on which it is running is as reliable as possible. You should store virtual machine data files on shared storage, so they are still
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-3
available even if the physical host fails. You should then provide redundancy of all components, including power and networking, by using redundant power supplies and physical network paths to virtual machines. There is no benefit if the virtual machine is running, but clients cannot access it because of network failure. Question: Can you ensure high availability by simply copying the virtual machine that is providing a critical service, and making both the original virtual machine and the copy available on the network?
Redundancy in Windows Server 2012 R2 and Hyper-V To make a virtual machine highly available, you must deploy it in an environment that provides redundancy for all components, and makes it available even when failure occurs. The most basic high availability strategy is to ensure that hardware is as robust as possible, thereby minimizing failures in the first place. Windows Server 2012 R2 provides high availability features such as NIC Teaming, NLB, and failover clustering. Hyper-V builds on top of the Windows Server 2012 R2 high availability features by introducing its own virtualization-specific features, such as live migration, live storage migration, and Hyper-V Replica.
Hyper-V builds on and includes the following features to mitigate failures and provide high availability at different levels: •
Hardware failure. Hyper-V benefits from Windows Server 2012 R2 availability and serviceability, in addition to Windows Hardware Error Architecture, which provides a common infrastructure for managing hardware errors on Windows platforms. With Hyper-V, if a memory error is detected at a memory location that Hyper-V does not use, it will be marked as bad and in the future, the operating system will not use it. If the memory error is in the physical random access memory (RAM) that the virtual machine is using, only that virtual machine will be affected. The entire host and all virtual machines will fail only if the memory error is in the physical RAM that the Hyper-V host kernel is using.
•
Physical server failure. Hyper-V uses the failover clustering feature to provide redundancy if the entire physical server fails. The failover clustering feature is part of all Windows Server 2012 R2 editions, in addition to Hyper-V Server 2012 R2. If the server is a node in a failover cluster, virtual machines that were running on it will fail over automatically to other cluster nodes, and will be available after minimum downtime as a result of the virtual machine reboot. Hyper-V also includes live migration, which enables you to move virtual machines between Hyper-V hosts without downtime. An example is if you need to upgrade hardware or install updates to a Hyper-V host, or if you simply want to rebalance your virtualization workload.
•
Input/output (I/O) redundancy. Windows Server 2012 R2 includes several features such as server message block (SMB) 3.0 multichannel, storage Multipath I/O (MPIO), NIC Teaming, and NLB, which can provide high availability and benefit from network path redundancy. If a network adapter or other network infrastructure fails, Hyper-V uses these features to preserve network connectivity. If there are multiple network paths between the source and the destination, and if network equipment of one of those paths fails, Hyper-V uses these features to maintain connectivity to the virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
5-4 Virtual Machine Movement and Hyper-V Replica
•
Application or service failover. If a service or application inside a virtual machine fails or loses network connectivity, Hyper-V host can detect it and try to recover the application by moving the virtual machine to another node. You also can configure failover clustering inside virtual machines, either by using Internet small computer system interface (iSCSI) or Fibre Channel shared storage, an SMB 3.0 file share, or by using virtual hard disk sharing. In the same way that you can benefit from teaming physical network adapters on a Hyper-V host, you can also use team network adapters in virtual machines, which can be especially beneficial when using single-root I/O virtualization (SR-IOV).
•
Disaster Recovery. Windows Server 2012 R2 includes Cluster Shared Volume (CSV) integration with storage arrays for synchronous replication. This can provide protection against disaster at a single location, because Hyper-V hosts are also at the alternate location and accessing replicated storage. However, Hyper-V also includes Hyper-V Replica, a feature that provides asynchronous replication of the running virtual machines to an alternate location with configurable intervals. Hyper-V Replica failover requires virtual machine downtime during failover. Question: Can you configure virtual machine guest clustering only if iSCSI or Fibre Channel storage area network (SAN) is available as a shared storage?
Using NLB to Provide High Availability at the Operating System Level
NLB is an effective and scalable way to achieve high availability for stateless services such as a web server. The term stateless refers to workloads that respond to each request independently from previous requests, and without keeping client state. For example, when a client requests a webpage, the web server gathers all of the necessary information from the request, and then returns the generated webpage to the client. When the client requests the next webpage, it may request the webpage from the same web server, or from any other identically configured web server in the NLB farm. This is because all the information that the web server needs is in the request. Using NLB to achieve high availability provides the following benefits: •
NLB enhances the availability and scalability of other Internet server applications such as file transfer protocol (FTP), firewall, proxy, virtual private network (VPN), and other mission-critical servers.
•
All of the Windows Server 2012 R2 editions include the NLB feature. You can include up to 32 servers in an NLB farm, and you can add or remove a server dynamically from the NLB farm. For a loadbalanced service, the load is redistributed automatically among the servers that are still operating when a server fails or goes offline. If the failure is unexpected, only active connections to the failed server are lost. When you repair the server, it can rejoin the NLB farm transparently and regain its share of the requests.
•
Hyper-V can use NLB for load-balancing requests for virtual machines on the same Hyper-V host, or for virtual machines across multiple Hyper-V hosts. When you use NLB in unicast mode to distribute load among virtual machines, you must enable MAC Spoofing for the virtual machine network adapter. This is because the network adapter does not use its own media access control (MAC) address, but the MAC address of the unicast NLB. Question: If multiple virtual machines will be part of the same NLB farm, should you configure them with the same IP address or with different IP addresses?
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Using Clustering to Achieve High Availability at the Operating System Level Failover clustering is an operating system feature that is included in all editions of Windows Server 2012 R2. Failover clustering provides high availability at the operating system level, but it does not provide scalability. If you add an additional server to the failover cluster, you will not be able to respond to more requests than before.
5-5
You often use failover clustering to provide high availability for mission-critical, stateful applications such as databases, virtualization infrastructure, or business applications. You can implement failover clustering at the Hyper-V host level or at the virtual machine guest operating system level.
A failover cluster can include up to 64 servers (called nodes), and all servers must be running the same version of the Windows Server operating system. The servers should have access to shared storage that contains the application configuration and data. If a server hosting a highly available application fails, the failover cluster detects the failure by using heartbeats. The hosting server immediately moves the application to another failover cluster node, and then starts it there without administrative intervention. During the failover, the application (or virtual machine in the case of Hyper-V failover cluster) is restarted, which causes some downtime. The clients detect the failover in the same way as they would an application running on a single server that you turn off and then turn on again. It would take some time for that server to restart, for the application to initialize and verify its consistency, and for the database to perform rollback of uncommitted transactions. However, in the end, the application would become available again automatically.
Because clients connect to the application by using the cluster name and not the name of the node where the application was running, the clients are reconnected to the node to where the application was moved. If Hyper-V is running on a failover cluster, Hyper-V can monitor the state of a virtual machine, the services running inside the virtual machine, and whether the virtual network adapter has connectivity. If connectivity is lost but the virtual machine is still running, then the virtual machine can be moved to a different node. The same is true if a monitored service within the virtual machine stops. Understanding Microsoft’s High-Availability Solutions http://go.microsoft.com/fwlink/?LinkID=386709 Question: Does a virtual machine operating system have to support the failover feature if you want to make the virtual machine highly available by using failover clustering?
High Availability at the Application Level You can provide high availability at varying levels. Reliable and redundant hardware helps keep servers and networking infrastructure highly available. Failover clustering and NLB help provide high availability at the operating system level, and applications and services can benefit from them. However, some applications such as SQL Server or Exchange Server extend those highly available features or provide their own. This topic covers some of those applications and their high availability features.
MCT USE ONLY. STUDENT USE PROHIBITED
5-6 Virtual Machine Movement and Hyper-V Replica
SQL Server is one of the critical applications, so it is mandatory that you make it highly available. SQL Server 2012 extends the failover clustering functionality that Windows Server 2012 R2 provides. SQL Server 2012 provides multiple high availability features, which you can use to achieve different goals and make an entire database server or single databases available even in the case of a failure. High availability features that SQL Server 2012 provides are: •
AlwaysOn failover cluster instances. This feature builds on top of the failover clustering feature in Windows Server 2012. It provides high availability at the SQL Server instance level through redundancy, which is called failover cluster instance. Failover cluster instance is an instance of SQL Server that provides failover between nodes if the current node becomes unavailable. Failover cluster instance is added to a failover cluster and is visible to clients as a SQL Server instance running on a single server. Only one failover cluster instance node owns the failover clustering resource group at any time. If failure happens, resource group ownership moves to another failover clustering node. The process is transparent to the clients, and this minimizes the downtime that clients experience during a failure.
•
AlwaysOn Availability Groups. This is a new feature in SQL Server 2012, and it maximizes the availability for one or more user databases (called availability databases). The databases in an availability group are treated as a unit, and all the databases in the same availability group fail over together. An availability group supports a set of read-write primary databases and up to four sets of corresponding secondary databases. Each instance of an availability group is called an availability replica, and secondary databases can be configured for read-only access or used for backup. Failover clustering provides high availability for listeners. Availability replica is stored locally and SQL Server provides synchronization between databases in the availability group by either asynchronous-commit or synchronous-commit mode.
Note: Each availability replica must reside on a different node of a single Windows Server failover cluster. •
Database mirroring. This feature increases SQL Server database availability. SQL Server implements mirroring at the database level, which works only if the database is using a full recovery model. With mirroring, two copies of a database are maintained, and each copy is on separate servers that are running SQL Server, typically in different locations. Clients access one server running SQL Server, and the other server acts as a hot or warm standby server, depending on configuration. When the servers that are running SQL Server synchronize, database mirroring provides a hot standby server that supports rapid failover without a loss of data from committed transactions.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Note: Database mirroring will be removed in a future version of SQL Server. Therefore, you should not include it in your applications, and you should plan to modify applications that are using this feature. Instead, you should use AlwaysOn Availability Groups. •
5-7
Log shipping. This feature operates at the database level and automatically sends transaction log backups from a production (or primary) database to one or more standby secondary databases on a separate server that is running SQL Server. The transaction log backups are applied to each of the secondary databases individually. You can also configure an optional third server or monitor server, which records the status of backup and restore operations, and can raise alerts if these operations fail to occur as scheduled.
With Exchange Server 2013, you can simply install two or more Exchange Server 2013 mailbox servers as stand-alone servers, and then when needed, configure these servers and mailbox databases for high availability and site resilience. Exchange Server provides high availability for the mailboxes by configuring database availability groups (DAGs). A DAG is a collection of up to 16 servers that provides the infrastructure for replicating and activating database copies. Any server in a DAG can host a copy of a mailbox database from any other server in the DAG. The DAG uses continuous replication to each of the passive database copies within the DAG.
DAG requires the Windows Server failover clustering feature, although all installation and configuration is performed by Exchange Server. Failover clustering does not manage database failover. Instead, Active Manager performs this task. Active Manager will recover from the failure automatically by failing over to a database copy on another mailbox server in the DAG. Windows Server failover clustering is also useful for some failure-detection scenarios, such as a server failure. If you need to provide high availability for client access in Exchange Server 2013, you can add multiple Client Access servers to the Exchange deployment and use NLB or round-robin Domain Name System (DNS) to distribute clients among the Client Access servers in an NLB farm. High Availability Solutions (SQL Server) http://go.microsoft.com/fwlink/?LinkID=386708 High Availability and Site Resilience http://go.microsoft.com/fwlink/?LinkID=386704 Question: Can you implement application high availability features such as AlwaysOn Availability Groups in SQL Server 2012 without operating system support?
Lesson 2
Implementing Virtual Machine Movement
MCT USE ONLY. STUDENT USE PROHIBITED
5-8 Virtual Machine Movement and Hyper-V Replica
One benefit of virtualization is that you can move virtual machines between Hyper-V hosts. In the past, you could move virtual machines without downtime (referred to as live migration), but only between nodes in the same failover cluster. In Windows Server 2012, the Live Migration feature is improved, so that you now can move virtual machines between any two Hyper-V hosts, providing there is network connectivity between them. You can also move virtual hard disks, checkpoints, and other virtual machine items while a virtual machine is running. In this lesson, you will learn how to implement storage migration and live migration, and you will learn how you can perform these types of migrations using Hyper-V Manager and Windows PowerShell.
Lesson Objectives After completing this lesson, you will be able to: •
Describe virtual machine moving options.
•
Explain how storage migration works.
•
Describe the Move Wizard.
•
Move virtual machine storage.
•
Describe live migration of non-clustered virtual machines.
•
Move a running virtual machine.
Virtual Machine Moving Options A virtual machine is always running on a Hyper-V host. However, sometimes you need to move a virtual machine or its components from one volume to another, or between Hyper-V hosts, even if they are not cluster nodes. For example, you might want to move a virtual machine from local storage to an SMB 3.0 share, between logical unit numbers (LUNs), or between Hyper-V nodes in different failover clusters. Hyper-V in Windows Server 2012 R2 has several options that you can use to move a virtual machine and its data files. Based on the environment and requirements, you can select one of the following methods: •
Virtual machine and storage migration. With this method, you can move an entire virtual machine or only its data files from one location to another or between Hyper-V hosts, while the virtual machine is running, and without noticeable downtime. Virtual machine and storage migration do not require failover clustering or any other high availability solution to work. They only require network connectivity between the source and destination. When you are moving a virtual machine and storage from Windows Server 2012 Hyper-V, a destination server can be either Windows Server 2012 or Windows Server 2012 R2 (cross-version migration).
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-9
•
Quick migration. Windows Server 2008 introduced the quick migration method, which you can use to move virtual machines only between Hyper-V hosts within the same failover cluster. The virtual machine is unavailable for the short time during the move operation.
•
Live Migration. Windows Server 2008 R2 introduced the Live Migration feature, which is an improvement over quick migration functionality. When first introduced, you could use the Live Migration feature only to move virtual machines between Hyper-V hosts in the same failover cluster. The benefit of live migration functionality is that there is no noticeable virtual machine downtime. In Windows Server 2012, live migration functionality is improved. Failover clustering is no longer a requirement, and you can move multiple virtual machines from the same Hyper-V host simultaneously. Windows Server 2012 R2 provides further improved live migration performance, because you can use compression, SMB Direct, and SMB Multichannel during live migration.
•
Hyper-V Replica. Windows Server 2012 introduced the Hyper-V Replica feature, which you can use to replicate a virtual machine asynchronously over IP networks, typically to a remote disaster recovery site. With Hyper-V Replica, the virtual machine is replicating while it is running, and its changes are synchronized with the replica. In Windows Server 2012 R2, you can configure replication frequency and extended replication. Extended replication forwards the virtual machine changes to a third Hyper-V host.
•
Exporting and importing virtual machines. In Windows Server 2012 R2, you can export a virtual machine while it is running. You can also copy virtual machine data files, because in Windows Server 2012 and newer versions, you can import a virtual machine and then configure necessary settings during the import operation even if you did not first export the virtual machine. This can be a very time-consuming operation however, because you need to copy virtual machine data files between Hyper-V hosts, and the virtual machine is typically turned off during that time. Question: What is the main difference between quick migration and live migration?
How Storage Migration Works Using storage migration, you can move virtual hard disks and data files that the virtual machine is using to a different physical storage, while the virtual machine is running. You can perform storage migration by using the Move Wizard in Hyper-V Manager, or by using the MoveVMStorage cmdlet in Windows PowerShell.
Windows Server 2012 introduced the storage migration feature, which you use to move virtual machine data files without downtime. For example, you can use storage migration when you need to upgrade physical storage, or when you need to move virtual machine storage from locally attached disks to an SMB 3.0 share or SAN. You can also use storage migration to move various virtual machine items (such as virtual hard disks, configuration, checkpoints, and smart paging), to different locations while the virtual machine is running. For example, after you create the first checkpoint for a virtual machine, you cannot modify the checkpoint file location setting unless you delete all virtual machine checkpoints or use storage migration. Storage migration is performed in the following steps: 1.
Before the migration starts, all virtual machine Read and Write operations are performed at the source virtual hard disk.
MCT USE ONLY. STUDENT USE PROHIBITED
5-10 Virtual Machine Movement and Hyper-V Replica
2.
When storage migration starts, virtual hard disk content is copied over the network to the destination, while all the Read and Write operations are still performed on the source virtual hard disk.
3.
After the initial copy is complete, Write operations for the virtual hard disks are mirrored to both the source and destination virtual hard disks.
4.
After the source and destination virtual hard disks are synchronized, the virtual machine switches over and starts using the destination virtual hard disk.
5.
The source virtual hard disk is deleted.
Storage migration is only supported for virtual hard disks, current virtual machine configuration, checkpoints, and smart paging file. If you try to perform storage migration on any other storage type, such as directly-attached (pass-through) disks or data on a Fibre Channel SAN (not the virtual Fibre Channel adapter itself), the storage migration attempt will result in an error. Note: You cannot move virtual machine storage if the virtual machine is using directlyattached physical disks.
When you are migrating virtual machine storage, you can move all the data files to the same location, or to different locations. During this storage migration process, the virtual machine continues to run on the same Hyper-V host, and access to it is uninterrupted. Note: Use the Storage Migration Hyper-V settings to specify how many storage migrations can be performed simultaneously. By default, two simultaneous storage migrations are configured, but you can increase this number. Virtual Machine Storage Migration Overview http://go.microsoft.com/fwlink/?LinkID=386706 Question: Can you use storage migration to move only virtual hard disks?
Overview of the Move Wizard You can use either the Move Wizard in Hyper-V Manager, or Windows PowerShell cmdlets to move an entire virtual machine (or just its data) while the virtual machine is running. Before you can start moving a virtual machine, you must first enable Live Migration in both hosts, because this feature is disabled by default. If you want to move virtual machine data only, you do not need to enable Live Migration. Hyper-V allows for two simultaneous storage migrations by default.
To access and use the Move Wizard, click the virtual machine in Hyper-V Manager, and then click Move. After you become familiar with the Move Wizard, you need to select if you want to move the entire virtual machine, or just the virtual machine storage.
Alternatively, you can also use Windows PowerShell to move a virtual machine. If you want to move an entire virtual machine, use the Windows PowerShell cmdlet Move-VM. If you want to move just the virtual machine data, you use the Windows PowerShell cmdlet Move-VMStorage.
Moving Virtual Machines
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-11
To move a virtual machine, you must specify the target Hyper-V host, which you must also configure to allow live migrations. You must specify if you want to move only the virtual machine, or if you want to include its data files in the move process. If you want to include the data files, you must specify where to put them on the target Hyper-V host, or on the SMB 3.0 share. You typically select to move only the virtual machine when its data is already on the SMB 3.0 share.
You can then complete the Move Wizard and perform the move. This process can occur quickly if you use a fast network, if the virtual machine is turned off, and if its storage is small. Conversely, the process can take considerable time for large virtual machines. However, at the end of the move process, the virtual machine is running on the target Hyper-V host, and is no longer present at the source Hyper-V host.
Moving Virtual Machine Storage
To move virtual machine storage, you have an option to move all of the virtual machine data to a single location, to move the virtual machine data to different locations, or to move only the virtual machine virtual hard disks. If you select to move the virtual machine data to different locations, you can specify a new location for each of the virtual machine data items, which includes virtual hard disks, current configuration, checkpoints, and smart paging file. You can move virtual machine storage to other folders on the same Hyper-V host, or to an SMB 3.0 share. You can then complete the Move Wizard, and perform the move. For example, you can use the Move Wizard to modify checkpoint file location when the virtual machine already has checkpoints. Question: Do you need to be local administrator to use the Move Wizard?
Demonstration: Moving Virtual Machine Storage In this demonstration, you will see how you use the Move Wizard and the Windows PowerShell Move-VMStorage cmdlet to move virtual machine storage, while the virtual machine is running.
Demonstration Steps 1.
On LON-HOST1, use Hyper-V Manager to confirm that LON-MOVE1 is running and is configured with a locally stored VHD.
2.
Use the Move Wizard to move the LON-MOVE1 virtual machine VHD to \\LON-HOST2\VHDs \LON-MOVE1. Because the VHD is dynamically expanding and is small, notice that the move completes quickly.
3.
Use Hyper-V Manager to confirm that the LON-MOVE1 virtual machine VHD is now stored on a network share. Notice that the VHD was moved while virtual machine was running.
4.
On LON-HOST1, use Hyper-V Manager to confirm that LON-MOVE2 is running, is configured with a locally stored VHD, and that its checkpoints are stored locally.
5.
Use the Windows PowerShell cmdlet Move-VMStorage with the DestinationStoragePath parameter to move LON-MOVE2 storage to the \\LON-HOSTy\VHDs\LON-MOVE2 folder.
6.
Use the Windows PowerShell cmdlet Get-VM to view the LON-MOVE2 virtual machine Path and SnapshotFileLocation.
7.
Use Hyper-V Manager to confirm that the LON-MOVE2 VHD and checkpoints are now stored on the network share, and that they were moved while the virtual machine was running.
Live Migration of Non-Clustered Virtual Machines With Windows Server 2008 R2, you can perform live migration only when a virtual machine is running on a failover cluster node and only if its data is stored on the shared storage. You can still perform live migration of clustered virtual machines in Windows Server 2012, but a failover cluster is no longer a requirement. You also can use Windows Server 2012 to perform live migration in two other ways without a failover cluster:
MCT USE ONLY. STUDENT USE PROHIBITED
5-12 Virtual Machine Movement and Hyper-V Replica
•
When virtual machine storage is on an SMB 3.0 share.
•
When virtual machine storage is local, and on a Hyper-V host. This is sometimes referred to as shared nothing live migration.
Note: If you are managing a Hyper-V host remotely and you want to move a virtual machine, you must first allow Kerberos protocol delegation for the computer account of the Hyper-V host. You can review the detailed steps for configuring Kerberos delegation in the hands-on lab at the end of this module.
When virtual hard disks of a virtual machine are stored on an SMB 3.0 share, only the virtual machine is moved during live migration, and the virtual machine storage remains on the SMB 3.0 share. If virtual hard disks are on local Hyper-V storage, then the virtual machine storage is copied to the destination server over the network by using storage migration. After the source and destination storage are synchronized, the virtual machine live migration starts. The steps are in the following order: 1.
The virtual machine configuration is copied to the destination Hyper-V host, which is a blank virtual machine with the same configuration but without any data created. Memory is allocated to the destination virtual machine.
2.
The virtual machine memory is copied over the network to the destination Hyper-V host. This memory is called the working set of the migrating virtual machine, and consists of memory pages that are each 4 kilobytes (KB) in size. The Hyper-V host monitors the memory, and as the source virtual machine modifies the memory pages, it tracks and marks the pages as modified.
3.
After all the memory pages are copied, Hyper-V also copies the modified pages. Hyper-V iterates the memory copy process several times, and each iteration requires copying a smaller number of modified pages.
4.
After all of the modified memory pages are copied to the destination Hyper-V host, the working set for the virtual machine is in the same exact state as on the source Hyper-V host.
5.
In the final stage of a live migration, a network package is sent to the network switch, which causes it to obtain a new MAC addresses for the moved virtual machine. This enables network traffic for the moved virtual machine to use the correct switch port. The final stage of the live migration completes in less time than the Transmission Control Protocol (TCP) time-out interval.
Live migration speed is affected by the following variables: •
The number of modified memory pages in the source virtual machine
•
The available network bandwidth between the source and destination Hyper-V hosts
•
The hardware configuration and utilization of the source and destination Hyper-V hosts
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-13
After the live migration completes and the virtual machine is running on the destination Hyper-V host, virtual machine data is deleted on the source Hyper-V host, but virtual machine storage is not deleted from the SMB 3.0 share. Note: In Windows Server 2012 R2, you can configure use of compression or SMB Multichannel and SMB Direct when performing live migration. Virtual Machine Live Migration Overview http://go.microsoft.com/fwlink/?LinkID=386705 Question: How does the virtual machine memory size affect live migration time? Question: Does live migration use compression when migrating virtual machines?
Demonstration: Moving a Running Virtual Machine In this demonstration, you will see how to move a running virtual machine.
Demonstration Steps 1.
On LON-HOST1, use Hyper-V Manager to confirm that LON-PROD1 is running, is configured with a locally stored VHD, and that its checkpoints are stored locally.
2.
On LON-PROD1, use the Windows PowerShell ping command with the –t parameter to send network packets to IPv4 address 10.0.0.25. This will ping the LON-PROD2 computer, which is running on your partner’s Hyper-V host.
3.
Use the Move Wizard to move the LON-PROD1 virtual machine to LON-HOST2, and to move all data to the C:\Moved\LON-PROD1 folder on the target host.
4.
Use Hyper-V Manager to monitor the progress of live migration, and to verify that LON-PROD1 is able to ping LON-PROD2 throughout the live migration.
5.
After live migration completes, confirm that LON-PROD1 is no longer running on LON-HOST1.
6.
In Hyper-V Manager, confirm that the LON-PROD1 VHD is now in the C:\Moved\LON-PRODx \Virtual Hard Disks folder.
Lab A: Moving Virtual Machine and Configuring Constrained Delegation Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
5-14 Virtual Machine Movement and Hyper-V Replica
A. Datum Corporation has implemented the Hyper-V virtualization platform in one of their subsidiaries. Some of the physical servers have been virtualized, and additional virtual machines have been created. Several key servers have been virtualized, including servers that need to be available at all times.
IT management has approved the purchase of several additional Hyper-V hosts. You now need to balance the number of virtual machines running on both the existing hosts and the new hosts. You need to ensure that you can move virtual machines to the new hosts in such a way that the virtual machines are available during the move operation.
Objectives After completing this lab, you will be able to: •
Move Hyper-V storage and virtual machines.
Lab Setup Estimated Time: 45 minutes
Virtual machines: 20409B-LON-HOSTx, 20409B-LON-DC1, 20409B-LON-TESTx, and 20409B-LON-PRODx User name: Adatum\Administrator Password: Pa$$w0rd Note: You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.
Exercise 1: Moving Hyper-V Storage and Virtual Machines Scenario
To balance the number of virtual machines running on both the existing hosts and the new hosts, you need to move a virtual machine between Hyper-V hosts as it is running, and without downtime. First, you will configure a destination Hyper-V host to allow live migration. Next, you will move virtual machine storage, its virtual hard disk, and its checkpoints, to the Hyper-V host of your partner, first by using the Move Wizard, and then by using Windows PowerShell cmdlets. You will also move the running Windows 8.1 virtual machine LON-PRODx, and confirm that it has network connectivity the entire time during the move operation. When you initiate the move operation remotely, you must allow the Hyper-V host to act on your behalf on the destination Hyper-V host, so you will also configure constrained delegation. After that, you will use the Move-VM cmdlet to move the virtual machine from the Hyper-V host that your partner is using. The main tasks for this exercise are as follows: 1.
Move virtual machine storage by using the Move Wizard.
2.
Move virtual machine storage by using Windows PowerShell.
3.
Configure Hyper-V host for live migration.
4.
Move a virtual machine by using Live Migration.
5.
Configure constrained delegation.
6.
Run live migration from Windows PowerShell.
Task 1: Move virtual machine storage by using the Move Wizard Note: Before starting with this lab, run the C:\Labfiles\Mod05\Mod05setup.ps1 script to prepare environment for the lab.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-15
1.
On LON-HOSTx, use Hyper-V Manager to confirm that LON-MOVE1 is running and configured with a locally stored VHD.
2.
Use the Move Wizard to move the LON-MOVE1 virtual machine VHD to \\LON-HOSTy\VHDs \LON-MOVE1. Note: Because the VHD is dynamically expanding and is small, it moves quickly.
3.
Use Hyper-V Manager to confirm that the LON-MOVE1 virtual machine VHD is now stored on a network share. Note: The VHD was moved while the virtual machine is running.
4.
Confirm that the LON-MOVE1 checkpoints are stored locally, and that you cannot change the location.
5.
Use the Move Wizard to move the LON-MOVE1 virtual machine checkpoints to \\LON-HOSTy \VHDs\LON-MOVE1.
6.
Confirm that LON-MOVE1 checkpoints are now stored on the network share, and that they were moved while the virtual machine was running.
Task 2: Move virtual machine storage by using Windows PowerShell 1.
On LON-HOSTx, use Hyper-V Manager to confirm that LON-MOVE2 is running and is configured with a locally stored VHD, and that its checkpoints are stored locally.
2.
Use the Windows PowerShell cmdlet Move-VMStorage with the DestinationStoragePath parameter to move LON-MOVE2 storage to the \\LON-HOSTy\VHDs\LON-MOVE2 folder.
3.
Use the Windows PowerShell cmdlet Get-VM to view the Path and SnapshotFileLocation of the LON-MOVE2 virtual machine.
4.
Use Hyper-V Manager to confirm that the LON-MOVE2 VHD and checkpoints are stored on the network share, and that they were moved while the virtual machine was running.
Task 3: Configure Hyper-V host for live migration 1.
Use the Move Wizard on LON-HOSTx to try to move the 20409B-LON-PRODx virtual machine to LON-HOSTy. Note: You will get an error, as the computer is not configured for live migration.
2.
Enable live migration on LON-HOSTx. Confirm that incoming live migration can Use any available network for live migration, that Kerberos is used as Authentication Protocol, and that Compression is used.
3.
In Hyper-V Manager, add a connection to LON-HOSTy.
Note: Live migration must be enabled on both LON-HOSTx machines before you can continue with the lab. Make sure that your partner has finished this task before you continue.
Task 4: Move a virtual machine by using Live Migration
MCT USE ONLY. STUDENT USE PROHIBITED
5-16 Virtual Machine Movement and Hyper-V Replica
1.
On LON-HOSTx, use Hyper-V Manager to confirm that 20409B-LON-PRODx is running, is configured with a locally stored VHD, and that its checkpoints are stored locally.
2.
On LON-PRODx, open Windows PowerShell, and use the ping command with the –t parameter to send network packets to the IPv4 address 10.0.0.y5. This will ping the LON-PRODy computer, which is running on your partner’s Hyper-V host.
3.
Use the Move Wizard to move the 20409B-LON-PRODx virtual machine to LON-HOSTy, and move all data to the C:\Moved\LON-PRODx folder on the target host.
4.
Monitor the progress of migration, and notice that LON-PRODx is able to ping LON-PRODy throughout the live migration.
5.
After live migration completes, confirm that LON-PRODx is no longer running on LON-HOSTx.
6.
Use Hyper-V Manager to confirm that the 20409B-LON-PRODx VHD is in the C:\Moved\LONPRODx\Virtual Hard Disks folder, and that the checkpoint files location is C:\Moved\LON-PRODx.
7.
Use the Move Wizard again to move the LON-PRODx virtual machine back to LON-HOSTx, and to move its data to the C:\Moved\LON-PRODx folder.
8.
Confirm that this time, a Move Wizard error dialog box opens, and reports that there was an error during the move operation. The error occurs because you are managing a remote Hyper-V host, which is not allowed to delegate your permissions.
Task 5: Configure constrained delegation 1.
On LON-HOSTx, use the Windows PowerShell cmdlet Install-WindowsFeature to install Active Directory administrative tools on LON-HOSTx.
2.
Use Active Directory Users and Computers to configure delegation on the Delegation tab of the LON-HOSTy computer object. Select to use Kerberos only, and add cifs and Microsoft Virtual System Migration Services service types on LON-HOSTx.
3.
Close Active Directory Users and Computers.
4.
Use winrs command to remotely purge cached Kerberos tickets on LON-HOSTy by running following command: Winrs –r:LON-HOSTy klist -lh 0 -li 0x3e7 purge
Task 6: Run live migration from Windows PowerShell 1.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-17
Use the Windows PowerShell cmdlet Move-VM to move the 20409B-LON-PRODx virtual machine to LON-HOSTx by using following parameters: o
Name: LON-PRODx
o
DestinationHost: LON-HOSTx
o
ComputerName: LON-HOSTy
o
DestinationStoragePath: C:\Moved\LON-PRODx
2.
View the Status column in Hyper-V Manager to monitor migration progress.
3.
After migration completes, confirm that 20409B-LON-PRODx is no longer running on LON-HOSTy.
4.
Use Hyper-V Manager to confirm that the LON-PRODx VHD is located in the C:\Moved\LONPRODx\ Virtual Hard Disks folder, and that checkpoints are located in the C:\Moved\LON-PRODx folder. Note: Leave the virtual machines running for the next lab.
Results: After completing this exercise, you should have moved Hyper-V storage and virtual machines.
Lesson 3
Implementing and Managing Hyper-V Replica
MCT USE ONLY. STUDENT USE PROHIBITED
5-18 Virtual Machine Movement and Hyper-V Replica
Hyper-V Replica is a disaster recovery feature that is built into Hyper-V. You can use it to replicate a running virtual machine to a secondary location, and in Windows Server 2012 R2, you can extend the replication to a third location. While the primary virtual machine is running, Hyper-V Replica is turned off. Hyper-V Replica is updated regularly, and when needed, you can perform failover from primary virtual machine to a replica virtual machine. You perform failovers manually, and they can be planned or unplanned. Planned failovers are without data loss, whereas unplanned failovers can cause loss of last changes, up to five minutes by default. In this lesson, you will learn how to implement and manage Hyper-V Replica, and how to perform both a test failover and a planned failover.
Lesson Objectives After completing this lesson, you will be able to: •
Explain the prerequisites for Hyper-V Replica.
•
Describe Hyper-V Replica.
•
Explain the process of enabling a virtual machine for replication.
•
Enable virtual machine replication.
•
Explain the concept of Hyper-V Replication Health.
•
Describe test failover, planned failover, and failover.
•
Describe Hyper-V Replica synchronization.
•
Perform a planned Hyper-V failover.
Prerequisites for Hyper-V Replica In situations where you have concerns about virtual machine availability, you can implement a Hyper-V failover cluster and make virtual machines highly available. However, failover clusters are often limited to a single location, because multi-site clusters require specialized hardware, and are expensive to implement. If a natural disaster such as an earthquake or a flood affects occurs, all server infrastructure at that location may be lost.
Windows Server 2012 introduced Hyper-V Replica, which you can use to implement an affordable business continuity and disaster recovery solution for the virtual environment. Providing you have network connectivity, you are not limited to a single site, and you can use Hyper-V Replica to replicate virtual machines to a Hyper-V host in a secondary location across a wide area network (WAN) link. If you have a single location, you can still use Hyper-V Replica to replicate virtual machines to your partner company in another state or hosting provider. This is because Hyper-V hosts that participate in replication do not have to be in the same Active Directory Domain Services (AD DS) forest, or have the same configuration. In addition, you can encrypt network traffic between them.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-19
You also can use Hyper-V Replica to have two instances of a single virtual machine residing on different Hyper-V hosts. One of the instances will be the primary, running virtual machine, and the other instance will be a replica, offline copy. Hyper-V synchronizes these instances, and you can perform manual failover at any time. If a failure occurs at a primary site, you can use Hyper-V Replica to execute a failover of the virtual machines to replica servers at a secondary location, thereby minimizing downtime. Before you implement Hyper-V Replica, ensure that the virtualization infrastructure meets the following prerequisites: •
Windows Server 2012 or a newer Windows Server version with the Hyper-V role installed at both locations. Server hardware should have sufficient capacity to run all of the virtual machines—its local virtual machines, as well as replicated virtual machines. Replicated virtual machines are in a turned-off state, and they will be started only if you perform a failover.
•
Sufficient storage is available on both the primary and replica Hyper-V hosts. This is necessary to store both local and replicated virtual machine data.
•
Network connectivity is available between the locations that are hosting the primary and replica Hyper-V hosts. Connectivity can be through either a WAN or local area network (LAN) link.
•
Firewall rules to allow replication between the primary and replica sites are in place. When you install the Hyper-V role, the Hyper-V Replica HTTP Listener (TCP-In) and Hyper-V Replica HTTPS Listener (TCP-In) rules are added to the Windows Firewall. Before you can use Hyper-V Replica, you need to enable one or both of these rules on the replica Hyper-V host.
•
If you want to use certificate-based authentication, ensure that an X.509v3 certificate from the trusted certification authority (CA) exists to support mutual authentication at both Hyper-V hosts.
•
If you use Kerberos authentication, both Hyper-V hosts must be joined to the same AD DS forest.
Note: You can configure Hyper-V replica regardless of whether the Hyper-V host is a node in the failover cluster. Hyper-V Replica Overview http://go.microsoft.com/fwlink/?LinkID=386707 Question: Can you use Hyper-V Replica to replicate only virtual machines that have integration services installed?
Overview of Hyper-V Replica Hyper-V Replica provides a virtual machine-level replication, which efficiently and securely replicates virtual machine data and changes over a LAN or WAN link to a remote location, and does not require any additional software or hardware.
Hyper-V Replica High-Level Architecture When you configure a virtual machine for replication, initial replication is performed, and a copy of the virtual machine is created on the recovery host. However, the replicated virtual machine remains turned off until you initiate the
MCT USE ONLY. STUDENT USE PROHIBITED
5-20 Virtual Machine Movement and Hyper-V Replica
failover, while primary virtual machine is running. When you enable replication, changes in the primary virtual machine are written in the log file, which is periodically replicated and applied to the replica. Hyper-V Replica has several components: •
Replication engine. This component manages the replication configuration details and initial replication, replication of delta changes, and failover and test failover operations. It also tracks virtual machine and storage mobility events, and takes appropriate actions when necessary. For example, the replication engine pauses replication when you start moving a virtual machine, and then resumes replication where it was paused, after the move operation is complete.
•
Change tracking module. This component tracks changes that occur to the virtual machine on the source Hyper-V host. The change tracking module tracks the Write operations to the virtual hard disks, regardless of where the virtual hard disks are stored—locally, on the SAN, on SMB 3.0 share, or on a CSV.
•
Network module. This component provides a secure and efficient way to transfer virtual machine data between Hyper-V hosts in the primary site and replica site. It minimizes the traffic by compressing data by default. The network module can also encrypt data when https and certification-based authentication are used.
•
Hyper-V Replica Broker. This component is used only when a Hyper-V failover cluster is the source or destination for Hyper-V Replica traffic. This role enables you to use Hyper-V Replica with highly available virtual machines, which can move between cluster nodes. The Hyper-V Replica Broker role queries the cluster database, and then redirects all requests to the cluster node where the virtual machine is currently running.
•
Management tools. These tools enable you to configure and manage Hyper-V Replica. Aside from Hyper-V Manager and Windows PowerShell, you can also use Failover Cluster Manager, which you should use for all virtual machine management and Hyper-V Replica configurations when the source or replica Hyper-V hosts are part of a Hyper-V failover cluster. Understand and Troubleshoot Hyper-V Replica in Windows Server "8" Beta http://go.microsoft.com/fwlink/p/?LinkId=237258
Security Considerations
You can establish Hyper-V Replica with a Hyper-V host regardless of its location and domain membership, as long as you have network connectivity with it. There is no requirement for Hyper-V hosts to be part of the same AD DS domain. You can also implement Hyper-V Replica when Hyper-V hosts are members of untrusted domains or workgroups, because you can configure certificate-based authentication. Hyper-V Replica implements security at the following different levels: •
On each server, Hyper-V creates a local security group called Hyper-V Administrators. Members of this group, in addition to local administrators, can configure and manage Hyper-V Replica.
•
You can configure a replica server to allow replication from any authenticated server, or to limit replication to specific servers. In that case, you need to specify a fully qualified domain name (FQDN) for the primary server (for example hv1.contoso.com), or use a wildcard with a domain suffix, for example *.contoso.com. Use of IP addresses is not allowed. If the replica server is in a failover cluster, replication is allowed at the cluster level. When you are limiting replication to specific servers, you also need to specify a trust group, which is used to identify the servers within which a virtual machine can move. For example, if you provide disaster recovery service to partner companies, the trust group prevents one company from gaining access to another company's replica machines.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-21
•
Replica Hyper-V host can authenticate primary Hyper-V host by using Kerberos authentication and certificates. Kerberos authentication requires both Hyper-V hosts to be in the same AD DS forest, whereas you can use certificate authentication in any environment. Kerberos authentication is used with http traffic and is not encrypted, whereas certificate-based authentication is used with https traffic and is encrypted.
•
You can establish Hyper-V Replica only if network connectivity exists between the Hyper-V hosts. You should configure Windows Firewall to allow either HTTP or HTTPS Hyper-V Replica traffic. Question: You want to replicate your virtual machines to a hosting provider. How must the replica Hyper-V host that is running at the hosting provider be configured so that it can authenticate your primary Hyper-V host? Question: How can you limit primary Hyper-V hosts to be able to access only virtual machines that originate from the same company?
Enabling a Virtual Machine for Replication After you configure a Hyper-V replica server to allow incoming replication, you then need to enable replication on the virtual machines on the primary Hyper-V host. You must configure replication for each virtual machine individually, either by using the Enable Replication Wizard in Hyper-V Manager, or by using the Windows PowerShell cmdlet Enable-VMReplication. When you use the Enable Replication Wizard, you can configure the following replication settings: •
Replica Server. Specify the computer name or the FQDN of the replica server (an IP address is not allowed). If the Hyper-V host that you specify is not yet configured to allow replication traffic, you can configure it here. If the replica server is a node in a failover cluster, you should enter the name or FQDN of the connection point for the Hyper-V Replica Broker.
•
Connection Parameters. If the replica server is accessible, the Enable Replication Wizard populates the authentication type and replication port fields automatically with the appropriate values. If the replica server is inaccessible, you can configure these fields manually. However, you should be aware that you will not be able to enable replication if you cannot establish a connection to the replica server. On the Connection Parameters page, you can also configure Hyper-V to compress the replication data before transmitting it over the network.
•
Replication virtual hard disks. By default, all virtual hard disks are replicated. If some of the virtual hard disks are not required at the replica Hyper-V host, you can exclude them from replication. An example would be a virtual hard disk that is dedicated for storing page files. You should not exclude virtual hard disks that include operating systems or applications, because this can result in that particular virtual machine being unusable at the replica server.
•
Replication Frequency. Prior to Windows Server 2012 R2, replication frequency was always five minutes, and was not configurable. In Windows Server 2012 R2, you can set replication frequency to 30 seconds, 5 minutes, or 15 minutes, based on the network link to the replica server and acceptable state delay between primary and replica virtual machines.
•
Additional recovery points. You can configure the number and types of recovery points to be sent to the replica server. By default, the option to Maintain only latest point for recovery is selected, which
MCT USE ONLY. STUDENT USE PROHIBITED
5-22 Virtual Machine Movement and Hyper-V Replica
means that only the parent virtual hard disk is replicated and all the changes are merged into that virtual hard disk. However, you can select to create additional hourly recovery points, and then set the number of additional recovery points (up to 24). You can also configure the Volume Shadow Copy Service (VSS) snapshot frequency, which is used to save application-consistent replicas for the virtual machine, and not just the changes in the primary virtual machine. •
Initial replication method and schedule. The default selection is to send an initial copy immediately over the network. Because virtual machines can have large virtual disks, initial replication can take a long time and can cause a large amount of network traffic. If you do not want immediate replication, you can schedule it to start at a specific time. If you want an initial replication but want to avoid network traffic, you can select to send the initial copy to external media, or to use an existing virtual machine on the replica server. You would use the last option if you already restored a copy of the virtual machine at the replica server, and you want to use it as the initial copy.
After the replication relationship is established, the Status column in Hyper-V Manager shows replication progress as a percentage of the total replication for the configured virtual machine. Virtual machine replica is in the turned off state, and you cannot start it until the failover is performed.
When replication is enabled, virtual machine network adapters get additional settings that were previously unavailable. These new settings pages are Failover TCP/IP and Test Failover. Failover TCP/IP is available only for network adapters, and not for legacy network adapters. The settings on this page are useful when a virtual machine has a static IP address assigned, and the replica site is using different IP settings than the primary site. You can configure TCP/IP settings that a network adapter will use after the failover is performed. If static IP addresses are used, you should configure failover TCP/IP on the primary and replica virtual machines. Virtual machines must also have integration services installed to be able to apply failover TCP/IP settings. Virtual machines for which you enable replication have an additional management setting called Replication. You use this setting to review and modify replication parameters. Note: In Windows Server 2012 R2, you can extend Hyper-V Replica from the replica virtual machine to a third Hyper-V host (the Extended Replica Server). This enables you to use Hyper-V Replica to create two virtual machine replicas. Question: Are failover TCP/IP settings useful if a virtual machine is using Dynamic Host Configuration Protocol (DHCP) for obtaining an IP address?
Demonstration: Enabling Virtual Machine Replication In this demonstration, you will see how to enable a virtual machine for replication.
Demonstration Steps 1.
Use Hyper-V Manager to confirm that in the 20409B-LON-TEST1 virtual machine settings, under Network Adapter, two nodes display: Hardware Acceleration, and Advanced Features.
2.
Confirm that there are six settings in the Management section for the 20409B-LON-TEST1 virtual machine, and that Replication is not one of them.
3.
Use Hyper-V Manager to enable replication for the 20409B-LON-TEST1 virtual machine, and provide the following settings: o
Replica Server: LON-HOST2
o
Connection Parameters: Kerberos authentication (HTTP)
o
Replication VHDs: LON-TEST1
o
Replication Frequency: 30 seconds
o
Initial Replication Method: Immediately send initial copy over the network
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-23
4.
Use Hyper-V Manager to confirm that 20409B-LON-TEST1 is one of the virtual machines on LON-HOST2, and that it is in the Off state.
5.
View Replication Health for 20409B-LON-TEST1. As initial replication is probably not yet completed, Replication Health should be in the Warning state.
6.
Use Hyper-V Manager to confirm that there are two new nodes under Network Adapter for the 20409B-LON-TEST1 virtual machine, which were not present before: Failover TCP/IP, and Test Failover.
7.
Confirm that there are seven settings in the Management section for 20409B-LON-TEST1, including Replication, which was not present before.
8.
Use the Windows PowerShell cmdlets Get-VMReplication and Measure-VMReplication to review replication settings and status for 20409B-LON-TEST1.
9.
In Hyper-V Manager, view Replication Health for 20409B-LON-TEST1. If initial replication has finished, Replication Health will be Normal.
Hyper-V Replication Health When you enable replication for a virtual machine, changes in the primary virtual machine are written to a log file, which is periodically transferred to the replica Hyper-V host and then applied to a virtual hard disk of a replica virtual machine. Replication Health monitors the replication process and shows important events, as well as the replication and synchronization state of the Hyper-V host. Replication Health includes the following data: •
Replication State. Indicates whether replication is enabled for the virtual machine.
•
Replication Type. Indicates whether you are monitoring Replication Health on the primary virtual machine or on the replica virtual machine.
•
Primary and Replica server names. Indicates on which Hyper-V host the primary virtual machine is running, and which Hyper-V host is the replica.
•
Replication Health. Indicates replication status. Replication Health can have one of three possible values: Normal, Warning, or Critical.
•
Replication statistics. Displays replication statistics since virtual machine replication started, or since you reset the statistics. Statistics include data such as maximum and average size of the replication, average replication latency, number of errors encountered, and number of successful replication cycles.
•
Pending replication. Displays information about the size of data that still needs to be replicated, and when the replica was last synchronized with the primary virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
5-24 Virtual Machine Movement and Hyper-V Replica
Replication Health can have one of three possible values, based on how well the replication is performing: •
•
•
Normal o
Less than 20 percent replication cycles are missed.
o
Last synchronization point was less than an hour ago.
o
Average replication latency is less than the configured limit.
Warning o
More than 20 percent of replication cycles have been missed.
o
Last replication data was sent more than an hour ago.
o
Initial Replication has not been completed.
o
Failover was initiated, but reverse replication has not been configured.
o
Replication is paused in the primary virtual machine.
Critical o
Replication is paused on the replica virtual machine.
o
Primary server is unable to send the replica data.
You can monitor Replication Health in Hyper-V Manager, where you can add a Replication Health column to the virtual machines pane. You can also right-click the virtual machine that has replication enabled, and then click View Replication Health. From Windows PowerShell, you can also view Replication Health by using the cmdlets Get-VMReplication and Measure-VMReplication. You can also monitor Replication Health by using Performance Monitor and Event Viewer. For Replication Health to be in Normal state, the Hyper-V Replica replication engine must regularly replicate changes in the primary virtual machine, and then apply those changes to the virtual hard disk of the replica based on the replication frequency. If more than 20 percent of the replication cycles have not been applied, Replication Health automatically changes to the Warning state. The following tables show the number of replications based on replication frequency, and the number of successful replications required for Normal Replication Health. Replication frequency
1 hour
12 hours
24 hours
1 week
30 seconds
120
1,440
2,880
20,160
5 minutes
12
144
288
2,016
15 minutes
4
48
96
672
Replication cycles
Successful
Failed
% Success
Health state
12
10
2
80%
Normal
144
116
28
80%
Normal
288
231
57
80%
Normal
2,016
1613
403
80%
Normal
You can save a Replication Health report as a .csv file.
Interpreting Replication Health – Part 1 http://go.microsoft.com/fwlink/?LinkID=386702 Question: How can you monitor virtual machine replication health from Windows PowerShell?
Test Failover, Planned Failover, and Failover You can perform three types of failover actions: test failover, planned failover, and failover. These three options offer different benefits, and are useful in different scenarios.
Test Failover
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-25
After you configure Hyper-V Replica and after the virtual machines start replicating, you can perform a test failover. A test failover is a nondisruptive task that enables you to test a virtual machine on the replica server while the primary virtual machine is running, and without interrupting the replication. You can initiate a test failover on the replica virtual machine, which will create a new checkpoint and allow you to select a recovery point from which the new test virtual machine is created. The test virtual machine has the same name as the replica, but with - Test appended to the end. The test virtual machine is not started, and is disconnected by default to avoid potential conflicts with the running primary virtual machine.
When you finish testing, you can stop test failover. This option is available only if test failover is running. When you stop test failover, it stops the test virtual machine and deletes it from the replica Hyper-V host. If you run a test failover on a failover cluster, you will have to remove the Test-Failover role from the failover cluster manually.
Planned Failover
You can initiate a planned failover to move the primary virtual machine to a replica site, for example, before site maintenance or before a disaster. Because this is a planned event, there is no data loss, but the virtual machine will be unavailable for some time during its startup. A planned failover confirms that the primary virtual machine is turned off prior to executing the failover. During the failover, it sends all the data that has not yet been replicated, to the replica server. It then fails over the virtual machine to the replica server, and starts it there. After the planned failover, the virtual machine is running on the replica server, and its changes are not replicated. If you want to establish replication again, you should reverse the replication. You will have to configure similar settings to when you enabled replication, and the existing virtual machine will be used as an initial copy.
Failover
A failover is an unplanned event that can result in data loss, because changes at the primary virtual machine might not have replicated before the disaster happened. (Replication frequency setting controls how often changes are replicated). In the event that an occurrence disrupts the primary site, you can perform a failover. You initiate a failover at the replica virtual machine only if primary virtual machine is either unavailable or turned off. Similar to planned failover, during a failover the virtual machine is running on a replica server. If you need to start failover from a different recovery point and discard all changes, you can cancel the failover. After you recover the primary site, you can use reverse replication to reestablish replication. This will also remove the option to cancel failover.
Other Hyper-V replication-related actions include the following:
MCT USE ONLY. STUDENT USE PROHIBITED
5-26 Virtual Machine Movement and Hyper-V Replica
•
Pause Replication. This action pauses replication for the selected virtual machine.
•
Resume Replication. This action resumes replication for the selected virtual machine. It is available only if replication for the virtual machine is paused.
•
View Replication Health. This action provides data about the replication events for a virtual machine.
•
Extend Replication. This action is available on replica virtual machines. It is available only on Windows Server 2012 R2, and it extends virtual machine replication from the replica server to a third server (the Extended Replica Server).
•
Remove Recovery Points. This action is available only during a failover. If you select it, all recovery points (checkpoints) for a replica virtual machine are deleted, and their differencing virtual hard disks are merged.
•
Remove Replication. This action stops replication for the virtual machine.
Note: If you have implemented Microsoft System Center 2012 R2 and you are interested in using Hyper-V Replica for disaster recovery, you should consider using the Windows Azure Hyper-V Recovery Manager. The Hyper-V Recovery Manager helps to orchestrate the recovery of private cloud services across multiple locations in the event of an outage at the primary site. Question: Which of the three failover actions can you perform while the primary virtual machine is running: test failover, planned failover, or failover?
Hyper-V Replica Resynchronization After you configure virtual machine replication and perform the initial replication, the replica is regularly updated with the changes from the primary virtual machine. One of the configuration steps is configuring the replication frequency setting. This setting controls the longest time interval until changes from the primary virtual machine are applied to the replica.
In a real-world environment, there can be many reasons why changes from the primary virtual machine are not applied to the replica for extended periods of time. This may be, for example, because network connectivity is lost, or because you paused the replication. This will be reflected on the Replication Health, but when replication is established again, all changes will be applied to the replica. There are also more serious reasons that can affect synchronization, such as: •
Issues on the primary server with change tracking. The replication engine tracks changes in the virtual machine only while the virtual machine is running. If you turn off the virtual machine and then modify the virtual hard disk, (for example, to perform offline patching), these modifications will not be replicated to the replica when you start the primary virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-27
•
Replication issues with tracking logs. Changes in a virtual machine are first written into a tracking log, and are then transferred to the replica. If network connectivity with the replica is lost, the tracking log can increase in size and can be larger than 50 percent of the virtual hard disk size.
•
Problems linking the virtual hard disk with the parent. This problem can occur if a virtual machine is using a differencing virtual hard disk, and a replica Hyper-V host is not able to link the replicated differencing virtual hard disk with its parent.
•
Virtual machine is restored from the backup. If you restore the primary or replica virtual machines from a backup, their state changes and is no longer synchronized.
•
Reverse replication after failover. If you perform a planned failover and you reverse replication, the virtual machine will already exist on the target Hyper-V host, but it will not be up-to-date.
In all the above cases, the primary and replica virtual machine are not synchronized, and there is no tracking log that could simply be applied to synchronize them. However, in all cases, virtual machines already exist on both sides, and it would be inefficient to perform full initial replication. The resynchronization process is optimized for virtual hard disks with size up to 500 GB. It tries to find and replicate only the differences between virtual machines, not the entire virtual hard disk. The virtual hard disk of the primary virtual machine and the replica are split into chunks of 2 megabytes (MB). The, CRC64 checksum of each chunk is generated, and then compared to determine which chunks from the primary virtual machine need to be applied to the replica. The resync process also has logic built into it, which decides if the process would take longer than six hours. If so, you should perform a full initial replication.
The resynchronization process is processor-intensive, storage-intensive, and network-intensive. You can trigger the resynchronization process manually, but you also can schedule it to perform resynchronization automatically when needed. You configure these settings on the Replication settings of the primary virtual machine. Resynchronization of virtual machines in Hyper-V Replica http://go.microsoft.com/fwlink/?LinkID=386703 Question: Is resynchronization between primary and replica virtual machines always required?
Demonstration: Performing a Planned Hyper-V Failover In this demonstration, you will see how to perform a planned Hyper-V failover.
Demonstration Steps 1.
Connect to the LON-TEST1 computer that is running on the LON-HOST1 Hyper-V host. On the desktop, create a folder named Current State.
2.
Use Hyper-V Manager to start a planned failover for 20409B-LON-TEST1.
3.
Confirm that the Planned Failover error displays, as the virtual machine is not prepared for a planned failover.
4.
Shut down LON-TEST1.
5.
Use Hyper-V Manager to perform a planned failover for 20409B-LON-TEST1.
6.
Confirm that 20409B-LON-TEST1 is in a Running state on the LON-HOST2 Hyper-V host.
MCT USE ONLY. STUDENT USE PROHIBITED
5-28 Virtual Machine Movement and Hyper-V Replica
7.
On LON-TEST1, confirm that a folder named Current State is on the desktop. With planned failover, all changes from the primary virtual machine are replicated.
8.
Create a folder named Planned Failover on the LON-TEST1 desktop.
9.
Use Hyper-V Manager to start reverse replication for 20409B-LON-TEST1, and accept all default values.
10. Shut down LON-TEST1 and perform its Planned Failover. 11. Start and connect to LON-TEST1 on LON-HOST2. 12. Confirm that on the LON-TEST1 desktop, the two folders named Current State, and Planned Failover display.
Lab B: Configuring and Using Hyper-V Replica Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-29
You have successfully moved the Hyper-V storage and virtual machines. Because many of the virtualized servers host business-critical applications or data, A. Datum is also planning to provide a disaster recovery solution for the virtual machines. Virtualization hosts currently are backed up daily, but a much faster recovery solution is required for some of the virtual machines. To provide this solution, you need to configure and test the Hyper-V Replica feature.
Objectives After completing this lab, you will be able to: •
Configure and manage Hyper-V Replica.
Lab Setup Estimated Time: 45 minutes
Virtual machines: 20409B-LON-HOSTx, 20409B-LON-DC1, 20409B-LON-TESTx, and 20409B-LON-PRODx User name: Adatum\Administrator Password: Pa$$w0rd For this lab, you will use the available virtual machine environment. Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines. However, you can shut down all virtual machines after finishing this lab. You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.
Exercise 1: Configuring and Managing Hyper-V Replica Scenario
Your company has set up a disaster recovery location, and you need to configure virtualization infrastructure to replicate virtual machines to that location. To perform this task, you will use Hyper-V Replica in this exercise. You will first configure a remote Hyper-V host to allow incoming replication. Then you will configure replication of the LON-TESTx virtual machine, explore new settings that you can configure, and test the effect of those settings. You will also perform test failover and planned failover, to ensure that test failover does not interrupt the replication process, and that during planned failover no modifications in virtual machine are lost. As one of the steps, you will also monitor Replication Health. The main tasks for this exercise are as follows: 1.
Configure Hyper-V host for incoming replication.
2.
Enable virtual machine replication.
3.
Test Hyper-V Replica failover.
4.
Perform a planned failover.
Task 1: Configure Hyper-V host for incoming replication 1.
2.
MCT USE ONLY. STUDENT USE PROHIBITED
5-30 Virtual Machine Movement and Hyper-V Replica
Use Hyper-V Manager on LON-HOSTx to enable LON-HOSTy as a replica server with the following configuration: o
Authentication: Kerberos (HTTP)
o
Default location to store Replica files: C:\shares\replicated
Add the Windows Firewall with Advanced Security snap-in to MMC, connect to the LON-HOSTy computer, and enable the Hyper-V Replica HTTP Listener (TCP In) rule.
Task 2: Enable virtual machine replication 1.
Use Hyper-V Manager to confirm that in the 20409B-LON-TESTx virtual machine settings, under Network Adapter, two nodes display: Hardware Acceleration, and Advanced Features.
2.
Confirm that for the 20409B-LON-TESTx virtual machine, in the Management section, six settings display, and Replication is not one of them.
3.
Confirm that the LON-TESTx computer has an IPv4 address of 10.0.0.x6.
4.
Use Hyper-V Manager to enable replication for the 20409B-LON-TESTx virtual machine using the following settings: o
Replica Server: LON-HOSTy
o
Connection Parameters: Kerberos authentication (HTTP)
o
Replication VHDs: LON-TESTx VHD
o
Replication Frequency: 30 seconds
o
Additional Recovery Points: Create 10 additional hourly recovery points
o
Initial Replication Method: Immediately send initial copy over the network
5.
Use Hyper-V Manager to confirm that 20409B-LON-TESTx is one of the virtual machines on LON-HOSTy, and that it is in the Off state.
6.
View Replication Health for 20409B-LON-TESTx.
Note: Because initial replication is most likely not yet completed, Replication Health is in a Warning state. 7.
Use Hyper-V Manager to confirm that two new nodes display under Network Adapter for 20409B-LON-TESTx: Failover TCP/IP, and Test Failover.
8.
Confirm that there are now seven settings in the Management section for 20409B-LON-TESTx, including Replication, which was not present before.
9.
Use the Windows PowerShell Get-VMReplication and Measure-VMReplication cmdlets to review replication settings and status for 20409B-LON-TESTx.
10. In Hyper-V Manager, view Replication Health for 20409B-LON-TESTx. If initial replication has finished, Replication Health will be Normal.
Task 3: Test Hyper-V Replica failover 1.
2.
Use Hyper-V Manager to configure Failover TCP/IP for 20409B-LON-TESTx with the following settings: o
IPv4 Address: 192.168.10.15
o
Subnet Mask: 255.255.255.0
o
Default gateway: 192.168.10.1
o
Preferred DNS server: 192.168.10.100
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-31
Use Hyper-V Manager to configure Test Failover for 20409B-LON-TESTx to connect to the Private Switch. Note: If initial replication of 20409B-LON-TESTx has not yet finished, wait until it finishes.
3.
Use Hyper-V Manager to start Test Failover for 20409B-LON-TESTx. Confirm that the checkpoint for 20409B-LON-TESTx is created, and a new virtual machine named 20409B-LON-TESTx – Test is created.
4.
Confirm that the 20409B-LON-TESTx – Test virtual machine is connected to Private Switch.
5.
Start the 20409B-LON-TESTx virtual machine, and sign in as Administrator with the password Pa$$w0rd.
6.
Confirm that it has the same IP configuration as you configured in Failover TCP/IP for 20409B-LON-TESTx.
7.
Stop the test failover for 20409B-LON-TESTx. Confirm that the 20409B-LON-TESTx – Test virtual machine has been deleted, in addition to the 20409B-LON-TESTx virtual machine checkpoint.
Task 4: Perform a planned failover 1.
Connect to the 20409B-LON-TESTx computer running on the LON-HOSTx Hyper-V host, and on the desktop create a folder named Current State.
2.
Use Hyper-V Manager to start Planned Failover for 20409B-LON-TESTx.
3.
Confirm that a Planned Failover error displays. Note: This is because the virtual machine is not prepared for planned failover.
4.
Shut down LON-TESTx.
5.
Use Hyper-V Manager to perform a Planned Failover for the 20409B-LON-TESTx virtual machine.
6.
Confirm that 20409B-LON-TESTx is in the Running state on the LON-HOSTy Hyper-V host.
7.
On LON-TESTx, confirm that a folder named Current State displays on the desktop. Note: With planned failover, all changes from the primary virtual machine are replicated.
8.
Create a folder named Planned Failover on the LON-TESTx desktop.
9.
Use Hyper-V Manager to start Reverse Replication for 20409B-LON-TESTx, and accept all default values.
10. Shut down LON-TESTx, and then perform its Planned Failover. 11. Start and connect to 20409B-LON-TESTx on LON-HOSTx.
MCT USE ONLY. STUDENT USE PROHIBITED
5-32 Virtual Machine Movement and Hyper-V Replica
12. Confirm that two folders display on the LON-TESTx desktop: Current State, and Planned Failover. 13. On LON-HOSTx, remove replication for 20409B-LON-TESTx. 14. On LON-HOSTy, delete 20409B-LON-TESTx.
Results: After completing this exercise, you should have configured and managed Hyper-V Replica.
Module Review and Takeaways Review Questions Question: What would be the most probable reason that Replication Health is not in the Normal state after you enable replication for a virtual machine? Question: Can you use self-signed certificates for authentication with Hyper-V Replica? Question: Can you perform live migration of a virtual machine from a Windows Server 2012 Hyper-V host to a Windows Server 2012 R2 Hyper-V host?
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
5-33
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED 6-1
Module 6 Implementing Failover Clustering with Hyper-V Contents: Module Overview
6-1
Lesson 1: Overview of Failover Clustering
6-2
Lesson 2: Configuring and Using Shared Storage
6-12
Lesson 3: Implementing and Managing Failover Clustering with Hyper-V
6-22
Lab: Implementing Failover Clustering with Hyper-V
6-31
Module Review and Takeaways
6-38
Module Overview
Failover clustering is a Windows Server 2012 feature that provides high availability. Hyper-V in Windows Server 2012 uses failover clustering to provide highly available virtual machines. It is crucial for critical virtual machines to be highly available, which means that if the node on which a virtual machine is running fails, then the failover cluster will start the virtual machine automatically on a different node.
The first lesson in this module provides a general overview of failover clustering. You will learn about the components of failover clusters, how failover clusters provide high availability, and why shared storage is important. You will also learn about the different quorum modes, and understand how you can provide encryption for Cluster Shared Volumes (CSVs). The second lesson in this module details shared storage. You will see how you can use Server Message Block (SMB) 3.0 file shares for Hyper-V. You will also learn how to configure Internet small computer system interface (iSCSI) shared storage by using an iSCSI target server, which is part of Windows Server 2012. If you are considering failover clustering in virtual machines, you will learn more about Windows Server 2012 R2, in which you can use virtual hard disk sharing to present shared storage to virtual machines.
The third lesson explains how you can implement failover clustering. You will also learn about the settings that you can configure for highly available virtual machines, and how you can configure monitoring for services that run inside a virtual machine. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.
Objectives After completing this module, you will be able to: •
Describe failover clustering.
•
Configure and use shared storage.
•
Implement and manage failover clustering with Hyper-V.
Lesson 1
Overview of Failover Clustering
MCT USE ONLY. STUDENT USE PROHIBITED
6-2 Implementing Failover Clustering with Hyper-V
Hyper-V uses failover clustering to provide highly available virtual machines. Before you can create highly available virtual machines, you need to understand the basics of failover clustering. In this lesson, you will learn about failover clustering components, the importance of shared storage, and how you can provide network redundancy. By default, failover clustering uses CSVs as the default storage type. This lesson explains the requirements for CSVs, and their advantages over logical unit numbers (LUNs). You will also learn about quorums, the different quorum modes that failover clustering supports, and what the differences are between the quorum modes. Because some highly available data can be sensitive, you will also learn about how you can use BitLocker Drive Encryption to encrypt CSVs.
Lesson Objectives After completing this lesson, you will be able to: •
Describe a failover cluster.
•
Describe failover and failback.
•
Describe the different networks that failover clusters use.
•
Explain the importance of failover cluster storage.
•
Describe CSVs.
•
Describe quorum and different quorum models.
•
Describe encrypted cluster volumes.
What Is a Failover Cluster? A failover cluster is a pair or group of Windows servers that work together to make applications and services highly available. The servers in a failover cluster are called nodes. If a node in a cluster fails or becomes unavailable, another node in the same failover cluster starts providing the services that the failed node was offering. This process is called failover and it results in minimal (or in certain cases, no) service disruptions for clients that are accessing the service. Failover clusters also provide CSV functionality, which provides a common namespace that you can use to access shared storage from all nodes. Failover clustering has several components, including the following: •
Nodes. Nodes are Windows Server computers that are members of a failover cluster. These computers have the failover clustering feature installed, and they run highly available services, applications, and other resources that are associated with a cluster. A failover cluster in Windows Server 2012 R2 can have up to 64 nodes, which can run up to 8,000 virtual machines. A single node can run up to 1,024 virtual machines.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-3
•
Networks. Networks enable communication between nodes that are still available and responsive, and also between nodes and client computers. Because clusters use external storage such as iSCSI or Fibre Channel Storage Area Network (SAN), nodes also use networks for accessing the shared storage.
•
Clustered role. A clustered role is a highly available role or service that is running on the cluster node and to which clients connect. If such a service becomes unavailable on one node, the failover cluster fails it over automatically to another node and redirects client requests for the service to the new node.
•
Resources. Resources are physical or logical elements such as a shared folder, disk, or IP address, which the failover cluster manages. Resources may provide service to clients or may be integral parts of highly available applications. Resources are the most basic and smallest configurable units. A resource can run only on a single node at any given time.
•
Cluster Storage. Each node has local storage (where the Windows operating system is installed), in addition to server roles and highly available applications. Cluster storage is a shared storage, where application configuration and data is stored. When a node fails, other nodes can access data on the cluster storage, and can start applications from that point. For example, the highly available virtual machine stores configuration data and virtual hard disks of the highly available virtual machine are stored on the cluster storage.
•
Clients. These are computers that access highly available services and applications that are running in the failover cluster. There should be multiple network paths between clients and the cluster. Clients should also try to reconnect to the service automatically if a cluster node fails.
In a failover cluster, each node in the cluster: •
Has full connectivity and communication with other failover cluster nodes.
•
Is aware of configuration changes to the failover cluster, such as when an additional node joins or leaves the cluster. Each node is also aware of other node failures, and has the ability to run services that the failed node hosted. You can configure which services to run on which nodes.
•
Connects to a network through which client computers can access the node.
•
Connects to other nodes, and regularly checks their availability and responsiveness.
•
Connects to shared storage, where configuration and data of highly available applications is stored.
•
Has awareness of the services and applications that are running locally, and resources that are running on other failover cluster nodes. Failover Clustering Overview http://go.microsoft.com/fwlink/?LinkID=386723 Question: Will clients still be able to connect to a cluster role if the failover cluster has only two nodes and the internode network fails?
What Are Failover and Failback?
MCT USE ONLY. STUDENT USE PROHIBITED
6-4 Implementing Failover Clustering with Hyper-V
Failover is a process in which a highly available role, together with all its resources (such as IP address and disk) moves between nodes in a failover cluster. Failover can happen automatically. For example, the node on which the highly available virtual machine was running might fail, or one of the resources that the highly available application depends upon may become unavailable. Other possible reasons are that a monitored service in a highly available virtual machine may stop, or the network adapter may lose network connectivity. Failover can also be manual. For example, administrators can start a maintenance procedure, during which they move highly available virtual machines to a different node before updating and restarting the current node. When failover is initiated, the following steps occur: 1.
The cluster service takes all of the resources of the highly available role offline in an order that is determined by the instance’s dependency hierarchy. First, the cluster service takes the clustered role offline, and then it takes offline the resources on which it the cluster role depends. For example, if a role depends on a disk resource, the cluster service takes the role offline first, which allows the role to write uncommitted changes to the disk, before taking the disk offline.
2.
When all resources are offline, the cluster service attempts to move the role to the node that is next on the list of preferred owners for that role. If the preferred owner is not available, then the cluster service contacts the next server on the list.
3.
If the cluster service moves the role successfully to a different node, it attempts to bring all role resources back online. This time, it takes the resources online in reverse order, from the bottom of the dependency hierarchy. Failover is complete when all of the resources are online on the new node.
In most cases, failover results in some downtime and data loss. If a node on which a highly available role is running fails, everything that was not saved on the shared storage (such as in-memory state of the open client connections), are lost. Failover restarts the role based on the configuration and state of the shared storage. Clients experience this as if you turn off and then turn on a single server on which the role runs. For some highly available roles such as scale-out file server, failover is transparent and without downtime. The cluster service can fail back a highly available role that was originally running on the failed node, after you repair or recover the failed node and it is available once again. When the cluster service fails back the highly available role, it uses the same steps that it performed during failover. The cluster service takes all the resources offline, moves the role, and then brings all the resources back online. You can configure in the properties of the highly available role how many times the cluster service will attempt to fail over and then fail back the role. You can also configure the list of preferred owners for the role. Question: Does failback always follow failover when the failed node is back online?
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Failover Cluster Networks
6-5
Networks and network adapters are important parts of each failover cluster implementation. You cannot configure a failover cluster without configuring the networks that the cluster will use. Because you are using a failover cluster to provide high availability, you should always have multiple network paths. We recommend that each node have multiple fast network adapters, so that you can avoid single network adapter failure and provide higher throughput. You can add adapters to the team and create multiple virtual network adapters for different purposes, such as management, internode communication, and live migration. You can also use Quality of Service (QoS) to limit the bandwidth made available to the network adapter. You can classify networks in failover clustering based on their use. You can configure the following three settings: •
Do not allow cluster network communication on this network. The nodes in the failover cluster cannot use this network for internode communication or for communication with the clients. You would typically use such a network for accessing shared storage, for example iSCSI SAN.
•
Allow cluster network communication on this network. The nodes in the failover cluster can use this network for intranetwork communication. For example, nodes can use this network for updating the cluster database, monitoring the health of other nodes, or for live migration data.
•
Allow clients to connect through this network. Clients can access the failover cluster nodes over this network, for example, to access a highly available database. (The term client refers not only to client computers accessing clustered applications, but also to remote computers that you use to administer the cluster.) You can allow clients to connect through this network only if it can be used for cluster communication as well.
Technically, it is possible to have a failover cluster node with a single network adapter that is used for all network traffic, including internode communication, client communication, and access to shared storage. However, we do not recommend having a single network adapter for all network traffic, and validation will generate a warning to alert you of a potential single point of failure. When you install the failover clustering feature, it adds the Failover Cluster Virtual Adapter to the node. This is a hidden and completely self-configuring network adapter, which provides the failover node with a fault-tolerant connection across all available network adapters. The Failover Cluster Virtual Adapter is similar to NIC Teaming for clustering, and it hides all underlying network complexity from the failover cluster; for example, when other nodes are on remote networks, or when a node obtains an IP address from a Dynamic Host Configuration Protocol (DHCP) server. You can view the Failover Cluster Virtual Adapter in Device Manager as a hidden device. The networking features in failover clustering include the following: •
The node transmits and receives a heartbeat, which is used to monitor the health status of network interfaces, and is sent over all cluster-enabled networks. The heartbeat is sent by using unicast User Datagram Protocol (UDP) traffic over port 3343.
•
Failover cluster nodes can be on different segments, providing there is network connectivity between them.
•
The Failover Cluster Virtual Adapter hidden network adapter is added to each node. This adapter is assigned a media access control (MAC) address based on the first physical adapter, and it is used to
build redundant and fault-tolerant routes to other nodes. You can also clone Windows Server computers when they have the failover clustering role installed.
MCT USE ONLY. STUDENT USE PROHIBITED
6-6 Implementing Failover Clustering with Hyper-V
•
Failover clusters fully support IPv6 for both internode and client communication.
•
Cluster nodes can use static or dynamic IP addresses. If some nodes in a failover cluster use static IP addresses, and if others are configured with dynamic IP settings, validation will report an error. Failover Cluster Networking Essentials http://go.microsoft.com/fwlink/?LinkID=386716 Question: Do you need to manually put network adapters in a failover clustering node in a NIC team?
Failover Cluster Storage Failover cluster deployments require shared storage to provide consistent data and configuration for the highly available applications. When data is stored on a shared storage, this data is still available, even when the node on which the cluster role is running fails. This means that another node can access the same data and restart the cluster role from where the first node wrote data on the shared storage. There are different options for shared storage in Windows Server: •
Serial Attached SCSI. You can use Serial Attached SCSI storage to connect shared storage to two failover nodes that are located close to the Serial Attached SCSI storage. If the failover cluster will have multiple nodes, or if distance to the storage will be more than 10 meters (30 feet), you should consider a different option for shared storage.
•
iSCSI. Servers access iSCSI SANs by sending SCSI commands over an IP network. Performance is acceptable over fast 10 gigabits per second (Gbps) or slower 1 Gbps networks. iSCSI is not limited by the length or the number of servers that access the storage. The physical medium for data transmission is Ethernet, and no special hardware is required. You can build an iSCSI SAN by using the iSCSI target feature, which is part of Windows Server 2012 R2.
•
Fibre Channel. Fibre Channel SANs require special network infrastructure for accessing the storage. They often have better performance than iSCSI storage, but they are considerably more expensive to implement.
•
Fibre Channel over Ethernet. This network technology encapsulates Fibre Channel traffic over Ethernet networks. This enables Fibre Channel to use high-speed Ethernet networks, while preserving the Fibre Channel protocol.
You can also use SMB 3.0 file shares as shared storage for servers that are running Hyper-V, regardless of whether they are part of failover cluster nodes. Servers can access storage on a SAN as a LUN, or as a CSV. When you are considering shared storage for the failover cluster, you should consider using it as a CSV. This is because it provides many benefits, such as simultaneous access from multiple failover cluster nodes, and more efficient use of the storage space.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
When you choose the storage type, you should consider the following storage requirements:
6-7
•
A failover cluster does not support dynamic disks for a shared storage. You should therefore use basic disks for the shared storage, and not dynamic.
•
As a best practice, use NTFS file system on all failover node volumes. If the volume is on shared storage and you will use it as CSVs, you must format it by using NTFS file system.
•
If you will use disk witness for your quorum, you can format the volume with either NTFS file system or Resilient File System (ReFS).
•
You can use either master boot record (MBR) or GUID partition table (GPT) partition style for the disks in a failover cluster node.
•
Storage must support the SCSI-3 standard. Failover clusters require that storage supports persistent reservations commands so that storage spaces can be properly managed as clustered disks, and those commands are part of the SCSI-3 standard.
•
Confirm storage compatibility. You should verify that that the storage, drivers, firmware, and software used for the storage are compatible with failover clusters in Windows Server 2012.
•
Isolate storage devices, one cluster per device. You should not allow nodes from different failover clusters to access the same storage. You can achieve this by using LUN masking or zoning. This prevents LUNs that you use on one failover cluster from being accessible from another failover cluster.
•
Use Multipath I/O (MPIO) and teamed network adapters. This will provide the highest level of redundancy and availability for accessing the storage.
•
Consider using storage spaces. Storage spaces virtualize access to the storage and provide resilient and highly available shared storage. Failover Clustering Hardware Requirements and Storage Options http://go.microsoft.com/fwlink/?LinkID=386727 Question: Can you use a network-attached storage (NAS) device as a shared storage for a failover cluster?
What Is CSV? In a classic failover cluster deployment, only a single failover cluster node can access and use LUN on the shared storage at any given time. This means that other failover cluster nodes cannot access the same LUN, and that multiple LUNs are used for different highly available applications on different nodes. A LUN is also the smallest unit of failover. If multiple virtual machines are stored on the same LUN, they all fail over to another node, and it is not possible to fail over just one of them.
CSV is a technology that enables multiple nodes to access a single LUN concurrently. CSV provides a distributed file access solution, which enables multiple nodes to access the same NTFS file system simultaneously. CSV has multiple files. All failover cluster nodes can access CSV at the same time, but
MCT USE ONLY. STUDENT USE PROHIBITED
6-8 Implementing Failover Clustering with Hyper-V
each node can only access a different file on the CSV. Nodes cannot access the same file at the same time, even when it is stored on CSV. In Windows Server 2008 R2, CSV was supported only for storing virtual machine files. This way, you could have multiple virtual machines on the same storage, with each virtual machine running on a different node. CSV also enables individual virtual machines to fail over between failover cluster nodes. This provides better use of storage space, because you no longer have to maintain multiple LUNs, one per each virtual machine.
CSVs in Windows Server 2012
Windows Server 2012 offers improvements to CSV. It now supports roles other than just Hyper- V, such as file server, or Microsoft SQL Server 2014. Windows Server 2012 also adds support for CSV cache, which allows allocation of system memory as a write-through cache. Other improvements in CSVs are: •
CSV file system. CSV volumes appear as if they are using a CSV file system. This is not a new file system, the underlying technology is still NTFS, and CSV volumes are formatted with NTFS. However, based on the file system, applications can discover that they are running on CSV.
•
Simplified CSV setup. CSV is integrated into the Failover Cluster Manager Storage view, and you do not need to enable it explicitly. Instead, you can simply right-click a disk, and then add it to CSV.
•
Support for BitLocker. You can use BitLocker to encrypt a shared CSV volume, and protect data. Each node performs decryption by using the computer account for the cluster server.
•
Integration with SMB Multichannel and SMB Direct. This enables CSV traffic to stream across multiple networks in the cluster, and to utilize network adapters that support Remote Direct Memory Access (RDMA).
•
Integration with the Storage Spaces feature in Windows Server 2012. This enables failover cluster to use virtualized storage on clusters of inexpensive disks.
•
Ability to scan and repair volumes. CSVs can scan and repair volumes without moving storage offline. Understanding Cluster Shared Volumes in a Failover Cluster http://go.microsoft.com/fwlink/?LinkID=386719 Question: Can you format a CSV by using a CSV file system?
What Is a Quorum? A failover cluster can have up to 64 failover cluster nodes. A quorum is the consensus that enough nodes are online and that the cluster can continue running. Each node has one vote. If there is an even number of nodes, then votes from the witness element, which can be either a file share witness or a disk witness, is also counted. Quorum mode defines who will have a vote, and until Windows Server 2012, that configuration was static. Each voting element contains a copy of the cluster configuration, and the cluster service keeps all copies synchronized at all times.
A failover cluster stops providing failover protection if the quorum does not have more than half of the votes. This means that most of the nodes have failed, or they are not able to vote because of some other
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-9
problem such as a network connectivity issue. Without a quorum, each set of nodes could continue to operate as a failover cluster, even if it would have half of the nodes or less, which could result in creation of two cluster instances from a single failover cluster. A quorum prevents such a splitting of a failover cluster into two parts, where each part would continue to operate as a failover cluster concurrently.
If the available nodes do not achieve majority, then the vote of the witness becomes crucial. Quorum mode, which is configured at the failover cluster level, defines which elements can vote. If the number of votes drops below the majority, the cluster stops running and does not provide failover protection if there is a node failure. Nodes continue to listen for the presence of other nodes, in case another node appears again on the network. However, nodes will not function until a majority consensus or quorum is achieved. Note: Failover cluster functionality depends not only on a quorum, but also on the resources available to cluster nodes and their ability to run cluster services that fail over to that node. For example, a cluster with five nodes will still have a quorum even if two nodes fail. However, each remaining cluster node will continue serving clients only if it has enough resources to run cluster roles that failed over to the remaining three nodes. These resources include storage space, processing power, network bandwidth, and memory. You can configure priority, preferred hosts, and anti-affinity to decide the nodes on which the cluster role can run.
Quorum Modes in Windows Server 2012 Windows Server 2012 R2 supports the following quorum modes: •
Node Majority. Each failover cluster node that is online and has network connectivity can vote. Only failover cluster nodes have a vote, and the cluster provides its services only when the quorum has majority, with more than half the votes. This is the default quorum mode when the cluster has an odd number of nodes and a witness is not necessary, such as when all nodes are located in the same site.
•
Node and Disk, or Node and File Share Majority. Each failover cluster node and a witness, which is either a disk or file share, can vote when they are online and have network connectivity. The cluster provides its services only when quorum has majority of the votes. This quorum model is appropriate when the failover cluster has an even number of nodes.
•
No Majority: Disk Only. The cluster has a quorum if at least one node is available and it has connectivity with a specific disk in the failover cluster storage. Only nodes that can communicate with that disk can join the cluster.
Note: If the disk in the No Majority: Disk Only quorum model is not available, the cluster will stop functioning, even if all nodes are still available. In this mode, a quorum-shared disk is a single point of failure. Therefore, use of this mode is not recommended.
Except for the No Majority: Disk Only quorum mode, all quorum modes are based on a simple majority vote model. As long as a quorum has majority of the votes, the cluster continues to accept client requests. For example, if there are five votes in the cluster, the cluster continues to accept requests as long as the quorum has at least three votes, and the source of the votes is not relevant. A quorum can get a vote from a failover cluster node, a disk witness, or a file-share witness. The failover cluster stops answering requests if the quorum does not receive the majority of the votes. In the No Majority: Disk Only mode, the quorum-shared disk can veto all other possible votes. In this mode, the cluster will continue to function as long as the quorum-shared disk and at least one node are available.
Cluster Node Weights and Dynamic Quorum
MCT USE ONLY. STUDENT USE PROHIBITED
6-10 Implementing Failover Clustering with Hyper-V
Failover clustering in Windows Server 2012 introduces two new concepts regarding quorum: cluster node weights, and dynamic quorum. The concept of cluster node weight is used primarily in environments where failover nodes are located in multiple physical locations. In such environments, you might want the failover cluster running at the primary location even if the failover cluster nodes at the recovery location are not available. To accomplish this, you can assign node weights of 0 for the failover cluster nodes at the recovery location, which effectively revokes their default ability to participate in the quorum voting. For example, if you have a four-node failover cluster and you assign node numbers 3 and 4 a weight of 0, they would not participate in the calculation of a quorum, and only nodes 1 and 2 would participate. If both nodes 3 and 4 were to fail, the failover cluster would continue to work, even if only nodes 1 and 2 are available. Dynamic quorum provides higher availability within a failover cluster by continuously monitoring and adjusting the quorum model based on the available cluster nodes. Cluster quorum calculation is adjusted each time the number of nodes changes, so that even if a failover cluster has less than 50 percent of the original number of nodes, the failover cluster continues to work and cluster roles are still available. With dynamic quorum enabled, a failover cluster can survive with only one node up and running. The only limiting factor is the availability of enough resources such as memory and processor to support the workload. The dynamic quorum model is enabled by default. Windows Server 2012 R2 includes several quorum enhancements, including: •
Dynamic witness. If a failover cluster is configured to use dynamic quorum, which is the default configuration, the witness vote is also dynamically adjusted based on the number of voting nodes in the failover cluster. If the failover cluster has an odd number of votes, the quorum witness does not have a vote. If the failover cluster has an even number of votes, the quorum witness has a vote. The quorum witness vote is also dynamically adjusted based on the state of the witness resource. If the witness resource is offline or has failed, then the witness does not have a vote.
•
Tie breaker for 50 percent node split. Failover cluster can dynamically adjust a node's vote to keep the total number of votes at an odd number. To maintain an odd number of votes, the failover cluster will first adjust the quorum witness vote through dynamic witness. If a quorum witness is not available, then the failover cluster can adjust a node's vote. There is also a new failover cluster property that you can use to determine which site survives if there is a 50 percent node split and neither site has quorum.
•
Quorum user interface improvements. Failover Cluster Manager shows the assigned quorum vote and the current quorum vote for each failover cluster node. Configure and Manage the Quorum in a Windows Server 2012 Failover Cluster http://go.microsoft.com/fwlink/?LinkID=386728 Question: Can a failover cluster that originally had six nodes still run cluster roles if three nodes fail and only three nodes remain online?
What Is Encrypted Cluster Volume? Failover clusters can store sensitive data on shared storage. With Windows Server 2012, you can protect the data on shared storage by using BitLocker-encrypted volumes. BitLocker encryption adds an additional layer of protection for sensitive, highly available data, and you can use it to encrypt both physical disks and CSVs. You can protect data volumes by using BitLocker prior to adding them to the failover cluster, or after they are already in use in the failover cluster. Using BitLocker encryption helps to provides physical security for deployments outside secure data centers, and meets compliance requirements for volume-level encryption.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-11
You can use BitLocker encryption with physical disk resources such as a LUN on a SAN, NAS, or with a CSV. You can turn on BitLocker prior to adding the disk to the storage pool within a cluster. Otherwise, you will need to put the resource into maintenance mode before you can perform BitLocker encryption.
When you use BitLocker on a stand-alone server, the BitLocker protector is stored locally. However, when you use BitLocker encryption in a failover cluster, multiple cluster nodes must be able to access the encrypted volume, and because of this, an Active Directory-based protector is used. You must add the failover cluster Active Directory Domain Services (AD DS) identity as a BitLocker protector to the target disk volumes.
You can manage BitLocker on a failover cluster by either using Windows PowerShell, or by using the Manage-bde.exe command. BitLocker encryption introduces minimal (less than one percent) performance overhead. Before you can use BitLocker in a failover cluster, the following prerequisites must be met: •
Windows Server 2012 or a newer Windows Server operating system with the Failover Clustering feature must be installed and configured on each failover cluster node.
•
Domain controller running Windows Server 2012 or a newer Windows Server operating system must be reachable from all failover cluster nodes.
•
BitLocker must be installed on all failover cluster nodes.
•
Manage-BDE.exe or the BitLocker module for Windows PowerShell must be available to configure BitLocker-encrypted volumes in failover cluster. How to Configure BitLocker Encrypted Clustered Disks in Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=386710 Question: Can you protect data on shared storage by using an encrypted cluster volume if the failover cluster is a member of an AD DS domain with a Windows Server 2008 R2 domain-functional level?
Lesson 2
Configuring and Using Shared Storage
MCT USE ONLY. STUDENT USE PROHIBITED
6-12 Implementing Failover Clustering with Hyper-V
Each node in a failover cluster has local storage on which the operating system and applications are installed. Each node should have access to shared storage, where it can store application configuration information and data. Shared storage is useful in enabling a failover cluster node to continue the cluster service from the point at which it was before the originating node failed.
In this lesson, you will learn how you can use an SMB 3.0 file share as a shared storage for virtual machines, and how you can install and configure an iSCSI target for use by a failover cluster. You will also learn about virtual hard disk sharing, which enables virtual machines to use a virtual hard disk on a highly available location as a shared storage.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the requirements and process of storing virtual machines on an SMB 3.0 file share.
•
Explain the benefits and use of scale-out file servers.
•
Describe iSCSI.
•
Describe the iSCSI target server.
•
Use an iSCSI target server.
•
Describe the considerations for implementing iSCSI storage.
•
Explain how to use virtual hard disk sharing as shared storage.
Storing a Virtual Machine on an SMB 3.0 Shared Folder In the past, if you wanted to run a virtual machine, its data files should have been stored either locally, or on the block storage on the SAN. However, in Windows Server 2012 and newer versions, you can use also SMB 3.0 file shares for storing data files of running virtual machines, which include configuration data, virtual hard disks, checkpoints, and smart paging. Using of SMB 3.0 has many advantages, because you can use the existing knowledge, networking, and server infrastructure, in addition to benefitting from SMB 3.0 features such as SMB transparent failover, SMB scale-out, and SMB multichannel.
Considerations for Use of SMB 3.0
SMB 3.0 file shares can have similar performance and reliability as SANs. Before using them, you should be aware of the following considerations: •
AD DS forest infrastructure is required if you want to use SMB 3.0 file shares. You need to grant permissions for the SMB 3.0 file share to the Hyper-V host computer account, which is created only in a domain environment.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-13
•
The file server must support SMB 3.0 protocol, which means that it must have Windows Server 2012 or a newer Windows Server operating system installed. You can use also non-Microsoft file servers, if they support the SMB 3.0 protocol. Hyper-V does not block older versions of SMB, but Hyper-V Best Practice Analyzer raises an alert when it detects an older version of SMB.
•
Loopback configurations are not supported. These are configurations in which the Hyper-V host is used as the file server, and is configured to use local SMB 3.0 file shares for storing virtual machines.
•
When Hyper-V is running in a failover cluster, it must not store virtual machines on the file server in the same failover cluster. Instead, it must use a file server in another failover cluster or stand-alone file server. This is because when a failover node fails, it could potentially result in the Hyper-V and file server roles running on the same failover cluster node.
•
We recommend that the Hyper-V host stores virtual machines on a continuously available file share on a file server in the failover cluster, and not on a stand-alone file server.
Configuration Steps
The two most important steps when configuring an SMB 3.0 file share for storing virtual machines are: •
Select the SMB Share - Applications profile for the shared folder. You can configure this profile when creating the shared folder by using Server Manager. You will notice that you cannot enable accessbased enumeration or allow caching, because those features are not supported with this share profile.
•
Configure the appropriate NTFS file system and share permissions. The necessary permissions include allowing Full Control for the Hyper-V host and Hyper-V Administrators. If Hyper-V is running in a failover cluster, the computer account for the failover cluster must also have Full Control permissions on the SMB 3.0 file share.
You can also create a shared folder and grant the permissions by using Windows PowerShell. You can create a shared folder for C:\VMs, and grant Full Permissions for the LON-HOST1 account and local Hyper-V Administrators group by running the following Windows PowerShell cmdlets: New-SmbShare -Name VMs -Path C:\VMs -FullAccess Adatum\LON-HOST1$, "Hyper-V administrators" (Get-SmbShare VMs).PresetPathAcl | Set-Acl
Deploy Hyper-V over SMB http://go.microsoft.com/fwlink/?LinkID=386725 Question: Can you store a virtual machine on a shared folder on a Windows Server 2008 R2 file server?
Using a Scale-Out File Server Scale-out file server is one of the failover cluster server roles. Unlike other roles whose behavior in the cluster is the same as on stand-alone server, a scale-out file server features several important improvements. When you add a file server as a cluster role, you can configure it as a file server for general use, or as a scale-out file server for application data. A file server for general use enables you to configure highly available shared folders, which are accessible on one cluster node at the time. If that node fails, another node takes ownership and clients can access the shared folder through that node. Although shared folders are highly available, clients always access them through a single node.
Benefits of Scale-Out File Servers
MCT USE ONLY. STUDENT USE PROHIBITED
6-14 Implementing Failover Clustering with Hyper-V
A scale-out file server has a different approach. Multiple failover nodes can host this role simultaneously, and they all provide access to the data on the same CSV. One node coordinates write operations, and any node on the failover cluster can read the data files on the CSV. This means that if you add a node to a scale-out file server, you increase the total bandwidth that is available for accessing the shared folders. This cluster role is sometimes referred to as an active-active file server, because shared folders can be accessed through multiple nodes. A scale-out file server provides the following benefits: •
Ability to scale capacity dynamically. Because clients can access shared folders through multiple nodes, if the number of clients increases, you can add an additional node to the scale-out file server. You can build a scale-out file server with only two nodes, and you can expand it with additional nodes as needed.
•
Higher Utilization. All failover cluster nodes can accept and serve client requests for all scale-out shared folders. When you combine their bandwidth and processor power, you can achieve higher utilization rates than with any single node. A single failover cluster node is no longer a potential bottleneck, because a scale-out file server can support as many clients as the shared storage can manage.
•
Non-disruptive maintenance and updates. When you need to check the disk, perform maintenance, update, or restart a failover cluster node, the scale-out file server is available without an interruption. This is also true for file server for general use.
•
CSV cache. You can use this feature to allocate system memory as a write-through cache. The CSV cache provides caching of read-only data, which can improve performance for applications such as Hyper-V, when accessing virtual hard disks. CSV cache performs caching at the block level, and not at the file level.
•
Automatic rebalancing of the clients. SMB client connections are tracked per shared folder, instead of per server as it was before Windows Server 2012 R2. Clients are redirected to the failover cluster node with the best access to the volume used by the shared folder. This improves efficiency by reducing redirection traffic between file server nodes.
•
Support for multiple SMB instances. A default SMB instance manages incoming SMB client traffic, while an additional SMB instance is created on each failover cluster node to manage only internode CSV traffic. This feature improves scalability and reliability of traffic between CSV nodes.
•
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-15
Simpler management. You can view and manage file server, storage, and networking by using Server Manager. You can also manage the scale-out file server by using Windows PowerShell.
Note: Clients must support the SMB 3.0 protocol to utilize all the benefits of the scale-out file server. Older clients such as the Windows 7 operating system or Windows Server 2008 R2, which support SMB 2.x, are able to connect to scale-out shared folders. However, they cannot benefit from the SMB transparent failover functionality. Scale-Out File Server for Application Data Overview http://go.microsoft.com/fwlink/?LinkID=386722 Storage and Availability Improvements in Windows Server 2012 R2 http://go.microsoft.com/fwlink/?LinkID=386715 Question: Does a file server cluster for general use support more clients than a stand-alone file server?
What Is iSCSI? iSCSI is a client-server protocol that enables access to remote, small computer system interface (SCSI)–based devices over a TCP/IP network. You can use iSCSI for encapsulating and sending standard SCSI commands over IP networks to any target device that supports SCSI commands. You can use iSCSI to transmit data over local area networks (LANs), wide area networks (WANs), or even over the Internet. The Windows operating system has implemented iSCSI only for accessing block storage devices, and uses the iSCSI initiator to access storage on iSCSI SANs, but not other remote SCSI devices.
iSCSI relies on standard Ethernet networking and does not require any special hardware. It uses the TCP/IP protocol and TCP port 3260 by default to send SCSI commands and transfer data. This means that iSCSI enables two hosts that are communicating over the network to negotiate the session and connection parameters, and then exchange SCSI commands and data as they would were they locally connected. iSCSI emulates a local storage subsystem over LANs and WANs, and provides access to the SAN as if it were a locally attached disk. Unlike Fibre Channel, iSCSI does not require a separate network, and you can run it over the existing IP network infrastructure. Although not required, as a best practice you should use a dedicated and highly available network for iSCSI traffic. An iSCSI deployment includes the following: •
TCP/IP network. You can use standard network infrastructure for connecting servers to iSCSI storage devices. To provide expected performance, the network should be fast, at least 1 Gbps. Understand that with iSCSI, all storage access, read, and write operations happen over the network and not locally. You should also consider having multiple paths between the server and iSCSI storage for redundancy.
MCT USE ONLY. STUDENT USE PROHIBITED
6-16 Implementing Failover Clustering with Hyper-V
•
iSCSI target. iSCSI targets present and advertise local storage as a network block device, as an iSCSI SAN. Many storage vendors implement hardware-level iSCSI targets as part of their storage appliances. Windows Server 2012 includes iSCSI target server as a role service. Because it is critical for storage to be available constantly, you should implement an iSCSI target server as a failover cluster role to make it highly available. To provide network redundancy, you should also configure the MPIO feature to use multiple paths between the server and iSCSI target.
•
iSCSI initiator. The iSCSI initiator is an iSCSI client that connects to the remote iSCSI target and presents it as a locally attached disk. Windows client and Windows Server operating systems include iSCSI initiator, and can connect to iSCSI targets. To use an iSCSI initiator, the iSCSI service must be running. Because this service is not running by default, you should start it before you start using an iSCSI initiator.
•
iSCSI qualified name. iSCSI qualified names are globally unique identifiers that address initiators and targets on an iSCSI network. When you configure an iSCSI target, you must configure it with an iSCSI qualified name. Understanding Microsoft iSCSI Initiator Features and Components http://go.microsoft.com/fwlink/?LinkID=386721 Question: What must you enable and configure in Windows Server 2012 R2 to be able to use storage on an iSCSI SAN?
What Is an iSCSI Target Server? When you install and configure the iSCSI target server role service, Windows Server 2012 R2 can present locally attached storage as an iSCSI block storage device to the clients. By using an iSCSI target server, you can create virtual disks that are similar to LUNs on physical SANs, and expose them as SCSI Logical Units (LUs) to iSCSI initiators. Virtual disks created by using an iSCSI target server have similar names as the virtual hard disks used by Hyper-V, because they use the same .vhdx format, and they share the same characteristics and 64 terabyte (TB) size limits as virtual hard disks. They also can be of the same types as virtual hard disks: fixed size, dynamically expanding, or differencing.
When you create a fixed-size virtual disk, you can clear it on allocation. This means that its entire content is filled with zero values, which removes any fragments of data that might remain on the underlying storage.
After you create a virtual disk, you can assign it to the iSCSI target to make it available to the iSCSI initiators over the network. You can identify the initiators that can access the logical unit by providing their iSCSI qualified name, Domain Name System (DNS) name, IP address or MAC address, or by querying the initiator computer for ID, which is supported only for Windows Server 2012, or for Windows 8 or newer computers that are members of the same AD DS forest. You can also enable the Challenge Handshake Authentication Protocol (CHAP) to authenticate initial connection and iSCSI target. After the client iSCSI initiator connects to the logical unit, it can start using it as a locally attached disk, which means initializing the disk, creating volumes, formatting them, and storing data. If the client is
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-17
running out of space on the logical unit, you can provide it with additional space by extending the virtual disk. Conversely, if the logical unit has too much space for client needs, you can shrink the virtual disk. You can perform both operations online, while the client is connected to the iSCSI target. The iSCSI target server also enables backup applications that are connected to an iSCSI target and are using Volume Shadow Copy Service (VSS) to complete the application-consistent snapshot, while the application is accessing the logical unit. The iSCSI target VSS hardware provider communicates with the iSCSI target server during the VSS snapshot process, and ensures that the snapshot is application-consistent.
The iSCSI target server includes a Storage Management Initiative – Specification provider, which is an industry standard for discovery and management of heterogeneous storage systems. For example, VMM can use functionality to perform the following actions on iSCSI target server: •
Discover and list iSCSI targets and their properties.
•
Discover and list iSCSI logical units and their properties.
•
Create new and delete existing iSCSI logical units.
•
Add storage capacity to a Hyper-V failover cluster.
•
List, create, and delete logical unit snapshots.
•
Mask and unmask logical units on an iSCSI target.
You can manage the iSCSI target server by using Server Manager, or by using Windows PowerShell cmdlets. For example, you can create a new virtual disk by running the following Windows PowerShell cmdlet: New-IscsiVirtualDisk
You can create a new iSCSI target by running the following cmdlet: New-IscsiServerTarget
You can add a virtual disk to an iSCSI target by running the following cmdlet: Add-IscsiVirtualDiskTargetMapping
Introduction of iSCSI Target in Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=386711 iSCSI Target Server in Windows Server 2012 R2 http://go.microsoft.com/fwlink/?LinkID=386712 Question: Can you use an iSCSI target server on Windows Server 2012 R2 to provide storage to a server that is running a non-Microsoft operating system?
Demonstration: Using an iSCSI Target Server In this demonstration, you will see how to use an iSCSI target server.
Demonstration Steps 1.
On LON-HOST1, add LON-SS1 to All Servers.
2.
Use Server Manager to add an iSCSI Virtual disk with following data:
3.
4.
5.
o
Location: E:\
o
iSCSI virtual disk name: Disk11
o
iSCSI virtual disk size: 15 GB
o
iSCSI virtual disk type: Dynamically expanding
Connect the iSCSI virtual disk to the New iSCSI target with following data: o
Target name: Lab6-Host1
o
Access servers: LON-HOST1 and LON-HOST2
MCT USE ONLY. STUDENT USE PROHIBITED
6-18 Implementing Failover Clustering with Hyper-V
Use the Windows PowerShell New-IscsiVirtualDisk cmdlet to create new virtual disk with following parameters: o
Path: C:\iSCSIVirtualDisks\Disk12.vhdx
o
Size: 15 GB
o
ComputerName: LON-SS1
Use the Windows PowerShell Add-IscsiVirtualDiskTargetMapping cmdlet to add a virtual disk to an iSCSI target with the following parameters: o
TargetName: Lab6-Host1
o
Path: C:\iSCSIVirtualDisks\Disk12.vhdx
o
ComputerName: LON-SS1
6.
Refresh Server Manager, and confirm that virtual disk Disk12.vhdx now displays and it is mapped to the Lab6-Host1 target.
7.
On LON-HOST1, open iSCSI Initiator and connect to the Lab6-Host1 target on the LON-SS1 iSCSI target server. Disconnect any previously connected targets.
8.
Use Disk Management to confirm that two disks are now added, that they have a size of 15 GB, and they are all Offline. Note that these are the virtual disks that you just added on the iSCSI target.
Considerations for Implementing iSCSI Storage iSCSI storage is presented as a locally attached disk, although all communication with the storage is over the network. Therefore, it is critical that storage is accessible at all times. When you are planning the iSCSI implementation, you should be aware of the following best practices:
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-19
•
Use a fast network for iSCSI communication. This network will be used for sending SCSI commands and transferring data to and from storage, similar to a local bus for the locally attached storage. You should use at least a 1 Gbps dedicated network for iSCSI. If you use a shared physical network, then you should use QoS policies to ensure that iSCSI is allocated adequate bandwidth. In addition, configure network cards to use jumbo frames on the iSCSI network.
•
Data for the mission-critical workload will be stored on the shared iSCSI storage. Therefore, redundancy is very important. iSCSI SAN appliances have redundancy built into them, but when you use iSCSI target software, you should add the iSCSI target as a cluster role in a failover cluster. You should also ensure that multiple network paths exist between the servers and the storage, and you should install and configure the MPIO feature in Windows Server 2012. Be sure to also consider network equipment such as switches and routers, and ensure that they have redundancy as well.
•
In enterprise environments, you should consider implementing a Microsoft Internet Storage Name Service (iSNS) server, which is used for discovering storage devices on an Ethernet network. iSNS provides automated discovery, management, and configuration of iSCSI devices on a TCP/IP network.
•
Implement security for iSCSI devices. This includes configuring iSCSI targets to allow only connections from approved initiators, configuring authentication for iSCSI traffic, and encrypting iSCSI traffic if required. Be aware that encryption requires additional overhead, and you should offload it to network equipment.
•
Read the vendor-specific best practices for implementing iSCSI storage, and for using it with your applications, such as Hyper-V. Question: How can you control which iSCSI initiators can connect and use an iSCSI target?
Using Virtual Hard Disk Sharing as Shared Storage You can implement failover clustering either at the Hyper-V host level or at the virtual machine level, or you can combine them. Failover clustering at the host level provides high availability for virtual machines. If a virtual machine stops responding or loses network connectivity, it fails over automatically to a different node. Failover clustering at the virtual machine level ensures that cluster roles inside a virtual machine (such as scale-out file server, DHCP server, or generic application), are highly available. If the cluster role is no longer responsive, it fails over automatically to a different virtual machine that is configured as a failover
MCT USE ONLY. STUDENT USE PROHIBITED
6-20 Implementing Failover Clustering with Hyper-V
clustering node. This virtual machine must be running either on the same Hyper-V host, or on a different one. When you use failover clustering at both levels, you realize many benefits. However, you also realize the downside of increased complexity. Virtual machines and the cluster roles are highly available. To provide failover clustering functionality, you need shared storage for the quorum, for cluster roles configuration, and for data storage. You can use iSCSI or Fibre Channel SAN as a shared storage with Hyper-V failover clustering, in addition to an SMB 3.0 file share. You can also use both SAN types with virtual machine clustering.
Windows Server 2012 R2 introduces a third option—you can use virtual hard disk sharing and use that disk as shared storage. Virtual hard disk sharing presents a disk as a Serial Attached SCSI disk, and failover clustering can then use it as a shared storage.
The following table shows a comparison between iSCSI, Fibre Channel, and virtual hard disk sharing when used for virtual machine shared storage: Capability
Shared .vhdx
Virtual Fibre Channel
ISCSI in a virtual machine
Supported storage
Storage Spaces, Serial Attached SCSI, Fibre Channel, iSCSI, SMB
Fibre Channel SAN
iSCSI SAN
How is storage presented in virtual machine
Virtual Serial Attached SCSI
Virtual Fibre Channel LUN
iSCSI LUN
Data flows through the HyperV switch
No
No
Yes
Storage is configured at the Hyper-V host level
Yes
Yes
No
Provides low latency and low CPU use
Yes (RDMA or Fibre Channel)
Yes (Fibre Channel)
No
Requires specific hardware
No
Yes
No
Switch must be reconfigured when virtual machine is migrated
No
Yes
No
Exposes storage architecture
No
Yes
Yes
Before you can use a shared virtual hard disk as a shared storage, you must first meet the following requirements: •
The virtual hard disk must use .vhdx format. You can enable virtual hard disk sharing only on .vhdx disks, and not on virtual hard disks that use the .vhd format.
•
The virtual hard disk must be connected to a SCSI virtual controller. You cannot enable virtual hard disk sharing for disks that are connected to a virtual IDE adapter.
•
A shared virtual hard disk can only store data, and you cannot start a virtual machine from it. This is also true for Generation 2 virtual machines, which can start from the virtual SCSI controller.
•
A shared virtual hard disk must be stored on a highly available location, either on scale-out file server share, or on CSV. If a virtual hard disk is stored locally or on the SMB 3.0 file share, you cannot enable virtual hard disk sharing.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-21
•
You can enable virtual hard disk sharing only if the virtual machine is turned off. Although you can add or remove virtual hard disks to a virtual SCSI adapter while the virtual machine is running, you can enable or disable virtual hard disk sharing only when the virtual machine is turned off.
•
To be able to use virtual hard disk sharing, the virtual machine must be running a supported Windows Server operating system, and it must have the latest version of integration services installed. Supported operating systems are currently Windows Server 2012 and Windows Server 2012 R2. You cannot use shared virtual hard disks from client operating systems or older Windows Server operating systems.
You can enable virtual hard disk sharing from the advanced settings of the virtual hard disk in Hyper-V Manager, or by using the Windows PowerShell Add-VMHardDiskDrive cmdlet with the ShareVirtualDisk parameter. For example, if you want to add shared virtual hard disk named disk1.vhd, which is located on the highly available share \\LON-HOST1\files, to a virtual machine named VM1, you would run the following cmdlet: Add-VMHardDiskDrive -VMName VM1 -Path \\LON-HOST1\files\Disk1.vhdx -ShareVirtualDisk
Deploy a Guest Cluster Using a Shared Virtual Hard Disk http://go.microsoft.com/fwlink/?LinkID=386720 Question: Do you need to install anything into the virtual machine to enable virtual hard disk sharing?
Lesson 3
Implementing and Managing Failover Clustering with Hyper-V
MCT USE ONLY. STUDENT USE PROHIBITED
6-22 Implementing Failover Clustering with Hyper-V
Failover clustering provides high availability for virtual machines. Making virtual machines highly available is similar to making any other role highly available. You should first install servers, configure the shared storage, install the Hyper-V role on all the servers that will run virtualization load, validate and create cluster, and then create highly available virtual machines. You should ensure that all virtual machine data files are on shared storage, otherwise the virtual machine will not be highly available. When configuring the virtual machine cluster role, you will notice that many configuration settings such as priority, failover, and failback, are the same as for the other cluster roles. However, some other settings such as monitoring virtual machine heartbeat and applications, or network connectivity are specific to virtual machines. For running virtual machines in a failover cluster, you do not need any additional cluster roles, but when you want to replicate a virtual machine to a failover cluster node, you should first add the Hyper-V Replica Broker cluster role to a failover cluster.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the steps for failover cluster implementation.
•
Describe Hyper-V validation tests.
•
Create a failover cluster.
•
Describe the configuration of highly available virtual machines.
•
Describe virtual machine monitoring.
•
Create and manage a virtual machine clustered role.
•
Describe the Hyper-V Replica Broker role.
•
Describe cluster-aware updating.
Implementing a Failover Cluster Before you can implement a failover cluster, you must have all required infrastructure available, such as AD DS domain and server hardware. To implement a failover cluster, you must complete the following high-level steps: 1.
Install and configure servers that will become failover cluster nodes. You should verify that servers use the same hardware, including processors and network adapters. You should also ensure that you install the same Windows Server operating system version on all servers. Ensure also that you install the Failover Cluster feature on all servers.
2.
Configure shared storage. This includes configuring the storage, for example creating LUNs or iSCSI targets, configuring MPIO, connecting servers to the storage, and creating volumes.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-23
3.
Install roles on the servers that you want to make highly available. For example, you can install Hyper-V if you plan to create highly available virtual machines, and install file and storage services if you plan to create a scale-out file server. You need to install roles only on servers that will host the cluster role. For example, if you plan to have an eight-node failover cluster, but virtual machines will run on only five nodes, you should install the Hyper-V role on only five servers.
4.
Validate the configuration and create a failover cluster. The failover cluster includes the Validate a Configuration Wizard, which validates all of the prerequisites for creating a failover cluster and provides warnings or errors if any component does not meet the requirements. Before you create a failover cluster, you should resolve any issues that the wizard reports. You can create a failover cluster by using the Failover Cluster Manager, or by using Windows PowerShell.
5.
Create cluster roles. These are the highly available roles that run in a failover cluster. The High Availability Wizard has several often-used cluster roles, such as file server or virtual machine. After you create the cluster role, you can test the failover by moving the role between failover cluster nodes. Deploy a Hyper-V Cluster http://go.microsoft.com/fwlink/?LinkID=386729 Question: Can you implement a failover cluster by using the Windows Server 2012 R2 Standard operating system?
Hyper-V Validation Tests The failover clustering feature includes a collection of tests, which you should perform on the failover cluster. You can run the validation process at any time before, during, or after creating a failover cluster. You should run the initial validation before creating the failover cluster, and prior to making any change to the failover cluster configuration.
To obtain Microsoft support for the failover cluster (if needed), you must have successfully validated the failover cluster. The validation process includes a series of tests to validate configuration of the nodes, including connectivity between the nodes, and connectivity and functionality of the shared storage. You require at least two nodes to run all the tests. This is because if you run the validation with a single node, several important storage tests will not be performed. You can validate a cluster as part of the cluster creating process, or you can run it later from the Failover Cluster Manager or by using the Windows PowerShell cmdlet Test-Cluster. Note: Some validation tests do not run until you create a cluster or install server roles. For example, the Cluster Configuration tests will not run until after you create the cluster, and Hyper-V tests will not run if you have not yet installed the Hyper-V role on the cluster nodes.
You can also use the cluster validation process as a troubleshooting tool on a configured cluster. When running the validation process, you can select a subset of the validation tests to help you troubleshoot. The validation process will warn you if storage tests are selected, but they will not run on a failover cluster that already has allocated storage online.
MCT USE ONLY. STUDENT USE PROHIBITED
6-24 Implementing Failover Clustering with Hyper-V
Validation is not mandatory, but we strongly recommend it as a best practice. Furthermore, validation is required if you want to have a supported failover clustering configuration. You should perform validation after each change in configuration, including the following: •
Run validation tests on the failover cluster. To have a supported configuration and to rule out configuration problems, you are required to run validation tests on the failover cluster successfully. The report shows any errors and warnings for your configuration, and what you should do to avoid them. For example, the report will warn you if there is no network redundancy or if servers are not running the same edition of the Windows Server or Windows client operating systems.
•
Before adding a node to a failover cluster. You should run a validation test to confirm that the server is configured properly and that it has connectivity to shared storage.
•
When adding new shared storage. When you add new shared storage to the cluster, you should run validation to confirm that new storage will function correctly (for example, that it supports SCSI-3 persistent reservation). To minimize the impact on availability, you should run the validation after you attach the storage, but before you begin using the new LUNs.
•
When updating firmware and drivers. You should run validation to confirm that the new combination of hardware, firmware, drivers, and software supports your failover cluster functionality.
•
After restoring a node from backup. Run the validation to confirm that the restored node can function properly as part of the failover cluster.
As part of the cluster role validation, the following tests are performed if the Hyper-V role is installed on failover cluster nodes: •
List Hyper-V Virtual Machine Information. This test lists virtual machine information for each virtual machine in the failover cluster. Test information includes the virtual machine name, the node that is hosting the virtual machine, heartbeat connectivity to the virtual machine, and the version of the installed integration services.
•
List Information About Servers Running Hyper-V. This test lists Hyper-V host-related information on each specified node, for example, if they are Virtual Machine Queue (VMQ)–capable and single root I/O virtualization (SR-IOV)–capable.
•
Validate Compatibility of virtual Fibre Channel SANs for Hyper-V. This test validates that each node in the failover cluster is configured with the same set of virtual Fibre Channel SANs.
•
Validate Hyper-V Integration Services Version. This test validates that all virtual machines are running the up-to-date version of the Hyper-V integration services.
•
Validate Hyper-V Memory Resource Pool Capability. This test validates that memory resource pools with the same names are present on all specified nodes.
•
Validate Hyper-V Network Resource Pool and Virtual Switch Compatibility. This test validates that all nodes in the failover cluster have the same set of network resource pools and virtual switches with the same names.
•
Validate Hyper-V Processor Resource Pool Compatibility. This test validates that all nodes in the failover cluster have the same set of processor resource pools.
•
Validate Hyper-V Role Installed. This test validates that all nodes in the failover cluster have the Hyper-V role installed.
•
Validate Hyper-V Storage Resource Pool Compatibility. This test validates that all nodes in the failover cluster have storage resource pools that share the same name.
•
Validate Hyper-V Virtual Machine Network Configuration. This test validates that all virtual machines on the failover cluster nodes are configured with cluster-compatible network settings; for example, virtual machines are configured with correct network resource pool.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-25
•
Validate Hyper-V Virtual Machine Storage Configuration. This test validates that all virtual machines are configured with cluster-compatible storage settings; for example, virtual machine data files are on cluster storage. If virtual Fibre Channel adapters are used, it verifies if the virtual machine is configured with at least two virtual Fibre Channel adapters.
•
Validate Machine Processor Manufacturers. This test validates that all failover cluster nodes use processors from the same manufacturer. Validate Hardware for a Failover Cluster http://go.microsoft.com/fwlink/?LinkID=386726 Question: Why is it important that all failover cluster nodes have processors from the same manufacturer?
Demonstration: Creating a Failover Cluster In this demonstration, you will see how to create a failover cluster.
Demonstration Steps Note: This task should be performed only on LON-HOST1. 1.
On LON-HOST1, use the Failover Cluster Manager to create a new cluster with the following data (accept default values on all other wizard pages): o
Servers in cluster: LON-HOST1, and LON-HOST2
o
Cluster Name: LON-CLUST.
o
Address: 172.16.10.105
2.
Use Active Directory Users and Computers to confirm that in the Computers container, there are computer accounts for LON-HOST1, LON-HOST2, and LON-CLUST (which was added when you created the failover cluster).
3.
On LON-HOST1, use File Explorer to confirm that the C:\ClusterStorage folder is empty.
4.
Use the Failover Cluster Manager to add Cluster Disk 2 to Cluster Shared Volumes.
5.
Use File Explorer to confirm that the C:\ClusterStorage folder now contains a mounted volume for Volume1.
Configuring Highly Available Virtual Machines A single Windows Server 2012 failover cluster can run up to 8,000 virtual machines, and each failover cluster node can run up to 1,024 virtual machines, providing it has enough resources. A highly available virtual machine must store all of its data on shared storage, which can be either a continuously available SMB 3.0 file share on scaleout file server, or a CSV.
MCT USE ONLY. STUDENT USE PROHIBITED
6-26 Implementing Failover Clustering with Hyper-V
You can create highly available virtual machines as a cluster role, either by using Windows PowerShell or by using the Failover Cluster Manager. You can also configure an existing virtual machine as highly available by using the High Availability Wizard. If the virtual machine data files are not stored on shared storage, you will receive a warning, and the virtual machine will not be highly available until you move its data to shared storage. You can configure basic properties for the highly available virtual machine on the role Properties page, The Priority setting is one of these properties, and it controls which virtual machines (or cluster roles in general) have priority over others. This is important when a failover cluster starts and when virtual machines fail over to a different node.
For example, when failover cluster starts, resources are allocated first to virtual machines with high priority, and as a result, they are started first. Only after that will virtual machines with medium priority be started. The failover cluster will continue to start virtual machines until they are all started or there are no more nodes in the failover cluster with resources available. The Priority setting is set to Medium by default, and you can change it to Low, High, and No Auto Start. When a failover cluster is placing virtual machines on the failover nodes, it uses the following rules: •
Start a virtual machine on the same node it was running on previously.
•
Move a virtual machine to a node that is on the virtual machine’s Preferred Owners list.
•
If the node on which a virtual machine was running previously is not available, the failover cluster will place the virtual machine on another node, based on available resources (primarily memory).
•
If a virtual machine cannot be started, the failover cluster continues to contact all the nodes every five minutes to find out if any node has enough resources available. When enough resources become available, the virtual machine is started.
You can configure the virtual machine’s Preferred Owners list on the role Properties page. The failover cluster will try to start the virtual machine on the Hyper-V host that is highest on the virtual machine’s Preferred Owners list. If it is not able to start the virtual machine on any of the preferred owners, it will try to start it on one of the possible owners, which you can configure on the Advanced Policies tab for the virtual machine’s resource properties. If the virtual machine cannot be started on any possible owners, then the failover cluster will move it to any other failover cluster node, but will not start it there. On the Failover tab of the role properties page, you can also configure failover and failback settings. You can specify the number of times that the failover cluster will attempt to restart or fail over the cluster role in the specified period, and whether the cluster role will fail back automatically to the most preferred owner when it is available again.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-27
On the Settings tab of the virtual machine’s resource properties page, you can configure two settings regarding virtual machine health monitoring, both of which are enabled by default: •
Enable heartbeat monitoring for the virtual machine. This setting enables the failover cluster to periodically check the Heartbeat integration service in the virtual machine. If the heartbeat stops, it can restart and fail over the virtual machine.
•
Enable automatic recovery for application health monitoring. This setting enables you to configure application health monitoring for applications and services that are running inside the virtual machine.
When you want to prevent virtual machines from running on the same Hyper-V host, you can use anti-affinity. Some examples include when virtual machines use a significant amount of resources, or because a company policy requires that they never run on the same physical host. The failover cluster will move virtual machines that have the same AntiAffinityClassNames property to different failover cluster nodes. You can configure this property by using Windows PowerShell, or by using VMM, in which AntiAffinityClassNames is called availability sets. You cannot configure it by using Failover Cluster Manager. Clustered Role and Resource Properties http://go.microsoft.com/fwlink/?LinkID=386718 AntiAffinityClassNames http://go.microsoft.com/fwlink/?LinkID=386717 Question: Will a virtual machine ever fail over to a node that is not on either its preferred owners list or its possible owners list?
Virtual Machine Monitoring Failover clusters provide high availability for the roles that are configured in that cluster. Failover clusters also monitor the roles, and take action when there is an issue with role availability. A virtual machine is one of the cluster roles and when a virtual machine does not respond to a heartbeat, the failover cluster can restart or fail over the virtual machine to a different cluster node.
Prior to Windows Server 2012, a failover cluster was not able to monitor applications that were running inside a virtual machine. For example, if you used a virtual machine as a print server, the failover cluster was not able to detect if the Print Spooler service in the virtual machine had stopped. As a result, the failover cluster would not take any action, even though the print server did not work, because the virtual machine was still responding to a heartbeat. Failover clustering in Windows Server 2012 has the ability to monitor and detect application health for applications and services that run inside a virtual machine. If a service in a virtual machine stops responding, or if an event is added to the System, Application, or Security logs, the failover cluster can take actions such as restarting the virtual machine or failing it over to a different node to restore the
MCT USE ONLY. STUDENT USE PROHIBITED
6-28 Implementing Failover Clustering with Hyper-V
service. The only requirement is that the failover cluster node and virtual machine must be running Windows Server 2012 or newer Windows Server operating system, and have integration services installed. You can configure virtual machine monitoring by using either the Failover Cluster Manager or Windows PowerShell. By default, a failover cluster is configured to monitor virtual machine health, in addition to applications and services within that virtual machine. Heartbeat monitoring requires that integration services is installed on the virtual machine, and that you can verify the monitoring configuration on the Settings tab of the virtual machine resource Properties dialog box.
To add monitoring of the specific services that are running in the virtual machine, right-click the virtual machine cluster role, click More actions, and then click Configure Monitoring. From there you can select services to monitor inside the virtual machine. The failover cluster will take action only if a service stops responding, and in the Services Control Manager if the service is configured with Take No Actions recovery setting.
Windows Server 2012 R2 can also monitor failure of virtual machine storage and loss of network connectivity. Storage failure detection can detect the failure of a virtual machine boot disk or any other virtual hard disk that the virtual machine is using. If failure happens, the failover cluster moves the virtual machine and then restarts it on a different node. You can also configure a virtual network adapter to connect to a protected network. If network connectivity to such network is lost because of reasons such as physical switch failure or disconnected network cable, the failover cluster will move the virtual machine to a different node to restore network connectivity. Guest Clustering and VM Monitoring in Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=386714 Question: How can you monitor an application that is installed in a Windows Server 2012 R2 virtual machine, but is not running as a service? Question: How should you configure a service in a highly available virtual machine by using Service Control Manager, if you plan to monitor it by failover cluster?
Demonstration: Creating and Managing the Virtual Machine Clustered Role In this demonstration, you will see how to create and manage a virtual machine clustered role.
Demonstration Steps 1.
On LON-HOST1, use the Failover Cluster Manager to create a new virtual machine with following data: o
Host to create virtual machine on: LON-HOST1
o
Name: LON-HA1
o
Location: C:\ClusterStorage\Volume1\
o
Memory: Use Dynamic Memory
2.
On LON-HOST1, use the Failover Cluster Manager to set LON-HA1 startup priority to Low.
3.
Use the Failover Cluster Manager to configure LON-HOST1 as the preferred owner for the LON-HA1 role.
4.
5.
Configure LON-HA1 with the following values: o
Maximum failures in the specified period: 2
o
Period in which this can happen: 3
Configure the Virtual Machine LON-HA1 resource with the following value: o
Period for restart (mm:ss): 10:00 minutes
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-29
6.
Confirm that LON-HOST1 and LON-HOST2 are set as Possible Owners.
7.
On LON-HOST1, use the Windows PowerShell Add-ClusterVirtualMachineRole cmdlet to add the 20409B-LON-PROD1 virtual machine as a clustered role.
8.
On LON-HOST1, use the Failover Cluster Manager to confirm that in the 20409B-LON-PROD1 clustered role, no services are monitored currently.
9.
Use Failover Clustering Manager to configure monitoring for LON-PROD1, and then click Print Spooler as service to be monitored.
10. Use Failover Cluster Manager to confirm that Print Spooler is listed under Monitored Services.
What Is the Hyper-V Replica Broker Role? Hyper-V Replica is a feature that provides a business continuity solution for virtual machines. It allows virtual machines that are running on a Hyper-V host or a Hyper-V failover cluster at a primary site to be replicated to a replica Hyper-V host at a secondary site, (usually across a WAN link). Primary and replica Hyper-V hosts can be part of a failover cluster, and virtual machines that are configured for replication can move between cluster nodes. For replication to continue without interruption, it is important to know at all times on which failover cluster node the virtual machine is running.
The Hyper-V Replica Broker cluster role provides the virtual machine to the replica Hyper-V cluster node mapping. It also redirects incoming replication traffic for a virtual machine to the appropriate node in the failover cluster on which the virtual machine is running. When the replica virtual machine is moved, it sends a notification packet to the primary server with the new Hyper-V node to which the replica has been moved. The primary Hyper-V host then connects to the replica Hyper-V host, which is a node in the failover cluster, and then continues the replication.
For example, consider a primary virtual machine that is running on ServerA in Failover cluster 1, and a replica virtual machine that is running on Server1 in Failover cluster 2. If Server1 fails, the replica fails over to Server2 in the same failover cluster. The Hyper-V Replica Broker sends a notification message to the primary Hyper-V host, which then establishes a replication connection with Server2 as a replica. If ServerA fails, the primary virtual machine fails over to ServerC in Failover cluster 1. ServerC queries the Hyper-V Replica Broker, and then establishes a replication connection with Server2. Question: When do you need a Hyper-V Replica Broker?
What Is Cluster-Aware Updating? Installing operating system updates is often a manual and time-consuming process, especially with a failover cluster that has many nodes. Cluster-Aware Updating (CAU) is a feature that updates failover cluster nodes automatically, without user interaction and with minimal or no downtime. For many cluster roles, CAU triggers a planned failover, which can cause a short service interruption for connected clients. For roles such as scale-out file server and Hyper-V, which have continuous availability and live migration, CAU updates the failover cluster without interrupting service availability. CAU orchestrates and automates the update process by performing the following actions: 1.
Puts a failover cluster node into maintenance mode.
2.
Moves the cluster roles to a different failover cluster node.
3.
Installs the updates and any dependent updates.
4.
Restarts the failover cluster node, if necessary.
5.
Brings the node out of maintenance mode.
6.
Fails back cluster roles that were moved from this node.
7.
Continues the update on the next failover cluster node.
CAU can coordinate the complete cluster updating operation in two modes:
MCT USE ONLY. STUDENT USE PROHIBITED
6-30 Implementing Failover Clustering with Hyper-V
•
Remote-updating mode. In this mode, updating is coordinated by a computer, which is not the failover cluster node. This computer is called the orchestrator, and it must have failover clustering administrative tools installed. You can trigger on-demand updating from the orchestrator by using a default or custom Updating Run profile. Remote-updating mode is useful for monitoring real-time progress during the Updating Run, or for updating failover cluster nodes that do not have a GUI.
•
Self-updating mode. In this mode, CAU is configured as a cluster role in the failover cluster, and an associated update schedule is defined. In this mode, CAU does not have a dedicated orchestrator computer, but the cluster updates itself at scheduled times by using a default or custom Updating Run profile. During the Updating Run, the CAU orchestrator process starts on the failover cluster node that currently owns the CAU cluster role, and the process updates cluster nodes one after another. In the self-updating mode, CAU can update the failover cluster by using a fully automated updating process. You can also trigger updates on demand if so desired. You can view information about an Updating Run by running the Windows PowerShell cmdlets Get-CauRun and Get-CauReport. Cluster-Aware Updating Overview http://go.microsoft.com/fwlink/?LinkID=386724
Update Management in Windows Server 2012: Revealing Cluster-Aware Updating and the New Generation of WSUS http://go.microsoft.com/fwlink/?LinkID=386713 Question: Is there any downtime when you update nodes in a failover cluster by using CAU?
Lab: Implementing Failover Clustering with Hyper-V Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-31
A. Datum Corporation has implemented the Hyper-V virtualization platform in one of their subsidiaries. Most of the host servers in the subsidiary have been converted to Hyper-V hosts, including several servers that run critical business applications. These critical applications need to be available at all times, and the availability should not be affected by the failure of a single host machine. A. Datum has identified failover clustering as the best option for implementing this level of availability. You need to implement a high availability solution for these virtual machines by deploying failover clustering for the virtual machines. You also need to configure highly available virtual machines and virtual machine monitoring.
Objectives After completing this lab, you will be able to: •
Create a Hyper-V failover cluster.
•
Manage a Hyper-V failover cluster.
Lab Setup Estimated Time: 90 minutes Virtual machines: 20409B-LON-HOSTx, 20409B-LON-CLx, 20409B-LON-DC1, and 20409B-LON-SS1 User name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps: 1.
Sign in to the LON-HOSTx computer as Adatum\Administrator with the password of Pa$$w0rd.
2.
On LON-HOST1 start Hyper-V Manager.
3.
In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.
4.
In the Actions pane, click Connect. Wait until the virtual machine starts.
5.
Sign in by using the following credentials:
6.
o
User name: Adatum\Administrator
o
Password: Pa$$w0rd
Repeat steps 3-5 for 20409B-LON-SS1 and 20409B-LON-CLx.
LON-HOST1 and LON-HOST2 are sometimes referenced as LON-HOSTx, which indicates that each student can perform the lab tasks on his or her computer. Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines. However, you can shut down all virtual machines after finishing this lab. You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.
Exercise 1: Creating a Hyper-V Failover Cluster Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
6-32 Implementing Failover Clustering with Hyper-V
A. Datum has decided that they will use iSCSI shared storage for failover clusters. For this purpose, you need to create a proof-of-concept deployment, where you can also demonstrate how to extend iSCSI logical units online. To perform this task, you decide to use one of the existing file servers and configure the iSCSI target server on it. You also need to add the shared storage to the servers, verify that it is configured properly, and create a failover cluster. The main tasks for this exercise are as follows: 1.
Create an Internet small computer system interface (iSCSI) target.
2.
Connect to an iSCSI target and create volumes.
3.
Extend iSCSI logical units online.
4.
Install the Failover Clustering feature.
5.
Create a failover cluster.
6.
Add a Cluster Shared Volume (CSV).
Task 1: Create an Internet small computer system interface (iSCSI) target 1.
On LON-HOSTx, add LON-SS1 to All Servers.
2.
Use Server Manager to add an iSCSI Virtual disk with the following settings:
3.
4.
5.
6.
o
Location: E:\
o
Name: Diskx1
o
iSCSI virtual disk size: 10 GB
o
iSCSI virtual disk type: Dynamically expanding
Connect the iSCSI virtual disk to the New iSCSI target with following data: o
Target name: Lab6-Hostx
o
Access servers: LON-HOST1 and LON-HOST2
Use the Windows PowerShell New-IscsiVirtualDisk cmdlet to create a new virtual disk with following parameters: o
Path: E:\iSCSIVirtualDisks\Diskx2.vhdx
o
Size: 10GB
o
ComputerName: LON-SS1
Use the Windows PowerShell New-IscsiVirtualDisk cmdlet to create a new virtual disk with the following parameters: o
Path: E:\iSCSIVirtualDisks\Diskx3.vhdx
o
Size: 15GB
o
ComputerName: LON-SS1
Use the Windows PowerShell Add-IscsiVirtualDiskTargetMapping cmdlet to add the virtual disk to the iSCSI target with the following parameters: o
TargetName: Lab6-Hostx
o
Path: E:\iSCSIVirtualDisks\Diskx2.vhdx
o
ComputerName: LON-SS1
7.
8.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-33
Use the Windows PowerShell Add-IscsiVirtualDiskTargetMapping cmdlet to add a virtual disk to the iSCSI target with the following parameters: o
TargetName: Lab6-Hostx
o
Path: E:\iSCSIVirtualDisks\Diskx3.vhdx
o
ComputerName: LON-SS1
Refresh Server Manager, and confirm that virtual disks Diskx2.vhdx and Diskx3.vhdx now display, and that they are mapped to target Lab6-Hostx.
Note: Although both students created an iSCSI target, only the Lab6-Host1 iSCSI target will be used for creating the failover cluster.
Task 2: Connect to an iSCSI target and create volumes 1.
On LON-HOSTx, use iSCSI Initiator to connect to the target with Lab6-Host1 in the name, on the iSCSI target server named LON-SS1. Disconnect any pre-existing targets.
2.
Use Disk Management to confirm that three disks are added, that they have size of 10GB, 10GB, and 15GB, and that they are all Offline. These are the virtual disks that you just added on the iSCSI target.
3.
On LON-HOST1, use Computer Management to bring Disk 3, Disk 4, and Disk 5 online, and to initialize all three disks.
4.
Create and format simple volumes on Disk 3, Disk 4, and Disk 5 with default values. Note: Perform step 5 only on LON-HOST2.
5.
Use Computer Management to bring the three new disks online.
Task 3: Extend iSCSI logical units online 1.
On LON-HOST1, use Server Manager to extend the E:\iSCSIVirtualDisks\Diskx1.vhdx virtual disk to 15 GB.
2.
Refresh Disk Management, and confirm that disk in the details pane is extended with 5 GB of unallocated space.
3.
Use the Extend Volume Wizard to extend the volume on the disk to allocate all available disk space.
4.
Confirm that the partition is now expanded to 15 GB. You expanded it while it was online, while it was in use.
Task 4: Install the Failover Clustering feature •
On LON-HOSTx, use Server Manager to install the Failover Clustering feature. Note: Both students should finish with this task before you continue.
Task 5: Create a failover cluster Note: Perform this task only on LON-HOST1. 1.
2.
MCT USE ONLY. STUDENT USE PROHIBITED
6-34 Implementing Failover Clustering with Hyper-V
On LON-HOST1, use the Failover Cluster Manager to create a new cluster with following data (accept default values on all other wizard pages): o
Servers in cluster: LON-HOST1 and LON-HOST2
o
Cluster Name: LON-CLUST
Use Active Directory Users and Computers to confirm that in the Computers container there are computer accounts for LON-HOST1, LON-HOST2, and LON-CLUST (which was added when you created the failover cluster).
Task 6: Add a Cluster Shared Volume (CSV) 1.
On LON-HOSTx, use File Explorer to confirm that the C:\ClusterStorage folder is empty.
2.
Use the Failover Cluster Manager to add the first Cluster Disk with Available Storage status to Cluster Shared Volumes if you are on LON-HOST1, or the second Cluster Disk with Available Storage status to Cluster Shared Volumes if you are on LON-HOST2.
3.
Use File Explorer to confirm that the C:\ClusterStorage folder contains mounted volumes for Volume1 and Volume2, which were added when you and your partner added disks to the CSV.
4.
Create a new text document with your name in the C:\ClusterStorage\Volumex folder.
5.
Confirm that the C:\ClusterStorage\Volumey folder contains a file with your partner’s name. Notice that now, all cluster nodes have access to the CSV.
Note: If file with your partner’s name is not in the C:\ClusterStorage\Volumey folder, wait until your partner creates a file.
Results: After completing this exercise, you should have created a Hyper-V failover cluster.
Exercise 2: Managing a Hyper-V Failover Cluster Scenario
As part of the proof-on concept deployment, you need to configure virtual hard disk sharing, which you will use later as shared storage for virtual machine clustering. You also need to create highly available virtual machines and configure their settings. Because several virtual machines will be used as print servers, you need to configure monitoring that will notify you if the print spooler service in those virtual machines stops. The main tasks for this exercise are as follows: 1.
Configure virtual hard disk sharing.
2.
Create a highly available virtual machine.
3.
Configure a highly available virtual machine.
4.
Configure virtual machine monitoring.
5.
Move a virtual machine between failover cluster nodes.
6.
Destroy a failover cluster.
Task 1: Configure virtual hard disk sharing 1.
2.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-35
On LON-HOSTx, use the Windows PowerShell New-VHD cmdlet to create virtual hard disks on local storage by using following parameters: o
Path: C:\Shares\HDD1x.vhdx
o
SizeBytes: 10 GB
o
Type: Dynamically Expanding
Use the Windows PowerShell New-VHD cmdlet to create virtual hard disks on CSV by using following parameters: o
Path: C:\ClusterStorage\Volumex\HDD2x.vhdx
o
SizeBytes: 10 GB
o
Type: Dynamically Expanding
3.
Use the Windows PowerShell Add-VMHardDiskDrive cmdlet to add both of the virtual hard disks that you created to the SCSI virtual adapter of the 20409B-LON-PRODx virtual machine.
4.
If the 20409B-LON-PRODx virtual machine is running, then turn it off.
Note: You cannot modify a virtual hard disk’s sharing setting while the virtual machine is running. 5.
Use Hyper-V Manager to confirm that 20409B-LON-PRODx has two hard disks listed under SCSI Controller: HDD1x.vhdx, and HDD2x.vhdx.
6.
Try to Enable virtual hard disk sharing for the HDD1x.vhdx virtual hard disk.
Note: The Error applying Hard Disk Drive changes message displays, because local storage where HDD1x.vhdx is located does not support virtual hard disk sharing. 7.
Try to Enable virtual hard disk sharing for HDD2x.vhdx. Note: This time you do not get any error, because the virtual hard disk is stored on a CSV.
8.
Verify that that 20409B-LON-TESTx is turned off.
9.
Use the Windows PowerShell Add-VMHardDiskDrive cmdlet to add the C:\ClusterStorage \Volumex\HDD2x.vhdx virtual hard disk to the SCSI virtual controller of the LON-TESTx virtual machine.
10. Start the 20409B-LON-PRODx virtual machine. 11. Start the 20409B-LON-TESTx virtual machine. Note: Notice that an error message displays, because HDD2x.vhdx is already in use by a virtual machine.
12. Use Hyper-V Manager to Enable virtual hard disk sharing for the HDD2x.vhdx virtual hard disk of the 20409B-LON-TESTx virtual machine.
13. Start the 20409B-LON-TESTx virtual machine. Note: Notice that this time LON-TESTx starts without an error, as it is now configured with virtual hard disk sharing. 14. Sign in to both the LON-TESTx and LON-PRODx computers.
MCT USE ONLY. STUDENT USE PROHIBITED
6-36 Implementing Failover Clustering with Hyper-V
15. Open Disk Management, and confirm that the shared virtual hard disk is available as shared storage to both computers. 16. Remove HDD1x.vhdx and HDD2x.vhdx virtual hard disks from 20409B-LON-PRODx. 17. Remove HDD2x.vhdx virtual hard disk from 20409B-LON-TESTx.
Task 2: Create a highly available virtual machine 1.
2.
On LON-HOSTx, use the Failover Cluster Manager to create a new virtual machine with the following settings: o
Host to create virtual machine on: LON-HOSTx
o
Name: LON-HAx
o
Location: C:\ClusterStorage\Volumex\
o
Memory: Use Dynamic Memory
On LON-HOSTx, use the Windows PowerShell Add-ClusterVirtualMachineRole cmdlet to add a highly available virtual machine with following parameters: o
3.
VMName: 20409B-LON-CLx
Use the Failover Cluster Manager to confirm that LON-HAx and 20409B-LON-CLx are listed as clustered Roles.
Task 3: Configure a highly available virtual machine 1.
On LON-HOSTx, use the Failover Cluster Manager to set LON-HAx startup priority to Low.
2.
Use Failover Cluster Manager to configure LON-HOSTx as the preferred owner for the LON-HAx role.
3.
Use Failover Cluster Manager to configure LON-HAx with the following settings: o
Maximum failures in the specified period: 2
o
Period: 3
4.
Use the Failover Cluster Manager to configure Virtual Machine LON-HAx on the Resources tab with Period for restarts (mm:ss) set to 10:00 minutes.
5.
Confirm that both LON-HOST1 and LON-HOST2 are set as Possible Owners, and that heartbeat monitoring is enabled for LON-HAx.
Task 4: Configure virtual machine monitoring 1.
On LON-HOSTx, use the Windows PowerShell Add-ClusterVirtualMachineRole cmdlet to add the 20409B-LON-PRODx virtual machine as a clustered role.
2.
On LON-PRODx, configure the Print Spooler service with Take No Action if Second failure occurs.
3.
On LON-HOSTx, use the Summary tab in the Failover Cluster Manager to confirm that currently no services are monitored in the LON-PRODx clustered role.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
6-37
4.
In the Failover Cluster Manager, in details pane, right-click 20409B-LON-PRODx, click More Actions, and then configure monitoring for the Print Spooler service that is running on LON-PRODx.
5.
Use the Summary tab in the Failover Cluster Manager to confirm that Print Spooler is now listed under Monitored Services.
6.
Use the Failover Cluster Manager to review Settings for 20409B-LON-PRODx clustered virtual machine, and confirm that Protected Network is enabled for Network Adapter.
Task 5: Move a virtual machine between failover cluster nodes 1.
On LON-HOSTx, use the Failover Cluster Manager to confirm that the LON-HAx virtual machine is running on the LON-HOSTx node.
2.
Use the Failover Cluster Manager to start live migration of LON-HAx to the LON-HOSTy node.
3.
Use the Failover Cluster Manager to confirm that Live Migration is moving LON-HAx, and that after the move, the virtual machine is running on the LON-HOSTy node.
4.
On LON-HOSTx, use the Windows PowerShell Move-ClusterVirtualMachineRole cmdlet to move the LON-HAx clustered role back to the LON-HOSTx node by using live migration.
Task 6: Destroy a failover cluster Note: Perform this task only on LON-HOST1. 1.
On LON-HOST1, remove all clustered roles for the CLUST.Adatum.com failover cluster.
2.
Use the Failover Cluster Manager and click Destroy Cluster to remove the LON-CLUST.Adatum.com failover cluster.
3.
On LON-HOST1 and LON-HOST2, delete the LON-HAx virtual machine.
Results: After completing this exercise, you should have managed a Hyper-V failover cluster.
Module Review and Takeaways Review Questions Question: What must you do if you want support from Microsoft for a Windows Server 2012 R2 failover cluster? Question: How can you configure anti-affinity for virtual machines that are running in a failover cluster?
MCT USE ONLY. STUDENT USE PROHIBITED
6-38 Implementing Failover Clustering with Hyper-V
MCT USE ONLY. STUDENT USE PROHIBITED 7-1
Module 7
Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager Contents: Module Overview
7-1
Lesson 1: Integrating System Center and Server Virtualization
7-2
Lesson 2: Overview of VMM
7-13
Lesson 3: Installing VMM
7-19
Lesson 4: Adding Hosts and Managing Host Groups
7-28
Lab: Installing and Configuring System Center 2012 R2 Virtual Machine Manager
7-41
Module Review and Takeaways
7-47
Module Overview
Microsoft provides several built-in tools, such as Hyper-V Manager, that you can use for virtual platform management. Alternatively, you can use specialized software such as Microsoft System Center 2012 R2 Virtual Machine Manager. Using Virtual Machine Manager (VMM) provides many benefits over built-in utilities, particularly in enterprise environments with many virtual host servers. This module explains how to integrate VMM into an existing virtual environment, and how to manage that virtual environment. System Center 2012 R2 VMM is the successor to System Center 2012 – Virtual Machine Manager, which is a management solution for virtual data centers. By using VMM, you can consolidate physical servers, provision new virtual machines rapidly, and perform unified management of virtual infrastructure through one console. Note: For the purpose of this course, we are referring to all instances of Microsoft System Center 2012 R2 Virtual Machine Manager as VMM.
Objectives After completing this module, you will be able to: •
Explain how to use different System Center 2012 components for managing a virtual environment.
•
Describe the key features of VMM.
•
Explain how to install VMM.
•
Add virtualization hosts to VMM, and manage virtualization hosts and host groups.
Lesson 1
Integrating System Center and Server Virtualization
MCT USE ONLY. STUDENT USE PROHIBITED
7-2 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
In addition to integrating Hyper-V with Windows Server 2012, Microsoft provides hypervisor integration into several System Center 2012 products, specifically with VMM. Understanding how the System Center 2012 products integrate is an important part of running a highly virtualized data center. In this lesson, you will learn how VMM and other System Center products work together with the hypervisor.
Lesson Objectives After completing this lesson, you will be able to: •
Provision server virtualization with VMM.
•
Manage server virtualization by using System Center 2012 R2 App Controller.
•
Monitor server virtualization by using System Center 2012 R2 Operations Manager.
•
Integrate System Center 2012 R2 Service Manager.
•
Automate tasks with System Center 2012 R2 Orchestrator.
•
Use System Center 2012 R2 Data Protection Manager to help protect a virtualized server deployment.
•
Use the Windows Azure Pack to provide self-servicing.
Provisioning Server Virtualization with VMM VMM is a management solution for creating and managing a virtualized data center. It enables you to configure and manage your virtualization host, networking, and storage resources to create and deploy virtual machines and services to private clouds. VMM provides the following features: •
Multihost and multivendor virtual machine management support. You can host your virtual machines on several hypervisors, such as Hyper-V on Windows Server 2012, Citrix XenServer, and VMware ESX servers. All hardware that these hypervisors support is also supported for VMM virtual machine placement.
•
Intelligent placement. You can use VMM resources to determine the best available host for a new virtual machine.
•
Dynamic optimization. Dynamic optimization enables you to react to alerts sent by Operations Manager so that you can move virtual machines to other hosts to maintain performance continuity.
•
Physical-to-virtual machine (P2V) conversion. You can use VMM to convert a physical machine to a virtual machine.
•
Microsoft Application Virtualization (App-V) support. You can use this feature to virtualize server applications.
•
Live migration. In VMM, you can move virtual machines to different host machines without affecting users or workloads.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-3
•
Delegated administration. You can delegate administrative tasks to users, and allow them to create and manage virtual machines on their own.
•
Cloud, infrastructure, and services management. You can manage your cloud environment and services from a single console.
•
Power optimization. VMM can optimize hosts by moving virtual machines from underused hosts, and then powering off the host machine.
Microsoft has introduced several new enhancements to VMM in the System Center 2012 R2 release. The following are available enhanced categories and improvements: •
•
•
•
Networking features include: o
Site-to-site network connections using private IP addresses
o
Cisco Network Virtualization using Generic Routing Encapsulation
o
IP Address Management (IPAM) integration, top-of-rack switch integration
o
Forwarding extensions for Hyper–V extensible switch work with Hyper–V network virtualization
Virtual machines and cloud features include: o
Differencing disks
o
Live cloning of virtual machines
o
Online .vhdx resizing
o
Enhanced support for Windows Server 2012 dynamic memory features
o
Grant permissions to users for individual clouds
o
Support for file-based virtual machine customization processes
o
Leverage of the new Hyper–V file transfer application programming interface (API) in Windows Server 2012 R2 to transfer files to guest operating systems
o
Ability to create Windows-based and Linux-based virtual machines and multiple virtual machine services, from a template gallery
o
Faster live migration and support for migration of Windows Server 2012 R2 operating systems
Storage features include: o
Virtual Fibre Channel support
o
Management of zones
o
Support for Windows Offloaded Data Transfers (ODX)
o
Shared .vhdx support
o
Provision scale-out file server clusters from bare-metal deployments
o
Integration of storage with differencing disks optimization and storage spaces files
Services features include: o
Services on Citrix XenServers
o
Allowing the script that runs on the first deployed virtual machine to differ from the script that runs on the other virtual machines in the tier
•
•
Infrastructure features include:
MCT USE ONLY. STUDENT USE PROHIBITED
7-4 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
o
Ability for automatic tasks to resume after virtual machine failover
o
Expanded computer scope for VMM update management
o
Management packs updated with new metrics for chargeback purposes based on allocation and utilization
Additional enhancements include: o
Support for Windows Server 2012 R2 and Windows 8.1 operating systems
o
Enhancements to replication and recovery
o
Addition of direct links to missing prerequisites in setup Note: By design, P2V conversion is no longer available in System Center 2012 R2 VMM.
Managing Server Virtualization by Using App Controller You can use App Controller to manage private clouds that you create with VMM, and public clouds that are running on the Windows Azure platform.
App Controller provides role-based views that administrators can customize for an application owner. This allows the application owner to manage services that are deployed into the private and public clouds. A service is an instance of an application along with its associated configuration and virtual infrastructure that is deployed to the cloud. For example, the application owner can deploy a service to the private cloud, and can scale the service in or out, depending on the owner’s requirements. Additionally, the owner can connect directly to virtual machines in the private cloud from the App Controller portal.
Benefits of App Controller System Center 2012 App Controller provides application owners with a self-service experience across VMM, and gives them a unified view that lets them manage applications and services across private clouds and Windows Azure. App Controller provides users with the ability to manage application components in the context of a holistic service. App Controller provides the self-service component of a solution by enabling application owners to: •
Configure, deploy, and manage services through a service-centric interface, while using a library of standard templates.
•
Provide self-service application management, visibility, and control across both the Microsoft cloud services and the various public cloud services (such as Windows Azure).
•
Create, manage, and move services using a web-based interface that presents a customized view of resources based on the application owner’s role in the organization, and enables them to manage services rather than servers.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
•
7-5
View virtual machines, and both private and public cloud services. Control components at each layer, track jobs, and maintain a detailed history of changes.
App Controller also enables data center administrators to delegate authority to application owners. Predefined templates ensure compliance with company IT standards and policies. Using App Controller, data center administrators can create a customized, role-based view of private and public cloud services, and a consumed and available resources view for application owners. In addition, application owners can customize all service components, including virtual machines, network resources, and load balancing.
You can also use App Controller to move applications and components within public and private cloud environments. You can copy Windows Azure configuration, package files, and .vhd files among Windows Azure subscriptions, and you can copy service templates and resources from one VMM server to another.
Managing Private Clouds
After you connect the App Controller portal to the VMM environment, the business unit clouds, virtual machines, and libraries become available through the App Controller portal. Private cloud administrators can create services and service templates from within VMM, and then deploy them to the private cloud. Business unit IT administrators can then manage and deploy these services and service templates through the App Controller portal.
App Controller also helps users manage the individual virtual machines that are running within a service. All of the typical VMM management capabilities—such as stopping, starting, mounting an ISO image, and opening a remote desktop connection—are available to the user. Because the App Controller functionality is delivered under the context of the service, the user only has access to the resources within it.
Managing Public Clouds
When connecting App Controller to a Windows Azure subscription, you can delegate subscription access to users through their Active Directory Domain Services (AD DS) credentials. This provides a common access model across the management of private and public clouds, including the services that are running in them. For example, you can manage the development of a service that is running in the Windows Azure environment while managing a production implementation of a service that is running in your private cloud environment. You can also use App Controller to move applications between private and public clouds, and copy resources such as service templates between VMM servers.
You install App Controller as a separate component. You can choose to host this service on a separate server, or you can host it together with an existing service such as VMM. In both cases, you should first ensure that your server meets the system requirements for App Controller. For better performance, you should install the App Controller server on a separate computer from the VMM management server.
MCT USE ONLY. STUDENT USE PROHIBITED
7-6 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
The following table displays some limits for App Controller. You should be aware of these limits when you plan App Controller deployment.
App Controller Limits Measure
Value
Maximum number of objects in a Windows Azure storage directory
900
Maximum number of VMM management servers
5
Maximum number of Windows Azure subscriptions per user
20
Maximum number of concurrent users
75
Maximum number of jobs that can be run in a 24-hour interval
10,000
Note: App Controller can connect only to System Center 2012 R2 VMM. The new enhancements introduced with App Controller in System Center 2012 R2 are: •
Support for System Center 2012 R2 VMM.
•
Service Provider Foundation in System Center 2012 R2.
Monitoring Server Virtualization by Using System Center Operations Manager You can use Operations Manager to monitor services, devices, and operations for many computers from a single console. Administrators can use Operations Manager to gain immediate insight into the state of the IT environment and the IT services that are running across different systems and workloads. Numerous views show state, health, performance information, and alerts generated for availability, performance, configuration, and security situations.
IT departments today are responsible for ensuring the performance and availability of critical services and applications. Therefore, IT departments need to know when there is a problem, identify where the problem is, and determine what is causing the problem. Ideally, IT does all this before the users of the applications encounter problems. The more computers and devices in the business, the more challenging this task becomes. You can use Operations Manager to monitor applications in both the private cloud and the public cloud. Additionally, you can simultaneously monitor Microsoft platforms and non-Microsoft platforms such as UNIX, Linux, and VMware. Operations Manager displays monitored objects that are not healthy. Operations Manager also sends alerts (such as a short text message or an email) when problems are identified, and provides information to help you identify the cause of a problem and possible solutions. You can also use Operations Manager to create reports or dashboards from collected data.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-7
The components for Operations Manager are organized into a management group. Most organizations have a single management group, although you can have multiple management groups. If you have multiple management groups, the alerts from one management group can roll up to another management group. This enables you to centralize monitoring for multiple management groups.
Operations Manager Agents
The most common way to monitor Windows computers or UNIX and Linux computers is by installing the Operations Manager agent. You install the Operations Manager agent on a computer to facilitate communication with the management server. After installation, the Operations Manager agent obtains its configuration from the management server. Only data that is defined by the configuration from the management server is forwarded to the management server.
Agentless Monitoring
You also can monitor Windows-based computers without installing an agent. This is referred to as agentless monitoring. The information that you collect by using agentless monitoring may be limited because some management packs do not work with agentless monitoring. Agentless monitoring also creates a high load on the management server and is not very scalable. For these reasons, agentless monitoring is generally not recommended.
Queries for agentless monitoring perform with remote procedure calls (RPCs) that are difficult to perform through firewalls. When no firewall exists between the management server and the monitored system, a management server can query the monitored system directly. If there is a firewall between the management server and the monitored system, then you must configure an agent-managed computer as a proxy agent. The proxy agent queries the monitored system, and then transfers the data to the management server. Microsoft has introduced several new enhancements to Operations Manager in the System Center 2012 R2 release. These enhancements include: •
Fabric monitoring. Fabric monitoring is the System Center cloud hybrid monitoring of physical and virtual layers for hybrid cloud environments. Other enhancements include the Fabric Health Dashboard, which generates a detailed overview of your private clouds and the fabric that services those clouds. In each cloud, the Fabric Health Dashboard displays the following information: o
Host state
o
Storage pools state, file share, and logical unit number (LUN) state
o
Network node state
o
Active alerts
o
Number of virtual machines
Fabric monitoring also includes the Fabric Monitoring Diagram view, which displays the health states of the cloud environment and the on-premises environments. •
The Microsoft Monitoring Agent. This tool now includes full functionality for the IntelliTrace Collector tool in Microsoft Visual Studio. You can also use it as a stand-alone tool for collecting application traces locally.
•
Integrating Operations Manager with the development processes. There are new alert fields in Team Foundation Server (TFS) work item IDs, and TFS work item owners.
•
Conversion of application performance monitoring (APM) for performance events to the IntelliTrace format. You can open the APM for performance events from the Visual Studio integrated development environment (IDE), if the performance event was captured during an IntelliTrace Collector historical debugging session. APM is also integrated tightly with the TFS work item synchronization management.
MCT USE ONLY. STUDENT USE PROHIBITED
7-8 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
•
Support for IPv6. You can now accept IPv6 addresses as input for network discovery in the Operations console.
•
Java application performance monitoring. You can monitor Java application performance and exception events using the Operations Manager Application Advisor console.
•
System Center Advisor. You can use this online service to analyze installations of Windows Server software.
Integrating Service Manager Service Manager is a comprehensive IT service management solution that you can use to add process-driven automation and self-service infrastructure provisioning to your private cloud infrastructure. To help organizations manage help desks, Service Manager automates help desk functions such as ticketing and change request processes. Service Manager integrates with AD DS, and with products such as System Center 2012 Configuration Manager, Operations Manager, and VMM to build a single, reconciled inventory of an organization’s assets. Service Manager provides several key benefits to organizations, including increased productivity, reduced costs, swifter problem resolution, and built-in compliance management. Built-in processes in Service Manager are based on industry best practices such as those found in Information Technology Infrastructure Library (ITIL) and the Microsoft Operation Framework.
Service Manager comes enabled with process management packs for incident and problem resolution, service request provisioning, change and release control, and configuration and knowledge management. Through its integration with other System Center components and key infrastructure services such as AD DS, Service Manager provides accurate configuration management database population and private cloud process integration. By using Service Manager, you can: •
Reduce the mean time to resolve issues through user self-service.
•
Improve private cloud efficiency through centralized management of incident, problem, and change processes.
•
Provide self-service deployment of private cloud resources through integration with other System Center 2012 components.
•
Implement compliance controls for the management of private cloud infrastructure components.
In Service Manager, you define various types of templates and workflows so that you can automate many administrative processes. As part of your initial Service Manager configuration, you must configure settings and workflows for change and activity management.
Change requests are generated typically when the IT infrastructure requires a configuration change to achieve a desired result. Change requests are also generated to support new technologies, processes, or applications. Service Manager allows you to collect and process change requests automatically by defining
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-9
workflows and activities that you should perform during the change management process. End users and administrators can create change requests. In Service Manager, you use workflows to close completed change requests automatically, and to send notifications to users when activities require approval. To maintain change requests, you create change request templates. You can use a workflow to apply these templates automatically. You generally use change request templates when users submit new change requests. The templates are particularly useful when you create a change request for a recurring type of issue. Change request templates allow you to: •
Set an issue category, then define a standard priority, effect, and risk level for it in the template.
•
Create additional templates for other types of recurring change requests.
•
Include a number of activities in one template. However, any activities that you want to include in a change request template you must have created previously as activity templates.
Additionally, by using change request templates, users spend less time submitting new change requests. This is because the request templates store commonly used settings, and then the templates apply these settings to new change requests. For example, you can create a change request template to modify the Microsoft Exchange Server infrastructure. You also can create change templates that include an activity that automatically changes a standard change priority request to Low. Note: When you create a change request template, do not create links to configuration items or work items, and do not enter any user information. If you create a template with these objects, you cannot remove them and you will have to re-create the template.
Manual activity templates help ensure that all manual activities are assigned to the person who is designated as the activity implementer. After you create the manual activity template, you need to create a workflow that applies to the template.
Service Manager 2012 R2 fully supports the Windows Server 2012 R2 and Windows 8.1 operating systems.
Automating Tasks with Orchestrator Orchestrator (formally known as Opalis), is an IT process automation solution for the private cloud. You use Orchestrator to automate the creation, monitoring, and deployment of key resources in your private cloud environment.
Private cloud administrators perform many critical daily tasks to ensure that their infrastructure is highly available and reliable. They also require the ability to reduce the time it takes to provision new infrastructure, while providing self-service capabilities to end users. Additionally, the administrators must maintain quality standards and system efficiency. Orchestrator can combine disparate tasks and procedures together by using the Runbook Designer (formerly known as Opalis Client) to create reliable, flexible, and efficient end-to-end solutions in the private cloud environment.
By using Orchestrator, you can: •
Automate processes in your private cloud, regardless of hardware or platform.
•
Automate your private cloud operations, and standardize best practices to improve operational efficiency.
•
Connect different systems from different vendors without using scripting and programming languages.
As part of the enhancements in System Center 2012 R2 Orchestrator, you can now install the Service Management Automation Web service with up to three runbook workers from the Orchestrator setup program. You can then use these runbooks as part of the Windows Azure Pack for Windows Server, or you can use the runbooks and conduct other automation tasks using Windows PowerShell cmdlets.
MCT USE ONLY. STUDENT USE PROHIBITED
7-10 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
There are also new and updated integration packs available for System Center 2012 R2 Orchestrator. System Center Integration Pack for Microsoft SharePoint Server is the new integration pack, while the updated packs are Windows Azure Integration Pack for Orchestrator, and System Center Integration Pack for System Center 2012 Virtual Machine Manager.
Using Data Protection Manager to Protect a Server Virtualization Deployment Data Protection Manager (DPM) provides diskbased and tape-based data protection and recovery for servers such as Microsoft SQL Server, Microsoft Exchange Server, Microsoft SharePoint Server, virtual servers, file servers, and support for Windows client operating systems. DPM can also centrally manage system state and bare-metal recovery. By using DPM, you can: •
Recover bare-metal servers and desktops running Windows operating systems. This allows you to recover servers and desktops quickly without first installing the operating system.
•
Back up and recover from disk or tape. Depending on the backup storage type that is available, you can decide whether you want to store it on disk or in a tape library.
•
Centrally manage the DPM servers with the DPM Administrator Console. In larger environments, managing all DPM servers from a central console is particularly beneficial.
•
Use role-based access permissions to distribute backup and restore management. You can assign permissions to users that allow them to restore the systems for which they are responsible. The benefit is that you do not grant them full permissions, so they will not be able to access data that they do not own.
•
Perform quick item-level recovery for virtual machines. To recover a specific item (such as a file), you do not need to recover the entire virtual machine. Instead, you can just recover the particular file.
The following new features and enhancements are available in System Center 2012 R2 DPM:
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-11
•
Windows Azure Backup. You can use this Windows Azure service to back up DPM data in System Center 2012 R2 to Windows Azure Backup.
•
SQL Server cluster support. You can use clustered SQL Server nodes in DPM. In System Center 2012 R2, DPM no longer has the limitation that existed in System Center 2012 - DPM and System Center 2012 SP1 DPM. This provides greater reliability, scalability, and consistency. You can also install the DPM server on the same stand-alone or clustered SQL Server that hosts the DPM database.
•
Virtualized deployment. With System Center 2012 R2, you can now deploy DPM on a virtual machine, and you can configure storage using .vhd storage pool disks that are shared in the Virtual Machine Manager library.
•
Linux virtual machine backup. DPM now allows for greater protection of Linux virtual machines beyond previous versions support. DPM also provides for backup of the Linux virtual machines. However, only file-consistent snapshots are supported for Linux backups. Windows Azure Backup does not support protection of Linux virtual machines.
Using the Windows Azure Pack for Self-Service Capabilities
Windows Azure customers can now download and run the Windows Azure Pack for Windows Server. The Windows Azure Pack is free for Windows Azure customers. The Windows Azure Pack increases your private cloud and data center capabilities with enhanced self–service, multitenant features that integrate with the public Windows Azure cloud. This means that you can use resources provided by Windows Azure (such as applications, virtual machines, and SQL Server databases), along with your private cloud resources and data centers. For example, you can replicate SQL Server databases between your data center and Windows Azure backup. This capability can add to the reliability and survivability of your data. The Windows Azure Pack lets you more easily manage this type of integration with data centers and private cloud resources. Windows Azure Pack includes the following capabilities: •
Windows Azure Management Portal. The Management Portal is a self–service portal that lets you provision, monitor, and manage services. You can customize the portal for tenants.
•
Service management application programming interface (API). This API uses a Representational state transfer (REST API that helps a range of integration scenarios from custom portals through billing systems.
•
Websites. Windows Azure Pack helps provide high density, scalable, shared web hosting platforms for Microsoft ASP.NET, PHP: Hypertext Preprocessor (PHP), and Node.js web applications. The Windows Azure Pack also has a customizable web application gallery of open source web applications, and integration for source control systems for custom developed applications and for websites.
•
Virtual machines. The Windows Azure Pack includes a virtual machine service that provides Infrastructure-as-a-Service (IaaS) capabilities for virtual machines running both Windows operating systems and Linux operating systems. This service contains a virtual machine template gallery, scaling options, and virtual networking capabilities.
•
Service Bus. The Service Bus service delivers reliable messaging services between distributed applications. This includes queued and topic-based publishing and subscription resources.
•
Automation and extensibility. The Windows Azure Pack allows you to automate and integrate additional custom services into the services framework. Custom services include a runbook editor, and an execution environment.
MCT USE ONLY. STUDENT USE PROHIBITED
7-12 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
You can install the Express option or use a distributed deployment of Windows Azure Pack. Several components make up the Windows Azure Pack for Windows Server. If you are using the Express version, all the components can go on one computer. Otherwise, you can distribute the components to up to seven separate machines. Windows Azure Pack includes the following components: •
Management portals and the service management API. The available portals include the portal for administrators and the portal for tenants.
•
Website roles: o
Web Sites Controller
o
Web Sites REST API
o
Web Workers
o
Front End
o
Publisher
o
File Server
•
SQL/MySQL. These are the database services that are included in the Windows Azure Pack.
•
Virtual machines. Two components are available for tenants to control their virtual machines: VMM, and the Service Provider Foundation.
Lesson 2
Overview of VMM
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-13
Before you begin a VMM installation, you should carefully plan the integration and deployment in an existing virtual and physical infrastructure. VMM provides several benefits for business environments and enhancements for built-in management tools. VMM consists of several components that provide various features and functionalities, and you need to plan the deployment and integration of each of these features with the current environment.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the features and functionalities of VMM.
•
Describe the purpose of fabric management.
•
Describe the features and benefits of using cloud services.
•
Describe the service life cycle management.
•
Describe the VMM architecture.
Introducing VMM VMM includes several enhancements to the previous VMM iterations, including enterprise– class performance enhancements. The latest version of VMM includes simplified provisioning and migration abilities, support for cloud services and cloud infrastructure, and enhanced ability for business units to manage their resources individually with multitenant cloud infrastructure improvements. Additionally, System Center 2012 R2 has been extended to allow further provisioning of on-premises virtual machines and resources into the Windows Azure cloud infrastructure.
Enterprise-Class Performance System Center 2012 R2 supports enterprise-class scale and performance for Windows Server-based environments. The System Center 2012 R2 version of VMM is key to enabling the virtualization and management scale. In this version of VMM, a VMM server can support up to 1,000 hosts and 25,000 virtual machines.
Another important VMM enhancement is the Dynamic VHDX resize feature, which enables you to grow a SCSI virtual disk without any downtime. VMM support for an automated Hyper-V cluster upgrades virtual machines without downtime, and reduces the time, effort, cost, and downtime required to upgrade from Windows Server 2012 to Windows Server 2012 R2. You can upgrade Hyper-V clusters automatically using the Live Migration feature with VMM.
VMM also has many new and enhanced private cloud management capabilities. VMM enables dynamically allocated memory changes in addition to snapshots of running virtual machines without downtime. Additionally, VMM includes enhanced support for deploying VMM services to Citrix XenServer
MCT USE ONLY. STUDENT USE PROHIBITED
7-14 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
and VMware ESX hosts. This allows for consistent management of Hyper-V, Citrix XenServer, and ESXbased virtual machines through the VMM console. You can treat ESX and XenServer hosts the same as any other VMM host.
Simplified Provisioning and Migration
Windows Server 2012 includes improved File and Storage Services, including Storage Spaces. This means that you can use industry-standard storage that you can manage entirely with server software. You can also use industry-standard servers as opposed to specialty hardware technologies for your more expensive infrastructure, for storage, and for disaster recovery. Industry-standard server technologies have advanced to the same level as specialty hardware technologies, and offers similar performance and capabilities at a reduced price. Using System Center 2012 R2 VMM, you can support large, company-wide storage technology infrastructure such as a bare-metal provisioning of scaled out Windows file server clusters, physical disk discovery, and virtualized storage pools creation. Another new VMM feature is simplification of cross-data center disaster recovery for virtual machinebased infrastructure services. This is achieved by providing the private cloud abstraction layer in the source and destination data centers.
Multitenant Cloud Infrastructure
Many organizations want to enhance their data center infrastructure to include increased efficiency, and have the ability to scale resources quickly. Additionally, organizations want the ability to provide multitenancy with increased IP flexibility, chargeback, and infrastructure standardization. VMM provides greater support for multitenant environments through support for virtual networks. Using VMM, you also now have the ability to combine multiple instances of VMM infrastructures with the sender policy framework (SPF) API. Additionally, the latest VMM version strengthens Microsoft software-defined network solutions by allowing you to add multitenant edge gateways to bridge your organization’s physical and virtual data centers. This enables you to combine private cloud elements with certain elements in the public cloud, resulting in better hybrid cloud integration while enhancing mobility and delivering flexible workloads. VMM also provides for multitenant enhanced chargeback with greater granular infrastructure metering, and the ability to analyze various business and operational metrics.
Provisioning Windows Azure Infrastructure
VMM is well integrated into the other System Center 2012 R2 products. Combined with those products, VMM offers a unified set of tools to help you provision and manage virtual machines both on-premises and in Windows Azure environments. This includes workload portability without requiring format conversion. By using App Controller, you can migrate on-premises VMM virtual machines into Windows Azure virtual machines, and then manage those virtual machines from within the App Controller console.
Fabric Management In VMM 2012 R2, fabric is the infrastructure and services that you use to manage and deploy hosts, and that you use to create and deploy virtual machines and services to both the data center and the private cloud. This includes: •
Host groups
•
Networking
•
Storage elements
•
Pre-Boot Execution Environment (PXE)
•
Windows Server Update Services (WSUS) servers
•
Virtual Machine Manager libraries
•
VMware ESX and Citrix XenServer servers
The main benefits of using the fabric are:
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-15
•
Aggregate private cloud resources. The goal of the fabric is to aggregate private cloud resources in meaningful ways that enable you to deploy these resources more easily and comprehensively. The fabric is a logical manifestation of the networks, storage, and services that will be available as resources in your cloud environment.
•
Abstract your networking resources. The fabric combines logical networks with Hyper V virtual networks to define IP address assignments and route traffic, and set up static addresses for host servers. The VMM fabric can supply IP addresses by using combinations of IP ranges, media access control (MAC) address pools, and virtual IP templates. The VMM fabric also provides IP load balancer support.
•
Storage. VMM uses the Microsoft Storage Management Service extensively to create this storage aspect of the fabric. You can automate storage assignments across your public or private cloud, providing the storage device is supported through the Storage Management Initiative Specification (SMI-S). Additionally, if you are using Windows Server 2012 R2 with the File Server role and the Internet small computer system interface (iSCSI) Target Server role enabled, you can attach storage, create storage pools, create discs and volumes, and create iSCSI disks and targets, which you can then add into your fabric storage.
•
Management. The VMM console has a workspace devoted to the fabric that lets you manage the overall fabric that makes up all of these resources mentioned in this list. In System Center 2012 R2 VMM, the fabric workspace has an additional element entitled Infrastructure. Your VMM management servers, PXE servers, VMware servers, and library servers are now located in this Infrastructure.
What Is Cloud Computing? Cloud computing is the latest technological evolution in virtual computing technology. Cloud computing extends virtualization concepts to make them even more elastic. Cloud computing increases the accessibility of public and private clouds to business unit IT teams, and increases their accountability through features such as the cost center-based chargeback model for billing.
MCT USE ONLY. STUDENT USE PROHIBITED
7-16 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
The National Institute of Standards and Technology (NIST) defines cloud computing as a model for enabling highly available, convenient, on-demand network access to a shared pool of configurable computing resources. Using cloud computing, you can rapidly provision and release computing resources, with minimal management effort or service provider interaction. Cloud computing resources can include networks, servers, storage, applications, and services. Cloud computing makes maximum use of the resources that are available in a data center. For example, an application owner can deploy a developed application to the private cloud infrastructure and the infrastructure will dynamically adjust resources for the application, scale the application, and enable the application to migrate across servers based on best resource match. The benefits of cloud computing include: •
Virtualized data center. Cloud computing provides methods to access computing services that are independent of both your physical location, and the hardware that you use to access it. With cloud computing, you no longer need to store data or applications on your local computer. The data center remains a key element when adopting cloud computing; however, cloud computing emphasizes virtualization technologies that focus on delivering applications rather than supporting the data center infrastructure.
•
Reduced operational costs. Cloud computing helps mitigate issues such as low system use, inconsistent availability, and high operational costs by providing pooled resources, elasticity, and virtualization technology.
•
Server consolidation. Cloud computing allows you to host multiple virtual machines on a virtualization host, which enables you to consolidate servers across a data center.
•
Improved resilience and agility. With products such as System Center 2012, cloud computing can reduce costs and improve efficiency.
There are two main types of clouds: the public cloud, and the private cloud: •
Public cloud. A public cloud is cloud services infrastructure that is made available to the public or a large industry group, and is owned by an organization (or service provider) that sells cloud services. The company that purchases the space on the public cloud, known as the tenant, shares cloud resources with other organizations. The public cloud exists only off-premises.
•
Private cloud. A private cloud infrastructure is dedicated to one organization only. The cloud infrastructure that an organization uses can exist either on-premises or off-premises. A private cloud may be managed by the organization itself, or by an outside company.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-17
The key difference between a public cloud and a private cloud is the workloads that are running on the infrastructure: •
With public cloud services, the tenant organization has less management overhead than organizations that use private clouds. This also means, however, that control of the infrastructure and services is reduced greatly, because the service provider manages the infrastructure and services for the tenant organization. In addition, the public cloud hosts the infrastructure and services for multiple organizations (multitenant), which introduces security implications that you need to review.
•
Private clouds are owned by their respective organizations. The cloud infrastructure is managed and maintained in the organization’s data center. One of the key benefits of this is that the organization has complete control over the cloud infrastructure and services that it provides. However, the organization also has the management overhead and costs that are associated with this model.
A hybrid cloud is a cloud infrastructure that combines certain elements from both a public cloud and a private cloud. For example, you could use Windows Azure virtual machines in your private cloud.
Service Life-Cycle Management When planning your private cloud infrastructure, you must know which services are suitable for cloud computing, and how you will manage them. For example, some of your business-critical applications might not be suitable for the private cloud because of security or budget constraints. A service can be an application, process, function, or it can be data. When you implement service management process automation for your organization, you should have a standardized and well-defined process for requesting and managing private cloud services. Many elements make up a successful private cloud service, including: •
Groups of machines that work together
•
Machine definitions as well as applications
•
Supported application types such as: o
Web Apps (MSDeploy)
o
Virtual apps (App-V)
o
Database Apps (SQL DAC)
Implementing and integrating the various private cloud service elements is a complicated process. System Center 2012 provides you with the necessary tools and services to help you with this process. To implement your custom-designed service management processes, you can automate the specific System Center 2012 components to interact with each other. For example, you can configure Service Manager so that it initiates a workflow that starts an Orchestrator runbook that interacts with VMM automatically.
You can combine your services into VMM service templates. This allows you to add virtual machine templates, network configurations, applications, and storage into a single element. For example, suppose you want to deploy a new virtual machine based on characteristics of an existing virtual machine. While could clone the existing virtual machine, the cloning process can take several minutes before you can
MCT USE ONLY. STUDENT USE PROHIBITED
7-18 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
deploy it, and a sysprep process typically takes up more time. Instead, you can create a service template that has that type of virtual machine with its various resources already assigned, and then deploy the service template to create quickly a virtual machine based on the template.
Typically, providing for service management is a recurring cycle, which is known as service life cycle management. You can begin service life cycle management by creating the appropriate service template. You can then use the template to customize a particular virtual machine or application deployment, and then deploy that service template. If you need to update that service, you can create a new service template that incorporates those updates. When you create a new service template with the updates, you will have completed one full life cycle for the initial template. After this point, you would then customize the deployment, and then deploy the service.
VMM Architecture VMM is a System Center 2012 component that offers a management solution for a virtualized data center. You can use VMM to create and deploy virtual machines and services to private clouds by configuring and managing your virtualization host, networking, and storage resources. By using VMM, you can discover, capture, and aggregate information about the virtualization infrastructure and enable automatic management of policies and processes. In the private cloud infrastructure, VMM helps transition enterprise IT from an infrastructure-focused deployment model into a service-oriented, user-centric environment. VMM architecture consists of several different, interrelated components, including: •
VMM management server. The VMM management server is the computer on which the VMM service runs. The VMM management server processes commands and controls communications with the database, the library server, and the virtual machine hosts. The VMM management server is the hub of a VMM deployment through which all other VMM components interact and communicate. The VMM management server also connects to a SQL Server database that stores all VMM configuration information.
•
Database. VMM uses a SQL Server database to store the information that you view in the VMM management console. This information includes managed virtual machines, virtual machine hosts, virtual machine libraries, jobs, and other virtual machine-related data.
•
Management console. The management console is a program that you use to connect to a VMM management server. Through the management console, you can view and manage physical and virtual resources, including virtual machine hosts, virtual machines, services, and library resources.
•
Library. A library is a catalog of resources such as virtual hard disks, templates, and profiles, which are used to deploy virtual machines and services. A library server also hosts shared folders that store filebased resources. The VMM management server is always the default library server, but you can add additional library servers later.
•
Command shell. Windows PowerShell is the command-line interface in which you use cmdlets to perform all available VMM functions. The VMM console is built by using Windows PowerShell. You can use VMM–specific cmdlets to manage all the actions in a VMM environment.
Lesson 3
Installing VMM Installing the VMM server and VMM console is a key process in establishing the VMM infrastructure. You should perform installation procedures for these components based on prior planning.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-19
Before starting to install the VMM server and VMM console, consider the potential issues and requirements. After completing installation, you will need to perform several post-installation tasks, such as adding physical hosts, creating and deploying host groups, and ensuring that the configuration is set appropriately for your organization’s goals.
Lesson Objectives After completing this lesson, you will be able to: •
Determine the required topology for a VMM deployment.
•
Identify the system requirements for installing VMM.
•
Describe the considerations for implementing a highly available VMM management server.
•
Describe the requirements for installing VMM.
•
Explain how to install a VMM management server and a VMM console.
Determining Topology for a VMM Deployment VMM deployment topology varies according to each customer’s needs. Major design factors include defining administrative boundaries, and placing the components in a network segment, site, or geographical zone with sufficient bandwidth. When you plan a VMM deployment, you should consider the following factors: •
Number of hosts
•
Number of branch sites with hosts
•
Security, administrative groups, and selfservice options that you require
•
Availability and recovery time that each of the components require
The number of hosts determines the physical or virtual resources that each component server in the VMM deployment requires. In System Center 2012 SP1 VMM, the scale of a VMM management server has the capacity to manage 1,000 hosts and 25,000 virtual machines. However, the demand on a single management server would suggest that you should use multiple VMM instances. You can use App Controller with five VMM instances. Therefore, in theory, you could manage resources of over 125,000 virtual machines. If your deployment has thousands of hosts, you should consider contacting your regional Microsoft office for guidance on a personalized deployment to fit your environment. The number of branch sites with hosts and the wide area network (WAN) links capabilities between the branches and the VMM management server determines if you should have a single VMM deployment with multiple Virtual Machine Manager library servers or individual VMM deployments at each branch.
MCT USE ONLY. STUDENT USE PROHIBITED
7-20 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
VMM offers delegated administration and self-service. You can use App Controller, Service Manager, or your own customized portals to provide self-service to your users. When you determine what type of VMM deployment is appropriate for your environment, you can then plan a self-service deployment that is appropriate for the design. For example, App Controller can span five VMM deployments. However, your security requirements may require you to have an App Controller deployment for each VMM deployment.
The availability and recovery time for VMM components is also important when determining the topology for your VMM deployment. VMM is a cluster-aware application that you can configure to be highly available. SQL Server is cluster-aware, and you can install the Virtual Machine Manager library server on a Microsoft file server cluster, but not on the same cluster that hosts a clustered VMM instance. DPM can back up your VMM components and if required, you can locate DPM at a remote site and use it to restore one or more offsite components.
For the latest information on deployment scenarios, and for the individual component hardware and software prerequisites for the most current service pack, review the information provided on the Microsoft TechNet website. If you are deploying VMM, you should consider that: •
The VMM database no longer supports SQL Express. Therefore, you must move your database to a supported version of SQL Server.
•
A Windows Deployment Services (Windows DS) server is required for bare-metal deployment of Hyper-V hosts. A bare-metal deployment refers to deploying a host on a computer that does not have an operating system.
•
At least one library server is necessary, but you should consider at least one library for each site that you will separate with a low-speed WAN link.
•
You should use WSUS or Configuration Manager for update management.
•
App Controller has replaced the self-service portal. There is no longer an upgrade path from existing self-service portals to App Controller.
•
Operations Manager is required to use VMM reporting, and to leverage Performance and Resource Optimization (PRO) tips.
•
Managing VMware ESX and VMware ESXi hosts requires that you integrate VMware vSphere. If you need more than the maximum number of hosts for business or network reasons, you must have multiple VMM servers. You can use App Controller to view resources for up to five VMM servers.
Consider which VMM services you will use in your topology and review the associated ports that VMM uses to communicate between its components. Ensure that firewalls are not blocking ports, and determine whether the component coexists with another application that these ports review. If you need to amend a default port, make sure that you update the associated firewall rules.
The following table lists some default ports that you can change during the VMM installation. Port
Description
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-21
8100
Provides communication with the VMM console
5985
Provides communication with agents on hosts and on library servers
443
Enables file transfers to agents on hosts and on library servers
8102
Provides communication with Windows DS
8101
Provides communication with Windows Preinstallation Environment (Windows PE) agents
8103
Provides communication with the Windows PE agent for time synchronization
VMM System Requirements Before you can deploy a System Center 2012 VMM solution, you need to ensure that your system meets a number of prerequisites. Although Microsoft provides both the minimum and recommended requirements for VMM, the requirements that work best for you might vary depending on your organization’s operations, budget, schedule, time requirements, and other factors. In addition, remember that System Center 2012 R2 VMM has additional requirements, which will be covered in a later topic.
System Requirements for a VMM Management Server The following table describes the hardware requirements for managing up to 150 hosts on a VMM Management server. Hardware component
Minimum
Recommended
Processor
Pentium 4, 2 gigahertz (GHz) (x64)
Dual-processor, 2.8 GHz (x64) or greater
Random access memory (RAM)
2 gigabyte (GB)
4 GB
Hard disk space (without a local VMM database)
2 GB
40 GB
Hard disk space (with a local, full version of SQL Server)
80 GB
150 GB
The following table describes hardware requirements for managing more than 150 hosts. Hardware component
Minimum
Recommended
MCT USE ONLY. STUDENT USE PROHIBITED
7-22 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
Processor
Pentium 4, 2 GHz (x64)
Dual-processor, 3.6 GHz (x64) or greater
RAM
4 GB
8 GB
Hard disk space
10 GB
50 GB
If you are managing more than 150 hosts, you can enhance performance by separating the VMM components. For example, rather than using the default library share on the same server as the VMM server, you can deploy a separate library server. Conversely, you can use a VMM database on a dedicated computer that is running SQL Server. The following table describes the software requirements for installing the VMM management server. Software requirement
Notes
A supported operating system
Windows Server 2012 Standard or Windows Server 2012 Datacenter operating system (full installation)
Windows Remote Management service
Windows Remote Management is included in Windows Server 2012. By default, Windows Remote Management (formerly known as WSManagement) is set to start automatically. If the Windows Remote Management is not yet started, setup will display an error during the prerequisites check. You must start the service before setup can continue.
Microsoft .NET Framework 4 or newer
System Center 2012 SP1 requires .NET Framework 4 or newer, which Windows Server 2012 includes.
Windows Assessment and Deployment Kit (Windows ADK) for Windows 8
Windows ADK is available from the Microsoft Download Center.
Windows Assessment and Deployment Kit (ADK) for Windows® 8 http://go.microsoft.com/fwlink/?LinkID=386730 When you install the Windows ADK, select the Deployment Tools and the Windows Preinstallation Environment features.
System Requirements for VMM Consoles The following table describes the hardware requirements for managing up to 150 hosts. Hardware component
Minimum
Recommended
Processor
Pentium 4, 550 megahertz (MHz)
Pentium 4, 1 GHz or greater
RAM
512 megabytes (MB)
1 GB
Hard disk space
512 MB
2 GB
The following table describes the hardware requirements for managing more than 150 hosts. Hardware component
Minimum
Recommended
Processor
Pentium 4, 1 GHz
Pentium 4, 2 GHz or greater
RAM
1 GB
2 GB
Hard disk space
512 MB
4 GB
The following table describes the software requirements for installing the VMM console. Software requirement
Notes
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-23
A supported operating system
See the approved operating systems in the next table
Windows PowerShell 2.0 or Windows PowerShell 3.0
Windows PowerShell 2.0 is included in Windows Server 2008 R2 and Windows 7. Windows PowerShell 3.0 is included in Windows Server 2012.
At least .NET Framework 4
On a computer that is running Windows 7, .NET Framework 3.5 with SP1 is installed by default. On a computer that is running Windows Server 2008 R2, .NET Framework 3.5 with SP1 is not installed by default. However, you can use the VMM Setup Wizard to install the feature. On a computer that is running Windows 8 or Windows Server 2012, .NET Framework 4 is included. .NET Framework 4.5 is available at the Microsoft Visual Studio 2012 download page at http://go.microsoft.com/fwlink/p/?linkId=285269.
The following table lists the supported operating systems on which you can install the Virtual Machine Manager console. Operating system
Edition
System architecture
Windows Server 2008 R2 SP1 (full installation)
Standard, Enterprise, and Datacenter
x64
Windows 7 SP1
Professional, Enterprise, and Ultimate
x86 and x64
Windows Server 2012 and Windows Server 2012 R2
Standard and Datacenter
x64
Windows 8 and 8.1 Client
Standard, Pro, and Enterprise
x86 and x64
You can deploy the VMM console on the same server as the VMM management server, or on another server or workstation that is running a supported operating system. To enable integration with App Controller and Operations Manager, you must first install the VMM console on the other servers that are running System Center 2012. You can integrate VMM with Orchestrator, and you optionally can install the console on the same server as the Runbook Designer.
Virtual Machine Manager Self-Service Portal System Center 2012 SP1 and System Center 2012 R2 do not include the optional Virtual Machine Manager Self-Service Portal. App Controller is now the web component for self-service. (In Module 12, you will learn more about App Controller planning and deployment.) Note: It is not possible to upgrade the Virtual Machine Manager Self-Service Portal to App Controller.
VMM and SQL Server Database
MCT USE ONLY. STUDENT USE PROHIBITED
7-24 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
Prior to System Center 2012 VMM, the SQL Server Express edition was an option during the installation. However, currently only full versions of SQL Server are supported with VMM. Note: If you are upgrading from an earlier version of VMM and you use an unsupported version of SQL Server, first you will need to move the database. To move the VMM database, you must back up the VMM database, copy it to the computer that is running a supported version of SQL Server, and then restore the database. When you are planning the design and placement of your VMM database, you should consider availability. If you need to install the VMM server as a highly available clustered application, you also should plan availability for the SQL Server that is hosting the database.
The VMM database can reside on a SQL Server along with other application databases. For example, in smaller deployments, you could consider hosting the App Controller database and the VMM database on the same SQL Server. When planning to host multiple application databases, review the prerequisites for each application. The VMM database either must be in the same domain as the VMM server, or a two-way trust must be in place. The SQL Server database server name may not be longer than 15 characters, and must not be case sensitive.
VMM Database Requirements The following table lists the SQL Server versions that are supported for use with VMM 2012 SP1. SQL Server edition
Service pack
Editions
SQL Server 2008 R2 (64-bit)
SP1 or Service Pack 2 (SP2)
Standard, Enterprise, and Datacenter
SQL Server 2012 Enterprise, SQL Server 2012 Standard (64-bit)
SP1
All
Considerations for a Highly Available VMM Management Server The VMM management server runs the VMM service, which processes all commands and manages all communication between the VMM database, the library servers, and the virtual machine hosts. The VMM server is cluster-aware, and you can deploy it as highly available if your virtualization environment is large.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-25
When you are deploying a highly available VMM management server, ensure that you have created a domain account for the VMM service. This account has to have local administrator rights on every computer where you install the VMM management server, console, or agent. For security purposes, it is important to use only the VMM service account for its specifically designated purpose. For example, if you remove the VMM service accounts from the VMM management server, the VMM service account is also removed from the local administrators group. You should also be aware that after you install the VMM management server you cannot change the identity of the VMM service account or move it from a local system account to a domain account. To move it or change its identity, you would have to uninstall VMM, and then reinstall it. You can however, retain the VMM database and reattach it upon the reinstallation. When communicating to multiple VMM components in a highly available environment, you must use distributed key management to store encryption keys in AD DS so that you do not encounter encryption errors. Encrypted data is stored locally in the VMM database using the Windows Data Protection API by default. If you need to move your VMM management server, this encrypted data will not be copied over. However, if you use distributed key management and store the keys in AD DS, this encryption data will be accessible even if you move the VMM management server. Note that before you install VMM, you must prepare AD DS to store encryption keys. You must create a container in AD DS with a Lightweight Directory Access Protocol (LDAP) distinguished name. The user account installing VMM must have Full Control access to this container, to the This object container, and all descended objects of the container. Whenever possible, try to use a highly available installation of SQL Server that is installed on a separate failover cluster from the failover cluster on which you are installing the VMM management server.
When you are planning a VMM deployment, keep in mind that App Controller can connect to multiple VMM management servers. This can be useful when you deploy multiple management servers, as it enables you to reduce traffic between branch office hosts and a centralized management server. Note: If you deploy a highly available (clustered) management server, keep in mind that you cannot install the Virtual Machine Manager library share as a clustered share on the same server on which the management servers reside. Note: When you are naming the VMM management server, the computer name cannot contain the character string SCVMM. For example, you cannot name the server ADATUMSCVMM-01, but you can name it ADATUMSCVMMM01.
Requirements for Installing System Center 2012 R2 VMM The additional requirements for installing System Center 2012 R2 VMM focus on the operating systems on which the various server components can run, and what SQL Server version can store the database. The following table lists the operating system requirements for VMM.
System Center 2012 R2 serverside component
Windows Server 2008 R2
Windows Server 2008 R2 with SP1
VMM management server
Windows Server 2012 Standard, Windows Server 2012 Datacenter
Windows Server 2012 Datacenter, Windows Server 2012 R2 Preview, and Windows Server 2012 R2 Standard
VMM PXE server
VMM update server
Virtual Machine Manager library
VMM virtual machine hosts
The following table lists the SQL Server requirements for VMM. System Center 2012 R2 component VMM database server
SQL Server 2008 R2 SP1 Standard, SQL Server 2008 Datacenter
SQL Server 2008 R2 SP2 Standard, Datacenter
SQL Server 2012 Enterprise, Standard (64-bit)
MCT USE ONLY. STUDENT USE PROHIBITED
7-26 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
SQL Server 2012 SP1 Enterprise, Standard (64-bit)
Some System Center 2012 R2 components such as the DPM management server, the Operations Manager management server, the Service Manager management server, and the Service Manager data warehouse management server do not work correctly if they are combined on the same server. Other components including App Controller, Orchestrator, and VMM can run together on the same computer without issues. Keep this in mind when deploying VMM and other System Center 2012 R2 components.
Demonstration: Installing the VMM Management Server and VMM Console
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-27
In this demonstration, you will see how to install the VMM management server and the VMM console.
Demonstration Steps 1.
Sign in to LON-VMM1 as Adatum\administrator with a password of Pa$$w0rd.
2.
Check the VMM management server prerequisites by examining the Local Server page in Server Manager on LON-VMM1. Review the locations to get this information.
3.
Sign in to the SQL Server Management Studio and review where to find SQL Server version information.
4.
Navigate to the CD ROM drive, and then run the setup.exe file, which will open the Microsoft System Center 2012 R2 Installation splash screen.
5.
In the Microsoft System Center 2012 Virtual Machine Setup Wizard, install VMM, and configure the options as follows: o
o
Select features to install:
VMM management server
VMM console
Product registration information page:
Name: Administrator
Organization: A. Datum, Inc.
Product key: Leave blank
o
On the Customer Experience Improvement Program (CEIP) page, click No, I am not willing to participate.
o
On the Microsoft Update page, click Off.
o
On the Installation location page, accept the default settings.
o
On the Database configuration page, use the following settings:
o
Server name: accept default
Instance name: MSSQLSERVER
Database name: VirtualManagerDB
On the Configure service account and distributed key management page, use the following settings:
User name and domain: ADATUM\SCService
Password: Pa$$w0rd
o
On the Port configuration page, accept the default settings.
o
On the Library configuration page, set the shared folder location to C:\ProgramData \Virtual Machine Manager Library Files, and set the Share name to MSSCVMMLibrary.
6.
After the installation finishes, close the splash screen and launch the VMM console.
7.
On the Connect to page, accept the default settings.
8.
Close the VMM console, and sign out of LON-VMM1.
Lesson 4
Adding Hosts and Managing Host Groups
MCT USE ONLY. STUDENT USE PROHIBITED
7-28 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
Using a Hyper-V server to manage multiple virtual machines offers several advantages. The Hyper-V Manager console becomes the single, central location to conduct all virtual machine configuration and management. You can then add the Hyper-V host to VMM along with other hosts, and create host groups to further centralize your administrative and management oversight. You can then add selected hosts to these groups. When you need to manage several hosts (but not all) in a particular manner, you can set distinct properties for host groups, which simultaneously configures all the hosts belonging to that host group.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the VMM console.
•
Describe the considerations for adding Hyper-V virtualization resources.
•
Explain how to add Citrix XenServer and VMware vSphere virtualization resources.
•
Explain how to add a Hyper-V virtualization host to VMM.
•
Describe the purpose and functionality of host groups.
•
Explain how to manage host groups.
•
Deploy Hyper-V hosts to bare-metal computers.
Demonstration: Using the VMM Console In this demonstration, you will see how to use the VMM console.
Demonstration Steps 1.
Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.
2.
On the desktop, open the Connect to Server page, and review the parameters on the page. Note the example of testing out User Role assignments.
3.
On the desktop, connect to the Virtual Machine Manager console.
4.
The Virtual Machine Manager console opens. Note that the Virtual Machine Manager console always comes up at node it was in when you last closed it. The main areas of the console are as follows:
5.
o
Lower left, Workspace. There are five main workspaces: VMs and Services, Fabric, Library, Jobs, and Settings. Review each main workspace.
o
Named workspace Console tree: Review the various named console trees,
o
Details panes: Review the details panes, and what is included in them, depending on the workspace item selected.
o
Ribbon. Note that System Center 2012 products all have a ribbon at the top of their respective consoles. Note how the tabs and items on the ribbon change depending on what workspace item has been selected.
In the Library workspace, on the ribbon, click the Create Service Template item on the ribbon. This lets you create a new service template. Note the View Script button, and see how it brings up Notepad with Windows PowerShell cmdlets that can be used to create the same item that the user
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-29
interface can create. These cmdlets can be saved as a Windows PowerShell script and is a very useful tool. Notice that the Create items in the Virtual Machine Manager console will have a View Script button. 6.
In the Settings workspace, select the Run As Accounts item.
7.
Close the Virtual Machine Manager console, and sign of off LON-VMM1.
Considerations for Adding Hyper-V Virtualization Resources For VMM to manage a Hyper-V virtualization host, you must deploy the VMM software to the host by using the Add hosts function in the VMM console. In the case of a host in a perimeter network, you deploy the agent software manually, and then add the host in the VMM console. To deploy a Hyper-V host in a trusted domain: 1.
Open the Virtual Machine Manager console, click the VMs and Services workspace, from the ribbon click Add Resources, and then click Hyper-V Hosts and Clusters.
2.
On the Resource location page, click Windows Server computers in a trusted Active Directory domain, and then click Next.
3.
On the Credentials page, choose to either use a Run As account (an account already configured with domain privileges) or manually enter credentials of an account with privileges to install the agent on the host server, and then click Next.
4.
On the Discovery Scope page, you can either specify computer names by entering them on separate lines in the Computer name text box, or you can click Specify an Active Directory query to search for Windows Server computers, type a query, and then click Next.
5.
On the Target resources page, you can click each host or click Select all, and then click Next. A dialog box will prompt you that you are about to enable the Hyper-V role on any servers as part of the process. If you choose to enable the role, the servers will reboot during the process. You can click OK to close the dialog box.
6.
On the Host settings page, you can assign the host or hosts to a Host group. A later section of this module details host groups. Additionally, if you have multiple VMM servers, and another VMM environment currently is managing your host, you can reassociate the host with this environment by clicking Reassociate. You also can assign default placement paths, which is the location in which the Windows operating system will store new or migrated Hyper-V virtual machine files. Additionally, you can assign these paths after you add the host, and then click Next.
7.
On the Summary page, confirm the settings, and then click OK.
8.
In the Jobs window, you can review the progress of the agent deployments.
When you add a host in a perimeter network, you install the agent from the VMM installation media, which will prompt you to generate an encryption key file and assign a password. You must remember the password, and as a best practice, you should copy the generated file to somewhere secure on the VMM server so that you can access it. When adding a host, on the Target resources page, you enter the password in the Encryption key text box, and then provide the location of the encryption key file.
Note: By default, the VMM management server uses port 5986 for agent communication with hosts in a perimeter network, and port 443 for file transfers.
MCT USE ONLY. STUDENT USE PROHIBITED
7-30 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
The DHCPv4 Server Switch Extension is a new feature in System Center 2012 R2 VMM. You can use this extension to assign custom addresses through Dynamic Host Configuration Protocol (DHCP) or you can continue to use static IP addresses as was previously required. When you create IP address pools for a virtual machine subnet, the pool is enabled automatically to provide IP addresses by either mechanism. For DHCP to work correctly, the new DHCPv4 server switch extension is required on all Windows Server 2012 Hyper-V hosts. For Hyper-V hosts running Windows 2012 or Windows Server 2012 R2, VMM offers support for online resizing of .vhdx disks while the disks are in use. This supports the Hyper-V online resizing feature.
Adding Citrix XenServer and VMware vSphere Virtualization Resources You also can use VMM to manage VMware ESX and VMware ESXi hosts, and to manage Citrix XenServer hosts. The steps for adding other vendor hosts are similar to the steps for Hyper-V hosts provided your environment meets the prerequisites for adding each type. Before you can add a VMware host to VMM, you must have a VMware vCenter server, and configure VMM to connect to it. Before you can add a Citrix XenServer host, you need to add the Citrix XenServer - Microsoft System Center Integration Pack to the host. When VMM manages Citrix XenServer hosts, the features in the following table are supported. Feature
Details
Adding Citrix XenServer hosts and pools
You can add stand-alone Citrix XenServer hosts and clusters or pools to the VMM management server. You must install and configure Citrix XenServer before you add the hosts. You must create and configure the Citrix XenServer pools in Citrix XenCenter.
Conversion
Use the P2V conversion process to convert a Citrix XenServer–based virtual machine to a Hyper-V virtual machine. The Citrix Tools for Virtual Machines can remain on the virtual machine. However, VMM 2012 only supports Citrix XenServer virtual machines that are running Windows guest operating systems.
Dynamic optimization and power optimization
The Dynamic Optimization feature is available for Citrix XenServer hosts in VMM. You can use the Live Migration feature to load-balance virtual machines on Citrix XenServer host clusters. You can turn Citrix XenServer hosts on and off with the Power Optimization feature.
Library
You can use VMM to organize and store Citrix XenServer virtual machines, templates, and virtual hard disk files in the Virtual Machine Manager library. When storing Citrix XenServer .vhd and .vhdx files in the Virtual Machine Manager library, open the file’s properties, and on the General page, change the Virtualization platform to Citrix XenServer server.
Feature
Details
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-31
Maintenance mode
You can move Citrix XenServer hosts in and out of maintenance mode from the Virtual Machine Manager console.
Migration
VMM 2012 supports the following VMware transfer types: o Live migration between hosts in a managed pool using Citrix XenMotion. o
LAN Migration between a Citrix XenServer host in the library using Background Intelligent Transfer Service (BITS).
Use TransferVM for each virtual hard disk. Networking
The new VMM network management features are supported on Citrix XenServer hosts. Use Citrix XenServer XenCenter to create external virtual networks. VMM will recognize and use any existing external networks from Citrix XenServer. You should be aware that: a single virtual switch represents all Citrix XenServer switches with different virtual local area network (VLAN) IDs bound to a single physical network adapter.
PRO
You can monitor and provide alerts for Citrix XenServer hosts by integrating Operations Manager with PRO.
Placement
When you create Citrix XenServer virtual machines, VMM uses virtual machine placement on host ratings in the same manner as it does for Hyper-V virtual machines.
Private clouds
Citrix XenServer host resources can be used by private clouds simply by creating a private cloud from host groups wherever Citrix XenServer hosts reside. You can configure quotas, and apply self-service user roles to these clouds without distinction between the different host types.
Services
You can deploy VMM services to Citrix XenServer hosts.
Storage
VMM 2012 supports several Citrix XenServer storage repositories, as follows: o Software iSCSI, network file system (NFS) virtual hard disks, hardwarebased host bus adapters, and Citrix StorageLink technology o
ISO repositories on an NFS where Windows File Sharing/Common Internet File System (CIFS) share with these conditions:
ISO images deployed from the Virtual Machine Manager library to the Citrix XenServer host must have their permissions set on the ISO repository to Read /Write. ISO images can only be attached from the Virtual Machine Manager library. o
Shared and local storage
Note: New VMM storage automation features are not supported for Citrix XenServer hosts.
Feature Virtual machine management
Details Paravirtual and hardware-assisted virtualization virtual machines are supported in VMM with the following conditions: o Hardware-assisted virtualization virtual machines can only run Windows-based operating systems.
MCT USE ONLY. STUDENT USE PROHIBITED
7-32 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
o
Creating new virtual machines with the VMM console only creates hardware-assisted virtualization virtual machines.
o
To create virtual machines with paravirtual properties, you first must clone a virtual machine with paravirtual properties to the library, and then you can deploy the virtual machine. You cannot create virtual machines with paravirtual properties by using the New Virtual Machine Wizard from any existing hard disk.
Similar to any other virtual machine, you can start, stop, save state, pause, and shut down Citrix XenServer host-based virtual machines from the VMM console. VMM templates
You can create Citrix XenServer templates with the following restrictions: o Generalization and customization can occur on Windows-based virtual machines only. o
You must install Citrix Tools for Virtual Machines manually.
o
VMM virtual machine templates created from Citrix XenServer virtual machines cannot have any associated disk images modified. You can modify all other properties.
XenServer templates
VMM does not use Citrix XenServer templates. However, you can, use Citrix XenCenter to create a virtual machine, and then make a VMM template from that virtual machine.
VMM command shell
The VMM command shell features work across all hypervisors.
The following features are supported when VMM manages VMware ESX hosts through vCenter Server. Feature
Details
Conversion
This describes the virtual–to-virtual (V2V) machine conversion process to convert a VMware-based virtual machine to a Hyper-V virtual machine. You cannot perform a V2V conversion if the virtual hard disk is on an IDE bus.
Dynamic Optimization & Power Optimization
The Dynamic Optimization feature is available for VMware ESX hosts in VMM 2012. You can use the Live Migration feature to load-balance virtual machines on VMware ESX host clusters. You can turn VMware ESX hosts on and off with Power Optimization.
Library
You can use VMM to organize and store VMware virtual machines, VMware templates, and .vmdk hard disk files in the Virtual Machine Manager library. You should be aware that VMM does not support older .vmdk file types. The only types that are supported are those .vmdk files that are stored as VMware’s Virtual Machine File System, and monolithicFlat.
Maintenance mode
VMware ESX hosts can be put in and out of maintenance mode from the VMM console.
Feature Migration
Details VMM 2012 supports the following VMware transfer types: o Live migration between hosts in a cluster using VMware vSphere vMotion o
Live Storage Migration using Storage VMware vSphere vMotion
Supported VMM transfer types: o Network migration to and from the library o Networking
Network migration between hosts
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-33
VMM supports VMware standard vSwitches, VMware distributed vSwitches, and port groups. You must make all vSwitches and port group configurations through the VMware vCenter server. In addition, VMware ESX hosts support the new VMM network management features. Note: Port groups are not created automatically. Use VMware vCenter server to configure port groups with the necessary VLANs that correspond to VMM logical network sites.
PRO
You can monitor and provide alerts for VMware ESX hosts by integrating Operations Manager with PRO.
Placement
When you create VMware virtual machines, VMM uses virtual machine placement on host ratings in the same manner as it does for Hyper-V virtual machines.
Private clouds
VMware ESX host resources can be used by private clouds simply by creating a private cloud from host groups wherever VMware ESX hosts reside, or by using a VMware resource pool. You can configure quotas and apply self-service user roles to these clouds without distinction between the different host types. However, you should be aware that VMM does not integrate with VMware vCloud.
Services
You can deploy VMM 2012 services to VMware ESX hosts. However, you cannot use VMM to deploy VMware vApps.
Storage
VMM 2012 supports the following VMware storage technologies: o VMware Paravirtual SCSI storage adapters o
VMware thin-provision virtual hard disks using the dynamic disk type with the following conditions: Creating and deploying virtual machines with a dynamic disk to VMware ESX hosts actually creates the disk as a thin-provisioned disk.
A virtual machine with a thin provisioned disk created out of band has that disk displayed as a dynamic disk in the VMM console. Thin-provisioned disks that are saved to the Virtual Machine Manager library are converted to a fixed-thick disk. o
Hot add and hot removal of VMware virtual machine’s virtual hard disks
VMM storage automation features are not supported for ESX hosts.
Feature
Details
MCT USE ONLY. STUDENT USE PROHIBITED
7-34 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
Templates
You can create templates using .vmdk files that are stored in the library, and you can import templates stored on VMware ESX hosts. Importing templates from the VMware vCenter server only imports template metadata, and not the .vmdk file itself.
VMM command shell
The VMM command shell works across all hypervisors.
Consider security requirements before you add other vendor hosts to your network. For example, you must decide how to implement certificates for virtualization hosts, and you may want to determine how to use a Run As account. System Requirements: VMware ESX Hosts http://go.microsoft.com/fwlink/p/?linkId=285337 System Requirements: Citrix XenServer Hosts http://go.microsoft.com/fwlink/p/?linkId=285261
Demonstration: Adding a Hyper-V Virtualization Host to VMM In this demonstration, you will see how to add a Hyper-V host to a VMM installation.
Demonstration Steps 1.
Sign in to LON-DC1 as adatum\administrator with a password of Pa$$w0rd.
2.
In the Group Policy Management Editor, open the Default Domain Policy. Apply the following settings to the domain policy located at: Computer Configuration, Administrative Templates \Network\Network Connections\Windows Firewall\Domain Profile. a.
In the Windows Firewall: Allow inbound file and printer sharing exception dialog box, click Enabled, in the Options text box, type an asterisk (*), which indicates all IP addresses.
b.
In the Windows Firewall: Allow ICMP exceptions dialog box, click Enabled, and then in the Options area, select the Allow inbound echo request check box.
c.
In the Windows Firewall: Define inbound port exceptions dialog box, click Enabled, in the Options section, click Show, and under Value, type 5985.
3.
In the Group Policy Management Editor, navigate to Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service.
4.
In the Allow remote server management through WinRM section, click Enabled. In Options, in both the IPv4 and IPv6 text boxes, type an asterisk (*).
5.
Close the Group Policy Management Editor.
6.
On both the LON-HOST1 and LON-HOST2 physical machines, update group policy with the gpupdate.exe /force cmdlets.
7.
Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.
8.
Open the Virtual Machine Manager console, and add LON-HOST1 as a Hyper-V server to the All Hosts node in VMs and Services, using the following parameters: a.
Resource Location page: Windows Server computers in a trusted Active Directory
b.
c.
Credentials page: Manually enter the credentials.
User name: ADATUM\Administrator
Password Pa$$w0rd
Discovery Scope page: Specify Windows Server computers by names.
9.
Computer names: lon-host1.adatum.com
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-35
d.
Target resources page: Discovered computers: check lon-host1.adatum.com
e.
Host Settings page: All Hosts
f.
Summary page: View Script, save script in the documents library as AddHost.ps1 (ensure the All Files (*.*) type is selected).
Observe that LON-HOST1 now displays in the VM’s and Services console tree. Select it and review the details pane showing all the virtual machines from the host that now display. Review all the different management tasks that you can run on the virtual machines.
10. In Windows PowerShell, navigate to the documents folder and then use Notepad to open AddHost.ps1.
11. In Notepad, examine the script by reviewing all of the different cmdlets and text. Note the two variables that are created and the cmdlets they are based on. Note the Add-SCVMHost cmdlets and the various parameters that it calls. Check if there is anything on this line that needs to be changed. The answer should be just the -ComputerName parameter to identify lon-host2 rather than lon-host1 as is written. Go ahead and make this change, and save the file. 12. Close Notepad. 13. Run the Windows PowerShell script that you just saved, by typing ./addhost.ps1. Use the ADATUM\administrator credentials. 14. Wait for Windows PowerShell to display parameters and values in columnar form. 15. Close Windows PowerShell.
16. In the Virtual Machine Manager console, in the VMs and Services console tree, under All Hosts, notice that LON-HOST2 now displays. Click Lon-host2, and note that no virtual machines have been assigned to this host. This verifies that the Windows PowerShell script worked. Remember that the Virtual Machine Manager console is built on Windows PowerShell, and therefore things you do in the console are run in Windows PowerShell at the lower level. 17. With LON-HOST2 still selected, on the ribbon, click the Folder tab, and then click Properties.
18. Take a few moments to review each of the pages in the lon-host2.adatum.com Properties dialog box. 19. Close the Properties dialog box, close all open windows, and sign off of LON-VMM1.
What Are Host Groups? You can use host groups to organize and manage your servers, which makes it easier to apply management settings at a group level. All servers reside in the default host group called All Hosts, unless you specify another location. Host groups may be nested. Therefore, unless you clear the inherited parent host group settings, the parent group’s settings will apply to the hosted group. You can make this change in the Properties page of the selected child object.
MCT USE ONLY. STUDENT USE PROHIBITED
7-36 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
You can create host groups by clicking the VMs and Services workspace, then right-clicking in the Navigation pane, and then clicking Create Host Group. The default host group is called All Hosts. To edit host group properties, right-click a host group, and then click Properties. From the Host group Properties, General page, you can edit the following settings: •
Name of the group
•
Location of (move) the group
•
Provide a group description
•
Allow unencrypted files transfers to the group
Placement Rules
By default, a host group uses the placement setting from the parent host group. If you opt to configure custom placement rules at the individual group level, you can block inheritance by modifying the parent host-group setting.
On the Placement Rules page of the host group properties, you can assign custom placement rules. For example, you can assign custom values to hosts and virtual machines that will determine placement based upon criteria, including one of the following criteria: •
The virtual machine must match the host
•
The virtual machine should match the host
•
The virtual machine must not match the host
•
The virtual machine should not match the host
Host Reserves
Host reserves are placement settings that enable the host system to retain resources for its own use. This is useful when a Hyper-V host has additional services running, such as in a branch office where you have configured a Virtual Machine Manager library.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-37
The following table details how you can set or override the following host reserves at the individual host level. Resource
Notes
CPU
You can set CPU as a percentage. The default percentage value is 10. However, 10 percent of one dual-core processor that is running at 2 GHz is not the same as 10 percent of four six-core processors that are running at 2.8 GHz.
Memory
The default is memory value is 256 MB, but you can change this or set this as a percentage.
Disk I/O
The default value is 0, but you can set this as a percentage. You may wish to ensure a minimal amount of disk I/O is reserved if you are using a host as a Virtual Machine Manager library.
Disk space
You can set disk space as a numeric value or percentage.
Network I/O
The default value is 0, but you can set this as a percentage. You may wish to ensure a minimal amount of network I/O is reserved if you are using a host as a Virtual Machine Manager library.
Dynamic Optimization
Dynamic Optimization enables VMM to balance the virtual machine loads automatically within a host cluster. By defining minimum resource thresholds for hosts, VMM migrates the virtual machine to alternative hosts if available resources fall below those assigned thresholds. The following table lists the thresholds that you can set. Resource
Notes
CPU
Default is 30 percent
Memory
Default is 512 MB
Disk I/O
Default is 0
Disk space
Set as a numeric value or percentage
Network I/O
Default is 0
Note that these settings will impact all hosts within the host group.
In addition to workload balancing, VMM also can invoke power optimization. You can enable power optimization by selecting Settings under the Power Optimization section of the Dynamic Optimization page.
Power Optimization Prerequisites
To enable power management, you must have a baseboard management controller that support one of the following out-of-band management protocols: •
Intelligent Platform Management Interface versions 1.5 or 2.0
•
Data Center Manageability Interface version 1.0
•
Systems Management Architecture for Server Hardware version 1.0 over Web Services for Management (WS-Management)
Network The network page defaults to inheriting network logical resources from the parent host group. You can clear these settings and assign different resource types including IP pools, load balancers, logical networks, and MAC pools.
Storage
MCT USE ONLY. STUDENT USE PROHIBITED
7-38 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
Storage capacity for the host group includes storage allocated to the parent host groups. Here you can allocate storage pools and logical units, if they exist.
Custom Properties You can assign and manage custom properties here. The Manage Custom Properties button lets you select various object types, and the Create button allows you to create custom properties.
Demonstration: Managing Host Groups In this demonstration, you will see how to manage host groups.
Demonstration Steps 1.
Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.
2.
In the Virtual Machine Manager console, in the VMs and Services console tree, create a new host group, and name it LocalGroup.
3.
Using the ribbon, move LON-HOST1 into the group.
4.
Using the context menu, move LON-HOST2 into the group.
5.
Review the LocalGroup Properties dialog box, and note all the various options on each page. Click Cancel when done.
6.
Close the Virtual Machine Manager console, and sign off from LON-VMM1.
Deploying Hyper-V Hosts to Bare-Metal Computers When an organization acquires a new physical server, typically you perform a series of tasks to configure and prepare the server prior to using it. For example, you would install a server operating system, configure that server’s storage and networking, configure roles and features, and provide security hardening. You would then test everything to make sure it all worked correctly, and if it did, only then would you start using it.
Usually, administrators must complete these tasks manually. However, you can now avoid this by deploying a Hyper-V host with virtual machines, and by using the various VMM technologies to configure bare-metal computers. (For this course, a baremetal computer refers to a server, usually new, with no operating system installed.) Therefore, instead of having to perform manually all the steps described earlier, you can now deploy the Windows Server 2012 R2 operating system with the Hyper-V role installed, and add it automatically as a physical host to VMM.
To do this, your infrastructure must meet a number of prerequisites:
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-39
•
The physical computers must be configured correctly and be able to run the Hyper-V role (such as 64-bit processors, and virtualization technologies). In addition, a PXE server must exist and you must add it to VMM management. You can do this by deploying the Windows DS role on any supported operating system, which is most any Windows Server 2008 R2 or newer domain member server. Your Windows DS server can continue to deploy various operating systems as always, because VMM will only respond to requests from computers that you designate as new virtual machine hosts in VMM.
•
You must set the bare-metal computer’s BIOS or Extensible Firmware Interface (EFI) boot order to boot first from a PXE-enabled network adapter.
•
Baseboard management controllers (BMCs) must have logon credentials and an IP address assigned, either statically or through DHCP, and the BMC's network segment must be accessible to the VMM management server. This will allow the out–of–band management to discover the physical computers.
•
You must create a host profile, and any needed driver files must be in the Virtual Machine Manager library.
•
If you are assigning static IP addresses to the hosts, then you must obtain the network adapter MAC address of those hosts that you will use for management. This adapter will be used to communicate with the VMM management server. If the hosts have multiple network adapters and locally attached storage, you should collect this information, such as the MAC addresses of the adapters and the sizes of the disks, before you begin the deployment. However, if you are running System Center 2012 SP1 VMM or System Center 2012 R2 VMM, you can use the process for discovering physical computers to create as physical hosts known as deep discovery to view this information during the deployment.
•
If you wish to use a Run As account to launch the deployment process, the account must have permissions to access the BMCs.
•
If you have multiple Domain Name System (DNS) servers that take time to replicate information, you can create DNS host records for the computer names that will be assigned to the hosts, and allow this information to replicate to all the DNS servers.
You start the process to deploy the Hyper-V host to bare-metal computers in the Fabric workspace on the Virtual Machine Manager console, using the following procedures: 1.
In the Fabric console tree, click Servers.
2.
On the home tab of the ribbon, click the Add Resources drop-down list box, and then click Hyper-V Hosts and Clusters.
3.
In the Add Resource Wizard, on the Resource location page, select the radio button for Physical computers to be provisioned as virtual machine hosts. Note: This step will fail if you do not have any host profiles.
4.
On the Credentials and protocol page, if you have created a Run As account, you can click the Browse button, and find it here. There is also the option to Create Run As Account. In the Protocol area, you can select the out-of-band management protocol: you can use either the Intelligent Platform Management interface (which includes the Data Center Management interface), or you can use the Systems Management Architecture for Server Hardware (SMASH).
MCT USE ONLY. STUDENT USE PROHIBITED
7-40 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
5.
On the Discovery scope page, type the IP address scope that includes the BMC’s IP addresses. You can also specify a single IP address. If you use the subnet or range of IP addresses, the Target resources page will display all the discovered computers for those addresses. Each computer has a check box next to it; select the check boxes of the computers that you wish to convert to a Hyper-V host.
6.
On the Provisioning options page, you can select the host group to which to assign the Hyper-V host, regardless of whether the Hyper-V hosts will use DHCP or static addresses. You do this by using the appropriate host profile. If you are running System Center 2012 SP1 VMM or System Center 2012 R2 VMM, when you select the check box next to a computer name, the system runs deep discovery. You must allow time for this process to occur.
7.
On the Deployment customization page, the options will vary based on the host profile you previously selected.
8.
On the Summary page, click Finish to deploy the bare metal computers as Hyper-V hosts. This will also place them as physical hosts that are controlled by the VMM management server.
Lab: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-41
The first phase of the virtualization project was very successful, and A. Datum Corporation is starting to implement a Hyper-V virtualization platform in the remaining three subsidiaries and in the main data center. As part of the second phase of the project, A. Datum also wants to implement a better management solution that will enable administrators to manage the entire virtualization environment from a single management interface. Administrators in the main office require a management tool to manage the entire infrastructure, whereas administrators in each of the subsidiaries only need to manage the servers and other components located within their data center. A. Datum has decided to implement System Center 2012 R2 VMM to manage their virtualization infrastructure. You need to deploy the VMM server components and add the existing Hyper-V hosts to the environment. You also need to ensure that you configure the environment in such a way that administrators in each subsidiary can manage the virtualization hosts at their location.
Objectives After completing this lab, you will be able to: •
Install and configure VMM, including managing VMM from a remote host.
•
Configure and manage hosts and host groups in System Center VMM.
Lab Setup Estimated Time: 45 Minutes
Virtual machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-VMM1, and 20409B-LON-CL1 User name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps: 1.
Start both 20409B-LON-HOST1 and 20409B-LON-HOST2.
2.
Sign in to the LON-HOST1 and LON-HOST2 computers as Adatum\Administrator with the password of Pa$$w0rd.
3.
On LON-HOST1 and LON-HOST2, start Hyper-V Manager.
4.
In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.
5.
In the Actions pane, click Connect. Wait until the virtual machine starts.
6.
Sign in by using the following credentials: o
User name: Adatum\Administrator
o
Password: Pa$$w0rd
7.
Repeat steps 4-6 for 20409B-LON-VMM1 and 20409B-LON-CL1.
8.
In the 20409B-LON-VMM1 on LON-HOST1 – Virtual Machine Connection, click the Media dropdown list box, click DVD Drive, and then click Insert Disk.
9.
In the Open pop-up window, navigate to D:\Program Files\Microsoft Learning\20409\Drives, select the SC2012R2.iso file, and then click Open. Note that the drive letter for the Microsoft Learning folder may differ based on the initial setup of the course files.
MCT USE ONLY. STUDENT USE PROHIBITED
7-42 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
In addition, for the rest of the labs, the tasks need be done only once in each lab partnership. There will not be some steps done by the LON-HOST1 student and others by the LON-HOST2 student. The lab partners can decide and even switch between themselves as to who does what for each task. This applies to this lab through the lab in Module 13. Note: Because you will be using the same virtual machines in the next lab, at the conclusion of this lab do not revert the virtual machines. However, you can shut down all virtual machines after finishing this lab.
Exercise 1: Installing and Configuring System Center 2012 R2 VMM Scenario
In this exercise, you will install System Center 2012 R2 VMM and its prerequisites into a Windows Server 2012 R2 virtual machine. They will also install a VMM console in a client virtual machine that will be used for managing VMM. The main tasks for this exercise are as follows: 1.
Review the email from Ed Meadows, CIO, A. Datum, Inc.
2.
Check for VMM prerequisites, and install VMM.
3.
Install the VMM management server and Virtual Machine Manager console on LON-VMM1.
4.
Install the Virtual Machine Manager console on LON-CL1.
Task 1: Review the email from Ed Meadows, CIO, A. Datum, Inc.
Email From: Ed Meadows, CIO, A. Datum Corp. To: IT department Subject: Ready to add System Center 2012 R2 Virtual Machine Manager! I really appreciate the way you have set up our Hyper-V environment! Everything looks great. Now that we have our virtualization infrastructure in place, I would like you create a test implementation of System Center 2012 R2 Virtual Machine Manager. To do this, we need to: 1.
Load the software on one of our servers in the London Site. We need at least two physical hosts, but have plenty of virtual machines on them. Do you recommend putting this on a virtual machine or physical computer? Please let me know what computers you’ll be using. Remember that the test data that you gather will be used to further deploy a much more robust solution that we will use to build our private clouds.
2.
Make sure that all the prerequisites Microsoft has recommended are met. If there are any shortfalls, let me know as soon as possible. Create a list of the prerequisites that you will need to verify.
3.
After you have created the VMM management server and installed a Virtual Machine Manager console on a desktop client in the Developer department, finish testing the console and ensure everything works.
4.
Finally, create the local host group and assign at least two physical hosts.
Ed
To create the test implementation, answer the following questions: 1.
How many VMM servers do you need to deploy in the Adatum environment?
2.
What are the VMM prerequisites that need to be met?
3.
Will you deploy VMM on a single server, or will you separate components onto dedicated servers?
4.
Will you install the VMM server inside a virtual machine or on a physical machine?
5.
What computers will you use, and what will be their roles?
Task 2: Check for VMM prerequisites, and install VMM
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-43
1.
On LON-VMM1, verify the VMM management server prerequisites by examining the Local Server page in Server Manager on LON-VMM1.
2.
Verify that LON-VMM1 is in the Adatum.com domain.
3.
Verify that the Operating system version is either the Standard or Datacenter version of Windows Server 2012 R2.
4.
Confirm that the operating system has at least a 2 GHz Pentium processor, 4 GB of RAM, and 80 GB of disk space available.
5.
From the Start screen, open and then sign in to SQL Server Management Studio.
6.
Verify that the version of SQL Server supports System Center 2012 R2 VMM.
7.
Open the Registry Editor. In the Registry Editor window, click the HKEY_LOCAL_MACHINE subkey. Navigate to SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\.
8.
In the Version item, note the value in the Data column. It should be 4.5.51641 or higher.
9.
Close the Registry Editor window.
10. Open the Services console, and verify that the Windows Remote Management (WS–Management) service is running and is set to Automatic. 11. On the taskbar, click the File Explorer icon. 12. In the This PC window, double-click the DVD Drive icon. 13. In the VMM folder, verify that installation files are visible.
Task 3: Install the VMM management server and Virtual Machine Manager console on LON-VMM1 1.
In File Explorer, in the VMM window, double-click the setup.exe file, which will open the Microsoft System Center 2012 R2 Installation splash screen.
2.
Use the Microsoft System Center 2012 Virtual Machine Setup Wizard to install VMM, and set the options on each page, as follows: a.
Select features to install page: VMM management server and VMM console.
b.
Product registration information page:
c.
Name: Administrator
Organization: A. Datum, Inc.
Product key: blank
Customer Experience Improvement Program (CEIP) page: No, I am not willing to participate
d.
Microsoft Update page: Off
e.
Installation location page: Accept default
f.
Database configuration page:
g.
Server name: accept default
Instance name: MSSQLSERVER
Database name: VirtualManagerDB
Configure service account and distributed key management page:
User name and domain: ADATUM\SCService
Password: Pa$$w0rd
h.
Port configuration page: Accept defaults
i.
Library configuration page:
Shared folder location: C:\ProgramData\Virtual Machine Manager Library Files
Share name: MSSCVMMLibrary
3.
After the installation finishes, clear the Check for the latest Virtual Machine Manager updates check box, and then click Close.
4.
On the Connect to Server page, click Connect.
5.
Close both the Virtual Machine Manager console and the Microsoft System Center 2012 R2 splash screen.
Task 4: Install the Virtual Machine Manager console on LON-CL1 Note: Perform these steps from LON-HOST2. In Hyper-V Manager on LON-HOST2, rightclick Hyper-V Manager in the console tree and select Connect to server, select Another computer, and type LON-HOST1 and then click OK. Select and connect to LON-CL1.
MCT USE ONLY. STUDENT USE PROHIBITED
7-44 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
1.
On LON-CL1, click to the desktop.
2.
Open File Explorer, and then navigate to \\lon-vmm1.adatum.com\c$\Program Files \Microsoft System Center 2012 R2\Virtual Machine Manager\setup\msi\Client.
3.
Run the AdminConsole.msi file. The MSI file will open a pop-up window stating that it is installing and displaying a progress bar. If it does not encounter an error, then after installing the Virtual Machine Manager console successfully, the window will close itself.
4.
Open the Apps by name start screen, and then pin the Virtual Machine Manager Console NEW tile to the desktop taskbar.
5.
Launch the Virtual Machine Manager Console NEW program from the taskbar.
6.
On the Connect to Server page, change the Server name to LON-VMM1.adatum.com:8100.
7.
Navigate around the console, and observe that is the same Virtual Machine Manager console as is installed on LON-VMM1.
8.
Close the Virtual Machine Manager console, and sign off of LON-CL1.
Results: After completing this exercise, you should have installed System Center 2012 R2 VMM.
Exercise 2: Managing Hosts and Host Groups Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-45
In this exercise, you will create host groups, add physical servers and configure host group properties. The main tasks for this exercise are as follows: 1.
Set the default domain group policy to allow domain members to become hosts.
2.
Add LON-HOST1 and LON-HOST2 to VMM.
3.
Create a LocalGroup host group, and then add LON-HOST1 and LON-HOST2 to the LocalGroup host group.
4.
Configure LocalGroup properties.
Task 1: Set the default domain group policy to allow domain members to become hosts 1.
On LON-DC1, in Server Manager, open the Group Policy Management Editor, and then edit the Default Domain Policy.
2.
Navigate to Computer Configuration\Profiles\Administrative Templates\Network \Network Connections\Windows Firewall\Domain Profile, and then apply the following settings: a.
In Windows Firewall: Allow inbound file and printer sharing exception, click Enabled, in Options, type an asterisk (*) (which indicates all IP addresses).
b.
In Windows Firewall: Allow ICMP exceptions, click Enabled, in Options, click Allow inbound echo request.
c.
In Windows Firewall: Define inbound port exceptions, select Enabled, in Options: Define port exceptions, click Show, and under Value, type 5985.
3.
In the Group Policy Management Editor, navigate to Computer Configuration\Profiles \Administrative Templates\Windows Components\Windows Remote Management (WinRM) \WinRM Service.
4.
In the Allow remote server management through WinRM window, select Enabled, in Options, for both IPv4 and IPv6, type an asterisk (*).
5.
Close the Group Policy Management Editor.
6.
On both LON-HOST1 and LON-HOST2 physical machines, use Windows PowerShell to update the group policy with gpupdate.exe /force.
Task 2: Add LON-HOST1 and LON-HOST2 to VMM 1.
On LON-VMM1, open the VMM console, and add LON-HOST1 as a Hyper-V server to the All Hosts node in VMs and Services, using the following parameters: a.
Resource Location page:
b.
c.
Windows Server computers in a trusted Active Directory
Credentials page: Manually enter the credentials.
User name: ADATUM\Administrator
Password: Pa$$w0rd
Discovery Scope page: Specify Windows Server computers by names.
Computer names: lon-host1.adatum.com
d.
Target resources page:
Discovered computers: lon-host1.adatum.com
MCT USE ONLY. STUDENT USE PROHIBITED
7-46 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
e.
Host Settings page: All Hosts.
f.
Summary page: View Script, save script in the documents library as AddHost.ps1 (ensure the All Files (*.*) type is selected).
2.
Observe that LON-HOST1 now displays in the VM’s and Services console tree.
3.
Open Windows PowerShell, navigate to the documents folder, and then use Notepad to open AddHost.ps1.
4.
In Notepad, in Add-SCVMHost, change the -ComputerName parameter to identify LON-HOST2 rather than LON-HOST1.
5.
Save the file, and close Notepad.
6.
Run the Windows PowerShell script that you just saved by typing ./addhost.ps1.
7.
When prompted, use the ADATUM\administrator credentials.
8.
When Windows PowerShell displays a number of parameters and values in columnar form, review this data.
9.
Close Windows PowerShell.
10. In the Virtual Machine Manager console, in the VMs and Services console tree, under All Hosts, verify that LON-HOST2 now displays.
Task 3: Create a LocalGroup host group, and then add LON-HOST1 and LON-HOST2 to the LocalGroup host group 1.
On LON-VMM1, if the Virtual Machine Manager console is not already open, then open it.
2.
In the Virtual Machine Manager console, in the VMs and Services console tree, create a new host group named LocalGroup.
3.
Use the tools on the ribbon to move LON-HOST1 into the group.
4.
Use the context menu to move LON-HOST2 into the group.
Task 4: Configure LocalGroup properties 1.
Right-click LocalGroup and then click Properties.
2.
In the LocalGroup Properties dialog box, in the Properties pages, configure the following: a.
On the General page, add the description, The local group of virtualization hosts the A. Datum IT department is using.
b.
On the Host Reserves page, clear the Use the host reserves settings from the parent host group check box. In the Disk space, amount text box, change the values from 1% to 2%.
3.
On the LocalGroup Properties page, click OK.
1.
Close the VMM Console, and sign out of LON-VMM1.
Results: After completing this exercise, you should have created and configured hosts and host groups.
Module Review and Takeaways Review Questions Question: In which scenarios will it be beneficial to deploy System Center 2012 R2 App Controller? Question: In which scenarios is it beneficial for you to use Windows PowerShell rather than a GUI such as the VMM console?
Common Issues and Troubleshooting Tips Common Issue
Troubleshooting Tip
You cannot add the physical computer as a host.
You cannot perform a V2V conversion of a VMware ESX–hosted virtual machine.
Tools Tool
Use for
Where to find it
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
7-47
SQL Server Management Studio
Manage all aspects of a SQL Server installation.
SQL Server installation DVD
Disk2vhd
Tool that creates virtual hard disks of physical disks for use on Hyper-V hosts as virtual machines. You can convert the operating system disk and the data disks on a physical computer.
Windows Sysinternals download page: http://go.microsoft.com/fwlink /?LinkID=386697
Windows ADK
A collection of tools that you can use to customize, assess, and deploy Windows operating systems to new computers.
Microsoft Download Center: http://go.microsoft.com/fwlink /?LinkID=386730
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED 8-1
Module 8
Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager Contents: Module Overview
8-1
Lesson 1: Managing Networking Infrastructure
8-2
Lab A: Network Infrastructure Management
8-18
Lesson 2: Managing Storage Infrastructure
8-22
Lab B: Managing Infrastructure Storage
8-32
Lesson 3: Managing Infrastructure Updates
8-36
Lab C: Infrastructure Updates Management
8-42
Module Review and Takeaways
8-45
Module Overview
Microsoft System Center 2012 R2 includes components that you can deploy and manage through the System Center 2012 R2 Virtual Machine Manager (VMM) console. The Fabric workspace in the VMM console simplifies working with a variety of storage and network technologies. Using these components, you can build and connect your virtualization network and storage infrastructure, thereby creating the underlying framework for deploying virtual machines, services, and clouds. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.
Objectives After completing this module, you will be able to: •
Manage the networking infrastructure in VMM.
•
Manage the storage infrastructure in VMM.
•
Manage infrastructure updates by creating update baselines, and by scanning and remediating noncompliant servers.
Lesson 1
Managing Networking Infrastructure Managing physical network infrastructure in dynamic and complex data center environments can be challenging. You might require multiple applications, consoles, and command-line interfaces to administer the infrastructure. VMM provides a single console from which you can perform most of the administrative tasks, and thus simplifies working with logical and virtual networking components.
MCT USE ONLY. STUDENT USE PROHIBITED
8-2 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
This lesson introduces you to the VMM networking fundamentals and provides high-level overviews of advanced concepts. This lesson also explains the VMM networking components and integration options with other vendor networking tools. Finally, this lesson describes how to design and implement the various virtualization options.
Lesson Objectives After completing this lesson, you will be able to: •
Describe VMM logical networks.
•
Describe the components and features of the networking infrastructure.
•
Describe the configuration options for virtual networks.
•
Explain how to configure logical networking in VMM.
•
Explain how to configure ports and logical switches in VMM.
•
Configure virtual network components in VMM.
•
Describe how to use virtual machine networks to isolate networking.
•
Explain how to manage network virtualization in VMM.
•
Configure network virtualization.
•
Describe Windows Server Gateway
VMM Logical Networks A VMM logical network is a collection of VMM network sites, IP subnet information, and virtual local area network (VLAN) information. You can associate IP address pools with IP subnets that are part of a logical network. You can use logical networks in VMM to describe networks with different purposes and then associate those networks with adapters. For example, you can create one logical network for traffic isolation (such as a network used for cluster node communication), and then associate the network adapters reserved for this communication with this VMM logical network.
At least one logical network must exist before you can deploy virtual machines and services. By default, when you add a Hyper-V host to VMM, if a physical network adapter on the host does not have an associated logical network, VMM automatically creates and associates a logical network that matches the first Domain Name System (DNS) suffix label of the connection-specific DNS suffix.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
For example, if the DNS suffix for the host network adapter is adatum1.adatum.com, VMM creates a logical network with the name adatum1.
8-3
When you create a logical network, you can create one or more associated network sites. A network site is a collection of one or more subnets, VLANs, and subnet-VLAN pairs. You can control which host groups connect to a network site. For example, if you have a Seattle host group and a New York host group, and if you want to make the BACKEND logical network available to each, you can create two network sites for the BACKEND logical network. You then can scope one network site to the Seattle host group (and any desired child host groups), and the other network site to the New York host group (and any desired child host groups). When you associate one or more IP subnets with a network site, you can create an IP address pool. An IP address pool is a range of IP addresses within an IP subnet. For example, the range 10.0.0.2 to 10.0.0.150 would be an address pool within the 10.0.0.0/24 subnet. A static IP address pool enables VMM to assign static IP addresses to hosts and allows you to manage IP addresses for the virtual environment. Configuring static IP address pools is optional and you can assign addresses automatically through Dynamic Host Configuration Protocol (DHCP), if it is available on the network. For more information on Logical Networks, consult the following TechNet article: Configuring VM Networks in VMM Illustrated Overview http://go.microsoft.com/fwlink/?LinkID=386735
What Is the VMM Networking Infrastructure? In VMM, the networking infrastructure is a group of configurable network resources that you can use to create, model, organize, and manage your virtualized server network connectivity. The following sections describe the configurable components and their subcomponents.
Logical Networks
Logical networks are a set of logical network objects that you can use to model your network environment. You can create multiple logical networks, and then associate them with one or more host groups. For example, you can create a perimeter logical network, a development logical network, and a production logical network. When administrators or application administrators deploy virtual machines and services, they will be able to select a logical network without the need to understand the underlying networking infrastructure.
Network Sites
You can create network sites to associate subnets and VLANs with a location or department. You associate sites with the logical network, and then assign the host group that can use the network site.
MAC Address Pools
VMM can assign static media access control (MAC) addresses automatically to new virtual network devices on Windows-based virtual machines that are running on any managed Windows Server 2012 Hyper-V, VMware ESX, or Citrix XenServer host. VMM has two default static MAC address pools: the default MAC address pool for Hyper-V and Citrix XenServer, and the default VMware MAC address pool for VMware ESX hosts. You should use the default static MAC address pools only if you set the MAC address type for a virtual machine to Static. If you set the virtual machine setting to Dynamic, the hypervisor will assign the
MAC address. You can use the default MAC address pools, or you can configure custom MAC address pools that you scope to specific host groups.
Virtual IP Templates
MCT USE ONLY. STUDENT USE PROHIBITED
8-4 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
A virtual IP template contains a load balancer and related configuration settings for a specific type of network traffic. For example, you could create a template that specifies the load balancing behavior for HTTPS traffic on a specific load balancer manufacturer and model. These templates represent the best practices from a load balancer configuration standpoint. After you create a virtual IP template, users (including self-service users), can specify the virtual IP template to use when they create a service. When users model a service, they can choose an available template that best matches the needs of their load balancers and type of application.
Load Balancer Integration
By adding a load balancer to VMM, you can load balance requests to the service tier’s virtual machines. You can use Network Load Balancing (NLB), or you can add supported hardware load balancers through the VMM console. VMM includes NLB as an available load balancer, and it uses the round-robin method for load balancing. To add supported hardware load balancers, you must install a configuration provider that is available from the load balancer manufacturer. The configuration provider is a plug-in to VMM that translates Windows PowerShell commands to application programming interface (API) calls, which are specific to a load balancer manufacturer and model. Supported hardware load balancer devices are F5 BIG-IP, Brocade ServerIron, and Citrix Netscaler. You must obtain the load-balancer provider from the load-balancer vendor, and then install it on the VMM management server.
Logical Switches
You can use logical switches to apply a single configuration to multiple hosts. You configure logical-toHyper-V port profiles and uplink profiles, port classification, and virtual-switch extensions. By using logical switches, you can enforce compliance among the host servers and reduce the time required to deploy and administer hosts.
Port Profiles You can create and use two Hyper-V port profiles in VMM: •
Virtual network adapter port profiles. You create this type of profile for use by virtual machines and hosts. These profiles have configurable offload, security, and bandwidth settings.
•
Uplink port profiles. You configure this type of profile to use with uplink ports. You can configure the load-balancing algorithm and teaming mode.
Port Classifications
You can create port classifications, and then use them across multiple logical switches to help identify and group sets of features.
Network Service
A network service in VMM includes components such as gateways, virtual switch extensions, top-of-rack switches, and network managers. To add a network service, you must first install the associated provider, and then restart the System Center Virtual Machine Manager service. You can configure each of the following components by using the Add Network Service Wizard: •
Gateway. In VMM, you can configure a gateway to allow network traffic in and out of a virtual machine network that is using network virtualization. You can configure this for local network routing which routes traffic between the virtual machine network and the physical network. Alternatively, you can configure it for remote network routing, which first creates a virtual private network (VPN) connection with another endpoint of a site-to-site VPN, and then routes in and out of the virtual machine network through the VPN tunnel.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-5
•
Virtual switch extensions. Virtual switch extensions provide non-Microsoft vendors the ability to add monitoring, filtering, and forwarding extensions. For example, Cisco has created the Cisco Nexus 1000V for Hyper-V. This forwarding extension allows Cisco administrators to configure networking in VMM by using familiar Cisco commands. An example of a monitoring extension is Host sFlow, which exports performance metrics using the sFlow protocol.
•
Network managers. Network managers enable you to use a non-Microsoft network management console to configure forwarding extensions. With network managers, you can manage settings such as logical networks, sites, and virtual machine networks.
•
TOR switches. By using VMM to manage TOR switches, you can control physical switch ports. For example, you can create the corresponding VLAN and apply it to the physical port, thus keeping both physical and virtual switch settings synchronized.
Configuration Options for Virtual Networks You can create Hyper-V virtual switches in the VMM console just as you can create them in the Virtual Switch Manager in the Hyper-V console. In the VMM console, you can apply the same options as in the Virtual Switch Manager, although you cannot control switch extensions within this area. You can create three types of virtual switches on your Hyper-V host servers: •
External. You can create a virtual network switch that you bind to a physical network adapter in the host server. After you have created this virtual switch, you can then connect one or more virtual machine network adapters, thereby permitting virtual machines access to a physical network. You can create only one external virtual switch for each physical network adapter. However, you can optionally allow the host to share the network adapter with the virtual switch.
•
Internal. Creating an internal switch enables virtual machines to communicate with each other and with the Hyper-V host. However, internal switches do not allow any communication with the physical network.
•
Private. The private virtual switch allows virtual machines to communicate with each other. You can create multiple private virtual switches on a single Hyper-V host to isolate different groups of virtual machines.
You can use VLAN settings and external virtual switches to share the network adapter with the virtual guest machines. If you do this, you can then set VLAN IDs for the host server. However, this does not control virtual machine VLAN configuration. You can add a virtual switch in the VMM console by performing the following steps: 1.
In the VMM console, click the Fabric icon.
2.
In the Fabric workspace, click Servers, or if required, navigate to the host group containing the server to which you wish to add the virtual switch.
3.
In the central workspace, right-click the server you want to add the switch to, and then click Properties.
4.
MCT USE ONLY. STUDENT USE PROHIBITED
8-6 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
In the Properties dialog box, on the left side, click Virtual Switches, click New Virtual Switch, and then click New Standard Switch.
Note: You also have the option of creating a new logical switch. However, you can only create a new logical switch after creating at least one logical switch elsewhere in VMM. You will learn more about logical switches later in this module. 5.
Provide a name and optional description for the switch, and then click the required switch type (External, Internal, or Private). Define whether the host should share the adapter using VLAN 0 or anther VLAN, and then click OK.
6.
When a warning that the host may temporarily lose network connectivity displays, click OK.
You can monitor the progress in the Jobs workspace.
Configuring Logical Networking in VMM The first step in building logical networks is to define and determine your network requirements. Considering the answers to the following questions: •
How many logical networks do you require?
•
How many network sites do you require?
•
Is isolation required?
•
Will you need to route isolated traffic between hosts or sites?
•
What IP subnets will you use?
•
What VLAN ID will you use?
When creating the logical network, you will be able to choose a single, routable network that includes the option to allow virtualized virtual machine networks, to use VLAN-based independent networks, or to use Private VLAN (PVLAN) networks. To create the logical network, use the following steps: 1.
Launch the VMM console, click the Fabric workspace, on the ribbon, click Create, and then click Logical Network.
2.
On the Name page, in the Name text box, type the required network name such as INTRANET, and in the Description text box, type a description. Click the required network option, VLAN, PVLAN, or leave the default option selected (One connected network). If required, click Allow new VM networks created on this logical network to use network virtualization, and then click Next.
3.
On the Network Site page, click Add, and then in the Host groups that can use this network site section, select the host groups that will use this network site, for example, All Hosts.
4.
In the Associated VLANs and IP subnets area, click Insert row, and then in the VLAN text box, type a VLAN number, for example, 2.
5.
In the IP subnet text box, type an IP subnet, for example 172.20.0.0/16.
6.
Click Next, and then click Finish.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Configuring Ports and Logical Switches in VMM Logical Switches You can use logical switches to apply a single configuration to multiple hosts, and you configure them to use uplink profiles, port classification, and virtual-switch extensions. The supported switch extensions types are:
8-7
•
Monitoring. Use monitoring extensions to monitor and report network traffic, but you cannot use them to modify packets.
•
Capturing. Use capturing extensions to inspect and sample traffic but you cannot use them to change packets.
•
Filtering. Use filtering extensions to block, modify, or defragment packets, and to block ports.
•
Forwarding. Use forwarding extensions to direct traffic by defining destinations, and to capture and filter traffic. To avoid conflicts online, only one forwarding extension can be active on a logical switch.
•
Virtual switch extension manager. Use virtual switch extension manager to allow use of a vendor network-management console and VMM together. To do this, you need to install the vendor’s provider software on the VMM server.
Uplink Profiles
You can use native uplink profiles to configure uplink adapters. Uplink adapters must be available on the physical network adapters to which a switch connects. You can assign uplink profiles to host groups, and then enable them to support network virtualization in Windows operating systems. You also can use uplink profiles to configure virtual adapters for enabling offload settings, such as Virtual Machine Queue (VMQ), Internet Protocol security (IPsec) task offloading, and single-root I/O virtualization (SR-IOV). Virtual network adapter port profiles allow you to reuse the same settings across multiple switches, which simplify your virtual environment deployments.
Additionally, you can specify minimum and maximum bandwidth settings and relative bandwidth weights. These settings define how much bandwidth a virtual network adapter can use in relation to other virtual network adapters that connect to the same switch. The following default uplink profiles have already been created in VMM: •
SR-IOV profile
•
Network load balancer (NLB) network interface card (NIC) profile
•
Low, medium, and high bandwidth adapters
•
Host management
•
Live migration
•
Cluster
•
Guest dynamic IP
•
Internet small computer system interface (iSCSI)
•
Default
Each of these profiles comes already configured with varying offload, security, and bandwidth settings.
Port Classifications
MCT USE ONLY. STUDENT USE PROHIBITED
8-8 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
You can create port classifications, and then use them across multiple logical switches to help identify and group sets of features. The following default port classifications have already been created in VMM: •
SR-IOV
•
Network load balancing (NLB)
•
Live migration workload
•
Host cluster workload
•
Low, medium and high bandwidth
•
Guest dynamic IP
•
iSCSI workload
Demonstration: Configuring Virtual Network Components in VMM
In this demonstration, you will see how you can use VMM to create and configure the following network components: •
Logical networks
•
IP pools
•
Logical switches
•
Native port profiles
•
Port classifications
You also will see how to assign logical switches to Hyper-V hosts.
Demonstration Steps 1.
On LON-VMM1, launch the Virtual Machine Manager console.
2.
Create a logical network named Adatum UK that permits the use of network virtualization.
3.
Create two network Sites that use the All Hosts host group using the following details: a.
Network site name: Docklands
b.
VLAN: 0
c.
IP Subnet: 192.168.1.0/24
d.
Network site name: Gatwick
e.
VLAN: 0
f.
IP Subnet: 192.168.2.0/24
4.
When setup is complete, close the Jobs window.
5.
From the Fabric workspace, create a new IP Pool named Adatum UK IP Pool. Use the Adatum UK logical network.
6.
Using the Docklands network site and the 192.168.3.0/24 IP subnet, complete the wizard accepting the defaults, and then close the Jobs window.
7.
Create another IP pool named Gatwick IP Pool. Use the Adatum UK logical network, and the Gatwick network site.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-9
8.
From the Fabric workspace, create a Hyper-V Port Profile named Adatum UK Uplink. Use the Hyper-V port load balancing algorithm.
9.
On the Network configuration page, select the Docklands and Gatwick network sites, and enable Hyper-V Network-Virtualization.
10. When setup is complete, close the Jobs window. 11. From the Fabric workspace, create a Logical Switch named Adatum UK. Enter the description Adatum production hosts logical switch. Use the default extensions, and use the Adatum UK uplink.
12. Add a Virtual Port using the Medium Bandwidth port classification and the Medium Bandwidth virtual network adapter port profile. 13. When setup is complete, close the Jobs window.
14. From the Fabric workspace, open the properties page for lon-host1.adatum.com, click Hardware, then click the logical network associated with your network card, (this will be connected to External Network). 15. Click the Adatum UK logical network, read the warning about VLANs, click OK, and then click OK again. 16. In the Fabric workspace, click LON-HOST1, click Properties, click Virtual Switches, click New Virtual Switch, and then click New Logical Switch.
17. Notice the error message that displays stating that VMM cannot create a virtual switch without any physical network adapters. At this point, if you have another network card, you can assign the logical switch to a physical adapter. In the error message pop-up window that displays, click OK.
18. In the Properties dialog box, click Hardware, and then scroll down and expand Network adapters. Click your physical network adapter, and note that you can select or clear the adapter for virtual machine placement and management use. Click the Logical network, and on the right under Logical network connectivity, note that you can assign the logical networks and IP subnets. 19. Click Cancel, and then click Yes to close the warning.
Using Virtual Machine Networks for Isolating Networking You can use virtual machine networks to create isolation, which separates network traffic for different customers. The network isolation types are described in the following sections.
Network Virtualization You can use network virtualization to isolate virtual machines from different organizations, even if they share the same Hyper-V host. When you configure network-virtualization, each guest virtual machine has two IP addresses, which include: •
Customer IP address. The customer assigns this IP address to the virtual machine. You can configure this IP address so that communication with the customer's internal network can occur even if the virtual machine is hosted on a Hyper-V server that connects to a separate public IP network. Using the ipconfig command on the virtual machine will return the customer IP address.
•
Provider IP address. The hosting provider assigns this IP address, which is visible to the hosting provider and to other hosts on the physical network. This IP address is not visible from within the virtual machine.
Note: You can create virtual machine networks after you create a logical network, because they are associated with a logical network. You can have many isolated virtual machine networks using one logical network, but for each logical network you can only have one virtual machine network that does not use isolation.
VLAN Isolation
MCT USE ONLY. STUDENT USE PROHIBITED
8-10 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
VLANs are layer 2 broadcast domains that are created by tagging packets. These tags tell the switches and routers where the packets can travel. VLANs are widely used due to their reliability. However, they do have some limitations that can make running a larger virtualization environment more difficult and costly, and can result in high management overheads.
PVLAN Isolation
PVLANs enable you to separate a VLAN into multiple isolated sub-networks, which are then allocated to different tenants. The PVLAN will share the IP subnet it that the parent VLAN allocates to it. The PVLAN requires a router to communicate with hosts on other PVLANs and with other networks.
Which Isolation for Logical Networks Is Best? The following table is a guide to when you may want to use the different logical network types. Logical network type
When to use
Infrastructure network
VLAN or no isolation
Load balancer, back-end and Internet-facing
PVLAN
Tenant networks
Network virtualization
The table above is a rough guide, because each company differs. In networking, having many options helps to facilitate the best design for a given scenario, application, or customer. For example, you may have a network team who will be configuring most of the virtual networks using their preferred network tools and switch extensions. Note: For an example that requires both network virtualization and VLANs, review the scenario following the end of this topic. To create logical networks with VLAN or PVLAN: 1.
Launch the VMM console, click the Fabric workspace, on the ribbon, click Create, and then click Logical Network.
2.
On the Name page, in the Name text box, type the required network name (such as INTRANET). In the Description text box, type a description, click the required network option—VLAN, PVLAN, or leave the default option (One connected network) selected. Then, if required, click Allow new VM networks created on this logical network to use network virtualization, and then click Next.
3.
On the Network Site page, click Add, and then in the Host groups that can use this network site section, select the host groups that will use this network site, for example All Hosts.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-11
4.
In the Associated VLANs and IP subnets area, click Insert row, and then in the VLAN text box, type a VLAN number, for example 2.
5.
In the IP subnet field, type an IP subnet, for example 172.20.0.0/16, click Next, and then click Finish.
A routable logical network in the VMM console is called One connected network. These logical networks and any network sites can be routed to one another. Configuring VM Networks in VMM Illustrated Overview http://go.microsoft.com/fwlink/?LinkID=386735 Networking in VMM 2012 SP1 – Logical Networks (Part I) http://go.microsoft.com/fwlink/?LinkID=386731
Real-world Issues and Scenarios
A. Datum Corporation (UK) is based in London and has 10 physical sites that mostly consume resources from two small data centers. The infrastructure has been assembled over many years and by many different providers. The chief executive officer and chief information officer have given authorization to set up the two data centers to run Hyper-V with System Center 2012 R2. As part of their long-term vision, the organization wants one or more highly available private clouds that have the ability to run from either data center. Extensive changes and building new sites are not an option. A multi-year virtualization projected has started, and all new systems are required to be virtualized. Those built using Windows 2008 R2 and newer are being virtualized using physical-to-virtual (P2V) migrations. Many servers have the same IP addresses, and to ensure that the customized applications on those can be accessed, Hyper-V network virtualization will be used.
A. Datum uses multiple backup technologies, and the System Center 2012 R2 Operations Manager has a backup VLAN that isolates backup traffic. You discussed virtualizing some file servers, and will want to make sure that these, and possible other servers can access the VLAN to be backed up.
Managing Network Virtualization in VMM In larger VMM environments, you will need to administer a higher number of logical networks, virtual machine networks, and virtual network components. If you have multiple administrators, the potential for error or complexity also increases. Best Practice: In most sections of the VMM console, you can filter the view by entering text in the search field. Keep this feature in mind and apply a good naming convention to all your virtual network components. This will help you and other administrators when you are working with and or troubleshooting virtual networking. This also applies to everything you can label in VMM.
MCT USE ONLY. STUDENT USE PROHIBITED
8-12 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
There are a few considerations that you should be aware of before you start working with virtual machine networks in VMM. As a first step, you should plan your network and document the proposed configurations. You will need to determine if you should implement isolation. You then need to create the underlying logical network components. After you have created your prerequisite logical network, perform the following steps to create a virtual machine network in the VMM console: 1.
Open the VMM console, click the VMs and Services workspace, and then on the ribbon, click Create VM Network.
2.
On the Name page, type the name and description for your VM network, click the drop-down list box, select the logical network, and then click Next.
3.
On the Isolation page, select either Isolate using Hyper-V network-virtualization or No isolation, choose between IPv4 and IPv6 for your VM network and logical network, and then click Next.
4.
On the VM Subnets page, click Add, and in the Name text box, type the name for your VM subnet. In the Subnet text box, type the IP address and mask for your subnet. If necessary, add and remove further subnets, and then click Next.
5.
On the Connectivity page, choose the setting for connecting directly to an additional logical network, and specify whether that connection will use network address translation (NAT). If you have not added a gateway, no option will be available. Review the message, and then click Next.
6.
On the Summary page, review the summary, and then click Finish.
7.
Close the Jobs window.
In a large host or environment, you may want to quickly discover which virtual machines connect to which networks. Rather than investigate each virtual machine individually, you can investigate using the built-in VMM network diagrams. You can review hosts and virtual machine network topology by performing the following steps: 1.
Open the VMM console, and then click the Fabric workspace.
2.
In the Fabric navigation pane, click to expand the host group containing your hosts. In the main section of the console, right-click the host that you want review, and then click View Networking.
3.
On the left, you can select the hosts, host groups, and clouds that you want to include in the diagram. On the ribbon, you can choose to view the following diagrams: o
VM Networks
o
Host Networks
o
Host/VM Networks
o
Network Topology
To delegate access to virtual machine networks, you assign an owner for a virtual machine network, and delegate access to other administrators and self-service users. You can configure access by performing the following steps: 1.
Open the VMM console, click the VMs and Services workspace, and then on the ribbon, click Properties.
2.
On the left, click Access. You can now select an owner and delegate access to the virtual machine network.
If you want to delete a virtual machine network, you must first confirm that there are no dependent resources. You can review dependent resources using these steps:
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-13
1.
Open the VMM console, and then click the VMs and Services workspace.
2.
In the VMs and Services navigation pane, click VM Networks on the right, click to highlight a virtual machine network, and then on the ribbon, click View Dependent Resources.
3.
Review the Names and Type of resources. Make a note of them, and then click OK.
4.
To delete other VMM resources that may have dependent resources, you can right-click them. If they have dependent resources, the dependent resource option will display, and clicking on it will display those dependencies.
Adding a Gateway
When you deploy network virtualization, you most likely will want virtual machines to communicate with other virtual machines on other Hyper-V hosts, or with physical machines outside of the virtualization environment. To facilitate this, you must provision a network gateway, which in VMM is configured in the Network Service section of the Fabric workspace. The gateway connects to remote networks using a VPN tunnel. To add a gateway, you must first install its provider software. You can review the list of installed providers by using the following procedure: 1.
Open the VMM console.
2.
Click the Settings workspace, and then in the Settings pane, click Configuration Providers. The lists of providers displays along with information such as Type, Version, Publisher, Manufacturer and Model. The default providers in VMM are: o
Microsoft IP Address Management Provider
o
Microsoft Network Load Balancing (NLB)
o
Microsoft Standards-Based Network Switch Provider
o
Microsoft Windows Server Gateway Provider
The default installation directory for providers is C:\Programs Files\Microsoft System Center 2012 R2 \Virtual Machine Manager\Bin\Configuration Providers. 3.
Confirm that the necessary provider software for the gateway device has been installed and is listed.
For more information about gateway prerequisites and to review the setup steps, refer to: Configuring VM Networks and Gateways in VMM http://go.microsoft.com/fwlink/?LinkID=386734 How to Add a Gateway in VMM in System Center 2012 R2 http://go.microsoft.com/fwlink/?LinkID=386732
Demonstration: Configuring Network Virtualization
MCT USE ONLY. STUDENT USE PROHIBITED
8-14 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
In this demonstration, you will see how to configure network virtualization in Windows Server 2012 R2 by using VMM.
Demonstration Steps 1.
In the Virtual Machine Manager console, from the VMs and Services workspace, create a virtual machine network named Adatum North.
2.
Ensure that Adatum UK is selected as the Logical network, and enable Hyper-V network virtualization.
3.
Add the following VM Subnets: o
Subnet name: Adatum Finance
o
Subnet address: 192.168.4.0/24
o
Subnet name: Adatum Engineering
o
Subnet address: 192.168.5.0/24
4.
When setup is complete, close the Jobs window.
5.
In the Virtual Machine Manager console, from the VMs and Services workspace, create a virtual machine network named Adatum South. Ensure that Adatum UK is selected as the Logical network, and enable Hyper-V network virtualization.
6.
Add the following VM Subnets: o
Subnet name: Adatum Warehouse
o
Subnet address: 192.168.4.0/24
o
Subnet name: Adatum Logistics
o
Subnet address: 192.168.5.0/24
7.
When setup is complete, close the Jobs window.
8.
From the VMs and Services workspace, create a virtual machine network IP pool for the Adatum Finance VM Network. Name this pool Adatum Finance VM Network IP Pool.
9.
Ensure the VM subnet is set to Adatum Finance (192.168.4.0/24), and accept the default settings.
10. When setup is complete, close the Jobs window. 11. From the VMs and Services workspace, create a virtual machine network IP pool for the Adatum Finance VM Network. Name this pool Adatum Logistics VM Network IP Pool.
12. Ensure the VM subnet is set to Adatum Logistics (192.168.5.0/24), and accept the default settings. 13. When setup is complete, close the Jobs window.
Windows Server Gateway When you use the Hyper-V virtual switch to implement network virtualization, the switch operates as a router between different Hyper-V hosts in the same infrastructure. Network virtualization policies define how packets are routed from one host to another.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-15
However, when you use network virtualization a virtual switch cannot route to networks outside the Hyper-V server infrastructure. If you do not use network virtualization, you connect the virtual machine to an external switch, and the virtual machine connects to the same networks as the host machine. In a network virtualization scenario, you may have multiple virtual machines running on a Hyper-V host that share the same IP addresses. You also want to be able to move the virtual machine to any host in the network without disrupting network connectivity. You need to be able to connect the virtualized networks to the Internet by using a mechanism that is multitenant-aware so that traffic to external networks is routed correctly to the internal addresses used by the virtual machines.
Windows Server 2012 R2 provides Windows Server Gateway to address this scenario. Windows Server Gateway is a virtual machine-based software router that allows you to route network traffic between the virtual networks on the Hyper-V hosts and the physical networks. This enables the virtual machines to connect to other resources on the internal network and also to connect to external networks such as the Internet. You can implement Windows Server Gateway in three different configurations: •
Multitenant-aware VPN gateway. In this configuration, Windows Server Gateway is configured as a VPN gateway that is aware of the virtual networks that are deployed on the Hyper-V hosts. Deploying the Windows Server Gateway with this configuration means that you can connect to the Windows Server Gateway by using a site-to-site VPN from a remote location, or by configuring individual users with VPN access to the Windows Server Gateway. The Windows Server Gateway operates like any other VPN gateway, whereby it allows the remote users to connect directly to the virtual networks on the Hyper-V servers. The main difference is that the Windows Server Gateway is multitenant-aware, so you can have multiple virtual networks that are located on the same virtual infrastructure, and that have overlapping address spaces. This configuration is useful for organizations that have multiple locations, or multiple business groups that share the same address spaces and must to be able to route traffic to virtual networks. Hosting providers also can use this configuration to provide remote clients direct network access between their on-premises network and the hosted networks.
•
Multi-tenant aware NAT gateway for Internet access. In this configuration, Windows Server Gateway provides access to the Internet for virtual machines on virtual networks. The Windows Server Gateway is configured as a NAT device, translating addresses that can connect to the Internet to addresses used on the virtual networks. In this configuration, Windows Server Gateway is also multitenantaware, so all virtual networks behind the Windows Server Gateway can connect to the Internet, even if they use overlapping address spaces.
•
Forwarding gateway for internal physical network access. In this configuration, Windows Server Gateway provides access to internal network resources that are located on physical networks. For example, an organization may have some servers that are still deployed on physical hosts. When configured as a forwarding gateway, Windows Server Gateway enables computers on the virtual networks to connect to those physical hosts.
MCT USE ONLY. STUDENT USE PROHIBITED
8-16 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
Windows Server Gateway is Microsoft’s implementation of a multitenant-aware gateway. Other vendors have also developed similar gateways. For more details about Windows Server Gateway, go to the following link: Windows Server Gateway http://go.microsoft.com/fwlink/?LinkID=386700
You can configure Windows Server Gateway by deploying appropriate Windows Server 2012 R2 roles, and by configuring the network settings by using Windows PowerShell. The high-level steps for implementing Windows Server Gateway are as follows: 1.
Verify that your Hyper-V deployment meets the requirements for the Windows Server Gateway deployment. Although you can deploy a Windows Server Gateway on a host with single network adapter, we recommend that you configure multiple network adapters on the host. You must configure multiple virtual network adapters on the Windows Server Gateway virtual machine. As a best practice, configure the physical and virtual network adapter names to match the intended use for each network.
2.
Install the Remote Access role on the Windows Server Gateway virtual machine, including the Direct Access and VPN (RAS) and Routing role service. Install the required management tools.
3.
On the Hyper-V host running the Windows Server Gateway virtual machine, do the following: a.
Enable the multitenancy mode on the virtual machine network adapter by using the Set-VMNetworkAdapterIsolation cmdlet with the –IsolationMode parameter.
b.
Map the tenant’s routing domains and virtual subnets by using the Add-VmNetworkAdapterRoutingDomainMapping parameter.
c.
Configure the network virtualization settings by using the New-NetVirtualizationProviderAddress, New-NetVirtualizationLookupRecord, and NewNetVirtualizationCustomerRoute cmdlets.
4.
On Windows Server Gateway, configure the IP addresses and network routes for each tenant network.
5.
On the Hyper-V hosts running the tenant virtual machines, configure the network virtualization settings by using the New-NetVirtualizationProviderAddress, New-NetVirtualizationLookupRecord, and New-NetVirtualizationCustomerRoute cmdlets.
When deploying a gateway in VMM, configure a gateway in the Network Service section of the Fabric workspace. The gateway connects to remote networks using a VPN tunnel. To add a gateway, you must first install its provider software. You can review the list of installed providers by using the following procedure: 1.
Open the VMM console.
2.
Click the Settings workspace, and then in the Settings pane, click Configuration Providers. The lists of providers displays along with information such as Type, Version, Publisher, Manufacturer and Model. The default providers in VMM are: o
Microsoft IP Address Management Provider
o
Microsoft Network Load Balancing (NLB)
o
Microsoft Standards-Based Network Switch Provider
o
Microsoft Windows Server Gateway Provider
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-17
The default installation directory for providers is C:\Programs Files\Microsoft System Center 2012 R2 \Virtual Machine Manager\Bin\Configuration Providers. 3.
Confirm that the necessary provider software for the gateway device has been installed and is listed.
For more information about gateway prerequisites and to review the setup steps, refer to: Configuring VM Networks and Gateways in VMM http://go.microsoft.com/fwlink/?LinkID=386734 How to Add a Gateway in VMM in System Center 2012 R2 http://go.microsoft.com/fwlink/?LinkID=386732
Lab A: Network Infrastructure Management Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
8-18 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
One of the reasons that A. Datum Corporation decided to use VMM as its virtualization management solution was that administrators also could use VMM to manage many of the other components that a virtualized environment requires. To manage the virtual environment efficiently, administrators need the ability to manage from within VMM, components such as storage devices and the network infrastructure.
Objectives After completing this lab, you will be able to: •
Implement a network infrastructure.
Lab Setup Estimated Time: 30 Minutes Virtual Machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-VMM1, 20409B-LON-SS1, 20409B-LON-SVR1 User Name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin, you must complete the following steps: 1.
On the host computer, start Hyper-V Manager.
2.
In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start. Wait 30 seconds.
3.
Click 20409B-LON-VMM1, in the Actions pane, click Start, and then click Connect. Wait until the virtual machine starts.
4.
Sign in by using the following credentials:
5.
o
User name: Administrator
o
Password: Pa$$w0rd
o
Domain: Adatum
Repeat steps 2 through 4 for 20409B-LON-SS1 and 20409B-LON-SVR1.
Exercise 1: Implementing a Network Infrastructure Scenario
As the virtualization administrator, you have been asked to provide a network virtualization proof-ofconcept for Adatum. You plan to start with four departments that currently have server infrastructure in primary and secondary London data centers. Because departments originate from different companies and consequently have some overlapping IP addresses on their servers, your virtualized network will allow for running virtual machines for any department from any data center. In this exercise, you will prepare a proof of concept for the Adatum London virtual network. You will connect a host server with logical networks, configure network virtualization, and connect virtual machines to a virtual machine network.
The main tasks for this exercise are as follows: 1.
Configure logical networks.
2.
Connect a host server with a logical network.
3.
Configure network virtualization.
4.
Connect virtual machines to a virtual machine network.
Task 1: Configure logical networks 1.
On LON-VMM1, launch the Virtual Machine Manager console.
2.
Create a logical network named Adatum UK that permits the use of network virtualization.
3.
Create two network Sites that use the All Hosts host group using the following details: a.
Network site name: Docklands
b.
VLAN: 0
c.
IP Subnet: 192.168.1.0/24
d.
Network site name: Gatwick
e.
VLAN: 0
f.
IP Subnet: 192.168.2.0/24
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-19
4.
When setup is complete, close the Jobs window.
5.
From the Fabric workspace, create a new IP Pool named Adatum UK IP Pool. Use the Adatum UK logical network.
6.
Using the Docklands network site and the 192.168.3.0/24 IP subnet, complete the wizard accepting the defaults, and then close the Jobs window.
7.
Create another IP pool named Gatwick IP Pool. Use the Adatum UK logical network, and the Gatwick network site.
8.
From the Fabric workspace, create a Hyper-V Port Profile named Adatum UK Uplink. Use the Hyper-V port load balancing algorithm.
9.
On the Network configuration page, select the Docklands and Gatwick network sites, and enable Hyper-V Network-Virtualization.
10. When setup is complete, close the Jobs window. 11. From the Fabric workspace, create a Logical Switch named Adatum UK. Enter the description Adatum production hosts logical switch. Use the default extensions, and use the Adatum UK uplink.
12. Add a Virtual Port using the Medium Bandwidth port classification and the Medium Bandwidth virtual network adapter port profile. 13. When setup is complete, close the Jobs window.
Task 2: Connect a host server with a logical network 1.
From the Fabric workspace, open the properties page for lon-host1.adatum.com, click Hardware, then click the logical network associated with your network card, (this will be connected to External Network.)
2.
Click the Adatum UK logical network, read the warning about VLANs, click OK, and then click OK again.
MCT USE ONLY. STUDENT USE PROHIBITED
8-20 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
3.
In the Fabric workspace, click LON-HOST1, click Properties, click Virtual Switches, click New Virtual Switch, and then click New Logical Switch.
4.
Notice the error message that displays stating that VMM cannot create a virtual switch without any physical network adapters. At this point, if you have another network card, you can assign the logical switch to a physical adapter. In the error message pop-up window that displays, click OK.
5.
In the Properties dialog box, click Hardware, and then scroll down and expand Network adapters. Click your physical network adapter, and note that you can select or clear the adapter for virtual machine placement and management use. Click the Logical network, and on the right under Logical network connectivity, note that you can assign the logical networks and IP subnets.
6.
Click Cancel, and then click Yes to close the warning.
Task 3: Configure network virtualization 1.
In the Virtual Machine Manager console, from the VMs and Services workspace, create a virtual machine network named Adatum North.
2.
Ensure that Adatum UK is selected as the Logical network, and enable Hyper-V network virtualization.
3.
Add the following VM Subnets: o
Subnet name: Adatum Finance
o
Subnet address: 192.168.4.0/24
o
Subnet name: Adatum Engineering
o
Subnet address: 192.168.5.0/24
4.
When setup is complete, close the Jobs window.
5.
In the Virtual Machine Manager console, from the VMs and Services workspace, create a virtual machine network named Adatum South. Ensure that Adatum UK is selected as the Logical network, and enable Hyper-V network virtualization.
6.
Add the following VM Subnets: o
Subnet name: Adatum Warehouse
o
Subnet address: 192.168.4.0/24
o
Subnet name: Adatum Logistics
o
Subnet address: 192.168.5.0/24
7.
When setup is complete, close the Jobs window.
8.
From the VMs and Services workspace, create a virtual machine network IP pool for the Adatum Finance VM Network. Name this pool Adatum Finance VM Network IP Pool.
9.
Ensure the VM subnet is set to Adatum Finance (192.168.4.0/24), and accept the default settings.
10. When setup is complete, close the Jobs window. 11. From the VMs and Services workspace, create a virtual machine network IP pool for the Adatum Finance VM Network. Name this pool Adatum Logistics VM Network IP Pool.
12. Ensure the VM subnet is set to Adatum Logistics (192.168.5.0/24), and accept the default settings. 13. When setup is complete, close the Jobs window.
Task 4: Connect virtual machines to a virtual machine network
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
1.
In the VMs and Services workspace, edit the properties of 20409B-LON-TEST1, and connect Network Adapter 1 to VM network.
2.
Ensure that Adatum North is selected, and ensure that subnet Adatum Finance is selected.
3.
Edit the properties of 20409B-LON-PROD1, and connect Network Adapter 1 to VM network.
4.
Ensure that Adatum South is selected, and ensure that the subnet Adatum Logistics is selected.
5.
Power on 20409B-LON-TEST1 and 20409B-LON-PROD1.
6.
Connect to 20409B-LON-TEST1, and sign in as Administrator with the password Pa$$word.
7.
Configure the virtual machine to use a dynamically assigned IP address, and then verify that the dynamically assigned IP address is in the range configured for Adatum Finance.
8.
Connect to 20409B-LON-PROD1, and sign in as Administrator with the password Pa$$word.
9.
Configure the virtual machine to use a dynamically assigned IP address, and then verify that the dynamically assigned IP address is in the range configured for Adatum Logistics.
10. Open Windows PowerShell, and use the ping command to verify that LON-PROD1 cannot communicate with LON-TEST1. 11. Use the Virtual Machine Manager console to shut down LON-TEST1 and LON-PROD1.
8-21
Results: After completing this exercise, you should have created and configured a new virtual network, configured network virtualization, and connected virtual machines to a virtual machine network.
Lesson 2
Managing Storage Infrastructure
MCT USE ONLY. STUDENT USE PROHIBITED
8-22 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
This lesson describes how to manage a storage infrastructure in VMM. VMM can use three different types of storage: Fibre Channel, iSCSI, and file share. The lesson explains how to implement and deploy these different types of storage, and the considerations that you need to be aware of before you implement highly available storage.
Lesson Objectives After completing this lesson, you will be able to: •
Describe storage options for server virtualization.
•
Describe how to implement block storage.
•
Describe how to implement file storage.
•
Deploy storage in VMM.
•
Deploy block storage in VMM.
•
Explain how to manage storage in VMM.
•
Deploy and manage storage in VMM.
Storage Options for Server Virtualization A key factor when provisioning virtual machines is ensuring that the underlying storage infrastructure is reliable and can provide sufficient performance. This includes managing peak utilization times, such as during backups, antivirus sweeps, and multiple, concurrent virtual machine startups. Storage is one of the more complicated and costly resources to manage in virtualization projects. Therefore, you should design storage solutions that have the flexibility to scale up and meet future growth, but not overprovision capacity. Windows Server 2012 R2 builds upon, and introduces new storage options for virtualization, which enables small to midsize companies to utilize highly available storage solutions. These solutions were historically available only by investing in storage area network (SAN) technologies or non-Microsoft software.
When planning a virtualization environment, the .vhdx file type performance can affect the virtual machine’s performance. Servers that you otherwise provision with random access memory (RAM) and processor capacity can still experience unsatisfactory performance if you misconfigure the storage system or if it becomes overwhelmed with traffic. Therefore, you should ensure that the storage design provides adequate performance, and that your design includes a plan for monitoring storage for availability and performance.
Consider the following factors when planning the storage options.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-23
•
Storage connectivity. You can locate .vhd or .vhdx files on local or remote storage. When you locate these files on remote storage, you must ensure that there is adequate bandwidth and minimal latency between the host and the remote storage. Slow network connections to storage, or connections where there is latency, result in poor virtual machine performance.
•
Storage redundancy. The volume that the .vhdx files are stored on should be fault tolerant. This should apply whether the .vhdx file is stored on a local disk, or on a remote SAN device. Hard disks often fail. Therefore, the virtual machine and the Windows Server 2012 Hyper-V host should remain in operation after a disk failure. Replacement of failed disks should not affect Hyper-V host or virtual machine operations.
•
Storage performance. The storage device where .vhdx files are stored should have excellent I/O characteristics. Many enterprises use solid-state drive (SSD) hybrid drives in a redundant array of independent disk (RAID) 1+0 arrays. This helps with achieving maximum performance and redundancy, particularly when multiple virtual machines are running simultaneously on the same storage. However, this can place a tremendous I/O burden on a disk subsystem, so you need to ensure that you select high performance storage. Otherwise, your virtual machine performance may suffer. The assessment and planning tool measures I/O, and its output can assist in storage planning.
•
Storage capacity. If you configure .vhdx files to grow automatically, it is important that there is adequate space in which these files can grow. Additionally, you need to monitor growth carefully so that you experience no service disruptions if a .vhdx file consumes all available space.
•
Data protection. Consider the performance of your backup solution, its impact on your storage design, and the amount of data virtual machines will host. Review existing data, and ensure that you will be able to back up required virtual machines and their storage within an acceptable timeframe.
•
Flexible storage options. Hyper-V offers flexible storage options include most of the options that Windows Server supports, such as locally attached storage (for example, Serial Advanced Technology Attachment (SATA), SCSI, and SSD). Hyper-V supports remotely connected Fibre Channel, iSCSI, and Serial Attached SCSI storage. Hyper-V also supports running virtual machines in file shares using the Server Message Block (SMB) 3.0 protocol. Shared .vhdx files allow guest virtual machines to be clustered without needing iSCSI or Fibre Channel SANs. Hyper-V and VMM support live migration outside of a clustered environment, sometimes referred to as shared-nothing live migration.
Note: When selecting your virtualization storage options, closely examine all the features and components that you plan to use. Carefully review the prerequisites of each technology to ensure compatibility. For example, if you are planning to use the Windows Server 2012 R2 .odx feature for virtual machine SAN transfers, you cannot have Windows Server Data Deduplication or BitLocker Drive Encryption enabled. •
Storage availability. Using VMM, you can manage both block storage and file storage for deploying and storing your virtual machines. You can do this by using Windows Storage Management API deployment.
The following topics will discuss the various storage types in more detail.
Implementing Block Storage Fibre Channel Each Fibre Channel SAN is different. Some SANs have built-in features such as storage tiering, thin provisioning, volume snapshots, and volume replication. If you are designing a Fibre Channel SAN for high availability, you should consider the following factors:
MCT USE ONLY. STUDENT USE PROHIBITED
8-24 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
•
The hosts should have multiple physical Fibre Channel host bus adaptors (HBAs). You should install multiple SAN switches and storage controllers, and then enable multipath I/O in your Windows Server operating system. Given the throughput and capacity capabilities of modern Hyper-V host servers, it is possible to build clusters that can outperform many small to mid-range SANs, if you plan carefully, and plan for circumstances such as planned shutdown. Consider what may happen if someone tried to start several hundred virtual machines simultaneously. Would the SAN controllers manage this, and how would the hosts behave?
•
With Virtual Fibre Channel adapters, you can now access Fibre Channel SANs directly from the Hyper-V host’s guest operating system. Virtual Fibre Channel adapters in Hyper-V are virtual hardware components that you can add to a virtual machine, which enable the adapters to access Fibre Channel storage on SANs. To deploy a virtual Fibre Channel adapter: o
You must configure the Hyper-V host with a Fibre Channel HBA.
o
The Fibre Channel HBA must have a driver that supports Virtual Fibre Channel.
o
The virtual machine must support virtual machine extensions.
Virtual Fibre Channel adapters support port virtualization by exposing HBA ports in the guest operating system. This allows the virtual machine to access the SAN by using a standard World Wide Name (WWN) associated with the virtual machine.
Hyper-V supports multipath I/O (MPIO) to provide highly available access to the logical unit numbers (LUNs) that have been exposed to the host. With Virtual Fibre Channel adapters, you can provide access to LUNs directly from virtual machines that also support MPIO. You can use a combination of both in your virtualization environment. iSCSI
A less expensive and simpler way to configure a connection to remote disks is to use iSCSI storage. Many application requirements dictate that remote storage connections must be redundant in nature for fault tolerance or high availability. Additionally, many companies already have fault-tolerant networks that make it less expensive to retain redundancy compared to using SANs. When designing your iSCSI storage solution, you should consider the following: •
Deploy the iSCSI solution on at least a 1 gigabyte per second (Gbps) network. Review specific features that you intend to use, and ensure that all of your hardware can support these features.
•
Have a high availability design. This is crucial for your network infrastructure, because network devices and components conduct the transfer of data from servers to iSCSI storage.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-25
•
Design an appropriate security strategy for your iSCSI storage solution.
•
Involve all relevant teams in the storage implementation, and confirm whether storage deployment automation will be possible for virtualization administrators and application administrators.
iSCSI is a protocol that supports access to remote SCSI–based storage devices over a TCP/IP network. iSCSI carries standard small computer system interface (SCSI) commands over IP networks to facilitate data transfers over intranets, and to manage storage over long distances. You can use iSCSI to transmit data over local area networks (LANs), wide area networks (WANs), or even over the Internet.
iSCSI relies on standard Ethernet networking architecture. Whether you want to utilize specialized hardware, such as HBA or network switches, is optional. iSCSI uses TCP/IP (typically, Transmission Control Protocol (TCP) port 3260). This means that iSCSI enables two hosts to negotiate tasks, such as session establishment, flow control, or packet size, and then exchange SCSI commands by using an existing Ethernet network. iSCSI uses a commonly used, high performance, local storage-bus subsystem architecture, which it emulates over LANs and WANs, thereby creating a SAN. Unlike Fibre Channel SAN technologies, iSCSI requires no specialized cabling. You can run it over the existing switching and IP infrastructure. However, as a best practice, you can increase the performance of an iSCSI SAN deployment by operating it on a dedicated network or subnet. Note: Although you can use a standard Ethernet network adapter to connect the server to the iSCSI storage device, you also can use dedicated iSCSI HBAs. An iSCSI SAN deployment includes the following: •
TCP/IP network. You can use standard network-interface adapters and Ethernet protocol network switches to connect the servers to the storage device. To provide sufficient performance, the network should provide speeds of at least 1 Gbps, and for redundancy, multiple paths to the iSCSI target. As a best practice, use a dedicated physical network. For high bandwidth adapters and switches, you can use converged logical network with Quality of Service to achieve fast, reliable throughput.
•
iSCSI targets. iSCSI target are used to present the storage, similar to controllers for hard-disk drives of locally attached storage. However, you access this storage over a network, instead of accessing it locally. Many storage vendors implement hardware-level iSCSI targets as part of their storage device’s hardware. Other devices or appliances, such as Windows Storage Server 2012 devices, implement iSCSI targets by using a software driver and at least one Ethernet adapter. Windows Server 2012 provides the iSCSI target server, which is a role service that acts a driver for the iSCSI protocol.
•
iSCSI initiators. The iSCSI target displays storage to the iSCSI initiator, or client, which acts as a local disk controller for the remote disks. Windows Server 2008 and newer Windows Server versions include the iSCSI initiator, and can connect to iSCSI targets. Windows 7 and newer Windows client operating systems also include the iSCSI initiator.
•
iSCSI qualified name. iSCSI qualified names are unique identifiers for initiators and targets on an iSCSI network. When you configure an iSCSI target, you must configure the iSCSI qualified name for the iSCSI initiators that will connect to it. iSCSI initiators also use iSCSI qualified names to connect to the iSCSI targets. However, if name resolution on the iSCSI network is a possible issue, you can identify iSCSI endpoints (both target and initiator) by their IP addresses.
VMM can manage and deploy block storage for your virtualization environment, which can be especially useful if you plan to build a private cloud or plan to delegate virtualization deployment rights. This is discussed in more detail later in the lesson in the Managing Storage in Virtual Machine Manager topic.
Implementing File Storage SMB 3.0 SMB file share provides an alternative to storing virtual machine files on iSCSI or Fibre Channel SAN devices. Hyper-V supports storing virtual machine data, such as virtual machine configuration files, snapshots, and .vhd files, on SMB 3.0 file shares. If you opt to implement SMB file shares, consider the following:
MCT USE ONLY. STUDENT USE PROHIBITED
8-26 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
•
The file share must support SMB 3.0, which limits placement of .vhdx files to file servers that are running a Windows Server 2012 host. Versions of Windows Server prior to Windows Server 2012 do not support SMB 3.0.
•
You must ensure that network connectivity to the file share is 1 gigabyte (GB) or more.
•
When creating a virtual machine in Hyper-V on Windows Server 2012, you can specify a network share when you select the virtual machine location and virtual hard disk location. You also can attach disks stored on SMB 3.0 file shares. You can use both .vhd and .vhdx disk types with SMB file shares.
Note: Hyper-V over SMB assigns the computer account permissions on the share, so you can configure it only in an Active Directory Domain Service (AD DS) environment. The VMM service account requires administrative permissions on the file server, which must be assigned outside of VMM. The new SMB protocol in Windows Server 2012 includes the following features: •
SMB transparent failover. The SMB protocol has the built-in ability to manage failure so that the client and server can coordinate a transparent move that allows continued access to resources with only a minor I/O delay. This ensures that there is no failure for applications.
•
SMB scale-out. You can use the SMB scale-out feature to access shares through multiple cluster nodes by using Cluster Shared Volumes (CSVs). By using this feature, you can balance loads across a cluster.
•
SMB Direct (SMB or Remote Direct Memory Access (RDMA)). Formerly seen only on highperformance computing scenarios, SMB Direct is available now in Window Server 2012. SMB Direct allows an RDMA–enabled network interface to perform file transfers by using technology onboard the network interface, without the operating system intervening.
•
SMB Multichannel. SMB Multichannel, which is enabled automatically, enables SMB to detect a network’s configuration. For example, if it detects that two network interfaces are configured and teamed on the client and server, SMB can make use of all available bandwidth.
•
SMB encryption. SMB encryption allows for encryption without the need for (IPsec. You can configure SMB encryption per share or at the server level. Previous versions of SMB clients cannot connect to encrypted shares or servers.
•
VSS for SMB file shares. Volume Shadow Copy Services (VSS) is enhanced to allow snapshots at the share level. Remote file shares act as a provider and integrate with a backup infrastructure.
•
SQL Server over SMB. You can store Microsoft SQL Server databases on SMB 3.0 shares, which could allow for infrastructure consolidation.
NFS
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-27
Network file system (NFS) is a file-sharing solution that uses the NFS protocol, and which enables you to transfer files between computers that are running Windows Server 2012 and other non-Windows computers.
Windows Server 2012 includes an updated NFS stack, which enables it to provide transparent failover to NFS clients by using continuously available NFS shares. You can use NFS as storage for VMware virtual machines. However, NFS is not an option for Hyper-V storage.
Deploying Storage in VMM Storage Array Settings After you have added a storage array, you can choose how your SAN will allocate and provision new storage. The following logical unit allocation and deployment methods are for VMM: •
Snapshots. With this method, the SAN creates a writable snapshot of an existing logical unit. This is the fastest deployment method with the least storage cost.
•
Cloning. With this method, the SAN creates an independent copy of an existent logical unit. This is a slower method, and the new unit is equal in size to the one that has been cloned.
Note: Each method must be supported by the storage array, and may require a license from the storage vendor. To configure the allocation method for a storage array, complete the following procedure: 1.
Launch the VMM console, and then click the Fabric workspace.
2.
In the Fabric navigation pane, click and expand Storage, and then click Arrays.
3.
Right-click the storage array you want to update, and in the storage array Properties dialog box, click Settings. You can then click either Use snapshots or Clone logical units. Only the supported storage method will be made available.
Provisioning Storage Logical Units
You can create and manage storage logical units within the VMM console. To create a new storage logical unit, use the following procedure: 1.
Launch the VMM console, and then click the Fabric workspace.
2.
On the ribbon, click Create Logical Unit.
3.
Click the storage pool drop-down list box, and then click an available storage pool.
4.
Confirm there is enough capacity, enter a name and optionally a description, type the size in gigabytes, or click to use the arrows to select a size, and then click OK.
5.
To view the new logical unit, click Classifications and Pools.
MCT USE ONLY. STUDENT USE PROHIBITED
8-28 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
If you allocate a storage pool to a host group, you can also create and assign logical units directly from managed Hyper-V hosts in the host group.
Demonstration: Deploying Block Storage in VMM In this demonstration you will see how to: •
Add a storage provider.
•
Deploy block storage.
Demonstration Steps Add an iSCSI storage provider 1.
On LON-VMM1, add a storage provider, and select SAN and NAS devices discovered and managed by a SMI-S provider.
2.
Click the Protocol drop-down list box, and then click SMI-S WMI.
3.
In the Provider IP address or FQDN: text box, type lon-ss1.adatum.com, and then click Browse.
4.
Create a Run As account with the following settings: o
Name: StorageAdmin
o
User name: Adatum\Administrator
o
Password: Pa$$w0rd
o
Confirm password: Pa$$w0rd
5.
Use the StorageAdmin Run As account to create classifications, one named Gold with a description of 15K SAS Drives, and another named Silver with a description of 7K SATA Drives.
6.
Select the iSCSITarget: LON-SS1:C, check box, and from the Classification drop-down list box, click Silver.
7.
Select the iSCSITarget: LON-SS1:E check box. From the Classification drop-down list box, click Gold, and then click Next.
8.
On the Summary page, click Finish.
9.
Close the Jobs window.
Deploy Block Storage • In the Fabric workspace, create a Logical Unit using iSCSITarget: LON-SS1:E named LON-APP1_C. Set the size to 20 GB.
Managing Storage in VMM Managing Host Storage VMM is aware of the storage that is attached to Hyper-V hosts. When VMM makes virtual machine placement calculations, it can calculate the amount of free storage on the associated host disks. Note: Updating the Hosts When you add storage to a virtualization host, VMM will not discover it until you refresh the host. To work with newly added storage immediately, you can perform a manual refresh on the virtualization host.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-29
To see and work with host storage, right-click a host, and then from the Properties dialog box, click Storage. In the Storage area, you will see areas for each disk subsystem type. If they are present, you can expand, review, or configure them.
Managing Storage Arrays
Through the VMM console, you can discover, classify, and provision remote storage on supported storage arrays. VMM fully automates storage assignment to a Hyper-V host or Hyper-V host cluster, and then tracks any storage that it manages. To enable new storage features, VMM uses the new Storage Management Service feature to communicate with external arrays through a SMI-S provider.
By default, the Storage Management Service installs during the VMM installation. To manage storage, you must install a supported SMI-S provider on an available server, and then add the provider to VMM.
Storage Overview Display
To display the storage overview, in the Fabric workspace, click Storage, and then on the ribbon, click Overview. As your virtual data center grows, the overview displays what the data center is provisioning, and what resources continue to remain available. You must complete the following steps to discover, classify, and assign storage through VMM: 1.
For a supported storage array, obtain a Storage Management Initiative Specification (SMI-S) storage provider from your storage array vendor, and then install the SMI-S storage provider on an available server as instructed by your storage vendor.
2.
From the VMM console, in the storage node, connect to the SMI-S storage provider to discover and classify the storage. Connect to the provider by using either the IPv4 address or the fully qualified domain name (FQDN).
3.
Classify storage. Classifying storage entails assigning a meaningful classification to storage pools. For example, you may assign a classification of GOLD to a storage pool that resides on the fastest, most redundant storage array. This enables you to assign and use storage-based classification without actually knowing its hardware characteristics.
4.
Create logical units. In the storage node, you optionally can create logical units from a managed storage pool.
5.
From either the VMM console storage node or the target host group’s Properties dialog box, allocate either precreated logical units or storage pools to specific host groups. If you allocate storage pools, you can create and assign logical units directly from managed hosts in the host group that can access
MCT USE ONLY. STUDENT USE PROHIBITED
8-30 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
the storage array. Additionally, if you use rapid provisioning to provision virtual machines by using SAN snapshots or cloning, VMM can create logical units from the storage pool automatically. 6.
In the Virtual Machine Manager console, from either the host or host cluster Properties dialog box, assign logical units from the host group to specific Hyper-V hosts or to Hyper-V host clusters, as shared CSV or available storage. If you allocated a storage pool to a host group, you can create and optionally assign logical units directly from a host or host cluster’s Properties dialog box. If the storage array supports iSCSI host connectivity, you can create iSCSI sessions to the storage array from a host’s Properties dialog box.
For a list of Supported Storage Arrays, go to: Configuring Storage in VMM http://go.microsoft.com/fwlink/?LinkID=285283
Assigning Storage to Host Groups
You can assign storage pools to host groups, and using host groups you can define logical groups of physical computing resources. These groups can help VMM and administrators determine placement for deploying new virtual workloads. For example, you could create some host groups and assign storage pools with classifications as shown in the following table. Host group name
Storage classification
Storage type
Host server CPU
Tier 1
Platinum
SSDs
3.6 gigahertz (GHz)
Tier 2
Gold
Serial Attached SCSI 15,000 rotations per minute (RPM)
3.0 GHz
Tier 3
Silver
Serial Attached SCSI 10,000 RPM
2.4 GHz
Tier 4
Bronze
Serial ATA (SATA) 7,200 RPM
2.0 GHz
To add storage to a host group, you must perform the following steps: 1.
Right-click the host group, and then click Properties.
2.
Click Storage, and then either click Allocate Storage Pools, or click Allocate Logical Units.
3.
Add storage as required.
Note: The iSCSI Target SMI-S Provider for Windows Server is located at either of the following locations: •
The System Center Virtual Machine Manager 2012 Service Pack 1 (SP1) Installation CD in path:\amd64\Setup\msi\iSCSITargetSMISProvider.msi
•
The VMM server at %systemdrive%\Program Files\Microsoft System Center 2012\Virtual Machine Manager\setup\msi\iSCSITargetProv\iSCSITargetSMISProvider.msi
Demonstration: Deploying and Managing Storage in VMM In this demonstration, you will see how to: •
Use VMM to review and configure storage for virtualization hosts.
•
Add classifications to storage.
•
Add storage providers.
Demonstration Steps Add file storage to VMM 1. On LON-VMM1, in the Virtual Machine Manager console, add a storage device provider.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-31
2.
On the Select Provider Type page, click Windows-based file server, and then click Next.
3.
In the Provider IP address or FQDN text box, type lon-svr1.adatum.com, and then click Browse.
4.
On the Select a Run As account page, click Administrator, and then click OK.
5.
Complete the wizard, accepting the default settings. Click Finish, and then close the Jobs window.
Create file shares from within the Virtual Machine Manager console 1.
On LON-VMM1, click Fabric, and on the ribbon, click Create File Share.
2.
On the Create File Share page, in the Name text box, type SVR1, click the Classification drop-down list box, and then click Gold. In the Local path text box, type c:\SVR1_Gold, and then click Create.
Assign storage to the host server 1. On LON-VMM1, click Fabric, click All Hosts, click lon-host1.adatum.com, and then on the ribbon, click Properties. 2.
Click Host Access, and then click Browse.
3.
Click StorageAdmin, and then click OK twice.
4.
On the lon-host1.adatum.com Properties page, click Storage.
5.
On the Storage page, click Add, and then click Add File Share. Click the File share path drop-down list box, click \\lon-svr1.adatum.com, and then click OK.
Allocate storage to a host group 1.
On LON-VMM1, click Fabric, and then click Storage.
2.
On the ribbon, click Allocate Capacity, and then click Allocate Storage Pools.
3.
In the Available storage pools section, click iSCSITarget LON-SS1:E:, click Add, click OK, and then click Close.
Lab B: Managing Infrastructure Storage Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
8-32 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
One of the reasons that A. Datum Corporation decided to use VMM as its virtualization management solution was that administrators also could use VMM to manage many of the other components that a virtualized environment requires. To manage the virtual environment efficiently, administrators need this ability to manage components such as storage devices and the network infrastructure, from within VMM.
Objectives After completing this lab, you will be able to Implement a storage infrastructure.
Lab Setup Estimated Time: 25 Minutes Virtual Machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-VMM1, 20409B-LON-SVR1, 20409B-LON-SS1 User Name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin, you must complete the following steps: 1.
On the host computer, start Hyper-V Manager.
2.
Verify that the following virtual machines are still running. If they are not, perform steps 3 through 6. o
20409B-LON-DC1
o
20409B-LON-VMM1
o
20409B-LON-SS1
o
20409B-LON-SVR1
3.
In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start. Wait 30 seconds.
4.
Click 20409B-LON-VMM1, in the Actions pane, click Start, and then click Connect. Wait until the virtual machine starts.
5.
Sign in by using the following credentials:
6.
o
User name: Administrator
o
Password: Pa$$w0rd
o
Domain: Adatum
Repeat steps 3 and 4 for 20409B-LON-SS1 and 20409B-LON-SVR1.
Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines at the end of this lab.
Exercise 1: Implementing a Storage Infrastructure Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-33
As part of the A. Datum Corporation United Kingdom proof-of-concept deployment, you will be testing virtual machine storage using Window Server iSCSI storage and Windows Server file shares. You will also review how to add and classify storage, and then deploy and allocate storage. The main tasks for this exercise are as follows: 1.
Install the SMI-S storage provider.
2.
Deploy block storage.
3.
Add file storage to VMM.
4.
Assign and allocate storage.
Task 1: Install the SMI-S storage provider 1.
On LON-VMM1, in the Virtual Machine Manager console, on the ribbon, click PowerShell.
2.
Wait until the Windows PowerShell prompt opens, and then type the following Windows PowerShell command: $Cred = Get-Credential
3.
In the Windows PowerShell credential request dialog box, in the User name text box, type adatum\administrator, in the Password text box, type Pa$$w0rd, and then click OK.
4.
In the Windows PowerShell window, type the following Windows PowerShell script:
$Runas = New-SCRunAsAccount –Name “iSCSIRunas” –Credential $Cred Add-SCStorageProvider -Name "Microsoft iSCSI Target Provider" -RunAsAccount $Runas ComputerName "LON-SS1.adatum.com" –AddSmisWmiProvider
Task 2: Deploy block storage 1.
On LON-VMM1, in the Virtual Machine Manager console, click Fabric, right-click Storage, and then click Add Storage Devices.
2.
On the Select Provider Type page, click SAN and NAS devices discovered and managed by a SMI-S provider, and then click Next.
3.
In the Protocol drop-down list box, click SMI-S WMI. In the Provider IP address or FQDN text box, type lon-ss1.adatum.com, and then click Browse.
4.
On the Select a Run As account page, click iSCSIRunas, and then click OK.
5.
On the Specify Discovery Scope page, click Next.
6.
On the Gather Information page, review the discovery result, and then click Next.
7.
On the Select Storage Devices page, click Create Classification, and in the Name text box, type Gold. In the Description text box, type 15K SAS Drives, and then click Add.
8.
Click Create Classification, and in the Name text box, type Silver. In the description text box, type 7K SATA Drives, and then click Add.
9.
Select the iSCSITarget: LON-SS1:C check box, and then in the Classification drop-down list box, click Silver.
10. Select the iSCSITarget: LON-SS1:E: check box, in the Classification drop-down list box, click Gold, and then click Next.
11. On the Summary page, click Finish, and wait for the job to finish. 12. Close the Jobs window. 13. On LON-VMM1, in the Virtual Machine Manager console, click Fabric. 14. In the Fabric navigation pane, click Storage, and on the ribbon, click Create Logical Unit.
MCT USE ONLY. STUDENT USE PROHIBITED
8-34 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
15. Click the storage pool drop-down list box, and then click iSCSITarget: LON-SS1:E. In the Name text box, type LON-APP1_C, in the Size (GB) text box, clear the existing value, type 20, and then click OK. 16. In the Fabric navigation pane, click Classifications and Pools. Verify that you can now see the new LUN listed.
Task 3: Add file storage to VMM 1.
On LON-VMM1, in the Virtual Machine Manager console, click Fabric, right-click Storage, and then click Add Storage Devices.
2.
On the Select Provider Type page, click Windows-based file server, and then click Next.
3.
In the Provider IP address or FQDN: field, type lon-svr1.adatum.com, and then click Browse.
4.
On the Select a Run As account page, click Create Run As Account.
5.
In the Name box, type Administrator. In the User name box, type Adatum\Administrator, in the Password and Confirm password boxes, type Pa$$w0rd, and then click OK.
6.
In the Select a Run As Account box, click Administrator, and then click OK.
7.
On the Specify Discovery Scope page, click Next.
8.
On the Gather Information page, review the discovery result, and then click Next.
9.
On the Select Storage Devices page, click Next.
10. On the Summary page, click Finish. 11. Close the Jobs window. 12. On LON-VMM1, click Fabric, and on the ribbon, click Create File Share. 13. Create a file share using the following information: o
Name: SVR1
o
Classification: Gold
o
Path: C:\
Task 4: Assign and allocate storage 1.
On LON-VMM1, click Fabric, click All Hosts, click lon-host1.adatum.com, and then, on the ribbon, click Properties.
2.
Click Host Access, and then click Browse.
3.
Click Administrator, and then click OK.
4.
Click OK again to accept the changes.
5.
Click lon-host1.adatum.com, and then, on the ribbon, click Properties.
6.
Click Storage, on the Storage page, click Add, and then click Add File Share.
7.
In the File share path drop-down list box, click \\lon-svr1.adatum.com\SVR1_Gold, and then click OK.
8.
On LON-VMM1, from the Fabric workspace, allocate the iSCSITarget LON-SS1:E storage pool.
9.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-35
In the Virtual Machine Manager console, create a new virtual machine using the following details: o
Name: LON-APP1
o
Disk: blank virtual hard disk
o
VM Network: Adatum North
o
VM Subnet: Adatum Finance
10. Deploy the new virtual machine to lon-host1.adatum.com using the virtual machine path C:\Program Files\Microsoft Learning\20409\Drives. (Note: this path may differ on your host.) 11. Confirm that the Create Virtual Machine job completes successfully. 12. Close the Jobs windows. 13. On LON-VMM1, click VMs and Services, click All Hosts, right-click LON-APP1, and then click Migrate Virtual Machine.
14. In the Migrate VM Wizard, on the Select Host page, ensure that lon-host1.adatum.com is selected, and then click Next. 15. On the Select Path page, in the Storage location for VM configuration text box, type \\lon-svr1.adatum.com\SVR1_Gold, click Automatically place all VHDs with the configuration, and then click Next. 16. On the Select Network page, leave the defaults, click Next, and then click Move. 17. Check the job status. 18. Close the Jobs Wwindow.
Results: After completing this exercise, you should have implemented a storage infrastructure.
Lesson 3
Managing Infrastructure Updates As is the case with physically deployed servers and software, if you do not apply software updates to virtual machines and the applications they host, you make your virtually and physically deployed computers more vulnerable to being exploited by attackers inside and outside of your organization. After completing this lesson, students will be able to manage infrastructure updates in Virtual Machine Manager.
Lesson Objectives After completing this lesson, you will be able to: •
Describe infrastructure updates.
•
Explain how to configure an infrastructure update in VMM.
•
Plan an update baseline.
•
Describe the considerations for updating a server.
•
Explain how to manage infrastructure updates.
•
Implement infrastructure updates.
What Are Infrastructure Updates? Microsoft provides a number of solutions for deploying software updates and scanning computers for compliance. However, some network clients (such as cluster-based server nodes or other highly available server roles) typically present complexities that can make it difficult and time-consuming to maintain a standard update management process. VMM integrates with Windows Server Update Services (WSUS) to provide on-demand compliance scanning and remediation of servers that comprise an infrastructure. These servers include Hyper V hosts, library servers, Pre-Boot Execution Environment (PXE) servers, and the VMM management server.
MCT USE ONLY. STUDENT USE PROHIBITED
8-36 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
Integrating WSUS with VMM also provides you with the ability to perform orchestrated updates of Hyper-V host clusters. When you remediate a host cluster, VMM places one cluster node at a time in maintenance mode, and then installs the approved updates. For clusters that support live migration, intelligent placement moves virtual machines off the cluster node that you are updating. If a cluster does not support live migration, VMM saves the state of the virtual machines before updating the cluster node. Note: You must have Windows Server 2008 R2 or Windows Server 2012 installed on a Hyper-V cluster node for live migration support.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-37
You can use the Update Server role in VMM to manage more complex update tasks for servers in your private cloud infrastructure. These servers include: •
Hyper-V hosts
•
Hyper-V clusters
•
Virtual Machine Manager library servers
•
PXE servers
•
VMM management servers
•
Infrastructure servers
To determine compliance status, the System Center 2012 VMM update compliance function allows you to scan computers managed through VMM against a baseline of approved updates. For any servers that are noncompliant, you can perform update remediation tasks to install missing updates and restart servers, if necessary. You also can use the VMM update compliance functionality to deploy the VMM agent to a non-VMM server, and then use that server in the process of evaluating compliance with baselines.
Configuring Update Management in VMM To configure update management within your VMM environment, use the following process: 1.
Use VMM to manage updates by first enabling update management. You do this either by adding an existing WSUS server to VMM, or by installing a dedicated WSUS server, and then adding the new Update Server to VMM.
2.
Configure and manage update baselines, which specify the set of updates for deployment to a host group, a stand-alone host, a host cluster, or a VMM server.
3.
After you add an Update Server, you can perform the following tasks from within the VMM console: o
Perform on-demand synchronization of WSUS with Windows Update.
o
Configure proxy server name and port settings, which are required for connecting to the Internet for WSUS synchronizations.
o
Specify update classifications to synchronize.
o
Specify products to synchronize.
o
Specify supported languages to synchronize.
4.
After you assign an update baseline, start a scan to determine compliance status. During a compliance scan, WSUS checks each update in the assigned update baseline to determine whether the update is applicable, and if so, whether it is installed on the target server. The target server then reports a compliance status for each update.
5.
Perform an update remediation to bring a managed server or Hyper-V host cluster into compliance. You can choose to remediate all update baselines assigned to a computer, all noncompliant updates in a specific update baseline, or a single update, as necessary.
6.
MCT USE ONLY. STUDENT USE PROHIBITED
8-38 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
Specify which update exemptions will prevent a specific update from being installed on a server. The computer will remain accountable for the assigned baseline, even if you exempt a specific update from being installed.
Planning an Update Baseline After you add a WSUS server to VMM to perform the Update Server role, your next step is to determine which updates you should install on each server within the private cloud infrastructure. VMM adds the updates that you select to an update baseline, against which each server scans. VMM then remediates any server that does not meet the baseline, and installs the missing updates immediately.
After you determine which updates are required for your VMM infrastructure servers, you then need to create a list for VMM to use as a baseline from which to scan against and remediate. VMM uses the update baseline as the list, and you can add or remove updates as necessary.
What Is an Update Baseline? When you synchronize with WSUS, all updates from a specific product and category will display within the VMM console. To specify only the updates necessary for your requirements, you create an update baseline. An update baseline is a set of required updates that are assigned to a scope of infrastructure servers within the private cloud. You can assign an update baseline to the following: •
All hosts within all host groups
•
Specific host groups
•
A specific stand-alone server within a host group
•
A specific host cluster within a host group
•
Library servers
•
PXE servers
•
VMM server
•
Update Server
Planning for Update Baselines You should consider the following factors carefully when you are planning update baselines: •
If you assign a baseline to a host group, any host or host cluster within that group will be assigned to that baseline. If you move a host to a new host group, WSUS removes the original baseline, and the host will inherit the baseline associated with the new host group.
•
If you assign a baseline specifically to a stand-alone host or host cluster, the baseline will stay with the object when it moves from one host group to another.
•
When you first add the Update Server, two built-in update baselines are provided. The Sample Baseline for Critical Updates contains all of the critical updates that synchronize initially, and the Sample Baseline for Security Updates contains all of the security updates that synchronize initially.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-39
If you plan to use these built-in update baselines, you will need to maintain the updates as you perform subsequent synchronization tasks. You also need to assign computers to the baseline before you are able to use the baseline for compliance scanning and remediation.
You can create a new update baseline that contains the updates that you require, in addition to those that you assign to the servers for which you want to maintain update compliance.
Update Server Considerations When you integrate WSUS into the VMM infrastructure you should consider the following factors carefully: •
If you are using a dedicated WSUS server, consider limiting the languages, products, and classifications to only those that are required by the servers that comprise the VMM infrastructure.
•
If you are using a WSUS server that is shared with a System Center 2012 R2 Configuration Manager environment:
•
o
You should make WSUS configuration changes only by using Configuration Manager.
o
You should note that for the VMM environment, the synchronization schedule is always on demand.
o
You should create a collection in Configuration Manager of all of the servers for which VMM will manage updates. Exclude this collection from any software update deployments that Configuration Manager deploys.
If you add the WSUS server to VMM, ensure that you clear the Allow Update Server configuration changes check box. You configure this in the VMM console, in the Update Server Properties dialog box.
Managing Infrastructure Updates You can manage the update compliance of any servers that are included in the scope of an update baseline. You can create multiple update baselines and create update exceptions for an individual server, or for multiple servers. Delegated administrators can scan and remediate server compliance, but only the VMM administrator can synchronize VMM with WSUS. The following steps outline the process for managing the infrastructure updates in VMM.
Scanning for Compliance You can scan a server or group of servers for compliance using the VMM console as follows:
MCT USE ONLY. STUDENT USE PROHIBITED
8-40 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
1.
In the VMM console, click the Fabric workspace. On the ribbon, click Compliance, and then in the Fabric pane, click Servers.
2.
In the Managed Computers section, review the compliance status and operational status.
3.
To start a compliance scan, click the server to scan, and then on the ribbon, click Scan. Optionally, you can hold down the Shift key, select multiple servers, and then from the ribbon, click Scan. The Operational status will change to Scanning. When the scan completes, the Compliance status will be updated. Note: If the Scan button is grayed out on the ribbon, then no baseline has been assigned.
Remediating Servers You can remediate servers as follows: 1.
In the VMM console, click the Fabric workspace. On the Fabric navigation pane, click Servers.
2.
Click and select the server or servers for remediation, and then on the ribbon, click Remediate.
3.
On the Update Remediation page, click to select the update baseline or individual updates. Choose if you want servers to restart automatically, and then click Remediation.
Creating Update Exceptions To create update exceptions, use the following procedure: 1.
In the VMM console, click the Fabric workspace. On the Fabric navigation pane, click Servers.
2.
Click and select the server or servers for exception, and then on the ribbon, click Compliance Properties.
3.
On the Compliance Properties page, click Create. Select the updates to exclude, and then click OK.
When remediating Hyper-V clusters, the nodes will be put into maintenance mode and if possible, virtual machines will be live migrated until the upgrade is complete. How to Perform Rolling Updates on a Hyper-V Host Cluster in VMM http://go.microsoft.com/fwlink/?LinkID=386733
Demonstration: Implementing Infrastructure Updates In this demonstration, you will see how to: •
Integrate WSUS and VMM.
•
Create an update baseline.
Demonstration Steps Integrate WSUS and VMM 1.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-41
On LON-VMM1, in the Virtual Machine Manager console, from the Fabric workspace, expand the Infrastructure node, and then add an Update Server with the following configuration: o
Computer name: LON-WSUS
o
TCP/IP port: 8530
o
User name: Adatum\Administrator
o
Password: Pa$$w0rd
2.
In the Jobs window, select the Add Update Server job. On the Summary and Details tabs, monitor the status of the configuration job.
3.
When the job displays as Completed w/info, close the Jobs window.
Create a Baseline 1.
In the Virtual Machine Manager console, click the Library workspace.
2.
Expand the Update Catalog and Baselines node, and then create a Baseline using the Update Baseline Wizard.
3.
On the General page, in the Name field, type Windows Server 2012 (Demo Baseline), and then click Next.
4.
On the Updates page, click Add.
5.
In the Add Update to Baseline dialog box, create a new baseline called Windows Server 2012. Click the first update, on your keyboard press and hold down the Ctrl and Shift keys, and then press the down arrow key. This will select all the filtered updates, and then click Add.
6.
On the Assignment Scope page, select all of the check boxes, and then click Next.
7.
On the Summary page, review the details, and then click Finish.
8.
When the job displays as Completed, close the Jobs window.
9.
Confirm that the new baseline is available.
Lab C: Infrastructure Updates Management Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
8-42 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
One of the reasons that A. Datum Corporation decided to use VMM as its virtualization management solution was that administrators then could use VMM to manage many of the other components that a virtualized environment requires. In addition, the virtualization management solution should provide a way to apply updates to the Hyper-V servers.
Objectives After completing this lab, you will be able to: •
Manage infrastructure updates.
Lab Setup Estimated Time: 25 minutes Virtual Machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-VMM1, 20409B-LON-SVR1, 20409B-LON-WSUS, 20409B-LON-SS1 User Name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin, you must complete the following steps: 1.
On the host computer, start Hyper-V Manager.
2.
Verify that the following virtual machines are still running. If they are not, perform steps 3 to 6. o
20409B-LON-DC1
o
20409B-LON-VMM1
o
20409B-LON-SS1
o
20409B-LON-SVR1
o
20409B-LON-WSUS
3.
In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start. Wait 30 seconds.
4.
Click 20409B-LON-VMM1, in the Actions pane, click Start, and then click Connect. Wait until the virtual machine starts.
5.
Sign in by using the following credentials:
6.
o
User name: Administrator
o
Password: Pa$$w0rd
o
Domain: Adatum
Repeat steps 3 through 4 for 20409B-LON-SS1, 20409B-LON-SVR1, and 20409B-LON-WSUS.
Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines at the end of this lab. However, you can shut down all virtual machines after finishing this lab.
Exercise 1: Managing Infrastructure Updates Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-43
In this exercise, you will add an Update Server to the VMM infrastructure. You will configure the Update Baseline, scan for update compliance in VMM, configure update exemption, and verify how to update WSUS settings in VMM. The main tasks for this exercise are as follows: 1.
Integrate Windows Server Update Services (WSUS) with VMM.
2.
Perform a manual synchronization with WSUS from VMM.
3.
Create the update baseline in VMM.
4.
Assign an existing baseline in VMM.
5.
Scan for update compliance in VMM.
Task 1: Integrate Windows Server Update Services (WSUS) with VMM 1.
In the Virtual Machine Manager console, click the Fabric workspace.
2.
In the navigation pane, expand the Servers node, expand the Infrastructure node, and then click Update Server.
3.
Add an Update Server with the following configuration: o
Computer name: LON-WSUS
o
TCP/IP port: 8530
o
User name: Adatum\Administrator
o
Password: Pa$$w0rd
4.
In the Jobs window, select the Add Update Server job.
5.
Using the Summary and Details tabs, monitor the status of the configuration job.
6.
When the job displays as Completed w/info, close the Jobs window.
Task 2: Perform a manual synchronization with WSUS from VMM 1.
In the Virtual Machine Manager console, click the Fabric workspace.
2.
In the navigation pane, expand the Servers node, expand Infrastructure, and then click Update Server.
3.
Click Synchronize to synchronize VMM with the WSUS server.
4.
In the Jobs window, select the Synchronize Update Server job.
5.
On the Summary and Details tabs, monitor the status of the configuration job.
6.
When the job displays an error message, close the Jobs window.
Note: An error is expected because there is no Internet connection. However, this will not affect the rest of the lab exercise.
Task 3: Create the update baseline in VMM
MCT USE ONLY. STUDENT USE PROHIBITED
8-44 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
1.
In the Virtual Machine Manager console, click the Library workspace.
2.
In the navigation pane, expand the Update Catalog and Baselines node, and then click Update Baselines.
3.
Create a Baseline with the name LON Base1 that includes all updates, and assign it to All Hosts and LON-VMM1.Adatum.com.
4.
In the Jobs window, select the Change properties of a baseline job.
5.
On the Summary and Details tabs, monitor the status of the configuration job.
6.
When the job displays as Completed, close the Jobs window.
7.
With the Update Baselines node selected, verify that LON Base1 displays in the Baselines pane with Assignments set to 2.
Task 4: Assign an existing baseline in VMM 1.
In the Virtual Machine Manager console, click the Library workspace.
2.
In the navigation pane, expand the Update Catalog and Baselines node, and then click Update Baselines.
3.
Open the Properties for LON Base1, and assign LON-WSUS.Adatum.com to it.
4.
Click the Jobs workspace.
5.
Click History, and then select the Change properties of a baseline job.
6.
On the Summary and Details tabs, monitor the status of the configuration job.
7.
When the job displays as Completed, switch back to the Library workspace.
8.
With the Update Baselines node selected, verify that LON Base1 displays in the Baselines pane with Assignments set to 3.
Task 5: Scan for update compliance in VMM 1.
In the Virtual Machine Manager console, click the Fabric workspace.
2.
In the navigation pane, click the Servers node, and then click Compliance.
3.
Select LON-WSUS.Adatum.com, and then click Scan.
4.
In the Results pane, verify that the Compliance Status lists as Compliant.
Results: After completing this exercise, you should have added and configured an Update Server to manage infrastructure updates.
Module Review and Takeaways Review Questions Question: You have been assigned the responsibility for selecting a storage solution for the Hyper-V virtualization deployment. You are considering several Fibre Channel and iSCSI SANs. What do you need to consider for compatibility with VMM? Question: Which storage types does VMM allows you to integrate with and configure automation for? Question: Before you can configure a virtual machine network, what other network should you configure? Question: You have been advised that a potential compatibility issue exists between a Windows operating system security update and the antivirus software that you are using to protect your Hyper-V hosts. What could you do in VMM to prevent this issue from affecting your Hyper-V hosts?
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
8-45
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED 9-1
Module 9
Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager Contents: Module Overview
9-1
Lesson 1: Virtual Machine Management Tasks in VMM
9-2
Lesson 2: Creating, Cloning, and Converting Virtual Machines
9-13
Lesson 3: Overview of Virtual Machine Updating
9-22
Lab: Creating and Managing Virtual Machines by Using System Center 2012 R2 Virtual Machine Manager
9-26
Module Review and Takeaways
9-29
Module Overview
One of the main tasks that administrators can perform with Microsoft System Center 2012 R2 Virtual Machine Manager (VMM) is creating and deploying virtual machines and placing them on physical hosts. You can also use VMM to manage existing virtual machines. This module explains how administrators can use VMM to deploy a new virtual machine in various ways. For example, you can create a virtual machine from the beginning, or by using a stored virtual machine from the VMM library. You can also use VMM to manage virtual disks that virtual machines use, and to create and manage virtual machine checkpoints for restoring virtual machines to specific points in time. This module will describe management tasks on virtual machines, disks, and checkpoints that you can perform in the VMM console. This module also explains how you can use VMM to convert a physical machine to a virtual machine, and how to convert a virtual machine that you built with another platform to a virtual machine that you host in Hyper-V on Windows Server 2012. You will also learn how to clone existing virtual machines to build new ones. Lastly, this module explains how to use VMM to update virtual machines, and how to use the Virtual Machine Servicing Tool for older VMM versions. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.
Objectives After completing this module, you will be able to: •
Explain virtual machine management tasks in VMM.
•
Explain how to create, clone, and convert virtual machines.
•
Describe methods and tools for updating virtual machines.
Lesson 1
Virtual Machine Management Tasks in VMM
MCT USE ONLY. STUDENT USE PROHIBITED
9-2 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
VMM provides the VMM console that is built on Windows PowerShell. This console is a central utility for managing virtual machines, and you can use it to perform various tasks, such as starting and stopping virtual machines, and modifying their properties. You can perform many tasks in VMM that you typically would perform on virtual machines through Hyper-V Manager. However, with VMM, you can manage virtual machines that reside on several different hosts. Because Hyper-V Manager is built on Windows PowerShell, you can also use Windows PowerShell cmdlets to manage any VMM task that you would manage using the VMM console.
Lesson Objectives After completing this lesson, you will be able to: •
Describe actions for operating and managing virtual machines.
•
Operate virtual machines.
•
Describe virtual machine properties.
•
Describe virtual machine checkpoints.
•
Create and manage checkpoints.
Actions for Operating and Managing Virtual Machines You can use VMM to manage and operate every virtual machine on a host that the VMM server manages. On each virtual machine, you can perform various actions. You can perform some actions (such as pausing a virtual machine) only when the virtual machine is running. You can perform other actions (such as storing data in the VMM library) only when the virtual machines is shut down. You can also perform some actions (such as configuring network connections) irrespective of the virtual machine’s state. Windows PowerShell 3.0 has equivalent cmdlets for all of the functionality that you can perform through the VMM console.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
The following table lists actions that you can perform on virtual machines both from the VMM console ribbon, or using Windows PowerShell cmdlets. Ribbon option name Create
Description This option has a drop-down list box that you can use to create either a clone or a virtual machine template.
Windows PowerShell equivalent cmdlet New-SCVirtualMachine
Note: You will learn more about cloning and templates in a topic later in this module. Shut Down
Use this option to perform a proper shutdown of a virtual machine’s operating system. Using the Shut Down option is equivalent to performing a shutdown within the guest operating system. We recommend using this method to turn off your production environment virtual machines. This functionality requires that the guest operating system have Integration Services installed.
Power On
This option starts a virtual machine that is stopped, paused, or is in a saved state. When you start a virtual machine that is stopped or turned off, you are initiating an operating system boot, just like when you turn on a physical computer. When you start a virtual machine that is in paused or saved state mode, you resume the virtual machine to the state in which it was when you paused it.
Power Off
This option stops a virtual machine without saving any state information. This action has the same effect on the virtual machine as pulling out the power cord on a physical computer. If you stop a virtual machine in production, you risk losing data because it was not saved, or because of service interruption. In a production environment, you typically use this option only when you cannot perform a proper shutdown. In test environments, you can stop a virtual machine to save time when you are reverting to a checkpoint and data consistency is not an important requirement.
Stop-SCVirtualMachine
with the –Shutdown parameter
Start-SCVirtualMachine
Stop-SCVirtualMachine
with the -Force parameter
9-3
Ribbon option name
Description
Pause
This option stops virtual machine operations temporarily. It suspends execution of a virtual machine, and keeps all virtual machine state in memory. The services that the virtual machine provides become unavailable while the virtual machine is in a paused state. However, VMM retains all data in the virtual machine, including the memory’s contents. You can resume a paused virtual machine quickly, usually within one to two seconds. After you resume a paused virtual machine, all its services return to the states that they were in prior to the paused state. When you pause a virtual machine, the virtual machine does not release the resources that it is using. For example, if a virtual machine is allocated 1 gigabyte (GB) of memory, it will continue to use that memory even while paused. You can pause and resume a virtual machine in test environments to simulate network interruptions.
Resume
Use this option to remove the virtual machine from the Pause state. You can use this option only when a virtual machine is paused. When you use the Resume option, the virtual machine once again becomes fully available.
Reset
This is an immediate operation that acts like a Reset button on a physical machine. Using this option causes the virtual machine to reboot immediately. Similar to the Power Off option, we do not recommend using the Reset option because you risk losing data if it was not saved, or because of service interruption.
Save State
Use this option to suspend a virtual machine for an extended time. In this state, the contents of memory are written to disk into a .vsv file in the same directory as the virtual machine, for long-term storage. The services that the virtual machine provides are unavailable when the virtual machine is in a saved state. You can restart a saved virtual machine quickly. When you restore the virtual machine from the saved state, it returns to the condition that it was in when you saved its state. When a virtual machine is in a saved
Windows PowerShell equivalent cmdlet Suspend-SCVirtualMachine
Resume-SCVirtualMachine
Reset-SCVirtualMachine
Stop-SCVirtualMachine
with the -SaveState parameter.
MCT USE ONLY. STUDENT USE PROHIBITED
9-4 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Ribbon option name
Description
Windows PowerShell equivalent cmdlet
state, the virtual machine releases the resources that it is using. For example, a virtual machine that is allocated 1-GB of memory will release that memory for use by other virtual machines. Saving the state of a virtual machine in a test environment allows you to stop it temporarily and free resources for running another virtual machine. Discard Saved State
Migrate Storage
Use this option to delete the saved state of a virtual machine. When you do this, the .vsv file gets deleted. This is equivalent to stopping a virtual machine. Use this option to migrate a virtual machine’s .vhd files to a new location. When you use this option, the Migrate Virtual Machine Wizard opens.
Stop-SCVirtualMachine
with the –DiscardSavedState parameter Move-SCVirtualMachine
with the –Path parameter
Note: The Migrate Virtual Machine Wizard presents you with several options, which will be discussed more in-depth later in this module. Migrate Virtual Machine
Use this option to migrate a virtual machine between hosts. This is useful when you need to balance workloads between different hosts. This option also starts the Migrate Virtual Machine Wizard.
Store in Library
Use this option to add a virtual machine to a library. When you store a virtual machine in the library, you cannot start it directly. You must first deploy it from the library to a host.
Create Checkpoint
In Hyper-V in Windows Server 2008 and in Windows Server 2012, checkpoints were called snapshots. In Hyper-V in Windows Server 2012 R2, checkpoints have identical functionality to snapshots. When you use this option, you create an .avhd file that contains any subsequent changes, rather than storing them in the original .vhd file. When you revert a virtual machine to the state that it was in when you created the checkpoint, the system deletes the .avhd file. You can make up to 64 checkpoints per virtual machine. However, you should never checkpoint production systems. Failure to manage checkpoints properly can result in serious errors for all virtual machines on the same volume.
Move-SCVirtualMachine
Save-SCVirtualMachine
New-SCVMCheckpoint
9-5
Ribbon option name
Description
Manage Checkpoints
When you click this option, the Virtual Machine Properties dialog box displays in the Checkpoints workspace. From this dialog box, you can create new checkpoints, view the properties of the selected checkpoint, or delete, restore, or revert checkpoints.
Refresh
Use this option to refresh the content of the screen. The screen should periodically refresh as items change, but clicking this option refreshes the content immediately.
Repair
Select this option to open the Repair window, where you can restart a job that failed. You may revert a virtual machine to a previous state if it was checkpointed. (If the virtual machine was not checkpointed, this option will be grayed out.) You can also use the Ignore option, which simply refreshes the virtual machine without attempting to rerun the job. If any one of these actions fails, use the Repair-SCVirtualMachine Windows PowerShell command with the parameters Ignore and Force. This performs a deep cleanup of the virtual machine. The option to perform a deep cleanup is grayed out if a failure has not occurred.
Install Virtual Guest Services
In VMM, Hyper-V integration components and older virtual machine additions are collectively known as Virtual Guest Services. Virtual Guest Services improve virtual machine integration and performance by improving communications between the host and guest operating systems. For example, virtual guest services can add synthetic drivers, and synchronize time between the host and the virtual machines. You can deploy Virtual Guest Services depending on the system level of the host. Normally, this option is grayed out because Virtual Guest Services are part of virtual machine creation. Note: The Refresh, Repair, and Install Virtual Guest Services options appear as icons only (with no text name) on the ribbon. However, when you rightclick a virtual machine, the icons appear in the context menu with text.
Windows PowerShell equivalent cmdlet Set-SCVMCheckpoint
Read-SCVirtualMachine
Repair-SCVirtualMachine
Set-SCVirtualMachine
with the -InstallVirtualizationGuestServices $True parameter and value
MCT USE ONLY. STUDENT USE PROHIBITED
9-6 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Ribbon option name
Description
Connect or View
This option provides a drop-down list box with the following sub-options: Connect via Console, Connect via RDP, and View Networking. You can use the first two sub-options to remote to the virtual machine either through the VMM console’s Virtual Machine Viewer, or through the Remote Desktop Protocol (RDP), if it is enabled on the virtual machine. The View Networking sub-option provides a graphical representation of how the virtual machine is connected to the rest of the network environment. The ribbon contains multiple view options of the network environment, and check boxes to add or remove other virtual machines.
Delete
Use this option to delete the virtual machine permanently, including all files associated with the virtual machine. This option also removes the virtual machine either from the host on which it is deployed, or from the library server on which it is stored. Before this action completes, a confirmation pop-up window displays, asking you to confirm this option.
Properties
Use this option to view information about a virtual machine. If the virtual machine is not running, you can also use this option to make changes to the hardware environment and other select configurations, just as you would when using the Settings option in Hyper-V. Several workspaces in the console tree allow you to observe or make changes to these various configurable items.
Windows PowerShell equivalent cmdlet vmconnect.exe
Remove-SCVirtualMachine
There is no Windows PowerShell cmdlet equivalent for this option. However, you can use the Get-SCVirtualMachine cmdlet in a pipeline to retrieve a particular virtual machine’s information.
Demonstration: Operating Virtual Machines In this demonstration, you will see how to operate a virtual machine.
Demonstration Steps 1.
Sign in to LON-VMM1 as Adatum\Administrator with the password Pa$$w0rd.
2.
On the desktop, on the taskbar, click the VMM console button.
3.
On the Connect To page, click Connect.
4.
In the VMM console, in the lower left workspace, click VMs and Services.
5.
Click the 20409B–LON– SVR1 virtual machine.
9-7
Note: View the ribbon at the top of the console. Notice how this ribbon provides icons and text that enable you to manage a virtual machine. Notice how some of the icons on the ribbon are grayed out or dimmed. This is because this particular virtual machine is turned off, and therefore these functions will not work. 6.
On the ribbon, click Power On. Wait for the virtual machine to turn on, and then start up.
Note: View the various icons and their functionality, including the Power Off, Connect or View, Manage Checkpoints, Properties, and Delete icons. Explore the other icons as time permits. 7.
Shut down the virtual machine, and review the Create icon. Note: View the Home tab, and notice how you can create a new virtual machine with it.
Overview of Virtual Machine Properties Each virtual machine that VMM manages has a set of properties that determine the various attributes and configuration settings of the virtual machine. By editing these properties, you can modify the virtual machine’s hardware configuration, and define the virtual machine’s owner, cost, and other attributes and settings.
MCT USE ONLY. STUDENT USE PROHIBITED
9-8 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
You can access the virtual machine properties, in the VMM console, by clicking the Virtual Machine tab of the VMs and Services Workspace, and then clicking the Properties icon on the ribbon. Alternatively, you can right-click the virtual machine, and then click Properties. Nodes in the console tree represent various groups of settings, and contain the virtual machine properties. The virtual machine properties are present on the following pages: •
General. On the General page of the virtual machine properties, you can change the name of the virtual machine, define the cost-center property to track resources that the virtual machine allocates, and optionally define the virtual machine tag that you can use for filtering inside the Virtual Machine Manager Administrator Console. On the General page, you can also configure or modify the operating system that is installed inside the virtual machine, associate the virtual machine with a defined cloud, and view information about dates and times when the virtual machine was added, modified, or refreshed.
•
Status. On the Status page, you can view the status of your virtual machine. You can also view refresher and deployment information, whether there have been any errors, and if the machine is running or stopped. If there are errors, you have the option to copy them.
•
Hardware Configuration. On this page, you can configure hardware settings for virtual machines. You can configure most of the hardware components of a virtual machine only when the virtual machine is in the stopped state. However, you can modify the Network Adapter configuration when the virtual machine is running.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Hardware configuration is divided into several nodes, each of which has a set of the following configurable items: o
Cloud Compatibility Profile: You can select the VMware ESX Server, Hyper-V and/or Citrix XenServer profile.
o
General:
o
You can define the number of processors, and even allow migration to a virtual machine host with a different processor version.
You can also define the floppy drives, the COM port configuration, amount of random access memory (RAM), the Video Adapter, including the Microsoft RemoteFX 3D video adapter, and the maximum number of monitors.
Bus Configuration:
o
You can configure hard drives and CD/DVD drives, including integrated drive electronics (IDE) and small computer system interface (SCSI).
Network Adapters:
o
9-9
You can define network adapters and their configuration. There is a new option that you can use to connect to Fibre Channel ports in existing storage arrays via a Fibre Channel Adapter. You can therefore use your existing Fibre Channel infrastructure to support virtualized workloads. Support for Fibre Channel in Hyper-V virtual machines provides many features, such as virtual storage area networks (SAN), live migration, and Multipath IO (MPIO).
Advanced:
You can configure Integration Services to allow operating system shutdown, time synchronization, data exchange, heartbeat, and backup by using the Volume Shadow Copy Service (VSS).
You can use availability to configure a virtual machine as highly available. Note that this requires that you have host clustering configured.
You can use CPU Priority to control which virtual machines get first access to CPU resources when there is contention. A virtual machine with low priority will not be allocated as much processing power as a virtual machine with normal priority.
You can use virtual non-uniform memory access (NUMA), a memory-access optimization method that prevents memory-bandwidth bottlenecks in servers with multiple physical CPUs.
You can use memory weight to ensure that when memory usage on a host is high, virtual machines with a higher priority are allocated memory resources over those with a lower priority.
Note: You also can use these settings from hardware profiles that are precreated and stored in the Library. •
Checkpoints. Use the Checkpoints page to manage virtual machine checkpoints. You can create new checkpoints, remove existing checkpoints, or restore a virtual machine to a specific checkpoint state. (The next topic in this lesson details checkpoints.)
•
Custom Properties. Use the Custom Properties page in the Virtual Machine Properties to assign as many as 10 custom fields to a virtual machine. Use the custom fields to identify, track, and sort virtual machines by any property, including department, geographic area, or function.
MCT USE ONLY. STUDENT USE PROHIBITED
9-10 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
•
Settings. Use the Settings page to configure quota points for self-service. You can use the VMM selfservice feature to restrict the resource utilization of users by assigning a quota limit. VMM uses the quota points that you define for a virtual machine to calculate how much of the quota it can use when a user starts the virtual machine.
•
Actions. On the Actions page, you can choose to specify which actions to perform on the virtual machine when Hyper-V on the host starts and stops, which usually happens when rebooting the host machine. You can choose for the virtual machine to start with the host, or require it to start manually after the host is running. You also can choose what action the virtual machine will perform when the physical server shuts down, and whether to disable Performance and Resource Optimization (PRO) for the virtual machine.
Note: PRO has the ability to implement changes automatically, such as migrating virtual machines between hosts for load balancing. When you enable the option to Exclude virtual machine from optimization actions host-level for a virtual machine, any PRO actions that initiate automatically will not affect the virtual machine. PRO is available when you integrate VMM with System Center 2012 R2 Operations Manager. •
Servicing Windows. On the Servicing Windows page, you can manage servicing windows by applying them to the virtual machine. Servicing windows indicate when you can take down the virtual machine for servicing, such as for applying updates. You must first create servicing windows before you can assign them in the virtual machine’s Properties window.
•
Dependencies. On the Dependencies page, you will see the dependencies that are assigned to virtual machines. Dependencies are resources that are necessary for the virtual machine to operate. These resources can be as virtual hard disk drives, ISO files, and other items.
•
Validation Errors. The Validation Errors page lists errors that might occur in your configuration (for example, removing a dependency), which will make it impossible for the virtual machine to start.
•
Access. On the Access page, you can select self–service owners, if they exist, and share the self-service user roles.
•
Storage. On the Storage page, you can add and remove created disk and Fibre Channel array resources. Before doing this, you must first define those resources, or they will appear grayed out.
What Is a Virtual Machine Checkpoint?
By creating checkpoints for a virtual machine, you can restore the virtual machine to a previous point in time. You often use checkpoints in patch testing, so that you can restore a virtual machine if an update fails or adversely affects the virtual machine. Another typical use for checkpoints is to create a temporary backup before you update an operating system or an application, or make a configuration change on a virtual machine. In previous versions of Hyper-V, checkpoints were called snapshots. In System Center 2008 Virtual Machine Manager and newer Virtual Machine Manager versions, snapshots are called checkpoints. In Windows Server 2012 R2, Hyper-V also uses the term checkpoint.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
9-11
You learned in previous modules that virtual machines consist of files. When you create a checkpoint, those files are disconnected from the virtual machine, and are used as base disks for newly created delta disks (.avhd files). When you delete a checkpoint, this process is reversed. When you apply a checkpoint, the .vhd and .avhd files are merged. For virtual machines on Hyper-V and VMware ESX server hosts, a checkpoint also saves the hardware configuration information. For virtual machines on Hyper-V and VMware ESX server hosts, checkpoints also are useful in a test environment when you want to use multiple hardware configurations on a virtual machine.
You can create checkpoints by using the VMM console or by using the Windows PowerShell cmdlet NewSCVMCheckpoint. You can create checkpoints when the virtual machine is running or when it is stopped. You can export checkpoints together with the virtual machine, and move them to another host. Note: Be very careful when using checkpoints in a production environment. Reverting a client workstation or file server to a previous checkpoint will most likely not cause any problems. However, reverting a Microsoft SQL Server or a Microsoft Exchange Server to a previous checkpoint can cause problems that might be very hard, if not impossible, to resolve. Note: You can create checkpoints only for a virtual machine that is deployed on a virtual machine host. You cannot create checkpoints for a virtual machine that is stored in the Virtual Machine Manager library.
When you create a checkpoint for a virtual machine, Hyper-V and VMM perform the following steps: 1.
Pause the virtual machine.
2.
Create a new differencing disk for each virtual hard disk, and then configure the virtual machine to use the new differencing disk (or disks), using an .avhd or .avhdx extension.
3.
Create a copy of the virtual machine’s configuration file.
4.
Start the virtual machine.
These steps happen so quickly that it is nearly imperceptible that the virtual machine ever paused.
When the virtual machine is running, the contents of the virtual machine’s memory are saved to the disk. While this is happening, VMM monitors the memory activity of the virtual machine. If the guest operating system attempts to modify memory that has not been copied, VMM intercepts the changes until the original the memory contents are copied. After the original memory contents are copied, VMM applies all pending changes. After the checkpoint is complete, the virtual machine configuration file, virtual machine saved state files, and the snapshot differencing disks (.avhd’s) are stored in a folder under the checkpoint directory of the virtual machine. VMM then treats the checkpoint as a read-only “point-in-time” image of a virtual machine, while all writing operations go to the .avhd file. You can change virtual machine settings after applying a checkpoint. However, you cannot change the virtual machine settings of the checkpoint itself.
Checkpoints have different content, depending on the state of the virtual machine when VMM takes the checkpoint. For checkpoints that you create when the virtual machine is running, the checkpoint contains the state of the hard disks and the data in memory. On the Checkpoints page in the virtual machines properties, (or by going to the Manage Checkpoints icon on the ribbon), you can see that the checkpoint’s icon has a small, green triangle (known as the Play button). For checkpoints that you create when the virtual machine is stopped, the checkpoint contains the state of the hard disks only. On the Checkpoints page, for this type of checkpoint, the icon has a small, red square (known as the Stop button).
Note: In VMM, you can create a maximum of 64 checkpoints per virtual machine. Each time you create a checkpoint, it creates additional differencing disk files, which results in the use of additional disk space. Having multiple disks can reduce performance, because the running virtual machine reads data from the multiple files scattered on the physical disk. Additionally, an increase in disk space usage can increase the time it takes to migrate a virtual machine between hosts.
Demonstration: Creating and Managing Checkpoints In this demonstration, you will see how to create and manage checkpoints.
Demonstration Steps
MCT USE ONLY. STUDENT USE PROHIBITED
9-12 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
1.
Sign in to LON-VMM1 as Adatum\Administrator with the password Pa$$w0rd.
2.
Open the VMM console and go to the VMs and Services workspace.
3.
Start the 20409B– LON–SVR1 virtual machine.
4.
Using the ribbon, create a checkpoint, with the description Demonstration of a running system’s checkpoint.
5.
Click the 20409B– LON–SVR2 virtual machine, without starting it.
6.
Using the ribbon, create a checkpoint, with the description Demonstration of a stopped system’s checkpoint.
Note: On the ribbon’s Manage Checkpoints icon for each virtual machine, view the difference between the running and stopped checkpoints. Note that the running checkpoint has a green triangle and the stopped checkpoint has a red square. 7.
Close the VMM console and sign out of LON–VMM1.
Lesson 2
Creating, Cloning, and Converting Virtual Machines
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
9-13
When you add a Hyper-V host to VMM, any virtual machine on that host becomes manageable on VMM through the VMM console. However, there may be times when you wish to create a virtual machine, either from the beginning, or based on certain configurations and properties, such as by using templates, or by cloning existing virtual machines. When you have multiple physical hosts, you may find that some of these hosts have less performance power or are running more virtual machines than other physical hosts. Where you deploy virtual machines during their creation can cause your environment to have issues. Placement of virtual machines on the various physical hosts is an important aspect of the management of VMM. Intelligent placement guidelines will recommend the best host for initial placement of virtual machines. In addition to creating virtual machines, you can make a copy or clone of a virtual machine. You can also convert a physical computer into a Hyper-V virtual machine, even if that virtual machine was created in another virtualization platform.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the creation of virtual machines in VMM.
•
Describe virtual machine placement configuration in VMM.
•
Create and deploy a new virtual machine.
•
Describe virtual machine cloning.
•
Explain considerations for virtual machine cloning.
•
Perform virtual machine cloning.
•
Describe the conversion of a physical machine.
•
Describe the conversion of a virtual machine.
•
Describe virtual machine converter.
Creating Virtual Machines in VMM The advantage of using a virtualized environment that you manage by using VMM, is the flexibility that it provides you when creating and deploying new virtual machines quickly. By using VMM, you can manually create a new virtual machine with new configuration settings, and a new hard disk. You can then deploy the new virtual machine from one of the following sources: •
An existing .vhd or .vhdx file (blank or preconfigured)
•
A virtual machine template
•
A service template
MCT USE ONLY. STUDENT USE PROHIBITED
9-14 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
A virtual machine template is a library resource consisting of a guest operating system profile, a hardware profile, and one or more virtual hard disk (.vhd) files, which you can then use to create a new virtual machine.
Creating Virtual Machines
You can create new virtual machines either by converting an existing physical machine, cloning an existing virtual machine, or by utilizing a blank virtual disk or a preconfigured virtual disk that contains a Sysprepped operating system. VMM provides the following four blank .vhd and .vhdx templates that you can use to create new disks: •
.vhd Blank Disk-Small
•
.vhd Blank Disk-Large
•
.vhdx Blank Disk-Small
•
.vhdx Blank Disk-Large
You can also use a blank virtual hard disk when you want to use an operating system with a Pre-Boot Execution Environment (PXE). Alternatively, you can mount an .iso image on a virtual DVD-ROM, and then install an operating system on the empty drive. This is an effective way to build a virtual machine’s source image, which you can then use as a future template. To install the operating system on such a virtual machine, you can use an .iso image file from the library or from local disk, and then map a physical drive from the host machine, or initiate the guest operating system setup through a network service boot. You also can choose existing .vhd files when deploying any operating system from which VMM cannot create a template, such as an operating system that is not based on a Windows operating system. When you create a new virtual machine using an existing .vhd or .vhdx template, you are essentially creating a new virtual machine configuration that is associated with the file. VMM will create a copy of the source file so that you do not have to move or modify the original file. In this scenario, you must use Sysprep to prepare the operating system for duplication.
Deploying from a Template
When you deploy a virtual machine from a template, it creates a new virtual machine based on a template from the VMM library. The template is a library resource, which links to a virtual hard drive that has a generalized (Sysprepped) operating system, hardware settings, and guest operating system settings. You can use the guest operating system settings to configure operating system settings, such as computer name, local administrator password, and domain membership. You can also use guest operating system profiles to preconfigure the roles and features that you will deploy for Windows Server 2008 R2 and newer Windows Server operating systems. The deployment process does not affect the actual template, which you can reuse multiple times. The following requirements apply if you want to deploy a new virtual machine from a template: •
You must first install a supported operating system on the virtual hard disk used with the template.
•
For customized templates, you must prepare the operating system on the virtual hard disk by removing computer identity information. For Windows Server operating systems, you can prepare the virtual hard disk by using Sysprep.exe. For Linux operating systems, you can use non-Microsoft tools that will do the same task.
Deploying Virtual Machines to and from the VMM Library
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
9-15
During the virtual machine deployment process, when selecting your destination, you can deploy the virtual machine to a VMM library. Conversely, if you deploy a virtual machine from the VMM library, you remove the virtual machine from the library and deploy it on the selected host. When using this method, you must provide the following details in the Create Virtual Machine Wizard: •
The host for deployment. The Create Virtual Machine Wizard provides a list of potential hosts and their ratings.
•
The path of the virtual machine files on the host.
•
The virtual networks used for the virtual machine. You can see a list of existing virtual networks on the host, from which you can choose.
Configuring Virtual Machine Placement in VMM Virtual machine placement in VMM evaluates host capacity, and then suggests the most appropriate virtualization host for deployment. The most recent version of VMM extends this capability with more than 100 virtual machine placement checks, and adds support for custom placement rules.
When you deploy a new virtual machine or migrate an existing machine, the evaluation that occurs and the subsequent selection of the most suitable host for the virtual machine is known virtual machine placement (or placement). VMM automatically deploys a virtual machine on the most suitable host in a host group, and the most suitable volume on a host, based on the volume’s available space. This process is known as automatic placement, and it occurs in the following situations: •
When you click and drag a virtual machine onto a host or a host group in the Virtual Machines view.
•
When you create a new virtual machine either directly, or by using a clone or convert process.
•
When self-service users deploy virtual machines that they create by using the VMM Self-Service Portal.
During automatic placement, VMM moves the virtual machine files to the most suitable host for a host group, and to the most suitable volume on the selected host based on the volume’s available space. The host ratings appear as five stars that are either gray or yellow, indicating their favorability compared to other hosts. For example, a volume with five yellow stars indicates the highest rating, and a volume with zero yellow stars (five gray stars) indicates the lowest rating. Note: You must configure a default virtual machine path on the volume that VMM selects during automatic placement, or the virtual machine placement will fail.
You can also perform placement manually. In this scenario, during the virtual machine deployment process, you would manually select a host for the virtual machine. This method is helpful when you want to use some hosts only for performing maintenance tasks, such as creating and updating virtual machines. To ensure that VMM does not rate these hosts at zero yellow stars, when you deploy or migrate a virtual machine, you can remove the hosts from placement.
Intelligent Placement
MCT USE ONLY. STUDENT USE PROHIBITED
9-16 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
VMM includes an intelligent placement capability, through which it makes recommendations on where to run each virtual machine. You can use this feature to move a virtual machine dynamically from one host to another. For example, you might want to use this feature if host resources are overcommitted. The intelligent placement decisions depend on VMM’s knowledge of the virtual machine host, and its current load from running virtual machine guests. VMM receives that knowledge from performance data that the VMM agent collects on the virtual machine host. The VMM agent sends this data to the VMM server every nine minutes, and the VMM server then stores the data in the VMM database. Note: When choosing which virtual machine to move to another host, intelligent placement does not take into account applications that are running inside a virtual machine.
VMM–Managed Virtual Machine Placement
Placement rules that you define on a host group level help you to manage virtual machine placement on specific hosts that are inside a host group. In general, VMM always tries to recommend the most appropriate host for virtual machine placement by calculating host rating. However, by specifying custom placement rules, you can define your own rules for placement or placement blocking. When you deploy a virtual machine and select to deploy it to a host or private cloud, you can also configure the Expected Utilization settings, which can further refine host ratings based on anticipated resource utilization. With these settings, you can adjust the following attributes: •
CPU percentage expected utilization.
•
Disk, physical disk space, and expected disk I/O per second.
•
Network, expected utilization in megabits per second (Mbps).
Custom Placement Rules
Custom placement rules depend on host and virtual machine custom properties. On each host, you can define values for 10 predefined custom properties. You can also define your own new custom properties and their values. Similarly, you can define custom properties for each virtual machine.
By defining custom placement rules on a host group level, you can define a rule that uses a custom property as a condition for allowing or blocking virtual machine deployment on a host in that host group. For example, you can define a rule specifying that a specific custom property value must match on both the host and the virtual machine, or the virtual machine will be unable to deploy.
Demonstration: Creating and Deploying New Virtual Machines In this demonstration, you will see how to create a new virtual machine and then deploy it on a host.
Demonstration Steps 1.
Sign in to LON-VMM1 as Adatum\Administrator with the password Pa$$w0rd.
2.
Open the VMM console, and browse to the VMs and Services workspace.
3.
On the Home tab, click the Create Virtual Machine drop-down list box, and then click Create Virtual Machine. Note: In the Create Virtual Machine Wizard, observe all of the configurable options.
4.
Name the virtual machine Win2012test, with the description Test of create virtual machine functionality.
5.
Deploy the virtual machine on the LON-HOST2 host computer. Note: View how VMM rates the physical hosts.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
9-17
6.
At the end of the wizard, save the configuration in a Windows PowerShell script with the name CreateDemoVM.ps1.
7.
Once the virtual machine is created, in the console tree of the VMM console, click the LON-HOST2 host computer.
8.
Verify that the virtual machine Win2012test has been created and displays here.
9.
Close the VMM console, and sign out of LON-VMM1.
What Is Virtual Machine Cloning?
You can create a virtual machine by performing a cloning operation. During a cloning operation, you make an exact copy (or clone) of the existing virtual machine, and then either deploy it on a host, or store it in a library. Cloning is a process that you can use to create new virtual machines based on existing machines, and to create backups of existing virtual machines. When you clone an existing virtual machine, VMM creates a copy of its virtual hard disks and associated configuration files, and then stores it in a library or on a host. You may then deploy the existing virtual machine on a host, or store it in a library. During the cloning process, no modifications occur to the existing virtual machine. Note: VMM contains a new feature called Live Cloning. You can use Live Cloning to clone virtual machines without having to stop the original virtual machine. This can significantly reduce downtime while creating virtual machines.
When you are cloning a virtual machine, you use the New Virtual Machine wizard to specify the following settings: •
Virtual machine identity. You use this setting to specify a name for the virtual machine, but note that this name does not have to match the computer name of the clone. You must also specify an owner, who must have a domain account in Active Directory Domain Services (AD DS).
•
Configure Hardware. You use this setting to modify the hardware configuration of the clone. Here you also can select most of the hardware configurable options available to new virtual machines.
•
Select Destination. Use this setting to specify whether to store the clone on a host or on a library server.
•
Select Virtual Machine Host. Use this setting to view the rating system of VMM to find the most suitable host on which to deploy the virtual machine clone.
MCT USE ONLY. STUDENT USE PROHIBITED
9-18 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
•
Select Path. Here you can select the path of the folder on the host that will store the virtual machine files. You can also specify a library server here.
•
Additional Properties. Use this setting to select the behavior of the virtual machine when the host machine stops or starts.
•
Summary. Use this setting to review your configuration settings. You can also create a Windows PowerShell script of cmdlets for all of your configuration settings.
When you create a clone of a virtual machine, the operating system is not generalized. This means that you cannot have a cloned virtual machine running at the same time as the original virtual machine, unless you first change the virtual network to which it is connected. However, you may clone a virtual machine for use in a test environment. In addition, you may clone a virtual machine, use Sysprep.exe to generalize the virtual machine at a later time, and then use the virtual machine to deploy additional virtual machines.
Remember that a cloned virtual machine is identical to the virtual machine on which it is based. This includes its identity in the domain, its security identifier (SID), and even the media access control (MAC) address if it is assigned statically on the original virtual machine. This can cause identity problems in Active Directory products, in Domain Name System (DNS), and on the same network subnet.
Considerations for Virtual Machine Cloning When you clone virtual machines, keep in mind the following considerations and limitations: •
You cannot make changes to the operating system settings, but you can make changes to the hardware profile.
•
You can clone a virtual machine that is stored in the library, a virtual machine that is deployed already.
•
The cloned virtual machine has the same computer name (which is assigned to the guest operating system), as the source virtual machine. However, if you deploy the cloned virtual machine on the same host as the original virtual machine, VMM assigns it a different virtual machine name.
•
Consider running Sysprep on the cloned virtual machine to eliminate domain name and SID duplication of the original virtual machine.
•
When you clone a virtual machine, its virtual hard disks and all of its configuration files are copied. Because VMM does not verify whether you have enough disk space for these files, prior to cloning you should ensure that you do. Because virtual hard disks and configuration files can get quite large, be aware of their size before you begin.
•
Some virtual machines can have elaborate hardware configurations. If you are cloning these types of virtual machines, be aware of their hardware configuration requirements.
•
If you are using VMM, you can now clone a virtual machine that is running. However, all previous versions of VMM (including System Center 2012 - VMM and System Center 2012 SP1 VMM) will require that you stop the original virtual machine prior to cloning.
Demonstration: Performing Virtual Machine Cloning In this demonstration, you will see how to clone a virtual machine.
Demonstration Steps
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
9-19
1.
Sign in to LON-VMM1 as Adatum\Administrator with the password Pa$$w0rd.
2.
Open the VMM console, browse to the VMs and Services workspace, and then click LON-HOST1.
3.
Create a clone of virtual machine 20409B-LON-SVR2, with the description Clone of the LON-SVR2 virtual machine.
4.
Use the defaults for all remaining pages in the Create Virtual Machine Wizard, but notice the various configurable options.
Note: VMM takes several minutes to create the cloned virtual machine. During this time, a Jobs window will open. Discuss steps that an administrator would take to ensure the cloned virtual machine was unique before starting. 5.
When the job completes, return to the VMs and Services workspace, and then click LON-HOST2. Note that now a virtual machine named 20409B-LON-SVR2 displays. This is the clone.
6.
Delete the cloned virtual machine.
7.
Close the VMM console, and sign out of LON-VMM1.
Converting a Physical Machine VMM no longer supports conversions of operating systems running on physical hardware to operating systems running with virtual machines (otherwise known as P2V conversions). You can use other products outside of System Center 2012 R2 for this purpose: •
You can use the free Sysinternals Disk2vhd tool, which can make an online copy by using the Volume Snapshot feature in Windows Server operating systems.
Note: The version number of this software will change over time. Disk2vhd http://go.microsoft.com/fwlink/?LinkID=285293 •
You can use other non-Microsoft tools, and backup and mirroring technologies to migrate P2V. Some of these technologies are created specifically for this purpose, while others may not be designed with this in mind. Many backup technologies offer a bare-metal recovery agent or tool, which fully restore a server to non-identical hardware, including a virtual machine.
•
MCT USE ONLY. STUDENT USE PROHIBITED
9-20 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
For those with large data centers that still have older physical machines that require P2V conversion, it is possible to create a virtualized environment with System Center 2012 with Service Pack 1 (SP1) VMM. This environment will require an AD DS infrastructure and SQL Server, both of which can also be virtualized. Microsoft has provided a blog posting on their TechNet website referencing this procedure. How to perform a P2V in a SCVMM 2012 R2 environment http://go.microsoft.com/fwlink/?LinkID=386736
What Is the Microsoft Virtual Machine Converter Solution Accelerator?
The Microsoft Virtual Machine Converter Solution Accelerator is a free, stand-alone solution for converting virtual machines and virtual disks that are VMware-based to virtual machines and virtual hard disks that are Hyper-V-based. This includes conversion from VMware to Hyper-V on Windows Server 2012. Because Microsoft Virtual Machine Converter Solution Accelerator has a fully scriptable command-line interface, it integrates particularly well with data center automation workflows such as those authored and run within System Center 2012 R2 Orchestrator. Microsoft Virtual Machine Converter Solution Accelerator is supported by Microsoft, easy to install, and you can also use it through Windows PowerShell. Microsoft Virtual Machine Converter Solution Accelerator simplifies low-cost, point-and-click migration of certain guest operating systems from VMware to Hyper-V. These guest operating systems are: •
Windows 7
•
Windows Vista
•
Windows Server 2008 R2
•
Windows Server 2008
•
Windows Server 2003 R2 with Service Pack 2 (SP2)
•
Windows Server 2003 with SP2 The Microsoft Virtual Machine Converter http://go.microsoft.com/fwlink/?LinkID=386737
Benefits of Microsoft Virtual Machine Converter Solution Accelerator
The Microsoft Virtual Machine Converter Solution Accelerator converts virtual machines that are VMwarehosted. It transfers the entire configuration (including memory and virtual processor) from the initial source, while adding virtual network interface cards (NICs) to the deployed virtual machine on Hyper-V. You can perform a clean migration to Hyper-V by uninstalling the VMware tools on the source virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
The Microsoft Virtual Machine Converter Solution Accelerator has a wizard-driven GUI. It also has a fully scriptable command-line interface that you can use in Windows PowerShell. The Microsoft Virtual Machine Converter Solution Accelerator also integrates with Orchestrator workflows. It supports the conversion of virtual machines from VMware vSphere 4.1 and VMware vSphere 5.0 hosts to Hyper-V. This includes virtual machines that are hosted on a vSphere cluster. Note: The Microsoft Virtual Machine Converter Solution Accelerator supports conversion of virtual machines from VMware vSphere 4.0, if vCenter 4.1 or vCenter 5.0 are managing the host. To convert virtual machines on vSphere 4.0, you must connect to vCenter 4.1 or vCenter 5.0 through the Microsoft Virtual Machine Converter Solution Accelerator.
9-21
Lesson 3
Overview of Virtual Machine Updating
MCT USE ONLY. STUDENT USE PROHIBITED
9-22 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
Keeping virtual machines up-to-date is as important as keeping physical hosts current. In many scenarios, you can update virtual machines by using the same technologies as you would for physical hosts, such as System Center 2012 R2 Configuration Manager or Windows Server Update Service (WSUS). However, in some scenarios, you turn off your virtual machines for extended periods, such as when they are stored in the VMM library. During these times, you cannot update these machines using regular methods. In some cases, you can use Virtual Machine Servicing Tool 2012 to keep your offline virtual machines current with the latest updates and patches. Note: Virtual Machine Servicing Tool 2012 works with System Center 2012 – Virtual Machine Manager, but has not yet been provisioned for System Center 2012 SP1 Virtual Machine Manager or System Center 2012 R2 Virtual Machine Manager.
Lesson Objectives After completing this lesson, you will be able to: •
Describe methods for maintaining software updates.
•
Explain how to prepare virtual machines.
Methods for Maintaining Software Updates When physical servers and virtual machines are running, you can use various methods and software to provide them with operating system and application updates. Based on an organization’s size, available resources, needs, and complexity, you can choose between several methods and technologies for this purpose.
WSUS The most common way to keep computers up-to-date is to use WSUS. The most recent version is WSUS 3.0 SP2. This version is a role in the following operating systems: •
Windows Server 2008
•
Windows Server 2008 R2
•
Windows Server 2012
•
Windows Server 2012 R2
You install WSUS through Server Manager. For earlier versions of Windows Server, you must download WSUS and install it separately. Many organizations choose WSUS as their update management solution, because it is free, and it is easy to use and manage. WSUS also supports many Windows operating systems and Microsoft applications. WSUS is a free product that is helpful in providing IT environments with an efficient and centralized update infrastructure. The main purpose of WSUS is that IT administrators can use it to deploy the latest
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
9-23
Microsoft product updates to computers running Windows operating systems. Administrators can also use WSUS to manage the distribution of Microsoft Update releases to computers on their network. The WSUS infrastructure consists of three components: •
WSUS server
•
WSUS Administration console
•
Automatic Update client
Administrators can use the WSUS server component to manage and distribute updates through the WSUS 3.0 Administrator console. You can install this console on any Windows computer in a domain. Additionally, a WSUS server can be the update source for other WSUS servers within the organization. At least one WSUS server in the network must connect to Microsoft Update to get available update information. The administrator can determine, based on network security and configuration, whether other servers should connect directly to Microsoft Update. Note: Automatic Updates enables both server and client computers to receive updates from Microsoft Update or from a WSUS server.
Configuration Manager
For more complex and demanding environments in which you need to use a single software solution to update and deploy client and server computers, you can use System Center 2012 Configuration Manager. Configuration Manager provides a comprehensive solution for change and configuration management for the Microsoft platform. You can use Configuration Manager to perform tasks such as: •
Deploying operating systems.
•
Deploying software applications.
•
Deploying software updates, including custom updates.
•
Metering software usage.
•
Assessing variations from desired configurations.
•
Taking hardware and software inventory.
•
Administering computers remotely.
Configuration Manager collects information in a SQL Server database, in which queries and reports consolidate information throughout the organization. Configuration Manager can manage a wide range of Windows operating systems, including client platforms, server platforms, and mobile devices.
Software update deployments in Configuration Manager are helpful in deploying software updates to Configuration Manager client computers, and for distributing compatible software updates. You can use the Deploy Software Updates Wizard in Configuration Manager to create or modify a software update deployment, which deploys software updates to clients in the target collection. You can initiate the Deploy Software Updates Wizard in different ways, and select the software updates from several different locations. When you create or modify a software update deployment, clients receive the deployment policy on their next machine policy cycle, and the updates are available for installation any time after the configured start time. The Configuration Manager solution is much more complex than the use of WSUS. Configuration Manager requires thorough planning before you can deploy to sites, and use its numerous features. Configuration Manager has the potential to affect every computer in an organization. However, if you deploy and manage Configuration Manager with careful planning and consideration of your business needs, it can reduce administrative overhead and total ownership cost.
Overview of Virtual Machine Preparation Virtual Machine Servicing Tool 2012 works with fully functional virtual machines that are capable of running as soon as you deploy them from the library, or stop them on a virtualization host. For each virtual machine, ensure that you: •
Enable the DHCP client service.
•
Install VMM Virtual Guest Services.
•
Enable Windows Firewall, with the following exceptions:
•
o
File and Printer Sharing
o
Windows Management Instrumentation (WMI)
o
Remote Administration
o
Incoming Echo Request for Internet Control Message Protocol (ICMP) v4 and v6
MCT USE ONLY. STUDENT USE PROHIBITED
9-24 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
Configure offline virtual machines to replace existing virtual or physical servers in case of failure. These offline virtual machines, sometimes referred to as hot spares, require extra preparation to update with the Virtual Machine Servicing Tool. Each hot spare virtual machine requires two network adapters: o
Configure network adapter 1 to use a dynamic IP address and a static MAC address, and connect this adapter to an isolated virtual local area network (VLAN). The servicing job uses this adapter. Verify that the physical server that corresponds to the hot spare virtual machine cannot connect to this network.
o
Configure network adapter 2. The hot spare uses this adapter during its normal operation as a replacement server.
Best Practice: To be compatible with DHCP, virtual machines must use static MAC addresses.
You must ensure that the host is registering a heartbeat signal for the virtual machine. If the heartbeat signal is not functioning, and if Windows PowerShell cannot detect the virtual machine, verify that the local computer name of the virtual machine matches the virtual machine’s fully qualified domain name (FQDN).
When you create a servicing job to update a hot spare virtual machine, make sure that the servicing job uses the isolated VLAN.
Preparing Virtual Machines for Configuration Manager Updates If you use Configuration Manager to manage updates:
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
9-25
•
Ensure that the software update point has downloaded the updates.
•
Ensure that the updates are packaged for deployment.
•
Create deployments for the updates that include the deployment deadline. To specify that the updates should be installed as soon as possible, (which is the next time that the virtual machines contact the Configuration Manager database), set the deadline to the shortest possible interval, so that the deadline has passed by the time the servicing jobs begin to run.
•
The Configuration Manager deployment also must identify the virtual machine collections to which the updates apply.
Preparing Virtual Machines for WSUS Updates If you are using WSUS to manage updates, ensure that: •
Each virtual machine has a WSUS client agent installed.
•
Each virtual machine is subject to a domain Group Policy Object (GPO) that identifies the WSUS server as the intranet update service location.
Lab: Creating and Managing Virtual Machines by Using System Center 2012 R2 Virtual Machine Manager Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
9-26 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
A. Datum Corporation has implemented a Hyper-V virtualization platform in all four subsidiaries, and has deployed System Center 2012 R2 VMM. They have also added servers, and networking and storage devices to the VMM infrastructure, configured the VMM library, and created the required library objects. VMM has discovered all existing virtual machines on the virtualization hosts, and now administrators want to manage them by using the VMM console. They also want to create new virtual machines by using virtual machine templates in the VMM library. Several servers are still running on physical hardware. A. Datum plans to use VMM to convert those servers to virtual machines.
Objectives After completing this lab, you will be able to: •
Use VMM to create a virtual machine, and then modify its properties.
•
Use VMM to clone a virtual machine.
Lab Setup Estimated Time: 30 minutes Virtual machines: 20409B-LON-HOST1, 20409B-LON-DC1, 20409B-LON-VMM1 User name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin, you must complete the following steps: 1.
On the host computer, start Hyper-V Manager.
2.
In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start. Wait 30 seconds.
3.
Click 20409B-LON-VMM1, and then in the Actions pane, click Start, then click Connect. Wait until the virtual machine starts.
4.
Sign in by using the following credentials: o
User name: Administrator
o
Password: Pa$$w0rd
o
Domain: Adatum
Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines. However, you can shut down all virtual machines after finishing this lab.
Exercise 1: Creating a Virtual Machine and Modifying Its Properties Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
9-27
In this exercise, you will deploy a virtual machine based on the virtual machine template created in the previous lab. You will also view and modify virtual machine properties, and create and apply checkpoints. The main task for this exercise is as follows: 1.
Create a new virtual machine with the VMM console in Microsoft System Center 2012 R2 Virtual Machine Manager.
Task 1: Create a new virtual machine with the VMM console in Microsoft System Center 2012 R2 Virtual Machine Manager 1.
On LON-VMM1, open the Virtual Machine Manager Console.
2.
In the Virtual Machine Manager Console, browse to the VMs and Services workspace.
3.
Click the Home tab, click the Create Virtual Machine drop-down list box, and then click Create Virtual Machine.
4.
In the Create Virtual Machine Wizard, name the virtual machine Win2012Lab9, with the description Lab 9 exercise, create virtual machine.
5.
Modify Network Adapter1 to be on the External Network.
6.
Put the virtual machine on the lon-host2.adatum.com host computer. Use the path E:\Program Files\Microsoft Learning\20409\. (Note that the actual drive letter of the path may differ on your host machine.)
7.
At the end of the wizard, save the configuration in a Windows PowerShell script with the name CreateWin2012Lab9.ps1. Accept the defaults on all other pages.
8.
When the virtual machine is created, in the console tree, click LON-HOST2. This will show that the Win2012Lab9 virtual machine has been created.
9.
Close the Virtual Machine Manager console.
Results: After completing this exercise, you should have created a virtual machine and modified its properties.
Exercise 2: Cloning a virtual machine Scenario
In this exercise, you will use VMM to clone a virtual machine. Because of classroom restrictions, you will use the existing virtual machine as a physical machine. When conversion starts, you will continue with the next task. The main tasks for this exercise are as follows: 1.
Clone a virtual machine.
2.
Use Sysprep on the clone of LON-SVR2.
Task 1: Clone a virtual machine 1.
On LON-VMM1, open the Virtual Machine Manager Console.
2.
Browse to the VMs and Services workspace, and then click LON-HOST1.
MCT USE ONLY. STUDENT USE PROHIBITED
9-28 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
3.
Create a clone of virtual machine 20409B-LON-SVR2, with the description Clone of the LON-SVR2 virtual machine.
4.
Put the new machine on lon-host2.adatum.com. Use the path E:\Program Files\Microsoft Learning\20409\. (Note the actual drive letter may differ on your host machine.)
5.
After about 10 minutes, the cloned virtual machine will be created.
6.
Verify that the virtual machine was created by confirming that in LON-HOST2, the 20409B-LON-SVR2 virtual machine displays. This is the cloned virtual machine.
Task 2: Use Sysprep on the clone of LON-SVR2 1.
In the VMs and Services console tree, expand All Hosts, expand LocalGroup, and then click LON-HOST2.
2.
Power on and connect to the cloned 20409B-LON-SVR2 virtual machine.
3.
Sign in as Adatum\Administrator with the password Pa$$w0rd.
4.
Open a Command Prompt window as Administrator, and run C:\Windows\System32\Sysprep\Syprep.exe with the generalize switch.
5.
After the cloned virtual machine restarts, continue with the steps below.
6.
In the Virtual Machine Viewer window, click the File drop-down list box, and then click Exit.
7.
In the Virtual Machine Manager Console, return to the VMs and Services workspace, and then click LON-HOST2.
8.
Click 20409B-LON-SVR2 virtual machine, power it off, and then delete it.
9.
Close the Virtual Machine Manager Console.
Results: After completing this exercise, you should have cloned a virtual machine.
Module Review and Takeaways Common Issues and Troubleshooting Tips Common Issue
Troubleshooting Tip
You cannot deploy a virtual machine to a host.
You do not receive expected results from the host rating.
You cannot perform a virtual-to-virtual machine conversion.
Tools •
Microsoft Assessment and Planning Toolkit 8.5. Provides reports regarding virtualization candidates. Found in: Microsoft Download Center
•
9-29
WSUS. Provides an efficient and centralized update infrastructure, and deploys the latest Microsoft product updates to computers running Windows Server and Windows client operating systems. Found in: Server Manager Role
•
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
Virtual Machine Servicing Tool 2012. Use it to service: o
Offline virtual machines in a VMM library.
o
Stopped and saved state virtual machines on a host.
o
Virtual machine templates.
o
Offline virtual hard disks in a VMM library, by injecting update packages.
Found in: Microsoft Download Center
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED 10-1
Module 10 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects Contents: Module Overview
10-1
Lesson 1: Overview of the Virtual Machine Manager Library
10-2
Lesson 2: Working with Profiles and Templates
10-9
Lab: Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
10-23
Module Review and Takeaways
10-27
Module Overview
One of the main components of Microsoft System Center 2012 R2 Virtual Machine Manager (VMM) is the Virtual Machine Manager library. The Virtual Machine Manager library is a resource catalog that you can use to build virtual machines. The Virtual Machine Manager library contains templates, operating system profiles, files that library shares store, and hardware profiles that the Virtual Machine Manager database stores. The Virtual Machine Manager library catalogs all resources that you use when creating new virtual machines. Therefore, some organizations might find that it is important for the library to be highly available. You also store templates and profiles in the Virtual Machine Manager library. You use virtual machine templates to create new virtual machines and configure tiers in a service template. VMM profiles contain configuration settings that you can apply to a new virtual machine template or virtual machine. You can create, view, and modify profiles and templates in the Virtual Machine Manager library.
In this module, you will learn how to manage the Virtual Machine Manager library and library resources and how to make the library highly available. You will also learn about the various templates and profiles that are available to deploy virtual machines with specific features. Note: Various System Center 2012 versions are available. For this course, the stand-alone acronym VMM is a reference to the Microsoft System Center 2012 R2 Virtual Machine Manager version.
Objectives After completing this module, you will be able to: •
Describe the Virtual Machine Manager library and library resources.
•
Manage hardware profiles and virtual machine templates.
Lesson 1
Overview of the Virtual Machine Manager Library
MCT USE ONLY. STUDENT USE PROHIBITED
10-2 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
The Virtual Machine Manager library is a catalog that provides access to file-based resources necessary for building virtual machines. These file-based resources can be System Preparation Tool (Sysprep) scripts, .iso images, and virtual hard disks that your library servers store. From the Virtual Machine Manager library, you also can manage virtual machine templates, guest operating system profiles, and hardware profiles that reside in the Virtual Machine Manager database. You also can store virtual machines in the Virtual Machine Manager library when you are not using them. One of the key benefits of VMM is the use of Virtual Machine Manager libraries to simplify the creation of virtual machines. You can use the Virtual Machine Manager library to centralize all necessary resources in one location. By doing this, when you create a virtual machine, the preconfigured components are immediately available to you. This makes it easier and faster to create virtual machines compared with creating them manually each time.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the Virtual Machine Manager library.
•
Describe the Virtual Machine Manager library resources.
•
Describe the association of the library server and host groups.
•
Explain how to work with the Virtual Machine Manager library.
•
Describe high availability options for the Virtual Machine Manager library.
What Is the Virtual Machine Manager Library?
The Virtual Machine Manager library is a catalog of resources that you can use to store objects that are not running or are not associated with a host. You can then use those resources repeatedly for building new virtual machines. The library contains files that are stored on library shares, templates for services and virtual machines, application profiles, capability profiles, guest operating systems, hardware, physical computers, and Microsoft SQL Server. These are all stored on the Virtual Machine Manager database. There are only two places where an object can reside and be managed in VMM: the object either can be registered to a host or stored in the Virtual Machine Manager library. The Virtual Machine Manager library server hosts the library. When you install VMM, the VMM server is configured as a default library server. The VMM server indexes files that are stored on library shares. You cannot remove or modify the default library server that is created during the installation process. However, you can add additional library servers if necessary.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
10-3
Each library server can have one or more library shares. A library share is a file share that contains the resources that you use to build virtual machines. You use the Add Library Share Wizard to map a library share to a VMM library. When you add a new library share, the Add Library Share Wizard does not create the share for you. Instead, you must create and configure a file share before adding it as a new library share. You can organize content in a library share by creating subfolders. This is similar to creating folders in a file share. However, the subfolders will not appear in the VMM console if they do not have any content.
You can copy resources such as virtual hard disks and .iso files to a file share by using File Explorer. When you add new files to a library share, they are not immediately available. The VMM server must refresh the content before it becomes available. Content refreshes (indexes) once per hour by default. One hour is the minimum setting possible, but you can trigger a refresh manually. During a Virtual Machine Manager library refresh, VMM indexes files that are stored on library shares and then updates the Library view and resource listings. Not all files are indexed, and not all indexed files display in the Library view. If any of the library resources are attached to a virtual machine, when VMM indexes the configuration file for that virtual machine, the resources display as part of the virtual machine rather than as individual components. You can create other resources from the VMM console, such as templates and profiles. These resources are metadata that exist only in the Virtual Machine Manager database, and not in the library share file system. However, they are visible in the Library view.
Enabling Data Deduplication
Data Deduplication is a new feature of Windows Server 2012 that uses variable chunking, which ranges in size from 32 kilobytes (KB) to 128 KB. Data Deduplication also uses compression of primary data to other storage areas from one disk to another. Data Deduplication is for industry standard hardware and does not need extensive server resources. You can run Data Deduplication on a small server with a single central processing unit (CPU), 4 gigabytes (GB) of RAM and a Serial ATA (SATA) drive. By placing the library share on a separate hard drive, you gain the ability to grow the drive to accommodate various library components. By turning on per volume Data Deduplication, you can realize significant space savings on moderately used libraries. For more information on Data Deduplication, refer to: Introduction to Data Deduplication in Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=386738 Question: What is the primary purpose of the Virtual Machine Manager library?
Virtual Machine Manager Library Resources A Virtual Machine Manager library contains the building blocks for creating new virtual machines. When you have the necessary resources available, you can deploy a new virtual machine in minutes. Without library resources, new virtual machine deployments will be much slower because you would have to recreate each virtual machine. The Virtual Machine Manager library can contain various resources that you can use to create new virtual machines.
Types of Library Resources The Virtual Machine Manager library component can store the following resources: •
File-based resources, which include: o
Answer files
o
Driver files
o
Virtual hard disks
o
Virtual floppy disks
o
.iso images
o
Windows PowerShell scripts
o
Microsoft SQL Server scripts
o
Microsoft Server Application Virtualization (Server App-V) packages
o
Microsoft Web Deployment Tool packages
o
SQL Server data-tier applications (DACs)
MCT USE ONLY. STUDENT USE PROHIBITED
10-4 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
You must add these files manually to the library shared folder if you want to use them in VMM. You can also add custom resources that enable you to store information that normally would not be indexed into the library for indexing purposes. Only those files associated with a particular Windows Server operating system version will be discovered. For example, if a library server is running Windows Server 2008 R2, it will only discover virtual hard disk files with the .vhd extension, but not .vhdx, which is the file extension that is used in Windows Server 2012. VMM includes support for using Offloaded Data Transfer .odx files that are stored in the library. •
Virtual machine templates and profiles. You can use these resources to create standardized virtual machines. The Virtual Machine Manager database stores these configurations, but they are not represented by physical configuration files. The types of available templates include service deployment configurations, service templates, and virtual machine templates. In addition to the hardware and guest operating system profiles available in earlier VMM versions, there are several new types of profiles that you can use for service creation. These include application profiles, capability profiles, physical computer profiles, and SQL Server profiles.
•
Equivalent objects. Equivalent objects are user-defined groupings of library resources that VMM considers equivalent to certain objects. VMM can substitute an equivalent object for a particular virtual disk on a particular library share when you create a service or a virtual machine. In this case, you can create templates and profiles that do not depend on particular physical resources, which
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
10-5
enables you to service resources without affecting the availability of the template or profile. When you deploy virtual machines and services, VMM only supports virtual disks, .iso files, and custom resources as equivalent objects. •
Cloud libraries. When you create private clouds, VMM adds a private cloud library to the cloud library’s name for that private cloud. Cloud libraries are made up of read-only library shares that are assigned to that private cloud, if the administrator specifies the library share.
•
Self-service user content. Application administrators or users who are assigned to the self-service user role can upload their own resources to the Virtual Machine Manager library. Resources include elements such as author templates, virtual hard disks, .iso files, application files, and scripts. Users then can use these elements when they create templates. If they have appropriate permissions, they can share these resources with other users in the same or a different application administrator role.
•
Orphaned resources. An orphaned resource is a Virtual Machine Manager library resource on a Virtual Machine Manager library server that has been removed. If you have templates that reference resources that were located in a library share that was removed from the VMM management server, they will appear here. You can view and then modify that template and point it to reference resources that are in existing libraries.
•
Update catalog and baselines. The update catalog stores Windows Server Update Services (WSUS) update baselines in the VMM libraries. You use the update catalog if you manage updates by using WSUS and VMM.
•
Stored virtual machines and services. You can view stored virtual machines in the Virtual Machine Manager library. However, the files for a virtual machine do not display in the library because you cannot use the files to create or configure new virtual machines.
Note: You also can store VMware virtual machines, hard disks, floppy disks, and .iso images in the Virtual Machine Manager library. The Virtual Machine Manager library recognizes the .vmtx extension for VMware templates. If you import a VMware template, the template appears under Templates, in the VM Templates node.
Library Server and Host Group Association A library server is a central repository, or storage area, of resources that you can use to create virtual machines. By storing these resources centrally, you can simplify the process of creating virtual machines. Additionally, you can provide security for the resources.
When you install VMM, the VMM server is configured as a default library server. Additionally, VMM creates a default library share during the installation process. You cannot remove or modify this library share, and the default library server might be the only library server you ever need. This typically is the case for small and medium-sized environments. However, you can add more library servers and library shares, depending on your current business needs and objectives, and scale out as your virtual environment grows.
MCT USE ONLY. STUDENT USE PROHIBITED
10-6 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
Each library server can have multiple library shares. To enhance performance and reduce network traffic during virtual machine creation, it is important to store the files that you use to create virtual machines near the hosts that you will use to stage virtual machine creation. You can associate library servers with specific host groups. For example, you might have a library server that you dedicate to the resources in a test lab environment. In this case, you will associate the library server with the host groups that contain the hosts for the lab environment. A library server should have fast network connectivity to the host group with which you associate it. A library server must meet the following requirements: •
The library server must have Windows Server 2008 R2 Service Pack 1 (SP1) and newer only. For highly available file servers, the failover cluster must have been created in Windows Server 2008 or Windows Server 2008 R2.
•
The library server must be in an Active Directory Domain Services (AD DS) domain that has a two-way trust relationship with the VMM server’s domain.
•
VMM does not support file servers that you configure with the case-sensitive option for Windows Services for UNIX in the network file system (NFS). Case sensitivity is set to the Ignore value in NFS.
The Virtual Machine Manager library server role does not have to run any other VMM role. It just needs to be a file server.
Host Groups
As you add more library servers, you can create host groups to help you organize library servers. VMM uses library groups in the same manner. As a best practice, align each library server with the host group that uses the resources on that library server. You use the Library group Properties dialog box to perform alignment by displaying the host groups’ tree in the Library group drop-down list box.
When you select an object such as a template, virtual hard disk, or virtual machine to create a new virtual machine, you can filter the objects by a specific host group name. Then, when you select a host on which to place the virtual machine, you can filter the available hosts by the aligned host group name.
For example, you might create 25 geographic regions and then assign a host group to each region. If you are creating a virtual machine for the Pacific Northwest region/host group, you will want to use library objects from the library server associated with that region. This helps prevent large file copy operations across long distances. To enable this, you would right-click the library file share and set the host group equal to Pacific Northwest. Now, when you launch the New Virtual Machine Wizard, you will see that when you select a library object with which to build a virtual machine, you can scope the objects by host group to ensure that you use the closest copy of the file that you need.
Demonstration: Working with the Virtual Machine Manager Library
In this demonstration, you will see how to add an additional library server to the VMM infrastructure, and how you can add resources to the library server.
Demonstration Steps 1.
Sign in to LON-VMM1 as Adatum\Administrator with a password of Pa$$w0rd.
2.
Start the Virtual Machine Manager console.
3.
Verify that LON-VMM1 is listed as a library server.
4.
On LON-HOST1, make a shared folder called Host1Library. Share the folder with the Everyone group, and assign Read access.
5.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
10-7
In the VMM console, add Lon-Host1 as a Library Server. In the Add Library Server Wizard, perform the following steps: a.
Sign in as ADATUM\Administrator with the password Pa$$w0rd.
b.
Add Lon-host1 as a library server.
c.
Add Host1Library and add the Default Resources.
6.
After the library server is created, under the Library Servers node, review the new library server nodes and child nodes.
7.
Observe the properties of the ApplicationFrameworks item Equivalent Resource.
8.
In Host1Library, add a new folder named ISOs.
9.
Observe that the ISOs folder does not show up in the Virtual Machine Manager console until a resource is added to it.
10. Close all open windows.
Considerations for Highly Available Library Servers
To make your Virtual Machine Manager library highly available, you can use two approaches. The simpler solution is to deploy multiple Virtual Machine Manager library servers with redundant content. By using that approach, if one server fails, you will still have library resources available on another server. However, this solution’s biggest drawback is the synchronization between two or more library servers. When you add a resource to one library server, you have to add it to other library servers manually. Alternatively, you can use a script with scheduled tasks to automate this process. Moreover, you use more disk storage for duplicated content. This approach is appropriate if you do not have significant library resources and these resources do not change frequently. Another approach is to use failover clustering technology from Windows Server 2008 or Windows Server 2012. You can use this approach to make a file server failover cluster that can provide high availability to Virtual Machine Manager library resources.
Cluster Configuration
You typically perform much of the procedure for creating the Virtual Machine Manager library cluster in the Failover Cluster Management Console. Before you begin installing VMM in a failover cluster, ensure the following: •
Add both nodes to a cluster and validate your configuration by using the Validation Wizard in the Failover Cluster Management Console. This will ensure that no compatibility issues arise during the cluster configuration.
•
Create a file server as a cluster service. During configuration, you should specify a client access point (CAP) name and IP address. You will use this access point to connect to a clustered file server. During this same procedure, you will configure the cluster disk that you will use as storage for the Virtual Machine Manager library.
MCT USE ONLY. STUDENT USE PROHIBITED
10-8 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
•
Add a shared folder to the cluster. After you configure a file server as a cluster service, you should add a shared folder to that service. You will use this folder as a library share that you will add to VMM. You must assign the shared folder name and define appropriate permissions for accessing the share. This share should be accessible only to Administrators (who should have full access), and by the VMM service account (with Read permission only). This step completes the Failover Clustering Management configuration.
•
Add a clustered library server. After you create the file server cluster, you should add a new Virtual Machine Manager library server to the VMM console. When you add a new library server, you should use the CAP name that you configured during the cluster configuration. Additionally, you will add a share that you created on the cluster service. The Validation Wizard will discover all of the nodes in the failover cluster and install a Virtual Machine Manager agent on each node. The highly available library server will appear as a single library server in Library view, with the node status available in the properties of the library server.
•
At the end, you can copy resources that you want to use in the library to a shared folder on the file server cluster.
When you plan or manage highly available Virtual Machine Manager library servers, you should consider the following: •
VMM does not support using a failover cluster that contains the VMM server as a highly available library server. Do not create highly available file shares for the Virtual Machine Manager library on the same cluster as a highly available VMM management server.
•
VMM does not provide a method for replicating physical files in the Virtual Machine Manager library or metadata for objects that are stored in the Virtual Machine Manager database. You must replicate physical files outside of VMM and transfer metadata by using scripts or other means. You can use the Robocopy file replication command-line tool to replicate Virtual Machine Manager library files. VMM does not support Distributed File System (DFS) namespaces, formerly known as DFS or DFS Replication.
•
In a failover cluster, when the associated file server resource goes offline, all shared folders in that resource go offline. This means that all shared folders will be affected.
•
VMM does not refresh cluster node membership after you add a highly available library server. If you add a node to the cluster after you add a highly available library server to VMM, you must add the node manually to the library server by using either the Add Library Server Wizard or the Windows PowerShell Add-LibraryServer cmdlet. The new node will not display in Library view until you add a library share to that node. To find out which nodes are in a highly available library server, view the library server properties or use the Windows PowerShell Discover-Cluster cmdlet.
•
To have high availability for the Virtual Machine Manager library server, you must provide high availability for the Virtual Machine Manager database, which is part of Virtual Machine Manager library. Because the Virtual Machine Manager database is based on SQL Server, you can use failover clustering to provide high availability.
•
You remove a highly available library server in the same way that you remove a stand-alone library server. However, removing the highly available file server only removes the cluster name, not the nodes. The nodes remain because they might support a different highly available file server.
Lesson 2
Working with Profiles and Templates
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
10-9
Virtual machine templates and associated profiles are important components of rapid virtual machine deployment. Virtual machine templates are a library resource that consists of hardware and guest operating system profiles. You can use them to provision new virtual machines quickly. Instead of configuring various virtual machine and operating system settings each time you deploy a new virtual machine, you can use preconfigured values from virtual machine templates and profiles. The various profiles are the Virtual Machine Manager library resources. System Center 2012 VMM adds several new profiles.
System Center 2012 VMM introduces the concept of services, which includes a new template type: the service template. The service template includes two new profiles: the application profile and the SQL Server profile. VMM also includes the physical computer profile, which you can use to model physical computers and the server roles with which you will deploy them. You can also create capability profiles in the library to limit the resources that are used by virtual machines that created for deployment in a private cloud. Capability profiles also are a new profile type in all System Center 2012 versions of VMM.
You can create virtual application packages by using Server App-V. This lesson focuses on managing these specific types of library resources.
Lesson Objectives After completing this lesson, you will be able to: •
Describe a hardware profile.
•
Describe a guest operating system profile.
•
Describe Server App-V.
•
Describe an application profile.
•
Describe a SQL Server profile.
•
Explain how to configure virtual machine templates.
•
Create and modify a virtual machine template.
•
Describe capability profiles and physical computer profiles.
•
Describe the purpose of service templates and service deployment configurations.
•
Explain how to plan for Virtual Machine Manager profiles and templates.
What Is a Hardware Profile? In VMM, a hardware profile is a library resource that contains hardware specifications that you can apply to a new virtual machine or a virtual machine template. A hardware profile can contain the following: •
Specifications for cloud compatibility
•
CPU
•
Memory
•
Network and Fibre Channel adapters
•
Floppy disk drive
•
Integrated device electronics (IDE)
•
SCSI and DVD drives
•
Communications (COM) ports
•
Memory weight
•
Virtual non-uniform memory access (NUMA)
•
The priority given to the virtual machine when allocating resources on a virtual machine host
MCT USE ONLY. STUDENT USE PROHIBITED
10-10 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
By using hardware profiles, you can ensure consistent hardware settings in virtual machines. You can update any existing hardware profile to modify settings for one or more virtual machine hardware components. After you make changes, any new virtual machines that you create by using that hardware profile will use the updated hardware configuration settings. Changes do not affect existing virtual machines that you created earlier by using this profile, nor do they affect settings on a template or virtual machine into which this profile was previously imported. VMM maintains no association with the hardware profile after you create a virtual machine or template.
You can create a hardware profile by using the new hardware profile action in Library view, or you can save a new hardware profile based on the hardware configuration of a virtual machine or a template. You also can create it while creating a new virtual machine or virtual machine template. You can create hardware profiles that import a standard hardware configuration into either a template or a virtual machine. The options are the same whether you update the hardware configuration of a virtual machine, a hardware profile, or a template. You manage hardware profiles in Library view.
By right-clicking the Hardware Profiles element in the Profiles node of the Library workspace console tree, you can create a hardware profile by using the new Hardware Profile Wizard. The wizard has two pages. On the General page, you can enter the name and description of the new hardware profile, and on the Hardware Profile page, you can select numerous elements to preconfigure the hardware aspects of a deployable virtual machine. Question: What is the main benefit of using hardware profiles in VMM?
What Is a Guest Operating System Profile? In a virtual environment, a guest operating system runs on a virtual machine and the host operating system runs on the physical host computer on which you deploy one or more virtual machines. In VMM, a guest operating system profile is a collection of operating system settings that you can import into a virtual machine template to provide a consistent operating system configuration for the virtual machines that you create from that template. To ensure standard settings for the operating systems on virtual machines, you create guest operating system profiles.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
10-11
Guest operating system profiles are Virtual Machine Manager database objects. They are not associated with any physical files. You configure guest operating system profiles in the Library workspace, and they display in the Profiles node. You also can view templates by selecting the Templates node in the Library workspace console tree.
You can create a guest operating system profile by using the New Guest OS Profile Wizard in the Library workspace, or you can specify guest operating system settings while you create a template. After you create a template, VMM does not maintain an association between the template and the guest operating system profile that was used with it. Any changes that you make to the guest operating system profile only affect new templates that you create after you make changes. The settings available to a guest operating system profile include the following: •
Operating System. Use this setting to specify the operating system of the virtual machine. VMM provides you with a drop-down list of 37 separate operating system editions, from Windows 2000 Server to Windows Server 2012 R2 Datacenter.
•
Identity Information. Use this setting to add the computer name. You can provide a pattern for the computer name here. For example, consider a scenario where you create a profile to deploy different virtual machines that run Server Core for Windows Server 2012. You could type W2012-Core## and then use this as a template where the first server would be named W2012-Core01, the second W2012-Core02, and so on. You can also let VMM assign a random name of numbers and letters by typing an asterisk in the Computer Name text box.
•
Admin Password. This setting offers you three choices. You can select No local administrator credential required, Provide the specific password of the local administrator account, or you can use the Run As account for the local administrator account.
•
Product Key. You can use this setting to specify the product key to use for the virtual machine. If you use a multiple activation key (MAK) take note of the number of virtual machines that you create with this key to avoid running out. If you use a Key Management Services (KMS) key or AD DS key server, ensure that you set up the infrastructure to support it.
•
Time Zone. This setting provides a drop-down list to select a specific time zone.
•
Roles. You can use this setting to select various server roles that are available in Windows Server 2008 R2 and newer operating systems. The roles are listed alphabetically, and the various role services that are available to that role are listed directly underneath and tabbed to the right.
•
Features. Like the Roles option above, you can select from the features that are available with Windows Server 2008 R2 and newer operating systems. If a feature has subordinate elements, these are included underneath the feature name and tabbed to the right.
MCT USE ONLY. STUDENT USE PROHIBITED
10-12 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
•
Domain/Workgroup. By default, the New Guest OS Profile Wizard selects a workgroup named Workgroup. However, you can choose to supply a fully qualified domain name (FQDN). If you do, you must supply the credentials of a user who is allowed to join a computer to a domain, or you can select the Run As account credentials.
•
Answer File. You use the answer file to set additional settings. You can attach a Sysprep.inf file for Windows Server 2003 and earlier operating systems, or a Unattend.xml file for Windows Vista and newer operating systems. The answer file must be stored on the library share.
•
GUIRunOnce Commands. You can use this setting to run a command automatically the first time a user logs on. Normally, these commands would be command-line commands, executables, and scripts. You can add as many commands as you deem necessary.
The New Guest OS Profile Wizard also includes a Dependencies page, which is empty by default, and an Access page, where you can share the profile with any self-service users or roles that you specify here. Question: What is the purpose of using guest operating system profiles?
What Is Server App-V? By virtualizing an application with Server App-V, you can capture the information that is required to install the application, such as the application’s binary files and registry settings. Server App-V also retains the runtime state of the deployed application, which includes registry settings, log files, and other data that the application stores. This runtime state persists on the disk until you remove the application from the server. The application runtime state includes the data that is captured while the deployed application is running. This data can include log files, collected data, and settings that are modified for a specific application deployment.
Server App-V uses the Microsoft Server App-V Sequencer to perform a sequencing operation that captures an application’s settings and configuration prior to deployment. After sequencing, this information, along with the runtime state information, enables you to back up a deployed Server App-V application. You can capture the initial settings and the entire runtime state of the application. You then can deploy this capture to another server with the application’s last runtime state intact. The Server App-V Sequencer stores all of this information into a Server App-V package. You store the package in the Virtual Machine Manager library. If an application can function in a load-balanced environment, VMM can deploy the application across additional servers and reconfigure the load balancer to use the newly deployed servers. Server App-V allows you to virtualize and deploy many server-based applications. Server App-V can sequence several different components. Additionally, applications such as multi-tier web applications and network service applications lend themselves to virtualization with Server App-V. A single application might require you to specify registry settings, modify configuration files, or create Windows operating system services. Additionally, an application might have many other points where it interacts with the operating system. If so, the Server App-V Sequencer needs to capture these points, or the application might not work properly when you deploy it.
Applications that require you to perform the following tasks might be suitable for virtualization with Server App-V: •
Save runtime state to local disk.
•
Install Windows services.
•
Create Windows Server Internet Information Services (IIS) applications.
•
Add and change registry settings.
•
Install and use COM+ and Distributed COM (DCOM).
•
Use text-based configuration files.
•
Install Windows Management Instrumentation (WMI) providers.
•
Install and use Microsoft SQL Server Reporting Services.
•
Add, modify, or use Local Users and Groups.
•
Install and use Java-based applications.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
10-13
If an application requires another type of virtualized information that is not included on this list, it might not work properly with Server App-V. There is no exhaustive list of applications that will work with Server App-V. You must thoroughly test all applications that you virtualize before you run them in a production environment. Server App-V is flexible, and you can use it to virtualize a wide variety of server-based applications. However, you cannot use Server App-V to virtualize a few functions. For example, applications that require the following functionality are not supported: •
Windows drivers or other components that must load when an operating system starts up.
•
Microsoft SharePoint Server or applications that install SharePoint Server.
•
SQL Server databases.
Just as there is no complete list of supported Server App-V virtualization application types, there also is no exhaustive list of unsupported applications types for Server App-V. Server App-V is included with System Center 2012 VMM, but you must install it separately.
What Is an Application Profile? When you deploy a virtual machine as part of a service, application profiles provide configuration instructions for installing specific application types. Application profiles support the following application types: •
SQL Server DACs
•
Server App-V applications
•
Web applications
•
Scripts
SQL Server DACs
SQL Server 2008 R2 supports a new package type called a DAC. A DAC contains all database and instance objects that the application uses, and typically is targeted toward department-based applications.
SQL database developers create DACs by using one of the following methods:
MCT USE ONLY. STUDENT USE PROHIBITED
10-14 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
•
Author and build a DAC by using the SQL Server Data-tier Application project type that is available in Microsoft Visual Studio.
•
Extract a DAC from an existing database by using the Extract Data-Tier Application Wizard in the SQL Server Management Studio.
After developers create DACs, they can import the DACs into the Virtual Machine Manager library, which is then accessible from the application profile.
Server App-V Applications
Server App-V creates virtual application packages that then deploy to servers that run the Server App-V agent. A virtual application package does not require a local installation; however, the package runs as if it is a locally installed application. As previously discussed, you create Server App-V packages by using the Server App-V Sequencer. When you create a Server App-V package, the Server App-V Sequencer monitors a typical application installation and records information that is required for the application to run in a virtual environment.
After you create the Server App-V package, you can import it into the Virtual Machine Manager library so that it is accessible from an application profile.
Web Applications A web application is a package that is stored within the Virtual Machine Manager library. It contains the content, websites, certificates, and registry settings of a web-based application. You can package and deploy web applications with the Web Deployment Tool. VMM also uses this tool to deploy web applications as a service when deploying a web application as specified in an application profile.
Scripts
When deploying a virtual machine as part of a service, you also can use the application profile to run scripts. You use scripts during the preinstallation and the post-installation phases of a specific application. For example, you might need to copy updated configuration files to a deployed web application, or you might have to run specific virtual application commands to finalize a virtual application deployment. You also can use scripts to help you with preconfiguration or post-configuration tasks when you uninstall applications. Scripts must be available in the Virtual Machine Manager library as a resource package. To create an application profile, complete the following procedure: 1.
Open the VMM console, and then click the Library workspace.
2.
In the navigation pane, expand Profiles, and then click Application Profiles.
3.
On the ribbon, click Create, and then click Application Profile.
4.
In the New Application Profile dialog box, on the General page, provide a Name and Description for the application profile.
5.
In the Compatibility drop-down list box, click General to allow for all types of supported applications in the profile. Alternatively, you can use the SQL Server Application Host selection if you are using this application profile to deploy a SQL Server DAC to an existing SQL Server computer. Clicking this option only allows you to add SQL Server DAC packages and SQL Server scripts.
6.
On the Application Configuration page, click OS Compatibility, and then select the guest operating systems that are compatible with the application.
7.
Click Add, and then select the appropriate application type. Note that you can only add an application script after you have added an application.
8.
For each application or script that you added, configure the appropriate settings.
9.
Click OK to accept the application configuration settings.
You can add one or more applications as required by the service that you are configuring.
What Is a SQL Server Profile? VMM allows you to configure a SQL Server instance when you deploy a virtual machine as part of a service. The process for installing and configuring a SQL Server instance includes a number of tasks as described in the following steps: 1.
Prepare a SQL Server image. The virtual machine that you deploy must contain a version of SQL Server 2008 R2 or newer that you prepared previously by using Sysprep. SQL Server 2008 R2 and newer versions provide built-in Sysprep functionality that you can use to deploy and configure SQL Server rapidly.
Note: You can use SQL Server 2012 with System Center 2012 SP1 VMM or System Center 2012 R2 VMM only.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
10-15
2.
Create a SQL Server profile. The SQL Server profile contains a number of configuration settings, such as the instance name and ID, product key, media source, SQL Server administrators, and service account designations.
3.
Create a virtual machine template. The virtual machine template specifies the hardware, operating system, and SQL Server profile that you plan to deploy to a new virtual machine.
4.
Create a service template. A service template provides the foundation for deploying a virtual machine and using the SQL Server profile to configure the instances that are defined within the profile settings. A service is a set of virtual machines that you configure and deploy together to support specific infrastructure requirements. For example, you might have a multi-tier, web-based application that requires a SQL Server database. A service template gathers all of the configuration settings into a single managed entity for the multiple servers. You can only configure and deploy a virtual machine with SQL Server when you deploy the application as a service.
5.
Deploy the service. Deploying the service essentially deploys and configures all servers and applications that are associated with the service.
Before you can deploy a SQL Server .vhd image, you must prepare the image by using the SQL Server Sysprep process. You run SQL Server Sysprep prior to running Windows Sysprep to create an image that includes a prepared operating system and an SQL Server installation that has not been configured.
SQL Server Sysprep is a two-step installation process that begins with image preparation. During the image preparation phase, SQL Server Setup installs the product binaries without configuring any SQL Server settings for the instance that is being prepared. After this first step completes, Sysprep begins and then captures the image.
MCT USE ONLY. STUDENT USE PROHIBITED
10-16 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
You perform the second step of the installation process during image deployment. After you deploy an image to a virtual machine, you can proceed with the final installation and completion of a SQL Server– prepared instance. VMM uses the SQL Server profile that you prepared to provide the configuration settings for each instance in the image that was prepared with Sysprep.
The SQL Server profile provides most of the common settings for use during deployment. However, you also can use a SQL Server configuration file to provide the additional configurations for settings that are not available in the SQL Server profile. A SQL Server configuration file is an .ini file, which is similar to a Windows operating system answer file (Unattend.xml). If you use a SQL Server configuration file, you must save it to a Virtual Machine Manager library share so that it is available to the template. Install SQL Server 2012 from the Command Prompt http://go.microsoft.com/fwlink/?LinkID=386739
Configuring Virtual Machine Templates VMM provides three kinds of templates in the Virtual Machine Manager library: Service Deployment Configuration (this node is a storage location and you cannot templates), Service Templates, and VM Templates. You can create Service and VM Templates by using their respective wizards. Note: Creating Service Templates will be covered in Module 12, “Managing Services in System Center 2012 R2 Virtual Machine Manager and App Controller.” You can modify the settings in an existing template. VMM incorporates the updated settings into new virtual machines that you create from the template. However, the updated template will not affect existing virtual machines that you created previously from the template. When you modify an existing template, there are additional properties than those available when creating the template in the New Template Wizard.
To modify virtual machine template settings, open the Library workspace, expand the Templates node in the console tree, click VM Templates, and then double-click the template in the details pane. •
•
On the General page, you can modify following fields: o
Name (required). Identifies the template to VMM.
o
Description (optional). Describes the characteristics and purpose of a template.
o
Cost Center (optional). Specifies the cost center for a virtual machine that you create from a template. Identifying a cost center enables you to collect data about the allocation of virtual machines (or resources allocated to virtual machines) by cost center.
o
Tag (optional). Specifies a word or phrase that you can use to group specific virtual machines as a set. You can use the tag as a filter to search for that set of virtual machines.
On the Hardware Configuration page, you can modify settings that are described in the “What Is a Hardware Profile?” topic.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
10-17
•
On the Operating System Configuration page, you can modify the guest operating system settings that are described in the “What Is a Guest Operating System Profile?” topic.
•
On the Application Configuration page, you can modify settings to add a compatible operating system, SQL Server DACs, virtual applications, web applications, and scripts.
•
On the SQL Server Configuration page, you can modify a SQL Server instance, the configuration of an instance in the service account, and the agent that SQL Server uses to run its various services.
•
On the Custom Properties page, you can add or modify the custom fields (optional). You can add up to 10 custom properties to each virtual machine that you create by using this template.
•
On the Settings page, you can add or modify quota points (optional). You can use quota points to limit the number of virtual machines that self-service users can deploy at one time. Only self-service users who share a self-service policy use quota points. You can specify a value for the Quota Points setting if the virtual machines that you will create by using this template are for self-service users. The quota applies to all virtual machines that you deploy on a host, including virtual machines that are not running.
•
On the Dependencies page, you can select and modify properties of the dependencies listed by clicking on the hyperlinks that make up their name and modifying the various properties.
•
The Validation Errors page will display any validation errors that the template might encounter.
•
On the Access page, you can modify the self-service owner, and add or remove self-service user roles with which you share the template.
Demonstration: Creating a Virtual Machine Template In this demonstration, you will see how to create a virtual machine template.
Demonstration Steps 1.
Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.
2.
Start the Virtual Machine Manager console.
3.
Navigate to the Library workspace, and then create both a Guest OS and a Hardware Profile with the following settings: o
o
Guest OS Profile:
Name: DemoGuestOS
Description: Demonstration creating a Guest OS profile
Operating System: 64-bit edition of Windows Server 2012 Standard
Identity Information, Computer name: WS2012-Core###
Admin Password: Specify the password of the local administrator account: Pa$$word
Hardware Profile:
Name: DemoHWProfile
Description: Demonstration creating a hardware profile
Compatibility: Hyper-V
Memory: Dynamic with 1024 Maximum memory set
Network Adapter 1: External Network
4.
Create a VM Template with the following settings: o
Name: DemoVMTemplate
o
Description: Demonstration creating a VM template
o
Configure Hardware: Use the DemoHWProfile
o
Configure Operating System: Use the DemoGuestOS profile that you created earlier
o
Application Profile: None
o
SQL Server Profile: None
MCT USE ONLY. STUDENT USE PROHIBITED
10-18 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
5.
After the DemoVMTemplate is created, open its properties, and then review all pages in the console tree.
6.
Close all open windows.
What Are Capability Profiles and Physical Computer Profiles? Capability and physical computer profiles ensure that private cloud physical hosts have the necessary resources to provide the level of availability that is required by the virtual machines, and the resources that the cloud needs. You use a capability profile for a cloud that requires highly available virtual machines and services. The physical computer profile includes configuration settings, such as the location of the operating system image used during host deployment, and other hardware and operating system configuration settings.
To access a capability profile, in the Library workspace, under the Profiles node of the console tree, click the Capability Profiles child node. When selected, the child node displays three existing capability profiles in the Profiles details pane: •
ESX Server. Use this profile for VMware hosts.
•
Hyper-V. Use this profile for Microsoft Hyper-V Server hosts.
•
XenServer. Use this profile for Citrix XenServer hosts.
You can use these profiles to provide the built-in fabric capability profile for their respective virtual machine host platforms. These profiles are set to the read-only access level, and you should not modify them unless you wish to globally change the host platform capability profile permanently. Instead of altering these default profiles, you can make your own capability profiles. For example, you might have a Hyper-V cluster that is used in a private cloud. To ensure that everything in this private cloud is highly available, you can create your own capability profile.
Creating a Capability Profile
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
10-19
To create a capability profile, navigate to the Library workspace, on the Home tab of the ribbon, click Create, and from the selection menu, click Capability Profile. This brings up the Create Capability Profile Wizard. On the General page, you provide a name and optional description of the profile. On the Capabilities page, you can find the following options: •
Fabric Capability. Selected targets with this hardware profile will be used. VMM will ensure that the provided settings are compatible with these destination locations. There are three selections in this setting: Hyper-V, ESX Server, and XenServer virtualization hosts.
•
Processor Range. Use this option to select the number of processors that the host will use. You can use a default range or select a minimum and maximum number of processors. You can also provide compatibility with different processor versions, and VMM can limit the processors that a virtual machine can use. You have the option of using the default setting, selecting a user-defined or required processor compatibility, or disabling the capability altogether.
•
Memory Range. Use this setting to specify how much memory to allocate to the virtual machine, or let the virtualization host manage the amount dynamically within a range.
•
DVD Drive Range. Use this option to set the number of DVD drives that you can use.
•
Shared Image Mode. Use this option to enable virtual machines to share .iso image files that are stored in the Virtual Machine Manager library.
•
Hard Disk Count. This option sets the number of virtual hard disks in use. The maximum number allowed is 255.
•
Disk Size Range. Use this option to set the size of virtual hard disks. The maximum size is 64 terabytes (TB).
•
Fixed Disk Mode. Use this option to select fixed, dynamic, or differencing virtual hard disk options.
•
Dynamic Disk Mode. This option is identical to the Fixed Disk Mode option.
•
Differencing Disk Mode. This option is identical to the Fixed Disk Mode option.
•
Network Adapter Range. This option allows you to select up to 12 network adapters.
•
Network Optimizations. Use this option to enable network optimizations.
•
Availability. This option allows you to select a highly available virtual machine mode. When you configure VMM to be highly available, VMM attempts to place the virtual machine on a clustered server.
Creating a Physical Computer Profile
The process for creating a physical computer profile is similar to creating a compatibility profile. If you need to create a physical computer profile, navigate to the Library workspace, on the Home tab of the ribbon, click Create, and from the selection menu, click Physical Computer Profile. This brings up the New Physical Computer Profile Wizard, which has the following pages: •
General. Provide a name and an optional description for the physical computer profile. You also have the ability to select the role of virtual machine host or Windows file server.
•
OS Image. On this page, you can select a virtual hard disk with an operating system image. The image must have a Windows Server version that can start from a virtual hard disk. The Hyper-V role in this operating system will be installed by default. For best results, allow for enough free space on the partition to contain the recommended page file size, which is determined by the amount of memory on the host system.
•
•
Hardware Configuration. On this page, you can configure the following settings:
MCT USE ONLY. STUDENT USE PROHIBITED
10-20 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
o
Network Adapters. Includes the ability to configure a physical network adapter as the Management NIC. It also allows you to set the use of Consistent Device Naming for the adapter and to use a dynamically assigned IP address or a static IP address.
o
Disk and Partitions. You can use this setting to add a new disk requirement and to add a petition to this disk by using the master boot record (MBR) or the GUID partition table (GPT). You can also assign the Primary, NTFS file server, and all remaining space on the operating system volume.
o
Driver Options. You can filter the list of drivers so that only the appropriate drivers apply to an operating system as part of a virtual machine host deployment. VMM automatically applies the drivers that match Plug and Play IDs discovered on the computer.
OS Configuration. Allows you to configure the following: o
Domain. Specify the domain that the virtual machine host should join. To join a domain, the computer must have at least one network adapter that has access to the network.
o
Admin Password. Specify the credentials for the local administrator account.
o
Identity Information. You can add the full and organizational name of the host configuration.
o
Product Key. Specify the product key use for the virtual machine.
o
Time Zone. Specify the time zone for the virtual machine.
o
Answer File. To set additional settings, you can attach an Unattended.xml file to the host profile. The answer file script must be stored on a library share.
o
GUIRunOnce Commands. Specify zero or more command-line commands to run immediately after deployment.
•
Host Settings. Use this page to specify virtual machine placement paths on the host. VMM uses virtual machine placement paths as default locations to store virtual machines placed on a host.
•
Summary. This page allows you to confirm the selected settings and view a script of Windows PowerShell cmdlets that you can use to create the physical computer profile made with this wizard.
What Are Service Templates and Service Deployment Configurations? System Center 2012 VMM provides you with two new tools for creating, managing, and deploying services: service templates, and service deployment configurations.
Service Template
A service template is a logical component that defines and connects all necessary components for service deployment and functionality. A service template encapsulates everything that you require to deploy and run a new instance of an application. Deploying a new service requires a high level of automation and predefined components, and it requires management software support. Service templates in VMM simplify deployment of services. Just as a private cloud user can create new virtual machines on demand, a user can also use service templates to install and start new applications on demand.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
10-21
When creating service templates, you can select either the Single Machine pattern, the Two-tier Application pattern, or the Three-tier Application pattern. Deploying tiers actually defines the levels of your application. For example, one tier of your application can be a Web server (or servers), while a second tier could be database servers.
A machine tier is not an equivalent of a virtual machine, but rather contains one or more virtual machines of a particular type. When creating a tier, you can select the configuration settings for this collection. The New Service Template Wizard uses the Service Template Designer GUI to set and order these configuration settings quickly.
Service Deployment Configuration
After you create the service template, you then can deploy the service to a private cloud or to virtual machine hosts. To deploy a service, you should first create a service deployment configuration. You can create a deployment configuration by right-clicking a service, and then selecting Configure Deployment. Type a name for the deployment configuration, and then select a destination for the service. You can choose between host groups and private clouds, if you have created any. After you type the name and select a destination for a service, VMM performs placement evaluation. Following the evaluation, the Deploy Service console opens, displaying the deployment diagram and the selected host machine or private cloud. Here you can configure a virtual machine name and a computer name for the virtual machines that deploy as a part of service. By default, VMM generates names in the format ServiceVM0000X.domain for both virtual machine name and computer name. However, you can change this for each service deployment.
When you click the Deploy Service button in the Deploy Service console, you actually initiate the deployment process. You can monitor deployment progress in the Jobs window. Depending on the number of virtual machines deployed and the network and storage speed, this process can take between 10 minutes to a few hours. For long-running service deployments, we recommend that you also monitor the VM Manager log in Event view, and the System log on the VMM management server. You can find additional, detailed information about tasks in the Event Viewer. After the service deploys, you can update the service template and then deploy those updated changes to the already deployed service. Alternatively, you can deploy additional virtual machines to an existing service to provide additional resources for the deployed service. Note: Module 12, “Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller,” covers service templates and service deployment configuration in detail.
Planning Virtual Machine Manager Profiles and Templates As part of your virtualization strategy and infrastructure design, consider the number of different templates, stored virtual disks, hardware, guest applications, and database profiles you will need. You should plan how many different operating systems you will deploy and where your files need to be stored. The following list summarizes some considerations for working with profiles and templates:
MCT USE ONLY. STUDENT USE PROHIBITED
10-22 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
•
Working with library items. Consider creating a plan for the number of templates you think you will need, and configure some or all of these before starting deployment. Consider keeping only the number of .vhdx files that you require. In a mixed host environment, consider having both .vhd and .vhdx formats. Remove legacy and unused profiles and templates. Back up a library occasionally, and if you must recover an older image, you can retrieve it from the backup.
•
Try to keep the Virtual Machine Manager library tidy and prevent virtual sprawl. Remove virtual machines and virtual hard disks that are unused. Virtual sprawl includes offline files, which can end up being stored across file and infrastructure servers other than hosts.
•
If you need to have the same templates and files across multiple Virtual Machine Manager libraries, you can send large files offline and then import them where required. If you need to avoid using small wide area network (WAN) links, set up equivalent objects at multiple locations for virtualization deployment resources that you need and do not want to deploy over a WAN.
•
Performance. Consider the impact of servicing many offline files. If you update them, consider collaborating in larger organizations to ensure that someone is not servicing images while someone else is trying to deploy those same images.
•
Consider a standard hardware profile. If you set the base configuration for all of your virtual servers with more memory, processors, and disk space than necessary, you will not achieve the full value of virtualization, and you will waste resources.
•
Licensing. You can use guest operating system profiles to help enforce licensing requirements. For example, you can preconfigure an image for the Microsoft Developer Network (MSDN) website and then assign this to the developers who have the MSDN agreement. Consider licensing when using a template that is based on another machine; ensure that only the people that should use a template are using it.
•
Systems integration, automation, and self-service. VMM and its libraries are the source from which other applications deploy. If necessary, create multiple libraries with appropriate security and ensure that the deployed files and images are up to date.
•
Service templates. When building services for applications that scale out, consider versions and revisions, and try to keep them consistent. For example, if you have a template for a three-tier application, when you are updating the tiers, you need to remember to increment the revisions appropriately.
Lab: Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
10-23
The IT management at A. Datum Corporation wants to ensure that the management processes for the virtualized environment are as efficient as possible. This means that the work involved in creating new virtual machines should be minimized. In addition, most of the components that deploy in the environment should be standardized to simplify the management of the environment and to reduce the chances of making errors. Because the virtualization hosts are located in five different locations, you also need to ensure minimum bandwidth utilization between data centers when performing tasks such as creating new virtual machines. To optimize this management process, you need to configure the Virtual Machine Manager library and deploy components in the library.
Objectives After completing this lab, you will be able to: •
Configure and manage the Virtual Machine Manager library.
•
Create and work with Virtual Machine Manager profiles and templates.
Lab Setup Estimated Time: 30 minutes Virtual machines: 20409B-LON-HOST1, 20409B-LON-DC1, 20409B-LON-VMM1 User name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin, you must complete the following steps: 1.
On the host computer LON-HOST1, start Hyper-V Manager.
2.
In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start. Wait 30 seconds.
3.
Click 20409B-LON-VMM1, in the Actions pane, click Start, and then click Connect. Wait until the virtual machine starts.
4.
Sign in by using the following credentials: o
User name: Administrator
o
Password: Pa$$w0rd
o
Domain: Adatum
Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines at the end of this lab. However, you can shut down the virtual machines after finishing this lab.
Exercise 1: Configuring and Managing the Virtual Machine Manager Library Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
10-24 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
In this exercise, students will add a library server and library shares, configure refresh, associate the Virtual Machine Manager library with a host group, add content to the library, and work with equivalent library resources. The main tasks for this exercise are as follows: 1.
Examine the Library workspace defaults, and create the shared folders on the virtualization host computers.
2.
Add LON-HOST1 and LON-HOST2 as Virtual Machine Manager library servers.
3.
Examine the library server shared folder resources, and create an additional subfolder on LON-HOST1.
Task 1: Examine the Library workspace defaults, and create the shared folders on the virtualization host computers 1.
Sign in to LON-VMM1 as Adatum\Administrator with a password of Pa$$w0rd.
2.
On the desktop, on the taskbar, click the Virtual Machine Manager Console icon.
3.
On the Connect to Server page, click the Connect button.
4.
Verify that LON-VMM1 is listed as a library server.
5.
On LON-HOST1, in the root directory of drive C, make a shared folder called Host1Library. Share with the Everyone group, having Read access.
6.
On LON-HOST2, in the root directory of drive C, make a shared folder called Host2Library. Share with the Everyone group, having Read access.
Task 2: Add LON-HOST1 and LON-HOST2 as Virtual Machine Manager library servers •
In the Virtual Machine Manager console, add both LON-HOST1 and LON-HOST2 as Library Servers. In the Add Library Server Wizard, do the following: a.
Sign in with the credentials ADATUM\Administrator and the password of Pa$$w0rd.
b.
Add LON-HOST1 and LON-HOST2 as library servers.
c.
Add Host1Library and Host2Library as Library Shares, and add the Default Resources to both.
Task 3: Examine the library server shared folder resources, and create an additional subfolder on LON-HOST1 1.
After you create the library servers, under the Library Servers node, review the new library server nodes and child nodes.
2.
Observe the properties of the ApplicationFrameworks item Equivalent Resource.
3.
In Host1Library, add a new folder named ISOs. In this folder, create a text file named Test.iso. Make sure to have the .iso extension, as this will simulate a real .iso file.
4.
Switch back to LON-VMM1, and then examine the Host1Library again. The ISOs folder should display. If not, refresh Host1Library.
Exercise 2: Creating and Managing Profiles and Templates Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
10-25
In this exercise, students will create and modify the hardware profile and a guest operating system profile. Students will also explore configuration options for host profiles and application profiles. Finally, they will use Hardware and Guest OS profiles to create a virtual machine template, which they will deploy in the next lab. The main tasks for this exercise are as follows: 1.
Create the Guest OS Profile.
2.
Create the Hardware Profile.
3.
Create a virtual machine template.
Task 1: Create the Guest OS Profile •
In the Virtual Machine Manager console, navigate to the Library workspace, and then create a Guest OS Profile with the following settings: o
Name: LabGuestOS
o
Description: Lab creating a Guest OS profile
o
Operating System: 64-bit edition of Windows Server 2012 Standard
o
Identity Information, Computer name: WS2012-Core###
o
Admin Password: Specify the password of the local administrator account: Pa$$word
Task 2: Create the Hardware Profile •
Navigate to the Library workspace, and then create a Hardware Profile with the following settings: o
Name: LabHWProfile
o
Description: Lab creating a hardware profile
o
Compatibility: Hyper-V
o
Memory: Dynamic with 1024 Maximum memory set
o
Network Adapter 1: External Network
Task 3: Create a virtual machine template 1.
Create a VM Template with the following settings: o
Name: LabVMTemplate
o
Description: Lab creating a VM template
o
Browse for disk: Blank Disk - Small.vhdx
o
Configure Hardware: Use the LabHWProfile
o
Configure Operating System: Use the LabGuestOS Profile
o
Application Profile: None
o
SQL Server Profile: None
2.
After the LabVMTemplate is created, open its properties and review all pages in the console tree.
3.
Close the Virtual Machine Manager console. Question: Why did you copy an .iso file into the newly created ISOs subfolder? Question: What was the purpose of using WS2012-Core### in the Computer name section of the Guest OS Profile?
MCT USE ONLY. STUDENT USE PROHIBITED
10-26 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
Module Review and Takeaways Review Questions Question: What is the Virtual Machine Manager library, and what kind of resources can you index in it? Question: What should you create to deploy a VM Template in VMM?
Common Issues and Troubleshooting Tips Common Issue You cannot add a library server.
Resources do not appear in the Virtual Machine Manager library after you add them to the library share.
You cannot add a file server cluster as a library server.
Tools •
VMM console
•
Server App-V
•
Failover Cluster Management Console
Troubleshooting Tip
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
10-27
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED 11-1
Module 11 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager Contents: Module Overview
11-1
Lesson 1: Introduction to Clouds
11-2
Lesson 2: Creating and Managing a Cloud
11-11
Lesson 3: Working With User Roles in Virtual Machine Manager
11-19
Lab: Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
11-27
Module Review and Takeaways
11-34
Module Overview
Many IT professionals today consider cloud computing to be one of the most important technical inventions in recent years. Cloud computing can reduce IT costs by increasing the availability of services and applications without administrative intervention. Although cloud computing has been in use for a few years, organizations require new virtualization and management tools to fully utilize its benefits. These tools enable administrators to implement cloud computing within private networks, thereby creating private cloud infrastructures. You can use Microsoft System Center 2012 R2 Virtual Machine Manager (VMM) to build cloud computing services. VMM includes several new and improved tools and features that you can use to create an internal infrastructure that will support cloud computing within your organization. In this module, you will learn about cloud computing, private clouds and public clouds, and how to use VMM to create them. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.
Objectives After completing this module, you will be able to: •
Explain the concept of a private cloud and a public cloud, and describe how you can use VMM to create these cloud services.
•
Create and manage a private cloud or a public cloud.
•
Create and use user roles in VMM.
Lesson 1
Introduction to Clouds
MCT USE ONLY. STUDENT USE PROHIBITED
11-2 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
Cloud computing is changing the way businesses develop services and applications. The on-demand model of cloud computing provides new ways to scale services, and provide better availability to those services. Most organizations today experience a continuous increase in data, platforms, and users. The result is a growing requirement for services, which creates a need for a more robust platform with an almost unlimited capacity to manage the ever-increasing loads. In this lesson, you will learn about cloud computing and its benefits. You will also learn how you can use VMM to implement cloud computing.
Lesson Objectives After completing this lesson, you will be able to: •
Explain the concept of a cloud.
•
Describe the features of public clouds, private clouds, and hybrid clouds.
•
Describe how to implement virtualization in cloud services.
•
Explain how you can use VMM to create a cloud.
•
Explain how a VMM implementation works.
What Is a Cloud? For many years, traditional computing has involved a rapid growth of data centers with a great deal of server inefficiency. Historically, IT professionals would purchase individual physical servers, and then typically assign one workload to each server. With the ability to run multiple workloads on a single server, some application or hardware-based resource consolidation occurred, but IT professionals would typically use single workloads or functions on servers. The result was servers using less than 10 percent of their available resources. This meant that in a data center, hundreds or thousands of servers were consuming large amounts of space and power, while providing low overall usage.
About 10 years ago, technology improved enough to enable data centers to isolate workloads operating systems within a virtual machine. IT professionals could now consolidate multiple virtual machines on one server. This led to a significant increase in resource usage with reduced physical hardware costs and power consumption.
The Evolution of Cloud Computing
Cloud computing extends virtualization concepts to make them even more elastic. Public and private clouds are more easily accessible to business unit IT teams, and more accountable through features such as cost center-based chargeback modeling for billing.
The National Institute of Standards and Technology (NIST) defines cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-3
resources such as networks, servers, storage, applications, and services. Using cloud computing, you can rapidly provision and release these resources with minimal management effort or service provider interaction.
For example, an application owner can deploy a developed application to a private cloud infrastructure, knowing that the infrastructure will adjust resources dynamically for the application, scale the application, and enable the application to migrate across servers based on the best resource match. This current cloud-computing model ultimately provides elasticity, design scalability, and accountability for the actual resource use that the application is employing. Additionally, cloud computing makes maximum use of the resources that are available in a data center.
Benefits of Cloud Computing Cloud computing offers the following benefits: •
Virtualized data center. Cloud computing provides methods to access computing services that are independent both of your physical location, and the hardware that you use to access it. With cloud computing, you no longer need to store data or applications on your local computer. The data center remains a key component of the cloud computing infrastructure. However, cloud computing emphasizes virtualization technologies that focus on delivering applications rather than supporting the data center infrastructure.
•
Reduced operational costs. Cloud computing helps mitigate issues such as low system use, inconsistent availability, and high operational costs, by providing pooled resources, elasticity, and virtualization technology.
•
Server consolidation. Cloud computing enables you to host multiple virtual machines on a virtualization host, which helps you to consolidate servers across a data center.
•
Improved resilience and agility. With products such as System Center 2012, cloud computing can reduce costs and improve efficiency.
Businesses using cloud computing and cloud services can see a substantial decrease in maintenance and support costs. This is because to a great extent they are no longer involved in maintenance and support. These costs are borne by the cloud services vendor, which allows the business to use its funds on the actual service being provided.
What Are Public, Private, and Hybrid Clouds? Cloud computing offers three deployment models: •
Public cloud.
•
Private cloud.
•
Hybrid clouds.
Public Cloud With public cloud computing, a cloud vendor (also known as a hosting provider) provides cloud resources for an organization. The cloud vendor may share its resources with multiple
organizations, or with the public. The main feature of a public cloud is that the resources that the organization uses, such as storage, processing power, various web-based applications, and other components, do not belong to the organization that is utilizing the resources, but rather to the cloud vendor.
MCT USE ONLY. STUDENT USE PROHIBITED
11-4 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
With public cloud services, the tenant organization has less management overhead than organizations that use private clouds. This means the renting organizations are not responsible for maintaining or supporting those resources, they just use them. However, this also means that control of the public infrastructure and services is greatly reduced because the service provider manages this for the tenant organization. In addition, the public cloud hosts the infrastructure and services for multiple organizations (multitenant), which introduces security implications that you need to review.
In most cases, the cloud vendor will provide the renting organization with a service level agreement (SLA). The SLA specifies the following items: •
What resources are being made available
•
What failure rate or downtime is acceptable
•
The escalation procedures if any of the resources fail
•
The fees for different resources and services
The SLA is a very important structural component of the public cloud. Without an SLA, many businesses would feel that they still need to deploy their own resources.
Private Cloud
The key difference between a public cloud and a private cloud is that an organization typically owns and manages its own cloud resources infrastructure and assets. Private clouds are cloud services that are controlled by one organization, are not shared with other organizations, and therefore typically are more secure.
One of the key benefits of a private cloud is that the organization has complete control over the cloud infrastructure and services that it provides. However, the organization also has the management overhead and costs that are associated with this model. In most instances, private clouds are owned by their respective organizations. In this scenario, the organization’s data center manages and maintains the cloud infrastructure. However, external service providers can provide private cloud resources in a variety of ways.
Hosted private clouds are private clouds that hosting companies manage specifically for a particular organization. This means that no other companies or applications are running on the infrastructure other than your own. On-premises private clouds are built from components within the organization’s data centers, while off-premises private clouds are built with components that are hosted outside the business by an external provider.
Hybrid Cloud
A hybrid cloud allows you to blend your private cloud infrastructure with infrastructure and resource elements from a public cloud. For example, an organization might use an on-premises Microsoft Exchange Server messaging solution, but decide to store additional mailboxes on Microsoft Office 365 Exchange Online. Similarly, an organization could make use of Microsoft SQL Server databases hosted on Windows Azure while also continuing to host databases within its private cloud.
Considerations for Choosing a Cloud Computing Model
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-5
When moving to a cloud-computing model, regardless of the cloud model that you choose to adopt, consider the following factors: •
Cloud service models. You can choose infrastructure as a service (IaaS), software as a service (SaaS), or platform as a service (PaaS) for your cloud service model. You should understand the difference between these models so that you can select the model that is the best for your organization. o
IaaS. IaaS is a cloud-computing model in which you manage your virtual server within your organization. For example, creating a private cloud with System Center 2012 provides you with the IaaS model.
o
SaaS. SaaS is a cloud-computing model in which you receive a service over the Internet, such as email messaging. For example, Office 365 is a SaaS offering.
o
PaaS. PaaS is a cloud-computing model that is between IaaS and SaaS. This model provides a computing platform that you use, and upon which you manage your applications. For example, Windows Azure is a PaaS.
•
Internet connection. Your Internet connection can become a single point of failure when using your line-of-business (LOB) applications. Whether moving to a public cloud or a private cloud, you need to ensure that the connectivity between your on-premises computers and the cloud-based applications are always available. Network latency is also a major factor. If you spread your infrastructure across multiple sites and site links, and over wide areas, this can have a detrimental effect on the performance and availability of your applications.
•
Data protection and recovery. Although you will already have methods in place to protect and recover your mission-critical data, you need to consider the following questions when moving to a cloud computing model:
•
•
o
Are the current protection and recovery methods compatible with the virtualization technologies that the public cloud or private cloud uses?
o
Is data being stored securely?
o
Do you need a local backup of your data in the event of an Internet connection failure? In this case, how is the data transferred back to your organization, and how is the data restored in the event of a catastrophic failure?
Disaster recovery. Ask yourself the following questions: o
What is your current disaster recovery model?
o
Do you have mirrored sites? If so, how will data synchronize between these sites?
o
How will mirrored sites and data synchronization affect the cloud-computing model that you choose?
Performance and availability. Application performance and availability are key factors to consider when adopting any cloud-computing model. With a public cloud, you need to ensure that the service provider can meet the performance and availability requirements of your applications. You need to consider the SLAs that the service provider includes with their services. Question: What is the main difference between on-premises private clouds and off-premises private clouds? How do off-premises private clouds differ from hybrid clouds?
Virtualization and Cloud Computing The private cloud encompasses more than just virtualization. However, virtualization is still an important and vital component of the private cloud. Several elements of virtualization make a private cloud possible such as: •
Server consolidation
•
Simplified deployment
•
Elasticity and scalability
•
Multitenancy
•
High availability and mobility
Server Consolidation
MCT USE ONLY. STUDENT USE PROHIBITED
11-6 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
Server consolidation is one of the primary reasons for implementing virtualization. You can deploy multiple virtual machines and server roles on a single physical server, and thus utilize that physical server more efficiently. Furthermore, by using multiple hosts in VMM, you can manage those physical servers and their virtual machines more efficiently.
Easy Deployment
Virtualization makes deploying new services much simpler. Virtual machines are based on virtual hard disks, which you can copy, clone, and start quickly, in some cases within seconds. This is faster than any single physical server, whose deployment is measured in hours. Cloned virtual machines can have many iterations. Therefore, you can dispatch more than a single copy.
Elasticity and Scalability
You can create or copy virtual machines quickly, and you can deploy many copies simultaneously. For example, consider a scenario where you need to run multiple and extensive searches for data on a database server. Using virtualization, you can quickly start up multiple virtual machines that are running SQL Server, run these extensive database queries, aggregate the results, and report them back. When you finish, you can then turn off or even delete those virtual machines. Such functionality is highly elastic and scalable.
Consider another example of an event-based model involving a website that experiences increased traffic closer to the date for a particular event, such as a conference or a holiday. You could attach and start multiple virtual machines hosting the website and the various web applications to add capacity and performance as traffic increases. After the event, when you would expect traffic to decrease considerably, you can begin removing those virtual machines that you no longer need. The resources that the virtual machines consumed can now be reallocated for other functions. Such events can happen very quickly, often within minutes. However, by using virtual machines in cloud services, these events will be managed automatically based on the traffic being generated.
Multitenancy
Virtual machines also provide the ability to segregate and isolate applications that run on different virtual machines. You can have multiple tenants on the same virtual machines. Consider a scenario where you have code that was originally written to run on SQL Server 2008. Due to new functionality, you now have updated code that runs on SQL Server 2012, and you wish to compare functionality and results between the two code implementations. Traditional testing would require multiple physical servers with various version levels of SQL Server installed on them. However, virtualization simplifies this testing.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-7
In another example, suppose you have macros written for Microsoft Office Word 2010 and you now want to develop similar functionality on Word 2013. Normally, you would not be able to run both versions of Word on the same computer. However, you can easily implement this with virtualization.
High Availability and Mobility
Virtualization provides high availability and mobility. High availability implies continuous presence so that any failures are transparent to the user and the applications or functions that the user is employing. With high availability, you can switch functionality from one virtual machine to another by using features such as Network Load Balancing (NLB) and failover clustering. Mobility refers to the ability to migrate applications, virtual machines, or … on an as-needed basis. Virtual machines in Hyper–V include technologies such as the Live Migration feature, which simplify mobility. By using VMM, you can conceptualize clustering by using the fabric.
Another key feature of virtualization is the ability to immediately present a functional duplicate of a virtual machine on another host so that a connected user does not experience a disruption in service. You can place a virtual machine on another physical server, even one thousands of miles away, within seconds. When you implement these virtualization features in a private cloud, you should be aware of several key considerations: •
Automated management. Certain decisions, such as instantaneous failover, do not require human intervention. Rather, an administrator creates a failover cluster with key decision points that allow the cluster to switch to another virtual machine automatically, even on another physical server. Based on the decision tree, the cluster fails over automatically. Without automated management, a private cloud would be too difficult to manage. In this case, the administrator still provides the top-level guidance, but the automation enables a greater amount of control than what a person could do sequentially.
•
Pools of compute resources. When you do not require a particular functionality or at least a large part of that functionality, you can turn off specific virtual machines and reallocate the resources they were consuming. Pools of compute resources include aspects of the physical server, such as disk space, memory, CPU cores, and available bandwidth. Available bandwidth is a feature of not just the physical computer, but of the overall network as well. By using VMM, you can more easily administrate a very complex infrastructure of virtual machines, their availability, their use of resources, and a host of other factors.
•
Self-service provisioning. The recent versions of VMM include self-service provisioning. The management capabilities of VMM include the Virtual Machine Manager Self Service Portal that allows VMM to make use of private cloud storage space at the business unit level. This allows individual business units with specific virtualization needs to consume that storage space rather than waiting for an administrator to make storage available. This enables faster provisioning of virtual machines.
•
Usage-based chargeback. Different business units within an organization might have different needs for virtualization services in a private cloud. The usage-based chargeback concept means that IT within an organization can ascertain the specific costs associated with provisioning a separate business unit’s virtualization costs. This enables management to make knowledgeable decisions about the allocation of resources within an organization.
Clouds in System Center 2012 R2 Virtual Machine Manager In the VMM console, in the VMs and Services workspace, you will find a Create Cloud icon on the ribbon. You use this interface to create and manage cloud services in VMM. Cloud management in VMM combines a collection of hosts, host groups, logical networks, virtual IP profiles, storage and storage classifications, content libraries, and load balancers. By managing these features, you can create capability profiles and assign capacity values that enable you to reserve computing capacity to business units and their projects.
MCT USE ONLY. STUDENT USE PROHIBITED
11-8 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
Creating a private cloud is not a requirement for using VMM. For small businesses and organizations, having a few physical hosts with multiple virtual machines may be enough, and they may never require cloud services in their infrastructure. However, a small business can conceptualize the infrastructure into the fabric, and then use that fabric to offer private cloud capability. Even if just the IT department uses the cloud services to run applications for the rest of the business, it can be a step towards enhanced management, lower costs, and increased efficiency for the administrators. When you use a private cloud, all details of the infrastructure are hidden, and you can use role-based access (RBAC) to allocate capacity. Users with role-based access control (RBAC)–assigned permissions can use the consoles in either System Center 2012 Service Pack 1 (SP1) VMM and newer versions, or the System Center 2012 - App Controller and newer versions to provision and manage virtual machines and their services. To do this, users do not need to be aware of any factors relating to fabric, storage, networking, or other IT related infrastructure.
You can define quota limits for private clouds at the individual, group and cloud levels. You can create quota definitions for memory, CPUs, storage, and number of virtual machines. For example, suppose you have a small group of seven developers. You could create a quota that allows each developer create up to three virtual machines, but limit the developer’s group to only 18 virtual machines. This would balance the needs of the developer’s group with the potential for over-allocating resources. System Center 2012 SP1 VMM and newer versions include a new role called Tenant administrator. You use this role to assign delegated rights, including the ability to create additional users with specific permissions. The Tenant administrator role also enables more automation with System Center 2012 Orchestrator and System Center 2012 - Operations Manager and newer versions.
Unless an organization is using a hosted private cloud, all the infrastructure resources that make up the private cloud are owned by the organization. These resources are named on-premises, which mean that the resources are located in a facility that the organization owns. However, organizations can have facilities in multiple locations, including other cities, provinces, or countries. In this scenario, the only thing public about a private cloud would be the wide area network (WAN) connections over the Internet that the organization utilizes. Organizations also have the ability to create hybrid clouds by moving virtual machines from on-premises servers to Windows Azure. Using the Network Virtualization feature in Windows Azure, you can allow the virtual machine to keep its current IP address, and then using the new gateway functionality, you can link your network to Windows Azure. The virtual machine then appears as if it were part of your network even if you host it elsewhere. You could also obtain certain services directly from a public cloud vendor, which abstracts the infrastructure management. In a hybrid cloud, resource and infrastructure management varies, while in a public cloud, organizations have no resource and infrastructure management.
Enhancements in Virtual Machine Manager 2012 R2 Clouds VMM includes several new enhancements that enable you to manage and perform administrative tasks from the VMM console instead of having to use several disparate tools. You can also use multiple kinds of storage: Internet small computer system interface (iSCSI) storage area network (SAN), Fibre Channel SAN, or Server Message Block (SMB) 3.0. VMM contains new advanced Windows Server 2012 Hyper-V network virtualization policies, and is configured to be aware of and provision virtual machines. Additionally, VMM makes use of custom virtual networks in the data center, and is multitenant aware. Managing Hyper-V network virtualization is a natural extension for policy-based networking.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-9
Virtual machines can run concurrently on a single physical host but you can isolate them from each other as if they were running directly on the physical host hardware. With network virtualization, you can create multiple virtual network infrastructures that run on the same physical network, and that potentially include overlapping IP addresses. Each of these virtual networks performs as if it is the only virtual network on the network infrastructure.
Network virtualization separates virtual networks from the physical network and removes both hierarchical and virtual local area network (VLAN) IP address assignment restrictions from virtual machine deployment. This flexibility makes it easier for organizations to move to cloud computing, and makes managing infrastructure more efficient for cloud vendors and data center administrators. In addition, network virtualization ensures the necessary multitenant isolation, security requirements, and overlapping virtual machine IP addresses.
MCT USE ONLY. STUDENT USE PROHIBITED
11-10 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
IP Addressing Management (IPAM) is a built-in framework for discovering, monitoring, auditing, and managing the IP address space used on a corporate network. IPAM has been significantly enhanced in VMM. For example, you can now use it for administration and monitoring of servers running Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS). The following table lists the new functionalities in VMM. Feature/functionality
New or improved in VMM
Description
RBAC
New
RBAC enables you to customize the types of operations and access permissions for users and groups of users on specific objects.
Virtual address space management
New
IPAM streamlines management of physical and virtual IP address space in VMM.
Enhanced DHCP server management
Improved
IPAM has several new available operations to enhance the monitoring and management of the DHCP server service on the network.
External database support
New
In addition to Windows Internal Database (WID), IPAM also optionally supports the use of a SQL Server database.
Upgrade and migration support
New
If you install IPAM on Windows Server 2012, your data is maintained and migrated when you upgrade to Windows Server 2012 R2.
Enhanced Windows PowerShell support
Improved
Windows PowerShell support for IPAM is greatly enhanced to provide extensibility, integration, and automation support.
Lesson 2
Creating and Managing a Cloud
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-11
A private cloud is one of the main concepts in VMM, including System Center 2012 SP1 VMM. By defining a private cloud, you define a set of resources and technologies that are available to users. To create and manage private clouds, you need to understand the private cloud concept, in addition to its properties and components. You also need a clear understanding of how to create and manage private cloud services and technologies to provide end users with private cloud accessibility.
Lesson Objectives After completing this lesson, you will be able to: •
Explain how to configure cloud resources.
•
Explain how to configure cloud capacity.
•
Describe how to configure cloud capability.
•
Create a cloud from a host group.
•
Describe how to manage a cloud.
•
Explain how to delete a cloud.
Configuring Cloud Resources Similar to all services and software, a private cloud depends on hardware resources such as servers, storage, networks, CPUs, and memory. A private cloud in VMM can run on traditional hardware configurations, including conventional or blade servers, a SAN, and various load balancers.
Characteristics of Private Cloud Resources
To prepare private cloud resources in the VMM private cloud infrastructure, you define various hardware and software components that VMM then uses as private cloud building blocks. After defining and creating components, you should validate that all of the hardware and software components are functioning together correctly. This process can be complex and time consuming, but typically, you do not have to do this very often. After you prepare all of the hardware and software components, you can assign them to a private cloud by using the Create Cloud Wizard. Later, you can add and remove resources from your existing private cloud by editing the private cloud properties.
A private cloud can utilize physical resources either from host groups or from VMware resource pools. Host groups can contain some combination of physical servers running Hyper-V, VMware ESX, VMware ESXi, or Citrix XenServer. The VMware resource pool contains only servers running VMware ESX or VMware ESXi. When you build a private cloud, you cannot select specific physical servers. Instead, you can select a host group or resource pool. After you select the specific host group or resource pool that you want to use to build a private cloud, you are presented with resources that belong to that group or pool.
Private Cloud Resources When creating a private cloud, you should assign at least one logical network. A logical network is one of the infrastructure elements that you must create prior to creating your private cloud. With a logical network, you define VLANs, IP subnets, and a network site that belongs to that logical network.
MCT USE ONLY. STUDENT USE PROHIBITED
11-12 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
If you create a load balancer, you can also add it to the private cloud. Adding a load balancer is not mandatory. However, the Microsoft Network Load Balancing load balancer is installed by default. With a load balancer, you can add a virtual IP template to your private cloud. The virtual IP template contains load balancer-related configuration settings for a specific type of network traffic. For example, you can create a virtual IP template to define load balancing for HTTP traffic that passes through port 80. In VMM, you can also manage storage classifications and assign it to your private cloud by defining storage pools and classifications. Storage classifications enable you to assign user-defined storage classifications to discovered storage pools, typically by Quality of Service (QoS) that storage offers. For example, you can assign a classification of gold to storage pools that have the highest performance and availability, or silver for Fibre Channel serial attached small computer system interface (SCSI) storage redundant array of independent disks 5 (RAID 5), or bronze to Serial ATA (SATA) disks.
To enable the new storage features, VMM uses the new Microsoft Storage Management Service to communicate with external arrays through a Storage Management Initiative - Specification (SMI-S) provider. The Storage Management Service is installed by default during the installation of VMM. However, you must install a supported SMI-S provider on an available server, and then add the provider to VMM management.
The Virtual Machine Manager library is also a very important part of configuring cloud resources. Most VMM–managed objects (such as virtual machines or services) deploy from the Virtual Machine Manager library. While configuring a cloud, you can add a stored virtual machine path and read-only library shares. Users can store the virtual machines they create in a stored virtual machine path. To provide self-service users the ability to store virtual machines in the Virtual Machine Manager library, you can create a library share. Alternatively, you can create a folder in a library share that serves as the storage location. However, be aware that the library share location you designate for stored virtual machines must be different from the shares that you designate as read-only resource locations for the private cloud. Read-only library shares can provide a place where administrators store read-only resources such as any .iso files that they want to make available to self-service users.
Configuring Cloud Capacity For each private cloud, you can specify its total available capacity. By specifying cloud capacity, you limit the resources that private cloud users can create or consume. You configure private cloud capacity during the private cloud creation process. However, you can change it later. You can limit resource usage based on user roles, and on individual members of a user role.
The following table describes categories and quotas that you use to set up private cloud capacity. Quota type
Description
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-13
Virtual CPUs
The virtual CPU quota sets a limit on processing capacity within the private cloud. This quota is expressed as capacity provided by a specified number of CPUs and the quota is applied against virtual machines that are running. Setting a virtual CPU quota does not guarantee contiguous capacity. Only the total CPU capacity that is available among hosts in the private cloud is guaranteed.
Memory
The memory quota sets a quota in gigabytes (GB) on memory that is available for virtual machines that you deploy on the private cloud. This quota is applied against running virtual machines only. When you set a memory quota, it does not guarantee contiguous capacity. For example, the private cloud might have 2 GB of memory available on one host, and 2 GB of memory available on another.
Storage
The storage quota sets a quota on storage capacity in gigabytes that is available to virtual machines that you deploy in your private cloud. For dynamic virtual hard disks, quota calculations are based on maximum size. However, we recommend that you use fixed-size disks.
Custom quota (points)
A custom quota sets a quota on virtual machines that you deploy in a private cloud. This quota is based on total quota points that you assign to the virtual machines using their virtual machine templates. You assign quota points as an arbitrary value to a virtual machine template based on the anticipated size of the virtual machines. Custom quotas are available to provide backward compatibility with self-service user roles that were created in System Center Virtual Machine Manager 2008 R2 (VMM 2008 R2).
Virtual machines
The virtual machines quota limits the total number of virtual machines that you can deploy in a private cloud.
If the private cloud capacity already equals the capacity of the underlying private cloud infrastructure, you must first add hosts or other private cloud infrastructure resources, then make them available to the private cloud, and then increase private cloud capacity. To modify any private cloud resource settings, open the private cloud properties, and then click the desired tab.
Configuring Cloud Capability The cloud capability profile defines which resources and features are available to a virtual machine after you deploy it to a private cloud. By assigning the cloud capability profile to a private cloud, you can specify which hypervisor platform it supports, and how much memory or how many processors you can assign to a virtual machine. You can also define supported virtual disk types, and the number of hard drives and network adapters. Within a capability profile, you also can define whether the virtual machine will deploy only on a highly available cluster.
Configurable Options for Capability Profiles The following is the list of configurable capability profile options:
MCT USE ONLY. STUDENT USE PROHIBITED
11-14 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
•
Fabric Compatibility. Fabric compatibility options include Hyper-V virtualization host, VMware virtualization host, and XenServer virtualization host.
•
Processor Range. This may vary from hypervisor to hypervisor. Hyper-V currently is limited to a maximum of four virtual CPU, while VMware and Citrix XenServer supports as much as 8 virtual CPU.
•
Memory Range. This varies from hypervisor to hypervisor.
•
Microsoft Synthetic Video Adapter. This option is for Hyper-V only.
•
DVD Drive Range. This is the number of DVD drives.
•
Shared Image Mode. This option is for Hyper-V only.
•
Bus Configuration. This option contains virtual disk configuration information. For example, to control whether or not you want your users to create virtual machines with differential disks on your private cloud, you could specify either Fixed Disk Mode or Dynamic Disk Mode in the profile.
•
Network Adapters. You use this option to set the minimum and maximum number of virtual network interface cards (NICs).
•
Network Optimization. This option is for Hyper-V only.
•
Advanced. With this option, you can configure the capability profile to enforce Highly Available Virtual Machine Mode, and define it as required.
Built-In and Custom Capability Profiles
For each private cloud that you create, you can assign a capability profile. If you do not want to use predefined capability profiles such as VMware ESX Server, Citrix XenServer, or Hyper-V, you should first create a new capability profile in the library before assigning it to the private cloud. The built-in capability profiles represent the minimum and maximum values for various categories that you can configure for a virtual machine, for each supported hypervisor platform. If you have a mixed environment—for example, a private cloud with servers running both Hyper-V and VMware ESX—the virtual machine templates that you create must support a capability profile for one or the other hypervisor platform (or both). In the library workspace, you can also create custom capability profiles and use them to limit the resources that the virtual machines in the private cloud use. To view the settings associated with a built-in capability profile, open the virtual library pane, expand Profiles, and then click Capability Profiles. You can then view the properties of a capability profile. To create a new profile, on the Home tab, in the Create group, click Create, and then click Capability Profile.
The following table lists characteristics of built-in capability profiles. Resource
Hyper-V
VMware
Citrix XenServer
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-15
Virtual CPU range
1–4
1–8
1– 8
Memory range
8 MB – 64 GB
4 MB – 255 GB
16 MB – 32 GB
Dynamic memory
User-defined, Required, Disabled
User-defined, Required, Disabled
—
DVD drives
0–4
0–4
0–4
Shared .iso image
User-defined, Required, Disabled
—
—
Hard disks
0 – 255
0 – 255
0–7
Disk size range
0 MB – 2040 GB
0 MB – 256 GB
0 MB – 2040 GB
Disk options
Allow Fixed Disks, Allow Dynamic Disks, Allow Differencing Disks
Allow Fixed Disks, Allow Dynamic Disks, Allow Differencing Disks
—
Network adapters
0 – 12
0 – 64
0–7
Network optimizations
User-defined, Required, Disabled
—
—
Virtual machine availability
User-defined, Required, Disabled
User-defined, Required, Disabled
User-defined, Required, Disabled
Demonstration: Creating a Cloud from Host Group In this demonstration, you will see how to create a private cloud by using the Create Cloud Wizard.
Demonstration Steps 1.
Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.
2.
On the desktop, on the taskbar, click the Virtual Machine Manager Console icon.
3.
On the Connect To page, click Connect.
4.
In the Virtual Machine Manager console, in VMs and Services, create a private cloud with the following properties: a.
Name: DemoCloud
b.
Description: Demonstration of creating a Cloud
c.
Resources: LocalGroup
d.
Logical Networks: Local Network
e.
Load Balancers: (none) Default
f.
VIP Templates: (none) Default
g.
Port Classifications: Select the following:
Host management
Guest Dynamic IP
High bandwidth
Medium bandwidth
Low bandwidth
h.
Storage: Local Storage
i.
Library: Select the Stored VM path: \\lon-host1.adatum.com\Host1Library\
j.
Capacity: Make the following changes:
Memory: 8 GB
Storage: 1,000 GB
Virtual machines: 3
Capability Profiles: Hyper-V
MCT USE ONLY. STUDENT USE PROHIBITED
11-16 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
5.
Review the various Create Cloud Wizard pages, and review the different items and selections as you complete the wizard.
6.
On the Summary page, use the View Script button to review the Windows PowerShell cmdlets. Do not save the script.
7.
After DemoCloud is created, in the details pane, open and review the Overview information.
8.
Close the Virtual Machine Manager console.
Managing a Cloud Chargeback and Governance of Resource Usage
As more and more organizations decide to use a private cloud model for IT delivery, business units might opt to use pooled cloud resources instead of purchasing dedicated resources for their application. There is a risk that private cloud consumers might continue to use IT services as they have in the past; that is, they will oversubscribe and underutilize the services. To encourage conservation, System Center 2012 SP1 and System Center 2012 R2 provide a number of mechanisms for resource governance, including quotas, leases, approvals, and chargeback. These provide both rules and incentives to encourage the recommended behavior from cloud consumers.
Organizations can use the new chargeback capability introduced in System Center 2012 SP1 to better measure and account for the allocation of virtual resources in their private cloud. Data center administrators create a price sheet for resources in their data center, and then apply this price sheet to one or more private clouds. A price sheet defines the fixed and variable costs for resources consumption, such as virtual CPU cores, memory, and storage. Different clouds will have different SLAs, and IT can price
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-17
resources differently in their various private clouds to reflect this. As business units create Cloud Resource Subscriptions to allocate capacity, VMM and Windows Server 2012 capture cost records in System Center 2012 Service Manager. You can use the data center application management and System Center 2012 monitoring capabilities to help provide a highly productive application and service experience to application owners. System Center 2012 SP1 and System Center 2012 R2 provide application management across four key private cloud capabilities: •
Application Self-Service
•
Application Performance Monitoring
•
Governance, Resource Management and Chargeback
•
Management Across Clouds
Application Performance Monitoring
System Center 2012 SP1 and System Center 2012 R2 provide a complete monitoring solution covering both the underlying infrastructure and all aspects of running applications. System Center 2012 SP1 and System Center 2012 R2 monitor the performance of an application by tracking: •
The infrastructure hosting the application. The physical components like network and storage, the virtual platforms and the operating systems.
•
The server-side components of the application. The execution performance of the application inside the service template.
•
The client-side components of the application. The end user experience.
•
A set of synthetic workloads designed to highlight failures in situations that might not otherwise be caught.
Aggregating this information enables the data center administrator to build rich dashboards and visualizations to quickly see how applications are performing against the defined service levels. Administrators can delegate these dashboards to application owners and operators to give them quick and detailed visibility of application performance and availability.
Global Service Monitor - Ensuring Applications Are Always Available
For organizations with Internet-facing applications, you should ensure that applications are always available to customers. Global Service Monitor extends management and monitoring capabilities from the on--premises data center into the public cloud. Global Service Monitor provides test agents that are hosted in Windows Azure computer locations around the world. The test agents look back into the private cloud environment and continuously monitor hosted applications. Global Service Monitor provides private cloud administrators and application owners real-time visibility of the performance and availability of their application from the Internet. Global Service Monitor provides a view of what customers see from more than 20 locations around the globe. Deleting a Cloud
Before you can delete a private cloud, you must ensure that the private cloud has no objects that reference it, such as services, service deployment configurations, and deployed or stored virtual machines. You should pay specific attention to any user roles that are assigned as part of a scope for that cloud. You must remove any user roles associated with the private cloud that you wish to delete. This does not delete the user role itself.
To remove a user role from a cloud: 1.
Open the Settings workspace.
2.
In the User Roles details pane, select the user role you want to remove.
3.
On the ribbon, click Properties.
4.
In the Properties dialog box, click the Scope workspace.
5.
In the Scope tree list, clear the cloud that you want to delete, and then click OK.
To delete a private cloud:
MCT USE ONLY. STUDENT USE PROHIBITED
11-18 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
1.
Open the VMs and Services workspace.
2.
In the VMs and Services pane, expand Clouds. Locate and then click the private cloud that you want to delete.
3.
On the Folder tab, click Delete.
4.
When you are prompted whether you want to remove the private cloud, click Yes.
5.
Open the Jobs workspace to view the job status. Question: How does chargeback benefit application owners?
Lesson 3
Working With User Roles in Virtual Machine Manager
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-19
After installation, most products are available immediately to the administrator. However, you might need to modify the system’s default configuration to make it more usable for other users. As with any system, you must implement security in VMM to lock down the functionality and to provide an audit trail for security. Configuring and enabling user roles in VMM is a relatively straightforward process, but it is a critical step that you should consider carefully. Because you are enabling access to a virtual environment that many users may use, you must plan user delegation to limit which actions users can perform. This lesson provides details on how role-based security works in VMM, and how to implement user roles in VMM.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the roles available in VMM.
•
Describe the objects and actions that you can delegate.
•
Describe the different types of user role profiles.
•
Create a user role.
•
Connect to VMM by using different user roles.
•
Create and use a user role in VMM.
What Are User Roles in VMM? You create user roles to address the various and disparate needs of different business users within an organization. A user role defines a set of operations that you can perform on a selected set of objects. A user role has several components, which can vary according to the profile selected: •
Profile. The profile of the user role determines what actions members of the user role can perform. This includes tasks such as starting and stopping virtual machines, creating checkpoints, and enabling remote control of the virtual machines.
•
Members. The members list specifies the Active Directory Domain Services (AD DS) user accounts and security groups that you assign to the role.
•
Scope. The scope outlines which objects the user can manage. You can limit the scope by using a private cloud, and depending on the profile, host groups and library servers.
•
Cloud quotas. Depending on the profile, you can specify cloud resource usage at a particular level.
•
Permissions. Depending on the profile, you can assign detailed permission levels.
One of the main characteristic of the private cloud is self-service. Using self-service, end users can request services in a controlled and guided manner. An automation process then either approves or denies the request, and if approved, executes the request in a consistent and predictable way. You can ensure that
MCT USE ONLY. STUDENT USE PROHIBITED
11-20 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
only certain people have the ability to place requests for particular offerings by using groups from AD DS. Active Directory groups enable you to segregate roles, which you can then apply settings to, limiting the types of services that users can request. Additionally, you can use user roles to consider not only who is using resources, but also how and why they are using the resource. By establishing user roles, you can predefine what you will allow users to do based on business needs, and what you will not allow them to do based on security needs. After you establish these user roles, you then add the Active Directory users or groups, depending on your needs. A user can be a member of more than one user role, in which case VMM grants the user the rights associated with all their roles. In some cases, you may need a different user profile with specific permissions on a group of hosts or even a cloud. This type of object in the VMM is called a Run As Profile, which is a service account that group members can use.
Objects and Actions that Can Be Delegated When creating a user role, you can define which objects in the VMM implementation the user role can manage. The main objects that you can delegate security for are: •
Private clouds
•
Host groups
•
Library servers
•
Virtual machines
Note: The Administrator user role has administrative access over the entire organization. You cannot modify this configuration.
A private cloud requires changes to the way that you manage information security. A private cloud can host applications and services for multiple tenants. Although all of these tenants will belong to the same organization, it is still necessary to maintain strict isolation between the virtualized private cloud resources allocated to different tenants. By doing this, you maintain the confidentiality and integrity of the data kept by the tenants in the private cloud.
The infrastructure of a private cloud is designed to maintain this isolation between virtual environments at run time. However, you should monitor the environment for attempts to break through the isolation, or for evidence that confidential information has been exposed or data tampered with. Operational activities such as those that relate to service continuity, availability management, and incident management may be designed to operate at the physical tier. An example of such an activity includes detecting and replacing a faulty server. However, these operations must maintain the isolation between different tenant's resources in the virtual environments in the cloud.
Private Clouds The resources available in a private cloud are: •
Virtual CPUs
•
Memory
•
Storage
•
Custom quotas (points)
•
Virtual machines
•
Data paths
The actions you can allow for these resources in a private cloud are to: •
Author
•
Checkpoint (snapshots)
•
Checkpoint (restore only)
•
Deploy
•
Deploy (from template only)
•
Local Administrator
•
Pause and resume
•
Receive
•
Remote connection
•
Remove
•
Save
•
Share
•
Shut down
•
Start
•
Stop
•
Store
Host Groups
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-21
If you are delegated to a host group, you can administer hosts and virtual networks that are in the assigned host groups. This includes virtual hard disks, virtual network adapters, SCSI adapters, and anything configured on virtual machines within the hosts. This can be useful if you want to group hosts based on your network’s administrative areas. For example, you might choose to group Hyper-V hosts based on the types of virtual machines that the servers host. This also can be useful if you group servers based on physical office locations, and then delegate administration accordingly.
Library Servers
A library server’s objects include virtual hard disks, virtual floppy disks, .iso image files, Windows PowerShell scripts, Sysprep answer files, and VMware templates. These objects are stored in all library shares on the library servers. You can delegate administrative control to each library server object. This can be useful if you distribute library servers in multiple locations, and you want to ensure that local administrators can work only with objects in the local library.
Virtual Machines
You can delegate permissions to virtual machines on a one-by-one basis. To enable users or groups to manage a specific virtual machine, you can add the user or group as the virtual machine owner in the VMM Administrator Console, or through the Self-Service Administration Portal site. You might choose to delegate permissions at the virtual machine level if you want to restrict which virtual machines in a host group that self-service users can manage.
User Role Profiles Administrator User Role
MCT USE ONLY. STUDENT USE PROHIBITED
11-22 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
The basic installation of VMM includes a default Administrator user role. The Administrator role is not a profile, but a preexisting user role. Members of the Administrator role can perform all VMM actions on all objects that the VMM server manages. Members of the Administrator role can create new Fabric (Delegated), and the following user roles: Read-Only, Tenant and Application (Self-Service), and Administrator. Only members of the Administrator user role can add additional members. Administrator role members, by default, include the domain user that performed the VMM installation, the VMM Server Computer account, and members of the server’s local Administrators group. Administrators are responsible for the following VMM features: •
Only administrators can add stand-alone Citrix XenServer hosts and Citrix XenServer clusters (known as pools) to VMM management.
•
Only administrators can add a Windows Server Update Services (WSUS) server to VMM, which enables VMM fabric updates through VMM.
Profiles You can create user roles by assigning one of four types of user role profiles in VMM: •
Fabric Administrator
•
Read-Only Administrator
•
Tenant Administrator
•
Application Administrator
Fabric Administrator Role
Members of the Fabric Administrator role have similar rights as the Administrator role. They can perform all administrative tasks within their assigned host groups, clouds, and library servers, except for adding Citrix XenServer and adding WSUS servers. The main difference between the two roles is that the Fabric Administrator role cannot modify global VMM settings, or add or remove Administrator role members. In addition, while the scope for the Administrator role is always the entire organization. you can limit the scope of the Fabric Administrator role. In System Center VMM 2008, the Fabric Administrator role was known as the Delegated Administrator role. This name may still show up in technical references
Read-Only Administrator Role
Read-only administrators can view properties, status, and job status of objects within their assigned host groups, clouds, and library servers. However, they cannot modify objects. In addition, the read-only administrator can view only the Run As accounts that administrators or delegated administrators have specified for that read-only administrator user role.
Tenant Administrator Role
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-23
In System Center 2012 SP1 VMM and newer editions, you can create Tenant Administrator user roles. Members of the Tenant Administrator user role can manage self-service users and virtual machine networks. Tenant administrators can create, deploy, and manage their own virtual machines and services by using the VMM console or a web portal. Tenant administrators can also specify which tasks the selfservice users can perform on their virtual machines and services. Tenant administrators can place quotas on computing resources and virtual machines.
Application Administrator (Self-Service User) Role
Members of the self-service user role can manage their own virtual machines within a restricted environment. A self-service user role specifies the operations that members can perform on virtual machines. You also can place a quota on the self-service user role, subsequently limiting the number virtual machines that a user can deploy at any one time. This quota can be useful when allowing testing teams to create workstations and servers. As an example, a server might have a quota of 10 points and a workstation might have a quota of 1 point, with the user being allowed a total of 25 quota points. Note: In System Center VMM 2008 and older VMM versions, the Application Administrator role was known as the Self-Service User role. This name may still show up in technical references.
Creating a User Role To configure a user role, you must run the Create User Role Wizard in the VMM console. The options that are available when you run the wizard depend on the type of user role that you are creating. Note: When you run the Create User Role Wizard, you can create only Delegated Administrator and Self-Service User roles. You cannot create additional Administrator user roles, although you can add members to the default Administrators user role. When using the Create User Role Wizard, complete the following steps to create a user role: 1.
Start the Create User Role Wizard.
2.
Name the user role, and provide a description. When given a choice about what type of user role you want to create, select the user role type.
3.
If you choose to create a Fabric or Read-Only Administrator role, provide the following information: a.
Members. You can add Active Directory user or group accounts to the user role. (You do not need to add members to the user role when you create it. You can do this later.)
Note: As a best practice, you should avoid adding user accounts directly to the user roles. Use Active Directory groups instead.
4.
MCT USE ONLY. STUDENT USE PROHIBITED
11-24 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
b.
Scope. You can specify the private cloud and host groups that the delegated administrator can administer. By default, no objects are selected. When you select an option, the administrator receives permissions for all child objects. For example, if you grant a fabric administrator permission to a host group, the administrator can manage all hosts and virtual machines within the host group.
c.
Library servers. Each member of this user role can use only the library servers that you specify.
d.
Run As accounts. Each member of this user role can use only the Run As accounts that you specify. (A Run As account is a container for a set of stored credentials.) Only administrators and fabric administrators can create and manage Run As accounts. Read-only administrators can see only the account names associated with Run As accounts that are in the scope of their user role.
If you choose to create a Tenant or Application User role, you will need to provide the following information as you complete the wizard: a.
Members. You can add Active Directory user or group accounts to the user role. (You do not need to add members to the user role when you create it. You can do this later.)
b.
Scope. The scope of the user role determines the objects on which the member of user role can perform actions. For the Tenant and Application Administrator profile, you only can specify a private cloud in their scope page. If no private cloud exists then the user role cannot perform actions.
c.
Quotas for the cloud name cloud. This setting is only for Tenant Administrators. Once you create a private cloud, you can specify whether it can use the maximum of any or all resources, or a subset of those resources, by setting a quota for the various resources. When you create a user role, you have the ability to further set limits on the resources for the specified private cloud. You can first set quotas at the root level, which will set all members of the role to the same standard. Next, you can set quotas at the member level, which means that each member of this user role has the same standard.
d.
Networking. Each member of this user role can use only the specified virtual machine networks. The administrator creating this user role can either select an existing virtual machine network, or create a new one.
e.
Resources. By default, users cannot save virtual machines in a library, and cannot connect the .iso files in the library to virtual machines. If you enable this option, you can limit user access to specific shared folders in the library of your choice. You can also choose whether users can use only the resources that you specify. To do this, you establish a user role data path, which is path to the library that you choose. This path enables the user role members to store virtual machines in the designated library share. It also determines whether users can access the .iso files stored in that specific library.
f.
Permissions. You can enable the user role to have a wide variety of permissions globally or on a private cloud, or you can apply more restrictive permissions that limit the actions that the user can perform. For example, you can enable users to start and shut down virtual machines, but can prevent them from creating checkpoints or stopping the virtual machines. You also can choose whether users can create their own virtual machines.
Connecting to VMM by Using Various User Roles Beginning with System Center 2008 VMM, VMM implemented role-based security to provide finer control over what users can do within the virtualized environment. RBAC is access that is based on assigning user roles. For each user role that you create, you configure the actions that members of that user role can perform, and you restrict the objects that members of the user role can manage. This security model supports delegated administration, which was not available in System Center 2007 VMM. Self-service user roles replace the self-service policies that were used to administer virtual machine self-service in System Center 2007 VMM.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-25
In RBAC, dynamic collections of object instances (such as hosts or virtual machines), determine the available targets for a particular operation that a user performs. For example, when a user with a specific user role attempts to start a virtual machine, VMM first checks whether the user role has permission to perform the Start action on virtual machines. VMM then verifies that the user role has the right to start the selected virtual machine.
The objects in RBAC are hierarchical. Providing access to a particular instance provides access to all instances contained in that instance. For example, providing access to a host group provides access to all hosts within the host group and to all virtual networks on the hosts. System Center 2012 VMM adds private cloud management capabilities to the Fabric Administrator user roles, and enhances the capabilities granted to Application user roles. In addition to using the Create User Role Wizard, you can create and manage user roles by using Windows PowerShell: •
To create a new user role, use the New-SCUserRole cmdlet.
•
To update user roles, use the Set-SCUserRole cmdlet.
•
To get information about the user roles for a specified user, use the Get-SCUserRoleMembership cmdlet.
Demonstration: Creating and Using a VMM User Role In this demonstration, you will see how to create a user role by using the Create User Roles Wizard.
Demonstration Steps 1.
Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.
2.
On the desktop, on the taskbar, click the Virtual Machine Manager console icon.
3.
On the Connect To page, click Connect.
4.
In the Virtual Machine Manager console, in the lower left Workspace area, click Settings. In the Settings console tree, click the User Roles node.
5.
Review all of the icons and buttons on the ribbon.
MCT USE ONLY. STUDENT USE PROHIBITED
11-26 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
6.
On the ribbon, click the Create User Role icon. Create a User Role named DemoRole, with a description of User role created for demonstration. Choose the profile Fabric Administrator (Delegated Administrator).
7.
Add the ADATUM\IT Active Directory domain group as Members, and the DemoCloud and LocalGroup as the scope.
8.
Select host1.adatum.com as a library server.
9.
On the Summary page, review the Windows PowerShell cmdlets but do not save them. Finally, create the user role.
10. After the DemoRole is created, review the properties. 11. Close the Virtual Machine Manager console.
Lab: Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-27
A. Datum Corporation has finished deploying the core features in VMM. At this point, only the main office and branch office server administrators can manage the virtual servers and hosts. Several business groups have requested that they manage their own virtual machines. These business groups want the flexibility to create and manage their own virtual machines, rather than waiting for a server administrator to do this for them. Although IT management would like to enable business groups to manage their own virtual machines, they are concerned about the impact to the rest of the virtualization environment. You need to implement a solution that will enable this functionality, but also limit the impact that any business group can have on the rest of the infrastructure. You will implement this solution by creating private clouds within VMM.
Objectives After completing this lab, you will be able to: •
Create a private cloud by using VMM.
•
Create and manage user roles.
•
Deploy virtual machines to a private cloud.
Lab Setup Estimated Time: 25 minutes Virtual machines: 20409B-LON-HOST1, 20409B-LON-DC1, 20409B-LON-VMM1, 20409B-LON-CL1 User name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin, you must complete the following steps: 1.
On the host computer (LON-HOST1), start Hyper-V Manager.
2.
In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start. Wait 30 seconds.
3.
Click 20409B-LON-VMM1, in the Actions pane, click Start, and then click Connect. Wait until the virtual machine starts.
4.
Sign in by using the following credentials:
5.
o
User name: Administrator
o
Password: Pa$$w0rd
o
Domain: Adatum
Repeat step 3 for 20409B-LON-CL1. Do not sign in until directed to do so.
Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines. However, you can shut down all virtual machines after finishing this lab.
Exercise 1: Creating a Private Cloud Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
11-28 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
In this exercise, students will review supporting documentation, and will create a cloud based on a host group and explore its properties. Email From: Ed Meadows To: IT department Subject: Test of Adatum private cloud 1.
Now that we have our VMM infrastructure in place, I would like to see you implement business unit access to the private cloud.
2.
Both the Development and Research departments of A Datum should have ability to create and manage virtual machines and other resources for testing purposes.
3.
Please create private cloud space for these departments, and that ensure their personnel can create virtual machines, use them, and then delete them within their own private cloud.
4.
As discussed in our meeting on Tuesday, we need to ensure that our available resources are not overwhelmed, so consider limiting the total number of virtual machines and the resources devoted to these departments within each cloud. However, I’d like you to test it by letting them create only one virtual machine, and then do further testing to ensure that they cannot create another by further testing.
Ed Meadows, CTO, Adatum
The main tasks for this exercise are as follows: 1.
Review the scenario and the email from Ed Meadows, and then answer the questions.
2.
Create the Development private cloud.
3.
Create the Research private cloud.
Task 1: Review the scenario and the email from Ed Meadows, and then answer the questions Review the scenario and the email from Ed Meadows, and then answer the following questions: 1.
How many private clouds do you need to create?
2.
How many user roles should you create?
3.
How will you fulfill the requirement to ensure the resources are not overwhelmed?
Task 2: Create the Development private cloud 1.
Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.
2.
On the desktop, on the taskbar, click the Virtual Machine Manager Console icon.
3.
On the Connect To page, click Connect.
4.
In the Virtual Machine Manager console, in VMs and Services, create a cloud with the following properties: a.
Name: DevCloud
b.
Description: Cloud for the Development Department.
c.
Resources: LocalGroup
d.
Logical Networks: External Network
e.
Load Balancers: (none) Default
f.
VIP Templates: (none) Default
g.
Port Classifications: Host management
Guest Dynamic IP
High bandwidth
Medium bandwidth
Low bandwidth
h.
Storage: Local Storage
i.
Library: (none) Default
j.
Capacity: Make the following changes:
k. 5.
Memory: 8 GB
Storage: 1,000 GB
Virtual machines: 3
Capability Profiles: Hyper-V
11-29
After DevCloud is created, click and then review the Overview information in the details pane. Verify that the capacity settings match the values that you set in the wizard.
Task 3: Create the Research private cloud •
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
In the Virtual Machine Manager console, in VMs and Services, create a cloud with the following properties: a.
Name: ResCloud
b.
Description: Cloud for the Research Department
c.
Resources: LocalGroup
d.
Logical Networks: External Network
e.
Load Balancers: (none) Default
f.
VIP Templates: (none) Default
g.
Port Classifications:
Host management
Guest Dynamic IP
High bandwidth
Medium bandwidth
Low bandwidth
h.
Storage: Select Local Storage
i.
Library: (none) Default
j.
6.
Capacity: Make the following changes:
Virtual CPUs: 2
Memory: 8GB
Storage: 1,000GB
Virtual machines: 3.
Capability Profiles: Hyper-V
MCT USE ONLY. STUDENT USE PROHIBITED
11-30 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
After ResCloud is created, click and then review the Overview information in the details pane. Verify that the capacity settings match the values that you entered in the wizard.
Results: After completing this exercise, you should have created a private cloud based in a host group, and you should have reviewed its properties.
Exercise 2: Working With User Roles Scenario
In this exercise, students will create the user roles Read-Only Administrator and Application Administrator. They also will explore different configuration options, and then connect to VMM as a member of different roles to confirm which actions they can perform. The main tasks for this exercise are as follows: 1.
Create the Development department user role.
2.
Create the Research department user role.
Task 1: Create the Development department user role 1.
In the Virtual Machine Manager console, in the lower-left workspace, click Settings.
2.
In the console tree, click the User Roles node.
3.
Use the Create User Role button to create a User Role named DevRole, with a description of User role created for the Development Department. Choose the profile Application (Self-Service User) Administrator.
4.
Add the ADATUM\Development Active Directory domain group as members.
5.
On the Scope page, select the DevCloud check box.
6.
On the Quotas for the DevCloud cloud page, in the Member level quotas section, clear the Use Maximum column check box in the Virtual Machines row, and then in the Assigned Quota column, type 1.
7.
On the Networking page, select the External network.
8.
On the Resource page, in the Specify user role data path, click MSSCVMMLibrary.
9.
On the Permissions page, under the Name column, select all check boxes except for Receive and Share.
10. On the Summary page, create the User Role.
Task 2: Create the Research department user role
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-31
1.
In the Virtual Machine Manager console, in the lower left Workspace, click Settings.
2.
In the Settings console tree, click User Roles.
3.
Use the Create User Role button to create a user role named ResearchRole, with a description of User role created for the Research Department.
4.
Choose the profile Application (Self-Service User) Administrator.
5.
Add the ADATUM\Research Active Directory domain group as members.
6.
On the Scope page, select the ResCloud check box.
7.
On the Quotas for the ResCloud cloud page, in the Member level quotas section, in the Virtual Machines row, clear the Use Maximum column check box, and then in the Assigned Quota column, type 1.
8.
On the Networking page, click External network.
9.
On the Resource page, in the Specify user role data path, select the Host1Library.
10. On the Permissions page, under the Name column, select all check boxes except the Receive and Share check boxes. 11. On the Summary page, create the user role.
12. In the Settings console tree, in the Security node, under User Roles, verify that the ResearchRole object displays in the User Roles details pane. 13. Click the ResearchRole object, and then on the ribbon, click the Properties button.
14. In the ResearchRole Properties dialog box, review the various properties, and then click Cancel.
Results: After completing this exercise, you should have created several user roles, explored different configuration options, and then connected VMM as a member of different roles to confirm which actions they can perform.
Exercise 3: Deploying Virtual Machines to a Private Cloud Scenario
In this exercise students, will deploy to a private cloud, a virtual machine that is based on the existing virtual machine template. The main tasks for this exercise are as follows: 1.
Use the Virtual Machine Manager console on LON-CL1 to create virtual machines as a Development department user.
2.
Use the Virtual Machine Manager console on LON-CL1 to create virtual machines as a Research department user.
Task 1: Use the Virtual Machine Manager console on LON-CL1 to create virtual machines as a Development department User 1.
Sign in to LON-CL1 as adatum\ben with a password of Pa$$w0rd. You may have to wait a moment while the user’s profile is created.
MCT USE ONLY. STUDENT USE PROHIBITED
11-32 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
2.
Navigate to the Apps by name start screen, and pin the Virtual Machine Manager Console tile to the desktop taskbar.
3.
Start the Virtual Machine Manager console.
4.
In the Connect to Server pop-up, change the Server name to LON-VMM1.adatum.com.
5.
In the VMs and Services workspace, click DevCloud.
6.
Create a virtual machine with the following properties on these pages: a.
Select Source: Create the new virtual machine with a blank virtual hard disk
b.
Identity:
Name: 1stDevCloudVM
Description: First virtual machine in the DevCloud
c.
Configure Hardware: select the Hyper-V check box
d.
Select Destinations: Deploy the virtual machine to a private cloud
e.
Select Cloud: DevCloud
f.
Add Properties: default (no change)
g.
Summary: Create
7.
Verify that 1stDevCloudVM now displays in the DevCloud VMs details pane.
8.
Attempt to make another virtual machine, using step 6 above, but change the name to 2ndDevCloudVM and the description to Second virtual machine in the DevCloud.
9.
The task will fail at step 6e.
10. On Ratings Explanation tab, note the line that says, “The operation results in a violation of the virtual machine count quota for the private cloud.” 11. With the DevCloud selected, right-click 1stDevCloudVM, and then click Delete. When a confirmation pop-up displays ,click Yes. 12. Close the Virtual Machine Manager console, and sign out of LON-CL1.
Task 2: Use the Virtual Machine Manager console on LON-CL1 to create virtual machines as a Research department user 1.
Sign in to LON-CL1 as adatum\hani with a password of Pa$$w0rd. You may have to wait a moment while the user’s profile is created.
2.
Navigate to the Apps by name start screen, and pin the Virtual Machine Manager console tile to the desktop taskbar.
3.
Start the Virtual Machine Manager Console.
4.
In the Connect to Server pop-up, change the Server name to LON-VMM1.adatum.com.
5.
In the VMs and Services workspace, select ResCloud.
6.
Create a virtual machine with the following properties on these pages: a.
Select Source: Create the new virtual machine with a blank virtual hard disk
b.
Identity:
Name: 1stResCloudVM
Description: First virtual machine in the ResCloud
c.
Configure Hardware: Select the Hyper-V check box.
d.
Select Destinations: Deploy the virtual machine to a private cloud
e.
Select Cloud: ResCloud
f.
Add Properties: default (no change)
g.
Summary: Create
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
11-33
7.
Observe that 1stResCloudVM now displays in ResCloud VMs details pane.
8.
Attempt to make another virtual machine, using step 6 above, but change the name to 2ndResCloudVM and the description to Second virtual machine in the ResCloud.
9.
The task will fail at step 6e. On the Ratings Explanation tab, note the line that says, “The operation results in a violation of the virtual machine count quota for the private cloud.”
10. With the ResCloud selected, right-click 1stResCloudVM, and then click Delete. When the confirmation pop-up displays, click Yes. 11. Close the Virtual Machine Manager console and sign off LON-CL1.
Results: After completing this exercise, you should have used the VMM console to create virtual machines as a Development department user, and as a research department user.
Module Review and Takeaways Review Questions Question: What is the main difference between private clouds and set of virtual machines that users can access and administer? Question: What considerations do you need to make before you delete a private cloud? Question: You need to allow non-IT users to make their own virtual machines, but host server space is limited. What would be the appropriate user role profile to use, and what specific settings should you set?
Tools
MCT USE ONLY. STUDENT USE PROHIBITED
11-34 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
•
Use the Create Cloud Wizard to create a private cloud in VMM 2012.
•
Use the Create User Roles Wizard to create collections of users that can be assigned permissions to all or some private clouds, and select permission to what can be done by the user role on resources in that private cloud.
•
Use System Center 2012 - App Controller to provide a common self-service experience that can help you configure, deploy, and manage virtual machines and services across private and public clouds.
Common Issues and Troubleshooting Tips Common Issue A user cannot create a virtual machine in a specific cloud.
You cannot delete a cloud because it has virtual machines that you want to keep.
You have set the quotas for a particular cloud, and the self-service users have consumed them all, but need to use more. You have added a new host, but they still cannot create more virtual machines.
Troubleshooting Tip
MCT USE ONLY. STUDENT USE PROHIBITED 12-1
Module 12 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller Contents: Module Overview
12-1
Lesson 1: Understanding Services in VMM
12-2
Lesson 2: Creating and Managing Services in VMM
12-9
Lesson 3: Using App Controller
12-16
Lab: Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
12-24
Module Review and Takeaways
12-30
Module Overview
Deploying services in the private or public cloud environment is key to managing your cloud environment. Microsoft System Center 2012 R2 Virtual Machine Manager (VMM) introduces several new tools for creating, managing, and deploying services in your cloud environment. These new tools integrate with System Center 2012 R2 App Controller (App Controller), which end users can use to deploy services for their own use. In this module, you will learn about VMM services and managing services by using VMM. You will also see how you can configure and deploy both services and the servicemanagement feature. You will see how to use App Controller to configure, deploy, visualize, and update multitier application components in the context of holistic service delivered to a business. You will also learn how service consumers can view all the applications for which they are responsible in one window. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.
Objectives After completing this module, you will be able to: •
Explain the purpose and functionality of a service.
•
Create and manage services in VMM.
•
Describe how to use App Controller.
Lesson 1
Understanding Services in VMM
MCT USE ONLY. STUDENT USE PROHIBITED
12-2 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
One of the most important tasks in cloud technology is deploying and managing services in the private or public cloud environment. VMM includes several new tools that you can use for creating, managing, and deploying services. These new tools integrate with App Controller, which end users can use to deploy services for their own use. In this lesson, you will learn about services and service management in VMM, and you will see how you can configure and deploy them.
Lesson Objectives After completing this lesson, you will be able to: •
Explain the purpose and functionality of a service.
•
Describe a service template.
•
Describe the components and configuration settings of a service template.
•
Explain how to create and manage a service and a service template.
•
Describe common scenarios for creating and deploying services.
What Is a Service? Services are a new concept in VMM. Therefore, it is very important that you understand services fully before deploying a private cloud infrastructure. The concept of a service in VMM differs from traditional service scenarios.
Traditional Services Scenario
Services usually refer to an application or set of applications that provide some service to end users. For example, you can deploy various types of web-based services, but you can also implement a service such as email. In a noncloud computing scenario, deploying any type of service usually requires that users, developers, and administrators work together through the phases of creating a service, deploying a service, testing the service, and maintaining the service. A service often includes several computers that must work together to provide a service to end users. For example, a web-based service is usually an application that deploys on a web server, connects to a database server (which can be hosted on another machine), and performs authentication on an Active Directory domain controller. Enabling this application requires three different roles, and possibly three different computers: a web server, a database server, and a domain controller. Deploying a test environment for a service such as this can consume time and resources. Ideally, developers work with IT administrators to create an environment where they can deploy and test their web application.
Concept of a Service in a Private Cloud Scenario With the concept of a private cloud, how you manage services and service-related tasks can change significantly. In a private cloud, you can prepare the environment for a service, and then let developers deploy the service by using a self-service application such as App Controller.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-3
In VMM, a service is a set of one or more virtual machines that you deploy and manage together as a single entity. You configure these machines to run together to provide a service. In VMM 2008, users were able to deploy new virtual machines by using the Virtual Machine Manager Self-Service Portal. System Center 2012 VMM enhances this feature to allow users to deploy new services. In System Center 2012 Service Pack 1 (SP1) VMM, the functionality of the Self-Service Portal is in the System Center 2012 App Controller, which also can deploy services. By deploying a service, users actually are deploying the entire infrastructure, including the virtual machines, network connections, and applications that make the service work. However, you can use services to deploy only a single virtual machine without any specific purpose.
You now can use App Controller to create a service that will deploy a virtual machine that is joined to a domain. That virtual machine could have several roles and features preinstalled, such as Windows Server 2008 R2. This simplifies the process of creating and updating new virtual machines. You also can deploy sets of preinstalled virtual machines that work together to support a distributed application, such as a web application.
What Is a Service Template? Deploying a new service requires a high level of automation and predefined components, and requires management software support. VMM provides service templates for this purpose. A service template is a template that encapsulates everything required to deploy and run a new instance of an application. Just as private cloud users can create new virtual machines on demand, users can also use service templates to install and start new applications on demand.
A service template provides the foundation for deploying a virtual machine and using a different profile to configure instances that the profile settings define. A service is a set of virtual machines that you configure and deploy together to support specific infrastructure requirements. For example, you may have a multitier web-based application that requires a Microsoft SQL Server database. A service template gathers all of the configuration settings into a single managed entity for the multiple servers. You can only configure and deploy a virtual machine with SQL Server when you deploy the application as a service.
Process for Deploying a New Service
When using service templates in VMM, the process of deploying a new service or application is as follows: 1.
The system administrator creates and configures service templates in VMM by using Service Template Designer.
2.
The application owner, such as a developer who needs to deploy the application environment, opens the App Controller portal, and requests a new service deployment based on available service templates that he or she can access. The user can then deploy the service to a private cloud where a user has access. As an alternative to App Controller, the user also can use the VMM console.
3.
A request is submitted and the VMM management server evaluates the request. VMM searches for available resources in the private cloud, then calculates the user quota, and verifies that the cloud is capable for the requested service deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
12-4 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
4.
VMM creates the service automatically, and then deploys the virtual machines and applications (if any) on the host that it chooses.
5.
The application owner gains control over service virtual machines through the App Controller portal, or by Remote Desktop Protocol (RDP).
If there is a need for manual approval for resource creation, you can use Microsoft System Center 2012 Service Manager to create workflows for this purpose.
Information Included in the Service Template
The service template includes information about the virtual machines that VMM deploys as part of the service. The service template also includes which applications to install on the virtual machines, and the networking configuration that the service requires, including the use of a load balancer. The service template also can make use of existing virtual machine templates. While you can define the service without using any existing virtual machine templates, it is much easier to build a template if you create the virtual machine templates first. After creating the service template, you can configure it for deployment by using the Configure Deployment option.
Common Scenarios for Using Services Several typical situations exist in which you might use services. Most organizations incorporate some of these scenarios, and perhaps all of them. The following section describes the usefulness of these common scenarios and their requirements: •
Deploy a virtual machine with Windows Server roles or features installed. There are many reasons why an organization might benefit from this deployment type. It is relatively simple and straightforward and has been a common practice with physical servers for many years. In this deployment scenario, you automate most of the manual steps by having a guest operating system profile that details the steps. You would install a virtual machine with at least the Windows Server 2008 R2 operating system or newer. Because these systems might be providing some type of service to multiple users, you would want to ensure they are member servers in a domain. Next, you would create a guest operating-system profile that lists the roles and or features that you want to install.
•
Deploy an updated version of the guest operating system, such as the latest service pack, to a virtual machine. Most software companies update their products regularly to include hardware improvements and enhanced security features that can counter increasingly sophisticated security threats. For example, over the past decade, Microsoft has released several versions of Windows Server, starting with Windows Server 2003 through Windows Server 2012 R2. In such cases, you would create a new virtual hard disk with the updated operating system, and then create an updated service template. You then would deploy the new virtual machine with the updated settings.
•
Deploy a Microsoft Server Application Virtualization (Server App-V) application. A Server App-V application is an image of an application that you can load to a virtual machine without having to install it as a local application. Because you are not installing an application locally, you can have different versions of the same application running on the same virtual machine, such as different versions of a web application.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-5
You use Server App-V to create virtual application packages that you can deploy to computers that are running a Windows Server operating system and have the Server App-V agent installed. You create virtual application packages by sequencing the application using Server App-V. You then create an application profile and add it to a service template, which can then deploy out the application. •
Deploy an instance of SQL Server to a virtual machine. Many web-based applications and multitier services use SQL Server for database functionality. You often have to deploy database applications to support virtualized services within the private cloud. You can use a SQL Server profile as a building block for deploying instances of SQL Server onto virtual machines. You first create a virtual hard disk that contains a sysprepped version (prepared instance) of SQL Server. From this virtual hard disk, you will create a SQL Server profile that contains instructions for customizing an instance of SQL Server for a SQL Server data-tier application. You then can deploy this instance to a virtual machine as part of a service.
For more information about these common scenarios, refer to: Common Scenarios for Services http://go.microsoft.com/fwlink/?LinkID=386740
Service Template Components Application Profiles When you deploy a virtual machine as part of a service, application profiles provide configuration instructions for installing specific application types. Application profiles support the following application types: •
SQL Server data-tier applications (DACs)
•
Server App-V applications
•
Web applications
•
Scripts
Hardware Profiles
A hardware profile contains specifications for various hardware components such as the number of processors, memory allocation, integrated drive electronics (IDE) devices, small computer system interface (SCSI) adapter configurations, and network adapter configurations. Although, you can deploy a virtual machine without a hardware profile, using a hardware profile in conjunction with a virtual machine template ensures that your virtual machine deployment uses a consistent hardware configuration.
Physical Computer Profiles
Physical computer profiles replace host profiles in System Center 2012 R2 VMM. Similar to a host profile, you can use physical computer profiles to provision a Microsoft Hyper-V host system. You can create and store one or more physical computer profiles within the Virtual Machine Manager library. You create a physical computer profile using the New Physical Computer Profile Wizard. The physical computer profile contains various settings such as what operating system .vhdx file to use, hardware configurations, operating system configurations, and virtual machine placement paths for default locations in which to store virtual machines. Note that you do not use a physical computer profile to create a virtual machine template, because physical computer profiles specify settings for a physical host, not a virtual machine.
Guest OS Profiles
MCT USE ONLY. STUDENT USE PROHIBITED
12-6 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
In the virtual machine template, you can configure the guest operating system profile settings manually, or you can import settings from a preconfigured guest OS profile. If you do not need to customize the operating system, you can select None – customization not required. Note: If you choose not to include a guest OS profile in the virtual machine template, VMM removes all other application and SQL Server profile settings so that they are not available for configuration in the virtual machine template.
SQL Server Profile The SQL Server profile contains a number of configuration settings, such as the instance name and ID, product key, media source, SQL Server administrators, and service account designations.
VM Template
When you create a new virtual machine, either you can derive the source of the new virtual machine from an existing virtual machine or hard disk, or you can base the new virtual machine on a VM template. If you use a stored virtual machine or a virtual hard disk, you can only customize the hardware settings; there is no option for adding additional information such as the operating system configuration or applications. A VM template provides additional flexibility and efficiency for virtual machine deployment. The advantages of using a VM template include the following: •
You can configure hardware, operating system, applications, and SQL Server specifications.
•
You can use them to create new virtual machines or service templates.
•
You can share them with self-service users or roles to provide a consistent virtual machine deployment process.
Each service template that you create in VMM has several settings that you can configure. You access these settings by opening the Properties dialog box of the service template that you are creating. The following list provides explanations for the most important service template settings: •
Name. Specify the name for the service template. This name will appear in the virtual machine and in the Services workspace. Additionally, this is the name that self-service users will see, so use descriptive names.
•
Release. Specify a value that indicates the service template’s version. The release value is important when you update a service. The release value helps you to identify the version of the service template. Each time you create a service template and make a deployment based on the template, you can make no further changes to it. If you want to make changes, you must first create a new version.
•
Dependencies. Specify the location in which you can view objects that derive from a specific service template, and library resources that the template references. You cannot make any changes here.
•
Access. Define the service template’s owner. You also can list self-service users that can use this service template to deploy a service. If you want to provide self-service users with the ability to deploy services by using the VMM console or by using App Controller, you must add them to the access list for the service template.
You should configure all service template settings before you begin deploying services from a specific template.
Service Life Cycle Management Services always link to the service templates from which they were created. If you have a central location that contains the service templates and their core settings, you have less of a chance of different instances straying from the desired configuration those settings represent. Occasionally, you or application users will need to update the deployed service instances and perhaps scale out those services to additional users. At that point, you will need to create a new version of the service template, associate it with a running instance, and then update the instance with the updated template.
Why Use Services?
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-7
1.
You can use services to model and manage multitier applications as a single unit across a group of virtual machines.
2.
By enabling automatic scale-out, you can manage application peak loads easily by adding more virtual machines to run an application as load increases. You also can add virtual machines manually.
3.
You can create operating-system images and applications dynamically when you deploy them, as necessary. This means that deployment consumes fewer resources unless they are necessary at a specific moment.
4.
Application administrators can change service instances dynamically by updating the service template as necessary.
Service Life Cycle Management When working with a typical VMM service-management life cycle, you: 1.
Start by creating a service template. To do so, you create a number of profiles based on different hardware and service elements, and then join these together to make a virtual machine template.
2.
Use the virtual machine template to create a service template from which VMM can derive service instances.
3.
Can preview and customize the template before you deploy.
4.
Can deploy the template once it meets your satisfaction.
Deploying the template makes it available to application users who can create their own service instances. At this point, an organization is using a service. This would be part of normal operations, which can continue for months or even years. The organization benefits from the speed with which it can deploy a service and that service’s dependability.
At some point, modifications may be necessary. Perhaps you no longer need a running service, or you require a new version. When this happens, you can update the service. To update a service, you update the template by reconfiguring the service instance with the new requirements. You then change or update the profiles, and repackage them into an updates template, from which you can redeploy the service until the next update occurs.
MCT USE ONLY. STUDENT USE PROHIBITED
12-8 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
For example, suppose your organization wants to promote its products up to, and cumulating with, an advertisement during a global sporting event. You might announce a website to which customers can navigate to enter a prize drawing, but only during that specific sporting event. Your organization would expect to get millions of visits to that webpage during the event, but very few, if any, after. Therefore, you could use a service for this promotion. Once the event is complete, you could turn off the service and delete the service template.
Lesson 2
Creating and Managing Services in VMM
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-9
Services are essentially a set of virtual machines that you configure and deploy together and then manage as a single entity. You can create and modify service templates that allow this deployment and management. Additionally, System Center 2012 VMM introduces the Service Template Designer that offers a graphical management tool to create and configure virtual machine templates. In addition, you might want to change the scale of a service, update a service, or even import a service template into another VMM infrastructure.
In this lesson, you will focus on creating service templates and deploying them out as services, including virtual machines.
Lesson Objectives After completing this lesson, you will be able to: •
Explain how to create a service template.
•
Describe how to configure service template properties.
•
Work with the Service Designer.
•
Describe how to create deployment configuration for services.
•
Deploy a service.
•
Describe how to scale out a service.
•
Describe how to update a service.
•
Describe how to export and import service templates.
Creating a Service Template In the VMM console, you use the Service Template Designer to create a service template, which defines the configuration of the service. When you start the Service Template Designer, few preconfigured patterns will be available. However, you can create additional templates by modifying the Blank pattern, or by selecting either the Single Machine pattern, the Two-tier Application pattern, or the Three-tier Application pattern. Deploying tiers actually defines levels of your application. For example, one tier of your application can be a web server (or servers), while a second tier could be database servers.
A tier is not the equivalent of a virtual machine. A tier—or more specifically, a machine tier—contains one or more virtual machines of an identical type. When you create a tier, you specify the default, minimum, and maximum values for the number of virtual machine instances that you will allow in in the tier. You also can add a virtual IP load balancer to a tier that has virtual machines with services that need load balancing. By creating tiers, you define levels on which your application is working.
MCT USE ONLY. STUDENT USE PROHIBITED
12-10 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
The simplest way to add a tier is to use the Service Template Designer. In the Service Template Designer, a list of available virtual machine templates displays in the left pane. Select the virtual machine template that you want to use to create a tier, and then drag the virtual machine template on to the canvas. Service Template Designer then creates the tier using the properties of the virtual machine template that you selected. For each tier that you have in your service template, you can configure options such as name, scale-out capabilities, hardware configuration, operating system configuration, and application configuration. If you created a service template with a pattern that creates default tiers for you, you can drag the virtual machine template on to one of those default tiers. The service template then configures the tier with its properties. Additionally, you can add tiers.
However, be aware that the service template does not create a link or relationship between the virtual machine template and the tier that you create. Any subsequent changes that you make to the virtual machine template in VMM do not propagate to the tier in the service template. Furthermore, any configuration settings that you make to the tier do not propagate to the virtual machine template. The virtual machine template that you drag to the tier in the Service Template Designer provides you with a configuration template that you can modify. However, it establishes no permanent connection between the virtual machine template, tier, or service template.
Configuring Service Template Properties Each service template that you create in VMM has several settings that you can configure by accessing the Properties dialog box of the service template that you are creating. The following list describes the most important service template properties that you can configure: •
Name. Specify the name for the service template. This name will appear in the virtual machine and Services workspace. This also is the name that self-service users will see, so use descriptive names.
•
Release. Specify a value that indicates the service template’s version. The release value is important when you update a service, because it identifies the version of the service template. Each time you create a service template, and perform a deployment based on that template, you can make no further changes to it. If you want to make changes, you must first create a new version.
•
Dependencies. Specify the location at which you can view objects that derive from a specific service template, and library resources that the template references. You cannot make any changes here.
•
Access. Specify the template’s owner. You also can list self-service users that can use this service template to deploy a service. If you want to allow self-service users to deploy services by using the VMM console, or by using App Controller, you must add them to the service template’s access list.
We recommend that you configure all service template settings before you begin deploying services based on that template.
Demonstration: Working with Service Designer In this demonstration, you will see how to work with Service Designer.
Demonstration Steps
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-11
1.
Sign in to LON-VMM1 as adatum\administrator with the password Pa$$w0rd.
2.
Open the Virtual Machine Manager console.
3.
In the Virtual Machine Manager console, click the Create Service Template icon, and then create a service template with the following properties: a.
General page:
b.
Name: DemoServiceVM
Hardware Configuration page:
Compatibility: Hyper-V
Select a virtual hard disk: SmallCore.vhd
Network Adapter 1 (Legacy) details pane: Connected to a VM network: External Network.
c.
Operating System Configuration: In the Operating system drop-down list, click 64-bit edition of Windows Server 2012 Standard.
d.
Application Configuration: Click None – do not install any applications.
e.
SQL Server Configuration: Accept the defaults (None).
f.
Custom Properties: Accept the defaults.
g.
Settings: Accept the defaults.
h.
Dependencies: Accept the defaults.
i.
Validation Errors: Validation errors appear here. Accept defaults.
j.
At the bottom of the Single Tier Properties dialog box, click OK.
Creating Deployment Configuration for Services After you create the service template, you then can deploy the service to a private cloud or to virtual machine hosts. To deploy a service, you should first create a service deployment configuration. You can create a deployment configuration by right-clicking a service, and then selecting Configure Deployment. Type a name for the deployment configuration, and then select a destination for the service. You can choose between host groups and private clouds.
After you type the service’s name and select its destination, placement evaluation will be performed. Following the evaluation, the Deploy Service console opens, displaying the deployment diagram and the selected host machine or private cloud. From this console, you can configure a virtual machine name and a computer name for the virtual machines that you will deploy as a part of service.
MCT USE ONLY. STUDENT USE PROHIBITED
12-12 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
By default, VMM generates names in format ServiceVM0000X.domain for both virtual machine name and computer name. However, you can change this for each service deployment.
When you click the Deploy Service button in the Deploy Service console, you initiate the deployment process. You can monitor deployment progress in the Jobs window. Depending on the number of virtual machines that you deploy, and the network and storage speed, this process can take ten minutes and up to a few hours. For long-running service deployments, we recommend that you monitor the VM Manager log in Event viewer, and the System log on the VMM management server. Event Viewer provides detailed information about the tasks performed. After the service deploys, you can update the service template, and then deploy those updated changes to the already deployed service. Alternatively, you can deploy additional virtual machines to an existing service to provide additional resources for the deployed service.
You can also start a deployment from the App Controller portal. If you provide a self-service user role with access to a service template, self-service users can initiate a service deployment by using App Controller. Optimally, in a private cloud environment, end users should use App Controller to deploy services and applications without ever having to know a virtual machine’s number, configuration, or location. Note: The VMM Self-Service portal has been removed in System Center 2012 SP1.
Demonstration: Deploying a Service In this demonstration, you will see how to deploy a service.
Demonstration Steps 1.
Use your mouse to drag the External Network box next to the NIC 1 box.
2.
Click Save and Validate the service, and then click the Configure Deployment icon. Provide the name of the service as follows: o
Name: Demo Service
3.
In the Deploy Service – Demo Service dialog box, if a pink shaded area displays in the Deploy Service – Demo Service console, with a message saying it could not find a host, click the Refresh Preview button.
4.
Click Deploy Service, and in the Deploy service pop-up window, click Deploy. On LON-HOST2, in Microsoft Hyper-V Manager console, connect to the new virtual machine, and then Skip the product key input page.
5.
Close the Jobs window.
6.
Close all open windows.
Scaling Out a Service After you deploy a service, you may need to deploy additional virtual machines to a tier in that service. You can use the VMM scale-out functionality for such scenarios. You may need to expand your service quickly due to rapid growth in demand. Consider, for example, a particular product that you sell only during a holiday season. An organization with a website that sells this particular product might see a big increase in visits to their webpage during the holiday season. In this scenario, the ability to scale out additional virtual machines that are hosting web servers would be ideal.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-13
You specify within a tier’s properties in a service template whether you want to allow that tier to scale out. You can set the minimum and maximum number of virtual machines that you want to deploy in that tier, and if users try to scale out that tier beyond that maximum number, they will receive a warning. However, VMM will not prevent you from scaling out that tier. The tier and service will display a Needs Attention status in the VMs and Services workspace. Use the following procedure to scale out a tier in a deployed service: 1.
Open the VMs and services workspace.
2.
Select the private cloud or host group to which you deployed the service.
3.
Select the service to scale out.
4.
On the Home tab of the ribbon, click the Services icon.
5.
On the Service tab of the ribbon, click the Scale Out icon. This opens up the Scale Out Tier Wizard.
6.
The first page of the wizard is the Select Tier page. The Tier details section shows the number of virtual machines currently deployed, and the minimum and maximum tier sizes.
7.
On the Select Tier page, click the Tier drop-down list box, click the tier that you want to scale out, and then click Next.
8.
On the Specify Virtual Machine Identity page, type a name for the new virtual machine that you are creating, and then click Next.
9.
Depending on whether the tier is in a service that is deployed to a private cloud or to a host already, do the following: o
Service deployed to a private cloud:
o
On the Configure Settings page, click Identity Information in the settings tree, and in the Computer name text box, type the computer name, and then click Next.
Service deployed to a host group: i.
On the Configure Settings page, click Identity Information in the settings tree, and then in the Computer name text box, type the computer name.
ii.
Update any other virtual machine settings as needed, and then click Next.
10. On the Add Properties page, select any actions to take when the host server starts or stops, and then click Next.
11. On the Summary page, click Scale Out.
MCT USE ONLY. STUDENT USE PROHIBITED
12-14 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
12. The Jobs window will open and show the Create virtual machine task. This can take several minutes.
13. When the Create virtual machine task finishes, return to the VMs and Services workspace, and verify that the new virtual machine is in the service’s tier.
Updating a Service Requirements should dictate whether a particular service is current and practical to those who use it. Over time, requirements change and may require updating. You can make changes to a deployed service by updating that service. In VMM, you use a service template to deploy a service. You can make updates to a service template, which then makes changes to the deployed service.
You can use VMM to make updates to a deployed service in two ways. You can apply updates to existing virtual machines, or you can deploy new virtual machines with the updated settings. Applying updates to existing virtual machines is faster than deploying new virtual machines, and is an inplace update. You can apply most application updates and configurations changes to virtual machines by using an in-place update. In VMM, you can create upgrade domains, which are objects that allow you to minimize service interruptions when you perform an in-place update of a tier. Please note that upgrade domains are not related to Active Directory Domain Services (AD DS) domains.
You can set the number of upgrade domains that you need to use, and VMM will arbitrarily assigned virtual machines to an upgrade domain. When you need to update a tier in a service, VMM updates the virtual machines in the tier according to the upgrade domain to which they belong. The upgrade domains are updated one at a time, and the virtual machines being updated in that upgrade domain are shut down, updated, and then brought back online. VMM then moves to the next upgrade domain and repeats the process. This means that updates can take place with the least possible impact to the running service. Alternatively, you can use VMM to update a deployed service by creating new virtual machines with the updated settings. This option takes more time than upgrading, as you are replacing the existing virtual machines with new virtual machines. However, this would be the preferred way to deploy operating system updates such as service packs on the virtual machine. You can use a script to save the state of certain applications before removing the virtual machines, and then restore the application state to the new virtual machines when you deploy them. You also can use Server App-V, which supports automatic saving and restoring of application states without scripting.
Exporting and Importing Service Templates With VMM, you can export and import service templates. You also can back up service templates and share service templates between different VMM installations. Exporting a service template in VMM includes: •
Tier definitions
•
Hardware settings
•
Guest operating system settings
•
Application installation settings
•
Network configurations
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-15
VMM saves these settings to an .xml file. Optionally, you can add sensitive data that is marked as secure, such as passwords, an application’s product keys, and global settings that require action. You can encrypt sensitive data settings and protect them with an encrypted password.
When you import a service template, you can choose to either exclude or include sensitive settings. If you decide to include these settings, you must use an encrypted password to do so. You can also choose to export some or all of the physical resources that are associated with the service template, such as base virtual hard drives, scripts, or application packages along with the .XML file. During a service template import, VMM validates physical and logical resources that the service template references. You can then update references to any missing resources, such as logical resources in logical networks and virtual hard disks. You should store the .xml file in a Virtual Machine Manager library share, which ensures that administrators have access to the file for the service template imports. You can also store the file in a file share, or copy it and then deploy it to administrators for import into different VMM installations.
The account requirements for exporting and importing service templates are straightforward. VMM administrators can import and export service templates. Application administrators, or self-service users, to whom you assign the Author action to their user role, can import and export service templates to which you provide them with access. This is regardless of who owns the service template. When authorized application administrators import a service template, they become the service template owners.
Lesson 3
Using App Controller
MCT USE ONLY. STUDENT USE PROHIBITED
12-16 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
You can use App Controller to provide a means of self-service that enables users to easily configure, deploy, and manage virtual machines and services across private cloud and public clouds. App Controller helps you meet consumer and service provider expectations by providing an effective way to deliver IT as a service (ITaaS). App Controller is the end user’s single view to manage applications and services across Microsoft cloud services and the Windows Azure public cloud. You can use App Controller to configure, deploy, visualize, and update multitier application components as a holistic service delivered to the business. In one window, service consumers can view all applications for which they are responsible. In this lesson, you will learn about App Controller and its capabilities.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the purpose and functionality of App Controller.
•
Explain how to connect App Controller to public and private clouds.
•
Describe the functionality of an App Controller.
•
Describe the system requirements for an App Controller.
•
Explain how to deploy and manage virtual machines and services.
•
Explain how to use an App Controller to deploy VMM and App Controller.
What Is App Controller? In a private or public cloud solution, end user focus is not on virtual machines or servers, but rather on applications and services. Because VMM focuses primarily on virtual machines and service management, you need an additional tool that allows application owners to view services and applications. In previous VMM versions, such as System Center Virtual Machine Manager 2008 (VMM 2008) R2, the Self-Service Portal provided end users with the ability to create and manage virtual machines from their permission scope. However, Self-Service Portal is orientated to virtual machines, not to services or applications.
Benefits of App Controller
App Controller gives the application owners a self-service experience across the VMM, and provides them with a unified view that lets them manage applications and service across private clouds and Windows Azure. App Controller provides the ability for users to manage application components in the context of the holistic service that it represents to the business.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-17
App Controller provides the self-service component of this solution by enabling application owners to: •
Configure, deploy, and manage services through an intuitive, unified, and service-centric interface, while using a library of standard templates.
•
Provide self-service application management, visibility, and control across both the Microsoft private cloud services and the Microsoft public cloud services (such as Windows Azure).
•
Create, manage, and move services using a web-based interface that presents a customized view of resources based on your role in the organization, and enables you to manage services rather than servers. This lets application owners focus on improving business value. View virtual machines, and both private and public cloud services. Control components at each layer, track jobs, and maintain a detailed history of changes.
App Controller also enables data center administrators to delegate authority to application owners. Predefined templates help ensure compliance with company IT standards and policies. Using App Controller, data center administrators can create for application owners a customized, role-based view of private and public cloud services, and a consumed and available resources view. In addition, application owners can customize all service components, including virtual machines, network resources, and load balancing. You also can use App Controller to move applications and components within public and private cloud environments, including: •
Windows Azure configuration settings.
•
Package files.
•
.vhd and .vhdx files among Windows Azure subscriptions and the private cloud’s storage.
•
Copy service templates and resources.
App Controller now works with VMM. It can connect to the Service Provider Foundation versions that shipped with System Center 2012 SP1 and System Center 2012 R2.
Connecting an App Controller to Cloud Services After you install App Controller, you will want to connect it to either a public cloud or a private cloud. You can connect App Controller simultaneously to both Windows Azure and to a locally installed VMM instance.
Connecting to a Private Cloud
You can connect to a VMM server and Virtual Machine Manager clouds in the Common Tasks section by choosing the hyperlinks in the Status: Private Clouds section. When you select this option, you must provide the connection name, which you define. Optionally, you can provide a description, and type the Server name and port. The server name should be the fully qualified domain name (FQDN) of your VMM server. The port is set to 8100 by default. You should not change the port number unless you changed the port when you were configuring VMM.
Importing SSL Certificates
MCT USE ONLY. STUDENT USE PROHIBITED
12-18 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
You also have an option to import Secure Sockets Layer (SSL) certificates automatically. This is the default behavior. To copy files or templates to and from VMM cloud libraries, you must import SSL certificates to the App Controller server. For the import to succeed, users must belong to all of the following roles: •
Local administrator of the App Controller server
•
Local administrator of the VMM server
•
VMM administrator
After you import all of the data, you should be able to connect to both your private clouds and your VMM server.
Connecting to Both Public and Private Clouds
If you want to connect to Windows Azure, you select the Connect a Windows Azure subscription option. You will have to provide a connection name, your subscription ID, a management certificate, and a corresponding password. If you connect to both the VMM private cloud and Windows Azure, you will be able to manage and deploy all of your cloud-based services and applications.
Accessing the App Controller Web Portal
The App Controller console is a portal that is accessible through a web browser. You should install Microsoft Silverlight 4 before connecting to the App Controller portal. We also recommend that you add the App Controller portal to Trusted sites or intranet sites on the computer from where you are making a connection. To use single sign-on, you will have to add the portal to intranet sites in the Windows Internet Explorer settings, so that Internet Explorer will allow delegation of default credentials. If you do not want to be logged on using the same credentials that you use to log on to your computer, you should not enable Windows Authentication on the /api virtual directory.
Managing Clouds and Resources with App Controller
The default path for connecting to the App Controller console is https://AppControllerServerFQDN/ (substitute your server FQDN). Ensure that the certificate for App Controller is issued to the same name that you are using to connect. After you connect to App Controller, you can use it to deploy and manage services, private clouds, and virtual machines. However, unlike the VMM console that provides a full set of options for these tasks, App Controller provides a limited set of options that focus on private clouds and services. For example, you can use App Controller to deploy new virtual machines and new services based on existing templates only. Additionally, App Controller enables you to connect to, and manage, both public cloud and private cloud resources from the same place.
VMM Administrator vs. Self-Service User
If you log on to App Controller as a VMM administrator, you will be able to create connections, view resource usage, and manage User Roles. However, if you log on to the App Controller console as a selfservice user, your set of available options will be limited to resources to which you have permissions.
For example, in the App Controller console, on the Clouds tab, a self-service user can view both private clouds and public clouds to which that user has appropriate permissions. On this tab, a self-service user will also see an option to deploy resources to cloud services. Based on templates provided in the Virtual Machine Manager library that are available to the self-service user, it is possible to deploy a new service or virtual machine. Self-service users can also access a library view, where they can view available templates, shares, and other resources. From this point, it is also possible to deploy a new service or virtual machine. However, unlike VMM where new virtual machine or service deployment requires several steps and several decisions, the App Controller process is a more straightforward. From App Controller, each selfservice user can see his or her active jobs, job progress, and state.
Demonstration: Overview of an App Controller In this demonstration, you will explore the App Controller functionality.
Demonstration Steps 1.
On LON-VMM1, sign in as adatum\administrator with the password Pa$$w0rd.
2.
Start the App Controller web portal page.
3.
Sign into the page as ADATUM\Administrator with the password Pa$$w0rd.
4.
Explore the page contents as follows:
5.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-19
a.
Click the hyperlinks 1 Virtual Machine Manager server, and 1 Virtual Machine Manager clouds.
b.
Explore the console tree by clicking every node in the tree, and then examining the details pane of each node.
c.
Expand all child nodes, and then explore those nodes and their details pane as well.
Sign out of App Controller, close Internet Explorer, close all open windows, and then sign out of LON-VMM1.
System Requirements for App Controller You install App Controller as a separate component. You can choose to host this service on a separate server, or you can host it together with an existing service such as VMM. In both cases, first you should verify that your server meets system requirements for App Controller. For better performance, you should install the App Controller server on a separate computer from the VMM management server.
Hardware Requirements
From a hardware perspective, App Controller is not a very demanding service. You must have at least a Pentium 4 CPU running on 2 gigahertz (GHz). Additionally, the recommended amount of random access memory (RAM) is 4 GB (with a 1 GB minimum), and 1 GB or a minimum of 512 megabytes (MB), of hard-disk space. Because of the low hardware requirements, you can run App Controller in a virtual machine to optimize resource usage.
Software Requirements
App Controller has software requirements that you must meet prior to installation. You can install App Controller only on Windows Server 2008 R2 SP1 and newer. You must also install a Web Server role, that is, Windows Internet Information Services (IIS). There are several Web Server role services required for App Controller, but the App Controller Setup Wizard will install all of them during setup. You also should install Microsoft .NET Framework 4 (4.5 on Windows Server 2012 R2) before installing App Controller, or you can let App Controller setup install it for you.
MCT USE ONLY. STUDENT USE PROHIBITED
12-20 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
To run successfully, App Controller also requires SQL Server 2008 Service Pack 2 (SP2) or SQL Server 2008 R2 or newer. SQL Server does not require a dedicated server. Instead, you can use the SQL instance that VMM is using. Additionally, you must install the VMM console on the server that is running App Controller. However, it does not have to be on the VMM management server. You must install VMM locally or remotely, because the App Controller is a portal to the data and services that VMM provides. If you want to use Windows PowerShell for App Controller, at a minimum, you should install .NET Framework 3.5.1 (available as feature in Windows Server 2008 R2) and Windows PowerShell 2.0 (built in Windows Server 2008 R2). Windows Server 2012 comes with .NET Framework 4 and Windows PowerShell 3.0.
Installation Considerations To install the App Controller, you must be logged on to the computer that you are configuring, as a domain user with membership in the local Administrators group. This account also must have at least database-owner permission on the database that it will use.
While running the App Controller Setup Wizard, you must provide a service account that App Controller can use to run. You can choose between Network Service and domain account. We recommend that you create a dedicated account just for this purpose, or that you use the Managed Service Account feature. You also should configure the port on which App Controller services will work. This port is for internal purposes only, so you do not need to configure it on a firewall. If you are installing multiple App Controller servers behind a load balancer, you will be required to configure an encryption key that the servers share. After installing the first App Controller server, you export the encryption key by using the Export-AppControllerAesKey cmdlet, which you then provide key when installing subsequent servers. If there is a problem with the setup completing successfully, consult the log files that are in the %LOCALAPPDATA%\AppController\Logs folder.
Deployment Considerations
When deploying App Controller, it is important that you configure certificates properly. You cannot request a certificate during setup, so you should prepare the certificate using the Internet Information Services (IIS) console prior to running setup. An alternative to your internal public key infrastructure (PKI) is to use a self-signed certificate. However, using self-signed certificates can cause potential trust issues. App Controller is not a cluster-aware service, but you can make it highly available by making: •
The database highly available, which you can do by installing the database on a clustered SQL Server.
•
The App Controller server highly available by: o
Installing multiple App Controller servers behind a load balancer.
o
Installing App Controller servers on a highly available virtual machine.
By default, App Controller prompts users to sign in by entering their AD DS user name and password. If you want to configure App Controller to use the user’s current Windows credentials to sign in automatically, you should enable Windows Authentication on the /api virtual directory on the App Controller website.
App Controller Limits
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-21
The following table displays some limits for App Controller. You should be aware of these limits when you plan App Controller deployment. Measure
Value
Maximum number of objects in a Windows Azure storage directory
900
Maximum number of VMM management servers
5
Maximum number of Windows Azure subscriptions per user
20
Maximum number of concurrent users
75
Maximum number of jobs that can be run in a 24-hour interval
10,000
Deploying and Managing Virtual Machines and Services In the App Controller web-based console, you use the Services page deploy new services to both public clouds and private clouds. You also use this page to change the properties of the services that are deployed. You can deploy virtual machines either to VMM, Windows Azure, or to another hosting provider. If a virtual machine is part of a VMM service, it will deploy when the service deploys. The App Controller console also can provide management control of the services in virtual machines already deployed on VMM private clouds and those on Windows Azure.
On the Services page, you can view a list of deployed services as well as display a diagram, much like the Services Template Designer. The Services page enables you to view or change deployed service properties and other tasks that you can perform on deployed services. To deploy a service to a private cloud, access the Clouds node in the App Controller console tree. Rightclick a named cloud in the Clouds details pane, and then click Deploy, or in the control bar at the top of the Clouds details pane, click the Deploy button. App Controller allows you to use the New Deployment diagram view to configure the settings for the service deployment. The Deploy button is not available until you supply all required settings.
You also can manage deployed services by selecting the Services node in the App Controller console tree. The All Deployed Services details pane has a list of the various available deployed services. A VMM administrator creates service templates in the VMM console, and then delegates them to a user role. Then, they appear as deployed services in the All Deployed Services details pane. You can right-click a deployed service name, or you can select the name, and then use the various buttons on the control bar above. The Open Diagram button brings up a diagram view in which you can change settings for a particular deployed service. You also can start, stop, suspend, and resume a deployed service. A Servicing item lets you upgrade and delete deployed services, and resolve any issues.
MCT USE ONLY. STUDENT USE PROHIBITED
12-22 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
If your organization has a subscription to Windows Azure, you can add the items in that subscription to the App Controller console. You can find Windows Azure items in in the App Controller Library. To deploy a service to Windows Azure, you will have to create a Windows Azure configuration and package file. You then must upload this file to the Windows Azure storage account, and then select the particular configuration file. The diagram view then will load with the proper information, and you can click hyperlinks to configure settings. After this, the Deploy button in the diagram view becomes available.
The Virtual Machines node of the App Controller console also has a Deploy button. When selected, it brings up a New Deployment diagram view, which you can use to create a virtual machine. You click the hyperlinks to configure the various settings. Once all the required configuration of the various settings is complete, the Deploy button will become available. You can also use the Virtual Machines node to select a listed virtual machine and then right-click it, or choose an item from the control bar above to manage it. The functionality allows you to: •
Open a diagram of an existing virtual machine.
•
View a virtual machine’s properties.
•
Start a virtual machine.
•
Store a virtual machine in a virtual machine library.
•
Mount an .iso image to the virtual machine.
•
Open a console to the virtual machine.
•
Delete a virtual machine.
Demonstration: Using App Controller to Deploy Virtual Machines and Services In this demonstration, you will see how to use App Controller to deploy virtual machines and services.
Demonstration Steps 1.
On LON-VMM1, sign in as adatum\administrator with the password Pa$$w0rd.
2.
Start the App Controller web portal page, and sign in as ADATUM\Administrator with the password Pa$$w0rd.
3.
Create a new deployment to the DemoCloud with the following settings: a.
Select the Demo Service Template that you created earlier.
b.
Click the Configure hyperlink, and then in the Instance box, bring up the Properties of a new virtual machine dialog box.
c.
Complete the dialog box with the following settings:
Computer name: AppCDemoVM
Description: Demonstration creating a virtual machine in a service template for App Controller
In the New Deployment window, in the Service box, click the Configure hyperlink, and then add the following: Service name: DemoApC. Deploy it.
4.
On the yellow bar at the bottom of the App Controller webpage, verify that you can see a hyperlink entitled VMM service deployment started. Wait approximately minutes while the service deploys.
5.
In the Virtual machine node of the console tree, verify that the Status changes from Under Creation to Running.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-23
6.
On 20409B-LON-HOST2, in Hyper-V Manager, connect to the virtual machine.
7.
On the Product Key page, click Skip.
8.
If you get a connection failure warning, click the Reconnect button at the top of the console. If this fails, return to the VMM Console, use Connect via Console to connect, and then exit the virtual machine.
9.
Sign on to the virtual machine from the App Controller web portal. Note that the virtual machine is running Windows Server 2012 Core. Sign out of the virtual machine, and then close the console page.
10. Sign out of App Controller, and then close Internet Explorer. 11. Close all open windows, and then sign out of LON-VMM1.
Lab: Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
12-24 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
A. Datum Corporation has implemented Hyper-V hosts and deployed System Center 2012 R2 VMM for managing its virtualization infrastructure. The enterprise has virtualized physical servers, which are running as individual virtual machines, even if services that they provide span over multiple servers. As A. Datum is expanding its business, it needs to plan for scaling out those services. A. Datum is considering using VMM to achieve this goal. A. Datum also has created a cloud for each vendor, and has configured cloud capacity limits to control the resources that each vendor can consume. Vendors will use App Controller to manage their clouds, services, and the virtual machines in their clouds.
Objectives After completing this lab, you will be able to: •
Create a service template, and deploy a service.
•
Modify the service template properties, and manage services.
•
Configure and use an App Controller.
•
Use App Controller to work with service templates.
Lab Setup Estimated Time: Duration: 75 minutes Virtual machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-VMM1, 20409B-LON-CL1 User name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin, you must complete the following steps: 1.
On the host computer (LON-HOST1), start Hyper-V Manager.
2.
In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start. Wait 30 seconds.
3.
Click 20409B-LON-VMM1, and in the Actions pane, click Start, and then click Connect. Wait until the virtual machine starts.
4.
Sign in by using the following credentials: o
User name: Administrator
o
Password: Pa$$w0rd
o
Domain: Adatum
5.
Repeat step 3 for 20409B-LON-CL1. Do not sign in until directed to do so.
6.
On LON-VMM1, open the VMM console, and perform the following steps: a.
Click the Library workspace, and then in the navigation pane, click LON-VMM1.Adatum.com.
b.
Expand Library Servers, expand LON-VMM1.Adatum.com, expand MSSVMMLibrary and then click VHDs.
c.
Right-click VHDs, and then click Explore.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-25
d.
In the path box, type C:\VHD, and then press Enter.
e.
Right-click the SmallCore.vhd file and select Cut. Ensure that a cut rather than a copy is done, as you are moving the file, which makes the process much faster.
f.
Click the back button to go back to the \\LON-VMM1.Adatum.com\MSSCVMMLibrary\VHDs folder.
g.
Paste the SmallCore.vhd file into this folder.
Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines. However, you can shut down all virtual machines after finishing this lab.
Exercise 1: Creating a Service Template Scenario
In this exercise, students will use Service Template Designer to create a service template, which they can base on the objects that already exist in the Virtual Machine Manager library. The main tasks for this exercise are as follows: 1.
Open the Virtual Machine Manager Service Template Designer with a new service template.
2.
Use the Service Template Designer to modify a single tier virtual machine.
Task 1: Open the Virtual Machine Manager Service Template Designer with a new service template 1.
Sign in to LON-VMM1 as adatum\administrator with the password Pa$$w0rd.
2.
On the desktop, on the taskbar, click Virtual Machine Manage Console.
3.
On the Connect to Server page, click Connect.
4.
In the Virtual Machine Manager console, on the lower left, click the Library workspace.
5.
On the Home tab of the ribbon, click Create Service Template.
6.
In the New Service Template dialog box, in the Name field, type Lab 12 Service Template, and then in the Release field, type 1. In the Patterns section, click Single Machine, and then click OK. This will bring up the Virtual Machine Manager Service Template Designer console.
7.
Note the name selected, Lab 12 Service Template, is part of the overall name, because this is what you are currently designing. The numeral 1 beside it is the release version.
8.
Note the Designer canvas area.
Task 2: Use the Service Template Designer to modify a single tier virtual machine 1.
In the Virtual Machine Manager Service Template Designer, create a service template with the following properties: a.
General page:
b.
Name: Lab12ServiceVM
Hardware Configuration page:
Compatibility: Hyper-V
Select a virtual hard disk: SmallCore.vhd (You may have to click Refresh (F5) to see it.)
Network Adapter 1 (Legacy): Connected to a VM network External Network
c.
OS Configuration page:
Operating system: 64-bit edition of Windows Server 2012 Standard
d.
Application Configuration page: Select the None – do not install any applications
e.
SQL Server Configuration page: Accept the defaults (None).
f.
Custom Properties page: Accept the defaults.
g.
Settings page: Accept the defaults.
h.
Dependencies page: Accept the defaults.
i.
Validation Errors page: Accept the defaults.
2.
At the bottom of the Single Tier Properties dialog box, click OK.
3.
Use your mouse to drag the External Network box beside the NIC 1 box.
MCT USE ONLY. STUDENT USE PROHIBITED
12-26 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
Results: After completing this exercise, you should have created a service template by using the Service Template Designer.
Exercise 2: Deploying a Service and Updating a Service Template Scenario In this exercise, students will configure service deployment, and then deploy the service. They also will modify the template, and then update the service. The main tasks for this exercise are as follows: 1.
Deploy the service.
2.
Create an update for the service template.
3.
Update the service template.
Task 1: Deploy the service 1.
In the Service Template Designer, click the Save and Validate icon, and then click the Configure Deployment icon.
2.
Deploy to DevCloud with the name Lab 12 Service.
3.
When the Deploy Service – Lab 12 Service displays, if you get a pink shaded area in the Deploy Service – Lab 12 Service console, which indicates that it could not find a host, click Refresh Preview.
4.
Click Deploy Service, and in the Deploy service pop-up windows, click Deploy, and then name the virtual machine Lab12ServiceVM.
5.
The Jobs window will display. This will take approximately 30 minutes to complete.
6.
When the job completes, close the Jobs window, and then confirm that the Lab12ServiceVM virtual machine is running.
Task 2: Create an update for the service template
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-27
1.
In the Virtual Machine Manager console, open the Library workspace, and in the console tree, expand Templates, and then select Service Templates.
2.
Click the Lab 12 Service Template service template, and in the Properties page, select the Access page in the console tree, and then add the DevRole user role.
Note: Due to the ongoing creation of the Lab12ServiceVM virtual machine from Task 1 above, step 5 may take longer than expected or fail. If that happens, you cannot run Exercise 4, Task 1.
Task 3: Update the service template 1.
Select the Lab 12 Service Template item, replace the template with an updated template named Lab 12 Service Template, Release1, and then set the template.
2.
Apply updates to existing virtual machines in-place and immediately. The Jobs window will appear, and the servicing job will complete.
3.
Close the Jobs window.
Results: After completing this exercise, you should have configured service deployment, and then deployed the service. You also should have modified the template, and then updated the service.
Exercise 3: Configuring App Controller Scenario
In this exercise, students will use an App Controller to connect to the private cloud that they created in the previous lab. They will work with different user roles, and explore the App Controller interface and its available options. The main tasks for this exercise are as follows: 1.
Connect App Controller to VMM.
2.
Load App Controller on LON-CL1.
3.
Explore the functionality of the App Controller web page.
Task 1: Connect App Controller to VMM 1.
On LON-VMM1, click to the Start screen, and then click App Controller.
2.
In Internet Explorer, on the App Controller sign in webpage, type Adatum\Administrator as the User name and Pa$$w0rd as the Password.
3.
On the Overview page, under Private Clouds, click Connect a Virtual Machine.
4.
On the Add a new VMM connection page, provide the following settings, and then click OK:
5.
o
Connection name: Adatum
o
Server name: LON-VMM1.adatum.com
Notice that the App Controller webpage loads with data shown under the Private Clouds section.
Task 2: Load App Controller on LON-CL1
MCT USE ONLY. STUDENT USE PROHIBITED
12-28 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
1.
Sign in to LON-CL1 as adatum\administrator with the password Pa$$w0rd.
2.
Add the Ben Martens and Hani Loza domain user accounts to the Remote Desktop Users group by using the System \Remote settings located in the Control Panel.
3.
Close all windows and sign off of LON-CL1.
4.
Sign in to LON-CL1 as adatum\ben with the password Pa$$w0rd.
5.
On the desktop, start Internet Explorer, and then in the address bar, type https://lon-vmm1.adatum.com/.
6.
In the There is a problem with this websites security certificate, click Continue to this website.
7.
If a warning displays stating that Microsoft Silverlight is not compatible, click Run add-on, and then click Continue to this website.
8.
On the App Controller web portal page, use the following credentials: o
User name: adatum\ben
o
Password: Pa$$w0rd
Task 3: Explore the functionality of the App Controller web page 1.
2.
On the App Controller Overview web portal page, click the following hyperlinks: o
1 Virtual Machine Manager cloud
o
1 Virtual Machine Manager server
o
X (where X is a number 0-n) Virtual Machines.
If a virtual machine exists: a.
Make a note of its full name, and return to LON-VMM1. In the VMM Management console, delete the named virtual machine.
b.
Return to LON-CL1, and then refresh the Virtual Machine list in App Controller.
3.
Explore the console tree by clicking the nodes in the tree, and then examining the details pane of each node. Expand all second level nodes, and then explore those nodes and their details panes.
4.
Do not close or sign out of App Controller.
Results: After completing this exercise, you should have configured App Controller to connect to a private cloud.
Exercise 4: Deploying a Virtual Machine in App Controller Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
12-29
In this exercise, students will use App Controller to deploy a virtual machine, based on an existing virtual machine template. The main task for this exercise is as follows: 1.
Deploy the Lab 12 Service Template.
Task 1: Deploy the Lab 12 Service Template 1.
On the App Controller Overview web portal page, in the Library console tree, right-click the Lab 12 Service Template, and then click Deploy.
2.
In the New Deployment window, in Cloud box, click Configure.
3.
In the Select a cloud for this deployment window, click DevCloud.
4.
Click the Service box, and then click the Configure hyperlink.
5.
In the Properties of Lab 12 Service Template, set the Service name to AppCServiceDevCloud.
6.
In the Instance box, click the Configure hyperlink, and then click OK.
7.
In the New Deployment window, click Deploy, and then click the VMM service deployment started hyperlink.
8.
Leave the Jobs node alone for approximately 15 to 20 minutes, which is how long it should take the deployment to finish. You can continue to the next step while the deployment continues.
9.
Open the LON-VMM1 VMM console, and then click the Jobs workspace. Verify that you see a Create Service Instance that is running. This job takes a long time to finish. Do not wait for it to finish, but proceed to the next step.
10. In App Controller, in the Virtual Machines node, verify that you see a new virtual machine with a name that is a long string of letters and numbers. This is a name that it generated randomly. If the service instance takes a long time, switch to the host machine that is hosting the new service, and then view the virtual machine in Hyper-V Manager. You may need to click Skip to skip past the license key information on the installation. Normally an answer file would address this. 11. On the App Controller web portal, in the upper-right corner, click the Sign out hyperlink. 12. Close Internet Explorer, and then sign out of LON-CL1. 13. On LON-VMM1, close all open windows, and then sign out of LON-VMM1.
Results: After completing this exercise, you should have deployed a virtual machine by using App Controller.
Module Review and Takeaways Review Questions Question: What should you create to deploy a service in VMM? Question: Can a user deploy new virtual machines by using App Controller?
MCT USE ONLY. STUDENT USE PROHIBITED
12-30 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
Best Practice: Best Practices Related to a Particular Technology Area in this Module •
Make a detailed plan for private cloud capacity, capability, and resources for each private cloud that you create.
•
Use App Controller rather than single virtual machines for deploying services.
•
Test service templates before publishing them to users.
Common Issues and Troubleshooting Tips Common Issue You cannot deploy a service to a specific private cloud.
You cannot add a virtual machine template to a service template tier.
App Controller cannot connect to the VMM server.
User cannot deploy a service by using App Controller.
Troubleshooting Tip
MCT USE ONLY. STUDENT USE PROHIBITED 13-1
Module 13 Protecting and Monitoring Virtualization Infrastructure Contents: Module Overview
13-1
Lesson 1: Overview of Backup and Restore Options for Virtual Machines
13-2
Lesson 2: Protecting Virtualization Infrastructure by Using DPM
13-9
Lesson 3: Using Operations Manager for Monitoring and Reporting
13-21
Lesson 4: Integrating VMM with Operations Manager
13-29
Lab: Monitoring and Reporting Virtualization Infrastructure
13-35
Module Review and Takeaways
13-40
Course Evaluation
13-41
Module Overview
Highly available technologies such as clustering and Windows Server 2012 Hyper-V replication provide efficient solutions for high availability and offsite disaster recovery. However, you still need to monitor those technologies, and you also need to back up the virtual machines and their data. How you monitor and protect your virtualization infrastructure is a crucial part of the design process. This module provides insight on the data protection options and methods available with Windows Server Backup, and Microsoft System Center 2012 R2 Data Protection Manager (DPM). The module also describes how to integrate monitoring with System Center 2012 R2 Operations Manager. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.
Objectives After completing this module, you will be able to: •
Describe the backup and restore options that are available for virtual machines.
•
Plan a protection strategy for the virtualization infrastructure by using DPM.
•
Describe how to use Operations Manager for monitoring and reporting.
•
Configure basic monitoring and alerting in Operations Manager.
•
Integrate System Center 2012 R2 Virtual Machine Manager (VMM) and Operations Manager.
Lesson 1
Overview of Backup and Restore Options for Virtual Machines In this lesson, you will see how to build a protection strategy for the entire virtualization infrastructure. You will also see how to implement this protection strategy by using the backup services in Windows Server 2012 R2. This lesson also describes VMM components, and how you can protect them.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the purpose and features of the Windows Server Backup infrastructure.
•
Explain the options for backing up virtual machines.
•
Describe how to back up and restore VMM.
•
Describe the backup and restore options for VMM.
•
Describe the scenarios for using Windows Server Backup.
Windows Server Backup Infrastructure Windows Server Backup is an installable Windows Server feature that provides tools for performing basic Windows Server backup and recovery. Backups include Windows Server files and folders, and some of its role services such as Hyper-V and Active Directory Domain services (AD DS).
What Is VSS?
MCT USE ONLY. STUDENT USE PROHIBITED
13-2 Protecting and Monitoring Virtualization Infrastructure
Beginning with Windows Server 2003 R2, Microsoft introduced Volume Shadow Copy Service (VSS), a Windows service that helps application vendors create consistent backups of Windows operating systems, Windows services, and Windows applications. VSS coordinates VSS components to create data-consistent shadow copies of one or more volumes. A shadow copy is often referred to as a snapshot, which is not the same as Hyper-V checkpoints that were also referred to as snapshots in earlier versions of Hyper-V. The shadow copy is a copy of data blocks that is taken after VSS ensures that the application or role service is in a data or application-consistent state.
The following table lists the key VSS components. Component
Description
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-3
VSS
A Windows service that coordinates components to create data-consistent shadow copies of one or more volumes.
Requestor
A backup application or backup agent that requests VSS to take a volume shadow copy.
Writer
The application vendor creates this component. For example, in Hyper-V, Microsoft SharePoint Server, or AD DS, the writer is used to back up the application in a way the vendor can support the process.
Provider
The component that creates and maintains the shadow copies. These can be hardware for storage arrays, software, or the system that is included with the Windows operating system.
How Does VSS Work?
When a backup service such as Windows Backup begins, a VSS–enabled backup calls the VSS service. The VSS service in turn calls the VSS writer, for example, the Hyper-V VSS writer. The VSS writer knows which application services, files, and volumes should be placed briefly into a dormant state for a consistent backup. VSS achieves the dormant state by preventing writes to the data while the shadow copy is created, flushing a cache, or writing out data from memory to disk. While in the dormant state, the VSS provider creates the snapshot. Once the snapshot completes, the dormant state ends, and the requestor completes the backup.
What Are VSS Providers?
VSS has three types of providers: the system provider, the hardware provider, and the software provider. The system provider is built into Windows Server operating systems, and requires an NTFS file system volume in which to store the shadow copy data. A hardware provider is a vendor-authored provider that allows the storage hardware to use its own shadow copy (storage area network (SAN) snapshot) technology. To use the hardware provider with Hyper-V, you must install a hardware provider that is compatible with Hyper-V, on each Hyper-V host that you want to back up. For example, when backing up a Cluster Shared Volume (CSV) in a cluster, you must install the provider on each node of the cluster. A software provider is similar to the hardware provider, except that it uses software to create the shadow copy.
What Benefit Does VSS Provide to Virtual Machine Backups?
When you install Windows Server Backup on the Hyper-V host and enable the integration agents on a compatible Windows Server virtual machine that is being backed up, the VSS inside the virtual machine performs a shadow copy. This enables the entire virtual machine to be backed up online, from where you can recover it safely without the risk of corrupting open files.
Where Does Windows Server Back Up To?
Windows Server Backup can back up to a local share, or to a remote file share. You should provide a dedicated disk or volume for the backup. Although you can use an existing and used volume, this is not a best practice. When deciding where to place the backup data, you should consider the performance impact on both the source disks and the target disks.
Full vs. Incremental Backups
After you have run a full backup, you can choose to run incremental backups. Running incremental backups greatly reduces the backup time. It also reduces the performance impact on the source virtual machine, and on the host that is performing the backup.
Backup Options for Virtual Machines When creating a backup solution for virtual machines, you should consider the data that is being backed up. You can install the Windows Server Backup feature inside a virtual machine to perform an in-guest backup, or you can install Windows Server Backup on the host and perform a host-level backup. In many cases, you may want to use both host and in-guest backup. For example, you may want to perform a weekly host backup and daily in-guest backup. Consider a scenario when you want to provide a backup for a file server. To provide fast recovery of individual files to a specific point in time, an in-guest backup will be adequate.
MCT USE ONLY. STUDENT USE PROHIBITED
13-4 Protecting and Monitoring Virtualization Infrastructure
If you wanted to back up a Remote Desktop Session host server, a host-level backup would most likely be more useful than an in-guest backup. The host-level backup enables you to recover the entire virtual machine quickly, whereas the in-guest backup would require you to build a virtual machine and install Windows Server before you could attempt a recovery.
Understanding Online and Offline Backups
You can perform online backups that do not incur virtual machine downtime, if the following conditions are met: •
The virtual machine being backed up has integration services installed and enabled.
•
Each disk that the virtual machine uses is running NTFS file system basic disks.
•
The VSS service is enabled on all volumes within the virtual machine, and snapshots for each volume are stored on the same volume. For example, volume D must store shadow copies on volume D.
For detailed information regarding Windows Server backup and Storage Pools, refer to the following link: Windows Server Backup and Storage Pools http://go.microsoft.com/fwlink/?LinkID=386742 Note: In the Windows Server Backup Wizard in Windows Server 2012, when you select the Hyper-V virtual machines to back up, the backup types available are either Backup Using Saved State (Offline), or Backup Using Child Partition Snapshot (Online). This has been changed in Windows Server 2012 R2 to Offline and Online. You can enable Windows Backup by using the following procedure: 1.
Sign in to LON-HOST1.
2.
On the taskbar, click the Server Manager icon, and on the dashboard, click Add Roles and Feature.
3.
In the Add Roles and Feature Wizard, on the Before you begin page, click Next.
4.
On the Installation Type page, click Role-based or feature-based installation, and then click Next.
5.
On the Server Selection page, click LON-HOST1.Adatum.com, and then click Next.
6.
On the Select server roles page, click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-5
7.
On the Select feature page, scroll down and click to select Windows Server Backup, and then click Next.
8.
On the Confirmation page, click Install.
9.
On the Installation progress page, when the installation has completed, click Close and then close Server Manager.
To schedule the first backup, use the following procedure: 1.
Sign in to LON-HOST1, and then click the Windows icon.
2.
On the Start screen, type backup, and in the Search text box, type Windows Server Backup.
3.
In the navigation pane on the left, click Local Backup, and in the Actions pane on the right, click Backup Schedule.
4.
In the Backup Schedule Wizard, on the Getting Started page, click Next.
5.
On the Select Backup Configuration page, review the warning, and then click Next.
6.
On the Select Items for Backup page, click Add Items.
7.
On the Select Items page, click to expand Hyper-V. Select the check box next to each virtual machine that you want to protect, click OK, and then click Next.
8.
On the Specify Backup Time page, enter the schedule details, and then click Next.
9.
On the Specify Destination Type page, select where you will store the backup, and then click Next.
10. On the Select Destination Volume page, click Add. Review the volumes for sufficient free space. Click the desired volume, click OK, and then click Next.
11. On the Confirmation page, click Finish. The status should update to “You have successfully created the backup schedule.” The status will also confirm the schedule backup time. 12. On the Confirmation page, click Close. Note: A warning during the procedure will remind you that you cannot mix virtual volume backups with physical disk backups.
Advanced Settings
When you schedule or modify a backup using the Backup Schedule Wizard, you can modify the following settings: •
Exclusions. You can exclude file types within specific folders and optionally their subfolders. For example, if you back up a Hyper-V host with several virtual machines, you may not want to back up any .iso files that have been attached.
•
VSS backup. With VSS backup options, you can select either a VSS full back up or VSS copy backup. The full backup updates the backup history and clears the log file. However, if you use other backup technologies that also use VSS, you might want to choose the VSS copy backup, which retains the VSS writer log files.
Demonstration: Backing Up and Restoring Virtual Machines In this demonstration, you will see how to: •
Add the Windows Server Backup feature to Windows Server.
•
Configure one time and scheduled backups.
•
Select items for backup, including virtual machines.
•
Set advanced VSS features.
Finally, you will see where to configure the performance settings that control incremental and full back ups.
Demonstration Steps
MCT USE ONLY. STUDENT USE PROHIBITED
13-6 Protecting and Monitoring Virtualization Infrastructure
Install Windows Backup 1. Sign in to LON-HOST1, launch the Add Roles and Feature Wizard, and install the Windows Server Backup feature. 2.
When the installation completes, click Close, and then close Server Manager.
Perform an online backup 1. Launch Windows Server Backup. 2.
In the navigation pane on the left, start the Backup Schedule Wizard.
3.
On the Select Items page, expand the Hyper-V hosts, and select 20409B-LON-DC1 (Online). Add an exclusion for files with the .iso extension. For the destination, select Local Disk C:
4.
Start the backup. The backup may take as long as 15 minutes. On the Backup Progress page, the Status should be Creating shadow copy of volume.
Adjust backup performance •
From the Windows Server Backup console, configure performance to set an Incremental backup.
Backup and Restore Options for VMM When you deploy VMM to manage your virtualization infrastructure, you can spend a considerable amount of time and effort with configuration. The larger the deployment, the more likely you will want to avoid even a temporary loss of availability for VMM and its services. Therefore, you should consider and be familiar with all the options you have to protect VMM and its components.
Virtual Machine Manager Database
The Virtual Machine Manager database is a Microsoft SQL Server database, and you can use the VMM console to run unplanned backups on this database. For a scheduled regular backup, you will need to use an alternative method. You can use the SQL Server Management Studio console to configure regular backups for the Virtual Machine Manager database. You also must configure an additional backup technology if you want this backup to be committed to a tape device.
VMM Library
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-7
You can back up everything that is stored in the Virtual Machine Manager library by using normal file service-level backups. If the Virtual Machine Manager Library is virtual, then you can back up the entire virtual machine. While you can run more infrequent backups of legacy .iso files and virtual machine templates, you should configure more regular backups for commonly created and used library items.
VMM Server
If your VMM management server is virtual, you should protect it as a virtual machine. Otherwise, when recovering a VMM management server, you should perform a clean installation, and then import the database.
You should also review individual support backup methods and recommendations for other components such as the Windows Deployment Services (Windows DS) and Windows Server Update Services (WSUS) servers. You configure the Virtual Machine Manager database backup from the VMM console by using the following steps: 1.
Launch the VMM console.
2.
In the VMM console, click the Settings workspace, then on the ribbon, click Backup.
3.
In the Path field, type a path, either local to the SQL server that VMM is using, or to a network share that the SQL Server can access, and then click OK.
Scenarios for Using Windows Server Backup Window Server Backup is ideal for many backup scenarios. You can use Windows Server Backup to perform a quick, unplanned backup before making an important configuration change, or before installing new software on a server. Alternatively, you can use it to provide regular scheduled backups that allow recovery from a server failure, loss of files, or loss of a virtual machine.
Because you can send your data to a remote storage location, Window Server Backup can make an ideal platform for providing a disaster recovery solution. However, while you can configure Windows Server Backup remotely by connecting to other servers, you must configure backups on each server. In a larger environment, this can create a large administrative overhead, and provide a reason to upgrade to a more flexible backup tool such as DPM. With Windows Server Backup 2012, you can protect: •
A full server (all volumes), or just selected volumes.
•
Individual files and folders.
•
System state.
•
Individual virtual machines on a Hyper-V host.
•
CSVs.
With Windows Server Backup 2012, you can:
MCT USE ONLY. STUDENT USE PROHIBITED
13-8 Protecting and Monitoring Virtualization Infrastructure
•
Perform a bare-metal restore. A bare-metal backup contains all critical volumes, and allows you to restore without first installing an operating system. You do this by using the product media on a DVD or USB key, and the Windows Recovery Environment (Windows RE). You can use this backup type with Windows RE to recover from a hard-disk failure, or if you have to recover the entire computer image to new hardware.
•
Use system state. The backup contains all information to roll back a server to a specific point in time. However, you must install an operating system prior to recovering the system state.
•
Recover individual files and folders or volumes. The Individual files and folders option enables you to back up and restore specific files, folders, or volumes, or you can add specific files, folders, or volumes to your backup when you use an option such as critical volume or system state.
•
Exclude selected files or file types. You can exclude selected files (such as temporary files) or file types from the backup.
•
Select from more storage locations. You can store backups on remote shares, or on non-dedicated volumes.
•
Use the Windows Azure Online Backup. The Windows Azure Online Backup is a cloud-based backup solution for Windows Server 2012 that enables you to back up and recover files and folders off-site, from cloud services.
Lesson 2
Protecting Virtualization Infrastructure by Using DPM
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-9
Building a robust protection solution for your virtualization infrastructure is as important as building the solution itself. This lesson provides insight into the capabilities of System Center 2012 R2 Data Protection Manager (DPM), specifically in relation to server virtualization. DPM along with server virtualization provides a framework on which you can build a protection solution. This lesson provides details on both core and optional DPM components, their usage, and requirements.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the benefits of using DPM.
•
Describe the DPM components and protection process.
•
Explain the considerations for using DPM to back up virtual machines.
•
Describe how to deploy DPM protection agents.
•
Explain how to configure protection groups.
•
Describe the options for protecting virtualization infrastructure.
•
Describe how to perform a virtual machine recovery.
•
Explain how to deploy Windows Azure Online Backup for DPM.
Benefits of Using DPM DPM is an enterprise backup solution. DPM is classified as Enterprise for its features and functionality, although it is also an optimal solution for small to medium size organizations. While DPM is available as an independent platform, for optimal usage, it is best to integrate it with other System Center components. You use DPM to back up virtualized data centers. It offers application-aware backups and full Hyper-V host backups. Unlike Windows Backup, DPM supports multiple backup schedules and has advanced features and functionality that you can use to create a fully automated protection solution. You should use DPM to: •
Back up multiple Hyper-V hosts and virtual machine servers at the same time, and use one or more schedules.
•
Enhance disaster recovery by replicating protected data to a secondary offsite location.
•
Protect workloads such as Microsoft Office SharePoint, AD DS, SQL Server, Microsoft Exchange Server, Linux and Windows client operating systems such Windows 7 and Windows 8.
MCT USE ONLY. STUDENT USE PROHIBITED
13-10 Protecting and Monitoring Virtualization Infrastructure
•
Protect data using disk-to-disk, disk-to-tape, or Window Azure Online Backup.
•
Received detail reports on data churn, growth, forecasting and the Data Protections Manager Health status.
DPM offers the following feature and or benefits: •
Uses SQL Server, and includes support for clustered servers that are running SQL Server. This allows for scalability and availability of your backup solution.
•
Supports full and incremental backups. After a full synchronization has occurred, you can optionally back up only the block changes, thereby providing faster backups.
•
Can be deployed to a virtual machine; this enhances its own protection and flexibility.
•
Provides self-service for workloads such as SQL Server databases. For example, a developer could restore a database to the same location, to a folder, or to an alternate server that is running SQL Server. An end user also could recover files they have deleted from within a protected share.
•
Integration with System Center 2012 Orchestrator. This enables you to build automation into your virtualization or cloud computing environment.
•
Integration with System Center 2012 Service Manager. This enables you to offer backup as part of a service catalogue, and align with business processes.
•
Integration with Operations Manager. You can administer DPM from within the Operation console. This provides a single console to administer multiple DPM servers, and allows granular delegation of tasks to operators and administrators, such as bulk restart of failed backup jobs.
•
Supports item-level Recovery. Item-level recovery allows you to back up a virtual disk of a virtual machine on the Hyper-V host server. You can then recover individual items from within the protected virtual machine’s virtual disk.
•
Supports automation. Supports automation using either the DPM Management Shell, which is built on Windows PowerShell, or by using the System Center Integration Pack that integrates Orchestrator and DPM.
•
Supports bare-metal restores. This enables you to restore an entire server using the Repair your computer option located on the Windows Server setup media.
•
Online backup. DPM makes use of VSS on the Hyper-V host and on a virtual machine. If a virtual machine is running Windows 2003 or newer, and if the virtual machine receives a backup request from the Hyper-V host, it uses VSS and places the guest operating system in a suitable state for backup.
•
Provides several disaster recovery options. For disaster recovery you can back up all the DPMprotected data to a secondary site, or back up to Windows Azure Online Backup.
DPM protects several workloads and their associated components as follows: •
SQL Server
•
Hyper-V
•
AD DS
•
SharePoint Server
•
Exchange Server
•
Virtual Machine Manager database
•
Linux virtual machines
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-11
For a comprehensive list of protected workloads and their recoverable data types, refer to the following link: Protecting workloads with DPM http://go.microsoft.com/fwlink/?LinkID=386744
Other DPM benefits include support for the protection of virtual machines that are running on CSV, and for virtual machines that are running from Server Message Block (SMB) 3.0 file shares. To improve backup performance, DPM can exclude virtual machine page files from incremental backups. DPM also supports backups for machines during live migration.
DPM Components and the Protection Process DPM is made up of the following architectural components: •
DPM server. The DPM server is the main server component that processes the backup and recovery jobs. It manages the storage volumes and tape hardware, and provides the reporting features. The DPM server also manages agent configuration and deployment.
The DPM server requires a server that is running SQL Server. The DPM installation includes an instance of SQL Server 2008 R2, which DPM setup installs on the DPM server. You can choose to use an alternate SQL Server for DPM. •
DPM database. The DPM database stores the DPM configuration and reporting data. When using a remote SQL Server, DPM requires that the SQL Server database engine and SQL Server Reporting Services components are installed. DPM supports SQL Server 2008 R2 and SQL Server 2012.
•
DPM protection agents. A protection agent is the software that you install on the target servers or computers that you intend to protect. Protection agents allow the DPM server to identify and transfer the data for backup and restore. DPM has only a single agent type. Whether you are protecting SQL Server, Hyper-V, Exchange Server, or AD DS, you only need to deploy a single agent type.
•
Protection groups. Protection groups define storage pools, retention settings, and data sources that need protecting. All data sources in the same protection group share storage allocation, replication creation methods, and compression settings.
•
Central console. The central console allows monitoring of multiple DPM servers including differing versions from a single console. You must install the central console on an Operations Manager server. The console provides remote administration, role-based access, remote remediation, service level agreement (SLA) alerts, scripting support, and alert consolidation.
•
Storage pool. The storage pool consists of disks that attach to the DPM server, and that DPM uses to store its data replicas and recovery points. DPM can use direct-attached storage (DAS), Fibre Channel, and Internet small computer system interface (iSCSI). However, it cannot use USB storage or the Storage Spaces feature in Windows Server.
MCT USE ONLY. STUDENT USE PROHIBITED
13-12 Protecting and Monitoring Virtualization Infrastructure
•
Tape libraries. You can attach tape drives and tape libraries to the DPM server either directly, or through your SAN. (Refer to TechNet DPM documentation to search for compatible tape devices.) You can also use a virtual tape library. A virtual tape library emulates a physical tape library but stores data on disk.
•
Secondary DPM server. The secondary DPM server is the same as the primary DPM server with the exception that you use it to provide protection for you primary DPM servers.
•
Windows Azure Backup Agent. When using the Windows Azure Backup feature, you must download and install a Windows Azure Backup Agent on to each DPM server (both primary and secondary). Overview of DPM Features http://go.microsoft.com/fwlink/?LinkId=253435
How DPM Works
After you have installed a primary DPM server and configured its storage and tape components, you are now ready to create a protection group. Within the DPM console, select the desired protection type (Servers or Clients), add at least one member to the group, and then define if you will use disk, tape, or Windows Azure Backup Agent. You then set a schedule and retention range, and then configure the disk allocation and the initial replication method. After you create the protection group, DPM creates a volume in the storage pool in which to store a replica of each server or client that is part of the protection group. When the DPM protection agent on the protected server or client tracks data changes, DPM synchronizes the protected data to the replica, and transfers the changed data to the DPM server.
The Synchronization Process
During synchronization, the DPM protection agent uses a volume filter and change journal to track file changes, and then performs a checksum process to synchronize only the changed blocks. A data replica has can become inconsistent due to various reasons. However, you can schedule to run a consistency check that allows DPM to verify replica data with its source, and then synchronize required changes that return the replica to a consistent state. When creating or modifying a protection group, you can define what are known as recovery points. Recovery points are points in time from which you can restore data. DPM uses VSS writers for backing up remote workloads. It also uses VSS locally to create express full backups. Express full backups update the replica data with the incremental changes. •
For file data, DPM can store a maximum of 64 recovery points, which is the limit for VSS. For example, if you schedule two recovery points per day, the maximum retention will be 32 days.
•
For application data, DPM can store a maximum of 512 available recovery points. However, DPM reserves 64 recovery points for VSS, so you can only select up to 448 recovery points for your applications.
•
For longer term recovery options, you should consider using tapes or virtual tapes.
Considerations for Using DPM to Back Up Virtual Machines When planning your backup strategy for virtual machines, you should consider your backup options with respect to specific services or product that are running on your virtual machines. Moreover, you should follow the technical documentation and supported backup options for each service or product that runs on your virtual machines, such as AD DS, files and folders, Exchange Server, and SQL Server. Consider the following options for implementing virtual machine backups in your organization:
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-13
•
Perform backups on the physical server where virtual machines are located. In this scenario, you back up all virtual machine files. This type of backup is thorough, because all of your virtual machine configuration and data is backed up. However, you must ensure that this type of backup is supported for the services or products that are running on your virtual machines. For example, we do not recommend this type of backup for Exchange Server when it is running in a virtual environment.
•
Perform data backups on the virtualized server. This option performs data backup in the same manner as if a server was installed on a physical machine, which means that only the data inside the virtual machine is backed up. We recommend this type of backup when Microsoft Exchange Server is running in a virtual environment.
•
Perform an online backup. This type of backup ensures that data has been backed up without interrupting a production environment. If the product installed in your virtualized environment supports this type of backup, we recommend that organizations utilize online backup so that their servers can continue to work during the backup process.
•
Perform an offline backup. This type of backup requires that you stop the virtual machine until the backup is complete. The virtual machines then can resume working. We do not recommend this type of backup because it will cause a downtime of services that are running on the virtual machine. Instead, consider performing an offline backup if no other type of backup is supported or is possible in your organization.
Deploying DPM Protection Agents You must install DPM protection agents on each server or client that you want to protect. The DPM protection agent is the software that DPM uses to identify and track changes to data that the DPM server can protect. You can use several methods to deploy protection agents, and several scenarios in which you can deploy them. Note: This course reviews how to install DPM protection agents in the same Windows domain as the DPM server. Installing DPM in untrusted domains and work groups is supported, but it is beyond the scope of this course.
Firewall Settings
MCT USE ONLY. STUDENT USE PROHIBITED
13-14 Protecting and Monitoring Virtualization Infrastructure
Before you deploy DPM protection agents, you should ensure that the DPM server can communicate with the protected computer through any firewalls. On the DPM server, you should ensure that port 135 is open for TCP traffic, and that the DPM service (Msdpm.exe) and the DPM protection agent (DPmra.exe) can communicate through the firewall.
Automated Installation Process for No Firewall, Same Domain 1.
On the DPM server, launch the DPM Administrator Console. On the ribbon, click the Management workspace, and then click Install.
2.
In the Protection Agent Installation Wizard, on the Select Agent Deployment Method page, click Install agents, and then click Next.
3.
On the Select Computers page, in the Computer name section, click to highlight one or more computers that you want to protect, and then click Add. You can install earlier versions of the agent by clicking Advanced, and then selecting the version from the drop-down list box. When you have finished selecting computers, click Next.
4.
On the Enter Credentials page, enter credentials with administrative rights for the server or client you will be protecting. You domain will be listed as default. After entering your credentials, click Next, and wait for the cluster-checking phase to complete.
5.
On the Choose Restart Method page, click Restart the protected computer manually or automatically, and then click Next.
6.
On the Summary page, review the note about computers possibly losing network connectivity during installation, and then click Install.
Manual Installation Process for Windows Firewall, Same Domain 1.
Copy the DPM protection agent setup files, or map a drive to the DPM protection agent installation directory on the DPM server.
2.
Run the installer from a command prompt, and specify the fully qualified domain name (FQDN) for the DPM server. For example, to install the DPM protection agent on a 64-bit computer with a DPM server named LON-DPM1.adatum.com, you would type the following at a command prompt: DPMAgentInstaller_x64.exe LON-DPM1.adatum.com
3.
On the server you wish to protect, sign in, open a command prompt, and type the following command: netsh advfirewall firewall add rule name="Allow DPM Remote Agent Push" dir=in action=allow service=any enable=yes profile=any remoteip=
4.
On the DPM server, launch the DPM Administrator Console. Click the Management workspace and then on the ribbon click Install.
5.
In the Protection Agent Installation Wizard, on the Select Agent Deployment Method page, click Attach agents, click Computers on trusted domain, and then click Next.
6.
On the Select Computers page, in the Computer name section, click to highlight one or more computers that you want to protect. Alternatively, you either can type the FQDN of the DPM server, or you can select to import from a text file, and then click Add. When you have finished selecting computers to protect, click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-15
7.
On the Enter Credentials page, enter credentials with administrative rights for the server or client you will be protecting. Your domain will be listed as the default. After entering your credentials, click Next, and wait for the cluster checking phase to complete.
8.
On the Summary page, review the note about computers possibly losing network connectivity during installation, and then click Attach.
DPM performs an automatic discovery to identify new computers that have been added to the Active Directory domain of which the DPM server is a member. By default, auto discovery runs at 01:00 A.M daily, but you can modify this schedule. Discovered servers and clients are listed in the Protection Agent Installation Wizard, or in the Create New Protection Group Wizard. For a list of ports and agent network troubleshooting steps, use the following article as a guide: Data Protection Manager Agent Network Troubleshooting http://go.microsoft.com/fwlink/?LinkID=386741
Configuring Protection Groups What Are Protection Groups? Protection groups are a collection of data sources that share protection configurations, such as storage pools, retention settings, schedules, recovery points, and compression settings. Data sources are referred to as members. Individual servers can have multiple members. For example, system state and each volume are classified as members.
A member can be protected by multiple protection groups, but only one primary DPM server can protect any one data source. Protection groups can include more than one server or client, and you should use them to create logical groups that support your backup strategy. Some examples of protection groups that you could implement are: •
A group of Hyper-V hosts whose virtual machines you protect using the online backup method.
•
A group for specific virtual machines and physical servers such as SQL Server databases or domain controllers.
•
A group of file servers.
•
An Exchange Server group
•
A group of non-production servers.
To create a protection group, perform the following steps: 1.
On the DPM server, launch the DPM Administrator Console, and then click the Protection workspace. On the ribbon, click New.
2.
In the New Protection Group Wizard, on the Welcome page, click Next.
3.
On the Select protection group type page, click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
13-16 Protecting and Monitoring Virtualization Infrastructure
4.
On the Select group members page, in the Available members section, select the data sources. For example, if your Hyper-V host server is named LON-HOST1, expand LON-HOST1, and then click to select each virtual machine that you want to protect. When you are finished selecting data sources, click Next.
5.
On the Select Data Protection Method page, in the Protection group name text box, type a descriptive name for the protection group name. Click to select the protection method or methods. For example, click I want to short-term protection using: Disk. If you have configured online protection with Windows Azure Backup or if you have configured a tape library, you can select these now. When you are finished selecting the protection methods, click Next.
6.
On the Select Short-term Goals page, select the number of retention days for the protection group, and then click Modify.
7.
On the Express Full Backup page, you can optimize the number of recovery points by amending the express full backup schedule. When done, click Next.
8.
On the Review Disk Allocation page, click Modify. Here you can review and change the replica and recovery point volumes. Click Cancel, and note that Automatically grow the volumes is selected by default. Click Next.
9.
On the Choose Replica Creation Method page, for the data that you select, you can choose either to replicate now, or to replicate later. Alternatively you can perform a manual data transfer using removable media. Leave the default settings, and then click Next.
10. On the Consistency check options page, you can choose to run consistency checks when replicas become inconsistent (this is the default). Additionally, you can create a scheduled daily check. Leave the default settings, and then click Next. 11. On the Summary page, review your protection group settings, then click Create Group. 12. On the Status page, review the results of the tasks, and then click Close.
Within protection groups, you can configure recovery points separately for application members and file members. For example, you can schedule daily express full backups for a file server, and multiple daily backups for SQL databases in the same group. Where separate applications such as Exchange Server and SQL Server are within the same group, they will be grouped on the same schedule. Therefore, if this option is not suitable, you should create a separate protection group for another application type.
You can enable compression for each protection group. Compression reduces the amount of data that transmits over the network for replica creation, synchronization, consistency checks, and recovery operations. By enabling compression, you incur a slight additional CPU overhead for both the DPM server and the protected server or client. You can enable compression by using the following steps: 1.
Sign in to the DPM server and launch the DPM Administrator Console. Click the Protection workspace. In the central section under Protection Group Member, click the Protection group, and then on the ribbon, click Optimize.
2.
In the Optimize Performance dialog box, click the Network tab. In the Network section, click Enable on-the-wire compression.
You can add and remove members from a protection group, and you can modify group settings by using the Modify Group Wizard. Use the following steps to access the Modify Group Wizard: 1.
Sign in to the DPM server, and launch the DPM Administrator Console. Click the Protection workspace, then in the central section under Protection Group Member, click the Protection group. On the ribbon, click Modify.
2.
In the Modify Group Wizard, on the Select Group page, you can add and remove members.
3.
Complete each step of the wizard, making any required changes.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-17
A consistency check verifies that replica data is valid. Consistency check settings are shared with all data members in a protection group. Running consistency checks can create a slight overhead on the DPM server and the protected computer, and consume network bandwidth. You cannot throttle bandwidth at the protection group level. Bandwidth throttling is set in the DPM protection agent settings for each protected server or client.
Options for Protecting Virtualization Infrastructure You can use DPM to build your virtualization infrastructure protection strategy by utilizing the following virtualization-specific functionalities: •
Protection for both running and stopped virtual machines, from a DPM agent that you install on a Hyper-V host
•
Protection for running virtual machines using a traditional backup, including system state and all files
•
Protection of specific guest application workloads, namely Microsoft workloads such as the SQL databases used to run the System Center 2012 components
•
Item-level recovery, which allows you to restore a single file from within a virtual hard disk that was backed up at host level
•
Protection for virtual machines that reside on CSVs
•
Protection for virtual machines that reside on SMB storage
•
Protection for virtual machines during live migration
•
Protection for both clustered and non-clustered VMM servers
•
Scale-out protection. In some scenarios, you can have multiple DPM servers to provide protection to a large Hyper-V cluster. The host must be running a clean installation of Hyper-V on Windows 2012, and System Center 2012 SP1 DPM or System Center 2012 R2 DPM
•
Select to back up Hyper-V as a host-level workload in a protection group. This ensures that all future virtual machines that you create on that host or cluster will also be backed up
When designing a backup solution, you will need to consider options such as the following: •
How and when will initial replication take place?
•
How many hosts and virtual machines can be backed up at the same time without causing performance issues?
•
How much load will there be, and is compression and or bandwidth throttling required?
Remember that you can use DPM in conjunction with other technologies such as Hyper-V Replica, and that DPM can help form part of an overall solution. While it is imperative that you implement a good data protection strategy, it is also important that you not overcomplicate protection and recovery. The following topics are protection options for different Hyper-V host scenarios.
Stand-Alone Hyper-V Hosts
MCT USE ONLY. STUDENT USE PROHIBITED
13-18 Protecting and Monitoring Virtualization Infrastructure
To provide host-level protection to a virtual machine that is running on a stand-alone Hyper-V host, you must first install an agent on the Hyper-V host. You can protect virtual machines that are running on local storage, such as DAS, SAN, and network-attached storage (NAS). If your Hyper-V host uses SMB 3.x, you must also install a DPM protection agent on the file server that is hosting the SMB share.
CSVs DPM can provide protection for virtual machines that reside in CSV by using a hardware VSS provider, or an integrated software provider. There is a significant difference between Windows Server 2008 R2 Hyper-V CSVs and Windows Server 2012 R2 CSVs. Without a hardware-based VSS provider, you can only run one backup job at a time per CSV volume. In addition, the backup job places the cluster into a redirected I/O mode, which significantly reduces overall cluster performance. With CSV 2.0, this is no longer the case. By default, you can run three parallel backups or more with a registry key update. I/O redirection no longer occurs during backup. To perform CSV backups, you must install the DPM protection agent on each node in the Hyper-V host cluster.
SMB 3.x Shares
As with stand-alone Hyper-V hosts, you can back up Hyper-V host clusters that use SMB 3.x storage. The storage is represented by either a stand-alone file server or a clustered file server. You must install the DPM protection agent on each Hyper-V host and on each file server, to protect the virtual machines by using host-level backups.
Live Migration Protection
During live migrations, DPM protects virtual machines within a cluster without requiring any administrator intervention. DPM detects the migration and continues to protect the virtual machine from the new hosting node of the cluster. DPM can also protect live migrations that you perform outside of a cluster. However, this method has some requirements, such as the protected virtual machine must be part of cloud configured on System Center 2012 Service Pack 1 (SP1) VMM or newer, and the DPM servers must be connected to the VMM management server on which the cloud service is located.
Item-Level Recovery
Item-level recovery allows you to protect virtual machines at the host level. It also allows you to recover individual files and folders from within the virtual hard disk of the virtual machines. Unfortunately, you cannot restore these items directly to their original location. However, you can restore them locally to the DPM server or to a network location, and then copy them to their original location. Item-level recovery is very useful in many situations. However, you may want to use the in-guest backup method for a file server, which will enable end-user self-service recovery. You can use each of these to protect an entire virtual machine at the host level. When you build your protection solution, ensure that you take into consideration the workloads that you need to protect. Where appropriate, you should schedule virtual machine–level backups.
Using both item-level recovery and virtual machine–level backup provides the best solution. For example, you may have a critical database server that requires hourly backups. However, you could schedule the virtual machine that is hosting the database to be backed up daily. In this scenario, you would configure two scheduled backups, and then set the start times.
Best Practices As a best practice, you should: •
Document the options pertaining to your specific virtualization infrastructure, including: o
Hyper-V host versions.
o
Storage technology.
o
Virtual machine workloads.
o
Operating systems versions.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-19
•
Where possible, use a proof of concept on hardware that is as similar as possible to the end solution.
•
Determine the following: o
Backup volumes
o
Network throughput
o
Document recovery points
o
Recovery times and locations
•
Be sure to test recovery from backups, and where possible, randomize the recovery testing.
•
Define who will receive the backup reports, and make sure that they receive them.
•
Have an action plan that is subject to the content of the backup reports, such as increasing storage space, modifying schedules, or throttling bandwidth.
Performing Virtual Machine Recovery When performing a virtual machine recovery, there are typically three scenarios: •
Recovering a virtual machine to its original location
•
Recovering a virtual machine to an alternate location
•
Recovering an item such as a file, folder, volume, or disk, from within a virtual machine
You can use the DPM Administrator Console to recover a virtual machine to its original location. Use the following high-level steps, where: •
DomainName is the name of the domain in which the server was backed up.
•
ServerName is the name of the server you are recovering.
•
xyz is the state of the server when it was backed up, for example: Saved State, or Online.
1.
Launch the DPM Administrator Console.
2.
Click the Recovery workspace.
3.
In the navigation pane, expand Recoverable Data\DomainName\ServerName, and then click All Protected HyperV Data.
4.
In the results pane, under Recoverable Item, select and right-click Backup Using xyz State \ServerName, and then click Recover.
5.
In the Recovery Wizard, on the Review Recovery Selection page, click Next.
6.
On the Select Recovery Type page, click Recover to original instance, and then click Next.
7.
On the Specify Recovery Options page, click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
13-20 Protecting and Monitoring Virtualization Infrastructure
8.
On the Summary page, click Recover.
9.
On the Recovery Status page, verify that the Recovery status is Successful, and then click Close.
As a best practice, you should always test recovery scenarios as part of your overall backup strategy. When testing, note the amount of time it takes to recover the data, and the integrity of data. Consider that as the backup sizes grow, the recovery time will also grow. While an incremental backup may take 10 minutes, a full server restore may take an hour or longer. Note: Be aware of any performance impact from recovering virtual machines to production Hyper-V hosts. During the proof of concept phase of a virtualization deployment, you should determine whether recovering full virtual machines is acceptable during business hours. To determine this, review network, storage, and processor performance.
Deploying Windows Azure Online Backup for DPM You can use Windows Azure Online Backup to send a replica copy to a vault that you configure in Windows Azure cloud services. This is similar to a secondary offsite DPM server, except considerably less expensive and with reliability backed by a service level agreement (SLA).
Windows Azure Backup Prerequisites When you back up DPM using Windows Azure Backup, you must ensure that your network meets the following prerequisites: •
The DPM server must have installed either Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 SP1, and must be running either System Center 2012 SP1 DPM or System Center 2012 R2 DPM.
•
You must have a Windows Azure account with the Windows Azure Backup feature enabled. (You can create a trial account to test this feature.)
•
The Windows Azure Backup Agent must be installed on the DPM servers that you want to back up.
•
The DPM servers must have at least 2.5 gigabytes (GB) of local free storage space for cache location (15 GB recommended).
•
You must have a management certificate that you will upload to the backup vault in Windows Azure.
One consideration when you import data is that during the initial data transfer, you must send the full copy of the data, which will use your Internet connection. Ensure that any other production traffic that uses this connection will not be impacted during the initial or subsequent synchronizations.
For more detailed information on configuring Window Azure Backup for DPM, refer to the following link: Backing Up DPM using Windows Azure Backup http://go.microsoft.com/fwlink/?LinkID=386745
Lesson 3
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-21
Using Operations Manager for Monitoring and Reporting
Every administrator strives to keep their virtualization environment in a good state of health. Where possible, you should maintain sufficient reporting information about availability, performance, and capacity. Ideally, you will use this information for forecasting. Keeping your environment in a good state of health can consist of remediating issues automatically, or being alerted instantly to any issues and having immediate knowledge of details and the steps necessary to resolve them. Operations Manager is designed to do this for virtualized environments, and for many other technologies. This lesson introduces you to Operations Manager and its components, and provides basic information about monitoring and alerting.
Lesson Objectives After completing this lesson, you will be able to: •
Describe the key features and components of Operations Manager.
•
Use the Operations console.
•
Describe the purpose and functionality of management packs.
•
Explain how to import management packs.
•
Describe how to create overrides.
•
Explain how to configure notifications.
•
Describe how to configure reports and reporting.
Key Features and Components of Operations Manager Operations Manager is a cross-platform monitoring and alerting solution that provides application and infrastructure monitoring. You can integrate Operations Manager with VMM, Service Manager, and Orchestrator to provide automated remediation in response to errors, performance issues, and outages. Operations Manager also provides management packs to monitor other systems, including many non-Microsoft hardware and software components. Operations Manager includes the following features: •
Network monitoring. Operations Manager supports the discovery of network routers and switches. This provides a platform for you to monitor networks, from desktop to servers.
•
Application code monitoring. Operations Manager provides detailed monitoring information for applications, including Microsoft .NET Framework, and Java Platform, Enterprise Edition applications. Operations Manager also provides the ability to identify and pinpoint problems with applications.
MCT USE ONLY. STUDENT USE PROHIBITED
13-22 Protecting and Monitoring Virtualization Infrastructure
•
End-to-end monitoring. Operations Manager can perform end-to-end monitoring of applications. This means that it can monitor the application, the operating system on which it is running, the hardware that the operating system relies on, and the network devices that are used to provide access to the application. If an application is distributed across multiple systems, you can configure Operations Manager to show the application topology in a single pane. This allows administrators to see instantly where in the topology a problem occurs.
•
Dashboard widgets. Operations Manager offers predefined and easily customizable dashboard widgets for monitoring key statistics, alerts, and issues, from a single management console.
•
Heterogeneous platform monitoring. Operations Manager monitors Windows servers and applications, Linux, and UNIX systems for health and performance issues.
Operations Manager uses management packs that contain information about the objects that you monitor. These management packs are usually developed by application vendors. For example, Microsoft creates management packs for each version of its operating systems and server application products, such as SQL Server and Exchange Server.
Operations Manager Components Operations Manager includes the following components: •
Operations console. The Operations console is the user interface that you use for monitoring alerts and making administrative changes. The Operations console reads and writes data through a management server.
•
Management server. Each management group has one or more management servers that are responsible for reading and writing data to the operational database. To service requests, management servers are combined into resource pools.
•
Operational database. The operational database is a SQL Server database that stores recently collected information. By default, this database keeps data for seven days. Each management group has only one operational database.
•
Data warehouse database. The data warehouse database is a SQL Server database that stores historical data for reporting and long-term performance monitoring. Operations Manager simultaneously writes data to the data warehouse database and the operational database. Each management group has only one data warehouse database.
•
Operations Manager reporting server. The Operations Manager reporting server runs SQL Server Reporting Services (SSRS). Operations Manager generates reports from data located in the data warehouse database, and then stores reports on the Operations Manager reporting server.
•
Agents. In most cases, monitored servers have an Operations Manager agent installed. The Operations Manager agent is responsible for transmitting data to the management server. The management server configures the agent with rules for reporting data. Based on these rules, the Operations Manager agent is responsible for identifying the data for transmittal to the management server.
•
Web console. The web console is an optional component that provides access to Operations Manager data through a web-based interface. This avoids the need to install the Operations console on each computer where alerts are accessed and resolved.
•
SharePoint Portal. The SharePoint Portal, a feature of Microsoft SharePoint 2010, allows you to display dashboard views in a SharePoint site. This can be useful for displaying Operations Manager data in an existing SharePoint site for a workgroup.
•
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-23
Audit Collection Services. Operations Manager includes Audit Collection Services (ACS), which collects and stores data from security logs. ACS has a separate infrastructure that integrates with other Operations Manager components. This allows you to secure ACS data separately from the other Operations Manager data. You can use ACS to monitor security on computers that are running Windows Server, Solaris, AIX, UNIX, and Linux. ACS components include: o
ACS collector. The ACS collector is a service that runs on a server and accepts events that are being archived. The ACS database stores all collected events.
o
ACS database. The ACS database is a SQL Server database that stores the events that the ACS collector collects.
o
ACS forwarder. The ACS forwarder is a service that runs on monitored computers. The forwarder collects security events, and then passes them to the ACS collector.
o
ACS reporting server. The ACS reporting server runs SSRS. This can be the same SSRS instance that functions as the reporting server for Operations Manager, or a different SSRS instance. If you use the same SSRS instance, Operations Manager controls the security for the reports. If you use a different SSRS instance, you must configure SSRS security to control access to the reports.
Demonstration: Using the Operations Console In this demonstration, you will review the Operations console and its workspaces, including: •
Monitoring
•
Authoring
•
Reporting
•
Administration
Demonstration Steps 1.
On LON-OM1, launch the Operations Manager console.
2.
Review the Monitoring Overview page, including the States and Alerts sections. Review the Required Configurations tasks.
3.
Click Active Alerts, and review an alert, including the Alert details section at the bottom of the screen. Explore the actions and tasks pane.
4.
Right-click an alert, review the options that display, and then click Properties.
5.
In the Alert Properties dialog box, review some of the Alert Property tabs.
6.
Click the Authoring workspace. Review the options where you can create your own customized management packs, which may include components such as discoveries, tasks, knowledge, Run As profiles, reports monitors, rules, and groups.
7.
Click the Reporting workspace. Review how you can read and schedule reports, which are often included in management packs.
8.
Click the Administration workspace, and review the list of items in the navigation pane.
9.
Click My Workspace, review how you can customize and save console settings.
10. Close the Operations console.
Overview of Management Packs Management packs contain the settings that allow you to monitor components. The Operations Manager installation includes various management packs. Some of these packs are for monitoring Operations Manager itself in addition to common infrastructure components such as UNIX and Linux, and network devices. To manage and monitor other applications and technologies, you must first import management packs. For example, Microsoft provides management packs for many of its applications, including Exchange Server and SQL Server. Management packs can contain any of the following items:
MCT USE ONLY. STUDENT USE PROHIBITED
13-24 Protecting and Monitoring Virtualization Infrastructure
•
Monitors. Monitors are responsible for monitoring the state of each instance of a class. For example, you can monitor the health state of a server or application. The management pack author controls the health states that are reported by the monitor. For example, a monitor can indicate that a HyperV host’s memory state is in a warning state when it reaches 80 percent utilization for more than a few minutes.
•
Rules. Rules identify events and data that are collected from monitored servers and devices. Rules define what actions are performed based on the collected events or data. For example, Operations Manager can send alerts when a specific event appears in the event log, or when a monitored state changes.
•
Views. Views display information in the Operations console. Management packs can include views that organize information about the application they are monitoring. You can create and save your own customized views in the Operations console.
•
Knowledge. Knowledge is content that the management pack author adds to provide operators and administrators with information regarding problem resolution. The knowledge that the author adds is known as product knowledge. In addition to product knowledge, you can add company-specific knowledge for your organization’s specific environment.
•
Object discoveries. Object discoveries locate the objects that you can monitor, such as servers, devices, or applications. To find specific objects, object discoveries can use the registry, Windows Management Instrumentation (WMI), scripts, OLE DB, or custom code. The object types that you can monitor are called classes.
•
Tasks. Tasks are executable code or scripts that can run on the management server, or on the device or server that you are monitoring. You can run tasks by using automation. For example, when monitoring disk fragmentation, you can run a task for using defragmentation. Tasks can display in the Operations console. For example, when integrating DPM and Operations Manager, certain tasks become available that enable administrators to interact with backup jobs without the need to log on to a DPM server and launch the DPM Administrator Console.
•
Reports. The management pack author creates reports, which contain information that is specific to monitoring for that product. For example, a report may contain graphs showing a Hyper-V host server’s utilization over time, or it may contain forecasting, which you can use for capacity planning.
•
Run As profiles. Run As profiles can be used by monitors, rules, and tasks to carry out actions. The Run As profile contains the credentials used to access system resources and perform actions.
Creating Overrides You create overrides to customize management pack functionality for the specific requirements of your environment. This helps you to control the amount of data that Operations Manager collects. You can create overrides for the following: •
Monitors
•
Attributes
•
Object discoveries
•
Rules
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-25
When creating overrides, you can choose if they will target a specific object, or a group of objects. The minimum account permissions required to create overrides is Advanced Operator.
Sealed vs. Unsealed Management Packs
There are two types of management packs: sealed and unsealed. The main difference between these two management pack types is that you cannot edit the sealed management packs, whereas you can edit the unsealed management packs. As a best practice, after importing a management pack to which you need to make changes or override specific settings, create an unsealed management pack in which to store your changes. For example, if a sealed management pack is named Adatum Finance App (Adatum.Finance.App.mp), you could create an unsealed management pack called Adatum Finance App_Overrides (Adatum.Finance.App.xml). The unsealed management pack references the sealed management pack for its default settings, but contains your modification and overrides. Note: Do not save settings, changes, or elements of the default unsealed management packs that you install when you first install Operations Manager. Instead, create a management pack in which to save your modifications. To configure an override for a monitor, perform the following high-level steps: 1.
Launch the Operations console, and then click the Authoring workspace.
2.
In the Authoring workspace, expand Management Pack Objects, and then click Monitors.
3.
In the Monitors pane, expand an object type, and then click on a monitor.
4.
On the Operations console toolbar, click Overrides, click Override the Monitor, and then choose to override for all objects of a class, group, or specific object.
5.
After you choose and click on the group of object types that you want to override, the Override Properties dialog box opens. Here, you can view and edit the default settings contained in this monitor.
6.
Click in the Override column next to each parameter that you want to override, and then edit the Override Value.
7.
At the bottom of the Override Properties page, you can select a destination management pack from the list, or you can create a new unsealed management pack by clicking New.
8.
When you finish editing the management pack, click OK.
Configuring Notifications You can enable notifications in Operation a Manager to alert administrators, users, or groups of users to an event, issue, or state change of a monitored object. There are several components required to enable notification: notification channels, notification subscribers, notification subscriptions, and Run As profiles.
Notification Channels A notification channel is a channel used to deliver specific alerts that display in the alert view of the Operations console. The alerts are sent to administrators or users that you designate. The types of notification channels that you can configure are:
MCT USE ONLY. STUDENT USE PROHIBITED
13-26 Protecting and Monitoring Virtualization Infrastructure
•
Email. An email channel can send a message to a Simple Mail Transfer Protocol (SMTP) server. The SMTP server can be an Exchange server or another SMTP server.
•
Instant Messaging (IM). An IM channel delivers an instant message through Microsoft Office Live Communications Server, Office Communications Server, or Microsoft Lync.
•
Text Message (SMS). An SMS is used for delivering messages to mobile phones. The phone provider network delivers the messages. You must provide a compatible modem that supports SMS message Application Protocol Data Unit (APDU) mode.
•
Command. The command channel allows you to create customized notifications by running scripts or an executable that generates a notification.
Notification Subscribers To begin sending notifications to users, you must first set up notification subscribers. Notification subscribers are lists of people that can be notified. The notification subscriber allows you to configure the delivery addresses and channel for notifications. You can choose multiple channels to allow each subscriber to be notified using multiple methods. You can configure a subscriber schedule by setting a time zone, a date range, days of the week, and times that the subscriber will received alerts.
Notification Subscriptions
After creating notification channels and notification subscribers, you can configure notification subscriptions. Notification subscriptions determine which alerts will be sent to which subscribers, and through which channels. By selecting subscription criteria, you can define which alerts a subscription can use. If you do not define any criteria, all alerts that the Operations Manager generates will be sent. When creating a subscription, you can select multiple subscribers, and you must include which channels the subscription will use to send alerts.
Alert Aging
You can use alert aging to suppress notifications until an alert has remained active for a specified period. For example, you may use this mechanism to allow automation to resolve an alert or to provide service desk staff sufficient time to resolve an issue, before it is escalated. When defining and implementing notifications, make sure that everyone involved is in agreement with what you will send to them. Do not enable more notifications than what is necessary. For example, send the Backup team backup notifications, and send the Virtualization team their notifications.
Note: If you use Operations Manager to monitor and alert for business-critical systems, consider ensuring that the Operation Manager components are monitored, potentially by another Operations Manager, or by an external system. Consider monitoring the notification channels. For example, if SMTP and SMS are the notification channels and they stop working, you will not be notified by Operations Manager for any notifications, as its notification channels are down.
Demonstration: Configuring Notifications In this demonstration, you will see how to: •
Create a notification channel.
•
Create a notification subscription.
•
Create a notification subscriber.
Demonstration Steps Create a notification channel 1.
On LON-OM1, launch the Operations console.
2.
From the Administration workspace, create a new channel, click Email (SMTP), and leave the default name and description.
3.
Use the following information: o
SMTP server (FQDN): smtp.adatum.com
o
Port number: 25
o
Authentication method: Anonymous
o
Return address:
[email protected]
4.
On the Format page, accept the default message format.
5.
After the channel saves, click Close.
Create a notification subscriber
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-27
1.
In the Operations console, in the Administration workspace, click Subscribers.
2.
In the tasks pane, click New.
3.
In the Notification Subscriber Wizard, on the Description page, accept the default name, and then click Next.
4.
On the Schedule page, accept the default settings, and then click Next.
5.
On the Addresses page, click Add to create a new subscriber address.
6.
Use the following settings:
7.
o
Address name: Work E-mail
o
Channel Type: E-mail (SMTP)
o
Delivery address:
[email protected]
Complete the wizard accepting the default settings.
Create a notification subscription
MCT USE ONLY. STUDENT USE PROHIBITED
13-28 Protecting and Monitoring Virtualization Infrastructure
1.
In the Operations console, from the Administration workspace, click Subscriptions.
2.
In the tasks pane, click New.
3.
In the Subscription name text box, type Windows Server 2012 notifications, and then click Next.
4.
For the criteria, type raised by any instance in a specific group, and choose the Windows Server 2012 Computer Group.
5.
Use Adatum\Administrator as the subscriber, and E-mail as the channel. Enable Delay sending notifications if conditions remain unchanged for longer than (in minutes), enter 10 as the value, and then complete the wizard.
6.
When finished, close the Operations console.
Configuring Reports and Reporting The Reporting component of Operations Manager and SSRS provide the reporting feature in Operations Manager. Reporting is an optional component, and you can install it on a standalone server. Some considerations for implementing reporting are: •
Other applications cannot use the SSRS instance that Operations Manager uses.
•
For the virtualization forecasting reports to work, you must also integrate SQL Server Analysis Services (SSAS) with VMM.
Prior to System Center 2012 VMM, integrating Operations Manager and VMM enabled some reporting functions from within the VMM console. However, Beginning with System Center 2012 VMM, the reports are now enabled inside the Operations Manager Console.
Reports are often included in management packs. For example, when integrating VMM and Operations Manager, the virtualization reports are enabled with the management packs that VMM imports automatically. You can run reports and then view them immediately in the Operations console, or you can schedule and deliver them automatically.
Lesson 4
Integrating VMM with Operations Manager
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-29
You can integrate VMM with Operations Manager to create an effective monitoring solution for your virtualization environment. Integrating VMM with Operations Manager provides several benefits, including monitoring health and availability, and viewing virtualization infrastructure diagrams. You can also implement Performance and Resource Optimization (PRO) tips, which are Operations Manager management packs that can perform actions automatically in VMM in response to monitored events. This lesson describes how to configure integration of VMM and Operations Manager, and how to implement advanced monitoring for virtualization components.
Lesson Objectives After completing this lesson, you will be able to: •
Describe Operations Manager integration with VMM.
•
Explain how to configure Operations Manager and VMM integration.
•
Explain how to integrate VMM and Operations Manager.
•
Describe the functionality of PRO.
•
Describe how to configure advanced monitoring for virtualization components.
Operations Manager Integration with VMM You can integrate VMM and Operations Manager to provide complete monitoring of both physical host machines and virtual machines. Integrating VMM with Operations Manager has several benefits. You can: •
Monitor the health and availability of virtual machines, hosts, the VMM management server, the Virtual Machine Manager database server, and the library servers. You can also monitor a VMware-based virtual environment.
•
View diagram views of your virtualized environment from within the Operations console.
•
Implement PRO tips, which collect performance data from host machines, virtual machines, and applications. PRO tips enable you to automate changes to the VMM and host environment based on the performance information that Operations Manager provides. For example, if a physical hard disk fails, an alert in Operations Manager could trigger the evacuation of the host with a degraded disk subsystem. Another example could be using performance information to scale out a web farm automatically in response to increased transactions in VMM. Enable maintenance-mode integration. When you place hosts in maintenance mode, VMM attempts to put them in maintenance mode in Operations Manager.
•
Integrate Operations Manager and VMM to enable the reporting functionality in VMM.
•
Integrate SSAS. By integrating SSAS, you can run forecasting reports that can predict host activity based on history of disk space, memory, network I/O, disk I/O, and CPU usage. This option also supports SAN usage forecasting.
Configuring Operations Manager and VMM Integration You configure Operations Manager and VMM integration through the VMM console. The wizard that configures integration imports the VMM management packs into Operations Manager, and enables Windows PowerShell remoting on the VMM server. Windows PowerShell remoting allows the Operations Manager management server to run VMM management scripts on the Virtual Machine Manager server. Before you configure integration, you should complete the following prerequisites: •
Install Windows PowerShell 2.0 on all Operations Manager management servers.
•
Install the Operations console on the VMM server.
•
Install Operations Manager agents on the VMM management server, and on all hosts that VMM manages.
•
Install the SQL Server management pack in Operations Manager.
MCT USE ONLY. STUDENT USE PROHIBITED
13-30 Protecting and Monitoring Virtualization Infrastructure
The PRO tips implementation is more granular for System Center 2012 Operations Manager and System Center 2012 VMM, than for previous versions of these products. You can enable or disable PRO tips all the way down to individual virtual machines. This allows for better control of PRO tip implementation and delegation. For example, you can configure PRO tips so that self-service users are notified when PRO tips are available for any virtual machines that they own. After configuring integration between Operations Manager and VMM, you can verify functionality by viewing discovered VMM servers, and by viewing diagrams that show virtualization hosts and the virtual machines that they host. Additionally, you can use Windows PowerShell cmdlets. To manually initialize PRO tip diagnostics from Windows PowerShell, use the following command: Test-SCPROTip
To manually push all VMM objects discovered from Windows PowerShell use the following command: Write-SCOpsMgrConnection
Demonstration: Integrating VMM and Operations Manager In this demonstration you will see how to: •
Install the Operations Manager console on a VMM server.
•
Enable VMM integration with Operations Manager.
Demonstration Steps Install the Operations console on a VMM server
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-31
1.
On LON-VMM1, open File Explorer.
2.
Browse to and run D:\SCOM\setup.exe.
3.
On the Operations Manager window, click Install.
4.
Select only the Operations console to install.
5.
Use the default installation location, agree to the license terms, choose not to Help improve System Center 2012 - Operations Manager, and choose not to participate in both Customer Experience Improvement Program and Error Reporting.
6.
Do not use Microsoft Update, and do not opt to start the Operations console when the wizard closes.
7.
Complete the installation wizard, and then close all open windows.
Enable VMM integration with Operations Manager 1.
On LON-VMM1, launch the VMM console.
2.
From the Settings workspace, click System Center Settings, right-click Operations Manager Server, and then click Properties.
3.
On the Connection to Operations Manager page, use lon-om1.adatum.com for the server name.
4.
On the Connection to VMM page, use the following: o
User name: adatum\scservice
o
Password: Pa$$w0rd
5.
Complete the wizard.
6.
In the Jobs window, click New Operations Manager connection, and wait for the job to complete. This takes approximately five minutes.
7.
When the job completes, close the Jobs window.
What Are PRO Tips? PRO tips are Operations Manager management packs that can perform actions in VMM automatically, in response to monitored events. For example, hardware vendors can create PRO tips in reaction to a hardware event on a physical server. In response, the PRO tip can take remedial action, for example by moving one or more virtual machines automatically to another Hyper-V host server and placing the original hosts into maintenance mode. Note: Prior to System Center 2012 VMM, PRO tips were responsible for moving and balancing workloads across Hyper-V host clusters. This functionality was replaced by dynamic optimization, which is built into VMM. To enable PRO, use the following procedure: 1.
In the VMM console, open the Settings workspace.
2.
In the Settings pane, click System Center Settings, and then click Operations Manager Server.
3.
On the Home tab, in the Properties group, click Properties.
4.
On the Details page, under Connection Settings, select Enable Performance and Resource Optimization (PRO), and then click OK.
To configure PRO for hosts, use the following procedure:
MCT USE ONLY. STUDENT USE PROHIBITED
13-32 Protecting and Monitoring Virtualization Infrastructure
1.
In the VMM console, click the Fabric workspace.
2.
In the Fabric navigation pane, click the host group containing the server you will configure. In the main section, click the host, and then on the ribbon, click Properties.
3.
On the left of the host Properties page, click PRO State. You can click to enable Monitoring and Remediate for each of the Host PRO Monitors available. The default monitors are Virtual Machine Manager Dynamic Memory VM Pressure, and Virtual Machine Manager Maximum Dynamic Memory Monitor
Note: You also can author your own PRO tip. To do this, you need to understand Operations Manager management pack authoring, and have an understanding of Windows PowerShell and XML. Microsoft provides a programmer’s guide to creating PRO tips. If you do not have the required knowledge or would like assistance with creating PRO tips, contact your regional Microsoft office and locate a System Center Partner to develop the management pack and PRO tips that you need.
Configuring Advanced Monitoring for Virtualization Components. When you build a server virtualization environment and deploy Operations Manager to monitor it, there are several management packs that you can import and configure. These management packs include storage server management packs, and management packs authored by network vendors. Each of these management packs are created for specific hardware and software technologies. By implementing and tuning the management packs, you can build an advanced monitoring solution. The following are reasons why you should consider implementing hardware vendor management packs:
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
•
Receive alerts about a predictive physical hard disk failure. This enables you to replace a disk in a redundant array of independent disks (RAID) array before it actually fails.
•
Receive alerts about a storage controller failover or path status degradation in a multipath SAN.
•
Receive a notification about new firmware availability.
•
Receive temperature alerting with hardware.
13-33
In addition to monitoring hardware, you can obtain Microsoft management packs for much of your environment. For example, you can download management packs for SQL Server, WSUS, and File Servers services. You can use these management packs to monitor some of the VMM components more granularly. Apart from management packs authored by Microsoft, there is a large community of developers that are creating free management packs, including management packs for virtualization. You can search for management packs online using an Internet search engine.
Fabric Health Dashboard
The Fabric Health Dashboard provides a detailed view of private clouds health, and any underlying fabric resources. The dashboard provides administrators with immediate health and status information, allowing for rapid resolution of issues or potential issues. You can view the Fabric Health Dashboard by using the following steps: 1.
In the Operations Manager console, click the Monitoring workspace.
2.
In the Monitoring navigation pane, click and expand Microsoft System Center Virtual Machine Manager, expand Cloud Health Dashboard, and then click Cloud Health.
3.
Select the cloud you want to review, and then in the tasks pane, click Fabric Health Dashboard.
The following are some of the Fabric Health Dashboard features: •
Host State: This feature monitors the health state of host groups, or the resource aspects of the private cloud, such as CPU, memory, disks, and network adapters.
•
Storage Pools State File Share and LUN State. This feature monitors the health state of storage, including disk allocation and capacity.
MCT USE ONLY. STUDENT USE PROHIBITED
13-34 Protecting and Monitoring Virtualization Infrastructure
•
Network Node State. This feature monitors the health state of network nodes (devices) for the selected private cloud. Only physical network devices within a hop of the hosts display. To view physical network devices, enable Network Monitoring in Operations Manager, and then monitor the physical network devices that are connected to your hosts.
•
Active Alerts and Number of VMs. The Active Alerts and Number of VMs fields in the Fabric Health Dashboard can depict what issues are having the highest impact on your private cloud.
Fabric Health Monitoring Diagram View
The Diagram view in the Fabric Health Dashboard provides you with a diagram of your entire infrastructure’s fabric health. It also shows the health state of each part of the fabric. The Diagram view helps you answer questions about the health of your entire fabric. Improvements to the Diagram view ensure that health roll ups and that the relevant fabric components are part of the Diagram view.
Lab: Monitoring and Reporting Virtualization Infrastructure Scenario
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-35
As usage of the A. Datum Corporation virtual environment increases, IT management is concerned about the lack of information available about the environment. IT management wants to ensure that all virtual machine and host computer performance is monitored carefully. They also would like to see high-level reports showing the performance for the entire environment. To provide this level of monitoring and reporting, you must configure integration between VMM and Operations Manager. You will then use Operations Manager to provide IT management with better reports regarding the virtualization infrastructure, including performance monitoring.
Objectives After completing this lab, you will be able to: •
Implement Operations Manager agents.
•
Configure Operations Manager monitoring components.
•
Configure Operations Manager integration with VMM.
Lab Setup Estimated Time: 60 minutes Virtual machines: 20409B-LON-HOST1, 20409B-LON-DC1, 20409B-LON-VMM1, 20409B-LON-OM1 User name: Adatum\Administrator Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin, you must complete the following steps: 1.
On the host computer (LON-HOST1), start Hyper-V Manager.
2.
In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start. Wait 30 seconds.
3.
Click 20409B-LON-VMM1, and then in the Actions pane, click Start, and then click Connect. Wait until the virtual machine starts.
4.
Sign in by using the following credentials: o
User name: Administrator
o
Password: Pa$$w0rd
o
Domain: Adatum
5.
Repeat steps 3 and 4 for 20409B-LON-OM1.
6.
In the 20409B-LON-VMM1 on LON-HOST1 – Virtual Machine Connection, click the Media dropdown list box, click DVD Drive, and then click Insert Disk.
7.
In the Open pop-up dialog box, navigate to D:\Program Files\Microsoft Learning\20409\Drives (the location where the virtual machines are located), select the SC2012R2.iso file, and then click Open. Note: Shut down all virtual machines after finishing this lab.
Exercise 1: Implementing Microsoft System Center 2012 R2 Operations Manager Agents Scenario In this exercise, you will deploy Operations Manager agents to both a virtualization host and a virtual machine. You will deploy one agent by using discovery method, and you will deploy the other agent manually. The main tasks for this exercise are as follows: 1.
Deploy Operations Manager agents using the Operations console.
2.
Deploy Operations Manager agents manually.
Task 1: Deploy Operations Manager agents using the Operations console 1.
On LON-OM1, from the taskbar, launch the Operations console.
2.
In the Operations console, click the Administration workspace.
3.
Start the Computer and Device Management Wizard.
4.
On the Discovery Type page, ensure that Windows computers is selected.
5.
On the Auto or Advanced page, ensure Advanced Discovery is selected.
6.
On the Discovery Method page, type LON-HOST1.adatum.com as the computer name.
7.
Run the discovery, and then click LON-HOST1.adatum.com as the object to manage.
8.
Complete the wizard, wait for the task to complete successfully, and then click Close.
Task 2: Deploy Operations Manager agents manually 1.
On LON-OM1, in the Operations console, update the Security settings by enabling Review new manual agent installations in pending management view.
2.
Sign in to LON-VMM1.
3.
Locate and run the following file: \\lon-om1\c$\Program Files\Microsoft System Center 2012 R2\Operations Manager \Server\AgentManagement\amd64\momagent.msi
MCT USE ONLY. STUDENT USE PROHIBITED
13-36 Protecting and Monitoring Virtualization Infrastructure
4.
In the Microsoft Monitoring Agent Setup Wizard, enter Adatum for the Management Group name. Enter LON-OM1 for the Management Server name, and then complete the wizard.
5.
On LON-OM1, in the Operations Manager console, in the Administration workspace, locate the Pending Management node, and then approve LON-VMM1.adatum.com.
6.
In the Manual Agent Install window, read the information, and then click Approve.
Results: After completing this exercise, you should have deployed Operations Manager agents to a virtualization host and to a virtual machine.
Exercise 2: Configuring Operations Manager Monitoring Components Scenario In this exercise, you will deploy and configure monitoring components. You will install and configure management packs, configure notifications, and configure reports. The main task for this exercise is as follows: 1.
Configure notifications.
Task 1: Configure notifications
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-37
1.
In the Operations Manager console, click the Administration workspace.
2.
From the Notifications node, create a new channel, select Email (SMTP), and leave the default name and description.
3.
Use the following information: o
SMTP server (FQDN): smtp.adatum.com
o
Port number: 25
o
Authentication method: Anonymous
o
Return address:
[email protected]
4.
On the Format page, accept the default message format.
5.
After the channel saves, click Close.
6.
In the Operations Manager console, in the Administration workspace, click Subscribers.
7.
In the Task pane, click New.
8.
In the Notification Subscriber Wizard, on the Description page, accept the default name, and then click Next.
9.
On the Schedule page, accept the default settings, and then click Next.
10. On the Addresses page, click Add to create a new subscriber address. 11. Use the following settings: o
Address name: Work E-mail
o
Channel Type: E-mail (SMTP)
o
Delivery address:
[email protected]
12. Complete the wizard, accepting the default settings. 13. In the Operations Manager console, from the Administration workspace, click Subscriptions. 14. In the Task pane, click New.
15. In the Subscription name text box, type Windows Server 2012 notifications, and then click Next. 16. Enter raised by any instance in a specific group for the criteria, and choose the Windows Server 2012 Computer Group.
MCT USE ONLY. STUDENT USE PROHIBITED
13-38 Protecting and Monitoring Virtualization Infrastructure
17. Use Adatum\Administrator as the subscriber, and E-mail as the channel. Enable Delay sending notifications if conditions remain unchanged for longer than (in minutes), enter 10 as the value, and then complete the wizard. 18. When finished, close the Operations Manager console.
Results: After completing this exercise, you should have deployed and configured monitoring components including management packs, notifications, and reports.
Exercise 3: Configuring Operations Manager Integration with System Center 2012 R2 Virtual Machine Manager (VMM) Scenario
In this exercise, you will configure Operations Manager integration with VMM. You will install the Operations Manager console on the VMM management server, import management packs, and verify the effects of the integration. The main tasks for this exercise are as follows: 1.
Integrate Operations Manager and VMM.
2.
Test Performance and Resource Optimization PRO) integration.
3.
Work with virtualization reports.
4.
Perform advanced monitoring: Fabric dashboard and cloud health.
Task 1: Integrate Operations Manager and VMM 1.
On LON-VMM1, open File Explorer.
2.
Browse to and run D:\SCOM\setup.exe.
3.
Select only to install the Operations Manager console.
4.
Use the default installation location, agree to the license terms, and on the Help improve Operations Manager page, click No, I am not willing to participate for both Customer Experience Improvement Program and Error Reporting.
5.
Do not use Microsoft Update, and do not Start the Operations Manager console when the wizard closes.
6.
Complete the installation wizard, and then close all open windows.
7.
On LON-VMM1, launch the VMM console.
8.
From the Settings workspace, click System Center Settings, right-click Operations Manager Server, and then click Properties.
9.
On the Connection to Operations Manager page, use lon-om1.adatum.com for the server name.
10. On the Connection to VMM page, use the following: o
User name: adatum\scadmin
o
Password: Pa$$w0rd
11. Complete the wizard.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-39
12. In the Jobs window, click New Operations Manager connection, and wait for the job to complete. This takes approximately ten minutes. 13. When the job completes, close the Jobs window.
Task 2: Test Performance and Resource Optimization PRO) integration 1.
In the VMM console, click the Settings workspace, in the navigation pane, click System Center Settings, right-click Operations Manager Server, and then click Properties.
2.
In the Add Operations Manager Wizard, on the Connection Details page, under the Diagnostics section, click Test PRO, and then click OK.
3.
In the PRO window, click the PRO Diagnostics alert, review the information, and then close the PRO window.
4.
In the JOBS workspace, click the PRO diagnostics job, and then monitor the progress of the job.
Task 3: Work with virtualization reports 1.
On LON-OM1, in the Operations Manager console, click the Reporting workspace, and then click Microsoft System Center Virtual Machine Manager 2012 R2 Reports.
2.
On the right, launch the Host Utilization report, and then expand the report window.
3.
Review the From and To criteria, which should be First day of this month – Today and the current time and time zone.
4.
On the right, click Add Group. In the Group Name drop-down list box, ensure that Contains is selected, in the Filter 3, type all hosts, and then click Search.
5.
Under the Available items section, click All Hosts, click Add, and then click OK.
6.
Run the report. When the report finishes loading, review the report description, and then review the report.
7.
Click File, review the export options, and then when done, click Close
Task 4: Perform advanced monitoring: Fabric dashboard and cloud health 1.
In the Operations Manager console, click the Monitoring workspace.
2.
In the Monitoring navigation pane, browse to Microsoft System Center Virtual Machine Manager \Cloud Health Dashboard, and then click Cloud Health.
3.
Review the state and details of the DevCloud, then in the navigation pane, click Fabric Health Dashboard,
4.
Review the Fabric Health Dashboard, and when done, close the dashboard.
5.
Close the Operations console.
Results: After completing this exercise, you should have configured the integration of Operations Manager with VMM. You should have installed the Operations Manager console, imported management packs, and verified the effects of the integration.
Module Review and Takeaways Review Questions Question: One of the virtualization infrastructure on-call team members has requested that the team not receive infrastructure alerts through SMS during normal business hours. How can you address this issue? Question: Although the on-call team members no longer receive SMS alerts during business hours, they also no longer receive email notifications during the day. What could be the reason for this issue, and what can you do to resolve it? Question: When performing a recovery by using DPM, what are the three options for virtual machines? Question: Your data protection strategy calls for an offsite copy of your backups. What features does DPM provide to facilitate this?
MCT USE ONLY. STUDENT USE PROHIBITED
13-40 Protecting and Monitoring Virtualization Infrastructure
Course Evaluation Your evaluation of this course will help Microsoft understand the quality of your learning experience. Please work with your training provider to access the course evaluation form. Microsoft will keep your answers to this survey private and confidential and will use your responses to improve your future learning experience. Your open and honest feedback is valuable and appreciated.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center
13-41
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED L1-1
Module 1: Evaluating the Environment for Virtualization
Lab: Evaluating the Environment for Virtualization Exercise 1: Selecting the Appropriate Virtualization Method Task 1: Design a virtualization solution to resolve a remote worker application scenario
A. Datum has just passed a remote worker policy that allows up to an additional 50 people to work remotely. Until now, only a few designated on-call IT staff were approved to work remotely, and they all have fixed lines and secure virtual private networks (VPNs). Remote workers will be required to use their own devices, although they should run the company’s applications, and ideally keep data such as documents, reports, and spreadsheets within the company network. 1.
Which virtualization technology can assist with the remote worker requirements?
Answer: Presentation virtualization: Remote Desktop Services is the best candidate for this solution. 2.
What are three of the components required to deliver the remote worker solution? Answer: Any three of the following components can deliver a remote worker solution.
3.
o
Remote Desktop Session Broker
o
Remote Desktop Gateway
o
Remote Desktop Session Host
o
Remote Desktop Licensing Manager
Approximately four months after A. Datum has gone live with the remote worker solution, users begin to complain they cannot access the company systems from home. What could be a likely problem? Answer: The problem could be any (or a combination) of the following:
4.
o
The evaluation licenses have expired.
o
Either no licenses or the wrong or licenses are configured on the Remote Desktop Licensing Manager.
o
The Remote Desktop Session Host servers are not configured, or are not able to communicate with the Remote Desktop license server.
When designing the virtualization solution, you must be able to accommodate a physical server failure by providing reasonable fast recovery. What are the options to achieve a fast recovery?
Answer: Option 1 You can build more than one Remote Desktop Session Host server, and incoming users will be loadbalanced by the session broker. During a hardware failure, some of the users will lose their remote session, but when they attempt to connect again they will be directed to working servers.
MCT USE ONLY. STUDENT USE PROHIBITED
L1-2 Evaluating the Environment for Virtualization
Option 2 You can build a virtual server that runs Windows Server 2012 Remote Desktop. You can then place this server on a Windows Server 2012 Hyper-V host cluster, which would permit hardware failure. While users will lose their remote session when the server fails, when reconnecting they should be able to use the virtual machine that has started on another cluster node.
Task 2: Design a solution to for a Microsoft Office upgrade
A. Datum urgently needs to upgrade from Microsoft Office 2007 to Office 2010 for all employees. However, the remote workers, some senior managers, and most the IT staff should be piloting Office 2013 at the same time. Remote workers will need to have access to both Office 2010 and Office 2013.
Providing separate computers is not an option, and you have heard about application compatibility issues between different versions of Microsoft Office. 1.
Which virtualization technology could help you with these requirements? Answer: Microsoft System Center 2012 R2 Application Virtualization (App-V) can help deliver the required solution.
2.
You create packages for the following products: o
Microsoft Office 2010
o
Office 2013
o
Windows 7 Professional
o
Windows 8 Professional
For which other operating system do you need to create packages?
Answer: You should create packages for Windows Server 2012 so that the remote workers can access both versions of Microsoft Office from the same servers.
Task 3: Design a solution for the development team A. Datum developers use Microsoft SharePoint and Microsoft SQL Server extensively. They frequently need hardware, more disk space, and extra memory for their computers that are running client hypervisors. Developers also frequently contact the helpdesk with requests for restores, or to confirm that their databases are backed up. You have some additional budget that you could use for hardware and software to help the development team, and to reduce the administrative and operation task load that they create. 1.
Which virtualization and management technology could you implement to improve the development department infrastructure? Answer: You can implement server virtualization using Hyper-V.
2.
What tool can you use to find out how big the Hyper-V hosts must be to accommodate the developers’ current systems? Answer: You can use the Microsoft Assessment and Planning Toolkit (MAP).
3.
Which System Center 2012 R2 component could help you delegate some virtual machine administration, and provide some elements of self-service to the developers?
Answer: You can use System Center 2012 R2 Virtual Machine Manager (VMM) to provide delegated administration and self-service.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L1-3
Task 4: Respond to the CEO’s green initiative enquiry
The Chief Executive Officer (CEO) of A. Datum has asked you to provide some feedback on how your new virtualization project will meet the company’s green initiatives. Your predecessor had already obtained quotes for more power and cooling feeds to each of the company’s five data centers, to accommodate high-density blade centers that would provide the core virtualization infrastructure. •
List a few suggestions that could form part of a report to the CEO. Answer: o
Migrating from physical to virtual machines for most of the company’s server workloads should be a key factor in the green initiative.
o
Selecting low-power processors and memory in some, or all virtualization hosts will help with energy consumption.
o
Windows Server 2012 R2 deduplication could help reduce the storage footprint, in turn making the company greener.
o
Consolidate some of the data centers. You could reduce the data centers from five to three by using one subsidiary as secondary data center to the head office main data center.
o
Use shared storage.
Results: After completing this exercise, you should have evaluated a given scenario and selected the appropriate virtualization method for that scenario.
Exercise 2: Assessing the Environment by Using MAP Task 1: Install MAP 1.
From LON-CL1, move the pointer to the bottom left of the screen, right-click the Windows icon, and then click Run.
2.
In the Run text box, type \\lon-dc1\e$\labfiles\mapsetup.exe, and then click OK.
3.
In the Microsoft Assessment and Planning Toolkit Setup Wizard, on the Welcome page, click Next.
4.
On the License Agreement page, review the license agreement, click I accept the terms of the license agreement, and then click Next.
5.
On the Installation Folder page, review the installation path, and then click Next.
6.
On the Customer Experience Improvement Program page, click I don’t want to join the program at this time, and then click Next.
7.
On the Ready to Install page, click Install.
8.
On the Installation Successful page, ensure the Open the Microsoft Assessment and Planning and Toolkit check box is selected, and then click Finish.
9.
On the Datasource page, in the Create or select a database section, in the Name text box, type Demo, and then click OK.
10. Leave the MAP console open for the next task.
MCT USE ONLY. STUDENT USE PROHIBITED
L1-4 Evaluating the Environment for Virtualization
11. On the desktop, move the mouse to the bottom left of the screen, right-click the Windows icon, and then click Run. 12. In the Run text box, type \\lon-dc1\e$\labfiles, and then click OK. 13. Right-click the file MAP_Training_Kit.zip, and then click Extract All. In the destination text box, type C:\map, and then click Extract. 14. When the file finishes extracting, close the two File Explorer windows.
15. From the menu at the top of the MAP overview window, click File, and then click Manage Databases. In the databases section, click Import, next to the Backup File text box, click the Browse icon, in the File name text box, type c:\map\map_sampleDB.bak, and then click Open. 16. In the Database Name text box, type MAPDEMO, and then click OK.
17. When a warning displays, saying that the imported databases needs to be upgraded, click Yes. Note that this process may take a minute or two.
18. When the import shows as having been successfully imported and upgraded, click OK, and then click Close. 19. Click File, click Select a Database, click MAPDEMO, and then click OK.
Task 2: Review assessments 1.
On LON-CL1, from the Overview page, on the navigation pane on the left, click Server Virtualization.
2.
Under the Steps to complete section, click Run the Server Consolidation Wizard.
3.
In the Server Virtualization and Consolidation Wizard, on the Virtualization Technology page, click Windows Server 2012 Hyper-V, and then click Next.
4.
On the Hardware Configuration page, click Sample host, and then click Next.
5.
On the Utilization Settings page, in each text box, type 75, and then click Next.
6.
On the Choose Computers page, click Choose the computers from a list on the next step of the wizard, and then click Next.
7.
On the Computer List page, select the Computer Name check box, and then click Next.
8.
On the Summary page, review the settings, and then click Finish.
9.
When the assessment process completes, click Close.
10. In the MAP console, on the Server Virtualization page, under Scenarios, click Server Consolidation, and review the Details section. 11. Under the Options section, click the Server Virtualization Report, and when the proposal is generated, click Close. 12. On the MAP console menu, click View, and then click Saved Reports and Proposals.
13. In the File Explorer window, right-click the ServerVirtRecommendation workbook, and then click Open.
14. In the Microsoft Office Activation Wizard, click Close, click Next three times, and then click All done!. 15. At the bottom of the Microsoft Excel workbook, click each tab, and review the information in the report.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L1-5
16. When you finish reviewing the information, close Excel, and then close File Explorer.
17. Review the MAP toolkit. Review at least three of the scenarios for which the MAP toolkit provides information. 18. Be prepared to answer discussion questions based on your results.
Results: After completing this exercise, you should have installed MAP and assessed a virtualization environment.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED L2-7
Module 2: Installing and Configuring the Hyper-V Role
Lab: Installing and Configuring the Hyper-V Role Exercise 1: Installing the Hyper-V Role Task 1: Write down your LON-HOST number Note: One of the students in a pair will be working on LON-HOST1, and the other student will be working on LON-HOST2. •
Write down your LON-HOST number on a piece of paper. If your LON-HOST number is 1, your partner’s number will be 2, and vice-versa.
Task 2: Verify that the LON-HOST2 computer does not have the Hyper-V role installed 1.
Verify that the Hyper-V role is not yet installed on LON-HOST2. On LON-HOST2, in Server Manager, in the menu bar, click Manage, and then click Add Roles and Features.
2.
In the Add Roles and Features Wizard, on the Before you begin page, click Next.
3.
On the Select installation type page, ensure that the Role-based or feature-based installation option is selected, and then click Next.
4.
On the Select destination server page, ensure that Select a server from the server pool is selected, and then click Next.
5.
On the Select server roles page, in the Roles section, verify that Hyper-V is not selected (which means that it is not installed).
6.
Click Cancel to close the Add Roles and Features Wizard.
7.
On LON-HOST2, on the desktop, on the taskbar, click the Windows PowerShell icon.
8.
In the Windows PowerShell window, run the following cmdlet: Get-WindowsFeature *Hyper*
9.
Verify that the output shows that neither Hyper-V nor Hyper-V Management Tools are installed.
10. In Windows PowerShell, run the following cmdlet: Get-Command –Module Hyper-V
11. Verify that no cmdlet is listed. 12. In Windows PowerShell, run the following cmdlet: bcdedit.exe
13. Verify that in the output, in the Windows Boot Loader section, there is no line with hypervisorlaunchtype Auto.
Note: LON-HOST2 has multiple operating systems installed. Ensure that hypervisorlaunchtype Auto does not display in the Windows Boot Loader section for Windows Server 2012 R2. 14. Minimize the Windows PowerShell window. 15. Open the Start screen, and search for programs that contain the word hyper. Confirm that no program is found. 16. On the Start screen, search for and open Event Viewer.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-8 Installing and Configuring the Hyper-V Role
17. In Event Viewer, in the navigation pane, expand the Applications and Services Logs node, expand Microsoft, expand Windows, and verify that there is no node that starts with word Hyper-V. 18. Close Event Viewer. 19. On the Start screen, search for and open Performance Monitor.
20. In Performance Monitor, in the navigation pane, click Performance Monitor, and then in the details pane, on the toolbar, click the Add (green +) icon.
21. In the Add Counters window, ensure that is selected, and then verify that there is only one counter that starts with the word Hyper-V, Hyper-V Dynamic Memory Integration Service. 22. In the Add Counters window, click Cancel, and then close Performance Monitor. 23. On the Start screen, search for and open Windows Firewall with Advanced Security. 24. In the Windows Firewall with Advanced Security window, in the navigation pane, click Inbound Rules. 25. In the details pane, verify that there are no rules that start with the word Hyper-V. 26. Close Windows Firewall with Advanced Security. 27. On the Start screen, click the Control Panel tile. 28. In Control Panel, in the Search text box, type services, and then click View local services.
29. In the Services window, verify that seven services that start with the word Hyper-V display, but that Hyper-V Virtual Machine Management service is not present. 30. Close Services, and then close the Services – Control Panel window.
Task 3: Install the Hyper-V role by using Server Manager 1.
On LON-HOST2, on the desktop, on the taskbar, click Server Manager.
2.
In Server Manager, in the menu bar, click Manage, and then click Add Roles and Features.
3.
In the Add Roles and Features Wizard, on the Before you begin page, click Next.
4.
On the Select installation type page, ensure that the Role-based or feature-based installation option is selected, and then click Next.
5.
On the Select destination server page, ensure that Select a server from the server pool is selected, and then click Next.
6.
On the Select server roles page, in the Roles section, click Hyper-V.
7.
In the Add Roles and Features Wizard, verify that Include management tools (if applicable) is selected, and then click Add Features.
8.
On the Select server roles page, click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L2-9
9.
On the Select features page, click Next.
10. On the Hyper-V page, click Next. 11. On the Create Virtual Switches page, click Next. 12. On the Virtual Machine Migration page, click Next. 13. On the Default Stores page, click Next. 14. On the Confirm installation selection page, select the Restart the destination server automatically if required option. 15. In the Add Roles and Features Wizard, click Yes, and then click Install.
16. Wait until LON-HOST2 restarts, and then sign in with the user name Adatum\Administrator and password Pa$$w0rd. 17. In the Add Roles and Features Wizard, click Close.
Task 4: Verify that the Hyper-V role was installed successfully 1.
Verify that the Hyper-V role is installed on LON-HOST2.
2.
On LON-HOST2, in Server Manager, in the menu bar, click Manage, and then click Remove Roles and Features.
3.
In the Remove Roles and Features Wizard, on the Before you begin page, click Next.
4.
On the Select destination server page, ensure that Select a server from the server pool is selected, and then click Next.
5.
On the Remove server roles page, verify that in the Roles section Hyper-V is selected (which indicates that the role is installed).
6.
Click Cancel to close the Remove Roles and Features Wizard.
7.
Close Server Manager.
8.
On LON-HOST2, on the desktop, on the taskbar, click the Windows PowerShell icon.
9.
In Windows PowerShell, run the following cmdlet: Get-WindowsFeature *Hyper*
Note: The output shows that both Hyper-V and Hyper-V Management Tools are installed. 10. In Windows PowerShell, run the following cmdlet: Get-Command –Module Hyper-V
Note: The output returns many cmdlets, which confirms that the Hyper-V module is installed and available. 11. In Windows PowerShell, run the following command: bcdedit.exe
12. Verify that in the output, in the Windows Boot Loader section, there is a hypervisorlaunchtype Auto line. Note: LON-HOST2 has multiple operating systems installed. Ensure that hypervisorlaunchtype Auto displays in the Windows Boot Loader section for Windows Server 2012 R2. 13. Minimize Windows PowerShell. 14. Open the Start screen, and search for programs that contain the word hyper. Confirm that two programs are discovered: Hyper-V Manager, and Hyper-V Virtual Machine Connection. 15. On the Start screen, search for and open Event Viewer.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-10 Installing and Configuring the Hyper-V Role
16. In Event Viewer, in the navigation pane, expand Applications and Services Logs node, expand Microsoft, expand Windows, and verify that multiple nodes that start with word Hyper-V display. 17. Close Event Viewer. 18. On the Start screen, search for and open Performance Monitor.
19. In Performance Monitor, in the navigation pane, click Performance Monitor, and then in the details pane, on the toolbar, click the Add (green +) icon. 20. In the Add Counters window, ensure that is selected, and then verify that there are multiple counters that start with the word Hyper-V. 21. In the Add Counters window, click Cancel, and then close Performance Monitor. 22. On the Start screen, search for and open Windows Firewall with Advanced Security. 23. In the Windows Firewall with Advanced Security window, in the navigation pane, click Inbound Rules. In details pane, verify that multiple rules that start with the word Hyper-V display. 24. Close Windows Firewall with Advanced Security. 25. On the Start screen, click the Control Panel tile. 26. In Control Panel, in the Search text box, type services, and then click View local services. 27. In the Services window, verify that multiple services that start with the word Hyper-V display. Note: Hyper-V Virtual Machine Management service is one of services that display in the Services window, and the status of this service is Running. 28. Close the Services window and the Services - Control Panel window. 29. On LON-HOST2, run the following script: C:\Labfiles\Mod02-LON-HOST2.ps1 to prepare the environment. Note: This script will import three virtual machines: 20409B-LON-PROD2, 20409B-LON-TEST2, and 20409B-LON-CL2.
Results: After completing this exercise, you should have installed the Hyper-V role.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L2-11
Exercise 2: Configuring Hyper-V Settings Task 1: Create a network share for storing virtual machines Note: Complete the following task on both LON-HOST1 and LON-HOST2. 1.
On LON-HOSTx, on the taskbar, click Server Manager.
2.
In Server Manager, in the navigation pane, click File and Storage Services, and then click Shares.
3.
In the Shares section, click Tasks, and then click New Share.
4.
In the New Share Wizard, on the Select the profile for this share page, in the Select share profile section, click SMB Share – Applications, and then click Next.
5.
On the Select the server and path for this share page, click Next.
6.
On the Specify share name page, in Share name text box, type VHDs, and then click Next.
7.
On the Configure share settings page, click Next.
8.
On the Specify permissions to control access page, click Customize permissions.
9.
In the Advanced Security Settings for VHDs dialog box, click Add, click Select a principal, in the Enter the object name to select text box, type Domain users, click OK, select the Full control check box, and then click OK twice.
10. On the Specify permissions to control access page, click Next. 11. On the Confirm selections page, click Create. 12. On the View results page, click Close. 13. Minimize Server Manager.
Task 2: Configure a virtual hard disk location Note: Complete the following task on both LON-HOST1 and LON-HOST2. 1.
On LON-HOSTx, start Hyper-V Manager.
2.
Verify the default location for creating new virtual hard disks. In Hyper-V Manager, in the Actions pane, click New, and then click Hard Disk.
3.
In the New Virtual Hard Disk Wizard, click Next three times.
4.
In the New Virtual Hard Disk Wizard, on the Specify Name and Location page, verify that the Location field is set to C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks\, and then click Cancel.
5.
In Hyper-V Manager, in the Actions pane, click Hyper-V Settings.
6.
On the Hyper-V Settings for LON-HOSTx page, in left pane, verify that Virtual Hard Disks is selected.
7.
On the Hyper-V Settings for LON-HOSTx page, in the Location field verify that the same location that was used in the New Virtual Hard Disk Wizard is listed.
8.
Click Browse, and in the navigation pane, click Local Disk (C:). In the details pane, click Users, and then click Select Folder.
9.
On the Hyper-V Settings for LON-HOSTx page, click OK.
10. Verify that C:\Users is set as a default location for creating new virtual hard disks. 11. In Hyper-V Manager, in the Actions pane, click New, and then click Hard Disk. 12. In the New Virtual Hard Disk Wizard, click Next three times. 13. In the New Virtual Hard Disk Wizard, on the Specify Name and Location page, verify that the Location field is set to C:\Users\, and then click Cancel. Note: This is the same location as you configured for Virtual Hard Disk location. 14. On LON-HOSTx, on the taskbar, click the Windows PowerShell icon. 15. In Windows PowerShell, run the following cmdlet, where y is number of your partner host. For example, if you are using HOST1, y represents 2. If you are using HOST2, y represents 1: Set-VMHost -VirtualHardDiskPath \\LON-HOSTy\VHDs
16. In Hyper-V Manager, in the Actions pane, click Hyper-V Settings, and verify that \\LON-HOSTy\VHDs is specified as the Virtual Hard Disk location.
Task 3: Configure Hyper-V settings by using Windows PowerShell and Hyper-V Manager Note: Complete the following task on both LON-HOST1 and LON-HOST2.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-12 Installing and Configuring the Hyper-V Role
1.
In Hyper-V Manager, in the Actions pane, click Hyper-V Settings.
2.
On the Hyper-V Settings for LON-HOSTx page, in the left pane, click Virtual Machines, and in the details pane, in the text box, verify that C:\ProgramData\Microsoft\Windows\Hyper-V displays.
3.
On the Hyper-V Settings for LON-HOSTx page, in the left pane, click NUMA Spanning, and in the details pane, verify that NUMA Spanning is set to Enabled.
4.
In the left pane, click Storage Migrations, and verify that 2 simultaneous storage migrations are allowed.
5.
In the left pane, click Enhanced Session Mode Policy, and in the details pane, verify that Allow enhanced session mode is disabled.
6.
Close the Hyper-V Settings for LON-HOSTx page.
7.
Minimize Hyper-V Manager.
8.
On LON-HOSTx, on the taskbar, click the Windows PowerShell icon.
9.
In Windows PowerShell, run the following cmdlets, where y is number of your partner host. Press Enter at the end of each line: Set-VMHost Set-VMHost Set-VMHost Set-VMHost
–VirtualMachinePath \\LON-HOSTy\VHDs -NumaSpanningEnabled $false -MaximumStorageMigrations 4 -EnableEnhancedSessionMode $true
Note: You can ignore the message that states that you must restart the Hyper-V Virtual Machine Management Service to apply the NUMA Spanning configuration.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L2-13
10. Maximize Hyper-V Manager, and in the Actions pane, click Hyper-V Settings. 11. On the Hyper-V Settings for LON-HOSTx page, click Virtual Machines, and verify that \\LON-HOSTy\VHDs is specified as the Virtual Machine location. Note: This is the location that you set using Windows PowerShell. 12. In the left pane, click NUMA Spanning, and verify that NUMA Spanning is disabled. Note: NUMA Spanning is disabled because you set it to disabled using Windows PowerShell. 13. In the right pane, select the check box to allow NUMA Spanning.
14. In the left pane, click Storage Migrations, and then verify that the number of simultaneous storage migrations allowed is set to 4. Note: This value is set to 4 because you set the value using Windows PowerShell.
15. In the left pane, click Enhanced Session Mode Policy, and verify that Policy is enabled. In the details pane, clear the Allow enhanced session mode check box to disable Enhanced Session Mode Policy. 16. Click OK to close Hyper-V Settings for LON-HOSTx. Click Close.
Results: After completing this exercise, you should have configured Hyper-V settings.
Exercise 3: Accessing and Managing Hyper-V Remotely Task 1: Turn on the Hyper-V Management Tools feature Note: Complete the following task on both LON-HOST1 and LON-HOST2. 1.
On LON-HOSTx, in Hyper-V Manager, start and connect to 20409B-LON-CLx.
2.
Sign in to LON-CLx with the user name Adatum\Administrator and the password Pa$$w0rd.
3.
On LON-CLx, on the Start screen, search for programs that contain the word hyper. Confirm that no program is found.
4.
On the Start screen, search for and start Windows PowerShell.
5.
In Windows PowerShell, run the following cmdlet: Get-Command –Module Hyper-V
6.
Verify that no cmdlet is listed, and then minimize the Windows PowerShell window.
7.
On LON-CLx, on the Start screen, search for and then click Turn Windows features on or off.
8.
In the Windows Features window, expand the Hyper-V node, click Hyper-V Management Tools, and then click OK.
9.
Wait until the Windows operating system completes its required changes, and then click Close.
10. Maximize the Windows PowerShell window, and again run the following cmdlet: Get-Command –Module Hyper-V
Note: This time many cmdlets display, because the Hyper-V module is now installed. 11. Minimize the Windows PowerShell window.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-14 Installing and Configuring the Hyper-V Role
12. On LON-CLx, on the Start screen, search for programs that contain the word hyper. Confirm that two programs, Hyper-V Manager and Hyper-V Virtual Machine Connection, are discovered.
Task 2: Connect to the Hyper-V host and manage it remotely Note: Complete the following task on both LON-HOST1 and LON-HOST2. 1.
On LON-CLx, on the Start screen, type Hyper-V, and then click Hyper-V Manager.
2.
In Hyper-V Manager, in the navigation pane, right-click Hyper-V Manager, and then click Connect to Server.
3.
In the Select Computer dialog box, click Browse, in the Enter the object name to select text box, type LON-HOSTx, and then click OK twice.
4.
Verify that LON-HOSTx now displays in the Hyper-V Manager navigation pane.
5.
In Hyper-V Manager, click Hyper-V Settings.
6.
In the Hyper-V Settings for LON-HOSTx dialog box, review Hyper-V Settings for LON-HOSTx, and verify that they are configured as you configured them in the previous exercise.
7.
Close Hyper-V Settings for LON-HOSTx.
Note: Virtual Hard Disks and Virtual Machines locations are set to \\LON-HOSTy\VHDs, NUMA Spanning is enabled, Storage Migrations is set to 4, and Enhanced Session Mode Policy is disabled. 8.
On the desktop, on the taskbar, click the Windows PowerShell icon.
9.
In Windows PowerShell, run the following command: Get-VMHost –ComputerName LON-HOSTx | fl
Note: The output displays the Hyper-V settings for LON-HOSTx.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L2-15
10. In Windows PowerShell, run the following cmdlet: Set-VMHost –ComputerName LON-HOSTx -MaximumStorageMigrations 3
11. Switch to Hyper-V Manager. 12. In Hyper-V Manager, right-click LON-HOSTx, and then click Refresh.
13. In the Actions pane, click Hyper-V Settings, verify that Storage Migrations is set to 3, and then click OK. Note: This value is 3 because this is how you configured it in Windows PowerShell. 14. Close Windows PowerShell. 15. Close Hyper-V Manager.
Results: After completing this exercise, you should have accessed and managed Hyper-V remotely.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED L3-17
Module 3: Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
Lab A: Creating and Managing Virtual Hard Disks and Virtual Machines Exercise 1: Creating and Managing Virtual Hard Disks Task 1: Create virtual hard disks 1.
On LON-HOSTx, on the taskbar, click the Windows PowerShell icon.
2.
In Windows PowerShell, run the following cmdlets: Set-VMHost -VirtualHardDiskPath C:\Shares\VHDs Set-VMHost –VirtualMachinePath C:\Shares
3.
On LON-HOSTx, open Hyper-V Manager.
4.
In Hyper-V Manager, in the Actions pane, click New, and then click Hard disk.
5.
In the New Virtual Hard Disk Wizard, on the Before You Begin page, click Next.
6.
On the Choose Disk Format page, confirm that VHDX is selected. Note: This is the default disk format on Windows Server 2012 and newer.
7.
Click VHD, and then click Next.
8.
On the Choose Disk Type page, confirm that the default disk type for VHD hard disk is Fixed size, and then click Next twice.
9.
On the Configure Disk page, confirm that the maximum size for the VHD is 2,040 GB.
10. Click Previous three times to return to the Choose Disk Format page. 11. On the Choose Disk Format page, click VHDX, and then click Next. 12. On the Choose Disk Type page, confirm that the default disk type for the VHDX hard disk is Dynamically expanding, and then click Next.
13. On the Specify Name and Location page, in the Name field, type Dynamic.vhdx, confirm that the Location field is set to C:\Shares\VHDs\, and then click Next. 14. On the Configure Disk page, confirm that Create a new blank virtual hard disk is selected, in the Size field, type 100, and then click Next. 15. On the Completing the New Virtual Hard Disk Wizard page, click Finish. 16. On LON-HOSTx, in Hyper-V Manager, in the Actions pane, click New, and then click Hard disk. 17. In the New Virtual Hard Disk Wizard, on the Before You Begin page, click Next. 18. On the Choose Disk Format page, select VHD, and then click Next. 19. On the Choose Disk Type page, click Differencing, and then click Next.
20. On the Specify Name and Location page, in the Name field, type Differencing.vhd, confirm that the Location field is set to C:\Shares\VHDs\,and then click Next.
21. On the Configure Disk page, click Browse, and then browse to E:\Program Files \Microsoft Learning\base\. Note: The actual drive letter on which base images are stored can be different, and it depends on the physical server configuration. Drive E is used in the instructions, but you should use the drive on which base images are stored in your environment. 22. In the Base folder, click Base14A-WS12R2.vhd, click Open, and then click Next. 23. On the Completing the New Virtual Hard Disk Wizard page, click Finish. 24. On LON-HOSTx, on the taskbar, click the Windows PowerShell icon. 25. In Windows PowerShell, create a fixed-size virtual hard disk by running the following cmdlet: New-VHD –Path C:\Shares\VHDs\Fixed.vhdx -SizeBytes 1GB –Fixed
Task 2: Explore different virtual hard disk types
MCT USE ONLY. STUDENT USE PROHIBITED
L3-18 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
1.
On LON-HOSTx, on the taskbar, click File Explorer.
2.
In the This PC window, browse to the C:\Shares\VHDs folder.
3.
In the VHDs folder, confirm that the three virtual hard disks that you created in the previous task display.
4.
In the VHDs folder, right-click Fixed.vhdx, select Properties, confirm that its size on the disk is 1.00 GB, and then click OK.
5.
In the VHDs folder, verify that Dynamic.vhdx and Differencing.vhd are allocated much less space on the disk, even though you configured Dynamic.vhdx with 100 GB.
6.
On LON-HOSTx, in Hyper-V Manager, right-click LON-CLx, and then click Settings.
7.
In Settings for LON-CLx, in the left pane, click SCSI Controller, in the right pane, click Hard Drive, and then click Add.
8.
In the Hard Drive section, browse to C:\Shares\VHDs.
9.
In the VHDs folder, click Fixed.vhdx, click Open, and then click OK.
10. In Windows PowerShell, add two additional virtual hard disks to LON-CLx by running the following cmdlets: Add-VMHardDiskDrive –VMName 20409B-LON-CLx –ControllerType SCSI –Path C:\Shares\VHDs\Dynamic.vhdx Add-VMHardDiskDrive –VMName 20409B-LON-CLx –ControllerType SCSI –Path C:\Shares\VHDs\Differencing.vhd
11. On LON-HOSTx, in Hyper-V Manager, double-click LON-CLx. 12. On LON-CLx, on the desktop, click File Explorer. 13. In File Explorer, right-click This PC, and then click Manage.
14. In Computer Management, in the navigation pane, click Disk Management. After the Initialize Disk window opens, click OK. 15. Confirm that LON-CLx has multiple disks. Confirm that the last three disks have 1023 MB (1 GB), 100 GB, and 127 GB. Confirm that the last disk has two partitions, which are assigned letters E: and F:. Confirm that the first two disks have only unallocated space.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L3-19
16. Right-click the unallocated space of Disk 1, click New Simple Volume, click Next four times, and then click Finish. Disk is formatted and assigned letter G:. Close File Explorer and click Cancel in the Microsoft Windows dialog box. 17. Right-click the unallocated space of Disk 2, click New Simple Volume, click Next four times, and then click Finish. Disk is formatted and assigned letter H:. Click Cancel in the Microsoft Windows dialog box. 18. In File Explorer, browse to C:\Windows. 19. In the Windows window, in the details pane, right-click the Inf folder, and then click Copy.
20. In the navigation pane, click Local Disk (F:), and then confirm that multiple folders display in the details pane. Note: This is a partition on a differencing disk. You did not yet copy anything on it to the virtual hard disk; this is content on the parent disk.
21. In the details pane, right-click, and then click Paste. Verify that the Inf folder is copied to drive F: on the differencing virtual hard disk. 22. Copy folder Inf to drives G: on the fixed-size disk and H: on the dynamically expanding disk. 23. On LON-HOSTx, in File Explorer, browse to the C:\Shares\VHDs folder.
24. In the VHDs folder, confirm that all three disks still display. Confirm that the size of the Fixed.vhdx file is still 1 GB, while the size of the Differencing.vhd and Dynamic.vhdx files has increased as you copy data to the partitions on those disks.
Task 3: Manage virtual hard disks 1.
On LON-HOSTx, in Hyper-V Manager, in the Actions pane, click Edit Disk.
2.
In the Edit Virtual Hard Disk Wizard, on the Before you Begin page, click Next.
3.
On the Locate Virtual Hard Disk page, click Browse, and then browse to C:\Shares\VHDs.
4.
In the VHDs folder, click Fixed.vhdx, click Open, and then click Next.
5.
On the Choose Action page, confirm that Expand is selected, and then click Next.
6.
On the Expand Virtual Hard Disk page, in the New size field, type 2, and then click Next.
7.
On the Completing the Edit Virtual Hard Disk Wizard page, click Finish.
8.
In Hyper-V Manager, in the Actions pane, click Edit Disk.
9.
In the Edit Virtual Hard Disk Wizard, on the Before you Begin page, click Next.
10. On the Locate Virtual Hard Disk page, click Browse, and then browse to C:\Shares\VHDs. 11. In the VHDs folder, click Dynamic.vhdx, click Open, and then click Next.
12. On the Choose Action page, confirm that the dynamically expanding disk has two actions available, Compact and Expand. A third option, Shrink, would be available if there were unallocated space on that disk. Click Expand, and then click Next. 13. On the Expand Virtual Hard Disk page, in the New size field, type 200, and then click Next.
14. On the Completing the Edit Virtual Hard Disk Wizard page, click Finish. Notice that the operation finished much faster than when you expanded the fixed-size virtual hard disk.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-20 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
15. On LON-CLx, in Computer Management, right-click Disk Management, and then click Refresh. Confirm that Disk 1 and Disk 2 have expanded, and now have 1 GB and 100 GB of unallocated space. Notice that Hyper-V expanded the virtual hard disks while the virtual machine was running. 16. On LON-HOSTx, in Windows PowerShell, remove the first two small computer system interface (SCSI) virtual hard disks from LON-CLx by running the following cmdlets: Remove-VMHardDiskDrive –VMName 20409B-LON-CLx –ControllerType SCSI –ControllerNumber 0 –ControllerLocation 0 Remove-VMHardDiskDrive –VMName 20409B-LON-CLx –ControllerType SCSI –ControllerNumber 0 –ControllerLocation 1
17. On LON-HOSTx, in Hyper-V Manager, in the Actions pane, click Edit Disk. 18. In the Edit Virtual Hard Disk Wizard, on the Before you Begin page, click Next. 19. On the Locate Virtual Hard Disk page, click Browse, and then browse to C:\Shares\VHDs. 20. In the VHDs folder, click Dynamic.vhdx, click Open, and then click Next. 21. On the Choose Action page, confirm that there are new options available. Note: Shrink is available because the disk now has unallocated space, and Convert is available only if the disk is not used by a virtual machine. 22. On the Choose Action page, click Convert, and then click Next. 23. On the Convert Virtual Hard Disk page, click VHD, and then click Next. 24. On the Convert Virtual Hard Disk page, click Dynamically expanding, and then click Next. 25. On the Convert Virtual Hard Disk page, click Browse, and then browse to C:\Shares\VHDs. 26. In the VHDs folder, in the File name field, type Converted.vhd, click Save, and then click Next. 27. On the Completing the Edit Virtual Hard Disk Wizard page, click Finish. 28. On LON-HOSTx, in File Explorer, browse to C:\Shares\VHDs.
29. In the VHDs folder, confirm that file Converted.vhd is created, and that the size of Fixed.vhdx is now 2 GB.
Task 4: Add a directly attached disk 1.
On LON-HOSTx, from Server Manager, click Tools, and then click iSCSI Initiator.
2.
When the Microsoft iSCSI dialog box displays, click Yes.
3.
In the iSCSI Initiator Properties dialog box, in the Target field, type 172.16.0.14, and then click Quick Connect.
4.
In the Quick Connect dialog box, click the target with lon-ss1 in the name, and then click Done.
5.
On LON-HOSTx, in Server Manager, click the Tools menu, and then click Computer Management.
6.
In the Computer Management navigation pane, click Disk Management.
7.
In the details pane, confirm that disk has been added, and that it has a status of Offline. Make a note of its size. Note: Two disks are added on LON-HOST1. One disk is added on LON-HOST2.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L3-21
8.
Close Computer Management, and minimize Server Manager.
9.
On LON-HOSTx, in Hyper-V Manager, right-click LON-CLx, and then click Settings.
10. In Settings for LON-CLx, in the left pane, under SCSI Controller, click Hard Drive. In the right pane, in the Media section, click Physical hard disk, and then click OK. 11. On LON-CLx, in Computer Manager, in the navigation pane, click Disk Management. Confirm that Disk 1 displays, that it has the same size as the disk that was added to LON-HOSTx, and that it is not initialized. This is the directly attached disk that was added to LON-CLx. 12. In Computer Management, right-click Disk 1, and then click Initialize disk. 13. In the Initialize Disk dialog box, click OK.
14. Right-click in the unallocated space of Disk 1, click New Simple Volume, click Next four times, and then click Finish. Close File Explorer and click Cancel in the Microsoft Windows dialog box.
15. On LON-HOSTx, in Windows PowerShell, remove SCSI virtual hard disks from LON-CLx by running the following cmdlet: Remove-VMHardDiskDrive –VMName 20409B-LON-CLx –ControllerType SCSI -ControllerNumber 0 -ControllerLocation 2
Note that the location might differ. If so, check the virtual machine settings for LON-CLx. 16. On LON-CLx, in Disk Management, confirm that Disk 1 no longer displays.
17. On LON-HOSTx, in the iSCSI Initiator Properties window, in the Discovered targets section, click the target with lon-ss1 in the name, and then click Disconnect. 18. In the Disconnect From All Sessions dialog box, click Yes, and then click OK.
Results: After completing this exercise, you should have created and managed virtual hard disks.
Exercise 2: Creating and Managing Virtual Machines Task 1: Create virtual machines 1.
On LON-HOSTx, in Hyper-V Manager, in the Actions pane, click New, and then click Virtual Machine.
2.
In the New Virtual Machine Wizard, on the Before You Begin page, click Next.
3.
On the Specify Name and Location page, in the Name field, type LON-VM2, and then click Next.
4.
On the Specify Generation page, click Generation 2, and then click Next.
5.
On the Assign Memory page, in the Startup Memory field, type 1024, select the Use Dynamic Memory for this virtual machine check box, and then click Next four times.
6.
On the Completing the Virtual Machine Wizard page, click Finish. A virtual machine named LON-VM2 is created.
7.
On LON-HOSTx, in Windows PowerShell, create a Generation 1 virtual machine, and then attach it to a virtual hard disk by running the following cmdlets: New-VM –Name LON-VM1 –MemoryStartupBytes 1GB –Generation 1 –BootDevice IDE Add-VMHardDiskDrive –VMName LON-VM1 –ControllerType IDE –Path C:\Shares\VHDs\Differencing.vhd
Task 2: Manage virtual machines
MCT USE ONLY. STUDENT USE PROHIBITED
L3-22 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
1.
On LON-HOSTx, in Hyper-V Manager, right-click the LON-VM2 virtual machine, and then click Settings.
2.
In Settings for LON-VM2, in the Add Hardware section, in the details pane, confirm that three types of hardware display. Confirm also that in the left pane, in the Hardware section, no BIOS, IDE Controllers, COM ports, or Diskette Drive display, but Firmware does display.
3.
In the Hardware section, click Firmware, and then confirm that Enable Secure Boot is enabled.
4.
In the Boot order section, click Hard Drive, click the Move Up icon to set Hard Drive as the first boot device, and then click OK.
5.
In Hyper-V Manager, right-click the LON-VM1 virtual machine, and then click Settings.
6.
In Settings for LON-VM1, in the Add Hardware section, in the details pane, confirm that five types of hardware display. In the left pane, in the Hardware section, confirm also that BIOS, IDE Controllers, COM ports, and Diskette Drive display, but Firmware does not display.
7.
Click BIOS, confirm that you can change Startup order, but that no Enable Secure Boot option exists.
8.
Click Memory, and then confirm that Enable Dynamic Memory is not selected.
9.
In the left pane, in the Hardware section, confirm that a single Network Adapter displays, and then click OK.
10. On LON-HOSTx, in Windows PowerShell, enable dynamic memory, and then add a network adapter to the LON-VM1 virtual machine by running the following cmdlets: Set-VM –Name LON-VM1 –DynamicMemory Add-VMNetworkAdapter –VMName LON-VM1
11. In Hyper-V Manager, right-click the LON-VM1 virtual machine, and then click Settings.
12. In Settings for LON-VM1, click Memory, and then confirm that Enable Dynamic Memory is selected. 13. In the left pane, in the Hardware section, confirm that two Network Adapters display, and then click OK.
Task 3: Work with dynamic memory 1.
On LON-HOSTx, in Hyper-V Manager, right-click LON-CLx, and then click Settings.
2.
In Settings for LON-CLx, click Memory. In the details pane, confirm that Enable Dynamic Memory is selected, and then click OK.
3.
In Hyper-V Manager, make note of the currently Assigned Memory for the LON-CLx virtual machine.
4.
In LON-CLx, open Windows PowerShell.
5.
In Windows PowerShell, type the following two commands to allocate additional memory: cd C:\LabFiles\Mod03 .\TestLimit64.exe –d 400 –c 1
6.
On LON-HOSTx, in Hyper-V Manager, make note of the currently Assigned Memory for the LON-CLx virtual machine, and then confirm that LON-CLx is now using more memory.
7.
In LON-CLx, close Windows PowerShell.
8.
After a few minutes, check Assigned Memory for the LON-CLx virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L3-23
Task 4: Work with storage Quality of Service management 1.
On LON-CLx, open a Command Prompt window, and then type the following two commands to view virtual disk performance: cd c:\LabFiles\Mod03 .\sqlio.exe
2.
Wait for 30 seconds for the test to complete, and then make note of the IOs/sec result.
3.
On LON-HOSTx, in Hyper-V Manager, right-click LON-CLx, and then click Settings.
4.
In Settings for LON-CLx, under IDE Controller 0, expand Hard Drive, and then click Advanced Features.
5.
In the details pane, in the Advanced Features section, click Enable Quality of Service management. In the Minimum field, type 100, in the Maximum field, type 200, and then click OK.
6.
On LON-CLx, at a command prompt, type and execute sqlio.exe again.
7.
After the test completes, verify the IOs/sec result, and then confirm that it is close to 200, which is the limit you set and is considerably lower than the first result.
8.
On LON-HOSTx, in a Windows PowerShell window, disable Quality of Service management by running the following cmdlets: Set-VMHardDiskDrive –VMName 20409B-LON-CLx –ControllerType IDE –MaximumIOPS 0 – MinimumIOPS 0
Task 5: Configure Integration Services 1.
On LON-CLx, on Start screen, type services, and then click View local services.
2.
In the Services window, in the details pane, confirm that Hyper-V Time Synchronization Service is running.
3.
On LON-CLx, open a new Command Prompt window, and then run the Time command.
4.
Make note of the current time, type 11:00 as the current time, and then press Enter.
5.
In the Command Prompt window, enter the Time command again, and then confirm that it automatically set back to its previous value, as Integration Services automatically synchronized the time on LON-CLx with the time on LON-HOSTx.
6.
On LON-HOSTx, in Hyper-V Manager, right-click LON-CLx, and then click Settings.
7.
In Settings for LON-CLx, in the Management section, in the left pane, click Integration Services.
8.
In Integration Services, in the details pane, clear the Time synchronization check box, and then click OK.
9.
On LON-CLx, in Services, right-click Services (Local), and then click Refresh. Confirm that Hyper-V Time Synchronization Service is not running, and then close Services.
10. In LON-CLx, at the command prompt, run the Time command. Make note of the current time, type 11:00 as the current time, and then press Enter. 11. At the command prompt, type Time, and then press Enter twice. Confirm that the returned time is few second over 11:00, as time on the virtual machine is no longer synchronizing with the Hyper-V host. 12. In the Command Prompt window, run the devmgmt.msc command.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-24 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
13. In Device Manager, expand Display adapters, and then confirm that the virtual machine is using the Microsoft Hyper-V Video adapter, which is provided as part of Integration Services. 14. In Device Manager, expand System devices, and then confirm that the virtual machine is using several devices with Hyper-V in their name, including Microsoft Hyper-V Dynamic Memory. All of those virtual devices are provided as part of Integration Services. 15. Close Device Manager.
16. On LON-HOSTx, in Windows PowerShell, enable time synchronization for LON-CLx by running the following cmdlet: Enable-VMIntegrationService –VMName 20409B-LON-CLx –Name “Time Synchronization”
17. In LON-CLx, at the command prompt, run the Time command again, and then confirm that the time on the virtual machine is synchronized with the time on LON-HOSTx.
Results: After completing this exercise, you should have created and managed virtual machines.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L3-25
Lab B: Creating and Managing Checkpoints and Monitoring Hyper-V Exercise 1: Importing Virtual Machines and Working with Checkpoints Task 1: Import a virtual machine 1.
On LON-HOSTx, in Hyper-V Manager, in the Actions pane, click Import Virtual Machine.
2.
In the Import Virtual Machine window, on the Before You Begin page, click Next.
3.
On the Locate Folder page, type C:\VirtualMachines\LON-EXPORT\, and then click Next.
4.
On the Select Virtual Machine page, confirm that LON-EXPORT is selected, and then click Next.
5.
On the Choose Import Type page, confirm that Register the virtual machine in-place (use the existing unique ID) is selected, and then click Next.
6.
On the Configure Processor page, in Number of virtual processors field, type 1, and then click Next.
Note: This page shows only if a virtual machine is configured with more processors than are available on the Hyper-V host. 7.
On the Connect Network page, select External Network as the virtual switch to which you want virtual machine to be connected, and then click Next.
Note: This page shows only if the virtual machine is configured to use a virtual switch, which is not available on the Hyper-V host. 8.
On the Completing Import Wizard page, click Finish.
9.
When the error message “Hyper-V encountered an error during the import operation” displays, click See details, and notice that this is because a parent virtual hard disk was not found. Click Close.
10. In Hyper-V Manager, in the Actions pane, click Edit Disk. 11. In the Edit Virtual Hard Disk Wizard, on the Before You Begin page, click Next. 12. On the Locate Folder page, type C:\VirtualMachines\LON-EXPORT\Virtual Hard Disks \LON-EXPORT.vhd, and then click Next. 13. On the Reconnect Virtual Hard Disk page, click Next.
14. On the Reconnect to Parent Virtual Hard Disk page, type E:\Program Files\Microsoft Learning \Base\Base14A-WS12R2.vhd, and then click Next. Note: Actual drive letters on which base images are stored can be different, and it depends on the physical server configuration. Drive E is used in the instructions, but you should use the drive on which base images are stored in your environment. 15. On the Completing the Edit Virtual Hard Disk Wizard page, click Finish. 16. In Hyper-V Manager, in the Actions pane, click Import Virtual Machine.
17. In the Import Virtual Machine window, on Before You Begin page, click Next. 18. On the Locate Folder page, type C:\VirtualMachines\LON-EXPORT\, and then click Next. 19. On the Select Virtual Machine Import Virtual Machine page, confirm that LON-EXPORT is selected, and then click Next. 20. On the Choose Import Type page, confirm that Register the virtual machine in-place (use the existing unique ID) is selected, and then click Next. 21. On the Completing Import Wizard page, click Finish. 22. In Hyper-V Manager, right-click LON-EXPORT, and then click Settings.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-26 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
23. In Settings for LON-EXPORT on LON-HOSTx, confirm that LON-EXPORT is configured with a single virtual processor and that it is connected to virtual switch named External Network, and then click OK.
Task 2: Use enhanced session mode 1.
On LON-HOSTx, in File Explorer, browse to C:\Windows, and then double-click Win.ini.
2.
In Notepad, copy a few lines of text to the Clipboard by pressing Ctrl+C, and then close Notepad.
3.
On LON-CLx, open Notepad.
4.
In Notepad, from the menu bar, click Edit, and then confirm that the Paste option is not available.
5.
In Virtual Machine Connection to LON-CLx, in the Clipboard menu, click Type clipboard text. Confirm that the text that you copied from the Win.ini file is typed. Close the 20409B-LON-CLx window.
Note: Without enhanced session mode being enabled, this is the only way to copy content to virtual machines, and it works only for text. 6.
On LON-HOSTx, in Hyper-V Manager, in the Actions pane, click Hyper-V Settings.
7.
In Hyper-V Settings, on the left side, in the Server section, click Enhanced Session Mode Policy, in the details pane, click Allow enhanced session mode, and then click OK.
8.
In Hyper-V Manager, right-click 20409B-LON-CLx, and then click Connect.
9.
In the Connect to 20409B-LON-CLx window, click Show Options, click the Local Resources tab, in the Local devices and resources section, click More, click Drives, and then click OK.
10. In the Connect to 20409B-LON-CLx window, click Connect. Confirm that you are not automatically signed in to LON-CLx. 11. In LON-CLx, click ADATUM\administrator, in the Password field, type Pa$$w0rd, and then press Enter. Your previous session, including an opened Notepad, displays. 12. In Notepad, on the menu bar, click Edit, and then click Paste. Verify that the copied text from the Win.ini file is pasted. 13. Close Notepad, and when prompted, click Don’t Save.
14. On LON-HOSTx, in File Explorer, browse to C:\Windows, right-click Write.exe, and then click Copy.
15. On LON-CLx, right-click the desktop, and then click Paste. Confirm that file Write.exe is copied to the LON-CLx desktop.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L3-27
Note: When enhanced session mode is used, you can copy and paste files between a virtual machine and a Hyper-V host even if the virtual machine does not have network connectivity.
16. On LON-CLx, on the taskbar, click File Explorer. Confirm that in the navigation pane, drives from LON-HOSTx are mapped to the virtual machine. 17. In the navigation pane, right-click This PC, and then click Properties.
18. In the System window, click Remote Settings. Confirm that in the Remote Desktop section, Don’t allow remote connections to this computer is selected. 19. Click OK, and then close the System window.
20. In the Virtual Machine Connection to 20409B-LON-CLx window, in the Action menu, click Turn Off, and then click Turn Off. 21. Close Virtual Machine Connection. 22. On LON-HOSTx, in Hyper-V Manager, double-click the LON-CLx virtual machine. 23. In Virtual Machine Connection, in the Action menu, click Start. 24. Confirm that LON-CLx is starting. Note: Because Integration Services are not available during system start, enhanced session mode is not used during that time. However, after the system starts, the Connect to 20409B-LON-CLx window displays, and you can configure enhanced session mode properties. 25. On LON-HOSTx, in Hyper-V Manager, in the Actions pane, click Hyper-V Settings.
26. In Hyper-V settings, on the left side, in the Server section, click Enhanced Session Mode Policy. 27. In the details pane, clear the Allow enhanced session mode check box, and then click OK.
Task 3: Create checkpoints 1.
On LON-HOSTx, in Hyper-V Manager, right-click LON-VM1, and then click Settings.
2.
In Settings for LON-VM1, under IDE Controller 0, click Hard Drive, confirm that it is using the Differencing.vhd virtual hard disk that you created earlier, and then click OK.
3.
In Hyper-V Manager, right-click LON-VM1, and then click Checkpoint. Confirm in the Checkpoints pane that a checkpoint is added.
4.
In Hyper-V Manager, right-click LON-VM1, and then click Start.
5.
In Hyper-V Manager, right-click LON-VM1, and then click Settings.
6.
Confirm that under IDE Controller 0, Hard Drive is now using a file with a GUID in its name, and then click OK. Note: This is a differencing disk, which was created by the checkpoint.
7.
In Hyper-V Manager, double-click LON-VM1.
8.
Complete the setup by clicking Next, and then clicking I accept.
9.
On the Settings page, enter Pa$$w0rd in Password and Reenter Password fields, and then click Finish.
10. Sign in as Administrator by using the password Pa$$w0rd. 11. On LON-VM1, right-click the desktop, click New, click Folder, and name the folder Folder1.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-28 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
12. In Virtual Machine Connection, in the Action menu, click Checkpoint, type Folder1 as Checkpoint Name, and then click Yes. 13. On LON-VM1, right-click the desktop, click New, click Folder, and then name the folder Folder2. 14. In Virtual Machine Connection, on the toolbar, click the Checkpoint button, type Folder2 as Checkpoint Name, and then click Yes. 15. On LON-VM1, right-click the desktop, click New, click Folder, and then name the folder Folder3. 16. On LON-HOSTx, open Windows PowerShell. 17. In Windows PowerShell, create a checkpoint for LON-VM1 by running the following cmdlet: Checkpoint-VM –Name LON-VM1 –SnapshotName Folder3
18. View the existing checkpoints for LON-VM1 by running the following cmdlet in Windows PowerShell: Get-VMSnapshot –VMName LON-VM1
19. In Hyper-V Manager, confirm that all four checkpoints for LON-VM1 display.
20. Right-click the Folder1 checkpoint, and then click Apply. In the Apply Checkpoint dialog box, click Apply. 21. On LON-VM1, on the desktop, confirm that there is only single folder displaying, named Folder1. Right-click the desktop, click New, click Folder, and name the folder Folder1.1. 22. In Hyper-V Manager, right-click LON-VM1, and then click Checkpoint.
23. In Hyper-V Manager, in the Checkpoints pane, right-click the created checkpoint, click Rename, and then name the folder Folder1.1. 24. On LON-HOSTx, in File Explorer, browse to C:\Shares\Snapshots.
25. In the Snapshots folder, confirm that there are five .xml files and five subfolders—exactly the same as number of checkpoints for LON-VM1 that you created. 26. In the Snapshots window, in the details pane, click the Date modified column to order content by the time of creation. 27. Right-click the lowest folder in the details pane, and then click Properties. 28. In the Properties dialog box, confirm that the Size of this folder is 0. Note: The first checkpoint was created when LON-VM1 was turned off. 29. In the Properties dialog box, click OK. 30. In the Snapshots window, review the size of the other folders. Note: You created other LON-VM1 checkpoints while the virtual machine was running, so each of those folders contains the memory content of the virtual machine at the moment the checkpoint was created.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L3-29
Task 4: Manage checkpoints 1.
On LON-HOSTx, in Windows PowerShell, view checkpoints for LON-VM1 by running the following cmdlet: Get-VMSnapshot –VMName LON-VM1
2.
Review the ParentSnapshotName property of each checkpoint to see how checkpoints relate to each other.
3.
Export the Folder2 checkpoint by running the following cmdlet: Export-VMSnapshot –Name Folder2 –VMName LON-VM1 –Path C:\Exported
4.
In Hyper-V Manager, in the Virtual Machines pane, verify that the Status column is showing export progress for LON-VM1.
5.
On LON-HOSTx, in File Explorer, browse to C:\Exported\LON-VM1.
6.
In the LON-VM1 folder, confirm that there is no Snapshots subfolder.
7.
In the details pane, double-click the Virtual Hard Disks folder, and then confirm that it contains two virtual hard disks, the Differencing.vhd virtual hard disk, and its parent disk Base14A-WS12R2.vhd.
Note: Verify that export of LON-VM1 has finished. If the virtual machine is still exporting, wait until the export operation finishes. 8.
In File Explorer, in the navigation column, click Exported, in the details pane, right-click LON-VM1, click Rename, and then type Folder2.
9.
In Windows PowerShell, export complete LON-VM1 by running the following cmdlet: Export-VM –Name LON-VM1 –Path C:\Exported
10. You can view the export progress from Hyper-V Manager. 11. In File Explorer, browse to C:\Exported. 12. In the Exported folder, confirm that there is a LON-VM1 subfolder. Double-click the LON-VM1 folder, and then confirm that it contains a subfolder named Snapshots.
13. Double-click Virtual Hard Disks, and then confirm that it contains a Differencing.vhd virtual hard disk, its parent disk, and all of the differencing virtual hard disks that were created by checkpoints. 14. Close the Virtual Hard Disks window.
15. On LON-HOSTx, in Windows PowerShell, apply the Folder3 checkpoint to LON-VM1 by running the following cmdlet, and then clicking Y when prompted: Restore-VMSnapshot –Name Folder3 –VMName LON-VM1
16. On LON-VM1, on the desktop, confirm that there are three folders named Folder1, Folder2, and Folder3. 17. In Hyper-V Manager, right-click the Folder2 checkpoint, and then click Settings. 18. In the Settings for Folder2 (checkpoint) window, in the left pane, select several Hardware components, and then confirm that you cannot modify their settings. 19. In the Management section, in the navigation pane, click Name, in the Description field, type Folder1 and Folder2 on the desktop, and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-30 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
20. In Hyper-V Manager, right-click the Folder1 checkpoint, and then click Delete Checkpoint Subtree. In the Delete Checkpoint Tree dialog box, click Delete. 21. In Hyper-V Manager, confirm that all checkpoints for LON-VM1 except the first one are deleted instantly. Note: You can follow the merge process of the differencing virtual hard disks in the Status column of LON-VM1. 22. On LON-HOSTx, in File Explorer, browse to C:\Shares\Snapshots. 23. In the Snapshots folder, confirm that there is single .xml file, and one subfolder. Note: You deleted all the other checkpoints, and their differencing virtual hard disks were merged while the LON-VM1 virtual machine was running.
Task 5: Explore Generation ID 1.
On LON-HOSTx, on LON-VM1, in Server Manager, on the Tools menu, click Computer Management.
2.
In Computer Management, in the navigation pane, click Device Manager.
3.
In Device Manager, in the details pane, expand System devices, and then confirm that the Microsoft Hyper-V Generation Counter device is present. Note: This is how a virtual machine presents Generation ID to the operating system.
4.
Close Computer Management.
5.
Turn off LON-VM1.
Results: After completing this exercise, you should have imported virtual machines and worked with checkpoints.
Exercise 2: Monitoring Hyper-V Task 1: Use Task Manager 1.
On LON-HOSTx, right-click the taskbar, and then click Task Manager.
2.
In Task Manager, click More Details, and then click the Performance tab.
3.
Sign in to LON-CLx as Adatum\Administrator with the password Pa$$w0rd and click Desktop on the Start screen.
4.
On LON-CLx, right-click the taskbar, and then click Task Manager.
5.
In Task Manager, click More Details, and then click the Performance tab.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L3-31
6.
On LON-CLx, open Windows PowerShell.
7.
In Windows PowerShell, run the following command: C:\LabFiles\Mod03\Cpustres.exe
8.
Minimize Windows PowerShell.
9.
In CPU Stress, set the Process Priority Class to High. In the Thread 1 section, set Thread Priority to Highest, and then set Activity to Busy.
10. On LON-CLx, view the Task Manager and confirm that it shows high utilization. 11. On LON-HOSTx, view the Task Manager and confirm that it shows low utilization. Note: Because each Task Manager is showing utilization of its own virtual environment, the utilization shown is very different. 12. In CPU Stress, in the Thread 1 section, set Thread Priority to Idle and Activity to Low. 13. On LON-HOSTx, in Task Manager, click Open Resource Monitor. The Resource Monitor opens. 14. On LON-CLx, in Windows PowerShell, run the following command, and then minimize Windows PowerShell: C:\LabFiles\Mod03\sqlio.exe
15. Confirm that Task Manager on LON-CLx shows very high, almost 100 percent Disk 0 utilization. Resource Monitor on LON-HOSTx shows only a bit of increased disk activity. 16. On LON-HOSTx, minimize Resource Monitor.
Task 2: Use Performance Monitor to monitor Hyper-V performance 1.
On LON-HOSTx, in Server Manager, on the Tools menu, click Performance Monitor.
2.
In Performance Monitor, in the navigation pane, click Performance Monitor.
3.
In the details pane, on the toolbar, click Add.
4.
In the Add Counters dialog box, expand the Hyper-V Hypervisor Virtual Processor performance object, click % Guest Run Time. In the Instances of selected object section, click 20409B-LON-CLx, and then click Add.
5.
Expand the Hyper-V Virtual Storage Device performance object, select and then click Read Operations/sec. In the Instances of selected object section, click the instance that refers to 20409B-LON-CLx, and then click Add.
6.
Expand the LogicalDisk performance object, click Disk Reads/sec, in the Instances of selected object section, click C:, click Add, and then click OK.
7.
In Performance Monitor, in the details pane, select only Disk Reads/sec and Read Operations/Sec, right-click both, and then click Scale Selected Counters.
8.
On LON-CLx, in Windows PowerShell, run the following command: C:\LabFiles\Mod03\sqlio.exe
9.
Minimize Windows PowerShell.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-32 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints
10. On LON-HOSTx, in Performance Monitor, follow how disk access increases in the virtual machine and on the Hyper-V host while sqlio.exe is running on the virtual machine. 11. On LON-CLx, in CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread Priority to Highest, and set Activity to Busy.
12. On LON-HOSTx, in Performance Monitor, follow how processor utilization increases in both the virtual machine and on Hyper-V. Notice that the processor on LON-HOSTx is much less utilized than the processor on LON-CLx. 13. On LON-HOSTx, in Hyper-V Manager, view CPU Usage for the LON-CLx virtual machine. 14. In Hyper-V Manager, right-click LON-CLx, and then click Settings. 15. In Settings for LON-CLx, in the navigation pane, click Processor, type 10 in the Virtual machine limit (percentage) field, and then click OK.
16. In Hyper-V Manager, confirm that CPU Usage for the LON-CLx virtual machine is considerably lower. 17. On LON-CLx, close both CPU Stress and Task Manager. 18. On LON-HOSTx, close Performance Monitor, Resource Monitor, and Task Manager. 19. In Hyper-V Manager, right-click LON-CLx, and then click Settings. 20. In Settings for LON-CLx, in the navigation pane, click Processor, in the Virtual machine limit (percentage) field, type 100, and then click OK.
Task 3: Use Resource Metering 1.
On LON-HOSTx, in Windows PowerShell, run the following cmdlet to view if resource metering is enabled for LON-CLx: Get-VM 20409B-LON-CLx | Select Name, Status, ResourceMeteringEnabled
2.
Run the following cmdlet to enable resource metering for LON-CLx: Get-VM 20409B-LON-CLx | Enable-VMResourceMetering
3.
View resource metering data for LON-CLx by running the following cmdlet: Get-VM 20409B-LON-CLx | Measure-VM
4.
On LON-CLx, in Windows PowerShell, run the following command: C:\LabFiles\Mod03\Cpustres.exe
5.
In CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread Priority to Highest, and then set Activity to Busy.
6.
In Windows PowerShell, run the following command: C:\LabFiles\Mod03\TestLimit64.exe –d 400 –c 5
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L3-33
7.
On LON-HOSTx, in Windows PowerShell, run the following cmdlet to view resource metering data for LON-CLx: Get-VM 20409B-LON-CLx | Measure-VM
8.
Compare the result with previous results, and then notice the increased use of AvgRAM(M) and AvgCPU(MHz).
9.
On LON-CLx, close CPU Stress.
10. On LON-HOSTx, in Windows PowerShell, run the following cmdlet to disable resource metering for LON-CLx: Get-VM 20409B-LON-CLx | Disable-VMResourceMetering
Results: After completing this exercise, you should have monitored Hyper-V.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED L4-35
Module 4: Creating and Configuring Virtual Machine Networks
Lab A: Creating and Using Hyper-V Virtual Switches
Exercise 1: Creating and Using Windows Server 2012 R2 Hyper-V Virtual Switches Task 1: Verify current Hyper-V network configuration 1.
On LON-HOSTx, start Hyper-V Manager.
2.
In Hyper-V Manager, in the Actions pane, click Virtual Switch Manager.
3.
In the Virtual Switch Manager window, confirm that in the Virtual Switches section, External Network is the only virtual switch listed.
4.
In the Virtual Switch Manager window, click Cancel.
5.
Minimize Hyper-V Manager.
6.
On LON-HOSTx, on the Start screen, click the Control Panel tile.
7.
In Control Panel, in the Search Control Panel text box, type network, and then click View network connections.
8.
In the Network Connections window, confirm that two network connections display: Ethernet 2, and vEthernet (External Network).
9.
Right-click Ethernet 2, and then click Properties.
10. In the Properties dialog box, confirm that only the check box for Hyper-V Extensible Virtual Switch is selected, and none of the check boxes for the other items are selected. Click Cancel. 11. Right-click the vEthernet (External Network) network connection, and then click Properties. Confirm that the network connection is using most items, but it is not using Hyper-V Extensible Virtual Switch, for which the check box is not selected. Click Cancel.
Task 2: Create virtual network adapters in a parent partition 1.
On LON-HOSTx, on the taskbar, click the Windows PowerShell icon.
2.
In Windows PowerShell, run the following cmdlet: Get-VMNetworkAdapter -All
3.
Verify that the output shows that one network adapter named External Network is present on the system.
4.
In Windows PowerShell, run the following cmdlet: Add-VMNetworkAdapter –ManagementOS –Name Management
5.
In the Network Connections window, confirm that a new network connection named vEthernet (Management) is added.
6.
Right-click the vEthernet (Management) network connection, and then click Properties.
7.
In the Properties dialog box, confirm that the network connection is using most items, including Internet Protocol Version 4 (TCP/IPv4), but that it is not using Hyper-V Extensible Virtual Switch, and then click Cancel.
8.
In Windows PowerShell, run the following cmdlet: Get-VMNetworkAdapter –All
9.
Verify that the output shows that the Management network adapter is present on the system.
10. In Windows PowerShell, run the following cmdlets: Add-VMNetworkAdapter –ManagementOS –Name Storage Add-VMNetworkAdapter –ManagementOS –Name “Live Migration”
MCT USE ONLY. STUDENT USE PROHIBITED
L4-36 Creating and Configuring Virtual Machine Networks
11. In the Network Connections window, confirm that two new network connections named vEthernet (Storage) and vEthernet (Live Migration) are added. 12. In Windows PowerShell, run the following cmdlet: Get-VMNetworkAdapter –All
13. Confirm that there are network adapters named Storage and Live Migration present on the system.
Task 3: Create virtual switches 1.
On LON-HOSTx, maximize Hyper-V Manager.
2.
In Hyper-V Manager, in the Actions pane, click Virtual Switch Manager.
3.
In the Virtual Switch Manager window, in the left pane, confirm that New virtual network switch is selected.
4.
In the right pane, confirm that External is selected, and then click Create Virtual Switch.
5.
Confirm that New Virtual Switch is added to the left pane.
6.
In right pane, in the Connection type section, confirm that External network is selected.
7.
Verify that you can select Enable single-root I/O virtualization (SR-IOV), but do not select them.
8.
Verify that you can also select Enable virtual LAN identification, but do not enable it.
9.
In the Virtual Switch Manager window, click OK.
10. In the Apply Networking Changes dialog box, click Yes.
11. When the Error applying Virtual Switch Properties changes message displays, expand See details to view the error description. 12. Review the error message, and then click Close. Note: The error message is that the physical network adapter is already bound to the virtual switch, and a physical network adapter can be bound to only one external virtual switch.
13. In the Virtual Switch Manager for LON-HOSTx window, in the Name text box, type Internal Switch.
14. In the Connection type section, click Internal network. Verify that you cannot enable single root I/O virtualization (SR-IOV) for the internal switch, but that you can select Enable virtual LAN identification. Do not enable it, and click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L4-37
15. Maximize the Network Connections window, and confirm that the additional network connection vEthernet (Internal Switch) is added. 16. Right-click the vEthernet (Internal Switch) network connection, and then click Properties.
17. In the Properties dialog box, confirm that the network connection is using most items, including Internet Protocol Version 4 (TCP/IPv4). Verify that the network connection is not using Hyper-V Extensible Virtual Switch, and then click Cancel. 18. In a Windows PowerShell window, run the following cmdlet: Get-VMNetworkAdapter –All
19. Confirm that there is a network adapter named Internal Switch present on the system. 20. Maximize Hyper-V Manager, and in the Actions pane, click Virtual Switch Manager. 21. In Virtual Switch Manager for LON-HOSTx, in the left pane, confirm that New virtual network switch is selected, in the right pane, click Private, and then click Create Virtual Switch. 22. Verify that in the left pane, New Virtual Switch is added.
23. In the Name text box, type Private Switch. In the Connection type section, confirm that Private network is selected. Verify that you cannot enable either SR-IOV or virtual local area network (VLAN) identification for the internal switch, and then click OK. 24. Maximize the Network Connections window, and confirm that when you created the private virtual switch, no network connection was added. 25. Minimize the Network Connections window. 26. in the Windows PowerShell window, run the following cmdlet: Get-VMNetworkAdapter –All
27. Confirm that no network connection was added when you created the private virtual switch. 28. Maximize Hyper-V Manager, and in the Actions pane, click Virtual Switch Manager.
29. In Virtual Switch Manager for LON-HOSTx, expand the External Network virtual switch, and then click Extensions.
30. In Virtual Switch Manager for LON-HOSTx, verify that in the right pane, two switch extensions display. Verify that Microsoft NDIS Capture is not enabled, whereas Microsoft Windows Filtering Platform is enabled. 31. Expand both the Internal Switch and the Private Switch, and confirm that they have the same extensions available as the External virtual switch, and that they are configured the same. 32. Click Cancel, and then minimize both Hyper-V Manager and Windows PowerShell.
Task 4: Use Hyper-V virtual switches 1.
On LON-HOSTx, maximize Hyper-V Manager.
2.
In Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Settings.
3.
In Settings for 20409B-LON-PRODx, in the left pane, click Network Adapter, in the Virtual Switch drop-down list box, click Private Switch, and then click OK.
4.
In Hyper-V Manager, right-click 20409B-LON-TESTx, and then click Settings.
5.
In Settings for 20409B-LON-TESTx, in the left pane, click Network Adapter, in the Virtual Switch drop-down list box, click Private Switch, and then click OK.
6.
On LON-PRODx, on the taskbar, click the Windows PowerShell icon.
7.
In Windows PowerShell, run the following command: ipconfig
8.
Confirm that LON-PRODx has an IPv4 address of 10.0.0.x5, (where x is 1 if you are using LON-HOST1, and x is 2 if you are using LON-HOST2).
9.
In Windows PowerShell, run the following command: ping 10.0.0.x6
10. Confirm that four replies are returned. Note: LON-TESTx has IP address 10.0.0.x6. 11. On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Settings.
MCT USE ONLY. STUDENT USE PROHIBITED
L4-38 Creating and Configuring Virtual Machine Networks
12. In Settings for 20409B-LON-PRODx, in the left pane, click Network Adapter, in the Virtual Switch drop-down list box, click Internal Switch, and then click OK. 13. On LON-PRODx, in Windows PowerShell, run the following command: ping 10.0.0.x6
14. Confirm that this time the destination host is unreachable. Note: This is because LON-PRODx is connected on a different virtual switch than LON-TESTx. 15. On LON-HOSTx, maximize the Windows PowerShell window, and run the following command: ping 10.0.0.x5
16. Confirm that the destination host is unreachable. Note: This is because the virtual network adapter in LON-HOSTx that is connected to the Internal switch does not have an IP address from the same subnet as LON-PRODx. 17. On LON-HOSTx, maximize the Network Connections window. 18. In the Network Connections window, right-click the vEthernet (Internal Switch) network connection, and then click Properties. 19. In the vEthernet (Internal Switch) Properties dialog box, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
20. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click Use the following IP address, in the IP address text box, type 10.0.0.100. 21. In the Subnet mask text box, type 255.255.255.0, click OK, and click Close. 22. On LON-HOSTx, maximize the Windows PowerShell window, and run the following command: ping 10.0.0.x5
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L4-39
23. Confirm that four replies are returned, which confirms that both LON-HOSTx and LON-PRODx now have network connectivity. 24. On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Settings. 25. In the Settings for 20409B-LON-PRODx window, in the left pane, click Network Adapter, in the Virtual Switch drop-down list box, click External Network, and then click OK. 26. On LON-PRODx, in Windows PowerShell, run the following cmdlet: Set-NetIPInterface –InterfaceAlias Ethernet –dhcp enabled
Note: This cmdlet configures LON-PRODx to obtain an IP address automatically from a DHCP server. 27. In Windows PowerShell, run the following command: ipconfig /all
28. Verify from the output that LON-PRODx has a different IPv4 address, and that it obtained the IP address from the DHCP server that is running on LON-DC1. 29. Write down the IPv4 address of LON-PRODx. 30. On LON-HOSTx, in Windows PowerShell, run the following command: ping
31. Confirm that four replies are returned, which confirms that LON-HOSTx and LON-PRODx have network connectivity. 32. On LON-PRODx, in Windows PowerShell, run the following command: ping LON-DC1
33. Confirm that four replies are returned, which confirms that LON-DC1 and LON-PRODx have network connectivity. Note: Leave the virtual machines running, as you will use them in the next lab.
Results: After completing this exercise, you should have created and used Hyper-V virtual switches.
MCT USE ONLY. STUDENT USE PROHIBITED
L4-40 Creating and Configuring Virtual Machine Networks
Lab B: Creating and Using Advanced Virtual Switch Features Exercise 1: Configuring and Using Advanced Virtual Switch Features Task 1: Configure and use DHCP guard Note: In this exercise you will see how you can prevent rogue DHCP servers on your network. Because your partner is also using the same DHCP server, you should synchronize this task with him or her. 1.
On LON-PRODx, in Windows PowerShell, run the following commands, pressing Enter at the end of each line: ipconfig /release ipconfig /renew
Note: By running these commands, you renew TCP/IP settings on LON-PRODx. Notice from the output that TCP/IP settings were obtained successfully. 2.
On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Settings.
3.
In Settings for 20409B-LON-PRODx, in the left pane, expand Network Adapter, and then click Advanced Features. In the right pane, click Enable DHCP guard, and then click OK.
4.
On LON-PRODx, in Windows PowerShell, run the following commands, pressing Enter at the end of each line: ipconfig /release ipconfig /renew
Note: Notice that the TCP/IP settings on LON-PRODx renew successfully. This is because DHCP guard setting on the virtual network adapter has no effect on whether the virtual machine can obtain TCP/IP settings over that adapter. Note: The following lab steps will affect your lab partner, so let him or her know that you will perform the change on the LON-DC1 virtual machine. Your partner should wait until you finish this change, and then proceed. 5.
On LON-HOST1, in Hyper-V Manager, right-click 20409B-LON-DC1, and then click Settings.
6.
In Settings for 20409B-LON-DC1, in the left pane, expand Legacy Network Adapter, and then click Advanced Features. In the right pane, click Enable DHCP guard, and then click OK.
7.
On LON-PRODx, in Windows PowerShell, run the following commands, pressing Enter at the end of each line: ipconfig /release ipconfig /renew
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L4-41
Note: Notice that this time the process takes considerably longer, and LON-PRODx is not able to obtain TCP/IP settings. This is because when you enabled DHCP guard on the virtual machine where the rogue DHCP server is running, you can no longer get TCP/IP settings from that virtual machine 8.
On LON-HOST1, in Windows PowerShell, run the following cmdlets, pressing Enter at the end of each line: $vmNIC = Get-VMNetworkAdapter -VMName 20409B-LON-DC1 Set-VMNetworkAdapter -VMNetworkAdapter $vmNIC -DHCPGuard Off
Note: By running those cmdlets, you disable DHCP guard on LON-DC1. Now the DHCP server that is running in that virtual machine can once again offer TCP/IP settings. Note: Now that you have disabled DHCP guard on LON-DC1, have your partner perform the steps from step 5 onwards.
Task 2: Configure and use VLANs 1.
On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-TESTx, and then click Settings.
2.
In Settings for 20409B-LON-TESTx, in the left pane, click Network Adapter, in the Virtual Switch drop-down list box, click External Network, and then click OK.
3.
On LON-PRODx, on the Start screen, type Control Panel, and then press Enter.
4.
In Control Panel, in the Search Control Panel text box, type network, and then click View network connections.
5.
In the Network Connections window, right-click the Ethernet network connection, and then click Properties.
6.
In the Ethernet Properties dialog box, click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
7.
In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click Use the following IP address. In the IP address text box, type 10.0.0.x5, in the Subnet mask text box, type 255.255.255.0, click OK, and then click Close.
8.
On LON-PRODx, in Windows PowerShell, run the following command: ping 10.0.0.x6
9.
Confirm that four replies are returned, which confirms that LON-PRODx and LON-TESTx have network connectivity.
10. On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Settings.
11. In Settings for 20409B-LON-PRODx, in the left pane, click Network Adapter, and then in the right pane, click Enable virtual LAN identification. 12. Verify that 2 is specified as VLAN ID, and then click OK. 13. On LON-PRODx, in Windows PowerShell, run the following command: ping 10.0.0.x6
14. Confirm that the destination host is no longer reachable. Note: This is because LON-PRODx is connected to a VLAN different from LON-TESTx. If your partner is also at this step in the lab, you can ping LON-PRODy (10.0.0.y5). Because it is configured with the same VLAN and connected to the same network, the command will be successful. 15. On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Settings.
MCT USE ONLY. STUDENT USE PROHIBITED
L4-42 Creating and Configuring Virtual Machine Networks
16. In Settings for 20409B-LON-PRODx, in the left pane, click Network Adapter, in the right pane, clear the Enable virtual LAN identification check box, and then click OK.
Task 3: Configure and use bandwidth management 1.
On LON-PRODx, on the desktop, on the taskbar, click File Explorer.
2.
In the This PC window, on the navigation pane, expand This PC, expand Local Disk (C:), and then click Windows.
3.
In the Windows window, in the details pane, right-click the Inf folder, and then click Copy.
4.
In the Windows window, in navigation, click the down arrow, type \\10.0.0.x6\share, and then press Enter.
Note: You are now connected to a share named Share on the LON-TESTx computer. LON-TESTx has IP address 10.0.0.x6. 5.
In the share window, right-click in the details pane, and then click Paste.
6.
Make note of the copy speed and how long the process takes.
7.
When the copy process completes, right-click the Inf folder, click Delete, and then in the Delete Folder dialog box, click Yes.
8.
On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Settings.
9.
In the Settings for 20409B-LON-PRODx window, in the left pane, click Network Adapter, in the details pane, click Enable bandwidth management, in both the Minimum bandwidth and Maximum bandwidth text boxes, type 10, and then click OK.
10. On LON-PRODx, in the share window, right-click in details pane and then click Paste. 11. In the window that displays the progress of the copy process, confirm that the copy process takes noticeably longer to complete. 12. On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Settings. 13. In Settings for 20409B-LON-PRODx, in the left pane, click Network Adapter, in the details pane, clear the Enable bandwidth management check box, and then click OK. Note: Leave the virtual machines running, as you will use them in the next lab.
Results: After completing this exercise, you should have configured and used advanced virtual switch features.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L4-43
Lab C: Configuring and Testing Hyper-V Network Virtualization Exercise 1: Configuring Hyper-V Network Virtualization Task 1: Verify that network virtualization is not configured on LON-HOST1 Note: Only the student who is using LON-HOST1 performs this task. 1.
On LON-PROD1, on the Start screen, search for and start Windows PowerShell.
2.
In Windows PowerShell, run following three commands, pressing Enter at the end of each line: ping 10.0.0.16 ping 10.0.0.25 ping 10.0.0.26
3.
Confirm that LON-PROD1 has connectivity with all three virtual machines, LON-TEST1, LON-PROD2 and LON-TEST2.
4.
On LON-HOST1, on the taskbar, click the Windows PowerShell icon.
5.
In Windows PowerShell, run the following cmdlet: Get-VMNetworkAdapter –VMName 20409B-LON-PROD1 | fl
6.
Confirm that the VirtualSubnetId property has the value 0, which means that virtual subnets are not being used.
7.
In Windows PowerShell, run the following cmdlet: Get-NetVirtualizationLookupRecord
8.
Verify that the output is empty, which confirms that no virtualization lookup record has been defined.
Note: The virtualization lookup record defines which virtual machine is running on which Hyper-V host, and over which virtualization subnet is achievable. 9.
In Windows PowerShell, run following cmdlet: Get-NetVirtualizationCustomerRoute
10. Verify that the output is empty, which confirms that the virtualization customer route has yet to be defined. 11. In Windows PowerShell, run following cmdlet: Get-NetAdapter
12. For the physical network adapter, under the ifIndex column, write down the Index number.
Task 2: Verify that network virtualization is not configured on LON-HOST2 Note: Only the student who is using LON-HOST2 performs this task. 1.
On LON-TEST2, on the Start screen, search for and start Windows PowerShell.
2.
In Windows PowerShell, run the following three commands, pressing Enter at the end of each line: ping 10.0.0.15 ping 10.0.0.16 ping 10.0.0.25
3.
Confirm that four replies are returned for each command. This confirms that LON-TEST2 has connectivity with LON-PROD1, LON-TEST1, and LON-PROD2.
4.
On LON-HOST2, on the taskbar, click the Windows PowerShell icon.
5.
In Windows PowerShell, run following cmdlet: Get-VMNetworkAdapter –VMName 20409B-LON-TEST2 | fl
MCT USE ONLY. STUDENT USE PROHIBITED
L4-44 Creating and Configuring Virtual Machine Networks
6.
Confirm that VirtualSubnetId property has the value 0, which means that virtual subnets are not in use.
7.
In Windows PowerShell, run following cmdlet: Get-NetVirtualizationLookupRecord
8.
Confirm that the output is empty, which confirms that no virtualization lookup record has been defined.
Note: The virtualization lookup record defines which virtual machine is running on which Hyper-V host, and over which virtualization subnet it is achievable. 9.
In Windows PowerShell, run the following cmdlet: Get-NetVirtualizationCustomerRoute
10. Verify that the output is empty, which confirms that a virtualization customer route has yet to be defined. 11. In Windows PowerShell, run following cmdlet: Get-NetAdapter
12. For the physical network adapter, under the ifIndex column, write down the Index number.
Task 3: Configure Hyper-V network virtualization 1.
On LON-HOSTx, on the Desktop, on the taskbar, click File Explorer.
2.
In the This PC window, in the navigation pane, expand Local Disk (C:), expand LabFiles, and then click Mod04.
3.
In the details pane, right-click ConfigureNWx.ps1, and then click Edit.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L4-45
4.
When the file ConfigureNWx.ps1 opens in Windows PowerShell ISE, review the Windows PowerShell script to see how network virtualization is configured. Review the variables, which are defined at the start of the script.
5.
In Windows PowerShell ISE, on the toolbar, click Run Script, or press F5. If you run the script on LON-HOST1, enter the index number of your physical server network adapter and the index number of your partner physical server network adapter that were recorded earlier.
Task 4: Test Hyper-V network virtualization 1.
On LON-HOSTx, in Windows PowerShell ISE, in the console (lower pane), run the following cmdlet: Get-NetVirtualizationLookupRecord
2.
Verify that the output shows that virtualization records have been created for the IP addresses of LON-PRODx and LON-TESTx virtual machines.
3.
In Windows PowerShell ISE, in the console, run following cmdlet: Get-NetVirtualizationCustomerRoute
4.
Verify that the output shows that one virtualization route is defined for the 10.0.0.0/24 subnet, and with a VirtualizationSubnetID value of either 5001 or 6001. Note: Only the student who is using LON-HOST1 will perform steps 5 to 8.
5.
In Windows PowerShell ISE, in the console, run the following cmdlet: Get-VMNetworkAdapter –VMName 20409B-LON-PROD1 | fl
6.
Confirm that the VirtualSubnetId property value is 5001, which was configured by the Windows PowerShell script.
7.
On LON-PROD1, in Windows PowerShell, run the following three commands: ping 10.0.0.16 ping 10.0.0.25 ping 10.0.0.26
8.
Verify that four replies are returned only from IP 10.0.0.25.
Note: This confirms that LON-PROD1 has connectivity with LON-PROD2, but it does not have connectivity with LON-TEST1 and LON-TEST2, because those virtual machines are on a different virtual network (which is sharing the same physical network. Note: Only the student who is using LON-HOST2 performs steps 9 to 12. 9.
In Windows PowerShell ISE, in the console, run the following cmdlet: Get-VMNetworkAdapter –VMName 20409B-LON-TEST2 | fl
10. Confirm that the property VirtualSubnetId has a value 6001, which you configured with the Windows PowerShell script.
11. On LON-TEST2, in Windows PowerShell, run the following three commands: ping 10.0.0.15 ping 10.0.0.16 ping 10.0.0.25
12. Verify that four replies are returned from IP 10.0.0.16. Note: This confirms that LON-TEST2 has connectivity with LON-TEST1, but it does not have connectivity with LON-PROD1 and LON-PROD2 computers. This is because they are on a different virtual network (which is sharing the same physical network.
Task 5: Remove Hyper-V network virtualization
MCT USE ONLY. STUDENT USE PROHIBITED
L4-46 Creating and Configuring Virtual Machine Networks
1.
On LON-HOSTx, on the desktop, on the taskbar, click File Explorer.
2.
In the This PC window, in the navigation pane, expand Local Disk (C:), expand LabFiles, and then click Mod04.
3.
In details pane, right-click RemoveNWx.ps1, and then click Edit.
4.
When the file RemoveNWx.ps1 opens in Windows PowerShell ISE, on the toolbar, click Run Script, or press F5. If you run the script on LON-HOST1, enter the index number of your physical server network adapter and the index number of your partner’s physical server network adapter that you recorded earlier. Note: Running this script removes network virtualization.
5.
After network virtualization is removed, confirm network connectivity between the virtual machines by performing the following steps: a.
If you are using LON-HOST1, confirm that LON-PROD1 has connectivity with LON-TEST1, LON-PROD2. and LON-TEST2 by running the following three commands: ping 10.0.0.16 ping 10.0.0.25 ping 10.0.0.26
b.
If you are using LON-HOST2, confirm that LON-TEST2 has connectivity with LON-PROD1, LON-TEST1, and LON-PROD2by running the following three commands: ping 10.0.0.15 ping 10.0.0.16 ping 10.0.0.25
Results: After completing this exercise, you should have configured Hyper-V network virtualization.
MCT USE ONLY. STUDENT USE PROHIBITED L5-47
Module 5: Virtual Machine Movement and Hyper-V Replica
Lab A: Moving Virtual Machine and Configuring Constrained Delegation Exercise 1: Moving Hyper-V Storage and Virtual Machines Task 1: Move virtual machine storage by using the Move Wizard Note: Before starting with this lab, run the C:\Labfiles\Mod05\Mod05setup.ps1 script to prepare environment for the lab. 1.
On LON-HOSTx, in Hyper-V Manager, right-click LON-MOVE1, and then click Settings.
2.
In Settings for LON-MOVE1, under IDE Controller 0, click Hard Drive. Confirm that it is using the LON-MOVE1.vhdx VHD that is stored locally, and then click OK.
3.
In Hyper-V Manager, right-click LON-MOVE1, and then click Move.
4.
In the Move “LON-MOVE1” Wizard, on the Before You Begin page, click Next.
5.
On the Choose Move Type page, select the Move the virtual machine’s storage option, and then click Next.
6.
On the Choose Options for Moving Storage page, select the Move only the virtual machine’s virtual hard disks option, and then click Next.
7.
On the Select Items to Move page, confirm that disk LON-MOVE1.vhdx is selected, and then click Next.
8.
On the Choose a new location for attached virtual hard disk page, in the Folder text box, type \\LON-HOSTy\VHDs\LON-MOVE1, and then click Next.
9.
On the Completing Move Wizard page, click Finish. Note: Because the VHD is dynamically expanding and is small, the move occurs quickly.
10. In Hyper-V Manager, right-click LON-MOVE1, and then click Settings. 11. In Settings for LON-MOVE1, under IDE Controller 0, click Hard Drive. Confirm that LON-MOVE1.vhdx is stored on a network share. Note: This confirms that the VHD was moved while the virtual machine was running. 12. In Settings for LON-MOVE1, under Management, click Checkpoint File Location. Confirm that checkpoints are stored locally, that you cannot change the location, and then click OK. 13. In Hyper-V Manager, right-click LON-MOVE1, and then click Move. 14. In the Move “LON-MOVE1” Wizard, on the Before You Begin page, click Next.
15. On the Choose Move Type page, select the Move the virtual machine’s storage option, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-48 Virtual Machine Movement and Hyper-V Replica
16. On the Choose Options for Moving Storage page, select the Move the virtual machine’s data to different locations option, and then click Next. 17. On the Select Items to Move page, review the items that can be moved. Click Clear All, select the Checkpoints check box, and then click Next. 18. On the Choose a new location for checkpoints page, in the Folder text box, type \\LON-HOSTy \VHDs\LON-MOVE1, and then click Next. 19. On the Completing Move Wizard page, click Finish. Note: Because the checkpoint has a small differencing VHD, the move occurs quickly. 20. In Hyper-V Manager, right-click LON-MOVE1, and then click Settings.
21. In Settings for LON-MOVE1, click Checkpoint File Location. Confirm that checkpoints are stored on the network share, and that they were moved while virtual machine was running, and then click OK.
Task 2: Move virtual machine storage by using Windows PowerShell 1.
On LON-HOSTx, in Hyper-V Manager, right-click LON-MOVE2, and then click Settings.
2.
In Settings for LON-MOVE2, under IDE Controller 0, click Hard Drive.
3.
Confirm that the hard drive is using the LON-MOVE2.vhdx VHD, and that the VHD is stored locally.
4.
In Settings for LON-MOVE2, click Checkpoint File Location. Confirm that checkpoints are stored locally and that you cannot change the location, and then click OK.
5.
In Windows PowerShell, move LON-MOVE2 storage by running following cmdlet: Move-VMStorage –VMName LON-MOVE2 –DestinationStoragePath \\LON-HOSTy\VHDs\LON-MOVE2
6.
Confirm that storage was moved successfully by running following cmdlet: Get-VM LON-MOVE2 | Select Name, Path, SnapshotFileLocation
7.
In Hyper-V Manager, right-click LON-MOVE2, and then click Settings.
8.
In Settings for LON-MOVE2, under IDE Controller 0, click Hard Drive, and then confirm that LON-MOVE2.vhdx is now stored on a network share. Note: Notice that the VHD was moved while virtual machine is running.
9.
Under IDE Controller 0, click Checkpoint File Location.
10. Confirm that checkpoints are stored on the network share and that they were moved while virtual machine was running, and then click OK.
Task 3: Configure Hyper-V host for live migration 1.
On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Move.
2.
In the Move “20409B-LON-PRODx” Wizard, on the Before You Begin page, click Next.
3.
On the Choose Move Type page, confirm that Move the virtual machine is selected, and then click Next.
4.
When the Move Wizard error dialog box opens, click Close.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L5-49
Note: This dialog box opens because this computer is not configured for live migration. 5.
In the Move “20409B-LON-PRODx” Wizard, click Cancel.
6.
In Hyper-V Manager, in the Actions pane, click Hyper-V Settings.
7.
In Hyper-V Settings, in the left pane, click Live Migrations.
8.
In the right pane, in the Live Migrations section, click Enable incoming and outgoing live migrations.
9.
In Hyper-V Settings, select the option for incoming live migration to Use any available network for live migration.
10. In the left pane, expand Live Migrations, click Advanced Features, and select Use Kerberos to be used as Authentication Protocol. 11. After reviewing the settings, click OK.
12. In Hyper-V Manager, in the navigation pane, right-click Hyper-V Manager, and then click Connect to Server.
13. In the Select Computer dialog box, in the Another computer text box, type LON-HOSTy, and then click OK. 14. Verify that LON-HOSTy is now added to the Hyper-V Manager navigation pane. Note: Live migration must be enabled on both LON-HOSTx machines before you can continue with the lab. Ensure that your partner has finished this task before you continue.
Task 4: Move a virtual machine by using Live Migration 1.
On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Settings.
2.
In Settings for 20409B-LON-PRODx, under IDE Controller 0, click Hard Drive.
3.
Confirm that it is using 20409B-LON-PRODx.vhd VHD, and that the VHD is stored locally.
4.
Click Checkpoint File Location. Confirm that checkpoints are stored locally, and then click OK.
5.
On LON-PRODx, open Windows PowerShell, run the following command to ping LON-PRODy, which is running on your partner Hyper-V host: ping –t 10.0.0.y5
6.
On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Move.
7.
In the Move “20409B-LON-PRODx” Wizard, on the Before You Begin page, click Next.
8.
On the Choose Move Type page, confirm that Move the virtual machine is selected, and then click Next.
9.
On the Specify Destination Computer page, in the Name text box, type LON-HOSTy, and then click Next.
10. On the Choose Move Options page, confirm that the Move the virtual machine’s data to a single location option is selected, and then click Next. 11. On the Choose a new location for virtual machine page, in the Folder text box, type C:\Moved\LON-PRODx, and then click Next. 12. On the Completing Move Wizard page, click Finish.
Note: This will start moving the running virtual machine and performing the live migration. You can monitor the progress of the live migration in Hyper-V Manager, in the Status column. Here you can also see that LON-PRODx is able to ping LON-PRODy throughout the live migration.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-50 Virtual Machine Movement and Hyper-V Replica
13. After live migration completes, in Hyper-V Manager, confirm that LON-PRODx is no longer running on LON-HOSTx. 14. In Hyper-V Manager, in the navigation pane, click LON-HOSTy. 15. In Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Settings.
16. In Settings for 20409B-LON-PRODx, under IDE Controller 0, click Hard Drive, and then confirm that it is using the C:\Moved\LON-PRODx\Virtual Hard Disks\20409B-LON-PRODx.vhd VHD. 17. In Settings for LON-PRODx, click Checkpoint File Location, confirm that checkpoints are stored in the C:\Moved\LON-PRODx folder, and then click OK. 18. In Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Move. 19. In the Move “20409B-LON-PRODx” Wizard, on the Before You Begin page, click Next.
20. On the Choose Move Type page, confirm that Move the virtual machine is selected, and then click Next. 21. On the Specify Destination Computer page, in the Name field, type LON-HOSTx, and then click Next.
22. On the Choose Move Options page, confirm that the Move the virtual machine’s data to a single location option is selected, and then click Next. 23. On the Choose a new location for virtual machine page, in the Folder field, type C:\Moved \LON-PRODx, and then click Next. 24. On the Completing Move Wizard page, click Finish.
25. When the Move Wizard error dialog box displays, review the text explaining that there was an error during the move operation. Note: The error occurs because you are managing a remote Hyper-V host, which is not allowed to delegate your permissions.
Task 5: Configure constrained delegation 1.
On LON-HOSTx, open Windows PowerShell.
2.
Install Active Directory administrative tools by running the following Windows PowerShell cmdlet: Install-WindowsFeature RSAT-AD-AdminCenter
3.
On the Start screen, search for and start Active Directory Users and Computers.
4.
In Active Directory Users and Computers, in the navigation pane, expand Adatum.com, and then click Computers.
5.
In the details pane, right-click LON-HOSTy, and then click Properties.
6.
In the LON-HOSTy Properties dialog box, click the Delegation tab.
7.
On the Delegation tab, click Trust this computer for delegation to specified services only, and then click Add.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L5-51
8.
In Add Services, click Users or Computers, in the Enter the objects to select text box, type LON-HOSTx, and then click OK.
9.
In Add Services, select both cifs and Microsoft Virtual System Migration Services service types, and then click OK.
10. In the LON-HOSTy Properties dialog box, on the Delegation tab, confirm that both service types are listed, and then click OK. 11. Close Active Directory Users and Computers. 12. In Windows PowerShell, purge cached Kerberos tickets on LON-HOSTy to immediately apply changes by running the following command: winrs -r:LON-HOSTy klist -lh 0 -li 0x3e7 purge
Task 6: Run live migration from Windows PowerShell 1.
On LON-HOSTx, in Windows PowerShell, move LON-PRODx to your Hyper-V host by running the following cmdlet: Move-VM –Name 20409B-LON-PRODx –DestinationHost LON-HOSTx –ComputerName LON-HOSTy -DestinationStoragePath C:\Moved\LON-PRODx
2.
When live migration starts, in Hyper-V Manager, view the Status column to monitor migration progress.
3.
After migration finishes, in Hyper-V Manager, confirm that 20409B-LON-PRODx is no longer running on LON-HOSTy.
4.
In Hyper-V Manager, in the navigation pane, click LON-HOSTx.
5.
In Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Settings.
6.
In Settings for 20409B-LON-PRODx, under IDE Controller 0, click Hard Drive, and confirm that it is using the C:\Moved\LON-PRODx\Virtual Hard Disks\20409B-LON-PRODx.vhd VHD.
7.
In Settings for 20409B-LON-PRODx, click Checkpoint File Location, confirm that the checkpoints are stored in the C:\Moved\LON-PRODx folder, and then click OK. Note: Leave the virtual machines running for the next lab.
Results: After completing this exercise, you should have moved Hyper-V storage and virtual machines.
Lab B: Configuring and Using Hyper-V Replica Exercise 1: Configuring and Managing Hyper-V Replica Task 1: Configure Hyper-V host for incoming replication
MCT USE ONLY. STUDENT USE PROHIBITED
L5-52 Virtual Machine Movement and Hyper-V Replica
1.
On LON-HOSTx, in Hyper-V Manager, in the navigation pane, click LON-HOSTy.
2.
In Hyper-V Manager, in the Actions pane, click Hyper-V Settings.
3.
In Hyper-V Settings for LON-HOSTy, in the left pane, click Replication Configuration. In the right pane, in the Replication Configuration section, click both Enable this computer as a Replica server, and Use Kerberos (HTTP).
4.
Select Allow replication from any authenticated server.
5.
In the Specify the default location to store Replica files text box, type C:\shares\replicated, and then click OK.
6.
In the Settings dialog box, click OK.
7.
On the Start screen, search for and start mmc.
8.
In Console1, in the File menu, click Add/Remove Snap-in.
9.
In Add or Remove Snap-ins, click Windows Firewall with Advanced Security. In the Available Snap-ins section, click Add, and then click Another computer. In the Another computer text box, type LON-HOSTy, click Finish, and then click OK.
10. In Console1, in the navigation pane, expand Windows Firewall with Advanced Security, and then click Inbound Rules.
11. In the details pane, right-click Hyper-V Replica HTTP Listener (TCP In), and then click Enable Rule. 12. Close Console1, and in the Microsoft Management dialog box, click No.
Task 2: Enable virtual machine replication 1.
On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-TESTx, and then click Settings.
2.
In LON-TESTx Settings, in the navigation pane on the left, expand Network Adapter, and confirm that the two nodes Hardware Acceleration and Advanced Features display.
3.
In LON-TESTx Settings, in the navigation pane, confirm that there are six settings in the Management section, and that Replication is not one of available settings, and then click OK.
4.
In LON-TESTx, open a Command Prompt window, and confirm that the virtual machine has an IPv4 address of 10.0.0.x6.
5.
In Hyper-V Manager, right-click LON-TESTx, and then click Enable Replication.
6.
In Enable Replication for LON-TESTx, on the Before You Begin page, click Next.
7.
On the Specify Replica Server page, in the Replica server text box, type LON-HOSTy, and then click Next.
8.
On the Specify Connection Parameters page, confirm that Use Kerberos authentication (HTTP) is selected, that Compress the data that is transmitted over the network is enabled, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L5-53
9.
On the Choose Replication VHDs page, confirm that LON-TESTx VHD is selected, and then click Next.
10. On the Configure Replication Frequency page, in the drop-down list box, click 30 seconds, and then click Next.
11. On the Configure Additional Recovery Points page, click Create additional hourly recovery points, in the Coverage provided by additional recovery point (in hours) text box, type 10, and then click Next.
12. On the Choose initial Replication Method page, confirm that both the Send initial copy over the network and Start replication immediately options are selected, and then click Next. 13. On the Completing the Enable Replication wizard page, click Finish. 14. In Hyper-V Manager, in the navigation pane, click LON-HOSTy.
15. Confirm that 20409B-LON-TESTx is one of the virtual machines on LON-HOSTy, and that it is in the Off state. 16. In Hyper-V Manager, right-click 20409B-LON-TESTx, click Replication, and then click View Replication Health. 17. In Replication Health for “20409B-LON-TESTx”, review Replication Health. Note: Because initial replication is most likely not yet completed, the, Replication Health is in the Warning state. 18. In Replication Health for “LON-TESTx”, click Close. 19. In Hyper-V Manager, right-click 20409B-LON-TESTx, and then click Settings.
20. In 20409B-LON-TESTx Settings, in the navigation pane, expand Network Adapter, and confirm that two new nodes that were not present before, Failover TCP/IP and Test Failover, now display. 21. In 20409B-LON-TESTx Settings, in the navigation pane, confirm that there are now seven settings in the Management section, including Replication, which was not present before, and then click OK.
22. In Windows PowerShell, review replication settings and status by running the following cmdlets, and pressing Enter at the end of each line: Get-VMReplication –VMName 20409B-LON-TESTx Measure-VMReplication –VMName 20409B-LON-TESTx
23. In Hyper-V Manager, right-click 20409B-LON-TESTx, click Replication, and then click View Replication Health. 24. In Replication Health for “20409B-LON-TESTx”, review Replication Health, and then click Close. Note: If initial replication has finished, Replication Health will display as Normal.
Task 3: Test Hyper-V Replica failover 1.
On LON-HOSTx, in Hyper-V Manager, in the navigation pane, verify that LON-HOSTy is selected. Right-click 20409B-LON-TESTx, and then click Settings.
2.
In 20409B-LON-TESTx Settings, in the navigation pane, expand Network Adapter, and then click Failover TCP/IP.
3.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-54 Virtual Machine Movement and Hyper-V Replica
In 20409B-LON-TESTx Settings, in the details pane, click Use the following IPv4 address scheme for the virtual machine, enter the following settings, and then click Apply: o
IPv4 Address: 192.168.10.15
o
Subnet Mask: 255.255.255.0
o
Default gateway: 192.168.10.1
o
Preferred DNS server: 192.168.10.100
4.
In 20409B-LON-TESTx Settings, in the navigation pane, click Test Failover.
5.
In the details pane for Virtual switch, click Private Switch, and then click OK. Note: If initial replication of LON-TESTx has not yet finished, wait until it finishes.
6.
In Hyper-V Manager, right-click 20409B-LON-TESTx, click Replication, and then click Test Failover.
7.
In Test Failover, click Test Failover.
Note: A checkpoint for 20409B-LON-TESTx is created, and a new virtual machine named LON-TESTx – Test is created. 8.
In Hyper-V Manager, right-click 20409B-LON-TESTx – Test, and then click Settings.
9.
In Settings for 20409B-LON-TESTx, click Network Adapter, confirm that it is connected to Private Switch, and then click OK.
10. In Hyper-V Manager, right-click 20409B-LON-TESTx – Test, and then click Start. 11. Double-click LON-TESTx -Test. Verify that the virtual machine connection to LON-TESTx – Test opens. 12. On LON-TESTx - Test, sign in as Administrator with the password Pa$$w0rd. Click Cancel in Shutdown Event Tracker. 13. On LON-TESTx - Test, on the Start screen, search for and open Command Prompt. 14. In the Command Prompt window, type ipconfig, and then press Enter. 15. Confirm that IP configuration is the same as you configured in Failover TCP/IP for 20409B-LON-TESTx.
16. On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-TESTx, click Replication, and then click Stop Test Failover. 17. In Stop Test Failover, click Stop Test Failover. 18. In Virtual Machine Connection, click Exit.
19. Confirm that both the 20409B-LON-TESTx – Test virtual machine and the 20409B-LON-TESTx virtual machine checkpoint have been deleted.
Task 4: Perform a planned failover 1.
On LON-HOSTx, in Hyper-V Manager, in the navigation pane, click LON-HOSTx.
2.
In Hyper-V Manager, double click 20409B-LON-TESTx.
3.
In LON-TESTx, right-click the desktop, click New, click Folder, and then name the folder Current State.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L5-55
4.
In Hyper-V Manager, right-click 20409B-LON-TESTx, click Replication, and then click Planned Failover.
5.
In Planned Failover, confirm that Start the Replica virtual machine after failover is selected, and then click Fail Over.
Note: The Planned Failover error displays because the virtual machine is not prepared for planned failover. 6.
In Planned Failover, click Close, and then click Cancel.
7.
On LON-TESTx, press the Windows key+X, click Shut down or sign out, click Shut down and then click Continue.
8.
In Hyper-V Manager, right-click 20409B-LON-TESTx, click Replication, and then click Planned Failover.
9.
In Planned Failover, confirm that Start the Replica virtual machine after failover is selected, and then click Fail Over.
10. In Hyper-V Manager, in the navigation pane, click LON-HOSTy. Confirm that 20409B-LON-TESTx is in the Running state. 11. Double-click 20409B-LON-TESTx, and sign in as Administrator with the password Pa$$w0rd. 12. On LON-TESTx, confirm that a folder named Current State displays on the desktop. Note: With planned failover, all changes from the primary virtual machine are replicated. 13. Right-click the desktop, click New, click Folder, and then name the folder Planned Failover. 14. In Hyper-V Manager, right-click 20409B-LON-TESTx, click Replication, and then click Reverse Replication.
15. In the Reverse Replication Wizard for 20409B-LON-TESTx, click Next five times, and then click Finish. 16. On LON-TESTx, press the Windows key+X, click Shut down or sign out, click Shut down and then click Continue. 17. In Hyper-V Manager, verify that 20409B-LON-TESTx is in the Off state. 18. Right-click 20409B-LON-TESTx, click Replication, and then click Planned Failover.
19. In Planned Failover, confirm that Start the Replica virtual machine after failover is selected, and then click Fail Over. 20. In Hyper-V Manager, in the navigation pane, click LON-HOSTx. Confirm that the 20409B-LON-TESTx state is Running.
21. In Hyper-V Manager, double-click 20409B-LON-TESTx. Verify that a virtual machine connection to 20409B-LON-TESTx opens. 22. On LON-TESTx, sign in as Administrator with the password Pa$$w0rd.
23. On LON-TESTx, confirm that two folders named Current State and Planned Failover display on the desktop.
24. In Hyper-V Manager, right-click 20409B-LON-TESTx, select Replication and then select Remove Replication. In the Remove Replication dialog box, click Remove Replication. 25. In Hyper-V Manager, in the navigation pane, click LON-HOSTy. Right-click 20409B-LON-TESTx, select Delete and in the Delete Selected Virtual Machine dialog box, select Delete. 26. In Hyper-V Manager, in the navigation pane, click LON-HOSTx.
Results: After completing this exercise, you should have configured and managed Hyper-V Replica.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-56 Virtual Machine Movement and Hyper-V Replica
MCT USE ONLY. STUDENT USE PROHIBITED L6-57
Module 6: Implementing Failover Clustering with Hyper-V
Lab: Implementing Failover Clustering with Hyper-V Exercise 1: Creating a Hyper-V Failover Cluster Task 1: Create an Internet small computer system interface (iSCSI) target 1.
On LON-HOSTx, in Server Manager, in the navigation pane, right-click All Servers, and then click Add Servers.
2.
In Add Servers, in the Name (CN) text box, type LON-SS1, click Find Now, click LON-SS1, click the right arrow to add LON-SS1 to the Selected section, and then click OK.
3.
In Server Manager, in the navigation pane, click File and Storage Services.
4.
In File and Storage Services, in the SERVERS section, click LON-SS1, and then click iSCSI.
5.
In the iSCSI VIRTUAL DISKS section, click TASKS, and then click New iSCSI Virtual Disk.
6.
In New iSCSI Virtual Disk Wizard, on the Select iSCSI virtual disk location page, click E, and then click Next.
7.
On the Specify iSCSI virtual disk name page, in the Name text box, type Diskx1, and then click Next.
8.
On the Specify iSCSI virtual disk size page, in the Size text box, type 10, click Dynamically expanding, and then click Next.
9.
On the Assign iSCSI target page, click New iSCSI target, and then click Next.
10. On the Specify target name page, in the Name text box, type Lab6-Hostx, and then click Next. 11. On the Specify access servers page, click Add.
12. In the Select a method to identify the initiator dialog box, click Browse, type LON-HOST1, and then click OK twice. 13. On the Specify access servers page, click Add.
14. In the Select a method to identify the initiator dialog box, click Browse, type LON-HOST2, click OK twice, and then click Next. 15. On the Enable Authentication page, click Next. 16. On the Confirm selections page, click Create. 17. On the View Results page, click Close. 18. On LON-HOSTx, open Windows PowerShell. 19. In Windows PowerShell, create two new virtual disks and add them to the Lab6-Hostx target by typing the following cmdlets, and pressing Enter at the end of each line:
New-IscsiVirtualDisk –Path E:\iSCSIVirtualDisks\Diskx2.vhdx –Size 10GB –ComputerName LON-SS1 New-IscsiVirtualDisk –Path E:\iSCSIVirtualDisks\Diskx3.vhdx –Size 15GB –ComputerName LON-SS1 Add-IscsiVirtualDiskTargetMapping –TargetName Lab6-Hostx –Path E:\iSCSIVirtualDisks\Diskx2.vhdx -ComputerName LON-SS1 Add-IscsiVirtualDiskTargetMapping –TargetName Lab6-Hostx –Path E:\iSCSIVirtualDisks\Diskx3.vhdx -ComputerName LON-SS1
MCT USE ONLY. STUDENT USE PROHIBITED
L6-58 Implementing Failover Clustering with Hyper-V
20. In Server Manager, on the toolbar, click the Refresh icon. Confirm that virtual disks Diskx2.vhdx and Diskx3.vhdx display, and are mapped to the Lab6-Hostx target. Note: Although both students created an iSCSI target, only the Lab6-Host1 iSCSI target will be used for creating the failover cluster.
Task 2: Connect to an iSCSI target and create volumes 1.
On LON-HOSTx, in Server Manager, click Tools, and then click iSCSI Initiator.
2.
On the Targets tab, select the existing target, and then click Disconnect. If prompted, click Yes.
3.
In the iSCSI Initiator Properties dialog box, in the Target text box, type LON-SS1, and then click Quick Connect.
4.
In Quick Connect, click the Discovered target with Lab6-Host1 in the name, click Connect, click Done, and then click OK.
5.
On LON-HOSTx, in Server Manager, in the Tools menu, click Computer Management.
6.
In Computer Management, in the navigation pane, click Disk Management. In the details pane, confirm that three disks are added, that they have size of 10 GB, 10 GB, and 15 GB, and that they are all Offline. Notice that these are the virtual disks that you just added on the iSCSI target.
7.
On LON-HOST1, in Computer Management, right-click Disk 3, and then click Online.
8.
Right-click Disk 4, and then click Online.
9.
Right-click Disk 5, and then click Online.
10. Right-click Disk 3, and then click Initialize Disk. 11. In Initialize Disk, confirm that all three disks are selected, and then click OK.
12. Right-click unallocated space on Disk 3, click New Simple Volume, click Next four times, and then click Finish. 13. Right-click unallocated space on Disk 4, click New Simple Volume, click Next four times, and then click Finish. 14. Right-click unallocated space on Disk 5, click New Simple Volume, click Next four times, and then click Finish. Note: Perform step 15 only on LON-HOST2. Replace the x with the disk number allocated to the new disks. 15. Perform following steps on the LON-HOST2 computer: a.
In Computer Management, in the navigation pane, right-click Disk Management, and then click Refresh.
b.
In Computer Management, right-click Disk x, and then click Online.
c.
In Computer Management, right-click Disk x, and then click Online.
d.
In Computer Management, right-click Disk x, and then click Online.
e.
Confirm that all three disks have volumes that allocate all the space.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L6-59
Task 3: Extend iSCSI logical units online 1.
On LON-HOST1, in Server Manager, confirm that iSCSI is selected.
2.
In details pane, right-click E:\iSCSIVirtualDisks\Diskx1.vhdx, and then click Extend iSCSI Virtual Disk.
3.
In the Extend iSCSI Virtual Disk dialog box, in the New size text box, type 15, and then click OK.
4.
On LON-HOST1, in Computer Manager in the navigation pane, right-click Disk Management, and then click Refresh.
5.
In the details pane, notice that the disk is extended with 5 GB of unallocated space.
6.
Right-click the partition on the disk, and then click Extend Volume.
7.
In the Extend Volume Wizard, click Next two times, and then click Finish.
8.
In Disk Management, in the details pane, confirm that the partition is expanded to 15 GB. Notice that you expanded it while it was online, while it was in use.
Task 4: Install the Failover Clustering feature 1.
On LON-HOSTx, in Server Manager, on the Manage menu, click Add Roles and Features.
2.
In the Add Roles and Features Wizard, on the Before you begin page, click Next.
3.
On the Select installation type page, click Next.
4.
On the Select destination server page, click LON-HOSTx.Adatum.com, and then click Next.
5.
On the Select server roles page, click Next.
6.
On the Select features page, click Failover Clustering, click Add Features, and then click Next.
7.
On the Confirm installation selections page, click Install.
8.
Click Close to close the Add Roles and Features Wizard. Note: Both students should finish with this task before you continue.
Task 5: Create a failover cluster Note: Perform this task only on LON-HOST1. 1.
On LON-HOST1, in Server Manager, on the Tools menu, click Failover Cluster Manager.
2.
In the Failover Cluster Manager, in the Actions pane, click Create Cluster.
3.
In the Create Cluster Wizard, on the Before You Begin page, click Next.
4.
On the Select Servers page, in the Enter server name text box, type LON-HOST1, and then click Add. After the server is added, in the Enter server name text box, type LON-HOST2, click Add, and then click Next.
5.
On the Validation Warning page, click Next.
6.
In the Validate a Configuration Wizard, on the Before You Begin page, click Next.
7.
On the Testing Options page, click Next.
8.
On the Confirmation page, click Next. Notice that during the validation process, several problems with the drives are reported.
9.
After all validation tests are performed, view the validation report, and then click Finish.
10. On the Access Point for Administering the Cluster page, in the Cluster Name text box, type LON-CLUST, and then click Next. 11. On the Confirmation page, click Next. 12. On the Summary page, view the report, and then click Finish. 13. In Server Manager, on the Tools menu, click Active Directory Users and Computers.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-60 Implementing Failover Clustering with Hyper-V
14. In Active Directory Users and Computers, in navigation pane, expand the Adatum.com domain, click the Computers container, and confirm that it contains computer accounts for LON-HOST1, LON-HOST2, and LON-CLUST, which was added when you created the failover cluster. 15. Close Active Directory Users and Computers.
Task 6: Add a Cluster Shared Volume (CSV) 1.
On LON-HOSTx, open File Explorer, and confirm that on Local Disk (C:), in the details pane, the ClusterStorage folder displays. Double-click the ClusterStorage folder and confirm that the folder is empty.
2.
From Server Manager, open Failover Cluster Manager, if necessary.
3.
In Failover Cluster Manager, in the navigation pane, expand LON-CLUST.Adatum.com, expand Storage, and then click Disks.
4.
Verify that you see three disks.
5.
In the details pane, right-click the first Cluster Disk with Available Storage status if you are on LON-HOST1 or the second Cluster Disk with Available Storage status if you are on LON-HOST2, and then click Add to Cluster Shared Volumes.
6.
In File Explorer, confirm that now the ClusterStorage folder contains mounted volumes for Volume1 and Volume2, which were added when you and your partner added disks to the CSV.
7.
Double-click Volumex, and create a new text document with your name in the folder.
8.
In the File Explorer address bar, click ClusterStorage, in the details pane, double-click Volumey, and confirm that it contains file with your partner’s name.
Note: If file with your partner’s name is not in the C:\ClusterStorage\Volumey folder, wait until your partner creates a file.
Results: After completing this exercise, you should have created a Hyper-V failover cluster.
Exercise 2: Managing a Hyper-V Failover Cluster Task 1: Configure virtual hard disk sharing 1.
On LON-HOSTx, open Windows PowerShell.
2.
In Windows PowerShell, create two virtual hard disks, one on local storage and one on CSV, by running following cmdlets: New-VHD –Path C:\Shares\HDD1x.vhdx -SizeBytes 10GB –Dynamic New-VHD –Path C:\ClusterStorage\Volumex\HDD2x.vhdx -SizeBytes 10GB –Dynamic
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L6-61
3.
Add the virtual hard disks that you created, to the 20409B-LON-PRODx virtual machine by running following cmdlets: Add-VMHardDiskDrive –VMName 20409B-LON-PRODx –ControllerType SCSI –Path C:\Shares\HDD1x.vhdx Add-VMHardDiskDrive –VMName 20409B-LON-PRODx –ControllerType SCSI –Path C:\ClusterStorage\Volumex\HDD2x.vhdx
4.
If the 20409B-LON-PRODx virtual machine is running, turn it off.
Note: You cannot modify virtual hard disk sharing settings while the virtual machine is running. 5.
On LON-HOSTx, in Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Settings.
6.
In Settings, confirm that 20409B-LON-PRODx has two hard disks listed under SCSI Controller: HDD1x.vhdx, and HDD2x.vhdx.
7.
In LON-PRODx Settings, in the navigation pane, expand HDD1x.vhdx, and then click Advanced Features.
8.
In details pane, select the Enable virtual hard disk sharing check box, and then click Apply.
Note: The Error applying Hard Disk Drive changes message displays, because local storage where HDD1x.vhdx is located does not support virtual hard disk sharing. 9.
In the Error pop-up window, click Close, and then in the details pane, clear the Enable virtual hard disk sharing check box.
10. In the navigation pane, expand HDD2x.vhdx, and then click Advanced Features. 11. In the details pane, click Enable virtual hard disk sharing, and then click OK. Note: This time you do not get any error, because the virtual hard disk is stored on a CSV. 12. Ensure that 20409B-LON-TESTx is turned off. 13. In Windows PowerShell, add HDD2x.vhdx to LON-TESTx by running the following cmdlet: Add-VMHardDiskDrive –VMName 20409B-LON-TESTx –ControllerType SCSI –Path C:\ClusterStorage\Volumex\HDD2x.vhdx
14. In Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Start. 15. Right-click 20409B-LON-TESTx, and then click Start. Note: You will get an error message, because the virtual machine is already using HDD2x.vhdx. 16. In the error message pop-up window, click Close. 17. In Hyper-V Manager, right-click 20409B-LON-TESTx, and then click Settings.
18. In Settings for 20409B-LON-TESTx, in the navigation pane, expand HDD2x.vhdx, and then click Advanced Features. 19. In the details pane, click Enable virtual hard disk sharing, and then click OK. 20. Right-click 20409B-LON-TESTx, and then click Start. Note: Notice that this time LON-TESTx starts without an error, because it is configured with virtual hard disk sharing.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-62 Implementing Failover Clustering with Hyper-V
21. Sign in to both the LON-TESTx and LON-PRODx computers, open Disk Management, and confirm that a shared virtual hard disk is available as shared storage to both computers. 22. In Hyper-V Manager, right-click 20409B-LON-PRODx, and then click Settings.
23. In Settings for 20409B-LON-PRODx, in the navigation pane, select HDD1x.vhdx under SCSI Controller and click Remove. Select HDD2x.vhdx under SCSI Controller, click Remove and then click OK. 24. In Hyper-V Manager, right-click 20409B-LON-TESTx, and then click Settings. 25. In Settings for 20409B-LON-TESTx, in the navigation pane, select HDD2x.vhdx under SCSI Controller, click Remove and then click OK.
Task 2: Create a highly available virtual machine 1.
On LON-HOSTx, in the Failover Cluster Manager, in the navigation pane, right-click Roles, click Virtual Machines, and then click New Virtual Machine.
2.
In New Virtual Machine, click LON-HOSTx, and then click OK.
3.
In the New Virtual Machine Wizard, on the Before You Begin page, click Next.
4.
On the Specify Name and Location page, in the Name text box, type LON-HAx. Click Store the virtual machine in a different location, in the Location text box, type C:\ClusterStorage \Volumex\, and then click Next.
5.
On the Specify Generation page, confirm that Generation 1 is selected, and then click Next.
6.
On the Assign Memory page, select the Use Dynamic Memory for this virtual machine check box, and then click Next four times.
7.
On the Competing the Virtual Machine Wizard page, click Finish. Note: The LON-HAx virtual machine is created.
8.
In the High Availability Wizard, on the Summary page, click Finish.
9.
On LON-HOSTx, in Windows PowerShell, add the virtual machine cluster role by running the following cmdlet: Add-ClusterVirtualMachineRole –VMName “20409B-LON-CLx”
10. In the Failover Cluster Manager, confirm that LON-HAx and 20409B-LON-CLx are listed as Roles.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L6-63
Task 3: Configure a highly available virtual machine 1.
On LON-HOSTx, in the Failover Cluster Manager, right-click LON-HAx, click Change Startup Priority, and then click Low.
2.
Right-click LON-HAx, and then click Properties.
3.
In the LON-HAx Properties dialog box, on the General tab, confirm that the virtual machine is configured with the Priority value Low. In the Preferred Owners section, click LON-HOSTx.
Note: Notice that in this section you can order the preferred ownership for the cluster service. 4.
In the LON-HAx Properties dialog box, click the Failover tab. In the Maximum failures in the specified period text box, type 2, in the Period text box, type 3, and then click OK.
5.
In Failover Cluster Manager, with LON-HAx selected, click the Resources tab.
6.
On the Resources tab, right-click Virtual Machine LON-HAx, and then click Properties.
7.
In the Virtual Machine LON-HAx Properties dialog box, click the Policies tab. In the Period for restarts (mm:ss) text box, type 10:00.
8.
Click the Advanced Policies tab, and confirm that LON-HOST1 and LON-HOST2 are selected as Possible Owners.
9.
Click the Settings tab, confirm that heartbeat monitoring is enabled for LON-HAx, and then click OK.
Task 4: Configure virtual machine monitoring 1.
On LON-HOSTx, in Windows PowerShell, add a virtual machine cluster role by running the following cmdlet: Add-ClusterVirtualMachineRole –VMName “20409B-LON-PRODx”
2.
On the LON-PRODx virtual machine, on the Start screen, type Control Panel, and then press Enter.
3.
In Control Panel, in the Search Control Panel text box, type Service, and then click View local services.
4.
In Services, right-click Print Spooler, and then click Properties.
5.
In the Print Spooler Properties dialog box, click the Recovery tab.
6.
On the Recovery tab, for the Second failure drop-down list box, click Take No Action, and then click OK.
7.
Close both the Services and Service – Control Panel windows.
8.
On LON-HOSTx, in the Failover Cluster Manager, click 20409B-LON-PRODx to select it as a cluster Role.
9.
In the 20409B-LON-PRODx pane, click the Summary tab, and confirm that currently no Monitored Services are listed.
10. In the details pane, right-click 20409B-LON-PRODx, click More Actions, and then click Configure Monitoring. 11. In Select Services, click Print Spooler, and then click OK.
12. In the 20409B-LON-PRODx pane, confirm that Print Spooler is listed under Monitored Services.
13. In the details pane, right-click 20409B-LON-PRODx, and then click Settings.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-64 Implementing Failover Clustering with Hyper-V
14. In Settings for 20409B-LON-PRODx, in the navigation pane, expand Network Adapter, and then click Advanced Features. In the details pane, confirm that Protected network is selected, and then click OK.
Task 5: Move a virtual machine between failover cluster nodes 1.
On LON-HOSTx, in the Failover Cluster Manager, confirm that the Owner node for the LON-HAx virtual machine is LON-HOSTx.
2.
Right-click LON-HAx, and then click Start.
3.
Right-click LON-HAx, click Move, click Live Migration, and then click Select Node.
4.
In Move Virtual Machine, confirm that LON-HOSTy is selected, and then click OK.
5.
In the Failover Cluster Manager, confirm that Live Migration is moving LON-HAx, and that LON-HOSTy is now an Owner Node.
6.
On LON-HOSTx, in Windows PowerShell, move the LON-HAx virtual machine back to the LON-HOSTx node by running the following cmdlet: Move-ClusterVirtualMachineRole –Name LON-HAx –Node LON-HOSTx –MigrationType Live
Task 6: Destroy a failover cluster Note: Perform this task only on LON-HOST1. 1.
On LON-HOST1, in the Failover Cluster Manager, right-click all Roles, and then click Remove.
2.
In the Remove Virtual Machines pop-up window, click Yes.
3.
In the Failover Cluster Manager, in the navigation pane, right-click LON-CLUST.Adatum.com, click More Actions, and then click Destroy Cluster.
4.
In the Destroy Cluster pop-up window, click Yes.
5.
Wait until the action is performed, and then close the Failover Cluster Manager.
6.
On LON-HOST1 and LON-HOST2, delete the LON-HAx virtual machine.
Results: After completing this exercise, you should have managed a Hyper-V failover cluster.
MCT USE ONLY. STUDENT USE PROHIBITED L7-65
Module 7: Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
Lab: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Exercise 1: Installing and Configuring System Center 2012 R2 VMM Task 1: Review the email from Ed Meadows, CIO, A. Datum, Inc.
Email From: Ed Meadows, CIO, A. Datum Corp. To: IT department Subject: Ready to add System Center 2012 R2 Virtual Machine Manager! I really appreciate the way you have set up our Hyper-V environment! Everything looks great. Now that we have our virtualization infrastructure in place, I would like you create a test implementation of System Center 2012 R2 Virtual Machine Manager. To do this, we need to: 1.
Load the software on one of our servers in the London Site. We need at least two physical hosts, but have plenty of virtual machines on them. Do you recommend putting this on a virtual machine or physical computer? Please let me know what computers you’ll be using. Remember that the test data that you gather will be used to further deploy a much more robust solution that we will use to build our private clouds.
2.
Make sure that all the prerequisites Microsoft has recommended are met. If there are any shortfalls, let me know as soon as possible. Create a list of the prerequisites that you will need to verify.
3.
After you have created the VMM management server and installed a Virtual Machine Manager console on a desktop client in the Developer department, finish testing the console and ensure everything works.
4.
Finally, create the local host group and assign at least two physical hosts. Ed
To create the test implementation, answer the following questions: •
How many Microsoft System Center 2012 R2 Virtual Machine Manager (VMM) servers do you need to deploy in the Adatum environment? Answer: You only need to deploy one server.
•
What are the VMM prerequisites that need to be met? Answer: The following software prerequisites need to be met: o
Operating System – Windows Server 2012 or newer
o
Microsoft SQL Server - SQL Server 2008 R2 Service Pack 2 (SP2) Standard or newer
o
Windows Remote Management service – enabled and started
o
Microsoft .NET Framework 4.5
o
Windows deployment and installation kit – Windows Assessment and Deployment Kit (Windows ADK) for Windows Server 2012 R2
•
The following hardware prerequisites need to be met: o
CPU - Pentium 4, 2 gigahertz (GHz) (x64)
o
Memory - 2 gigabytes (GB)
o
Disk space - 80 GB
Will you deploy VMM on a single server, or will you separate components onto dedicated servers? Answer: You should deploy the VMM management server on one computer, and then deploy the VMM console on both a server and a client computer. •
Will you install the VMM server inside a virtual machine or on a physical machine? Answer: A virtual machine will allow you to use both physical servers as hosts.
•
What computers will you use, and what will be their roles? Answer: o
Answer: VMM management server - LON-VMM1
o
Physical hosts – LON-HOST1 and LON-HOST2
o
Client VMM console – LON-CL1
Task 2: Check for VMM prerequisites, and install VMM
MCT USE ONLY. STUDENT USE PROHIBITED
L7-66 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
1.
On LON-VMM1, on the taskbar, click Server Manager.
2.
In Server Manager, click the Local Server link.
3.
In the Properties for LON-VMM1 details pane, ensure that LON-VMM1 is in the Adatum.com domain. Verify that the Operating system version is at least the Standard or Datacenter version of Windows Server 2012 R2. Confirm that it has at least a 2 GHz Pentium processor, 4 GB of random access memory (RAM) and 80 GB of disk space available.
4.
Close Server Manager.
5.
On the taskbar, click the Start Screen icon.
6.
On the Start screen, move the mouse pointer directly under the Desktop tile. Click the round white circle with a white down arrow in it.
7.
In the Apps by name screen, scroll to the right, and then click the SQL Server Management Studio tile.
8.
In the Microsoft SQL Server Management Studio (Administrator) console, in the Connect to Server dialog box, click Connect.
9.
In the Object Explorer console, on the left side, note the top tree element labeled LON-VMM1 (SQL Server 11.0.3000 – ADATUM\administrator). This version number, 11.0.3000, corresponds to SQL Server 2012 SP1.
10. Click the File drop-down list box, and then click Exit. 11. On the taskbar, click the Windows PowerShell icon. 12. In Windows PowerShell, type the following command, and then press Enter: regedit.exe
13. In the Registry Editor window, click the HKEY_LOCAL_MACHINE subkey. Expand SOFTWARE, expand Microsoft, expand Net Framework Setup, expand NDP, expand v4, and then expand Client, and then click 1033.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L7-67
14. In the Version item, verify that the value in the Data column is 4.5.51641 or higher. 15. Close the Registry Editor window. 16. In Windows PowerShell, type the following command, and then press Enter: services.msc
17. In the Services console, in the Name column, scroll down to Windows Remote Management (WS– Management). If necessary, expand the size of the Name column to see the object name. Verify that the service has the status of Running, and that the Startup Type is set to Automatic. 18. Close the Services console, and then close Windows PowerShell. 19. On the taskbar, click the File Explorer icon. 20. In the This PC window, double-click the DVD Drive icon. 21. In the VMM folder, verify that installation files display.
Task 3: Install the VMM management server and Virtual Machine Manager console on LON-VMM1 1.
In File Explorer, in the VMM window, double-click setup.exe.
2.
On the Microsoft System Center 2012 R2 Installation splash screen, click the Install hyperlink.
3.
On the What would you like to do page, click Add features.
4.
In the Microsoft System Center 2012 Virtual Machine Setup Wizard, on the Getting started page, under the Select features to add section, select the VMM management server check box, and then click Next.
5.
On the Product registration information page, in the Name text box, type, Administrator, and in the Organization text box, type A.Datum, Corp. Leave the Product key text box blank, and then click Next.
6.
Read the Please read this license agreement disclaimer, select the I have read, understood, and agree with the terms of the license agreement check box, and then click Next.
7.
On the Customer Experience Improvement Program (CEIP) page, click No, I am not willing to participate, and then click Next.
8.
When the Database configuration page displays, verify that since SQL Server 2012 SP1 is running on the server, the server name will already display. Leave the Port number box empty, in the Instance name drop-down list, click MSSQLSERVER. In the Select an existing database or create a new database area, use the default new database VirtualManagerDB, and then click Next.
9.
On the Configure service account and distributed key management page, in the User name and domain text box, type ADATUM\SCService, and in the Password: text box, type Pa$$w0rd. Leave the Distributed Key Management section blank, and then click Next.
10. On the Port configuration page, do not make any changes, and then click Next.
11. On the Library configuration page, select the Create a new library share radio button, and then click Next.
12. On the Installation summary page, review the text, and then click Install. The Installing features will now run for several minutes. 13. On the Set up completed successfully page, click Close. 14. On the Microsoft System Center 2012 R2 Installation splash screen, click Close.
15. Close File Explorer.
MCT USE ONLY. STUDENT USE PROHIBITED
L7-68 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
16. If the Connect to Server page for the VMM console displays, skip forward to step 26. If it does not, then perform the following steps. 17. On the taskbar, click the Start Screen icon. 18. On the Start screen, move the mouse pointer directly under the Desktop tile, and click the round white circle with a white down arrow in it.
19. In the Apps by name screen, scroll to the right, right-click the Virtual Machine Manager Console item, and in the bar at the bottom of the Apps by name screen, click Pin to taskbar.
20. Click any empty area of the Apps by name screen, and when you see a white circle with a white up arrow in it, click the arrow. 21. On the Start screen, click the Desktop tile. 22. On the desktop, on the taskbar, click the Virtual Machine Manager Console icon.
23. On the Connect to Server page, verify that the Server name text box is set to localhost: 8100. Verify that the Use current Microsoft Windows session identity check box is selected, and then click Connect. The default selection, Use current Microsoft Windows session identity, is adequate as you are signed on as the domain administrator. 24. Wait for the Virtual Machine Manager console to load. 25. Close the Virtual Machine Manager console.
Task 4: Install the Virtual Machine Manager console on LON-CL1 Note: Perform these steps from LON-HOST2. In Hyper-V Manager on LON-HOST2, rightclick Hyper-V Manager in the console tree and select Connect to server. Select Another computer, and type LON-HOST1 and then click OK. Select and connect to LON-CL1. 1.
On LON-CL1, on the Start screen, click the Desktop tile.
2.
On the desktop, on the taskbar, click the File Explorer icon.
3.
In File Explorer, navigate to \\lon-vmm1.adatum.com\c$\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\setup\msi\Client.
4.
In the Client folder, double-click the AdminConsole.msi file. The MSI file opens a pop-up window stating it is installing, and displaying a progress bar. If it does not encounter an error, then after installing the Virtual Machine Manager console successfully, it will close itself. If a Security Warning popup displays, click Run.
5.
After the install pop-up window closes, close File Explorer.
6.
On the taskbar, click the Start Screen icon.
7.
On the Start screen, move the mouse pointer directly under the Desktop tile, and click the round white circle with a white down arrow icon.
8.
In the Apps by name start screen, scroll to the right until you see the Microsoft System Center 2012 tile area, and then right-click the Virtual Machine Manager Console NEW tile.
9.
In the Command bar at the bottom of the page, click Pin to Taskbar.
10. On your keyboard, press the Windows key. 11. On the Start screen page, click the Desktop tile.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L7-69
12. On the desktop, on the taskbar, click the Virtual Machine Manager Console icon.
13. On the Connect to Server page, in the Server name text box, type LON-VMM1.adatum.com:8100, and then click Connect. 14. When the console displays, navigate around to observe that is the same Virtual Machine Manager console as is installed on LON-VMM1. 15. Close the Virtual Machine Manager console and sign out of LON-CL1.
Results: After completing this exercise, you should have installed System Center 2012 R2 VMM.
Exercise 2: Managing Hosts and Host Groups
Task 1: Set the default domain group policy to allow domain members to become hosts 1.
On LON-DC1, in Server Manager, click Tools, and then click Group Policy Management.
2.
In the Group Policy Management Console, in the console tree, expand Forest: Adatum.com, expand Domains, and then expand Adatum.com. Under Adatum.com, right-click Default Domain Policy, and then click Edit.
3.
In the Group Policy Management Editor, maximize the window.
4.
In the console tree, under Computer Configuration, expand Policies. Navigate to the following location: Administrative Templates\Network\Network Connections\Windows Firewall \Domain Profile.
5.
In the Domain Profile details pane, double-click Windows Firewall: Allow inbound file and printer sharing exception.
6.
In the Windows Firewall: Allow inbound file and printer sharing exception pop-up dialog box, click Enabled, in the Options box, type an asterisk (*), and then click OK.
7.
In the Domain Profile details pane, double-click Windows Firewall: Allow ICMP exceptions.
8.
In the Windows Firewall: Allow ICMP exceptions pop-up dialog box, select the Enabled radio button, in the Options area, select the Allow inbound echo request check box, and then click OK.
9.
In the Domain Profile details pane, double-click Windows Firewall: Define inbound port exceptions.
10. In the Windows Firewall: Define inbound port exceptions pop-up dialog box, select Enabled. In the Options area, by Define port exceptions, click Show. 11. In the Show Contents pop-up dialog box, under Value, type 5985, and then click OK twice.
12. In the Group Policy Management Editor console tree, under Administrative Templates, expand Windows Components, select and expand Windows Remote Management (WinRM), and then click WinRM Service. 13. In the WinRM Service details pane, double-click the Allow remote server management through WinRM setting.
14. In the pop-up dialog box, click the Enabled radio button, in the Options area, in both the IPv4 and IPv6 text boxes, type an asterisk (*), and then click OK. 15. Close the Group Policy Management Editor, and then close the Group Policy Management Console.
16. On LON-HOST1, on the desktop, on the taskbar click the Windows PowerShell icon. 17. In the Windows PowerShell window, type the following command, and then press Enter: gpupdate /force
MCT USE ONLY. STUDENT USE PROHIBITED
L7-70 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
18. When both computer and user policies update successfully, close the Windows PowerShell window. 19. Repeat steps 16-17 on LON-HOST2.
Task 2: Add LON-HOST1 and LON-HOST2 to VMM 1.
On LON-VMM1, from the desktop, on the taskbar, click the Virtual Machine Manager Console icon.
2.
On the Connect to Server page, click Connect.
3.
In the Virtual Machine Manager console, click the VMs and Services workspace.
4.
In the console tree, right-click All Hosts, and then click Add Hyper-V Hosts and Clusters.
5.
In the Add Resource Wizard, on the Resource Location page, click the Windows Server computers in a trusted Active Directory domain option (it should be the default), and then click Next.
6.
On the Credentials page, select the Manually enter the credentials radio button. While the default is Use an existing Run As account, which has a Browse button to find the account, the Run As account has to have local administrator permissions on the host machine being assigned. In the User name text box, type ADATUM\Administrator, in the Password text box, type Pa$$w0rd, and then click Next.
7.
On the Discovery Scope page, note the two radio buttons, Specify Windows Server computers by names, and Specify and Active Directory query to search for Windows Server computers. In the Computer names text box, type lon-host1.adatum.com, and then click Next.
8.
On the Target resources page, in the Discovered computers section, select the lon-host1.adatum.com check box, and then click Next.
9.
When the Virtual Machine Manager pop-up window displays warning you that if Hyper-V is not enabled on the selected server, the VMM will do so, click OK.
10. On the Host Settings page, note that the Host group drop-down list box has only one option, All Hosts. Note the check box that says Reassociate this host with this VMM environment. Selecting this check box moves hosts that have been assigned to a different VMM management server and assigns them to this one. Make no changes, and click Next. 11. On the Summary page, in the upper left, click the View Script button.
12. In Notepad, review the Windows PowerShell cmdlets that display. These are the cmdlets necessary to run a script in Windows PowerShell to add the LON-HOST1 host to this VMM management server. This script can be very useful for documenting your work or to create another host, perhaps at a later time. 13. In Notepad, click File, and then click Save As. 14. In the Save As window, under This PC, click Documents. In the File name text box, type AddHost.ps1, in the Save as type drop-down list box, click All Files (*.*), and then click Save. 15. Close Notepad. 16. On the Summary page, click Finish.
17. A Jobs pop-up window displays, which shows all the individual steps being taken to add the host. The final step entitled, Add virtual machine host takes the longest. It will spend a few moments at several percentages of job completion.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L7-71
18. When the job finishes, close the Jobs window. In the Jobs pop-up window, a yellow triangle might display, with the text Add virtual machine host Completed w/ info. This occurs because Multipath I/O is not enabled for known storage arrays. This is expected. 19. In the VMs and Services console tree, under All Hosts, verify that Lon-host1 now displays. 20. To add LON-HOST2, on the taskbar, click the Windows PowerShell icon. 21. In Windows PowerShell, type the following command, and then press Enter: cd documents 22. In Windows PowerShell, type the following command, and then press Enter: notepad AddHost.ps1 23. In the Notepad window, click Format, and then click Word Wrap.
24. Examine the script, and note the two variables that are created and the cmdlets they are based on. 25. Review the Add-SCVMHost cmdlets and the various parameters that it calls. 26. Modify the ComputerName parameter to identify lon-host2 rather than lon-host1. 27. On the File menu, click Save, and then close Notepad. 28. In Windows PowerShell, type the following command, and then press Enter: ./addhost.ps1 29. In the Windows PowerShell credential required pop-up, in the User name text box, type ADATUM\administrator, in the Password text box, type Pa$$w0rd, and then click OK.
30. Wait for Windows PowerShell to display a number of parameters and values in columnar form, and then close Windows PowerShell.
31. In the Virtual Machine Manager console, in the VMs and Services console tree, under All Hosts, verify that you now see LON-HOST2. Select LON-HOST2, on the ribbon, click the Folder tab, and then click Properties. Review each of the pages in the lon-host2.adatum.com Properties dialog box. 32. Close the lon-host2.adatum.com Properties dialog box, and then close the Virtual Machine Manager console.
Task 3: Create a LocalGroup host group, and then add LON-HOST1 and LON-HOST2 to the LocalGroup host group 1.
On LON-VMM1, on the desktop, on the taskbar, click the Virtual Machine Manager Console icon.
2.
In the Virtual Machine Manager console, on the Connect to Server page, click Connect.
3.
In the Virtual Machine Manager console, click the VMs and Services workspace.
4.
In the VMs and Services console tree, click All Hosts.
5.
On the ribbon, on the Home tab, click Create Host Group. Verify that in the console tree, under All Hosts, a new folder named New host group displays. Highlight this folder, type LocalGroup, and then press Enter.
6.
In the VMs and Services console tree, click lon-host1, and then on the ribbon, click the Host tab.
7.
On the ribbon, click Move to Host Group.
8.
In the Move Host Group pop-up dialog box, in the Parent host group: drop-down list box, click LocalGroup, and then click OK.
9.
In the VMs and Services console tree, right-click lon-host2, and then click Move to Host Group.
10. In the Move Host Group pop-up dialog box, in the Parent host group drop-down list box, click LocalGroup, and then click OK.
Task 4: Configure LocalGroup properties 1.
Right-click LocalGroup, and then click Properties.
2.
In the LocalGroup Properties dialog box, in the Properties pages, configure the following:
3.
a.
On the General page, in the Description text box, add the description The local group of virtualization hosts the A. Datum IT department is using.
b.
On the Host Reserves page, clear the Use the host reserves settings from the parent host group check box. In the Disk space, amount text box, change the values from 1% to 2%.
c.
On the LocalGroup Properties page, click OK.
Close the VMM Console, and sign out of LON-VMM1.
MCT USE ONLY. STUDENT USE PROHIBITED
L7-72 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager
Results: After completing this exercise, you should have created and configured hosts and host groups.
MCT USE ONLY. STUDENT USE PROHIBITED L8-73
Module 8: Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
Lab A: Network Infrastructure Management Exercise 1: Implementing a Network Infrastructure Task 1: Configure logical networks 1.
On LON-VMM1, in Microsoft System Center 2012 R2 Virtual Machine Manager (VMM), launch the Virtual Machine Manager console.
2.
In the Virtual Machine Manager console, click the Fabric workspace, in the Navigation pane, click Networking, and then on the on the ribbon, click Create Logical Network.
3.
In the Create Logical Network Wizard, on the Name page, in the Name text box, type Adatum UK, and then in the Description text box, type Adatum (London) logical network.
4.
Click One connected network, click Allow new VM networks created on this logical network to use network virtualization, and then click Next.
5.
On the Network Site page, click Add, and then in the Host groups that can use this network site section, click All Hosts.
6.
In the Associated VLANs and IP subnets area, click Insert row, in the VLAN text box, type 0, and then in the IP subnet text box, type 192.168.1.0/24.
7.
Click the Network Site Name text box, select and delete the automatically generated site name, and then type Docklands.
8.
Repeat step 5, 6 and 7, using the following details:
9.
o
VLAN: 0
o
IP Subnet: 192.168.2.0/24
o
Network Site Name: Gatwick
Click Next, and then click Finish.
10. Close the Jobs window. 11. On the ribbon, click Create IP Pool. 12. In the Create Static IP Address Pool Wizard, on the Name page, in the Name text box, type Docklands IP Pool, select the logical network Adatum UK, and then click Next.
13. On the Network site page, click Use an existing network site, ensure that Docklands is selected, and then click Next. 14. On the IP address range page, review the options, and then click Next. 15. On the Gateway page, review the options, and then click Next. 16. On the DNS page, review the options, and then click Next. 17. On the WINS page, review the options, and then click Next. 18. On the Summary page, click Finish. 19. Close the Jobs window.
20. Create another IP pool called Gatwick IP Pool. Use the Adatum UK logical network, and use the Gatwick Network site. 21. On the ribbon, click Create, and then click Hyper-V Port Profile.
MCT USE ONLY. STUDENT USE PROHIBITED
L8-74 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
22. In the Create Hyper-V Port Profile Wizard, on the General page, in the Name text box, type Adatum UK Uplink. 23. Click Uplink port profile, in the Load balancing algorithm drop-down list box, click Hyper-V port, and then click Next. 24. On the Network configuration page, under Network sites, click Docklands, click Gatwick, click Enable Hyper-V Network-Virtualization, and then click Next. 25. On the Summary page, click Finish. 26. Close the Jobs window. 27. On the ribbon, click Create Logical Switch. 28. In the Create Logical Switch Wizard, on the Getting Started page, click Next. 29. On the General page, in the Name text box, type Adatum UK, in the Description text box, type Adatum production hosts logical switch, and then click Next. 30. On the Extensions page, leave the default extensions, and then click Next. 31. On the Uplink page, click Add, ensure that the Adatum UK uplink is selected, click OK, and then click Next. 32. On the Virtual Port page, click Add. 33. On the Add Virtual Port page, click Browse. 34. On the Select a Port Profile Classification page, click Medium Bandwidth, and then click OK.
35. Click Include a virtual network adapter port profile in this virtual port, click the Native virtual network adapter port profile, click Medium Bandwidth Adapter, click OK, and then click Next. 36. On the Summary page, click Finish. 37. Close the Jobs window.
Task 2: Connect a host server with a logical network 1.
In the Fabric workspace click to expand Servers, click All Hosts, and then click lon-host1.adatum.com.
2.
On the ribbon, click Properties.
3.
In the Properties dialog box, click Hardware, and then locate and click the logical network associated with your network card (this will be connected to External Network.) On the right, click the Adatum UK logical network, read the warning about VLANs, click OK, and then click OK again.
4.
In the Fabric workspace, expand Servers, click All Hosts, click lon-host1.adatum.com, and then on the ribbon, click Properties. Click Virtual Switches, click New Virtual Switch, and then click New Logical Switch.
5.
An error message displays stating that VMM cannot create a virtual switch without any physical network adapters. At this point, if you have another network card, you can assign the logical switch to a physical adapter.
6.
In the error message pop-up window, click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L8-75
7.
In the Properties dialog box, click Hardware, and then scroll down and expand Network adapters. Click your physical network adapter, and note that you can select or clear the adapter for virtual machine placement and management use. Click the Logical network, and on the right, under Logical network connectivity, you can assign the logical networks and IP subnets,
8.
Click Cancel, and then click Yes to close the warning.
Task 3: Configure network virtualization 1.
In the Virtual Machine Manager console, click the VMs and Services workspace, and then on the ribbon, click Create VM Network.
2.
On the Name page, in the Name text box, type Adatum North, ensure that Adatum UK is selected as the logical network, and then click Next.
3.
On the Isolation page, click Isolate using Hyper-V network-virtualization, and then click Next.
4.
On the VM Subnets page, click Add, in the Name text box, type Adatum Finance, and then in the Subnet text box, type 192.168.4.0/24.
5.
On the VM Subnets page, click Add, in the Name text box, type Adatum Engineering, in the Subnet text box, type 192.168.5.0/24, and then click Next.
6.
On the Connectivity page, review the message, and then click Next.
7.
On the Summary page review the summary, and then click Finish.
8.
Close the Jobs window.
9.
In the Virtual Machine Manager console, click the VMs and Services workspace, and then on the ribbon, click Create VM Network.
10. On the Name page, in the Name text box, type Adatum South, ensure that Adatum UK is selected as the logical network, and then click Next. 11. On the Isolation page, click Isolate using Hyper-V network-virtualization, and then click Next.
12. On the VM Subnets page, click Add, in the Name text box, type Adatum Warehouse, and then in the Subnet text box, type 192.168.4.0/24. 13. On the VM Subnets page, click Add, in the Name text box, type Adatum Logistics, in the Subnet text box, type 192.168.5.0/24, and then click Next. 14. On the Connectivity page, review the message, and then click Next. 15. On the Summary page, review the summary, and then click Finish. 16. Close the Jobs window.
17. In the VMs and Services workspace, click VM Networks, click Adatum North, and then right-click and click Create IP Pool.
18. On the Name page, in the Name text box, type Adatum Finance VM Network IP Pool. Ensure that the VM Network is set to Adatum North, and that the VM subnet is set to Adatum Finance (192.168.4.0/24), and then click Next. 19. On the IP address range page, note that the first IP address in the range is reserved. Leave the default settings, and then click Next. 20. On the Gateway page, click Next. 21. On the DNS page, click Next. 22. On the WINS page, click Next.
23. On the Summary page, click Finish. 24. Close the Jobs window.
MCT USE ONLY. STUDENT USE PROHIBITED
L8-76 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
25. In the VMs and Services workspace, click VM Networks, click Adatum South, and then right-click and click Create IP Pool.
26. On the Name page, in the Name text box, type Adatum Logistics VM Network IP Pool. Ensure that the VM Network is set to Adatum South, and that the VM subnet is set to Adatum Logistics (192.168.5.0/24), and then click Next. 27. On the IP address range page, note that the first IP address in the range is reserved. Leave the default settings, and then click Next. 28. On the Gateway page, click Next. 29. On the DNS page, click Next. 30. On the WINS page, click Next. 31. On the Summary page, click Finish. 32. Close the Jobs window.
Task 4: Connect virtual machines to a virtual machine network 1.
In the Virtual Machine Manager console, click the VMs and Services workspace.
2.
Click All Hosts, right-click 20409B-LON-TEST1, and then click Properties.
3.
In the Properties dialog box, click Hardware Configuration and then click Network Adapter 1.
4.
Click Connected to a VM network and then click Browse.
5.
In the Select a VM Network dialog box, select Adatum North and click OK. In VM Subnet field, select Adatum Finance and then click OK.
6.
Right-click 20409B-LON-PROD1, and then click Properties.
7.
In the Properties dialog box, click Hardware Configuration and then click Network Adapter 1.
8.
Click Connected to a VM network, and then click Browse.
9.
Click Adatum South, and then click OK.
10. Ensure that the VM Subnet is set to Adatum Logistics, and then click OK. 11. Click 20409B-LON-TEST1, and then on the ribbon, click Power On. 12. Click 20409B-LON-PROD1, and then on the ribbon, click Power On. 13. Click 20409B-LON-TEST1, on the ribbon, click Connect or View, and then click Connect Via Console. 14. In the Virtual Machine Viewer window, click Ctrl-Alt-Del. 15. On the sign-on screen, type Pa$$w0rd, and then press Enter. 16. In the Server Manager console, click Local Server, and then click 192.168.10.15,IPv6 enabled. 17. In the Network Connections window, right-click Ethernet, and then click Properties.
18. In the Ethernet Properties dialog box, click Internet Protocol Version 4, and then click Properties. 19. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click Obtain an IP address automatically, click Obtain DNS server address automatically, click OK, and then click Close. 20. In the Networks dialog box, click Yes.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L8-77
21. Right-click Ethernet, and then click Status. 22. In the Ethernet Status dialog box, click Details.
23. Verify that the IPv4 Address is set to an address from the Adatum Finance VM Network IP Pool that you configured earlier, and that it is in the 192.168.4.0/24 range. 24. In the VMM console, ensure that in the VMs and Services workspace, All Hosts is selected,, and then click 20409B-LON-PROD1. On the ribbon, click Connect or View, and then click Connect Via Console. 25. In the Virtual Machine Viewer window, click Ctrl-Alt-Del. 26. On the sign-in screen, type Pa$$w0rd, and then press Enter. 27. In the Server Manager console, click Local Server, and then click 10.0.0.15, IPv6 Enabled. 28. In the Network Connections window, right-click Ethernet, and then click Properties.
29. In the Ethernet Properties dialog box, click Internet Protocol Version 4, and then click Properties. 30. In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click Obtain an IP address automatically, click Obtain DNS server address automatically, click OK, and then click Close. 31. In the Networks dialog box, click Yes. 32. Right-click Ethernet, and then click Status. 33. In the Ethernet Status dialog box, click Details.
34. Verify that the IPv4 Address is set to an address from the Adatum Logistics VM Network IP Pool that you configured earlier, and is in the 192.168.5.0/24 range. 35. In the Server Manager console, in the Tools menu, click Windows PowerShell. 36. In the Windows PowerShell window, use the ping command to verify the IP address of 20409B-LON-TEST1 that you learned in step 23. This should not be possible because networks are virtualized.
37. In the VMM console, ensure that the All Hosts node in the VMs and Services workspace is selected. 38. Click 20409B-LON-TEST1, and then on the ribbon, click Shut Down. 39. In the Virtual Machine Manager console, click Yes. 40. Click 20409B-LON-PROD1 and then on the ribbon, click Shut Down. 41. In the Virtual Machine Manager console, click Yes.
Results: After completing this exercise, you should have created and configured a new virtual network, configured network virtualization, and connected virtual machines to a virtual machine network.
Lab B: Managing Infrastructure Storage Exercise 1: Implementing a Storage Infrastructure Task 1: Install the SMI-S storage provider
MCT USE ONLY. STUDENT USE PROHIBITED
L8-78 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
1.
On LON-VMM1, in the Virtual Machine Manager console, on the ribbon, click PowerShell.
2.
When the Windows PowerShell prompt displays, type the following Windows PowerShell command set the iSCSI Target Server local administrator credentials: $Cred = Get-Credential
3.
In the Windows PowerShell credential request dialog box, in the User name text box, type adatum\administrator, in the Password text box, type Pa$$w0rd, and then click OK.
4.
In the Windows PowerShell window, type the following script: $Runas = New-SCRunAsAccount –Name “iSCSIRunas” –Credential $Cred
5.
In the Windows PowerShell window, add the Internet small computer system interface (iSCSI) storage provider by typing the following script: Add-SCStorageProvider -Name "Microsoft iSCSI Target Provider" -RunAsAccount $Runas ComputerName "LON-SS1.adatum.com" -AddSmisWmiProvider
Task 2: Deploy block storage 1.
On LON-VMM1, in the Virtual Machine Manager console, click Fabric, right-click Storage, and then click Add Storage Devices.
2.
On the Select Provider Type page, click SAN and NAS devices discovered and managed by a SMI-S provider, and then click Next.
3.
Click the Protocol drop-down list box, and then click SMI-S WMI. In the Provider IP address or FQDN text box, type lon-ss1.adatum.com, and then click Browse.
4.
On the Select a Run As account page, click iSCSIRunas, and then click OK.
5.
On the Specify Discovery Scope page, click Next.
6.
On the Gather Information page, review the discovery result, and then click Next.
7.
On the Select Storage Devices page, click Create Classification, and in the Name text box, type Gold. In the Description text box, type 15K SAS Drives, and then click Add.
8.
Click Create Classification, and in the Name text box, type Silver. In the description text box, type 7K SATA Drives, and then click Add.
9.
Select the iSCSITarget: LON-SS1:C check box, and then in the Classification drop-down list box, click Silver.
10. Select the iSCSITarget: LON-SS1:E: check box, in the Classification drop-down list box, click Gold, and then click Next. 11. On the Summary page, click Finish, and wait for the job to finish. 12. When the job finishes, close the Jobs window. 13. On LON-VMM1, in the Virtual Machine Manager console, click Fabric. 14. In the Fabric navigation pane, click Storage, and then on the ribbon, click Create Logical Unit.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L8-79
15. In the storage pool drop-down list box, click iSCSITarget: LON-SS1:E, in the Name field, type LON-APP1_C, in the Size (GB): text box, clear the existing value, type 20, and then click OK.
16. In the Fabric navigation pane, click Classifications and Pools. Verify that you can see the new logical unit number (LUN) listed.
Task 3: Add file storage to VMM 1.
On LON-VMM1, in the Virtual Machine Manager console, click Fabric, right-click Storage, and then click Add Storage Devices.
2.
On the Select Provider Type page, click Windows-based file server, and then click Next.
3.
In the Provider IP address or FQDN: field, type lon-svr1.adatum.com, and then click Browse.
4.
On the Select a Run As account page, click Create Run As Account.
5.
In the Name box, type Administrator. In the User name box, type Adatum\Administrator in the Password and Confirm password text boxes, type Pa$$w0rd, and then click OK.
6.
In the Select a Run As Account box, click Administrator, and then click OK.
7.
On the Specify Discovery Scope page, click Next.
8.
On the Gather Information page, review the discovery result, and then click Next.
9.
On the Select Storage Devices page, click Next.
10. On the Summary page, click Finish. 11. Close the Jobs window. 12. On LON-VMM1, click Fabric, and on the ribbon, click Create File Share. 13. On the Create File Share page, in the Name text box, type SVR1_Gold. 14. In the Classification drop-down list box, click Gold. 15. In the Local path text box, type C:\SVR1_GOLD, and then click Create.
Task 4: Assign and allocate storage 1.
On LON-VMM1, click Fabric, click All Hosts, click lon-host1.adatum.com, and then on the ribbon, click Properties.
2.
Click Host Access, and then click Browse. Click Administrator, and then click OK.
3.
Click OK again to accept the changes.
4.
Click lon-host1.adatum.com, and then, on the ribbon, click Properties.
5.
Click Storage.
6.
On the Storage page, click Add, and then click Add File Share.
7.
Click the File share path drop-down list box, click \\lon-svr1.adatum.com\SVR1_Gold, and then click OK.
8.
On LON-VMM1, click Fabric, and then click Storage.
9.
On the ribbon, click Allocate Capacity, and then click Allocate Storage Pools.
10. In the Available storage pools section, click iSCSITarget LON-SS1:E, click Add, click OK, and then click Close. 11. In the Virtual Machine Manager console, click the VMs and Services workspace.
12. On the ribbon, on the Home tab, click Create Virtual Machine and then in the list click Create Virtual Machine.
MCT USE ONLY. STUDENT USE PROHIBITED
L8-80 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
13. On the Select Source page, click Create the new virtual machine with a blank virtual hard disk, and then click Next.
14. On the Identity page, in the Virtual machine name text box, type LON-APP1, and then click Next. 15. On the Configure Hardware page, scroll down, under Network Adapters, click Network Adapter 1, on the right, and then click Connected to a VM network. 16. Ensure that the VM network is Adatum North, click the VM Subnet drop-down list box, click Adatum Finance, and then click Next. 17. On the Select Destination page, click Next. 18. On the Select Host page, ensure that lon-host1.adatum.com is selected, and then click Next.
19. On the Configure Settings page, in the Virtual machine path text box, type C:\Program Files \Microsoft Learning\20409\Drives, and then click Next. (Note: this path may differ on your host.) 20. On the Add Properties page, click Next. 21. On the Summary page, review the settings, and then click Create. 22. Confirm that the Create Virtual Machine job completed successfully. 23. Close the Jobs window. 24. On LON-VMM1, click VMs and Services, click All Hosts, right-click LON-APP1, and then click Migrate Virtual Machine.
25. In the Migrate VM Wizard, on the Select Host page, ensure that lon-host1.adatum.com is selected, and then click Next. 26. On the Select Path page, in the Storage location for VM configuration text box, type \\lon-svr1.adatum.com\SVR1_Gold, click Automatically place all VHDs with the configuration, and then click Next. 27. On the Select Network page, leave the default settings, click Next, and then click Move. 28. Check the job status. 29. Close the Jobs window.
Results: After completing this exercise, you should have implemented a storage infrastructure.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L8-81
Lab C: Infrastructure Updates Management Exercise 1: Managing Infrastructure Updates Task 1: Integrate Windows Server Update Services (WSUS) with VMM 1.
In the Virtual Machine Manager console, click the Fabric workspace.
2.
In the navigation pane, expand the Servers node, expand the Infrastructure node, and then click Update Server.
3.
Right-click Update Server, and then click Add Update Server.
4.
In the Add Windows Server Update Services Server dialog box, in the Computer name text box, type LON-WSUS, and then in the TCP/IP port text box, type 8530.
5.
Select the Enter a user name and password option. In the User name text box, type Adatum\Administrator, in the Password text box, type Pa$$w0rd, and then click Add.
6.
In the Jobs window, click the Add Update Server job. On the Summary and Details tabs, monitor the status of the configuration job.
7.
When the job displays as Completed w/info, close the Jobs window. Note: Status is expected to be Completed w/ Info.
8.
With the Update Server node selected, verify that LON-WSUS.adatum.com displays in the results pane, and that the Agent Status column displays Responding.
Task 2: Perform a manual synchronization with WSUS from VMM 1.
In the Virtual Machine Manager console, click the Fabric workspace.
2.
In the navigation pane, expand the Servers node, expand Infrastructure, and then click Update Server.
3.
In the Update Servers pane, right-click LON-WSUS.Adatum.com, and then click Synchronize.
4.
In the Jobs window, when the job displays an error message, close the Jobs window.
Note: An error is expected because there is no Internet connection. However, this will not affect the rest of the lab exercise.
Task 3: Create the update baseline in VMM 1.
In the Virtual Machine Manager console, click the Library workspace.
2.
In the navigation pane, expand the Update Catalog and Baselines node, and then click Update Baselines.
3.
On the Home page, in Create group, click Create and then click Baseline.
4.
In the Update Baseline Wizard, in the Name text box, type LON Base1, click Next, and then click Add.
5.
In the Add Updates to Baseline window, select all of the Updates, and then click Add.
6.
In the wizard click Next. Select the All Hosts and LON-VMM1.Adatum.com check boxes, and then click Next.
7.
View the Summary, and then click Finish.
8.
In the Jobs window, select the Change properties of a baseline job.
9.
On the Summary and Details tabs, monitor the status of the configuration job.
10. When the job displays as Completed, close the Jobs window. 11. With the Update Baselines node selected, verify that LON Base1 displays in the Baselines pane, with Assignments set to 2.
Task 4: Assign an existing baseline in VMM
MCT USE ONLY. STUDENT USE PROHIBITED
L8-82 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager
1.
In the Virtual Machine Manager console, click the Library workspace.
2.
In the navigation pane, expand the Update Catalog and Baselines node, and then click Update Baselines.
3.
On the Baselines pane, right-click LON Base1, and then click Properties.
4.
In the LON Base1 Properties dialog box, on the left side bar, click the Assignment Scope tab, select the LON-WSUS.Adatum.com check box, and then click OK.
5.
On the Home page, click Jobs, click History, and verify that the status of job Change properties of a baseline lists as Completed.
6.
Click back to the Library workspace.
7.
In the Library workspace, with the Update Baselines node selected, verify that LON Base1 displays in the Baselines pane with Assignments set to 3.
Task 5: Scan for update compliance in VMM 1.
In the Virtual Machine Manager console, click the Fabric workspace.
2.
In the navigation pane, click the Servers node, and then on the Home page, click Compliance.
3.
In the Results pane, select LON-WSUS.Adatum.com, and then on the Home page, click Scan.
4.
In the Results pane, verify that the Operational Status changes to Scanning.
5.
When the status changes again, verify that the Compliance Status changes to Compliant.
Results: After completing this exercise, you should have added and configured an Update Server to manage infrastructure updates.
MCT USE ONLY. STUDENT USE PROHIBITED L9-83
Module 9: Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
Lab: Creating and Managing Virtual Machines by Using System Center 2012 R2 Virtual Machine Manager Exercise 1: Creating a Virtual Machine and Modifying Its Properties Task 1: Create a new virtual machine with the VMM console in Microsoft System Center 2012 R2 Virtual Machine Manager 1.
On LON-VMM1, on the taskbar, click the Virtual Machine Manager Console icon.
2.
On the Connect to Server page, click Connect.
3.
In the Virtual Machine Manager Console, click the VMs and Services workspace.
4.
In the VMs and Service console tree, expand All Hosts, expand LocalGroup, and then click LON-HOST1.
5.
On the ribbon, click the Home tab, click the Create Virtual Machine drop-down list box, and then click Create Virtual Machine.
6.
In the Create Virtual Machine Wizard, on the Select Source page, click Create the new virtual machine with a blank virtual hard disk, and then click Next.
7.
On the Identity page, in the Virtual machine name text box, type Win2012Lab9.
8.
In the Description text box, type Lab 9 exercise, create virtual machine, and then click Next.
9.
Under Network Adapters, click Network Adapter1.
10. In the Connectivity section, click Connected to a VM network, click Browse, in the pop-up window, click External Network, click OK, and then click Next. 11. On the Select Destinations page, accept both the default Place the virtual machine on a host option, and the Destination: All Hosts drop-down list-box selection, and then click Next.
12. On the Select Host page, give VMM a moment to rate the hosts. Highlight lon-host2.adatum.com, and then click Next. 13. On the Configure Settings page, under Virtual Machine path, type E:\Program Files\Microsoft Learning\20409\, and then click Next. (Note that the actual drive letter may differ on your host machine.) 14. On the Add Properties page, click Next. 15. On the Summary page, in the Confirm the settings section, click the View Script button.
16. Verify that Notepad opens and displays the Windows PowerShell script used to create the virtual machine, with cmdlets with parameters for all the options you have chosen. 17. In Notepad, on the File menu, click Save As.
18. In the Save As pop-up window, name the file “CreateWin8Lab9.ps1” in the Documents library. Be sure to use the quotation marks, as this will save the extension as it is written, rather than saving it with the .txt extension.
19. In the Save as type drop-down list box, click All Files (*.*), and then click the Save button. 20. Close Notepad. 21. Click the Create button. 22. Verify that the job starts, with multiple steps to create the virtual machine. 23. Verify that a Jobs pop-up window displays. 24. When the last job is completed, close the Jobs pop-up window. 25. In the console tree, under VMs and Services, under All Hosts, and under LocalGroup, click LON–HOST2. 26. In the VMs details pane, verify that Win2012Lab9 displays on this host. 27. Close the Virtual Machine Manager Console.
Results: After completing this exercise, you should have created a virtual machine and modified its properties.
Exercise 2: Cloning a virtual machine Task 1: Clone a virtual machine
MCT USE ONLY. STUDENT USE PROHIBITED
L9-84 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager
1.
On the LON-VMM1 desktop, on the taskbar, click the Virtual Machine Manager Console icon.
2.
In the Virtual Machine Manager Console, on the Connect to Server page, click Connect.
3.
Verify that after a moment, the Virtual Machine Manager Console displays.
4.
In the workspace area, in the lower left section, click VMs and Services.
5.
In the VMs and Services console tree, expand All Hosts, expand LocalGroup, and then click LON-HOST1.
6.
In the VMs detail pane, click 20409B-LON-SVR2. Ensure the Virtual Machine tab is also selected.
7.
On the ribbon, click the Create drop-down list, and then click Clone.
8.
In the Create Virtual Machine Wizard, on the Identity page, in the Description box, type Clone of the LON-SVR2 virtual machine, and then click Next.
9.
On the Configure Hardware page, click Next.
10. On the Select Destination page, click Next.
11. On the Select Host page, notice that VMM rates the hosts. In the Placement window where the two hosts are listed, click lon-host2.adatum.com, and then click Next.
12. On the Select Path page, type F:\Program Files\Microsoft Learning\20409\, and then click Next. (Note the actual drive letter may differ on your host machine.) 13. On the Select Networks page, click Next. 14. On the Add Properties page, click Next. 15. On the Summary page, click Create.
16. Verify that a Jobs pop-up window displays, and is populated with several steps detailing the cloning of the virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L9-85
17. After about 10 minutes, verify that the cloned virtual machine is created. 18. Close the Jobs window. 19. In the VMM console, return to the VMs and Services console tree, expand All Hosts, expand LocalGroup, and then click LON-HOST2. 20. In LON-HOST2, verify that 20409B-LON-SVR2 displays. This is the cloned virtual machine.
Task 2: Use Sysprep on the clone of LON-SVR2 1.
In the VMs and Services console tree, expand All Hosts, expand LocalGroup, and then click LON-HOST2.
2.
In the VMs detail pane, click 20409B-LON-SVR2, and on the ribbon, click Power On.
3.
After approximately 60 seconds, right-click 20409B-LON-SVR2, point to Connect or View, and then click Connect via Console. If prompted, type Adatum\Administrator with the password of Pa$$w0rd.
4.
In the Virtual Machine Viewer window, click the Ctrl-Alt-Del icon, and then sign in as Adatum\Administrator with the password Pa$$w0rd.
5.
On the taskbar, right-click the Start button, and then click Windows PowerShell (Admin).
6.
In the Administrator: Windows PowerShell window, type cd c:\Windows\System32\Sysprep, and then press Enter.
7.
Type .\Sysprep /generalize, and then press Enter.
8.
In the System Preparation Tool 3.14 pop-up window, select the Generalize check box.
9.
In the Shutdown Options drop-down list box, click Reboot, and then click OK.
10. Verify that the Sysprep is working pop-up window displays. Note that Sysprep will take approximately five minutes to run. 11. When Sysprep finishes, the virtual machine will restart. 12. In the Virtual Machine Viewer window, on the File menu, click Exit.
13. In the Virtual Machine Manager Console, return to the VMs and Services workspace, and then click LON-HOST2. 14. Click 20409B-LON-SVR2, and on the ribbon, click Power Off. Click Yes. 15. Click 20409B-LON-SVR2, and on the ribbon, click Delete. Click Yes. 16. Close the VMM console, and sign out of LON-VMM1.
Results: After completing this exercise, you should have cloned a virtual machine.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L10-87
Module 10: Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
Lab: Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects Exercise 1: Configuring and Managing the Virtual Machine Manager Library
Task 1: Examine the Library workspace defaults, and create the shared folders on the virtualization host computers 1.
Sign in to LON-VMM1 as Adatum\Administrator with a password of Pa$$w0rd.
2.
On the desktop, on the taskbar, click the Virtual Machine Manager Console icon.
3.
On the Connect to Server page, click Connect.
4.
In the Virtual Machine Manager console, on the lower left, click the Library workspace.
5.
In the console tree, click and expand the Library Servers node. You should see the VMM management server, LON-VMM1.Adatum.com. This is because the VMM management server is always added to a library server when you install Microsoft System Center 2012 R2 Virtual Machine Manager (VMM).
6.
On LON-HOST1 and LON-HOST2, perform the following tasks: a.
On LON-HOST1, on the taskbar, click the File Explorer icon.
b.
In the This PC window, click Local Disk (C:).
c.
On the ribbon, on the Home tab, click the New folder icon. In the text box, type Host1Library, and then press Enter.
d.
Right-click Host1Library, click Share with, and then click Specific people.
e.
In the File Sharing window, in the drop-down list, select Everyone, click Add, and then click Share.
f.
In the File Sharing window, click Done.
g.
Close File Explorer.
h.
On LON-HOST2, on the taskbar, click the File Explorer icon.
i.
In the This PC window, click Local Disk (C:).
j.
On the ribbon, on the Home tab, click the New folder icon. In the text box, type Host2Library, and then press Enter.
k.
Right-click Host2Library, click Share with, and then click Specific people.
l.
In the File Sharing window, in the drop-down list, select Everyone, click Add, and then click Share.
m. In the File Sharing window, click Done. n.
Close File Explorer.
o.
Switch back to LON-VMM1.
MCT USE ONLY. STUDENT USE PROHIBITED
L10-88 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
Task 2: Add LON-HOST1 and LON-HOST2 as Virtual Machine Manager library servers 1.
In the Virtual Machine Manager console, click the Library Servers node. On the ribbon, on the Home tab, click the Add Library Server icon.
2.
In the Add Library Server Wizard, on the Enter Credentials page, select Enter a username and password. In the User name text box, type ADATUM\administrator, in the Password text box, type Pa$$w0rd, and then click Next.
3.
On the Select Library Servers page, in the Computer name text box, type Lon-host1, and then click Add. Repeat this for Lon-Host2.
4.
In the Selected servers window, notice that you see both hosts. At the bottom of the page, click Next.
5.
On the Add Library Shares page, in the Select library shares to add details pane, select the Host1Library and Host2Library check boxes.
6.
On the Add Library Shares page, note the Add Default Resources check boxes to the right. This adds the ApplicationsFrameworks folder to the share. Also, note the Show hidden shares check box at the bottom of the page. By selecting this check box, the shares that were created as hidden will display.
7.
Select both the Add Default Resources check boxes, and then click Next.
8.
On the Summary page, note the View Script button. Clicking it will bring up Notepad with the Windows PowerShell cmdlets linked together in a script that will re-create all the selections that you made in the wizard. This very useful file can help you document your administrative actions and recreate your environment.
9.
At the bottom of the Summary page, click the Add Library Servers button.
10. When the Jobs window opens, notice the two Add library server jobs. It will take about two minutes to complete these jobs. When both jobs complete, close the Jobs window.
Task 3: Examine the library server shared folder resources, and create an additional subfolder on LON-HOST1 In the Virtual Machine Manager console, return to the Library workspace and review the new library servers that you have added to the Library Servers node in the console tree by expanding each library server and its library. 1.
In the ApplicationsFrameworks node of the Host1Library, in the Physical Library Objects details pane, click SAV_x86_en-US_ string-of-numbers.cr. Note that the values found in the string of numbers will vary over time.
2.
On the ribbon, on the Custom Resource tab, click Properties.
3.
In the Properties dialog box, click View equivalent resources. Examine the items in the window, and then click Cancel.
4.
Click the Dependencies page. Notice that no dependencies display, but if this custom resource had dependencies, they would be listed here. This information is useful when determining whether to delete an object to see if it is still dependent or being depended upon by another object.
5.
On the Dependencies page, click Cancel.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L10-89
6.
In the VMM console, in the console tree, right-click Host1Library, and then click Explore.
7.
In the Host1Library window, click the Home tab, and then click New folder. In the New folder text box, type ISOs, and then press Enter.
8.
Open the ISOs folder, and then create a text file named Test.iso. In the Rename box, click Yes.
9.
Close the Host1Library window.
10. Return to the Library workspace in the VMM console, and examine the Host1Library window again. The ISOs folder should now display. If not, right-click Host1Libary, and then click Refresh.
Exercise 2: Creating and Managing Profiles and Templates Task 1: Create the Guest OS Profile 1.
In the Virtual Machine Manager console, on the lower left, click the Library workspace.
2.
In the console tree, select and expand the Profiles node.
3.
In the console tree, click the Guest OS Profiles node.
4.
On the Home tab, click the Create icon, and on the shortcut menu, click Guest OS Profile.
5.
In the New Guest OS Profile Wizard, on the General page, in the Name text box, type LabGuestOS, and then in the Description text box, type Lab creating a GuestOS profile.
6.
In the New Guest OS Profile box, click the Guest OS Profile page.
7.
On the Guest OS Profile page, in the General Settings section, under Operating System, click the down arrow, and then click 64-bit edition of Windows Server 2012 Standard.
8.
Click the Identity Information section, and in the Computer name text box, type WS2012-Core###.
9.
Click the Admin Password item, and then in the details pane, click Specify password of the local administrator account. In the Password and Confirm text boxes, type Pa$$w0rd.
10. In the New Guest OS Profile Wizard, click OK. In the Profiles details pane, LabGuestOS now displays.
Task 2: Create the Hardware Profile 1.
In the console tree, click the Hardware Profiles node.
2.
On the Home tab, click the Create icon, and then on the shortcut menu, click Hardware Profile.
3.
In the New Hardware Profile Wizard, on the General page, in the Name text box, type LabHWProfile, and in the Description text box, type Lab creating a hardware profile.
4.
In the New Hardware Profile box, select the Hardware Profile page.
5.
On the Hardware Profile page, in the Compatibility section, select the Hyper-V check box.
6.
In the central console tree, click Memory. In the Memory details pane, select Dynamic, and then in the Maximum memory area, overtype the value shown with 1024.
7.
Scroll down in the center console tree, and then click Network Adapters, Network Adapt…. In the Network Adapter 1 details pane, select Connected to a VM network. In the VM network area, click the Browse button. In the pop-up window, click External Network, and then click OK.
8.
In the New Hardware Profile Wizard, click OK. Notice that the LabHWProfile now displays.
Task 3: Create a virtual machine template
MCT USE ONLY. STUDENT USE PROHIBITED
L10-90 Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects
1.
In the console tree, select and expand the Templates node.
2.
Click the VM Templates node. On the ribbon, on the Home tab, click the Create VM Template icon.
3.
In the Create VM Template Wizard, on the Select Source page, note the Use an existing VM template or a virtual hard disk stored in the library option. To the right of this option, click Browse.
4.
In the Select VM Template Source window, click Blank Disk – Small.vhdx, and then click OK.
5.
On the Select Source page, click Next.
6.
On the Identity page, in the VM Template name text box, type LabVMTemplate, in the Description text box, type Lab creating a VM template, and then click Next.
7.
On the Configure Hardware page, click the Hardware profile list box, click LabHWProfile, and then click Next.
8.
On the Configure Operating System page, click the Guest OS profile drop-down list box, click LabGuestOS, and then click Next.
9.
On the Application Configuration page, click the Application profile drop-down list box, click None – do not install any applications, and then click Next.
10. On the SQL Server Configuration page, click the SQL Server profile drop-down list box, click None – no SQL Server configuration settings, and then click Next. 11. On the Summary page, click Create. 12. Review and then close the Jobs window. 13. In the Templates details pane, click and then review LabVMTemplate.
14. On the ribbon, on the Template tab, note that you can enable and disable, export, and even delete a template. 15. Click the Properties icon.
16. In the Properties dialog box, note that the Hardware and OS Configuration pages no longer point to the profiles created earlier, but are the full settings that you placed in the profiles. Note the additional pages that are available. Notice that you can create custom Properties, and on the Settings page, assign self-service Quota points. 17. Notice also on the Dependencies page that the template is dependent on the Blank Disk – Small.vhdx virtual hard disk that you selected earlier. Notice also that there are no validation errors and that on the Access page, you can assign other self-service users and roles. 18. Click the Cancel button. 19. Close the Virtual Machine Manager console.
MCT USE ONLY. STUDENT USE PROHIBITED
L11-91
Module 11: Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
Lab: Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager Exercise 1: Creating a Private Cloud
Task 1: Review the scenario and the email from Ed Meadows, and then answer the questions Review the scenario and the email from Ed Meadows, and then answer the following questions: 1.
How many private clouds do you need to create?
Answer: You will need to create two private clouds: one for the Development department, and the other for the Research department. 2.
How many user roles should you create?
Answer: You should create two user roles: one for the Development department, and the other for the Research department. 3.
How will you fulfill the requirement to ensure that the resources are not overwhelmed? Answer: You must use the Quotas for the named cloud settings.
Task 2: Create the Development private cloud 1.
Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.
2.
When the LON-VMM1 desktop displays, on the taskbar, click the Virtual Machine Manager Console icon.
3.
On the Connect to Server page, click Connect.
4.
In Microsoft System Center 2012 R2 Virtual Machine Manager (VMM), in the Virtual Machine Manager console, in the Workspace area, on the lower left, click VMs and Services.
5.
On the ribbon, click the Create Cloud button. This will bring up the Create Cloud Wizard.
6.
In the Create Cloud Wizard, on the General page, in the Name text box, type DevCloud, in the Description text box, type Cloud for the Development Department, and then click Next.
7.
On the Resources page, in the Select the resources for this cloud area, select the LocalGroup check box, and then click Next.
8.
On the Logical Networks page, note the logical networks that are available. In the Logical networks pane, select the External Network check box, and then click Next.
9.
On the Load Balancers page, click Next.
10. On the VIP Templates page, click Next.
11. On the Port Classifications page, select the following check boxes, and then click Next: Host management, Guest Dynamic IP, Medium bandwidth, Low bandwidth and High bandwidth
12. On the Storage page, in the Storage classifications pane, select the Local Storage check box, and then click Next. 13. On the Library page, click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
L11-92 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
14. On the Capacity page, clear the Memory (GB): check box, and then in the Assigned Capacity text box, type 8. Clear the Storage (GB) check box, and then in the Assigned Capacity text box, type 1000. Clear the Virtual machines check box, in the Assigned Capacity text box type 3, and then click Next. 15. On the Capability Profiles page, select the Hyper-V check box, and then click Next. 16. On the Summary page, click Finish. 17. When the Jobs window displays, wait for it to finish the Create new Cloud task, and then close this window. 18. In the console tree, under VMs and Services, under the Clouds node, click DevCloud.
19. On the ribbon, click the Overview button. Review the Cloud summary in the details pane, and verify that it contains the capacity values that you just changed.
Task 3: Create the Research private cloud 1.
In the Virtual Machine Manager console, in the Workspace area, on the lower left, click VMs and Services.
2.
On the ribbon, click Create Cloud. This will bring up the Create Cloud Wizard.
3.
In the Create Cloud Wizard, on the General page, in the Name text box, type ResCloud, in the Description text box, type Cloud for the Research Department, and then click Next.
4.
On the Resources page, in the Select the resources for this cloud area, select the LocalGroup check box, and then click Next.
5.
On the Logical Networks page, In the Logical networks pane, select the External Network check box, and then click Next.
6.
On the Load Balancers page, click Next.
7.
On the VIP Templates page, click Next.
8.
On the Port Classifications page, select the following check boxes, and then click Next: Host management, Guest Dynamic IP, Medium bandwidth, Low bandwidth and High bandwidth.
9.
On the Storage page, in the Storage classifications pane, select the Local Storage check box, and then click Next.
10. On the Library page, click Next.
11. On the Capacity page, clear the Virtual CPUs: check box, and then in the Assigned Capacity text box, type 2. Clear the Memory (GB) check box, and then in the Assigned Capacity text box, type 8. Clear the Storage (GB) check box, and then in the Assigned Capacity text box, type 1000. Clear the Virtual machines check box, in the Assigned Capacity text box, type 3, and then click Next. 12. On the Capability Profiles page, select the Hyper-V check box, and then click Next. 13. On the Summary page, at the bottom of the page, click the Finish button.
14. When the Jobs window displays, wait for the Create New Cloud task to finish, and then click Close.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L11-93
15. In the console tree, under VMs and Services, under the Clouds node, click ResCloud. On the ribbon, click the Overview button. 16. In the details pane, in the Cloud summary area, verify that the values for ResCloud contain the capacity values that you changed.
Results: After completing this exercise, you should have created a private cloud based in a host group, and you should have reviewed its properties.
Exercise 2: Working With User Roles Task 1: Create the Development department user role 1.
In the Virtual Machine Manager console, in the workspace area in the lower left, click Settings.
2.
In the Settings console tree, expand the Security node, and then click User Roles.
3.
On the Home tab, click the Create User Role button.
4.
In the Create User Role Wizard, on the Name and description page, in the Name text box, type DevRole, in the Description text box, type User role created for the Development Department, and then click Next.
5.
On the Profile page, select the Application Administrator (Self-Service User) radio button, and then click Next.
6.
On the Members page, click the Add button.
7.
In the Select Users, Computers, or Groups pop-up, in the Enter the object names to select (examples) text box, type Development, and then click OK.
8.
Verify that on the Members page, in the Members window pane, ADATUM\Development displays, and then click Next.
9.
On the Scope page, in the Scope: pane, select the DevCloud check box, and then click Next.
10. On the Quotas for the DevCloud cloud page, at the bottom of the page, in the Member level quotas section, in the Virtual Machines row, clear the Use Maximum column check box. In the Assigned Quota column, type 1, and then click Next. 11. On the Networking page, click the Add button.
12. In the Select VM Networks pop-up, select the External network, click OK, and then, click Next. 13. On the Resources page, at the bottom of the page, in the Specify user role data path, click the Browse button.
14. In the Select Destination Folder pop-up, click the MSSCVMMLibrary node, click OK, and then click Next. 15. On the Permissions page, in the Select the permitted actions for this user role section, under the Name column, select all of the check boxes, clear the Receive and Share check boxes, and then click Next. 16. On the Run As accounts page, click Next.
17. On the Summary page, in the Confirm the settings section, review the selections, and then click Finish. 18. When the Jobs pop-up window displays, wait for all of the jobs to complete, and then close the window.
MCT USE ONLY. STUDENT USE PROHIBITED
L11-94 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
19. In the Settings console tree, in the Security node, under User Roles, in the User Roles details pane, click the DevRole object. On the ribbon, click the Properties button. 20. In the DevRole Properties dialog box, review the various properties, and then click Cancel.
Task 2: Create the Research department user role 1.
In the Virtual Machine Manager console, in the workspace area, in the lower left, click Settings.
2.
In the Settings console tree, expand the Security node, and then click User Roles.
3.
On the Home tab, click Create User Role.
4.
In the Create User Role Wizard, on the Name and description page, in the Name text box, type ResearchRole, in the Description text box, type User role created for the Research Department, and then click Next.
5.
On the Profile page, verify that the Application Administrator (Self-Service User) radio button is selected, and then click Next.
6.
On the Members page, click the Add button.
7.
In the Select Users, Computers, or Groups pop-up, in the Enter the object names to select (examples) text box, type Research, and then click OK.
8.
On the Members page, in the Members pane, verify that ADATUM\Research displays, and then click Next.
9.
On the Scope page, in the Scope pane, select the ResCloud check box, and then click Next.
10. On the Quotas for the ResCloud cloud page, in the Member level quotas section, in the Virtual Machines: row, clear the Use Maximum column check box, in the Assigned Quota column, type 1, and then click Next. 11. On the Networking page, click Add. 12. In the Select VM Networks pop-up, click External network, click OK, and then click Next. 13. On the Resources page, click the Browse button.
14. In the Select Destination Folder pop-up, click the Host1Library node, click OK, and then click Next. 15. On the Permissions page, in the Select the permitted actions for this user role section, under the Name column, select all the check boxes, clear the Receive and Share check boxes, and then click Next. 16. On the Run As accounts page, click Next.
17. On the Summary page, observe the Confirm the settings section, review the selections, and then click Finish.
18. When the Jobs pop-up window displays, wait for all the jobs to complete and then close the window. 19. In the Settings console tree, in the Security node, under User Roles, verify that the ResearchRole object displays in the User Roles details pane. Click ResearchRole, and then on the ribbon, click the Properties button.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L11-95
20. In the ResearchRole Properties dialog box, review the various properties, and then click Cancel.
Results: After completing this exercise, you should have created several user roles, explored different configuration options, and then connected VMM as a member of different roles to confirm which actions they can perform.
Exercise 3: Deploying Virtual Machines to a Private Cloud Task 1: Use the Virtual Machine Manager console on LON-CL1 to create virtual machines as a Development department User 1.
Sign in to LON-CL1 as adatum\ben with a password of Pa$$w0rd. (You may have to wait a moment while the user’s profile is created.)
2.
On the Start screen, move the mouse pointer directly under the Desktop tile. When a round white circle with a white down arrow in it displays, click it.
3.
In the Apps by name start screen, scroll to the right until you see the Microsoft System Center 2012 tile area. Select and then right-click the Virtual Machine Manager Console tile. In the Command bar at the bottom of the page, click Pin to Taskbar.
4.
On the keyboard, tap the Windows key.
5.
On the Start screen page, click the Desktop tile.
6.
On the desktop, on the taskbar click the Virtual Machine Manager Console icon.
7.
In the Connect to Server pop-up, in the Server name text box, type LON-VMM1.adatum.com:8100, and then click Connect.
8.
When the Virtual Machine Manager console displays, maximize it, if it is not already maximized.
9.
Note that throughout the console, the objects available to select are very different, or are missing entirely. This is because Ben is only an Application Administrator.
10. In the Workspace area, in the lower left, click VMs and Services, expand Clouds, and then click DevCloud.
11. In the Virtual Machine Manager console, on the ribbon click the Create Virtual Machine button, and then select Create Virtual Machine from the menu. 12. In the Create Virtual Machine Wizard, on the Select Source page, select the Create the new virtual machine with a blank virtual hard disk radio button, and then, click Next. 13. On the Identity page, in the Virtual machine name text box, type 1stDevCloudVM. In the description text box, type First virtual machine in the DevCloud, and then click Next.
14. On the Configure Hardware page, in the Compatibility section, select the Hyper-V check box, and then click Next. 15. On the Select Destinations page, accept the default Deploy the virtual machine to a private cloud radio button, and then click Next. 16. On the Select Cloud page, wait a moment for VMM to select a destination. Using the mouse, highlight DevCloud, and then click Next. 17. On the Add Properties page, click Next.
18. On the Summary page, click the Create button. 19. When the job starts, notice that there are multiple steps to create the virtual machine. 20. When the Jobs pop-up window displays, wait until the last job completes, and then close the Jobs pop-up. 21. In the console tree, under VMs and Services, under Clouds, under DevCloud, in the VM’s details pane, verify that 1stDevCloudVM is the only virtual machine on this host. 22. Attempt to make another virtual machine, using the steps above, but change the name to 2ndDevCloudVM and the description to Second virtual machine in the DevCloud. 23. When you reach the Select Cloud page in the Create Virtual Machine Wizard, the task will fail.
MCT USE ONLY. STUDENT USE PROHIBITED
L11-96 Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager
24. Review the Details area below. Click the Ratings Explanation tab, and note the line that says, “The operation results in a violation of the virtual machine count quota for the private cloud.” 25. Click the Cancel button. In the Create Virtual Machine Wizard pop-up, click Yes.
26. With the DevCloud selected, right-click 1stDevCloudVM, and then click Delete. In the confirmation pop-up, click Yes. 27. Close the Virtual Machine Manager console. 28. Sign out of LON-CL1.
Task 2: Use the Virtual Machine Manager console on LON-CL1 to create virtual machines as a Research department user 1.
Sign in to LON-CL1 as adatum\hani with a password of Pa$$w0rd. You may have to wait a moment while the user’s profile is created.
2.
On the Start screen, move the mouse pointer directly under the Desktop tile. When a round white circle with a white down arrow in it displays, click it.
3.
In the Apps by name start screen, scroll to the right until you see the Microsoft System Center 2012 tile area. Select and then right-click the Virtual Machine Manager console tile. In the Command bar at the bottom of the page, click Pin to Taskbar.
4.
On the keyboard, tap the Windows key.
5.
On the Start screen page, click the Desktop tile.
6.
On the desktop, on the taskbar click the Virtual Machine Manager Console icon.
7.
In the Connect to Server pop-up, in the Server name text box, type LON-VMM1.adatum.com:8100, and then click Connect.
8.
When the Virtual Machine Manager console displays, maximize it, if it is not already maximized.
9.
Note that in the Virtual Machine Manager console, the objects available to select are very different, or missing entirely. That is because Hani is only an Application Administrator.
10. In the Workspace area in the lower left, click VMs and Services, expand Clouds, and select ResCloud.
11. In the VMM console, on the ribbon, click the Create Virtual Machine button and then select Create Virtual Machine from the menu. 12. In the Create Virtual Machine Wizard, on the Select Source page, select the Create the new virtual machine with a blank virtual hard disk radio button, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L11-97
13. On the Identity page, in the Virtual machine name text box, type 1stResCloudVM. In the description text box, type First virtual machine in the ResCloud, and then click Next.
14. On the Configure Hardware page, in the Compatibility section, select the Hyper-V check box, and then click Next. 15. On the Select Destinations page, accept the default Deploy the virtual machine to a private cloud radio button, and then click Next.
16. On the Select Cloud page, give VMM a moment to select a destination. Using the mouse, highlight ResCloud, and then click Next. 17. On the Add Properties page, click Next. 18. On the Summary page, click the Create button.
19. When the Jobs pop-up window displays, wait for the job to complete, and then close the Jobs pop-up window. 20. In the console tree, under VMs and Services, under Clouds, and under ResCloud, in the VM’s details pane, verify that 1stResCloudVM is the only virtual machine on this host. 21. Attempt to make another virtual machine, using the steps above, but change the name to 2ndResCloudVM and the description to Second virtual machine in the ResCloud.
22. When you reach the Select Cloud page in the Create Virtual Machine Wizard, the task will fail. Review the Details area on this page, and click the Ratings Explanation tab. Note the line that says, “The operation results in a violation of the virtual machine count quota for the private cloud.” 23. Click the Cancel button. In the Create Virtual Machine Wizard pop-up, click Yes.
24. With ResCloud selected, right-click 1stResCloudVM, and then click Delete. When the confirmation pop-up displays, click Yes. 25. Close the Virtual Machine Manager console. 26. Sign out of LON-CL1.
Results: After completing this exercise, you should have used the VMM console to create virtual machines as a Development department user, and as a research department user.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L12-99
Module 12: Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
Lab: Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller Exercise 1: Creating a Service Template
Task 1: Open the Virtual Machine Manager Service Template Designer with a new service template 1.
Sign in to LON-VMM1 as adatum\administrator with the password Pa$$w0rd.
2.
On the desktop, on the taskbar, click the Virtual Machine Manage Console icon.
3.
On the Connect to Server page, click Connect.
4.
In Microsoft System Center 2012 R2 Virtual Machine Manager (VMM), in the Virtual Machine Manager console, on the lower left, click the Library workspace.
5.
On the ribbon, on the Home tab, click Create Service Template.
6.
In the New Service Template dialog box, in the Name field, type Lab 12 Service Template, and then in the Release text box, type 1. In the Patterns section, click Single Machine, and then click OK.
7.
In the Virtual Machine Manager Service Template Designer console, note the name selected. Note that Lab 12 Service Template is part of the overall name, because this is what you are currently designing, and the numeral 1 is the release version.
8.
Note the Designer canvas area, which is the central part of the console. Note that this part of the console has the various blocks connected to each other. The text that appears dimmed, highlighted with a large down arrow, gives advice on how you can drag-and-drop various virtual machine templates into the designer. You can do this either in the blank canvas area to make a new tier or onto the existing template to replace its tier.
Task 2: Use the Service Template Designer to modify a single tier virtual machine 1.
In the Virtual Machine Manager Service Template Designer, click the Single Tier box, highlighted with a red circle with an exclamation mark. Note the text below that explains why it has this warning, which is because the template does not include a virtual hard disk or virtual machine network.
2.
Right-click the Single Tier name text and then from the drop-down list box, click Properties.
3.
In the Single Tier properties dialog box, configure the various pages in the properties, as follows: a.
On the General page, in the Name text window, type Lab12ServiceVM. Provide the name and description; prevent the virtual machine from migrating automatically; allow it to be scaled out; and create and availability set for the tier.
b.
On the Hardware Configuration page, use the following settings: i.
In the Compatibility section, select the Hyper-V check box.
ii.
In the console tree, directly under Bus Configuration, click IDE Devices. Click the green plus sign entitled New, click Disk, and then in the Virtual Hard Disk details area, click Browse.
MCT USE ONLY. STUDENT USE PROHIBITED
L12-100 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
iii.
In the Select a virtual hard disk pop-up dialog box, click SmallCore.vhd, and then click OK.
iv.
In the Hardware Configuration console tree, scroll down, and then in the Network Adapters section, click Network Adapt… Not connected.
v.
In the Network Adapter 1 (Legacy) details pane, click the Connected to a VM network option, and then click Browse.
vi.
In the pop-up window, click External Network, and then click OK.
Use the Hardware page to set the various hardware configurations that you would configure for any new virtual machine in the VMM console. c.
On the OS Configuration page, in the Operating system drop-down list, click 64-bit edition of Windows Server 2012 Standard. Note that you can configure the name of the computer, the local administrator password, the product key, and a time zone. Note the Roles and Features area. Add roles and features here that can be run on a Windows Server. Also, note that you can join a domain, and that it shows you are in a workgroup currently. Note the Scripts area, where you can provide Answer File and even Run Once commands.
d.
On the Application Configuration page, note that the Application profile list has three sections under it: OS Compatibility, Applications, and Scripts. In the Compatible operating systems available details pane, in the OS Compatibility area, note that you can select none, one, some, or all check boxes. Select the 64-bit edition of Windows Server 2012 Standard check box. In the console tree of the Application Configuration page, click Applications. In the Application profile list at the top of the page, click None – do not install any applications. Note that clicking this make all previously viewed items on the page appear dimmed. You use the Application Configuration page to add applications and scripts that will run on the virtual machine.
e.
On the SQL Server Configuration page, note that by default, the SQL Server profile list is set to None – no SQL Server configuration settings.
f.
On the Custom Properties page, note that you can add various custom properties.
g.
On the Settings page, note that you can specify the number of points to apply towards an owner’s virtual machine quota, when a virtual machine is assigned to a self-service user.
h.
On the Dependencies page, because this is a default template, note that no dependencies have been found.
i.
On the Validation Errors page, note that any errors would be listed.
j.
At the bottom of the Single Tier Properties dialog box, click OK.
4.
In the Service Template Designer canvas area, use the mouse to drag the External Network box down beside the NIC 1 box.
5.
Do not close the VMM Service Template Designer.
Results: After completing this exercise, you should have created a service template by using the Service Template Designer.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L12-101
Exercise 2: Deploying a Service and Updating a Service Template Task 1: Deploy the service 1.
In the Service Template Designer, on the Home tab, click the Save and Validate icon, and then click the Configure Deployment icon next to it.
2.
In the Select name and destination pop-up dialog box, in the Name text box, type Lab 12 Service, in the Destination drop-down list box, ensure that DevCloud is selected, and then click OK.
3.
When the Deploy Service – Lab 12 Service console displays, if you see a pink shaded area in the middle of the screen that indicates that it could not find a host, then click Refresh Preview on the ribbon.
4.
Verify that the Designer pane in the center window shows that the service starts in DevCloud. Under the Service Tier icon, click the random name, and then in the bottom center window, in the VM name and Computer Name boxes, type Lab12ServiceVM.
5.
On the ribbon, click the Deploy Service icon.
6.
In the Deploy service pop-up window, click Deploy.
7.
In the Jobs window, verify that the Create Service Instance job displays and is running. This will take approximately 30 minutes to complete.
8.
When the job completes, close the Jobs window.
9.
In the VMs and Services workspace, in the VMs and Services console tree, expand Clouds, and then select DevCloud.
10. In the ribbon, in the Show tab, select VMs. In the VMs details pane, note that the Lab12ServiceVM virtual machine is running, and then leave it running.
Task 2: Create an update for the service template 1.
In the Virtual Machine Manager console, open the Library workspace.
2.
In the console tree, expand Templates, and then click Service Templates.
3.
In the Templates details pane, right-click the Lab 12 Service Template service template, and then click Properties.
4.
On the Lab 12 Service Template Properties page, click the Access page in the console tree, and then in the Access details pane, click Add.
5.
In the Select Users pop-up, select the DevRole check box, and then click OK twice.
Note: Due to the ongoing creation of the Lab12ServiceVM virtual machine from Task 1 above, step 5 may take longer than expected or fail. If that happens, you cannot run Exercise 4, Task 1.
Task 3: Update the service template 1.
In the VMs and Service workspace, on the Home tab, click Services.
2.
In the Services details pane, click Lab 12 Service Template. You may have to expand the size of the Template Name column to see the full name of the items listed.
3.
On the Service tab of the ribbon, click Set Template.
MCT USE ONLY. STUDENT USE PROHIBITED
L12-102 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
4.
In the Change Service Template for Lab 12 Service window, on the Updated Service Template page, under Select how to update the service, click Replace the current template with an updated template for the service, and then click Browse.
5.
In the Select a Service Template Wizard, click Lab 12 Service Template, Release 1, click OK, and then click Next.
6.
In the Settings page, verify that No settings to configure displays, and then click Next.
7.
On the Update Method page, in the drop-down list box, ensure that Apply updates to existing virtual machines in-place is selected, and then click Next.
8.
On the Updates review page, select the Apply the updates to the service immediately after this wizard completes check box, and then click Next.
9.
On the Summary page, click Finish.
10. When the Jobs window displays, wait until the servicing job completes, and then close the Jobs window.
Results: After completing this exercise, you should have configured service deployment, and then deployed the service. You also should have modified the template, and then updated the service.
Exercise 3: Configuring App Controller Task 1: Connect App Controller to VMM 1.
On LON-VMM1, click to the Start screen, and then click App Controller.
2.
In Windows Internet Explorer, on the App Controller sign-in webpage, type Adatum\Administrator as the User name and Pa$$w0rd as the Password, and then click Sign In.
3.
On the Overview page, under Private Clouds, click Connect a Virtual Machine.
4.
On the Add a new VMM connection page, provide the following settings, and then click OK:
5.
o
Connection name: Adatum
o
Server name: LON-VMM1.adatum.com
Verify that the App Controller webpage loads with data displaying under the Private Clouds section.
Task 2: Load App Controller on LON-CL1 1.
Sign in to LON-CL1 as adatum\administrator with the password Pa$$w0rd.
2.
On the Start screen, click the Desktop tile.
3.
In the Taskbar, click the File Explorer icon.
4.
In File Explorer, right-click This PC in the console tree, and then select Properties.
5.
In the console tree of the System window, click Remote settings.
6.
In System Properties, ensure that you are in the Remote tab, and then in the Remote tab, click the Select Users button.
7.
In the Remote Desktop Users pop-up window, click the Add button.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L12-103
8.
In the Select Users and Groups pop-up window, in the text box, type adatum\ben; adatum\hani, and then click the Check names button.
9.
In the Multiple Names Found pop-up window, select Ben Martens, and then click OK four times.
10. Close the System window, and then sign out of LON-CL1. 11. Sign in to LON-CL1 as adatum\ben with the password Pa$$w0rd.
12. On the Start screen, click the Desktop tile, and then on the taskbar, click the Internet Explorer icon. 13. Maximize the Internet Explorer window, and in the address bar, type https://lon-vmm1.adatum.com/and then press Enter. 14. In the There is a problem with this websites security certificate, click the Continue to this website hyperlink.
15. On the bar on the bottom that specifies Microsoft Silverlight is not compatible, click Run Control, and then click Continue to this website.
16. On the App Controller web portal page, in the User name text box, type adatum\ben, and in the Password text box, type Pa$$w0rd, and then click Sign In.
Task 3: Explore the functionality of the App Controller web page 1.
On the App Controller Overview web portal page, in the Status area, under Private Clouds, click the 1 Virtual Machine Manager cloud hyperlink.
2.
In the Clouds area of the console tree, verify that DevCloud displays.
3.
Click the Internet Explorer back arrow.
4.
On the App Controller Overview web portal page, in the Status area, under Private Clouds, click the X (where X is a number 0-n) Virtual Machine hyperlink.
5.
If a virtual machine exists, perform the following steps: a.
Write down the name of the virtual machine.
b.
Return to LON-VMM1.
c.
In the VMM manager console, remain signed on as Adatum\administrator, and then click the VM and Services workspace.
d.
In the VMs details pane, find and right-click the virtual machine from step a.
e.
Click Delete, and then click Yes two times in the Virtual Machine Manager pop-up windows.
f.
Return to LON-CL1, where you are signed on as Adatum\Ben.
g.
In the Virtual Machines detail pane of App Controller, click the Refresh icon, which is highlighted with a green circular arrow. The virtual machine should not appear in the list.
6.
In the console tree, click the Library node. Review the additional console tree that now displays in the middle of the screen. Verify that the details pane to the right displays the Lab 12 Service Template that you created in Exercise 1.
7.
In the main console tree, click the Jobs item that shows the different jobs that have been run in the App Controller. If no jobs have been performed, the details pane will be empty.
8.
Do not close or sign out of the App Controller page.
Results: After completing this exercise, you should have configured App Controller to connect to a private cloud.
Exercise 4: Deploying a Virtual Machine in App Controller Task 1: Deploy the Lab 12 Service Template
MCT USE ONLY. STUDENT USE PROHIBITED
L12-104 Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller
1.
On the App Controller Overview web portal page, in the console tree, click Library.
2.
In the middle console tree that appears, click the Templates node. In the details pane to the right, right-click Lab 12 Service Template, and in the drop-down list box, click Deploy.
3.
In the New Deployment design view window, in the Cloud box, click the Configure hyperlink.
4.
In the Select a cloud for this deployment window, notice that DevCloud is the only cloud to display, and then click OK.
5.
Notice that in the design view, two more boxes are added: Service, and Machine Tier with an Instance box in it. Note that both the Service and Instance box have a Configure hyperlink. In the Service box, click the Configure hyperlink.
6.
In the Properties of Lab 12 Service Template window, in the Service name box, type AppCServiceDevCloud, and then click OK.
7.
In the Instance box, click the Configure hyperlink.
8.
In the Properties of new virtual machine window, note that you cannot change the virtual machine name, and then click OK. The computer name will be generated randomly.
9.
In the New Deployment window, in the lower-right corner, click Deploy. Click the VMM service deployment started hyperlink
10. In the Jobs node, wait for the job to finish. It may take approximately 15 to 20 minutes to finish the deployment. If the service instance takes longer than 15 minutes, switch to the host machine that is hosting the new service, and then in the Hyper-V console, view the virtual machine. 11. While you are waiting for the job to finish, open the LON-VMM1 virtual machine, and then in the VMM console, click the Jobs workspace.
12. In the console tree, click the Running node. Verify that you see a Create Service Instance that is running. Because this job takes a long time to finish, do not wait for it to finish, but proceed to the next step.
13. Switch back to LON-CL1, and in the App Controller console tree, click the Virtual Machines node. After several minutes, you will see a new virtual machine with a name of a long string of letters and numbers, which is the randomly generated name. Verify that the virtual machine has a status of Running. 14. On the App Controller web portal page, on the upper right, click the Sign out hyperlink. 15. Close Internet Explorer, and then sign out of LON-CL1. 16. On LON-VMM1, close all open windows, and then sign out of LON-VMM1.
Results: After completing this exercise, you should have deployed a virtual machine by using App Controller.
MCT USE ONLY. STUDENT USE PROHIBITED
L13-105
Module 13: Protecting and Monitoring Virtualization Infrastructure
Lab: Monitoring and Reporting Virtualization Infrastructure Exercise 1: Implementing Microsoft System Center 2012 R2 Operations Manager Agents Task 1: Deploy Operations Manager agents using the Operations console 1.
On LON-OM1, from the taskbar, click the Operations Manager console icon.
2.
In the Operations console, click the Administration workspace, and then above the Monitoring workspace, click Discovery Wizard.
3.
In the Computer and Device Management Wizard, on the Discovery Type page, ensure that Windows computers is selected, and then click Next.
4.
On the Auto or Advanced page, click Advanced Discovery, and then click Next.
5.
On the Discovery Method page, click Browse for, or type-in computer names, in Computer names text box, type LON-HOST1.adatum.com, and then click Next.
6.
On the Administrator Account page, click Discover. It may take up to 20 minutes for discovery to occur.
7.
On the Select Objects to Manage page, click LON-HOST1.adatum.com, and then click Next.
8.
On the Summary page, click Finish.
9.
Wait for the task to complete successfully, and then click Close.
Task 2: Deploy Operations Manager agents manually 1.
On LON-OM1, in the Operations console, click the Administration workspace.
2.
In the Administration navigation pane, click Settings, right-click Security, and then click Properties.
3.
In the Properties dialog box, click Review new manual agent installations in pending management view, and then click OK.
4.
Switch to LON-VMM1.
5.
On LON-VMM1, right-click the Start hint, and then click Run.
6.
In the Open text box, type the following address, and then click OK: \\lon-om1\c$\Program Files\Microsoft System Center 2012 R2\Operations Manager \Server\AgentManagement\amd64\momagent.msi
7.
In the Microsoft Monitoring Agent Setup Wizard, on the Welcome page, click Next.
8.
On the Notice page, click I Agree.
9.
On the Destination folder page, click Next.
10. On the Agent Setup Options page, review the options, and then click Next.
11. On the Management Group Configuration page, in the Management Group Name text box, type Adatum, in the Management Server text box, type LON-OM1, and then click Next.
12. On the Agent Action Account page, click Next. 13. On the Microsoft Update page, click Next. 14. On the Ready to Install page, click Install. 15. When the agent finishes installing, click Finish. 16. Switch to LON-OM1.
MCT USE ONLY. STUDENT USE PROHIBITED
L13-106 Protecting and Monitoring Virtualization Infrastructure
17. On LON-OM1, in the Operations Manager console, in the Administration workspace, under Device Management, click Pending Management. 18. Click LON-VMM1.adatum.com, and then click Approve. 19. In the Manual Agent Install window, read the information, and then click Approve.
Results: After completing this exercise, you should have deployed Operations Manager agents to a virtualization host and to a virtual machine.
Exercise 2: Configuring Operations Manager Monitoring Components Task 1: Configure notifications 1.
In the Operations Manager console, click the Administration workspace, and under Notifications, click Channels.
2.
In the Task pane, click New, and then click Email (SMTP).
3.
In the E-mail Notification Channel window, on the Description page, click Next to accept the default channel name and description.
4.
On the Settings page, click Add.
5.
In the Add SMTP Server window, enter the following information, and then click OK: o
SMTP server (FQDN): smtp.adatum.com
o
Port number: 25
o
Authentication method: Anonymous
6.
On the Settings page, in the Return address text box, type
[email protected], and then click Next.
7.
On the Format page, click Finish to accept the default message format.
8.
After the channel saves, click Close.
9.
In the Operations Manager console, in the Administration workspace, under Notifications, click Subscribers.
10. In the Task pane, click New. 11. In the Notification Subscriber Wizard, on the Description page, in the Subscriber Name text box, type Administrator, and then click Next. 12. On the Schedule page, click Always send notifications, and then click Next. 13. On the Addresses page, click Add to create a new subscriber address.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L13-107
14. In the Subscriber Address Wizard, on the General page, in the Address name text box, type Work E-mail, and then click Next. 15. On the Channel page, in the Channel Type box, click E-mail (SMTP).
16. In the Delivery address for the selected channel text box, type
[email protected], and then click Next. 17. On the Schedule page, click Always send notifications. Click Finish twice, and then click Close.
18. In the Operations Manager console, in the Administration workspace, under Notifications, click Subscriptions. 19. In the Task pane, click New.
20. In the Notification Subscription Wizard, on the Description page, in the Subscription name text box, type Windows Server 2012 R2 notifications, and then click Next. 21. On the Criteria page, in the Conditions area, select the raised by any instance in a specific group check box. 22. In the Criteria description area, click specific. 23. In the Group Search window, in the Filter by text box, type 2012, and then click Search. 24. Click Windows Server 2012 Computer Group, click Add, and then click OK. 25. On the Criteria page, click Next. 26. On the Subscribers page, click Add.
27. In the Subscriber Search window, click Search, click Administrator, click Add, and then click OK. 28. On the Subscribers page, click Next. 29. On the Channels page, click Add. 30. In the Channel Search window, click Search, click SMTP Channel, click Add, and then click OK.
31. On the Channels page, click Delay sending notifications if conditions remain unchanged for longer than (in minutes), type 10, and then click Next. 32. On the Summary page, click Finish. 33. Click Close. 34. Close the Operations Manager console.
Results: After completing this exercise, you should have deployed and configured monitoring components including management packs, notifications, and reports.
Exercise 3: Configuring Operations Manager Integration with System Center 2012 R2 Virtual Machine Manager (VMM) Task 1: Integrate Operations Manager and VMM 1.
On LON-VMM1, on the desktop, on the taskbar, click the File Explorer icon.
2.
In File Explorer, expand drive D, expand SCOM, and then double-click setup.exe.
3.
In the Operations Manager window, click Install.
MCT USE ONLY. STUDENT USE PROHIBITED
L13-108 Protecting and Monitoring Virtualization Infrastructure
4.
On the Select features to install page, select the Operations console check box, and then click Next.
5.
On the Select installation location page, click Next.
6.
On the Proceed with Setup page click Next.
7.
On the License terms page, review the license, click I have read, understood and agree with the license terms, and then click Next.
8.
On the Help improve Operations Manager page, click No, I am not willing to participate for both Customer Experience Improvement Program and Error Reporting, and then click Next.
9.
On the Microsoft Update page, click Off, and then click Next.
10. On the Installation Summary page, click Install. 11. Clear the Start the Operations Manager console when the wizard closes check box, and then click Close. 12. Close all open windows. 13. On LON-VMM1, launch the VMM console. 14. In the Connect to Server dialog box, click Connect. 15. Click the Settings workspace, in the navigation pane, click System Center Settings, right-click Operations Manager Server, and then click Properties. 16. In the Add Operations Manager Wizard, on the Introduction page, read the requirements for integration, and then click Next. 17. On the Connection to Operations Manager page, in the Server name text box, type lon-om1.adatum.com, review the options, leave the defaults, and then click Next. 18. On the Connection to VMM page, in the User name text box, type adatum\scservice, in the Password text box, type Pa$$w0rd, and then click Next. 19. On the Summary page, click Finish.
20. In the Jobs window, click New Operations Manager connection, and wait for the job to complete. This takes approximately ten minutes. 21. When the job completes, close the Jobs window.
Task 2: Test Performance and Resource Optimization PRO) integration 1.
In the VMM console, click the Settings workspace, in the navigation pane, click System Center Settings, right-click Operations Manager Server, and then click Properties.
2.
In the Add Operations Manager Wizard, on the Connection Details page, under the Diagnostics section, click Test PRO.
3.
When the Test PRO Tips window displays, click OK to close the window, and then click OK again.
4.
In the PRO window, click the PRO Diagnostics alert, review the information, and then close the PRO window.
5.
In the VMM console, click the JOBS workspace, click the PRO diagnostics job, and monitor the progress of the job. The expected status is completed.
MCT USE ONLY. STUDENT USE PROHIBITED
Server Virtualization with Windows Server Hyper-V® and System Center L13-109
Task 3: Work with virtualization reports 1.
On LON-OM1, click the Operations Manager console on the taskbar. In the Operations Manager console, click the Reporting workspace, and then in the Reporting navigation pane, click Microsoft System Center Virtual Machine Manager 2012 R2 Reports.
2.
In the right pane, right-click Host Utilization, and then click Open.
3.
Expand the report window.
4.
Review the From and To criteria, which should be First day of this month – Today and the current time and time zone. On the right, click Add Group. In the Group Name drop-down list box, ensure Contains is selected, in the Filter text box, type all hosts, and then click Search.
5.
Under the Available items section, click All Hosts, click Add, and then click OK.
6.
On the top left, click Run.
7.
When the report finishes loading, click and expand the Description, and then review the report.
8.
In the report, click File, review the export options, and then click Close.
Task 4: Perform advanced monitoring: Fabric dashboard and cloud health 1.
In the Operations Manager console, click the Monitoring workspace.
2.
In the Monitoring navigation pane, expand Microsoft System Center Virtual Machine Manager, expand Cloud Health Dashboard, and then click Cloud Health.
3.
Review the state and details of the DevCloud, then in the navigation pane, click Fabric Health Dashboard,
4.
Review the Fabric Health Dashboard.
5.
Close the dashboard, and then close the Operations console.
Results: After completing this exercise, you should have configured the integration of Operations Manager with VMM. You should have installed the Operations Manager console, imported management packs, and verified the effects of the integration.
MCT USE ONLY. STUDENT USE PROHIBITED