20409B-ENU-TrainerHandbook

December 19, 2017 | Author: Bruno Martim Pereiro Romão | Category: Hyper V, Virtualization, License, Copyright, Computing
Share Embed Donate


Short Description

Hyper-V...

Description

M I C R O S O F T

20409B

L E A R N I N G

P R O D U C T

MCT USE ONLY. STUDENT USE PROHIBITED

O F F I C I A L

Server Virtualization with Windows Server Hyper-V® and System Center

Server Virtualization with Windows Server Hyper-V® and System Center

MCT USE ONLY. STUDENT USE PROHIBITED

ii

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. © 2014 Microsoft Corporation. All rights reserved. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty /Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.

Product Number: 20409B Part Number: X19-32457 Released: 02/2014

MCT USE ONLY. STUDENT USE PROHIBITED

MICROSOFT LICENSE TERMS MICROSOFT INSTRUCTOR-LED COURSEWARE

These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which includes the media on which you received it, if any. These license terms also apply to Trainer Content and any updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms apply. BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT. If you comply with these license terms, you have the rights below for each license you acquire. 1.

DEFINITIONS.

a. “Authorized Learning Center” means a Microsoft IT Academy Program Member, Microsoft Learning Competency Member, or such other entity as Microsoft may designate from time to time.

b. “Authorized Training Session” means the instructor-led training class using Microsoft Instructor-Led Courseware conducted by a Trainer at or through an Authorized Learning Center. c.

“Classroom Device” means one (1) dedicated, secure computer that an Authorized Learning Center owns or controls that is located at an Authorized Learning Center’s training facilities that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware.

d. “End User” means an individual who is (i) duly enrolled in and attending an Authorized Training Session or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee. e. “Licensed Content” means the content accompanying this agreement which may include the Microsoft Instructor-Led Courseware or Trainer Content. f.

“Microsoft Certified Trainer” or “MCT” means an individual who is (i) engaged to teach a training session to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a Microsoft Certified Trainer under the Microsoft Certification Program.

g. “Microsoft Instructor-Led Courseware” means the Microsoft-branded instructor-led training course that educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware. h. “Microsoft IT Academy Program Member” means an active member of the Microsoft IT Academy Program. i.

“Microsoft Learning Competency Member” means an active member of the Microsoft Partner Network program in good standing that currently holds the Learning Competency status.

j.

“MOC” means the “Official Microsoft Learning Product” instructor-led courseware known as Microsoft Official Course that educates IT professionals and developers on Microsoft technologies.

k. “MPN Member” means an active Microsoft Partner Network program member in good standing.

MCT USE ONLY. STUDENT USE PROHIBITED

l.

“Personal Device” means one (1) personal computer, device, workstation or other digital electronic device that you personally own or control that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware.

m. “Private Training Session” means the instructor-led training classes provided by MPN Members for corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware. These classes are not advertised or promoted to the general public and class attendance is restricted to individuals employed by or contracted by the corporate customer. n. “Trainer” means (i) an academically accredited educator engaged by a Microsoft IT Academy Program Member to teach an Authorized Training Session, and/or (ii) a MCT.

o. “Trainer Content” means the trainer version of the Microsoft Instructor-Led Courseware and additional supplemental content designated solely for Trainers’ use to teach a training session using the Microsoft Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Prerelease course feedback form. To clarify, Trainer Content does not include any software, virtual hard disks or virtual machines. 2.

USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed Content.

2.1

Below are five separate sets of use rights. Only one set of rights apply to you.

a. If you are a Microsoft IT Academy Program Member: i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. ii. For each license you acquire on behalf of an End User or Trainer, you may either: 1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User who is enrolled in the Authorized Training Session, and only immediately prior to the commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or 2. provide one (1) End User with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or 3. provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content, provided you comply with the following: iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content, iv. you will ensure each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session, v. you will ensure that each End User provided with the hard-copy version of the Microsoft InstructorLed Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware, vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session,

MCT USE ONLY. STUDENT USE PROHIBITED

vii. you will only use qualified Trainers who have in-depth knowledge of and experience with the Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Authorized Training Sessions, viii. you will only deliver a maximum of 15 hours of training per week for each Authorized Training Session that uses a MOC title, and ix. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer resources for the Microsoft Instructor-Led Courseware.

b. If you are a Microsoft Learning Competency Member: i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. ii. For each license you acquire on behalf of an End User or Trainer, you may either: 1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Authorized Training Session and only immediately prior to the commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware provided, or 2. provide one (1) End User attending the Authorized Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft InstructorLed Courseware, or 3. you will provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content, provided you comply with the following: iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content, iv. you will ensure that each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session, v. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware, vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session, vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training Sessions, viii. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Authorized Training Sessions using MOC, ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and x. you will only provide access to the Trainer Content to Trainers.

MCT USE ONLY. STUDENT USE PROHIBITED

c.

If you are a MPN Member: i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. ii. For each license you acquire on behalf of an End User or Trainer, you may either: 1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Private Training Session, and only immediately prior to the commencement of the Private Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or 2. provide one (1) End User who is attending the Private Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or 3. you will provide one (1) Trainer who is teaching the Private Training Session with the unique redemption code and instructions on how they can access one (1) Trainer Content, provided you comply with the following: iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content, iv. you will ensure that each End User attending an Private Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session, v. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware, vi. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Private Training Session, vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training Sessions, viii. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Private Training Sessions using MOC, ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and x. you will only provide access to the Trainer Content to Trainers.

d. If you are an End User: For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for your personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you may access the Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to three (3) Personal Devices. You may also print one (1) copy of the Microsoft Instructor-Led Courseware. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. e. If you are a Trainer. i. For each license you acquire, you may install and use one (1) copy of the Trainer Content in the form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized Training Session or Private Training Session, and install one (1) additional copy on another Personal Device as a backup copy, which may be used only to reinstall the Trainer Content. You may not install or use a copy of the Trainer Content on a device you do not own or control. You may also print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training Session or Private Training Session.

MCT USE ONLY. STUDENT USE PROHIBITED

ii.

You may customize the written portions of the Trainer Content that are logically associated with instruction of a training session in accordance with the most recent version of the MCT agreement. If you elect to exercise the foregoing rights, you agree to comply with the following: (i) customizations may only be used for teaching Authorized Training Sessions and Private Training Sessions, and (ii) all customizations will comply with this agreement. For clarity, any use of “customize” refers only to changing the order of slides and content, and/or not using all the slides or content, it does not mean changing or modifying any slide or content.

2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not separate their components and install them on different devices.

2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any third parties without the express written permission of Microsoft. 2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included for your information only. 2.5 Additional Terms. Some Licensed Content may contain components with additional terms, conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also apply to your use of that respective component and supplements the terms described in this agreement. 3.

LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Content’s subject matter is based on a pre-release version of Microsoft technology (“Pre-release”), then in addition to the other provisions in this agreement, these terms also apply:

a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of the Microsoft technology. The technology may not work the way a final version of the technology will and we may change the technology for the final version. We also may not release a final version. Licensed Content based on the final version of the technology may not contain the same information as the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you with any further content, including any Licensed Content based on the final version of the technology. b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or through its third party designee, you give to Microsoft without charge, the right to use, share and commercialize your feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback. You will not give feedback that is subject to a license that requires Microsoft to license its technology, technologies, or products to third parties because we include your feedback in them. These rights survive this agreement. c.

Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the technology that is the subject of the Licensed Content, whichever is earliest (“Pre-release term”). Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies of the Licensed Content in your possession or under your control.

MCT USE ONLY. STUDENT USE PROHIBITED

4.

SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the Licensed Content only as expressly permitted in this agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not: • access or allow any individual to access the Licensed Content if they have not acquired a valid license for the Licensed Content, • alter, remove or obscure any copyright or other protective notices (including watermarks), branding or identifications contained in the Licensed Content, • modify or create a derivative work of any Licensed Content, • publicly display, or make the Licensed Content available for others to access or use, • copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or distribute the Licensed Content to any third party, • work around any technical limitations in the Licensed Content, or • reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the Licensed Content except and only to the extent that applicable law expressly permits, despite this limitation.

5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the Licensed Content. 6.

EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the Licensed Content. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting.

7.

SUPPORT SERVICES. Because the Licensed Content is “as is”, we may not provide support services for it.

8.

TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail to comply with the terms and conditions of this agreement. Upon termination of this agreement for any reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in your possession or under your control.

9.

LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for the contents of any third party sites, any links contained in third party sites, or any changes or updates to third party sites. Microsoft is not responsible for webcasting or any other form of transmission received from any third party sites. Microsoft is providing these links to third party sites to you only as a convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party site.

10.

ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and supplements are the entire agreement for the Licensed Content, updates and supplements.

11.

APPLICABLE LAW. a. United States. If you acquired the Licensed Content in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.

MCT USE ONLY. STUDENT USE PROHIBITED

b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that country apply. 12.

LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of your country. You may also have rights with respect to the party from whom you acquired the Licensed Content. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.

13.

DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

14.

LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.

This limitation applies to o anything related to the Licensed Content, services, content (including code) on third party Internet sites or third-party programs; and o claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law. It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.

Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French. Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en français.

EXONÉRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues.

LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices. Cette limitation concerne: • tout ce qui est relié au le contenu sous licence, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers; et. • les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité stricte, de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur.

MCT USE ONLY. STUDENT USE PROHIBITED

Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre égard.

EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre pays si celles-ci ne le permettent pas. Revised July 2013

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

xi

Server Virtualization with Windows Server Hyper-V® and System Center

Acknowledgments

MCT USE ONLY. STUDENT USE PROHIBITED

xii

Microsoft Learning wants to acknowledge and thank the following for their contribution toward developing this title. Their effort at various stages in the development has ensured that you have a good classroom experience.

Slavko Kukrika – Content Developer

Slavko Kukrika has been a Microsoft Certified Trainer (MCT) for more than 15 years. He holds many technical certifications, and he is honored to be one of Microsoft Most Valuable Professionals (MVPs). He has worked with virtualization since the early days of Windows Virtual PC, and he cannot imagine life without it. He regularly presents at technical conferences, and he is author of several Microsoft Official Courses. In his private life, Slavko is the proud father of two sons, and he tries to extend each day to at least 25 hours!

Dave Franklyn – Content Developer

Dave Franklyn, MCT, Microsoft Certified Solutions Expert (MCSE), Microsoft Certified IT Professional (MCITP), Microsoft MVP Windows Expert--It Pro, is a Senior Information Technology Trainer and Consultant at Auburn University in Montgomery, Alabama, and is the owner of DaveMCT, Inc. LLC. He also is an East U.S.A. Microsoft Regional Lead MCT. Dave has been a Microsoft MVP since 2011, and has been teaching at Auburn University since 1998. Working with computers since 1976, Dave started out in the mainframe world, and moved early into the networking arena. Before joining Auburn University, Dave spent 22 years in the US Air Force as an electronic communications and computer systems specialist, retiring in 1998. Dave is president of the Montgomery Windows IT Professional Group.

Orin Thomas – Subject Matter Expert

Orin Thomas is an MVP, an MCT and has a string of Microsoft MCSE and MCITP certifications. He has written more than 20 books for Microsoft Press and is a contributing editor at Windows IT Pro magazine. He has been working in IT since the early 1990s. He is a regular speaker at events such as TechED in Australia and around the world on Windows Server, Windows Client, System Center, and security topics. Orin founded and runs the Melbourne System Center Users Group.

Mitch Garvis – Technical Reviewer

Mitch Garvis is a renaissance man of the IT world. In addition to being a Virtual Technical Evangelist for Microsoft Canada, he also is a senior partner with SWMI Consulting Group. Among his numerous certifications are several MCITPs, as well as the new MCSE: Private Cloud. He lectures and trains on a variety of topics, including System Center, server virtualization, desktop deployment, and security. You can read his blog at www.garvis.ca, and follow him on Twitter as @MGarvis. In his spare time, he likes to break things, and has recently earned his Second Degree Black Belt in Taekwondo. He makes his home outside Toronto, Canada, where he has a wife, two kids, two dogs, and three minutes to himself every day.

Contents Module 1: Evaluating the Environment for Virtualization Lesson 1: Overview of Microsoft Virtualization

1-2

Lesson 2: Overview of System Center 2012 R2 Components

1-9

Lesson 3: Evaluating the Current Environment for Virtualization

1-16

Lesson 4: Extending Virtualization to the Cloud Environment

1-25

Lab: Evaluating the Environment for Virtualization

1-29

Module 2: Installing and Configuring the Hyper-V Role Lesson 1: Installing the Hyper-V Role

2-2

Lesson 2: Managing Hyper-V

2-12

Lesson 3: Configuring Hyper-V Settings

2-20

Lesson 4: Hyper-V Host Storage and Networking

2-26

Lab: Installing and Configuring the Hyper-V Role

2-33

Module 3: Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints Lesson 1: Creating and Configuring Virtual Hard Disks

3-3

Lesson 2: Creating and Configuring Virtual Machines

3-14

Lab A: Creating and Managing Virtual Hard Disks and Virtual Machines

3-24

Lesson 3: Installing and Importing Virtual Machines

3-30

Lesson 4: Managing Virtual Machine Checkpoints

3-37

Lesson 5: Monitoring Hyper-V

3-46

Lesson 6: Designing Virtual Machines for Server Roles and Services

3-53

Lab B: Creating and Managing Checkpoints and Monitoring Hyper-V

3-60

Module 4: Creating and Configuring Virtual Machine Networks Lesson 1: Creating and Using Hyper-V Virtual Switches

4-2

Lab A: Creating and Using Hyper-V Virtual Switches

4-9

Lesson 2: Advanced Hyper-V Networking Features

4-13

Lab B: Creating and Using Advanced Virtual Switch Features

4-23

Lesson 3: Configuring and Using Hyper-V Network Virtualization

4-26

Lab C: Configuring and Testing Hyper-V Network Virtualization

4-34

Module 5: Virtual Machine Movement and Hyper-V Replica Lesson 1: Providing High Availability and Redundancy for Virtualization

5-2

Lesson 2: Implementing Virtual Machine Movement

5-8

Lab A: Moving Virtual Machine and Configuring Constrained Delegation

5-14

Lesson 3: Implementing and Managing Hyper-V Replica

5-18

Lab B: Configuring and Using Hyper-V Replica

5-29

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

xiii

Server Virtualization with Windows Server Hyper-V® and System Center

Module 6: Implementing Failover Clustering with Hyper-V Lesson 1: Overview of Failover Clustering

6-2

Lesson 2: Configuring and Using Shared Storage

6-12

Lesson 3: Implementing and Managing Failover Clustering with Hyper-V

6-22

Lab: Implementing Failover Clustering with Hyper-V

6-31

Module 7: Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager Lesson 1: Integrating System Center and Server Virtualization

7-2

Lesson 2: Overview of VMM

7-13

Lesson 3: Installing VMM

7-19

Lesson 4: Adding Hosts and Managing Host Groups

7-28

Lab: Installing and Configuring System Center 2012 R2 Virtual Machine Manager

7-41

Module 8: Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager Lesson 1: Managing Networking Infrastructure

8-2

Lab A: Network Infrastructure Management

8-18

Lesson 2: Managing Storage Infrastructure

8-22

Lab B: Managing Infrastructure Storage

8-32

Lesson 3: Managing Infrastructure Updates

8-36

Lab C: Infrastructure Updates Management

8-42

Module 9: Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager Lesson 1: Virtual Machine Management Tasks in VMM

9-2

Lesson 2: Creating, Cloning, and Converting Virtual Machines

9-13

Lesson 3: Overview of Virtual Machine Updating

9-22

Lab: Creating and Managing Virtual Machines by Using System Center 2012 R2 Virtual Machine Manager

9-26

Module 10: Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects Lesson 1: Overview of the Virtual Machine Manager Library

10-2

Lesson 2: Working with Profiles and Templates

10-9

Lab: Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects

10-23

MCT USE ONLY. STUDENT USE PROHIBITED

xiv

Module 11: Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager Lesson 1: Introduction to Clouds

11-2

Lesson 2: Creating and Managing a Cloud

11-11

Lesson 3: Working With User Roles in Virtual Machine Manager

11-19

Lab: Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager

11-27

Module 12: Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller Lesson 1: Understanding Services in VMM Lesson 2: Creating and Managing Services in VMM Lesson 3: Using App Controller

12-2 12-9 12-16

Lab: Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller

12-24

Module 13: Protecting and Monitoring Virtualization Infrastructure Lesson 1: Overview of Backup and Restore Options for Virtual Machines

13-2

Lesson 2: Protecting Virtualization Infrastructure by Using DPM

13-9

Lesson 3: Using Operations Manager for Monitoring and Reporting

13-21

Lesson 4: Integrating VMM with Operations Manager

13-29

Lab: Monitoring and Reporting Virtualization Infrastructure

13-35

Module Review and Takeaways

13-40

Lab Answer Keys Module 1 Lab: Evaluating the Environment for Virtualization

L1-1

Module 2 Lab: Installing and Configuring the Hyper-V Role

L2-7

Module 3 Lab A: Creating and Managing Virtual Hard Disks and Virtual Machines

L3-17

Module 3 Lab B: Creating and Managing Checkpoints and Monitoring Hyper-V

L3-25

Module 4 Lab A: Creating and Using Hyper-V Virtual Switches

L4-35

Module 4 Lab B: Creating and Using Advanced Virtual Switch Features

L4-40

Module 4 Lab C: Configuring and Testing Hyper-V Network Virtualization

L4-43

Module 5 Lab A: Moving Virtual Machine and Configuring Constrained Delegation

L5-47

Module 5 Lab B: Configuring and Using Hyper-V Replica

L5-52

Module 6 Lab: Implementing Failover Clustering with Hyper-V

L6-57

Module 7 Lab: Installing and Configuring System Center 2012 R2 Virtual Machine Manager

L7-65

Module 8 Lab A: Network Infrastructure Management

L8-73

Module 8 Lab B: Managing Infrastructure Storage

L8-78

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

xv

Server Virtualization with Windows Server Hyper-V® and System Center

Module 8 Lab C: Infrastructure Updates Management

L8-81

Module 9 Lab: Creating and Managing Virtual Machines by Using System Center 2012 R2 Virtual Machine Manager

L9-83

Module 10 Lab: Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects

L10-87

Module 11 Lab: Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager

L11-91

Module 12 Lab: Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller

L12-99

Module 13 Lab: Monitoring and Reporting Virtualization Infrastructure

L13-105

MCT USE ONLY. STUDENT USE PROHIBITED

xvi

About This Course This section provides a brief description of the course, audience, suggested prerequisites, and course objectives.

Course Description

MCT USE ONLY. STUDENT USE PROHIBITED

About This Course

xvii

This course will provide you with the knowledge and skills necessary to create, maintain, monitor, and protect a virtualization infrastructure. You will learn about creating and managing virtual machines, managing virtual machine networks, and providing high availability for a Windows Server® 2012 R2 Hyper-V® environment. This course also will describe how to create and manage virtual machines, clouds, and services by using Microsoft® System Center 2012 R2 Virtual Machine Manager (VMM).

Audience

This course is intended for IT professionals who design, implement, manage, and maintain virtualization infrastructures, and for IT decision makers who will determine which virtualization product to implement in their data centers. This course also is suitable for IT professionals who want to learn about current Microsoft virtualization technologies.

Student Prerequisites This course requires that you meet the following prerequisites: •

An understanding of TCP/IP, iSCSI, and networking.



An understanding of different storage technologies.



The ability to work on a team or a virtual team.



Good documentation and communication skills to create proposals and make budget recommendations.



An understanding of Windows PowerShell®.

Course Objectives After completing this course, students will be able to: •

Evaluate their organization’s virtualization requirements and plan for server virtualization.



Install and configure the Hyper-V role.



Create virtual machines, create and manage virtual hard disks, and work with checkpoints.



Create and configure virtual machine networks in a Hyper-V environment.



Implement virtual machine movement and the Hyper-V Replica feature.



Provide high availability for a Hyper-V environment by implementing failover clustering.



Manage a virtual environment by using VMM.



Manage networking and storage infrastructure in VMM.



Create and manage virtual machines by using VMM.



Configure and manage a VMM library and library objects.



Create and manage clouds by using VMM.



Create and manage services in VMM.



Protect virtualization infrastructure by using Windows Server Backup and Data Protection Manager.

About This Course

Course Outline The course outline is as follows:

MCT USE ONLY. STUDENT USE PROHIBITED

xviii

Module 1, “Evaluating the Environment for Virtualization" describes the Microsoft virtualization products and System Center 2012 R2 components. It provides a broad overview of virtualization and a foundation for the following modules.

Module 2, “Installing and Configuring the Hyper-V Role" describes the Windows Server 2012 R2 features that are beneficial for Hyper-V. It also describes how to add the Hyper-V role to Windows Server 2012 R2, and how to configure the role.

Module 3, “Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints" describes how to create and configure virtual hard disks, virtual machines, and their components in the Hyper-V environment. It also describes checkpoints and how to manage them in the Hyper-V environment. Module 4, “Creating and Configuring Virtual Machine Networks" describes Hyper-V virtual machine networking options and explains how network virtualization works in the Hyper-V environment. It also describes the different types of virtual switches, and how you can create and manage them.

Module 5, “Virtual Machine Movement and Hyper-V Replica" describes the configuration and use of Hyper-V, and the options that you can use to provide high availability in the Hyper-V environment. It also describes how to move virtual machines between Hyper-V hosts and how to use Hyper-V Replica. Module 6, “Implementing Failover Clustering with Hyper-V" describes failover clustering, and how you can implement and manage it in the Hyper-V virtual environment. It also describes how you can use failover clustering to provide high availability for the Hyper-V environment.

Module 7, “Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager" describes how to install VMM, and explains its main features. It also describes how to add virtualization hosts to VMM, and manage virtualization hosts and host groups.

Module 8, “Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager" describes VMM networking options, and how to manage storage infrastructure and infrastructure updates in VMM. Module 9, “Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager" describes how to create and manage virtual machines in VMM, and how to configure virtual machine updating. Module 10, “Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager Library and Library Objects" describes how to use and manage the Virtual Machine Manager library, and how to configure library settings. It also explains how to use profiles and templates in VMM.

Module 11, “Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager" describes how to create and manage clouds and user roles in VMM.

Module 12, “Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App Controller" describes services in VMM and App Controller, and how to manage them. It also explains how to use App Controller for cloud management. Module 13, “Protecting and Monitoring Virtualization Infrastructure" describes how to use the backup and restore options in VMM, and how to protect the virtualization infrastructure by using DPM. It also describes how to monitor the virtualization infrastructure and generate reports by using System Center 2012 R2 Operations Manager, and how to configure Operations Manager integration with VMM.

Course Materials The following materials are included with your kit: •

Course Handbook: a succinct classroom learning guide that provides the critical technical information in a crisp, tightly-focused format, which is essential for an effective in-class learning experience.

MCT USE ONLY. STUDENT USE PROHIBITED

About This Course

xix



Lessons: guide you through the learning objectives and provide the key points that are critical to the success of the in-class learning experience.



Labs: provide a real-world, hands-on platform for you to apply the knowledge and skills learned in the module.



Module Reviews and Takeaways: provide on-the-job reference material to boost knowledge and skills retention.



Lab Answer Keys: provide step-by-step lab solution guidance.

Course Companion Content on the http://www.microsoft.com/learning/en/us /companion-moc.aspx Site: searchable, easy-to-browse digital content with integrated premium online resources that supplement the Course Handbook. •

Modules: include companion content, such as questions and answers, detailed demo steps and additional reading links, for each lesson. Additionally, they include Lab Review questions and answers and Module Reviews and Takeaways sections, which contain the review questions and answers, best practices, common issues and troubleshooting tips with answers, and real-world issues and scenarios with answers.



Resources: include well-categorized additional resources that give you immediate access to the most current premium content on TechNet, MSDN®, or Microsoft® Press®.

Student Course files on the http://www.microsoft.com/learning/en/us/companion-moc.aspx Site: includes the Allfiles.exe, a self-extracting executable file that contains all required files for the labs and demonstrations. •

Course evaluation: At the end of the course, you will have the opportunity to complete an online evaluation to provide feedback on the course, training facility, and instructor. •

To provide additional comments or feedback on the course, send an email to [email protected] To inquire about the Microsoft Certification Program, send an email to [email protected]

About This Course

Virtual Machine Environment

MCT USE ONLY. STUDENT USE PROHIBITED

xx

This section provides the information for setting up the classroom environment to support the business scenario of the course.

Virtual Machine Configuration In this course, you will use Microsoft Hyper-V to perform the labs. The following table shows the role of each virtual machine that is used in this course: Virtual machine

Role �

20409B-LON-HOST1

Boot to VHD image – one of a pair

20409B-LON-HOST2

Boot to VHD image – second server in the pair

20409B-LON-DC1

Domain controller in the Adatum.com domain

20409B-LON-SVR1

Member server in the Adatum.com domain

20409B-LON-SVR2

Member server in the Adatum.com domain

20409B-LON-VMM1

Member server in the Adatum.com domain, Microsoft System Center 2012 R2 VMM and Microsoft System Center 2012 R2 App Controller will be installed on this server

20409B-LON-SS1

Windows Server 2012 R2 with Internet small computer system interface (iSCSI) target

20409B-LON-OM1

Microsoft System Center 2012 R2 Operations Manager (Operations Manager)

20409B-LON-WSUS

A Window Server Update Services server

20409B-LON-CL1

Windows 8.1 client with Microsoft Office 2013 installed

20409B-LON-CL2

Windows 8.1 client with Office 2013 installed

20409B-LON-TEST1

Stand-alone server

20409B-LON-TEST2

Stand-alone server

20409B-LON-PROD1

Stand-alone Windows 8.1 client

20409B-LON-PROD2

Stand-alone Windows 8.1 client

Classroom Setup

This course requires two host computers for the instructor and for each student (or pair of students working in a team). The two computers for each person must have network connectivity with each other, but must not be able to communicate with other computers on the network.

The two host computers will be configured to run Hyper-V as part of the classroom installation, or as part of the student labs. Each host computer will also host several virtual machines.

Course Hardware Level

MCT USE ONLY. STUDENT USE PROHIBITED

About This Course

To ensure a satisfactory student experience, Microsoft Learning requires a minimum equipment configuration for trainer and student computers in all Microsoft Certified Partner for Learning Solutions (CPLS) classrooms in which Official Microsoft Learning Product courseware is taught. Hardware Level 7 •

64-bit Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor (2.8 gigahertz [GHz] dual core or more recommended)



Dual 500 gigabyte (GB) hard disks, 7200 RPM Serial ATA (SATA) or faster. Each hard disk must be configured as a separate drive labeled Drive C and Drive D



16 GB RAM



DVD (dual layer recommended)



Network adapter



Dual SVGA monitors that are 17 inches or larger, supporting 1,440 x 900 minimum resolution



Microsoft mouse or compatible pointing device



Sound card with amplified speakers

Additionally, the instructor computer must be connected to a projection display device that supports 1,280 x 1,024 pixels, with 16-bit color.

Navigation in Windows Server 2012 R2 or Windows 8.1 If you are not familiar with the user interface in Windows Server 2012 R2 or Windows 8.1, then the following information will help orient you to the new interface. •

Sign in and Sign out replace Log in and Log out.



Administrative tools are found in the Tools menu of Server Manager.



Move your mouse to the lower right corner of the desktop to open a menu with: •

Settings: This includes Control Panel and Power.



Start menu: This provides access to some applications.



Search: This allows you to search applications, settings, and files.

You also may find the following shortcut keys useful: •

Windows: Opens the Start menu.



Windows+C: Opens the same menu as moving the mouse to the lower right corner.



Windows+I: Opens Settings.



Windows+R: Opens the Run window.

xxi

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED 1-1

Module 1 Evaluating the Environment for Virtualization Contents: Module Overview

1-1

Lesson 1: Overview of Microsoft Virtualization

1-2

Lesson 2: Overview of System Center 2012 R2 Components

1-9

Lesson 3: Evaluating the Current Environment for Virtualization

1-16

Lesson 4: Extending Virtualization to the Cloud Environment

1-25

Lab: Evaluating the Environment for Virtualization

1-29

Module Review and Takeaways

1-33

Module Overview

Microsoft offers several virtualization technologies that organizations can use to resolve challenges that they encounter when running traditional server computing environments. For example, server virtualization can help reduce the number of physical servers, and provide a flexible and resilient server solution for businesses. This module provides an overview of the different Microsoft virtualization technologies, and explains how you can use these technologies to manage both virtualization and traditional infrastructures. This module also describes how to evaluate your business environment to plan for virtualization. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.

Objectives After completing this module, you will be able to: •

Describe the various virtualization technologies and the scenarios where you would apply each technology.



Describe the different Microsoft System Center 2012 R2 components, and explain how you can use them to manage both traditional and modern infrastructure solutions.



Evaluate your organization’s virtualization requirements and plan for server virtualization.

Lesson 1

Overview of Microsoft Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

1-2 Evaluating the Environment for Virtualization

Microsoft offers a number of virtualization technologies that administrators and infrastructure architects can use to create and administer a virtual environment. To use these tools effectively, it is important for administrators and infrastructure architects to know how and when to apply which Microsoft technology. In many cases, you can combine multiple technologies to build an effective virtualized business solution. For example, a new email infrastructure may consist of a server and several client systems, and you may want to consider the various virtualization technologies available before deciding on and implementing the one that best meets your business requirements. This lesson describes the different types of virtualization technologies and the principles of cloud computing.

Lesson Objectives After completing this lesson, you will be able to: •

Describe the different types of virtualization technologies.



Explain the scenarios where you would implement server virtualization.



Describe the features and benefits of network virtualization.



Describe the features and benefits of user state virtualization.



Describe the features and benefits of presentation virtualization.



Describe the features and benefits of application virtualization.



Describe the features and benefits of cloud computing.

Different Types of Virtualization Microsoft provides a host of virtualization options, each of which you can use to meet a specific set of challenges. The following list provides an overview of each type of virtualization: •

Server virtualization. You can use server virtualization to host a large number of virtual machines. Server Virtualization uses the Windows Server 2012 Hyper-V platform.



Desktop virtualization. Desktop virtualization can refer to either client side virtualization, such as the Hyper-V client on a computer running Windows 8.1, or virtual desktop infrastructure, where the client computer operating systems run on a server virtualization host.



User state virtualization. User state virtualization captures and centralizes application and Windows operating system settings for users. This enables users to sign in to any device while retaining their settings.



Presentation virtualization. Presentation virtualization allows desktops and applications that are running on a Remote Desktop Services server to display on remote clients.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-3



Network virtualization. Network virtualization enables you to isolate networks used in server virtualization without requiring the implementation of virtual local area networks (VLANs).



Application virtualization. You can use application virtualization to virtualize applications, which then enables applications to run in or be streamed to special containers on a host operating system.

Note: Later topics in this lesson discuss in more detail each type of virtualization and the scenarios in which you would deploy them.

What Is Server Virtualization?

In Microsoft environments, server virtualization involves running virtual machines on a host that is running the Hyper-V role. Server virtualization abstracts a physical server’s resources, and then presents the resources to each virtual machine that is running on the physical host. For example, server virtualization allows y multiple virtual machines to share the same physical hardware, yet appear as separate servers on the organization network. Virtual machines (known as guests) that run on a Hyper-V server (known as a host) can run any supported operating system including Windows Server, Windows client operating systems (such as Windows 8) and supported distributions of Linux.

Server virtualization allows you to use hardware resources more efficiently. Consider a scenario where you have separate computers running Microsoft Exchange Server 2013, Microsoft SQL Server 2012, Microsoft SharePoint Server 2013, file and print services, Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP). Additionally, you have another server functioning as an Active Directory domain controller. If you use server virtualization, you can instead configure a single appropriately provisioned server and run each of these separate computers as virtual machine guests. You can even make these virtual machines highly available by deploying additional appropriately provisioned servers running Hyper-V and configuring them in a failover cluster relationship. Server virtualization allows you to detach the computer that is hosting a particular service or workload from the hardware on which that service or workload runs. For example, you may have a virtualized computer that hosts a SQL Server 2012 instance that is a guest on a Hyper-V host with other virtualized computers. If the virtualized computer that hosts the SQL Server 2012 instance requires more computing resources than are available on the current host, you can simply move the virtual machine to another Hyper-V host that has resources that better meet the requirements of the workload.

What Is Desktop Virtualization? Desktop virtualization often represents two separate concepts: •

Client-side virtualization. A hypervisor runs on a desktop operating system such as Windows 8.1 and hosts a small number of virtual machines that the user will utilize.



Virtual Desktop Infrastructure (VDI). The client operating system runs on a remote server, and users connect to it by using a Remote Desktop client.

Client-Side Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

1-4 Evaluating the Environment for Virtualization

Client-side virtualization uses the Hyper-V role on supported operating system editions and hardware running Windows 8 and Windows 8.1. Virtual machines running on Hyper-V client are compatible with servers running Hyper-V. Client-side virtualization is often used as an application compatibility solution, allowing individual users to run multiple versions of the Windows client operating system simultaneously on their client computer hardware. You would typically use client-side virtualization in scenarios where you need to provide application compatibility to a small number of users. When larger numbers of users require an application compatibility solution, you should instead host the previous version of the Windows client operating system on a server running Hyper-V.

For example, consider a scenario where in an organization of several hundred people you have five users that need to run a series of applications on the Windows XP operating system for several months until a replacement solution can be found. All users in this organization have desktop computers that run the Windows 8.1 operating system. In this scenario, you should consider deploying Windows XP in a virtual machine that runs client Hyper-V. If you have a large number of users that need to run a series of incompatible applications, or the incompatible applications need to be used on a long-term basis, you might consider a different solution such as VDI or System Center 2012 R2 Application Virtualization (App-V).

VDI

VDI enables you to run some or all of an organization’s client computers as virtual machines. Users can connect to those virtual machines by using a Remote Desktop Client from any compatible computer or device. Client computers in a VDI deployment run as a pool of virtual machines, which provides organizations with the following benefits: •

One client accessible through any device. Because the client operating system runs independently of hardware, users can access their personal client virtual machine by using a variety of devices. VDI provides a solution for Bring Your Own Device (BYOD) environments, ensuring that a standardized environment is available even if each user has their own unique device.



Reduced hardware costs. Instead of having to manage and maintain a client computer for each user, you only need to meet the minimum requirement of a keyboard, a mouse, and a display capable of running a Remote Desktop client.



Simplified updates. Rather than updating clients individually, you can update virtual machines in a VDI deployment in a centralized way.



Simplified deployment. You can deploy a new computer quickly from the existing virtual machine pool. This is simpler than having to install and manage the operating system, applications, hardware, and updates for each individual computer that you deploy.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-5



High availability. Because the client computer is a virtual machine, you can make it highly available by running it on highly available virtualization hosts. In the event that the hardware or device on which the client virtual machine runs experiences a hardware failure, you can issue a replacement without the user losing access to applications or data. This is because the operating system, applications, and data are kept separate from any client computer hardware.



Backup and recovery. Because virtual machines are data, VDI simplifies the process of centrally backing up client computers.

What Is Network Virtualization? Network virtualization provides a way to isolate virtual networks and the virtual machines that connect to them, without having to implement VLANs. Network virtualization is of primary interest to organizations that host large numbers of virtual machines that require isolation of one group of virtual machines from another. Isolation may be required because the different groups of virtual machines use the same IP address scheme, or there may be political or regulatory reasons why one set of virtual machines must be isolated from other groups of virtual machines.

By using gateways or virtual private network (VPN) extensions, you can extend virtualized networks for isolated communication between Hyper-V hosts. Network virtualization provides many of the benefits that VLANs provide without requiring you to configure physical switches with appropriate VLAN IDs. Hyper-V Network Virtualization technical details http://go.microsoft.com/fwlink/?LinkID=285279

What Is User State Virtualization? User State Virtualization allows users to sign in to any device while retaining their operating system and application settings. This provides users with a consistent Windows operating system and application experience. UE-V works with locally installed desktops or VDI with any combination of locally installed applications, App-V–sequenced application, and applications that use RemoteApp.

User Experience Virtualization (UE-V) is a System Center 2012 tool that enables users to synchronize their user settings for both applications and operating system across multiple computers. Virtualizing user settings is also known as user state virtualization. UE-V includes the following components: •

Settings storage location. This is a file share that the UE-V agent uses to store the settings.

MCT USE ONLY. STUDENT USE PROHIBITED

1-6 Evaluating the Environment for Virtualization



User Experience Virtualization agent. This agent is installed on each computer that will synchronize the settings stored in the Settings storage location.



Settings location templates. These are XML files that define what settings UE-V should monitor. The UE-V installation includes these templates.



Settings package. These packages are generated by the UE-V agent, and are then copied to the Settings storage location.

User state virtualization is useful in environments where users might sign in to different computers or devices but need to access their customized and configured operating system and application settings. One example might be in a call center environment where users are assigned a separate desk each time they arrive at work, but where policies allow them to configure their own desktop background (including shortcuts) and operating system settings. High-Level Architecture for UE-V 1.0 http://go.microsoft.com/fwlink/?LinkID=386654

What Is Presentation Virtualization? Presentation virtualization is another way of describing the Remote Desktop and RemoteApp functionality of the Remote Desktop Services role in Windows Server 2012 R2. With presentation virtualization, the application, or the entire remote desktop runs on the server. The application user interface, or the computer’s desktop, displays on the client’s device.

Presentation virtualization allows applications that would normally not be able to run on a client because of resource constraints, to be accessible on that client because the application runs on the server. For example, you can use RemoteApp to run an app that requires 4 gigabytes (GB) of random access memory (RAM), on a computer with 2 GB of RAM. This is possible because the app will be executing on the Remote Desktop server. Remote App supports file associations on some client operating systems. For example, if a user double clicks on a Microsoft Visio document file, a Visio RemoteApp session may open to a Remote Desktop Services server that is hosting the Visio app.

Remote Desktop client software exists for devices running the Windows RT, Windows Phone, Apple iOS, Mac OSX, and Android operating systems. This makes Remote Desktop another possible solution in BYOD environments where users may need to run apps that you do not want to or cannot run locally for architectural or resource reasons.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

What Is App-V? Application Virtualization (App-V) is a System Center tool that virtualizes apps by abstracting them from the operating system. App-V allows apps to run without having to install them on the computer or server that the user is accessing. As App-V apps run in a separate virtualized silo, it allows you to run apps side by side that would otherwise cause conflicts. For example, using App-V you can run different versions of a Microsoft Office application concurrently, which is not possible without App-V. App-V benefits include:

1-7



Running applications that would otherwise conflict. For example, you can run two different versions of Microsoft Office on the same computer or in an RD Session Host server. Each application has all the necessary sequenced files that it requires to run.



Virtualized applications display as if they are installed locally. Users can start applications from the Start Screen, from desktop icons, and by file extension association. App-V applications use local resources+ and display in Task Manager.



App-V applications can be streamed on demand from an App-V server. This allows an application not present locally to be started more quickly.



App-V applications can be stored locally once they have completely streamed from the host server. App-V apps can also be installed.



Simplified management and deployment. With streaming, virtual applications are delivered on demand from a server, thereby allowing users to download them automatically when they are required. Administrators can update applications on the server and the App-V Desktop Client will download the newer version automatically the next time the user runs the application.

What Is Cloud Computing? Cloud computing is a term that describes the delivery and consumption of computing and application resources from a remote location, often but not necessarily over the Internet. Users can subscribe to cloud computing resources, which are usually then measured and billed similar to utility services. Cloud computing applications are typically independent of an operating system, and they are available to users across a wide variety of devices. From an administrative perspective, cloud computing infrastructure should be pooled, should be able to deliver multitenant services, and should allow rapid scalability.

Cloud computing service models include software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Cloud computing has three main deployment models:

MCT USE ONLY. STUDENT USE PROHIBITED

1-8 Evaluating the Environment for Virtualization



Public cloud. Public clouds are infrastructure, platform, or application services that are delivered from a cloud service provider for access and consumption by the public.



Private cloud. Private clouds are privately owned and managed clouds that offer similar benefits to that of public clouds, but are designed and secured for use by a single organization.



Hybrid cloud. In a hybrid cloud, a technology binds two separate clouds (public and private) together for the specific purpose of obtaining resources from both.

Microsoft cloud services provide technology and applications across all of these cloud computing models. Some examples of Microsoft cloud services are: •



Microsoft public cloud services: o

Windows Azure. Windows Azure is a public cloud environment that offers PaaS, SaaS, and IaaS. Developers can subscribe to Windows Azure services and create software, which is delivered as SaaS. Microsoft cloud services uses Windows Azure to deliver some of its own SaaS applications.

o

Microsoft Office 365. Office 365 delivers online versions of the Microsoft Office applications and online business collaboration tools.

o

Microsoft Dynamics CRM Online. Microsoft Dynamics CRM Online is the Microsoft-hosted version of the on-premises Microsoft Dynamics CRM application.

Microsoft private cloud: o



Hyper-V in Windows Server 2012 R2 combines with System Center 2012 R2 to create the foundation for building private clouds. By implementing these products as a combined solution, you can deliver much of the same functionality offered by public clouds.

Microsoft hybrid cloud: o

Microsoft provides a number of hybrid cloud solutions that enable you to: 

Back up an on-premises cloud application to a service provider.



Manage, monitor, and move virtual machines between different clouds.



Connect and federate directory services that allow your users to access applications that are constructed across a combination of on-premises, service provider, and public cloud types.

You can reduce the computing costs of your organization by using Microsoft cloud computing technologies. You can also improve the delivery times for infrastructure and application services, ensure that they are always available, and monitor their performance.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Lesson 2

Overview of System Center 2012 R2 Components

1-9

System Center 2012 R2 includes several integrated technologies that you can use to deploy, configure, and manage servers, clients, mobile devices, services, and applications. In this lesson, you will review the various technologies included in System Center 2012 R2, and explore their features and functionalities.

Lesson Objectives After completing this lesson, you will be able to: •

Explain how to use System Center 2012 R2 to manage a data center.



Describe the features and functionalities of System Center 2012 R2 Virtual Machine Manager.



Describe the features and functionalities of System Center 2012 R2 App Controller.



Describe the features and functionalities of System Center 2012 R2 Operations Manager.



Describe the features and functionalities of System Center 2012 R2 Orchestrator.



Describe the features and functionalities of System Center 2012 R2 Service Manager.



Describe the features and functionalities of System Center 2012 R2 Data Protection Manager.

Using Microsoft System Center 2012 R2 to Manage a Data Center System Center 2012 R2 is a group of integrated management technologies that predominantly IT professionals use to deploy, manage, maintain, monitor, and automate servers, computers, mobile devices, services and applications. The following list summarizes the components and their purpose.

System Center 2012 R2 Virtual Machine Manager

System Center 2012 R2 Virtual Machine Manager (VMM) provides administrators with a single administrative tool for deploying and managing a virtualization infrastructure, including managing components such as hosts, storage, networks, libraries, and update servers. VMM also provides the foundation for managing virtual machines configuration and deployment.

System Center 2012 R2 App Controller

System Center 2012 R2 App Controller (App Controller) provides a self-service portal for administrators who are deploying and managing applications and services across one or more sites. App Controller enables you to access and manage resources from one or more VMM servers, and from multiple Windows Azure subscriptions.

System Center 2012 R2 Service Manager

System Center 2012 R2 Service Manager (Service Manager) offers service management, process automation, asset tracking, and a self-service portal to access resources that are defined in a service catalog. Service Manager offers an easy-to-build configuration management database, which pulls data from Active Directory Domain Services (AD DS) and System Center components. This allows companies to

establish and use controls and operations based on guidelines of either the Information Technology Infrastructure Library or Microsoft Operations Framework.

System Center 2012 R2 Orchestrator System Center 2012 R2 Orchestrator (Orchestrator) is a runbook automation component that allows administrators to integrate and automate their data centers. Orchestrator utilizes integration packs, including many built-in authored packs that allow administrators to connect different systems.

System Center 2012 R2 Operations Manager

MCT USE ONLY. STUDENT USE PROHIBITED

1-10 Evaluating the Environment for Virtualization

System Center 2012 R2 Operations Manager (Operations Manager) is the management component that you use to monitor applications and performance. You can integrate Operations Manager with VMM, Service Manager, Orchestrator, and DPM. Operations Manager utilizes vendor-authored management packs that provide detailed information about the application and health-state monitoring.

System Center 2012 R2 DPM System Center 2012 R2 DPM () is an enterprise backup component that performs application-aware block-level backups. It utilizes Volume Shadow Copy Service (VSS) writers to help protect and recover applications such as SQL Server, Exchange Server, SharePoint Server 2012, and AD DS. Additionally, it provides specific VSS writers for System Center 2012 components. For more information on what is new in the System Center 2012 R2 components, see: What's New in System Center 2012 R2 http://go.microsoft.com/fwlink/?LinkID=386653 Note: The following topics will examine each of the System Center components, their features, and their integration capabilities in more depth.

Overview of VMM VMM provides you with a single administrative tool for deploying and managing a virtualization infrastructure. You use VMM to manage large numbers of virtual machine hosts and virtual machines. Using VMM, you can deploy and manage all components of your virtual machine and virtual machine host infrastructure. You can use VMM to manage a single virtual machine host computer, or to manage as many as 400 hosts and 8,000 guests. You can use VMM to perform the following tasks: •

Bare-metal deployment of hosts. You can automate deployment of Windows Server host machines on physical servers.



Host and cluster creation. You can create Hyper-V hosts and clusters easily by using the VMM console, which simplifies manual deployment and reduces the possibility of configuration errors.



Host groups. You can group hosts for manage multiple hosts.



Cross-platform management. VMM supports Citrix XenServer host and pool management, and supports VMware ESX hosts through integration with VMware vSphere.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-11



Storage configuration. Configure and manage storage.



Network configuration. Allows you to create and manage virtual networks.



Intelligent placement. Intelligent placement helps you select an appropriate host for a virtual machine based on available resources.



Dynamic optimization. VMM can balance workloads automatically, according to configurable thresholds for core resources such as CPU, memory, disk, and network utilization.



Power optimization. You can configure VMM to use power thresholds that you specify. This enables VMM to evaluate the performance requirements of a Hyper-V host cluster, and shut down hosts if they are not required to provide adequate performance.



Performance and Resource Optimization (PRO). PRO allows you to ensure that virtual machines are moved automatically when there is resource contention.



Microsoft Server Application Virtualization (Server App-V). Server App-V enables you to virtualize server-based applications. What’s New in System Center 2012 - Virtual Machine Manager http://go.microsoft.com/fwlink/?LinkId=253224

Overview of App Controller App Controller is a self-service portal that enables administrators and end users to control, deploy, and configure applications and virtual machines across VMM deployments and public clouds. App Controller provides self-service capabilities that enable administrators to deploy and administer resources across multiple VMM servers, and across Window Azure and service-provider data center resources.

You can configure App Controller to use up to five VMM servers and their resources. App Controller provides web-based access through which you can control applications, virtual machines, and virtual machine resources, including libraries and shares.

App Controller can control as many as 20 Windows Azure subscriptions. It allows you to upload virtual hard disks and images to Windows Azure from a library or from network shares, and add virtual machines to deployed services in Windows Azure. Additionally, you can manipulate and migrate virtual machines to and from Windows Azure.

Overview of Operations Manager Operations Manager is a cross-platform monitoring and alerting solution that provides application and infrastructure monitoring. Operations Manager can monitor both physical and virtual layers, and it introduces a fabric health dashboard and cloud health dashboard. These dashboards provide status information such as host state, storage pool state, network node state, file share, and logical unit number (LUN) state. Other benefits of integrating VMM with Operations Manager, include:

MCT USE ONLY. STUDENT USE PROHIBITED

1-12 Evaluating the Environment for Virtualization



Monitoring the health and availability of the VMM management server, the VMM database server, and the Virtual Machine Manager library servers. You can also monitor a VMware-based virtual environment.



Viewing diagram views of your virtualized environment from within the Operations console.



Implementing PRO tips, which collect performance data from host machines, virtual machines, and applications. PRO tips enable you to automate changes to the VMM and host environment, based on the performance information that Operations Manager provides. For example, if a physical hard disk fails, an alert in Operations Manager can trigger the migration of all virtual machines from a host with a degraded disk subsystem. Another example could be using performance information to automatically scale out a web farm in response to increased transactions in VMM. The reports are available in the VMM console, but display data is retrieved from Operations Manager.



Enabling maintenance-mode integration. When you place hosts in maintenance mode, VMM attempts to put them in maintenance mode in Operations Manager.



Integrating SQL Server Analysis Services (SSAS), which allows you to run forecasting reports that can predict host activity based on history of disk space, memory, network I/O, disk I/O, and CPU usage. SSAS also supports using a SAN for usage forecasting. How to Connect VMM with Operations Manager http://go.microsoft.com/fwlink/?LinkID=286069

Overview of Orchestrator Orchestrator is the Microsoft runbook automation platform. You use Orchestrator to automate virtualization management tasks. Orchestrator allows you to create automation using the Orchestrator Runbook Designer. The Runbook Designer is a simple drag-and-drop interface that makes it easier to design processes to help accomplish complex tasks. This allows you to create quick automation without having to create and manage complex Windows PowerShell scripts.

Orchestrator has a number of built-in runbook activities that perform a wide range of functions, and that you can extend with integration packs. Integrations packs contain Runbook activities and objects

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-13

that allow Orchestrator to extend its capabilities to other Microsoft and non-Microsoft components. The Virtual Machine Manager integration pack includes tasks related to the management of VMM, virtualization hosts, and virtual guests.

Overview of Service Manager Service Manager is a System Center component that you use to automate business processes and implement service management as defined in the Information Technology Infrastructure Library and the Microsoft Operations Framework. Many prebuilt products exist for incident and problem management, and change, release, and life cycle management. Virtualization environments are dynamic by nature. Therefore, you should manage them by using documented processes and procedures that are based around the Information Technology Infrastructure Library or Microsoft Operations Framework. Service Manager can help you govern virtualization or private cloud computing with the following functionality: •

Management of incidents, problems, changes, and releases. For application and infrastructure owners, administrators, service analysts, and end users, Service Manager offers a single location from which to govern and manage deployment changes, and administrate a complex virtualization environment. Service Manager provides a SharePoint–based portal that you can customize and configure with a software or service catalogue that you can link to self-service request offerings. You can configure request offerings to trigger business approval processes and system processes that deliver the request. This provides a level of automation that significantly increases efficiency.



Compliance. Service Manager has a downloadable management pack that can assist you with managing and automating IT governance, risk, and compliance responsibilities, and can help you connect complex business objectives to Microsoft infrastructure.

Note: Management packs extend System Center 2012 R2 functionality, and enable integration between System Center components. You can download and install a wide variety of management packs for most System Center components. •

An integrated platform. Service Manager has several available connectors to leverage Service Manager’s full integration capabilities. You can use these connectors to import data into the Service Manager Configuration Management database from AD DS, .csvc files, and other System Center components.

Overview of DPM Data Protection Manager (DPM) is a data backup and recovery solution that works with disk-to-disk and disk-to-tape backups. You can use DPM to back up and restore Windows Servers operating system servers, and application servers such as: •

SQL Server



Exchange Server



Hyper-V



File servers



AD DS



SharePoint Server

DPM also includes support for system state and bare-metal recovery, offers protection for Windows desktop clients, and provides some elements of self-service.

MCT USE ONLY. STUDENT USE PROHIBITED

1-14 Evaluating the Environment for Virtualization

When planning a virtualization environment, you need to implement a backup system that will back up the following items: •

Virtual machines. Sometimes referred to as virtual machine backups, in-guest backups, or traditional backups, these backups are usually unaware of virtualization and are designed with an application in mind. For example, Exchange backups should protect Exchange components such as stores and mailboxes. Additionally, if you want to protect your entire server structure, you should perform a system-state backup and include data drivers. If you must recover your entire server structure, you must use a recovery copy that includes a full backup of all components.



Host server backup. Not to be confused with backing up the host itself, a host-level backup is a Hyper-V–aware backup designed to protect the virtualization files that comprise a virtual machine. Virtualization files may include virtual machine configuration files, .vhd files, and snapshots. DPM uses VSS to back up files while they run. You can use this form of backup to recover an entire virtual machine or one of its disks, in place, to the same virtualization host server, or to an alternate virtualization host server.

DPM provides the following important data center backup system features: •

VSS backups. DPM uses VSS to protect data sources while the data source continues to run. This means that applications and servers do not have to be taken offline while DPM provides the protection for them. After an initial full backup is complete, DPM can back up just the block changes, incrementally, which allows for faster and more efficient backup and recovery.



Hyper-V item-level recovery support. DPM can recover specific files, folders, volumes, and virtual hard disks from a host-level backup of Hyper-V virtual machines.



Hyper-V host and guest support. DPM supports host-based protection when the agent is installed on the host computer, and guest-based protection when the agent is installed on the virtual machine. For guests running Windows Server 2003 and newer Windows Server versions, DPM provides online backups that ensure that DPM does not impact the performance of the protected virtual machine when providing protection.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-15



Integration with Operations Manager. Integrating DPM with Operations Manager provides monitoring for the DPM environment via the DPM Management Pack. The DPM Central Console, which is built on Operations Manager, allows you to monitor all DPM servers from a central computer. You can use the Central Console to open a DPM Administrator Console to manage DPM remotely.



Integration with other System Center 2012 components. With the integration of DPM and Orchestrator, you can automate functions such as data protection and recovery. Using Service Manager and the Self-Service Portal together with DPM and Orchestrator, you can also offer these functions as services to private cloud users.



Self-service functionality. DPM also has a self-service function that administrators can use to configure and delegate restore functionality to self-service users. You can grant permission to restore to the same server, or to restore to an alternate server, including to which alternate servers.



Windows Azure Backup. You can back up DPM data to Windows Azure.



Linux virtual machine backup. DPM provides support for Linux virtual machines.

Note: When building a virtualization solution (or any solution), it is important to test and validate data by using the restore functionality. Ensure that you can restore each type of backup, and be sure to implement a plan with periodic testing of backup integrity.

Lesson 3

Evaluating the Current Environment for Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

1-16 Evaluating the Environment for Virtualization

Prior to implementing virtualization into your organization, you must first determine key evaluation factors that you can use to assess your organization’s virtualization requirements. You will learn about some of the available resources, including solution accelerators such as the Microsoft Assessment and Planning Toolkit (MAP). This lesson also describes some of the principal design factors for implementing a server virtualization solution.

Lesson Objectives After completing this lesson, you will be able to: •

Evaluate your organization’s requirements for server virtualization.



Describe the virtualization solution accelerators.



Describe the assessment features of MAP.



Assess the computing environment by using MAP.



Design a solution for server virtualization.

Evaluating Server Virtualization Factors When you consider the challenges presented by the traditional computer and application environments, server virtualization is an effective way to resolve many of the known issues. Planning your server virtualization project is a very important first step, and evaluating factors that will contribute to a successful virtualization project is the beginning of this process. Some of the important evaluation factors are as follows: •

Project scope. You should define the virtualization project scope as early on as possible. You should determine the business factors driving the project, the staff that is responsible for determining these factors, and their goals.

You should also determine how you will measure success. For example, if your company is migrating from Exchange Server 2007 to Exchange Server 2013, your migration project scope may include server virtualization elements, but the overall success is measured by a transparent upgrade of the organization’s email platform. However if your project scope is to implement or upgrade a server virtualization strategy, Exchange Server may just be a milestone goal of the overall consolidation or improvement program. Understanding budgets and documenting the project are also important factors. •

Resource and performance. Assessing the resource and performance of the servers to be virtualized is another evaluation factor. You can use MAP to provide detailed information on the number of hosts and the host hardware requirements. Typically, virtual machines require approximately the same resources as a physical server. For example, if a physical server is currently utilizing 1-GB RAM, you should expect the virtual machine to use the same amount of RAM, assuming that it runs the same operating system and applications as

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-17

the physical server. If a single virtual machine consumes more than half of your host’s workload, you should consider whether virtualization is appropriate or if the host’s sizing is adequate.

Hardware is not the only consideration when implementing a server virtualization solution. You also should review all aspects of a service or application’s requirements before deciding whether you can host it virtually. Some factors to consider when determining whether to virtualize server workloads are: •

Compatibility. You must determine whether the application can run in a virtualization environment. Business applications range from simple programs to complex, distributed multiple tier applications. You need to consider requirements for specific components of distributed applications, such as specific needs for communication with other infrastructure components, or requirements for direct access to the system hardware. While you can virtualize some servers easily, other components may need to continue running on dedicated hardware.



Applications and services. Applications and services that have specific hardware or driver requirements generally are not well suited for virtualization. An application may not be a good candidate for application virtualization if it contains low-level drivers that require direct access to the system hardware. This may not be possible through a virtualization interface, or it may affect performance negatively.



Supportability. You need to evaluate if a virtualized environment will support your operating system and requisite applications. Verify vendor support policies for operating system and application deployment using the virtualization technologies.



Licensing. You also need to evaluate whether you can license the application for use in a virtual environment. Reduced licensing costs for multiple applications or operating systems could add up and make a strong financial case for using virtualization.



Availability requirements. Most organizations have some applications that must always be available in a virtual environment for users. Some applications provide built-in options for enabling high availability, while other applications may be more difficult to make highly available outside of a virtual machine environment. When considering whether to virtualize a server, evaluate whether the application has high availability options, whether a virtual machine environment supports those options, and whether you can use failover clustering to make the virtual machine highly available.

The goal in most organizations is to utilize all servers adequately, whether they are physical or virtual. You can fully utilize some server roles such as SQL Server or Exchange Server Mailbox servers, by deploying additional SQL Server instances or moving more mailboxes to the server. In some cases, you can virtualize server workloads in one scenario, but not in another. For example, in a very large domain with thousands of users logging on simultaneously, it may not be practical to virtualize a domain controller. However, in a smaller domain or in a branch office deployment, virtualizing domain controllers may be your best option.

Overview of Virtualization Solution Accelerators You can use MAP to conduct network-wide deployment readiness assessments, and to determine whether you can migrate Microsoft technologies such as servers, desktops, and applications, to a virtual environment. Using MAP, you now can determine which servers you can upgrade to Windows Server 2012, which servers you can migrate to virtual machines on Hyper-V in Windows Server 2008, and which client computers you can upgrade to Windows 7. MAP is the primary tool to help you identify which applications, desktops, and servers would make ideal candidates for virtualization. You can use MAP to perform the following key functions: •

Hardware inventory. MAP uses a secure process, which does not utilize an agent, to collect and organize system resources and device information across your network from a single networked computer. Some of the examples of the information that MAP returns includes operating system information, system memory details, installed drivers, and installed applications. MAP saves this information in a local database, and then uses it to provide you with specific reports and recommendations.

MCT USE ONLY. STUDENT USE PROHIBITED

1-18 Evaluating the Environment for Virtualization

MAP uses technologies that are already available in your IT environment to perform inventory and assessments. These technologies include Windows Management Instrumentation (WMI), the Remote Registry service, Simple Network Management Protocol (SNMP), AD DS, and the Computer Browser service. You can use MAP to inventory the following operating systems: o

Windows 8

o

Windows 7

o

Windows Vista

o

Windows XP Professional

o

Microsoft Office 2010 and previous Office versions

o

Windows Server 2012

o

Windows Server 2008 or Windows Server 2008 R2

o

Windows Server 2003 or Windows Server 2003 R2

o

Windows 2000 Professional or Windows 2000 Server

o

Windows Internet Explorer 9 and previous versions

o

Hyper-V

o

Microsoft Lync

o

System Center Configuration Manager

o

System Center Endpoint Protection

o

SQL Server

o

VMware vSphere

o

VMware vCenter

o

VMware ESX

o

VMware ESXi

o

VMware Server

o

Select Linux distributions

o

LAMP application stack discovery

o

MySQL

o

Oracle

o

Sybase

o

Data analysis. MAP performs a detailed analysis of hardware and device compatibility for migration to: 

Windows 8



Windows 7



Windows Server 2012



Windows Server 2008 R2



SQL Server 2012



SQL Server 2008 R2



Microsoft Office 2010



Office 365

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-19

MAP helps to gather performance metrics, and then generates server consolidation recommendations. These recommendations identify candidates for server virtualization, including how you might place the physical servers in a virtualized environment. •

Readiness reporting. MAP generates reports containing both summary and detailed assessment results for each migration scenario. MAP provides these results in Microsoft Excel and Microsoft Word documents. Readiness reports are available for many technologies including Windows 8 and Windows Server 2012. MAP also helps to gather performance metrics and generates server consolidation recommendations. These recommendations identify the candidates for server virtualization, and makes suggestions for how you might place the physical servers in a virtualized environment.

The latest version of MAP includes planning for migrating to Office 2013, migrating to the latest Windows Server and Windows client operating systems, and migrating workloads to Windows Azure.

Infrastructure Planning and Design Guides

The Infrastructure Planning and Design guides are free guides that describe architectural considerations, and streamline the design processes for planning Microsoft infrastructure technologies. Each guide addresses a unique infrastructure technology or scenario, including server virtualization, application virtualization, and Remote Desktop Services implementations.

Windows Server Virtualization Guide The Windows Server Virtualization Guide focuses on an earlier version of Hyper-V. However, it still provides guidance on how to plan and implement server virtualization on Hyper-V.

Hyper-V Security Guide

Implementing virtualization can increase the number of security issues that you must consider. This is because you must secure both the host computer and the virtual machines. The Hyper-V Security guide provides guidance and recommendations to address key security concerns about server virtualization.

Assessment Features of the MAP Toolkit Microsoft provides MAP as the primary tool for server virtualization planning. It is easy to install and it guides administrators through evaluation by making use of built-in wizards, configurations, and reports.

MCT USE ONLY. STUDENT USE PROHIBITED

1-20 Evaluating the Environment for Virtualization

Gathering information over time is one evaluation factor. You may already have evaluation data suitable for inclusion. For example, if you use Operations Manager to monitor your physical servers and virtual machines, your inventory and performance data may already be collected. You could use these Operations Manager reports to gather useful information. When you want to plan for capacity and growth, you can use DPM to review data trends by running capacity reports. The following section summarizes MAP features that you can use for server virtualization assessments.

MAP Discovery

MAP can discover Windows, Linux, Unix, and VMware servers, computers, and virtual machines. It has the following discovery methods and requirements for creating an inventory: •

AD DS. Requires domain credentials. You can use this method to discover all computers in all domains, or in specified domains, containers, and organization units.



Windows networking protocols, using WIN32 LAN Manager application programming interface (API). Requires the Computer Browser service to be running on the computer, or the server running MAP. You can use this method to discover Windows workgroups and Windows NT 4.0 domains.



Configuration Manager. MAP can use either Configuration Manager or Microsoft Systems Management Server (an older version of Configuration Manager), for discovery. For discovery, you require the primary site server name and appropriate credentials for Configuration Manager or Systems Management Server.



IP Address Range. You can scan for computer and servers using one or more IP address ranges, up to a maximum of 100,000 addresses.



NetBIOS names. You also can discover computers and servers by entering their NetBIOS names manually, or by importing the names from a text file.

MAP Performance Metrics After you have an inventory of discovered hardware, you can collect performance metrics for your assessment. To gather performance metrics, you must run the Performance Metrics Wizard. You can collect metrics for Windows and Linux-based machines by using WMI or Secure Shell. The minimum collection period is 30 minutes. You are prompted to schedule an end date and time for when the collection should stop. Note: If required, you can use the Performance Metrics Wizard to collect additional metrics. You must choose either to discard previous metrics or append the new ones to existing data. While the performance metric data collection is running, you may not be able to perform other tasks with MAP.

MAP Hardware Configuration

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-21

MAP hardware configuration provides you with details for the proposed hardware that you should use for your virtualization host servers. When you run the Hardware Library Wizard, you can enter the resources such as the number and type of processors, amount of RAM, and storage capacity. After configuring these hardware parameters, you can determine the number of host servers required. If required, you also can create a configuration for shared storage and network configurations, which will help ensure that you plan clusters and share components correctly.

MAP Server Consolidation The MAP Server Virtualization and Consolidation Wizard can help provide planning guidance for the following versions of Hyper-V: •

Window Server 2012 Hyper-V



Window Server 2008 R2 Service Pack 1 (SP1) Hyper-V



Window Server 2008 R2 Hyper-V



Window Server 2008 Hyper-V

To use the wizard, you must first complete an inventory, gather performance metrics, and input the hardware configuration. When you run the wizard, you can select a utilization ceiling on the proposed hardware, which allows for periodic spikes in utilization. The utilization settings include processor, memory, storage capacity, storage I/O operations per second, and network throughput. Upon completing this wizard, MAP will provide you with the recommended number of hosts.

MAP Private Cloud Fast Track

The MAP Private Cloud Fast Track Wizard provides guidance based upon a program that is a joint effort between Microsoft and its hardware partners. The goal of the program is to help organizations decrease the time, complexity, and risk of implementing private clouds.

Demonstration: Assessing the Computing Environment by Using MAP In this demonstration, you will see how to use MAP for planning server virtualization, including: •

Install MAP.



Use MAP to collect inventory data.



Use MAP to collect performance data.



Create a hardware configuration.

Demonstration Steps Install MAP 1.

Sign in to LON-CL1, and then navigate to and run the file \\lon-dc1\e$\labfiles\mapsetup.exe.

2.

In the Microsoft Assessment and Planning Toolkit Setup Wizard, on the Installation Successful page, ensure that the Open the Microsoft Assessment and Planning and Toolkit check box is selected, and then click Finish.

3.

On the Datasource page, in the Create or select a database section in the Name text box, type Demo, and then click OK.

Use MAP to collect inventory data 1.

In MAP, click Server Virtualization, and then click Collect inventory data.

2.

In the Inventory and Assessment Wizard, on the Inventory Scenarios page, select both Windows computers and Use Active Directory Domain Services (AD DS).

3.

On the Active Directory Credentials page, use the following credentials: o

Domain: Adatum

o

Account name: administrator

o

Password: Pa$$w0rd

MCT USE ONLY. STUDENT USE PROHIBITED

1-22 Evaluating the Environment for Virtualization

4.

On the Active Directory Options page, ensure that Find all computers in all domains, containers, and organizational units is selected, and then click Next.

5.

On the All Computer Credentials page, use the following credentials: o

Domain: Adatum

o

Account name: administrator

o

Password: Pa$$w0rd

6.

Complete the wizard.

7.

When the Inventory and Assessment page opens, review the results of the data collection, wait for the assessment to show as complete, and then close the page.

Use MAP to collect performance data 1.

Run the Performance Metrics Wizard.

2.

In the wizard, select all computers.

3.

On the All Computer Credential page, ensure that the adatum\administrator account is selected.

4.

Review the details on the metrics page, and then close the window.

Create a hardware configuration

Before you can work with MAP features, you must first cancel the running process that was initiated in the previous step. 1.

At the bottom left of the MAP console screen, in the running task drop-down list box, click Cancel processing, and then click Yes.

2.

Under the Steps to complete section, click Create hardware configuration.

3.

On the Choose Scenarios page, click General Server Consolidation/Desktop Virtualization, and then click Next.

4.

On the Hardware Configuration page, click Create New, and in the Create New text box, type Server-Type1.

5.

Complete the wizard using approximate values based on a server that you might use.

Designing a Solution for Server Virtualization Many organizations that adopt server virtualization develop a server implementation policy to virtualize all new and replaced systems. These organizations opt for deploying physical hardware as an alternative to virtualization only when a valid reason exists, such as when custom server hardware is incompatible with server virtualization, or when a server application vendor does not support their application on virtualized servers.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-23

You now can use Windows Server 2012 R2 to deploy servers with up to 320 logical processors and 4 terabytes (TB) of system memory. This, in turn, allows new capabilities for virtual workloads and is a significant improvement over earlier hypervisors. Implementing a new virtualization solution can often include assessing physical and virtual servers, or assessing an existing virtualization solution. A new virtualization solution can provide an opportunity to consolidate physical servers, and in an existing server virtualization solution, it can improve virtual machine density per host, possibly by virtualizing some more demanding workloads. As a general guideline, each virtualization project should include the following steps: 1.

Determine the virtualization scope. The first step in planning a virtualization solution is to define the project’s scope. You may have one or more projects, each working to address different parts of an overall server virtualization strategy. To ensure that a project is successful, you need to define scope, milestones, and goals.

2.

Determine the workloads. Create a list of potential workloads that you want to virtualize, identify the workloads that cannot be virtualized, then use MAP to discover and inventory all the remaining servers. Collect the performance metrics of the required servers for a suitable period of time.

3.

Determine backup and fault-tolerance requirements for each workload. You use these requirements when designing the virtual server deployment. For example, some server workloads may require frequent and consistent backup of data located inside the virtual machine, while other server workloads may require just a virtual machine-level or configuration information backup. You use the fault-tolerance requirements for the server workload when you deploy clustered virtual machines, or to provide another method for ensuring high availability for the virtual machine.

4.

Use MAP to aid in the design of the virtualization hosts. Use the hardware configurations and the MAP Server Virtualization and Consolidation Wizard to assist in the design of the host server infrastructure. As a best practice, to simplify host server management you should consider creating a standard design for all virtualization hosts. Decide if you will require a maintenance host. As part of the host server design, you also need to consider the number of virtual machines that each host computer will be running.

5.

Map workloads to hosts. After designing the host server hardware, you can start mapping the virtual machines to the host servers. There are many factors that you need to consider during this design, including: o

Host server capacity. How many virtual machines can you place on a host?

o

Reserve capacity. How much of a resource buffer do you want to implement on each host computer?

o

MCT USE ONLY. STUDENT USE PROHIBITED

1-24 Evaluating the Environment for Virtualization

Virtual machine performance characteristics and resource utilization. Can you characterize the network, CPU, disk, and memory utilization for each of the virtual machines on a host? You may choose to deploy virtual machines with different resource requirements on the same host.

6.

Design host backup and fault tolerance. Use the information that you collected on the backup and fault tolerance requirements for the virtual machines to design a backup and high availability solution for the host computers.

7.

Determine storage requirements. As part of the server workload discovery, you should have documented the storage requirements for each virtual machine. Before moving the server workloads to virtual machines, ensure that you have space for both the operating system virtual hard disks and the data associated with each virtual machine. You also need to include storage availability and performance requirements. You can use the MAP share infrastructure configuration to assist.

8.

Determine network requirements. As a final step in the virtual machine design process, you also should plan the network design. When planning your network design, you should consider a number of factors: o

What type of network access do the virtual machines require? Most virtual machines likely will require access to the physical network, but some virtual machines may only need to communicate with other virtual machines on the same host computer.

o

How much network bandwidth does each virtual machine require?

o

What are the network reliability requirements for each virtual machine?

o

Will Network Virtualization be used?

o

What non-Microsoft virtual switches will be required?

Note: A successful virtualization project is a well-documented project. Often, when adopting a new virtualization technology, a proof of concept (POC) can be of great help in determining the final infrastructure. A POC can also help bring staff up to speed on the deployment and management technologies that will be used in the final solution.

Lesson 4

Extending Virtualization to the Cloud Environment

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-25

In this lesson, you will review some of the features in Window Azure, the public cloud services offering from Microsoft. You will also learn about how and why you might want to join an on-premises infrastructure to a public cloud infrastructure, and how you could make use of a hybrid cloud computing solution.

Lesson Objectives After completing this lesson, you should be able to: •

Describe the purpose and features of Windows Azure.



Describe Windows Azure services.



Explain how to create and run virtual machines in Windows Azure.



Explain how to extend a data center.

What Is Windows Azure? Windows Azure is the name for the public cloud services offering from Microsoft. Window Azure services are delivered over the Internet from Microsoft data centers. Microsoft customers can subscribe to a variety of the Windows Azure services that are running in these data centers, and at a fraction of the cost of purchasing and hosting their own hardware or building their own services and software. Windows Azure delivers services such as PaaS, IaaS, and SaaS.

Individuals, customers, and Microsoft partners can use several methods to access Window Azure– based services. Partners have access to programs such as Windows Azure platform Cloud Essentials for Partners, and Cloud Accelerate. Both customers and partners can access resources through MSDN and through the Microsoft BizSpark program, each of which provides a predefined amount of resources and services to build solutions. Windows Azure Free Trial http://www.windowsazure.com/en-us/pricing/free-trial/

Windows Azure Services Windows Azure services are grouped into four categories: compute, data services, app services, and virtual networks.

Compute

MCT USE ONLY. STUDENT USE PROHIBITED

1-26 Evaluating the Environment for Virtualization



Websites. You can use website services to develop and deploy more secure and scalable websites, which includes integration with many source control technologies. Windows Azure supports many languages including ASP.NET (sometimes known as classic ASP), PHP, Node.js, and Python. You can also deploy a choice of SQL Server databases, or deploy MySQL. The Web Application Gallery has many open source applications, frameworks, and templates available, including WordPress, Umbraco, DotNetNuke, Drupal, Django, CakePHP, and Express.



Virtual machines. You can build virtual machine instances from scratch, from templates, or you can build them on your own site, and then transfer them to Windows Azure (or the other way around). Virtual machines can run a variety of workloads including many Microsoft-certified workloads such SQL Server, SharePoint Server, and BizTalk Server.



Mobile services. You can use these services to build mobile phone apps, including storage, authentication, and notification services for Windows apps, Android apps, and Apple iOS apps.

Data Services •

SQL Database. Windows Azure includes a SQL Database offering, previously known as SQL Azure Database. SQL Database provides interoperability, enabling customers to build applications using most development frameworks.



HD Insight. Windows Azure HDInsight is the Hadoop-based solution from Microsoft. Hadoop is used to process and analyze Big Data.



Backup. You can back up directly to Windows Azure. You can configure the cloud backups from the backup tools in Windows Server 2012 R2, or from System Center 2012 R2.

App Services •

Media Services. You can use media services to create, manage, and distribute media across a large variety of devices such as Xbox, computers running the Windows operating system, MacOS, iOS, and Android.



Messaging. The Windows Azure Service Bus provides the messaging channel for connecting cloud applications to on-premises applications, services, and systems.



Windows Azure Active Directory (Windows Azure AD). This is a modern, Representational State Transfer-based service that provides identity management and access control capabilities for cloud applications. It is the identity service used across Windows Azure, Office 365, Microsoft Dynamics CRM Online, Windows Intune, and other non-Microsoft cloud services. Windows Azure AD also can integrate with on-premises Active Directory deployments.

Network

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-27



Windows Azure Virtual Network. You can use the Windows Azure Virtual Network (Virtual Network) to create a logically isolated section in Windows Azure, and then connect it securely either to your on-premises data center, or to a single client machine, using an IPsec connection. Virtual Network is discussed more in-depth in the next topic.



Windows Azure Traffic Manager. Windows Azure Traffic Manager (Traffic Manager) is used to loadbalance inbound traffic across multiple Windows Azure services. This ensures the performance, availability, and resiliency of applications.

Virtual Machines in Windows Azure With Windows Azure, you can create and run your own virtual machines in the same way that you create and run on-premises servers. Windows Azure virtual machines are highly available and can be consumed when and as you need them.

Creating Virtual Machines After you log on to Windows Azure, you use a simple, intuitive interface that displays a list of technologies that you can work with and deploy. You can create a virtual machine by clicking the Virtual Machines icon, and from there you can choose to create a new virtual machine from scratch, or you can use templates to create the virtual machine. Templates may have the base operating system installed, and in some cases, they may include an additional application that is ready for you to work with or evaluate. The following list are few of the available virtual machine templates in the Windows Azure gallery: •

Windows Server 2012 Datacenter



Windows Server 2012 R2



Windows Server 2008 R2 SP1



SharePoint Server 2013



SQL Server 2014 Community Technology Preview 1 (CTP1) Evaluation Edition



SQL Server 2012 SP1 Standard Edition



BizTalk Server 2013 Enterprise



BizTalk Server 2013 Evaluation

In addition to the above lists, the Windows Azure gallery includes many Linux installation templates.

Apart from deploying a virtual machine from a template, you can create and capture your own images using familiar tools such as Sysprep, or you can create virtual machines on-premises, and then import the virtual machines into Windows Azure. Creating and Uploading a Virtual Hard Disk that Contains the Windows Server Operating System http://go.microsoft.com/fwlink/?LinkID=386656

Extending Your Data Center Virtual Network makes it easier to extend your data center by using Windows Azure in the same way that you might connect to a remote office. You manage the network topology and configuration in the same way you would for your on-premises infrastructure. You might want to connect your own infrastructure to your private Windows Azure network to meet the demands of several different scenarios. For example, you may want to connect your infrastructure and your private Windows Azure network if you are: •

Building a distributed application that is scalable on Windows Azure-hosted web servers, and are building a database or data store that resides on your own physical infrastructure.



Creating a client extranet.



Building a test lab or development environment.



Needing to extend you own infrastructure rapidly. Create a Virtual Network for Site-to-Site Cross-Premises Connectivity http://go.microsoft.com/fwlink/?LinkID=386655

MCT USE ONLY. STUDENT USE PROHIBITED

1-28 Evaluating the Environment for Virtualization

The Windows Azure Pack includes Windows Azure technologies that you can run inside your data center, and that enable you to offer your customers self-service and multi-tenant services.

Windows Azure Pack integrates with System Center 2012 R2 and Windows Server 2012 R2, and provides an interface that has the look and feel of the Windows Azure Management Portal. The Windows Azure Management Portal is customizable and offers a self-service user experience for provisioning, monitoring, and managing services such as Web Sites, Virtual Machines, and Service Bus. The Windows Azure Pack also has automation capabilities and additional custom services that include a runbook editor, and an execution environment. To find out more about the Windows Azure Pack for Windows Server, you can download and read the whitepaper from the following link: Windows Azure Pack for Windows Server http://go.microsoft.com/fwlink/?LinkID=386652

Lab: Evaluating the Environment for Virtualization Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-29

A. Datum Corporation is a medium-sized manufacturing company that has four subsidiaries. Each subsidiary has several hundred employees and its own data center. All subsidiaries are connected with high-speed network connections. A. Datum IT infrastructure uses only physical servers.

A. Datum is rapidly expanding. To provide greater flexibility and the capability to respond quickly to rapidly changing business environments, IT management has decided to virtualize many of the existing servers, and deploy as many new servers as possible as virtual machines. A. Datum is planning to adopt Hyper-V on Windows Server 2012 R2 as their virtualization platform.

As a senior server administrator at A. Datum, you are responsible for planning and implementing the virtualized infrastructure. The first step in deploying the virtual environment is to analyze the current A. Datum IT infrastructure, and to identify the appropriate virtualization methods for different business requirements. In addition, you also need to evaluate the existing servers and identify which servers would be appropriate candidates for virtualization.

Objectives After completing this lab, you will be able to: •

Determine which virtualization method you should use, based on the scenario.



Install MAP, and use it to evaluate the existing environment.



Perform virtualization candidate assessments.

Lab Setup Estimated Time: 45 minutes Virtual machines: 20409B-LON-CL1, 20409B-LON-DC1 User name: Adatum\Administrator Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin, you must complete the following steps: 1.

On the host computer, start Hyper-V Manager.

2.

In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start.

3.

Repeat step 2 for 20409B-LON-CL1.

4.

Click 20409B-LON-CL1, and then In the Actions pane, click Connect. Wait until the virtual machine starts.

5.

Sign in by using the following credentials: o

User name: Administrator

o

Password: Pa$$w0rd

o

Domain: Adatum

Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines at the end of this lab. However, you can shut down all virtual machines after finishing this lab.

Exercise 1: Selecting the Appropriate Virtualization Method Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

1-30 Evaluating the Environment for Virtualization

In this paper-based exercise, you will select the appropriate virtualization method for a given scenario. Several different scenarios will be presented (including application compatibility issues, hardware consolidation, and application centralization), and you will decide which virtualization method you should use. The main tasks for this exercise are as follows: 1.

Design a virtualization solution to resolve a remote worker application scenario.

2.

Design a solution for a Microsoft Office upgrade.

3.

Design a solution for the development team.

4.

Respond to the CEO’s green initiative enquiry.

 Task 1: Design a virtualization solution to resolve a remote worker application scenario A. Datum has just passed a remote worker policy that allows up to an additional 50 people to work remotely. Until now, only a few designated on-call IT staff were approved to work remotely, and they all have fixed lines and secure virtual private networks (VPNs). Remote workers will be required to use their own devices, although they should run the company’s applications, and ideally keep data such as documents, reports, and spreadsheets within the company network. 1.

Which virtualization technology can assist with the remote worker requirements?

2.

What are three of the components required to deliver the remote worker solution?

3.

Approximately four months after A. Datum has gone live with the remote worker solution, users begin to complain they cannot access the company systems from home. What could be a likely problem?

4.

When designing the virtualization solution, you must be able to accommodate a physical server failure by providing reasonable fast recovery. What are the options to achieve a fast recovery?

 Task 2: Design a solution for a Microsoft Office upgrade

A. Datum urgently needs to upgrade from Office 2007 to Office 2010 for all staff. However, the remote workers, some senior managers and most the IT staff should be piloting Office 2013 at the same time. Remote workers will need to have access to both Office 2010 and Office 2013.

Providing separate computers is not an option, and application compatibility issues might exist between different versions of Microsoft Office. 1.

Which virtualization technology could help you with these requirements?

2.

You create packages for the following products: o

Microsoft Office 2010

o

Office 2013

o

Windows 7 Professional

o

Windows 8 Professional

For which other operating system do you need to create packages?

 Task 3: Design a solution for the development team

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-31

A. Datum developers use Microsoft SharePoint and Microsoft SQL Server extensively. They frequently need hardware, more disk space, and extra memory for their computers that are running client hypervisors. Developers also frequently contact the helpdesk with requests for restores, or to confirm that their databases are backed up. You have some additional budget that you could use for hardware and software to help the development team, and to reduce the administrative and operation task load that they create. 1.

Which virtualization and management technology could you implement to improve the development department infrastructure?

2.

What tool can you use to find out how big the Hyper-V hosts must be to accommodate the developers’ current systems?

3.

Which System Center 2012 R2 component could help you delegate some virtual machine administration, and provide some elements of self-service to the developers?

 Task 4: Respond to the CEO’s green initiative enquiry

The Chief Executive Officer (CEO) of A. Datum has asked you to provide some feedback on how your new virtualization project will meet the company’s green initiatives. Your predecessor had already obtained quotes for more power and cooling feeds to each of the company’s five data centers, to accommodate high-density blade centers that would provide the core virtualization infrastructure. •

List a few suggestions that could form part of a report to the CEO.

Results: After completing this exercise, you should have evaluated a given scenario and selected the appropriate virtualization method for that scenario.

Exercise 2: Assessing the Environment by Using MAP Scenario

In this exercise, you will install MAP and assess your environment. As the classroom environment is limiting, you will use pre-created sample database to generate different reports including a consolidation report. You also will run the Server Consolidation Wizard. The main tasks for this exercise are as follows: 1.

Install MAP.

2.

Review assessments.

 Task 1: Install MAP 1.

On LON-CL1, navigate to and run the file \\lon-dc1\e$\labfiles\mapsetup.exe, and then click OK.

2.

In the Microsoft Assessment and Planning Toolkit Setup Wizard, on the Installation Successful page, ensure that the Open the Microsoft Assessment and Planning and Toolkit check box is selected, and then click Finish.

3.

On the Datasource page, in the Create or select a database section, in the Name text box, type Demo, and then click OK.

4.

Leave the MAP console open for the next task.

5.

Locate and extract the file MAP_Training_Kit.zip from \\lon-dc1\e$\labfiles to c:\map.

6.

From the Microsoft Assessment and Planning Toolkit, import map_sampleDB.bak, and use the database name of MAPDEMO.

7.

On the upgrade warning page, click Yes. This process may take a minute or two.

8.

When the sample map database has imported and upgraded successfully, click OK, and then click Close.

9.

Click File, click Select a Database, click MAPDEMO, and then click OK.

 Task 2: Review assessments

MCT USE ONLY. STUDENT USE PROHIBITED

1-32 Evaluating the Environment for Virtualization

1.

On LON-CL1, run the Server Consolidation Wizard.

2.

For virtualization technology, choose Windows Server 2012 Hyper-V, and then click Sample host.

3.

On the Utilization Settings page, type 75 in each field.

4.

On the Computer List page, select all the computers, and then complete the assessment.

5.

On the Summary page, review the settings, and then click Finish.

6.

When the assessment process completes, click Close.

7.

In the MAP console, on the Server Virtualization page, review the server consolidation information, and then run the Server Virtualization Report.

8.

In File Explorer, locate and open the report.

9.

At the bottom of the Excel workbook, click each tab and review the information in the report.

10. When finished, close Excel, and then close File Explorer.

Results: After completing this exercise, you should have installed MAP and assessed a virtualization environment.

Module Review and Takeaways Review Questions Question: What are some of the reasons that you would not virtualize a server or server application? Question: Which technology can assist you in managing large volumes of virtual machines and Hyper-V clusters?

Best Practice

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1-33

When working with the MAP toolkit, consider backing up your database regularly. If you are running assessments over a long period of time, the data could become critical to the timeframe of your project.

Common Issues and Troubleshooting Tips Common Issue In MAP, when you click on most operations, you receive a warning that states, “The task processor is currently busy. You cannot perform this operation while the task processor is running. Please wait for the task processor to complete or cancel the task process before retrying this operation.”

Troubleshooting Tip

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED 2-1

Module 2 Installing and Configuring the Hyper-V Role Contents: Module Overview

2-1

Lesson 1: Installing the Hyper-V Role

2-2

Lesson 2: Managing Hyper-V

2-12

Lesson 3: Configuring Hyper-V Settings

2-20

Lesson 4: Hyper-V Host Storage and Networking

2-26

Lab: Installing and Configuring the Hyper-V Role

2-33

Module Review and Takeaways

2-39

Module Overview

In production environments, a majority of the new servers are installed on virtual machines, and not on physical machines. Windows Server 2012 R2 supports virtualization, and you can run virtual machines on it as soon as you install the Windows Server Hyper-V role. With virtualization, many virtual machines are running on the same hardware. Therefore, it is important that Hyper-V is scalable and can utilize all resources that the physical host can provide. As you will typically manage Hyper-V host remotely, you should be familiar with how to use Hyper-V Manager, and how to use Windows PowerShell for day-to-day and repetitive tasks.

This module describes how to install the Hyper-V role on Windows Server 2012 R2 operating system, and how to perform basic configuration of the Hyper-V role. You will learn that Hyper-V is available as part of Windows Server 2012 R2, and as part of Microsoft Hyper-V Server 2012 R2, which is freely available on the Microsoft website. This module also describes Hyper-V scalability, the security model that Hyper-V uses, and some of the changes that will occur when you install the Hyper-V role. You will also learn how to manage Hyper-V from a GUI, and by using Windows PowerShell. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.

Objectives After completing this module, you will be able to: •

Install the Microsoft Hyper-V role.



Manage Hyper-V.



Configure Hyper-V settings.



Describe Hyper-V host storage and networking.

Lesson 1

Installing the Hyper-V Role Before you can use virtualization on Windows Server 2012, you must first install the Hyper-V role. The Hyper-V role is included in the following Windows products: •

Windows Server 2008 (64-bit edition)



Windows Server 2008 R2



Windows Server 2012



Windows Server 2012 R2



Windows 8 and Windows 8.1 Pro



Windows 8 and Windows 8.1 Enterprise

MCT USE ONLY. STUDENT USE PROHIBITED

2-2 Installing and Configuring the Hyper-V Role

Client Hyper-V is the Hyper-V feature that comes with the Windows 8 and Windows 8.1 client operating systems. In addition to having Client Hyper-V available as a role in these products, Microsoft Hyper-V Server 2012 is available as a free download. You can install the free edition on new hosts as the underlying operating system. Hyper-V is a Layer 1 Hypervisor virtualization platform, which can run multiple isolated virtual machines on the same physical host machine. Because many virtual machines may be running on the same physical hardware, you must ensure that enough resources are available. When planning for the server hardware, you should consider the required resources such as disks, storage, networking, and high availability.

This course refers to the Windows Server 2012 R2 server with the Hyper-V role installed as a Hyper-V host. Hyper-V Server is a separate operating system, which also includes the Hyper-V feature.

Lesson Objectives After completing this lesson, you will be able to: •

Identify server platforms that provide Hyper-V as a feature.



Describe Hyper-V and virtual machine scalability.



Describe Hyper-V architecture.



Describe considerations for disk and storage.



Describe considerations for networking.



Describe considerations for high availability.



Explain changes on the host after installing the Hyper-V role.



Install the Hyper-V role.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Server Platforms That Provide Hyper-V Hyper-V is the Microsoft hypervisor (virtualization platform) that you can use to run multiple virtual machines on the same physical computer. Microsoft first introduced Hyper-V in Windows Server 2008, and has included it with the newer Windows Server operating systems. You can also obtain Hyper-V as part of the Hyper-V Server standalone product, and with Windows 8 or newer Windows client operating systems.

2-3

Hyper-V requires 64-bit architecture, whereas virtual machines that run in Hyper-V can be either 32-bit or 64-bit. The Hyper-V role is part of both the Standard and Datacenter editions of Windows Server 2012 R2, and Windows Server 2012 R2 is available only as a 64-bit operating system. Hyper-V Server 2012 R2 is a 64-bit operating system, and the Hyper-V feature is available only with the 64-bit version of Windows client operating systems, which are the Pro and Enterprise editions only.

Comparison of Hyper-V Features on Different Platforms

When you compare Hyper-V features on different platforms, you may notice that the Hyper-V role in Windows Server 2012 R2 has the same features as in Hyper-V Server 2012 R2. In fact, Hyper-V Server is a Server Core installation of Windows Server 2012 R2 on which only one role (Hyper-V) is available. You can manage this iteration of Hyper-V Server locally only from a command line. In comparison, Windows Server includes additional roles and features (such as Dynamic Host Configuration Protocol (DHCP) server), and you can manage the Hyper-V role locally from either a GUI or a command line. Hyper-V Server 2012 R2 is a free product, but it does not include any license for operating systems in virtual machines. This means that you should consider licensing for your virtual machines in your planning process.

Standard vs. Datacenter Editions

Windows Server 2012 R2 Standard and Windows Server 2012 R2 Datacenter editions are both licensed per physical processor, and include licenses either for two virtual machines running the Windows Server Standard operating system, or for unlimited virtual machines running the Windows Server Datacenter operating system.

Aside from virtualization rights, the only other difference between the Windows Server 2012 R2 Standard and Datacenter editions is that the Windows Server 2012 R2 Datacenter edition provides automatic activation of virtual machines (qualifying Windows Server operating systems), whereas the Windows Server 2012 R2 Standard edition has no such feature. Currently, the only qualified Windows Server 2012 R2 operating systems that are activated automatically are the Standard, Datacenter, and Essentials editions. Hyper-V Server 2012 R2 has the same virtualization capabilities as Windows Server 2012 R2, including high availability and live migration; however, it does not include any GUI interfaces, or any additional roles, or virtualization rights.

Client Operating Systems

Client Hyper-V in Windows client operating systems does not provide server-level features such as high availability or live migration. However, Client Hyper-V has the same foundation, and uses the same technology and file formats, which means that virtual machines that you create on Windows client

MCT USE ONLY. STUDENT USE PROHIBITED

2-4 Installing and Configuring the Hyper-V Role

operating systems can be used on Windows Server 2012 or Windows Server 2012 R2 and vice versa. You can use Hyper-V management tools that are included with Windows client operating systems for managing Hyper-V in Windows Server 2012 or Windows Server 2012 R2—for example, on Hyper-V Server 2012 R2. Licensing Windows Server 2012 for use with virtualization technologies http://go.microsoft.com/fwlink/?LinkID=386661 Competitive Advantages of Microsoft Hyper-V Server 2012 over the VMware vSphere Hypervisor http://go.microsoft.com/fwlink/?LinkID=386662 Automatic virtual machine activation http://go.microsoft.com/fwlink/?LinkID=386667 Windows Server 2012 R2 http://go.microsoft.com/fwlink/?LinkID=386676 Question: Your company is using Hyper-V in Windows Server 2012 R2 as a virtualization infrastructure. You are evaluating Virtual Desktop Infrastructure (VDI) for your company, which would provide Windows 8.1 desktops to 20 employees in the Finance department. Can you use Windows Server 2012 R2 Datacenter virtualization rights for setting up virtual desktops for the users in the Finance department?

Hyper-V and Virtual Machine Scalability When you are using virtualization, typically you are running multiple virtual machines on the same physical hardware. It is important that the physical hardware has enough resources (CPU, random access memory (RAM), storage, and network bandwidth) to run multiple loads, and to provide high availability and redundancy. In addition, the operating system on the physical server must be able to utilize all available resources. Previous releases of Hyper-V had some limitations. For example, previous Hyper-V versions supported up to 1 terabyte (TB) of physical RAM and up to 64 CPUs. However, Hyper-V in Windows Server 2012 and Windows Server 2012 R2 support significantly larger configurations and can fully utilize the most powerful servers.

Hyper-V enables you to create virtual machines with up to 64 virtual CPUs and 1 TB of virtual RAM, which means that you can virtualize high-performance, scale-up workloads. Virtual hard disks can be up to 64 TB in size, and virtual machines can have virtual Fibre Channel adapters to access Fibre Channel storage area networks (SANs) directly. Hyper-V in Windows Server 2012 R2 adds Generation 2 virtual machines, which support Unified Extensible Firmware Interface (UEFI), Secure Boot, and booting from small computer system interface (SCSI) controllers.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-5

Because today’s physical servers are more powerful and have more resources, it is important that the virtualization platform can utilize them. The following table lists the maximum resources that Hyper-V can utilize. Component

Maximum

Logical processors

320

Running virtual machines per server

1,024

Virtual processors per server

2,048

Memory

4 TB

Physical network adapters

No limits imposed by Hyper-V

Note

This is the number of cores that Hyper-V can utilize.

No virtual processor per logical processor ratio is imposed by Hyper-V.

Each external virtual switch requires a separate adapter.

The following table lists the maximum resources that you can configure on each virtual machine. Component

Maximum

Virtual processors

64

Memory

1 TB

Virtual hard disk capacity

64 TB / 2 TB

Virtual integrated device electronics (IDE) disks

4

Virtual SCSI disks

256

Virtual Fibre Channel adapters

4

Checkpoints

50

Virtual network adapters

12

Note: The .vhdx format supports 64 TB, and the .vhd format supports 2 TB.

With virtualization, multiple virtual machines are running on the same physical host. Therefore, the virtualization platform should be highly available. To meet this requirement, Hyper-V utilizes the failover clustering feature. The following table lists the maximum number of components that apply to a Hyper-V failover clustering environment. Component

Maximum

Nodes per failover cluster

64

Running virtual machines per cluster

8,000

Note

Nodes should have enough resources if failover happens.

Hyper-V Scalability in Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=386675 Question: You plan to virtualize a computer that is running Microsoft SQL Server. The computer has 8 processors and 96 gigabytes (GB) RAM. Can you virtualize the computer on Hyper-V in Windows Server 2012 R2 and have the same resources? Can you virtualize it on Hyper-V on servers running Windows Server operating systems prior to Windows Server 2012?

Hyper-V Architecture When you install Windows Server 2012 R2, the operating system accesses the server hardware directly by using device drivers. Device drivers run in the kernel mode and have full system access. Programs such as Microsoft Office are executing in the user mode and have limited access to the system.

MCT USE ONLY. STUDENT USE PROHIBITED

2-6 Installing and Configuring the Hyper-V Role

After you add the Hyper-V role to Windows Server 2012 R2, a thin hypervisor layer between the operating system and the server hardware is added, which is one of the reasons a system restart is required. The currently installed operating system moves into the parent partition, from where you can create and manage child partitions. Child partitions are isolated and often called virtual machines. The virtualization stack runs within the parent partition, and by using device drivers in the parent partition, has direct access to server hardware. Child partitions cannot access server hardware directly. Instead, they are presented with virtual devices, which communicate through the virtual machine bus (VMBus) with virtual service providers in the parent partition. Device access requests from child partitions are redirected either through the VMBus or through the hypervisor to the device drivers in the parent partition. The VMBus manages the requests, and it is a logical and the fastest communication channel between parent and child partitions. The parent partition hosts virtual Service Providers, and child partitions host Virtual Service Clients, which redirect device requests to virtual Service Providers in the parent partition through the VMBus. Hyper-V provides software infrastructure and management tools that you can use to create and manage child partitions. You can install a 32-bit or 64-bit operating system into child partitions. Newer operating systems such as Windows Server 2012 R2, Windows 8.1, or certain Linux distributions are aware that they are running in virtual environment and that they include VMBus support. Older operating systems such as Windows Server 2008 do not include VMBus support by default, but you can add support by installing Integration Services. Legacy operating systems that are not supported by Integration Services can still run in the child partition, but they will not be able to use VMBus, and device emulation will be used for all virtual devices. Hyper-V architecture http://go.microsoft.com/fwlink/?LinkID=386663 Question: You install Windows Server 2012 R2 on a virtual machine named VM1. Can you monitor disk input/output (I/O) for the physical server from VM1?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Considerations for Disk and Storage Each server role has different disk and storage requirements, and the same is true for the Hyper-V role. Hyper-V hosts run multiple virtual machines, and each virtual machine requires enough storage and disk access that is also as fast as possible and high availability. To provide faster access, Hyper-V hosts will typically have multiple disks. solid-state drives (SSDs) are not uncommon, because they provide much higher access and throughput. Most Hyper-V hosts also use shared storage, which is recommended for high availability.

2-7

Although you can configure virtual machines to access disks directly, they typically use virtual hard disks, which are managed by the Hyper-V host. Hyper-V can use the following different types of physical storage to store virtual hard disks: •

Direct-attached storage (DAS). DAS is storage that is directly attached to the physical host. You can use different bus types for attaching DAS, such as SCSI, Serial Attached SCSI, Serial ATA (SATA), external Serial Advanced Technology Attachment, or USB. USB is never recommended for server environments.



SAN. SAN is storage that the operating system on the host accesses over a dedicated or nondedicated network. SAN provides block-based access, and is presented as local storage by the host. You can use protocols such as Internet SCSI (iSCSI), Serial Attached SCSI, or Fibre Channel for attaching SAN storage. You can use SAN for shared storage, and it is often used for this purpose.



Network-attached storage (NAS). NAS is storage that the host operating system accesses over a network, and it provides file-based access. Windows Server 2012 and newer versions can use file shares as the storage for storing virtual hard disks over Server Message Block (SMB) 3.0 or newer protocols. Shared folders are increasingly popular, because they are an inexpensive option for shared storage, and they provide additional benefits such as SMB Transparent Failover, SMB Multichannel, and SMB Direct.

Aside from the operating system on the Hyper-V host, each virtual machine requires additional storage for its data files. Virtual machines can utilize much more storage than is required for the virtual machine operating system, installed programs, and data files. It is also important to remember that virtual machine storage requirements can increase through time. Virtual machines use storage for: •

.vhd and .vhdx files. These files include the entire hard disk content, as the virtual machine sees it. This includes operating system files, applications, and user and data files. Based on the virtual hard disk type, .vhd or .vhdx files can be single or multiple files, and they can have fixed size or can be dynamically expanding. Although a single virtual machine typically does not have many virtual hard disk files, their size is considerable and can be measured in gigabytes.



Configuration. Configuration stores virtual machine settings, and specifies which virtual devices are for use by the virtual machine. Configuration settings are stored in XML format, and are a few kilobytes in size.



Checkpoints. Checkpoints are optional, and enable you to revert a virtual machine to an earlier state. Checkpoint size depends on the virtual machine state (is the virtual machine running or not), and the RAM that is assigned to the virtual machine. Prior to Windows Server 2012 R2, checkpoints were also referred to as snapshots.



MCT USE ONLY. STUDENT USE PROHIBITED

2-8 Installing and Configuring the Hyper-V Role

Saved state. Saved state is created when you save a virtual machine. It includes the virtual machine memory, which is written to the hard disk. Saved state size is approximately the same size as the virtual machine RAM.

Note: Later in this module, you will find more extensive and in-depth information on how the Hyper-V host uses disk and storage. Question: Which virtual machine component requires the most storage space?

Considerations for Networking For some workloads, a single network interface card (NIC) may be sufficient; however, Hyper-V hosts will often have multiple NICs. Although a Hyper-V host can be fully functional with a single NIC, we do not recommend this. A single NIC does not provide redundancy, and if the NIC fails, the Hyper-V host and all the virtual machines that are running on that host will lose network connectivity. A Hyper-V host may need to have more NICs for a number of reasons, including higher bandwidth for multiple virtual servers sharing the same pipe, better performance, management, and redundancy. There is no single best recommendation on how many NICs a Hyper-V host should have, and different factors such as virtualization load, storage type used, and Hyper-V features used, can all influence that number. Consider the following recommendations as basic guidance: •

A dedicated NIC for host management. Because you may manage the Hyper-V host remotely, you may want to have a dedicated NIC just for that purpose. We typically do not recommend that you use the same NIC for virtual machine access and Hyper-V management.



At least one NIC for virtual machine networks. If you want to provide virtual machines with connectivity to an external network, you should dedicate at least one NIC for that purpose. This number can increase for more complex virtual network scenarios, or if redundancy (such as NLB) is required. If some of your virtual machines require higher network bandwidth, then we recommend creating a network team of NICs within the host operating system, and then attaching the NIC network to the external network.



At least one (and in some cases multiple) NICs for accessing shared storage (iSCSI or Fibre Channel). Storage communication should have a dedicated network, and the second NIC provides redundancy (multipath). This network also is used for accessing Cluster Shared Volumes (CSVs), if you are using Hyper-V failover clustering.



A dedicated NIC for failover clustering. We recommend that cluster nodes send heartbeat and other inter-node cluster communication over a dedicated network.



At least one NIC for live migration. Hyper-V can migrate virtual machine components such as virtual disks, configuration, and checkpoints between Hyper-V hosts. It can also migrate between Hyper-V hosts entire virtual machines that are running. You should use a dedicated network for live migration.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-9

Windows Server 2012 R2 includes Network Adapter Teaming (NIC Teaming), which you can use to consolidate multiple NICs and use them as a single interface. This provides higher network throughput and redundancy. You can also enable bandwidth management to limit bandwidth available to each network adapter in the virtual machine. Note: Module 4 provides a more details on NIC Teaming. Windows Server 2012 Hyper-V Best Practices http://go.microsoft.com/fwlink/?LinkID=386657 Question: Why would you not use the same network adapter in a Hyper-V host for performing remote Hyper-V administration, and for providing network access to virtual machines that are running on the Hyper-V host?

Considerations for Providing High Availability High availability enables service or virtual machines to be available even in a case of physical component failure. Without high availability, if a server fails, everything on that server is no longer available. If a server is running a single server load, outage caused by failure can be considerable. However, with virtualization, if a single server is running multiple virtual machines, outages caused by server failure multiply. Therefore, It is critical that virtual machines and services are highly available. When planning Hyper-V deployment, you should consider how to provide high availability for your load. When implementing virtual machines in Hyper-V, you have the following options: •

Hyper-V host-based failover clustering. You can implement failover clustering on the Hyper-V host servers, and then use the Failover Cluster Manager to configure the virtual machines to be highly available. You must configure Hyper-V hosts as Cluster Nodes, and configure them with properly configured shared storage. The shared storage must be able to store highly available virtual machines. If the Hyper-V host fails, the highly available virtual machine will fail over to another Hyper-V host in the failover cluster, and the cluster will attempt to restart the virtual machine. This will make the virtual machine available even if the Hyper-V host fails.



Guest failover clustering. This option provides high availability for cluster roles that are running inside virtual machines. You must configure virtual machines with shared storage, which can be on an iSCSI target, a Fibre Channel SAN, or a shared virtual hard disk that is stored on an SMB 3.0 share or scaleout file server. If a virtual machine fails, cluster roles that are running on the virtual machine will fail over to another virtual machine in the failover cluster, and the cluster will attempt to restart the failed virtual machine. This will make cluster roles available even if the individual virtual machine fails. You can use this approach with services and applications that are configurable as clustered roles.



Virtual machine-based Network Load Balancing (NLB). You can use NLB inside virtual machines just as you use NLB with physical servers. NLB provides fault tolerance for stateless applications by distributing inbound traffic across multiple virtual machines running the same application. If a virtual

MCT USE ONLY. STUDENT USE PROHIBITED

2-10 Installing and Configuring the Hyper-V Role

machine fails, remaining virtual machines in NLB will pick up the requests. When you implement NLB in a virtual machine environment, you should configure virtual machines on different Hyper-V hosts to be NLB members. With such configuration, the application that virtual machines provide is not disrupted if a Hyper-V host or virtual machine fails. •

Application-specific clustering. Some enterprise applications such as SQL Server or Microsoft Exchange Server have built-in failover capabilities. These applications can utilize failover clustering, but also include their own features such as database mirroring and continuous replication.

Each of these options provides a high availability solution in a Hyper-V environment. You should select the most appropriate option for each virtualized workload. Microsoft High Availability Overview http://go.microsoft.com/fwlink/?LinkID=386660 Question: You need to provide virtual machine-based failover clustering. What can you use for shared storage?

Host Changes After Installing the Hyper-V Role Hyper-V in Windows Server it is not installed by default. Based on your needs and preferences, you can install it locally or remotely by using different approaches. If you prefer using a GUI, you can add the Hyper-V role by using the Add Roles and Features Wizard from Server Manager. You can also add the role by using the Windows PowerShell Install-WindowsFeature cmdlet, or by using the dism.exe command in a Command Prompt window. After you add the Hyper-V role, you must restart the server twice before you can use Hyper-V. Installation of the Hyper-V role results in the following important changes to the host: •

The previously installed operating system is moved into the parent partition.



A hypervisor is added between the operating system and server hardware, and is configured to start automatically.



Hyper-V management tools such as the Hyper-V Manager snap-in, the Virtual Machine Connection tool, and the Hyper-V Windows PowerShell module are added to the parent partition.



Installing the Hyper-V role also adds several services, including Performance Monitor counters, Applications and Services logs, and Windows Firewall rules, and it creates the Hyper-V Administrators group in the parent partition. Question: How can you verify that you have added Hyper-V hypervisor successfully and configured it to start automatically on the host? Question: You installed the Hyper-V role in Windows Server 2012 R2. Do you need to create Windows Firewall rules to enable remote management of Hyper-V?

Demonstration: Installing the Hyper-V Role In this demonstration, you will see how to install the Hyper-V role.

Demonstration Steps

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-11

1.

On LON-HOST2, in Windows PowerShell, use the Get-WindowsFeature cmdlet to verify that the Hyper-V role is not installed.

2.

In Windows PowerShell, use the Get-Command –Module Hyper-V cmdlet to verify that the Hyper-V module is not yet installed.

3.

In Windows PowerShell, use bcdedit.exe to verify whether the hypervisor is configured to start automatically.

4.

On the Start screen, search for and confirm that no program with the word hyper in the name is installed.

5.

Confirm that only one counter starts with the word Hyper-V in Performance Monitor, Hyper-V Dynamic Memory Integration Service.

6.

Confirm that no inbound Windows Firewall rules that start with the word Hyper-V display.

7.

Install Hyper-V role on LON-HOST2 by using the Windows PowerShell cmdlet Install-WindowsFeature with the –IncludeManagementTools parameter.

8.

Switch to LON-HOST1.

9.

On LON-HOST1, in Windows PowerShell, use the Get-WindowsFeature cmdlet to verify that Hyper-V is installed.

10. In Windows PowerShell, use the Get-Command –Module Hyper-V cmdlet to verify that the Hyper-V module is installed. 11. In Windows PowerShell, use bcdedit.exe to verify that hypervisor is configured to start automatically. 12. Confirm that Hyper-V Manager and Hyper-V Virtual Machine Connection programs are installed. 13. Confirm that now there are multiple counters available in Performance Monitor that start with the word Hyper-V. 14. Confirm that now there are inbound Windows Firewall rules that start with the word Hyper-V.

Lesson 2

Managing Hyper-V

MCT USE ONLY. STUDENT USE PROHIBITED

2-12 Installing and Configuring the Hyper-V Role

You will usually manage Hyper-V remotely, and not locally on the server where you installed it. Regardless of from where you manage Hyper-V, you have two options: you can administer it in a GUI by using Hyper-V Manager, or by using Windows PowerShell. When you manage Hyper-V remotely, you must install the administrative tools locally on your remote machine. Ensure that you can connect to the server that is hosting the Hyper-V role, and that you have appropriate permissions that allow you to manage Hyper-V.

Lesson Objectives After completing this lesson, you will be able to: •

Describe the Hyper-V Manager console.



Explain the addition of the Hyper-V Manager console.



Install and use Hyper-V Manager.



Explain how to use Windows PowerShell to manage Hyper-V.



Explain how to manage Hyper-V in a workgroup environment.



Describe the Hyper-V Best Practices Analyzer.



Describe the Hyper-V security model.

Overview of the Hyper-V Manager Console You can use the Hyper-V Manager console to manage the Hyper-V host, and any virtual machines that you configure on the Hyper-V host. You can access this console in several ways, such as from Start screen, in Server Manager, from Administrative Tools in Control Panel, or by adding the Hyper-V Manager snap-in to a blank Microsoft Management Console (MMC). You can use Hyper-V Manager to administer multiple Hyper-V hosts, but for larger deployments, you should use other tools such as the Microsoft System Center 2012 – Virtual Machine Manager. Note: System Center 2012 R2 is required to manage Windows Server 2012 R2. System Center 2012 with Service Pack 1 (SP1) (or a newer version) is required to manage Windows Server 2012.

The Hyper-V Manager console has three panes. The navigation pane on the left provides a listing of all connected Hyper-V hosts. The details pane in the middle provides information about the virtual machines on the selected Hyper-V host. Detailed information includes their state, CPU usage, and assigned memory. You can also add or remove additional columns in this pane. The details pane also lists checkpoints (point-in-time snapshots), summary, memory, networking, and replication details for selected virtual machine. The Actions pane on the right is divided into two parts: at the top are the actions available for managing the Hyper-V host; below that is the contextual Actions pane that allows you to manage the

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-13

selected virtual machine. The same actions are available when you right-click the host in the navigation pane, or right-click the virtual machine in the details pane. Question: Your virtualization environment has three Hyper-V hosts. In Hyper-V Manager, can you view Manager the virtual machines on all three Hyper-V hosts simultaneously?

Adding the Hyper-V Manager Console When you install Hyper-V role by using the Add Roles and Features Wizard, the Hyper-V Manager console is added automatically. However, when you install the role by using the Install-WindowsFeature cmdlet, you must add the -IncludeManagementTools parameter. Otherwise, the Hyper-V Manager will not be installed. In addition, if you install Hyper-V with dism.exe, the Hyper-V Manager console is not added automatically. The Hyper-V Manager console and the Hyper-V Module for Windows PowerShell are Windows roles (and role services), and you can add them to any Windows Server 2012 R2 computers. This is especially useful if you need to manage Hyper-V from a server that does not have the Hyper-V role. You can also use Hyper-V Manager to manage Hyper-V Server 2012 R2 remotely from a GUI.

If you want to administer Hyper-V from a Windows 8 or newer Windows client operating system computer, you need only to turn on the Hyper-V Management Tools feature. This is because Hyper-V is part of the Windows client operating system. If you need to administer Hyper-V from a Windows 7 computer, you must first download and install Remote Server Administration Tools (RSAT) for Windows 7, and then you can turn on the Hyper-V Management Tools feature. You should be aware that if you want to administer Hyper-V from older operating systems such as Window 7 or Windows Server 2008 R2, you will not be able to configure all Windows Server 2012 R2 Hyper-V features. You can administer Hyper-V from your device even if Hyper-V Manager is not available for the device, provided it supports Remote Desktop Protocol (RDP). You can allow remote desktop connections to a computer where Hyper-V Manager is installed, and then connect to it from your device. Question: Do you need to install RSAT on a Windows 8.1 workstation if you want to use it for managing Hyper-V hosts?

Demonstration: Installing and Using Hyper-V Manager In this demonstration, you will see how to install and use Hyper-V Manager.

Demonstration Steps 1.

Sign in to LON-CL1 with the user name Adatum\Administrator and password Pa$$w0rd.

2.

Confirm that no program that has the word hyper in the name is installed on LON-CL1.

3.

In Windows PowerShell, use the Get-WindowsOptionalFeature cmdlet to confirm that Hyper-V management tools are not installed.

4.

Use the Windows Features window to enable the Hyper-V Management Tools feature.

5.

In Windows PowerShell, use the Get-Command –Module Hyper-V cmdlet to confirm that the Hyper-V module has been installed.

6.

Confirm that two programs, Hyper-V Manager and Hyper-V Virtual Machine Connection, are installed on LON-CL1.

7.

Add LON-HOST1 to Hyper-V Manager, and review Hyper-V Settings for LON-HOST1.

Using Windows PowerShell to Manage Hyper-V

MCT USE ONLY. STUDENT USE PROHIBITED

2-14 Installing and Configuring the Hyper-V Role

You can manage Hyper-V from the GUI by using the Hyper-V Manager console. However, that is not always practical, especially when you need to automate administrative tasks or perform the same task on multiple Hyper-V hosts or virtual machines. In such situations, Windows PowerShell is a solution that also works for administrators who prefer to use a command-line interface. Windows PowerShell is part of Windows Server, and it is designed for users to control and automate the administration of Windows operating systems. Everything that you can configure through a Windows GUI, you can also configure by using Windows PowerShell. This is also true for managing the Hyper-V role. In Hyper-V Manager, you can view available options either in the Actions pane, or when you right-click an object. To list all the Windows PowerShell commands (called cmdlets) that you can use to manage Hyper-V, from a Windows PowerShell window, simply run the following cmdlet: Get-Command -Module Hyper-V

You can pipe the result to the Measure alias by using the following command: Get-Command –Module Hyper-V | Measure

When you do this, you will discover that Windows Server 2012 R2 includes 178 cmdlets in the Hyper-V module. If you need the detailed cmdlet syntax, you can use the following command: Get-Help

If you remember only part of the cmdlet, you can use the following command, where part of name is the part of the cmdlet that you can remember: Get-Command cmdlet (Get-Command *part of name*)

Parts of Cmdlets Cmdlets have consistent verb-noun names, so in most cases you will know from a cmdlet name what action it will perform. Some examples are as follows: •

Cmdlets starting with Get- will return the object property values, and will not modify objects in any way.



Cmdlets starting with Set- will set object property values, and you can use these cmdlets for configuring objects.



Cmdlets starting with Disable- will disable objects.



Cmdlets starting with Enable- will enable objects.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-15

The second part of a cmdlet name specifies the object type on which the cmdlet will act. Some examples are as follows: •

Get-VMHost lists Hyper-V host information.



Set-VMSwitch configures a virtual switch by setting its properties.



Enable-VMMigration enables migration on one or more virtual machine hosts.

You can specify the server on which you want to run the cmdlet by using the -ServerName parameter. You also can specify more than one server: Get-VMHost -ServerName LON-DC1, LON-SVR1

Another Windows PowerShell feature is pipeline ( | ), which you can use to pass results between cmdlets. For example, if you want to save all virtual machines on LON-HOST1, you can run the following command: Get-VM -HostName LON-HOST1 | Save-VM

If you want to start only virtual machines that have DC in their name and are hosted on LON-HOST1, you can run the following command: Start-VM -Name *DC* -HostName LON-HOST1

When you run some cmdlets (for example Get-VMHost), you cannot see the entire output because of formatting. However, you can always format output differently, for example by directing the output to the Format-Table cmdlet (or to the ft alias): Get-VMHost -HostName LON-HOST1 | ft

These examples are very basic examples of what you can do with Windows PowerShell. By using these basic commands, you can start exploring Hyper-V with Windows PowerShell. You can also use Windows PowerShell Integrated Scripting Environment (ISE), which includes an editor in which you can run cmdlets. You also can use Windows PowerShell ISE to write, test, and debug scripts in a single GUI with multiline editing, tab completion, syntax coloring, selective execution, and context-sensitive help. Question: What must you do to be able to administer Hyper-V by using Windows PowerShell?

Managing Hyper-V in a Workgroup Environment A Hyper-V host can be an Active Directory Domain Services (AD DS) member, or a member of a workgroup. This has no effect on the virtual machines that are running on the Hyper-V host. However, AD DS membership greatly simplifies Hyper-V host management. AD DS does require additional infrastructure because domain controllers and a DNS server are required, but in most environments, they are already available and in use.

MCT USE ONLY. STUDENT USE PROHIBITED

2-16 Installing and Configuring the Hyper-V Role

When you install the Hyper-V role, Windows Firewall rules for remote management of Hyper-V are created, and by default, enable remote connections and management. If the Hyper-V host is an AD DS member, domain Group Policies apply to it. In this case, you can use your domain credentials to manage Hyper-V remotely if your user account has sufficient permissions, without any additional configuration. However, if Hyper-V host is not an AD DS member (which can be the case in small, high security, or test environments), additional configuration is required if you want to manage the Hyper-V host remotely. You must ensure that Windows Firewall allows remote management. In a server with a GUI, you create and enable firewall rules by default when you install the Hyper-V role. However, in a Server Core installation or in Hyper-V Server, you must enable firewall rules manually.

Remote management is enabled by default in Windows Server 2012 R2, but you still need to grant administrative rights remotely to local users, which you can do by running the command winrm quickconfig. You must also create a local user with the same username and password as the domain user that will be managing Hyper-V host, and then grant the local user sufficient permissions by adding him or her to the Hyper-V Administrators local group. Because Component Object Model (COM) security is set to allow remote access for Everyone by default, no further configuration on the Hyper-V host is required. Make sure that Hyper-V management tools are installed on the computer from which you want to manage the Hyper-V host remotely. Then, when you open the Hyper-V Manager console, you should be able to connect to the remote Hyper-V host and manage it remotely. Best Practice: To simplify configuration of a workgroup member Hyper-V host for remote management, use the Hyper-V Remote Management Configuration Utility (HVRemote). Hyper-V Remote Management Configuration Utility (HVRemote) http://go.microsoft.com/fwlink/?LinkID=386659 Question: Can you join virtual machines to the domain if they are running on a Hyper-V host that is a member of a workgroup?

Hyper-V Best Practices Analyzer Best practices for configuring a server are guidelines on how you should configure a server to be as effective and as secure as possible in a typical environment. For example, a best practice is to keep open only ports that the server requires to communicate with other computers, and to block all other unused ports. However, sometimes it is not possible to follow all best practices. This is not necessarily problematic, but it is helpful if you are aware of the best practices you are not implementing, and you can explain why you are configuring your server differently from the guidelines provided in the best practices.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-17

The Best Practices Analyzer (BPA) is a rule-driven framework that can scan server roles for compliance with best practices. The Hyper-V BPA in Windows Server 2012 R2 is installed as part of the Hyper-V role, and includes over 110 rules, which are grouped in several categories. Some of these categories are Hyper-V and virtual machine configuration, Networking, Storage, and Backup. Hyper-V BPA rules includes many best practice recommendations, such as the following: •

Hyper-V should be the only enabled role on the server.



The Server Core installation option for Windows Server 2012 is recommended for servers running Hyper-V.



Domain membership is recommended for servers running Hyper-V.



Virtual machines should be backed up at least once a week.



All networks for live migration traffic should have a link speed of at least 1 gigabits per second (Gbps).

BPA is available as part of Server Manager or as Windows PowerShell cmdlets, contained in the BestPractices module. You can use BPA to increase best practices compliance by scanning one or multiple roles simultaneously, on either local or remote Hyper-V hosts, and regardless of whether you run scans using the Best Practices Analyzer tile in Server Manager, or use Windows PowerShell cmdlets. You also can instruct BPA to exclude or ignore scan results that you do not want to view. BPA measures compliance with each best practice rule. Results can have one of the three following security levels: •

Error. Configuration is not compliant with best practices, and can potentially cause functionality problems.



Information. Configuration is compliant and in accordance with best practice rules.



Warning. Configuration is not compliant, and the results of noncompliance can cause problems if changes are not made. The configuration might be compliant as currently operating, but may not be compliant if changes are not made.

After you perform a BPA scan in Server Manager, you can view compliance results in the BPA section. When you select a result in this section, a preview pane in the section displays result properties, including an indication of whether the role is compliant with the best practice. If a result is not compliant, and if you want to know how to resolve the problem, you click links in the Error and Warning result properties section.

Run Best Practices Analyzer Scans and Manage Scan Results http://go.microsoft.com/fwlink/?LinkID=386668 Question: Should you always configure your Hyper-V host as best practices rules suggest?

Hyper-V Security Model You implement security for Hyper-V differently than for most other Windows components that control access to objects by using access control lists (ACLs). Hyper-V uses a role-based access control (RBAC) role, which means that resources are owned by the system, and users are granted access to these resources by being assigned to predefined roles. The Authorization Manager framework is used to configure RBAC for Hyper-V. Authorization Manager is deprecated in Windows Server 2012, but it is still available in Windows Server 2012 R2.

MCT USE ONLY. STUDENT USE PROHIBITED

2-18 Installing and Configuring the Hyper-V Role

Authorization Manager uses an authorization store for storing authorization information, and this store can either be located in Active Directory, an XML file, or SQL Server. The default Hyper-V authorization store is located in the C:\ProgramData\Microsoft\Windows\Hyper-V\InitialStore.xml file. Authorization Manager is not often used, and many Hyper-V Administrators prefer to use either scripting or VMM to implement security.

Simple Authorization

Two types of users work with Hyper-V authorization: administrators in enterprises who require complex authorization policy, and administrators in smaller environments. Administrators in enterprises typically use VMM, which hides Authorization Manager from them. If administrators in smaller environments are not using VMM, then they must use Authorization Manager, even for a simple authorization policies. By doing this, administrators can avoid having to make users who need to manage Hyper-V, local administrators.

Hyper-V in Windows Server 2012 R2 uses a new security model called Simple Authorization. Simple Authorization provides an alternative to using Authorization Manager to manage simple authorization policy. It also improves the experience of granting Hyper-V administrator privileges to accounts, without granting local administrator privileges on the Hyper-V host. As a result, security of the Hyper-V host is improved. You implement Simple Authorization on the Hyper-V host by creating a local security group named Hyper-V Administrators. A group with the same name is also added at the domain level. Both groups (local and domain) are empty by default. The Hyper-V Administrators group is also included in the Authorization Manager authorization store. The local group is included in the workgroup Hyper-V host, but as soon as the server is joined to the domain, the domain group replaces the local group in the authorization store.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Members of the Hyper-V Administrators group have complete and unrestricted access to all Hyper-V features. They are granted permissions in: •

Authorization Manager



DCOM permissions



Windows Management Instrumentation (WMI) virtualization namespace permissions



Common Information Model version 2 (CIMv2) namespace permissions Configure Hyper-V for Role-based Access Control http://go.microsoft.com/fwlink/?LinkID=386664 Question: You need to allow a user to manage virtual machines on a Hyper-V host, but this user must not be able to manage Hyper-V host settings. What should you do?

2-19

Lesson 3

Configuring Hyper-V Settings

MCT USE ONLY. STUDENT USE PROHIBITED

2-20 Installing and Configuring the Hyper-V Role

Hyper-V settings control the Hyper-V host. For example, Hyper-V settings determine where new virtual machines will be created by default, whether Hyper-V is configured with RemoteFX adapters, whether virtual machines and virtual machine storage can be transferred via live migration, and if the host is configured as a Hyper-V replica. You can configure Hyper-V settings in Hyper-V Manager, or in Windows PowerShell. You should be familiar with available options (such as non-uniform memory access (NUMA) spanning or enhanced session mode policy) before configuring them.

Lesson Objectives After completing this lesson, you will be able to: •

Describe Hyper-V settings.



Configure Hyper-V settings.



Describe NUMA.



Describe RemoteFX.



Describe enhanced session mode.



Describe resource pools.

Overview of Hyper-V Settings You can use the Hyper-V Manager console or Windows PowerShell to manage Hyper-V settings. If you want to change the Hyper-V settings, you can right-click Hyper-V host in the navigation pane of Hyper-V Manager, and then click Hyper-V Settings, or click Settings in the Actions pane. You can configure the following settings in the Settings window: •

Virtual Hard Disks. This setting specifies the default folder location for virtual hard disks that you create on the Hyper-V host. When you are running the New Virtual Hard Disk Wizard, the location that you configure here will be used. By default, virtual hard disks are created in the Public profile, and you should modify this default location.

When you are determining where to store the .vhdx and .vhd files, you should consider performance, high availability, and available space. You should consider storing .vhd files on a separate disk, and then distribute the .vhd files across as many disks as are available. If a SAN is available, you may consider configuring this setting to point to a SAN logical unit number (LUN). If SMB 3.0 shares are available, you can configure settings to point to this network location also. •

Virtual Machines. This setting specifies the default folder location for storing virtual machine configuration files. When running the New Virtual Machine Wizard, the location that you configure here will be used. You should have similar considerations as with virtual hard disks, and if you want virtual machines to be highly available, this location should point to a shared location on either a SAN or SMB 3.0 share.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-21



Physical GPUs. This setting applies to Remote Desktop Virtualization and the VDI implementation. If you want to enable RemoteFX 3D Video Adapters in virtual machines, you must install the Remote Desktop Virtualization Host role service, and the Hyper-V host must have a physical graphics processing unit (GPU) that supports RemoteFX.



NUMA Spanning. This setting allows virtual machines to span across NUMA nodes when CPU or memory resources are needed. The default setting is to allow spanning, but administrators should consider whether this is the optimal configuration for the applications and services that are running in their virtual machines.



Live Migrations. This setting defines whether Hyper-V host can participate in virtual machine live migrations. This setting is not enabled by default. If you enable this setting, there are additional configuration options from which to choose, such as authentication protocol, maximum number of simultaneous live migrations, which networks can be used for live migrations, and performance options.



Storage Migrations. This setting controls how many storage migrations can occur simultaneously on the Hyper-V host. The default setting is 2.



Enhanced Session Mode Policy. This setting defines whether redirection of local devices and resources to virtual machines is allowed. The default Enhanced Session Mode Policy setting is to not allow redirection. Enhanced session mode requires a supported operating system on the virtual machine and requires additional virtual machine configuration.



Replication Configuration. This setting determines when Hyper-V host can be used as a Hyper-V Replica server. The default setting is that Hyper-V is not enabled as a replica server. If you enable it as a replica server, you can configure additional settings such as authentication, and from which servers replication is allowed.

You can also configure the following user settings: •

Keyboard. This setting controls how Windows key combinations (for example, Alt+Tab) are used when using the Virtual Machine Connection interface. The default setting is to allow use of key combinations with the virtual machine.



Mouse Release Key. This setting controls the key combination for releasing the mouse in the Virtual Machine Connection interface, when the guest operating system does not have Integration Services installed.



Enhanced Session Mode. This setting controls whether you want to use enhanced session mode with Virtual Machine Connection, when an enhanced session mode is available in a guest operating system. This setting is enabled by default. This setting allows the use of full Remote Desktop capability when connecting to a virtual machine, including shared clipboard and device redirection.



Reset Check Boxes. When you click the Reset button here, all check boxes are cleared that when checked, hide pages and messages. Question: You want all virtual machines that you create on Hyper-V host to be stored in the same folder. Which Hyper-V setting should you configure: Virtual Hard Disks, or Virtual Machines?

Demonstration: Configuring Hyper-V Settings In this demonstration, you will see how to configure Hyper-V settings.

Demonstration Steps

MCT USE ONLY. STUDENT USE PROHIBITED

2-22 Installing and Configuring the Hyper-V Role

1.

On LON-HOST1, in Hyper-V Manager, start the New Virtual Hard Disk Wizard, and confirm default location for creating new virtual hard disks.

2.

In Hyper-V Manager, confirm that the same location is set as Virtual Hard Disk location Hyper-V Setting.

3.

Set the Virtual Hard Disk location Hyper-V Setting to C:\Users and confirm that this location is used as a default location when creating new virtual hard disks.

4.

In Windows PowerShell, use the Set-VMHost cmdlet with the VirtualHardDiskPath parameter to set virtual hard disk location to \\LON-HOST2\VHDs.

5.

Use Hyper-V Manager to confirm that it was set successfully.

6.

In Windows PowerShell, use the Set-VMHost cmdlet to disable NUMA Spanning, and set the maximum simultaneous storage migrations to 4.

7.

Use Hyper-V Manager to confirm the changes that you made in Windows PowerShell.

8.

Enable NUMA Spanning.

What Is NUMA? A computer with a single processor has a single bus for accessing memory, and that single processor can access all of a computer’s memory with the same latency. However, many modern computers have multiple processors with multiple cores. Each physical CPU uses its own bus for accessing physical memory.

NUMA is a computer architecture that multiprocessor systems use, in which the time required for a CPU to access memory depends on the memory’s location relative to the processor. Some memory regions are located and connected directly to one or more CPUs. All memory is accessible by all CPUs, but a CPU can access local memory (memory attached directly to the CPU) faster than it can access remote memory (memory that is local to another CPU in the system). This is why NUMA architecture divides memory and processors into groups, called NUMA nodes. For large, multiple CPU systems, using NUMA architecture can result in increased system performance. Modern operating systems and high-performance applications include optimizations that can recognize and consider using system NUMA topology when scheduling threads or allocating memory to increase system performance. To avoid remote access delays, a NUMA–aware application attempts to allocate storage and schedule threads to access data in the same NUMA node.

When a virtual machine starts, Hyper-V attempts to allocate all the memory for the virtual machine from a single NUMA node, if enough memory is available. If the single NUMA node does not have enough memory, Hyper-V also allocates memory from other NUMA nodes—this is known as NUMA spanning. At the Hyper-V host level, a single check box controls whether to allow NUMA spanning. If this setting is

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-23

enabled (which is the default configuration, and which means that NUMA spanning is allowed), virtual machines can span NUMA nodes and provide virtual machines with additional memory. However, when a virtual machine allocates memory from multiple NUMA nodes, there is a performance cost because CPU access to remote memory takes longer than when CPU accesses local memory in the same NUMA node.

Hyper-V in Windows Server 2012 and Windows Server 2012 R2 projects a virtualized NUMA topology to virtual machines. By default, this virtual NUMA topology is optimized to match the NUMA topology of the physical host. Projecting a virtual NUMA topology into a virtual machine enables optimal performance and workload scalability in large virtual machines by allowing the guest operating system and applications such as SQL Server to leverage their NUMA performance optimizations. You can configure virtual NUMA topology at a virtual machine level. You can specify the maximum amount of memory, maximum number of virtual processors, and the maximum number of virtual NUMA nodes. By default, these values are set to align with the physical NUMA topology. If you change the settings, you can restore the default virtual NUMA topology by clicking the Use Hardware Topology button. Hyper-V Virtual NUMA Overview http://go.microsoft.com/fwlink/?LinkID=386666 Question: Can you modify your server’s NUMA topology?

What Is Enhanced Session Mode? Hyper-V uses the Virtual Machine Connection tool to connect to virtual machines by using RDP. Prior to Windows Server 2012 R2, the Virtual Machine Connection tool provided only basic redirection of the virtual machine screen, keyboard, and a mouse, such as a Keyboard Video Mouse switch over IP. The tool also provided limited Copy and Paste functionality, which was limited to text and did not support any other content such as graphics or files.

With Windows Server 2012 R2, you still use the same method to connect to virtual machines, but Hyper-V also supports enhanced session mode. Enhanced session mode utilizes the Remote Desktop Services component in virtual machines, and establishes full Remote Desktop sessions over VMBus. This means that even if the virtual machine has no network connectivity (and there is network connectivity to the Hyper-V host on which virtual machine is running), you can connect to the virtual machine by using the Virtual Machine Connection tool using enhanced session mode. This means that you can redirect local resources (such as smart cards, printers, drives, USB devices or any other supported Plug and Play devices) to virtual machines. You also can use folder redirection, and use shared Clipboard for copying content to virtual machines. In addition, you can copy files into virtual machines by dragging and dropping them onto the virtual machine, even if the virtual machine does not have network connectivity. Enhanced session mode and full Remote Desktop are available even when virtual machines are running on Hyper-V on Server Core or Hyper-V Server 2012 R2.

You can configure enhanced session mode at following levels: •

MCT USE ONLY. STUDENT USE PROHIBITED

2-24 Installing and Configuring the Hyper-V Role

Server settings - Enhanced Session Mode Policy. This setting affects all virtual machines that are running on the Hyper-V host. If this setting is enabled, enhanced session mode connections to virtual machines on this Hyper-V host will be allowed.

Note: The default setting for the Allow enhanced session mode is set to Disabled on Hyper-V in Windows Server 2012 R2, and is set to Enabled on Windows 8.1. •

User settings - Enhanced Session Mode. This setting determines if the Virtual Machine Connection tool attempts to use enhanced session mode.



Guest operating system. Enhanced session mode is available only if you connect to virtual machines that are running Windows Server 2012 R2 or Windows 8.1. Remote Desktop Service must be running on the virtual machine, and the user account you will be using to sign in to the virtual machine must be a member of the Remote Desktop Users local group. Virtual Machine Connection - Enhanced Session Mode Overview http://go.microsoft.com/fwlink/?LinkID=386665 Question: Can you use enhanced session mode to connect to a Windows Server 2012 R2 virtual machine that is running on a Hyper-V host on Windows Server 2012?

What Are Resource Pools? Resource pools in Windows Server 2012 R2 provide a layer of abstraction between virtual machines and the underlying physical hardware on the Hyper-V host. You configure Hyper-V resource pools by using Windows PowerShell. You cannot create them in Hyper-V Manager. Resource pools are especially useful when used with virtual machine mobility—for example with Live Migration, when settings such as the location for storing virtual machine files and virtual switch names are different on different servers.

Resource pools provide a way to abstract those configurations, because the only requirement is that the resource pool configurations are the same on each Hyper-V host. For example, if you add virtual switches to a network pool named Pool1, virtual machines will be able to connect to new virtual switches automatically if they are configured to use Pool1. Resource pools allow administrators to configure the environment for virtual machine mobility. Resource pools also enable administrators to group virtual machine resources and then collect metrics on the pool for chargeback purposes. For example, the hosting company could configure resource pools for each customer, and then collect resource usage data.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-25

You implement resource pools in Hyper-V by resource type. There are different resource pool types such as Processor, Memory, Ethernet and virtual hard disk. By default, primordial pools are created automatically for each resource type when you install the Hyper-V role. Using the Windows PowerShell cmdlet Get-VMResourcePool, the default primordial pools display. You can also create new resource pools, for example by running following cmdlet: New-VMResourcePool -Name "Contoso Network" -ResourcePoolType Ethernet

Once you create the Network (Ethernet) and Storage (virtual hard disk) resource pools, the configuration settings that are available for the virtual machine display in Hyper-V Manager. Question: How can you configure a virtual machine to use a virtual hard drive from a specific resource pool?

Lesson 4

Hyper-V Host Storage and Networking You must properly configure storage and networking for a Hyper-V host, so that the virtualization platform and the virtual machines that are running on that platform can use the available resources at optimal performance. Features such as storage spaces, disk deduplication, and network teaming are Windows Server features that Hyper-V can utilize when they are available. For example, Hyper-V can store virtual machines on SMB 3.0 network shares, and disk deduplication in Windows Server 2012 R2 can minimize disk space used by running virtual machine in a VDI scenario.

Lesson Objectives After completing this lesson, you will be able to: •

Describe storage spaces.



Describe disk deduplication.



Describe Offloaded Data Transfer.



Describe SMB 3.0.



Explain how Hyper-V benefits from SMB 3.0.



Describe network teaming.

Overview of Storage Spaces Storage Spaces is a storage virtualization subsystem in Windows Server operating systems and Windows client operating systems. Storage Spaces is built on top of storage pools, which are a collection of physical disks. Physical disks can be of different sizes, and can be connected locally by using different bus types such as SATA, Serial Attached SCSI, external SCSI, SCSI, or USB. Remote storage such as NAS or SANs cannot be part of storage pools. Storage pools enables you to aggregate storage, expand capacity flexibly, and delegate administration. Storage Spaces is represented as virtual disks built on top of storage pools. Storage Spaces can have different levels of redundancy, can use all allocated space when created (fixed provisioning) or expand dynamically (thin provisioning), and can have automatic or controlled allocation on heterogeneous storage.

MCT USE ONLY. STUDENT USE PROHIBITED

2-26 Installing and Configuring the Hyper-V Role

You can use Storage Spaces to add physical disks of any type and size to a storage pool, and then create highly available virtual disks from the storage pool. The primary advantage of Storage Spaces is that you can manage multiple disks as one unit, instead of managing single disks. Storage Spaces includes the following features: •

Resilient storage. Storage Spaces support two resiliency modes: mirroring, and parity. You can configure layout and resiliency for each storage pool independently. You can also configure per-pool support for disks that are reserved for replacing failed disks (or hot spares).

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-27



Continuous availability. Storage Spaces is fully integrated with failover clustering, which provides continuous availability. You can cluster pools across multiple nodes within a single cluster. Storage Spaces can be created on individual nodes, and if failure occurs, the storage will fail over to a different node. Storage Spaces supports integration with CSVs, which enables scale-out access to data.



Optimal storage use. Storage Spaces supports thin provisioning to allocate space as needed. If data is deleted inside a virtual machine, Hyper-V supports automatic storage reclamation for deleted files.



Storage Tiering: In Windows Server 2012 R2, you can enable storage tiers on virtual disk, which enable automatic movement of the most frequently accessed files to faster SSD storage.



Multitenancy. Administration of storage pools is controlled through ACLs, and is delegated on a perpool basis. Each storage pool can be isolated, and access is integrated with AD DS. Storage Spaces Overview http://go.microsoft.com/fwlink/?LinkID=386672 Question: Can you include an iSCSI disk that is connected to your Hyper-V host, in Storage Spaces?

Overview of Disk Deduplication

When you store files on a file server, many files can contain blocks of the same data. This is also the case for virtual hard disks, especially when they have the same guest operating system installed. Data deduplication is a process that runs in the background after a file is saved. It analyzes the files, and finds and removes duplicated blocks without compromising file integrity. The goal of data deduplication is to store more data in less space by segmenting files into small variable-sized chunks (32–128 kilobytes (KB)), identifying duplicate chunks, and maintaining a single copy of each chunk. Duplicated copies of the chunks are then replaced by a reference to the single copy. The chunks are compressed, and then organized into special container files in the System Volume Information folder. Access to deduplicated files is the same as access to files that are not deduplicated. You can enable data deduplication in Server Manager, or by using Windows PowerShell. You enable data deduplication only for an entire volume. The volume must be formatted with NTFS file system, and must not be a system or boot volume. You can use data deduplication on shared storage, and failover clustering is fully supported. Windows Server 2012 R2 adds support for data deduplication on CSVs. Data deduplication can be effective for optimizing storage and reducing the disk space used for storing data. A virtualization library that stores virtual hard disks is a good example of how Data Deduplication reduces disk space usage. By using data deduplication, you can reduce the virtualization library size by 80 percent or more. Windows Server 2012 can dedupicate only files that are not constantly open, and because of this, virtual hard disks of running virtual machines cannot be deduplicated.

MCT USE ONLY. STUDENT USE PROHIBITED

2-28 Installing and Configuring the Hyper-V Role

Windows Server 2012 R2 improves deduplication performance and adds support for deduplication of open files. As a result, Windows Server 2012 R2 can deduplicate the virtual hard disks of the running virtual machines that you used for VDI, and that are stored on an SMB 3.0 network share. Deduplication of running virtual machines that are not part of VDI or that are not stored on a network share may work, but this scenario is not supported. Data Deduplication Overview http://go.microsoft.com/fwlink/?LinkID=386669 Question: You plan to enable data deduplication on a file server. How can you enable data deduplication, and what must you install first?

What Is Offloaded Data Transfer? When you use a traditional data copy model, the data for copying must first be read from the source storage (SAN), transferred over the network, and then written into the server memory. Next, the data must be transferred over the network again to the destination storage (SAN), and then written to the disk. This approach has several drawbacks, such as high utilization of server processor and memory, and transferring data to a server and then back to storage, even if data is copied inside the same SAN.

To avoid this inefficiency, Windows Server 2012 and newer versions support Windows Offloaded Data Transfer. Offloaded Data Transfer uses a tokenbased mechanism for reading and writing data within or between intelligent SANs. Instead of reading and writing the data through the server, a token is copied between the source and destination storage. The token serves as a point-in-time representation of the data, and the copy manager of the SAN performs the data movement according to the token. For example, when you copy a file or a virtual hard disk between storage locations on the same SAN or between the SANs, a token representing the virtual hard disk file is copied. The server does not need to copy the underlying virtual hard disk, because the storage (SAN) that supports Offloaded Data Transfer will copy the virtual hard disk file more effectively and without utilizing the server. You can use Offloaded Data Transfer to interact with the storage device to move large files or data through the high-speed storage network. Offloaded Data Transfer reduces client-server network traffic and CPU usage considerably during large data transfers, because all data movement is performed by the storage. If you want to use Offloaded Data Transfer, source and destination SANs must: •

Support Offloaded Data Transfer, must be connected by using iSCSI, Fibre Channel, Fibre Channel over Ethernet, or Serial Attached SCSI.



Must be managed by the same storage manager.

Hyper-V supports Offloaded Data Transfer, and when Offloaded Data Transfer also is supported by a storage array, performance improvements can be considerable. For example, if the creation of a 10-GB fixed-size virtual hard disk takes almost three minutes, the same operation takes less than a second when using Offloaded Data Transfer. In addition, when using Offloaded Data Transfer you can perform other related Hyper-V operations much faster, such as expanding virtual hard disks, merging virtual hard disks, or live storage migration.

Windows Offloaded Data Transfers Overview http://go.microsoft.com/fwlink/?LinkID=386670 Question: Can you use Offloaded Data Transfer when you copy a 10-GB file between file shares?

What Is SMB 3.0? SMB is a network file sharing protocol that Windows operating systems use on top of the TCP/IP protocol for accessing files on network shares. SMB has several backward-compatible versions, and Windows Server 2012 adds support for SMB 3.0. SMB 3.0 has several new and useful features, including the following features:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-29



SMB Transparent Failover. This feature is available in a failover cluster with at least two nodes. It allows clients to access an SMB file share without interruption even if the SMB file server node to which the client is connected fails. A failover cluster preserves information on the server side, and allows the client to reconnect automatically to the same share on the remaining file server cluster node. This enables administrators to perform hardware or software maintenance on file server cluster nodes by moving file shares between nodes without client interruption.



SMB Scale Out. Administrators can use this feature to create file shares in failover clusters on CSVs that provide simultaneous access to files, with direct I/O, through all nodes in a file server cluster. This feature helps provide load-balancing of clients and better utilization of network bandwidth.



SMB Multichannel. This feature provides the ability to use multiple network interfaces for aggregation of network bandwidth and network fault tolerance, if multiple paths exist between the client and the server. Server applications can utilize aggregated network bandwidth, and are resilient in case of a network failure.



SMB Direct. This feature provides the ability to use network adapters that have Remote Direct Memory Access (RDMA) capability. Network adapters that have RDMA can function at full speed with very low latency by using minimal CPU resources.



SMB Encryption. This feature enables file encryption while files are transferred over the network, and without using public key infrastructure (PKI). You can configure SMB Encryption per share, or for the entire server.



VSS for SMB file shares. Volume Shadow Copy Service (VSS) is a framework that enables volume backups while applications continue to write to the volumes. The VSS provider for SMB file shares enables VSS–aware backup applications to perform application-consistent shadow copies of VSSaware server applications that are storing data on SMB 3.0 file shares. Prior to this feature, VSS only supported performing shadow copies of data stored on local volumes.

Note: Windows Server Backup in Windows Server 2012 does not support VSS for SMB file shares.



MCT USE ONLY. STUDENT USE PROHIBITED

2-30 Installing and Configuring the Hyper-V Role

SMB share management. If you prefer graphical tools, you can use Server Manager to create and configure file shares by using a simple set of wizards. However, when you need to manage a significant number of shares or automate the configuration, you should use Windows PowerShell. Windows PowerShell can also be help you to understand better the inner workings of SMB 3.0. For example, you can create a new file share by running the following Windows PowerShell cmdlet: New-SmbShare

You then can add required permissions by running the following Windows PowerShell cmdlet: Grant-SmbShareAccess

You can view other SMB–related cmdlets by running the following Windows PowerShell cmdlet: Get-Command -Module smbshare

Server Message Block overview http://go.microsoft.com/fwlink/?LinkID=386673 Updated links on Windows Server 2012 File Server and SMB 3.0 http://go.microsoft.com/fwlink/?LinkID=386658 Question: Is SMB 3.0 used when you access and copy files from a Windows Server 2008 R2 file server to a Windows Server 2012 R2 server?

Hyper-V Over SMB Prior to Windows Server 2012, Hyper-V could run virtual machines only if virtual hard disks of the virtual machine were stored locally or on a SAN. Hyper-V in Windows Server 2012 provides added support for storing virtual machine data files (such as configuration, virtual hard disks, and checkpoints), on network shares, which must be accessible over SMB 3.0 protocol or newer. When virtual machines are stored on an SMB share, the file server that provides the SMB share must not be the Hyper-V host that is storing virtual machine data files on that share. In such a case, you should configure the Hyper-V host to store virtual machine data files locally.

Because computer accounts are used for configuring file share permissions, the Hyper-V host and the file server that hosts the SMB share must be members of the same AD DS domain. If data files of the running virtual machine are stored on the SMB share, you can also configure data deduplication for the volume that is hosting the SMB share. This requires Windows Server 2012 R2, and is only supported if the virtual machine is part of a VDI implementation.

Storing virtual machine data files on an SMB 3.0 file share provides a similar level of reliability, availability, manageability, and performance, as when virtual machine data files are stored on a SAN storage. This means that you can also use an SMB share as shared storage for high availability scenarios. When accessing an SMB 3.0 file share, you can use features such as SMB Transparent Failover, SMB Scale Out, SMB Multichannel, SMB Direct, and SMB Encryption.

Some of the advantages of using file shares to store virtual machine data files include:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-31



Easier provisioning and management. Instead of managing SANs and LUNs, you can create and configure file shares, with which all administrators are familiar.



Use existing infrastructure. You can use the existing file servers and networks. You do not have to add specialized storage hardware such as SANs, or networking such as Fibre Channel.



Use existing knowledge. All administrators are familiar with creating and configuring file shares. Deploy Hyper-V over SMB http://go.microsoft.com/fwlink/?LinkID=386674 Question: Can you store and run virtual machines on an SMB 3.0 share on a Windows Server 2012 R2 file server that is not a domain member?

Overview of NIC Teaming

You can use Windows Server 2012 R2 to configure multiple NICs in the same server into a team. This feature is known as NIC Teaming. NIC Teaming allows multiple network interfaces to work together as a team, and prevents connectivity loss if one of the network interfaces in a team fails. It also provides bandwidth aggregation for the network interfaces in a team. NIC Teaming is not a feature specific to Hyper-V, but Hyper-V can utilize NIC Teaming to provide faster and more reliable network connections for both the Hyper-V host and virtual machines. When you are using NIC Teaming in Windows Server 2012 R2, you can put network adapters from different vendors and supporting different network speeds in the same team. NIC Teaming in Windows Server 2012 is supported by Microsoft. When you put two or more physical network adapters into a NIC Team, this is then presented to the operating system as one or more virtual adapters—known also as team network adapters. Two basic sets of algorithms that distribute inbound and outbound traffic between the physical network adapters in the team are: •

Switch-independent modes. Algorithms do not require the switch to participate in NIC Teaming. Because the switch does not have the knowledge that the network adapter is part of a team, you can connect the team network adapters to different switches. However, this configuration is not required. These modes do not require any configuration of a switch, and they protect against switch failures.



Switch-dependent modes. Algorithms require the switch to participate in NIC Teaming. These algorithms require that all network adapters in a team are connected to the same switch, and that the switch is configured properly.

The NIC Teaming feature also works within a virtual machine. This allows a virtual machine to have virtual network adapters that are connected to more than one Hyper-V switch, and still have connectivity even if the network adapter under that switch becomes disconnected. You manage NIC Teaming in Server Manager using the NIC Teaming interface, or by using Windows PowerShell cmdlets. You can view the cmdlets for managing NIC Teaming by running Get-Command -Module NetLbfo.

NIC Teaming Overview http://go.microsoft.com/fwlink/?LinkID=386671 Question: Do you need to configure network switches if you want to use NIC Teaming in Windows Server 2012 R2?

MCT USE ONLY. STUDENT USE PROHIBITED

2-32 Installing and Configuring the Hyper-V Role

Lab: Installing and Configuring the Hyper-V Role Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-33

Based on the analysis of the current server environment, A. Datum Corporation has identified several servers that can be virtualized on Hyper-V. A. Datum is now ready to begin a pilot project to implement virtualization in one of their branch offices.

The first step in the implementation project is to deploy the Hyper-V hosts in the branch office. Technicians at the branch office have installed the hardware in the branch office, and have installed Windows Server 2012 R2 on the servers. You have already configured LON-HOST1 and you now need to install and configure Hyper-V on LON-HOST2.

Because all of the servers are located in a remote data center, you will use Windows 8.1 as an administrative workstation. To become familiar with the different options for managing the Hyper-V hosts, you will use both Server Manager and Windows PowerShell to manage the Hyper-V role remotely.

Objectives After completing this lab, you will be able to: •

Install the Hyper-V role.



Configure Hyper-V settings.



Access and manage Hyper-V remotely.

Lab Setup Estimated Time: 60 minutes

Virtual Machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-CL1, and 20409B-LON-CL2 User name: Adatum\Administrator Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps: 1.

Sign in to the LON-HOSTx computer as Adatum\Administrator with the password of Pa$$w0rd.

2.

On LON-HOST1 start Hyper-V Manager.

3.

In Microsoft Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.

4.

In the Actions pane, click Connect. Wait until the virtual machine starts.

5.

Sign in by using the following credentials: o

User name: Adatum\Administrator

o

Password: Pa$$w0rd

Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines at the end of this lab. However, you can shut down all virtual machines after finishing this lab. You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.

Exercise 1: Installing the Hyper-V Role Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

2-34 Installing and Configuring the Hyper-V Role

In this exercise, you will install the Hyper-V role. You can install Window Server roles in several different ways, and in this exercise, you will install the Hyper-V role by using Server Manager and Windows PowerShell. You will also verify changes on the server after you have installed the Hyper-V role. The main tasks for this exercise are as follows: 1.

Write down your LON-HOST number.

2.

Verify that the LON-HOST2 computer does not have the Hyper-V role installed.

3.

Install the Hyper-V role by using Server Manager.

4.

Verify that the Hyper-V role was installed successfully.

 Task 1: Write down your LON-HOST number Note: One of the students in a pair will be working on LON-HOST1, and the other student will be working on LON-HOST2. •

Write down your LON-HOST number on a piece of paper. If your LON-HOST number is 1, your partner’s number will be 2, and vice-versa.

 Task 2: Verify that the LON-HOST2 computer does not have the Hyper-V role installed 1.

On LON-HOST2, in Server Manager, confirm that the Hyper-V role is not installed.

2.

In Windows PowerShell, use the Get-WindowsFeature cmdlet to confirm that neither Hyper-V nor Hyper-V Management Tools are installed.

3.

In Windows PowerShell, use the Get-Command –Module Hyper-V cmdlet to verify that the Hyper-V module is not installed.

4.

In Windows PowerShell, use bcdedit.exe to verify whether hypervisor is configured to start automatically.

5.

Use Windows Search to confirm that no program that has the word hyper in the name is installed.

6.

Confirm that there is no Applications and Services Logs node that starts with word Hyper-V in Event Viewer.

7.

In Performance Monitor, confirm that there is only one counter available that starts with the word Hyper-V, Hyper-V Dynamic Memory Integration Service.

8.

Confirm that there are no inbound Windows Firewall rules that start with the word Hyper-V.

9.

Confirm that six services display that start with the word Hyper-V, but that Hyper-V Virtual Machine Management service is not present among the services on LON-HOST2.

 Task 3: Install the Hyper-V role by using Server Manager 1.

On LON-HOST2, use Server Manager to install the Hyper-V role with default options, and select the option to restart the server automatically if required.

2.

Wait until LON-HOST2 restarts, and then sign in with the user name Adatum\Administrator and the password Pa$$w0rd.

 Task 4: Verify that the Hyper-V role was installed successfully

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-35

1.

On LON-HOST2, use Server Manager to confirm that the Hyper-V role is installed.

2.

In Windows PowerShell, use the Get-WindowsFeature cmdlet to confirm that both Hyper-V and Hyper-V Management Tools are installed.

3.

In Windows PowerShell, use the Get-Command –Module Hyper-V cmdlet to confirm that the Hyper-V module has been installed.

4.

In Windows PowerShell, use the bcdedit.exe command to verify that hypervisor is configured to start automatically.

5.

Confirm that the Hyper-V Manager and Hyper-V Virtual Machine Connection programs are installed.

6.

In Event Viewer, confirm that multiple Applications and Services Logs nodes that start with the word Hyper-V display.

7.

In Performance Monitor, confirm that multiple counters that start with the word Hyper-V are available.

8.

In Performance Monitor, confirm that multiple inbound Windows Firewall rules that start with the word Hyper-V display.

9.

In Performance Monitor, confirm that multiple services that start with the word Hyper-V display, including a service named Hyper-V Virtual Machine Management, which has a status of Running.

10. On LON-HOST2, run the following script: C:\Labfiles\Mod02-LON-HOST2.ps1 to prepare the environment. Note: This script will import three virtual machines: 20409B-LON-PROD2, 20409B-LONTEST2, and 20409B-LON-CL2. The script will ask for the drive letter on which the base images were extracted and the drive letter on which the course images were extracted. Theses drive letters will depend on the physical server configuration. If you are unsure about what are the drive letters, ask the instructor.

Results: After completing this exercise, you should have installed the Hyper-V role.

Exercise 2: Configuring Hyper-V Settings Scenario

Before using the virtualization infrastructure, you should be familiar with and configure Hyper-V Settings. In this exercise, you will use Hyper-V Manager and Windows PowerShell to review and configure some of the settings, such as a default virtual hard disk location, NUMA spanning, and enhanced session mode policy. The main tasks for this exercise are as follows: 1.

Create a network share for storing virtual machines.

2.

Configure a virtual hard disk location.

3.

Configure Hyper-V settings by using Windows PowerShell and Hyper-V Manager.

 Task 1: Create a network share for storing virtual machines Note: Complete the following task on both LON-HOST1 and LON-HOST2.

MCT USE ONLY. STUDENT USE PROHIBITED

2-36 Installing and Configuring the Hyper-V Role

1.

On LON-HOSTx, use Server Manager to create a share by using the SMB Share – Applications share profile.

2.

Create a share on drive C. Name the share VHDs, and grant the Domain Users group Full Control permissions to the share.

 Task 2: Configure a virtual hard disk location Note: Complete the following task on both LON-HOST1 and LON-HOST2. 1.

On LON-HOSTx, in Hyper-V Manager, start the New Virtual Hard Disk Wizard, and confirm the default location for creating new virtual hard disks.

2.

In Hyper-V Manager, confirm that the same location is set as the Virtual Hard Disk location Hyper-V Setting.

3.

In Hyper-V Manager, set the Virtual Hard Disk location Hyper-V Setting to C:\Users, and confirm that this location is the default location when creating new virtual hard disks using the New Virtual Hard Disk Wizard.

4.

In Windows PowerShell, use Set-VMHost cmdlet with the VirtualHardDiskPath parameter to set virtual hard disk location to \\LON-HOSTy\VHDs, where y is number of your partner’s host. For example, if you are using HOST1, then y represents 2, and if you are using HOST2, then y represents 1.

5.

Use Hyper-V Manager to confirm that the Virtual Hard Disk location Hyper-V Setting is successfully set to \\LON-HOSTy\VHDs.

 Task 3: Configure Hyper-V settings by using Windows PowerShell and Hyper-V Manager Note: Complete the following task on both LON-HOST1 and LON-HOST2. 1.

2.

On LON-HOSTx, in Hyper-V Manager, confirm the following Hyper-V Settings: o

Virtual Machines: C:\ProgramData\Microsoft\Windows\Hyper-V

o

NUMA Spanning: Enabled

o

Storage Migration: 2

o

Enhanced Session Mode Policy: Disabled

In Windows PowerShell, use the Set-VMHost cmdlet with appropriate parameters to configure following settings: o

Virtual Machines: \\LON-HOSTy\VHDs (where y is number of your partner’s host)

o

NUMA Spanning: Disabled

o

Storage Migrations: 4

o

Enhanced Session Mode Policy: Enabled

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-37

3.

In Hyper-V Manager, confirm that all settings that you set by using Windows PowerShell are present.

4.

In Hyper-V Manager, modify the following Hyper-V Settings: o

NUMA Spanning: Enabled

o

Enhanced Session Mode Policy: Disabled

Results: After completing this exercise, you should have configured Hyper-V settings.

Exercise 3: Accessing and Managing Hyper-V Remotely Scenario

Administrators typically administer Hyper-V remotely. In this exercise, you will enable Hyper-V Manager and Hyper-V Module for Windows PowerShell on a Windows 8.1 workstation, and then manage the Hyper-V host remotely. The main tasks for this exercise are as follows: 1.

Turn on the Hyper-V Management Tools feature.

2.

Connect to the Hyper-V host and manage it remotely.

 Task 1: Turn on the Hyper-V Management Tools feature Note: Complete the following task on both LON-HOST1 and LON-HOST2. 1.

On LON-HOSTx, use Hyper-V Manager to start and connect to 20409B-LON-CLx.

2.

Sign in to LON-CLx with the user name Adatum\Administrator and the password Pa$$w0rd.

3.

Use Search to confirm that no program with the word hyper in the name is installed on LON-CLx.

4.

In Windows PowerShell, use the cmdlet Get-Command with the Module parameter to confirm that the Hyper-V module is not installed.

5.

Use the Turn Windows Features on or off program to turn on the Hyper-V Management Tools feature.

6.

In Windows PowerShell, use the cmdlet Get-Command with the Module parameter to confirm that the Hyper-V module is now installed.

7.

Confirm that two programs containing word hyper are now installed: Hyper-V Manager, and Hyper-V Virtual Machine Connection.

 Task 2: Connect to the Hyper-V host and manage it remotely Note: Complete the following task on both LON-HOST1 and LON-HOST2. 1.

On LON-CLx, start Hyper-V Manager, and connect it to LON-HOSTx.

2.

Review Hyper-V Settings for LON-HOSTx, and verify that the settings are configured as you configured them in the previous exercise: o

Virtual Hard Disks: HOSTy\VHDs

o

Virtual Machines: HOSTy\VHDs

o

NUMA Spanning: Enabled

o

Storage Migrations: 4

o

Enhanced Session Mode Policy: Disabled

3.

Open Windows PowerShell and review the Hyper-V configuration of LON-HOSTx by using the Get-VMHost cmdlet.

4.

Use the Get-VMHost cmdlet to set the Storage Migrations setting on LON-HOSTx to 3.

5.

Confirm the setting in Hyper-V Manager.

Note: Do not forget to Refresh the settings to view the updated settings in Hyper-V Manager.

Results: After completing this exercise, you should have accessed and managed Hyper-V remotely.

MCT USE ONLY. STUDENT USE PROHIBITED

2-38 Installing and Configuring the Hyper-V Role

Module Review and Takeaways Review Questions Question: You need to manage Hyper-V in Windows Server 2012 from a Windows 7 client computer. Will you be able to administer all Hyper-V features? Question: Can you virtualize a file server that is using a Fibre Channel SAN for storing shared folders? Question: You have a Windows 8.1 virtual machine that must be highly available. Can you use virtual machine-based failover clustering to make it highly available?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

2-39

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED 3-1

Module 3

Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints Contents: Module Overview

3-1

Lesson 1: Creating and Configuring Virtual Hard Disks

3-3

Lesson 2: Creating and Configuring Virtual Machines

3-14

Lab A: Creating and Managing Virtual Hard Disks and Virtual Machines

3-24

Lesson 3: Installing and Importing Virtual Machines

3-30

Lesson 4: Managing Virtual Machine Checkpoints

3-37

Lesson 5: Monitoring Hyper-V

3-46

Lesson 6: Designing Virtual Machines for Server Roles and Services

3-53

Lab B: Creating and Managing Checkpoints and Monitoring Hyper-V

3-60

Module Review and Takeaways

3-66

Module Overview

After installing the Hyper-V role and configuring the server properties, you are ready to begin creating virtual machines and virtual hard disks. In this module, you will learn that Hyper-V in Windows Server 2012 supports two virtual disk file formats (.vhdx and .vhd) and three disk types (fixed-size, dynamically expanding, and differencing). You will learn about the differences between the various disk formats and disk types. You will also learn how to create these disks and configure a virtual machine to use disks that are directly attached.

You are probably familiar with the virtual machines that Windows Server 2012 R2 Hyper-V refers to as Generation 1 virtual machines. In Windows Server 2012 R2, you can also create Generation 2 virtual machines, which can have fewer types of virtual hardware, but conversely, provide advanced features such as Unified Extensible Firmware Interface (UEFI), Secure Boot, and boot from the small computer system interface (SCSI) device. Virtual Machine Connection is a Hyper-V management tool. In Windows Server 2012 R2, this tool has enhanced session mode, which provides a rich Remote Desktop experience when connecting to virtual machines that support it. You can also use this tool to copy and paste data between virtual machines, and to redirect devices such as those connected to it, including physical USB ports, to virtual machines.

In Windows Server 2012 R2, snapshots—a popular feature of previous releases—have been renamed checkpoints. A major improvement in Windows Server 2012 Hyper-V is that virtual machines can detect when a checkpoint was applied by using the Generation ID value. You should still use checkpoints carefully in a production environment unless they are supported explicitly. In this module, you will also learn about monitoring the Hyper-V environment by using performance monitoring and resource metering.

Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.

Objectives After completing this module, you will be able to: •

Create and configure virtual hard disks.



Create and configure virtual machines.



Install and import virtual machines.



Manage virtual machine checkpoints.



Monitor Hyper-V.



Design and manage virtual machines for server roles and services.

MCT USE ONLY. STUDENT USE PROHIBITED

3-2 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Lesson 1

Creating and Configuring Virtual Hard Disks

3-3

Just as physical computers store data on physical hard disks, virtual machines store data on virtual hard disks, which actually are files that reside on physical hard disks. There are different types of virtual hard disks available, and this lesson explains the differences between them. In the past, fixed-size disks provided considerably better performance than dynamically expanding disks. In Windows Server 2012, the performance difference between them is minimal. You also can configure virtual machines to use directly attached disks, but such disks do not support snapshots and are less suitable for migration because they are not encapsulated in a single file. Virtual hard disks can be in one of two formats: .vhd (legacy), and .vhdx (modern). Although virtual hard disks are just that, the modern Windows operating system also can access their content from physical computers.

Lesson Objectives After completing this lesson, you will be able to: •

Describe storage options for virtual machines.



Describe the Hyper-V virtual hard disk formats.



Explain the difference between fixed-size and dynamically expanding virtual hard disks.



Describe differencing virtual hard disks.



Create a virtual hard disk.



Describe directly attached disks.



Explain virtual hard disk sharing.



Explain Quality of Service (QoS) management.



Describe Hyper-V considerations for virtual hard disk storage.



Manage virtual hard disks.

What Are the Storage Options for Virtual Machines?

Virtual machines have different options for storing their data. Just as virtual machines are isolated when running on a Hyper-V host, you can also isolate their hard disks and encapsulate their content in a single virtual hard disk file with the .vhd or .vhdx extension. From inside the virtual machine, virtual hard disks are seen as physical disks, and virtual machines use them as if they were physical disks. You also can configure virtual machines to connect directly to a physical volume by configuring a directly attached disk. Directly attached disks are seen as offline by the Hyper-V host and are managed directly by the operating system within the virtual machine. Directly attached disks either can be a physical disk in the host, or a logical unit number (LUN) on a storage area network (SAN) device over Internet SCSI (iSCSI) or Fibre Channel.

MCT USE ONLY. STUDENT USE PROHIBITED

3-4 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

You can connect virtual machines to storage by using two different storage controller types—SCSI, and integrated device electronics (IDE). A virtual machine can access a disk either as a virtual Advanced Technology Attachment (ATA) device on a virtual IDE controller or as a virtual SCSI disk device on a virtual SCSI controller. Virtual storage controllers have the following characteristics: •

IDE controllers are available only in Generation 1 virtual machines. Each virtual machine has two IDE controllers and can have up to two devices (hard drives or DVD drives) attached to each controller.



An IDE controller is first emulated, which means that it is available when the virtual machine starts and later it is synthetic, which provides better performance.



While the virtual machine is running, you cannot add devices to or remove devices from an IDE controller.



A Generation 1 virtual machine can start only from an IDE controller.



SCSI controllers are available in all virtual machines. Generation 1 virtual machines can use a SCSI controller only as a data disk, whereas Generation 2 virtual machines start from the SCSI controller– attached disks or DVD drives.



A SCSI controller is synthetic, and you can add disks to or remove disks from a SCSI controller while a virtual machine is running. A virtual machine can have up to four SCSI controllers, and each SCSI controller supports up to 64 devices, which means that each virtual machine can have as many as 256 virtual SCSI disks.



SCSI controllers include support for Windows Offloaded Data Transfers, which is not available for disks that are attached to an IDE controller.



You can use different hard disk types, such as fixed-size, dynamically expanding, differencing, and attached physical disks, with both controller types.



A virtual machine uses storage controllers for accessing storage. The type of storage controller that the virtual machine uses does not have to be the same type that Hyper-V is using. For example, a Hyper-V host can have only physical SCSI storage, but you can configure virtual machines with IDE controllers, and use IDE-attached virtual hard disks, which are stored on the SCSI storage of the Hyper-V host.

Note: Although physical SCSI and IDE hard disk I/O performance can be significantly different, this is not the case for virtual SCSI and IDE hard disks. They both offer equally fast I/O performance.

You can store virtual machine virtual hard disks locally on Hyper-V host, on Server Message Block (SMB) 3.0 file shares, or on a SAN LUN. You can configure virtual machines to use directly attached disks over iSCSI or Fibre Channel protocol. Such directly attached disks are accessed directly and are not contained in a virtual hard disk file. In addition, you cannot use them for starting virtual machines. However, directly attached disks are important when configuring guest failover clustering because you can use them as a shared storage.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

The following table describes the various storage configuration options that are available to virtual machines. Locally stored IDE virtual hard disk

Locally stored SCSI virtual hard disk

Directly attached disk

3-5

Storage type

Direct-attached storage (DAS)

DAS

DAS – local SAN, Fibre Channel/iSCSI – remote

Exposed to a Hyper-V host as

Virtual hard disk on NTFS file system

Virtual hard disk on NTFS file system

Physical disk directly attached to a virtual machine

Maximum supported disk size

64 terabytes (TB)

64 TB

No size limit

Virtual hard disk checkpoints supported

Yes

Yes

No

Dynamically expanding virtual hard disk

Yes

Yes

No

Differencing virtual hard disk

Yes

Yes

No

Add or remove storage while virtual machine is running

No

Yes

No

Question: Is there any difference between connecting a virtual hard disk to a virtual machine by using an IDE virtual controller or a SCSI virtual controller?

Overview of the Hyper-V Virtual Hard Disk Formats Virtual machines can access physical hard disks directly (directly attached disks), can use virtual hard disk files, or can use both. A virtual hard disk can be either a single file or a hierarchy of files. Both present to the virtual machine as a whole hard drive. This means that from inside the virtual machine, you can partition virtual hard disks and format them with various file systems, such as NTFS, FAT, or Resilient File System. In addition, you can copy files or install an entire operating system on a virtual hard disk. Although a virtual hard disk is visible as a single file to the Hyper-V host, it encapsulates the content of an entire virtual machine hard disk.

MCT USE ONLY. STUDENT USE PROHIBITED

3-6 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

The virtual hard disk format specification is available publicly. Developers can use the specification to develop solutions to access virtual hard disk data and content, and they can use it to extend the virtual hard disk. The virtual hard disk format has evolved over time, and Hyper-V in Windows Server 2012 R2 supports two virtual hard disk formats: •

.vhd. This format supports virtual hard disks up to 2,040 gigabytes (GB) in size. This format has been available since Microsoft Virtual Server 2005 was released, which means that you can use the .vhd format with older Hyper-V hosts and with legacy Microsoft virtualization products.



.vhdx. This format supports virtual hard disks up to 64 TB in size. This format has been available since Windows Server 2012, and it is not compatible with older Hyper-V hosts. Experience with the .vhd format guided the .vhdx format improvements. The .vhdx format provides better data corruption protection and optimizes structural alignments on large sector physical disks.

When you compare the .vhd and .vhdx formats, the .vhdx format provides the following benefits: •

Support for larger virtual hard disk sizes, up to 64 TB.



Protection against data corruption by logging updates to the .vhdx metadata structures, which can be especially important during power failures.



The ability to store custom metadata about a file, such as which operating system is installed in .vhdx, or which patches are applied to it.



Improved alignment of the virtual hard disk format to work better with large sector disks.



Larger block sizes for dynamic and differential disks, which improves their performance.



4 kilobytes (KB) logical sector virtual disk, which increases performance when used by applications that are designed for 4 KB sectors.



Efficiency in data representation, which results in smaller file size so that underlying physical storage device can reclaim unused space (trim operation).

Note: You can convert .vhd files to the .vhdx format when you upgrade to Windows Server 2012 or Windows Server 2012 R2 because of the improvements of the .vhdx format. The only reason why you should not convert the files is when you still need to move a virtual disk to an older version of Hyper-V that does not support the .vhdx format.

When you create a new virtual hard disk on Windows Server 2012 R2, it selects the .vhdx format by default. Hyper-V also provides the capability to convert .vhd files to .vhdx, and .vhdx files to .vhd, as long as they are not larger than 2,040 GB. You can create new virtual hard disks from Windows PowerShell by using the New-VHD cmdlet. You can also convert virtual hard disks between .vhd and .vhdx formats by using the Convert-VHD cmdlet. Note: Virtual hard disks are not only usable with virtual machines. You can also access, mount, and use virtual hard disk content from physical host computers. You can use them even without Hyper-V virtualization. From Windows Server 2012 R2 or Windows 8.1, you can rightclick the virtual hard disk file, mount it, and then perform operations on it just like any other hard drive. In older Windows versions, you cannot mount virtual hard disk files by using Windows Explorer (File Explorer in Windows 8 and Windows 8.1), but you can use Disk Management or Diskpart tools instead. You can also use native boot from a virtual hard disk, where a physical computer starts from a .vhd or .vhdx file.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Additional information about virtual hard disk formats http://go.microsoft.com/fwlink/?LinkID=386686 Virtual hard disk architecture http://go.microsoft.com/fwlink/?LinkID=386678 Question: On a Windows 8 computer, how can you view and access the content of a virtual hard disk that is in .vhdx format?

Fixed-Size and Dynamically Expanding Virtual Hard Disks You can create three types of virtual hard disks: fixed-size, dynamically expanding, and differencing. After you create a virtual hard disk, you can edit it and change its format. Some of the features of the fixed-size and dynamically expanding virtual hard disk formats are as follows:

3-7



Fixed size. When you create a fixed-size virtual hard disk, Hyper-V allocates space for the entire virtual hard disk. For example, if you create a 100-GB fixed-size virtual hard disk, Hyper-V will create a 100-GB file even when it does not include any data. Creating large fixed-size virtual hard disks can take significant time when physical storage does not support Windows Offloaded Data Transfers because Hyper-V has to create the file to the entire specified size and fill its content with zero values. Because Hyper-V allocates all of the storage space when it creates the virtual hard disk, the size of a fixed-size virtual hard disk does not change. This minimizes fragmentation and space on a fixed-size disk, which is as contiguous as possible when it is created. You cannot create fixed-size virtual hard disks that require more space than is available on the physical storage—you cannot overcommit your physical storage. Fixed-size virtual hard disks are larger than dynamically expanding virtual hard disks, and as such, moving them can be more time-consuming. Traditionally, fixed-size virtual hard disks offered better performance than dynamically expanding virtual hard disks (and are almost identical to directly attached disk). However, since Windows Server 2012, this performance difference is minimal.



Dynamically expanding. When you create a dynamically expanding virtual hard disk, Hyper-V creates a small file on the Hyper-V host. That file then grows as you write data to the virtual hard disk until it reaches its fully allocated size. The size of the dynamically expanding disk only grows. It does not shrink even if you delete data. For example, if you create a 100-GB dynamically expanding virtual hard disk, Hyper-V will create a file that will be only a few megabytes (MB) in size. When you write into that virtual hard disk file, it will grow; however, when you delete information from the virtual hard disk it will not shrink. When you start using the dynamically expanding virtual hard disk, for example, by formatting partitions and installing an operating system onto it, it will start growing until it reaches its maximum size of 100 GB. Hyper-V creates the dynamically expanding virtual hard disk much faster because it does not allocate all the space at once. However, when you add data to the virtual hard disk, it might fragment in the same way that any file would on your volume. You can create dynamically expanding virtual hard disks that would require more space on the storage subsystem than is currently available—you can overcommit storage. Dynamically expanding virtual hard disks are smaller than other virtual hard disk types until reaching their maximum size.

MCT USE ONLY. STUDENT USE PROHIBITED

3-8 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Historically, dynamically expanding virtual hard disks had inferior performance as compared with fixed-size disks. However, in Windows Server 2012, this performance difference is minimal. Companies typically use dynamically expanding virtual hard disks in test and development environments. However, with live storage migration, the smaller size of dynamically expanding disks also is attractive. When you create a new .vhd virtual hard disk in Windows Server 2012 R2, the New Virtual Hard Disk Wizard selects fixed-size by default. If you create a .vhdx virtual hard disk, the New Virtual Hard Disk Wizard selects the dynamically expanding type by default. After Hyper-V creates a dynamically expanding virtual hard disk, you can convert it to fixed-size, and vice versa. Note: The fixed-size type virtual disk is a better choice when you are using the .vhd format because it offers better resiliency and performance compared with the other virtual hard disk types. When using the .vhdx format, it is beneficial to use the dynamically expanding type. In addition to space savings, it offers resiliency. The fixed-size type is also a good choice for both virtual disk formats when the storage on the Hyper-V host is not actively monitored. Performance Tuning Guidelines for Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=386680 Question: Do you benefit from Windows Offloaded Data Transfers when you are creating a dynamically expanding virtual hard disk?

Differencing Virtual Hard Disks A differencing virtual hard disk always links to another virtual hard disk in a parent/child relationship. It cannot exist on its own. The parent virtual hard disk can be fixed-size or dynamically expanding, but as soon as it becomes a base disk for a differencing disk, it cannot be written to, so it will neither grow not contract. The differencing virtual hard disk is always dynamically expanding. You can also chain differencing virtual hard disks, as long as all base disks are not written to. In this scenario, one differencing virtual hard disk is using another differencing virtual hard disk as a base (parent) disk.

The differencing virtual hard disk stores changes for the parent disk and provides a way to isolate changes without altering the parent disk. When you use a differencing virtual hard disk, you can access all the data from the parent disk, and changes you make are written only to the differencing virtual hard disk, not to the parent disk. In other words, reads for modified data are served from the differencing virtual hard disk, and reads of all other data are served from the parent virtual hard disk. Metadata is used in both cases to determine from where data should be read, which results in differencing virtual hard disks having slower performance than fixed-size or dynamically expanding virtual hard disks. Differencing virtual hard disks must use the same format as the parent disks—either .vhd or .vhdx.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Note: While differencing virtual hard disks do have their place in production environments, especially with Virtual Desktop Infrastructure (VDI) pooled desktops, they should be used sparingly and only after careful planning in other scenarios.

3-9

The differencing virtual hard disk expands dynamically because data that is intended for the parent disk is written to the differencing virtual hard disk. The base/differencing relationship is based on the integrity of the base disk. Therefore, you should not write to the parent disk because any change made to the parent disk will invalidate all differencing virtual hard disks that are linked to that parent. Note: A differencing disk references a parent disk and stores the changes. Therefore, you should avoid making any changes to a parent disk. As a best practice, you should configure a parent disk as read-only. Be aware that a Merge operation changes the parent disk and invalidates any other differencing disks that use that parent disk.

You cannot specify a size for a differencing virtual hard disk. Differencing virtual hard disks can grow as large as the parent’s disk size limit. However, unlike dynamically expanding disks, you cannot compact differencing virtual hard disks directly. You can compact a differencing virtual hard disk only after it merges with its parent disk.

Differencing virtual hard disks can be beneficial in some scenarios. For example, you could use a virtual hard disk that has a clean installation of the Windows Server 2012 R2 operating system as a parent, and then use a new differencing virtual hard disk as the virtual machine hard disk. You could even create multiple differencing virtual hard disks for multiple virtual machines that would use the same Windows Server 2012 R2 virtual disk as their parent disk. Note: Differencing virtual hard disks can be useful in a testing or training environment. Question: Can Hyper-V allocate more storage space to a differencing virtual hard disk than to the parent disk to which it links?

Demonstration: Creating a Virtual Hard Disk In this demonstration, you will see how to create a virtual hard disk.

Demonstration Steps 1.

2.

Use Hyper-V Manager to create a new virtual hard disk with following settings: o

Format: VHDX

o

Type: Dynamically expanding

o

Name: Dynamic.vhdx

o

Size: 100 GB

Use Hyper-V Manager to create a new virtual hard disk with following settings: o

Format: VHD

o

Type: Differencing

o

Name: Differencing.vhd

o

Parent: E:\Program Files\Microsoft Learning\base\Base14A-WS12R2.vhd

3.

4.

In Windows PowerShell, use the cmdlet New-VHD to create a new virtual hard disk with the following settings: o

Path: C:\Shares\VHDs\Fixed.vhdx

o

Size: 1 GB

o

Type: Fixed size

MCT USE ONLY. STUDENT USE PROHIBITED

3-10 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

On LON-HOST1, in File Explorer, browse to C:\Shares\VHDx, and then confirm that Fixed.vhdx allocates 1 GB disk space, while both Dynamic.vhdx and Differencing.vhd are allocated less disk space.

Directly Attached Disks

Virtual machines can use virtual hard disk files or physical disks that are directly attached to a virtual machine as their hard drives. Directly attached physical disks enable virtual machines to bypass the Hyper-V host and access storage directly, without first configuring the volume on the Hyper-V host. The directly attached disk can be an internal Hyper-V host physical disk. It can also be a SAN LUN that is mapped to the Hyper-V host or is mapped directly by the operating system that is running on the virtual machine. The virtual machine must have exclusive access to the directly attached disk, which means that the disk must be set in an offline state. The directly attached disk is not limited in size, and it can be larger than the virtual hard disk size limit. Note: LUN is a logical reference to a portion of a SAN.

Features of Directly Attached Disks Some of the main features of directly attached disks are: •

When a virtual machine is using a directly attached disk, there is no associated virtual hard disk involved because the virtual machine is accessing a physical disk.



Directly attached disks provide superior performance, similar to physical disks, because there is no overhead involved. On Windows Server 2012 and newer versions, fixed-size virtual hard disks provide similar performance. Dynamically expanding virtual hard disks have only slightly lower performance.



If a virtual machine will access a directly attached disk on a SAN, you do not need to mount the LUN on a Hyper-V host by using iSCSI or Fibre Channel.



Accessing directly attached disks requires lower CPU utilization because it does not involve any overhead on the Hyper-V host.



Directly attached disks have no size limitation, and they can be larger than 64 TB.



You cannot use differencing virtual hard disks with directly attached disks.



Checkpoints are not available on directly attached disks.



The physical disk must be set to offline state on the Hyper-V host before you can configure it as a directly attached disk for a virtual machine.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-11



You cannot expand directly attached disks dynamically unless such functionality is provided in the SAN.



The Hyper-V Volume Shadow Copy Service (VSS) writer cannot back up directly attached disks, and you cannot use Windows Server Backup in the parent partition to back up such disks. In such a case, you should use the backup program that is installed on the virtual machine.

Note: You cannot use Live Migration to move virtual machines between Hyper-V hosts that are not in the same failover cluster if the virtual machines are using directly attached disks.

If you want to configure a virtual machine to use an internal Hyper-V host physical disk or a LUN that is connected to a Hyper-V host as a directly attached disk, you can access it over a virtual IDE or SCSI controller. You can do so by modifying the virtual machine hard disk settings to use a physical disk instead of a virtual hard disk. If you want to use a SAN directly from inside a virtual machine, you should either configure an iSCSI initiator in the virtual machine or add a virtual Fibre Channel adapter to the virtual machine, depending on how you will access the SAN. Virtual Hard Disk Performance http://go.microsoft.com/fwlink/?LinkID=386681 Question: Can you view a directly attached disk that a virtual machine is using from the Disk Management tool that is running on the Hyper-V host on which the virtual machine is running?

Virtual Hard Disk Sharing Prior to Hyper-V in Windows Server 2012 R2, virtual machines used virtual hard disks exclusively. This means that while one virtual machine was using a virtual hard disk, no other virtual machine could use the same virtual disk. With Windows Server 2012 R2, you can share virtual hard disks between multiple virtual machines. This can be especially useful when configuring failover clustering in virtual machines. Prior to Windows Server 2012 R2, you could use only iSCSI or Fibre Channel SAN for shared storage. In Hyper-V in Windows Server 2012 R2, you can use shared virtual hard disks for the same purpose.

You can enable virtual hard disk sharing only for .vhdx files that are connected to a virtual SCSI controller. You cannot use virtual hard disk sharing for .vhd files that are connected to a virtual IDE controller. You can store the shared .vhdx file only on a failover cluster. This can be a Cluster Shared Volume (CSV) on block storage, which includes clustered storage spaces, or a scale-out file server with SMB 3.0 on filebased storage. You cannot enable virtual hard disk sharing if these prerequisites are not met. For example, if the .vhdx file is connected to a virtual SCSI controller but is stored locally or on a SMB 3.0 share. Virtual Hard Disk Sharing Overview http://go.microsoft.com/fwlink/?LinkID=386688 Question: When would you use shared virtual hard disks?

Quality of Service Management In older versions of Hyper-V, it was not possible to limit I/O operations per second (IOPS) per virtual machine. If a virtual machine had an application that was storage-intensive with a large number of read and write operations to the storage, the virtual machine could monopolize the Hyper-V host, and other virtual machines could have slower access to storage. In Windows Server 2012 R2, Hyper-V includes an option to configure QoS parameters when virtual machines are accessing the storage, so that you can provide enough IOPS to each virtual machine.

MCT USE ONLY. STUDENT USE PROHIBITED

3-12 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

You can configure storage QoS for each virtual hard disk. By specifying the maximum IOPS value on the advanced features of the virtual hard disk, you can balance and throttle the storage I/O between virtual machines and prevent a virtual machine from consuming excessive storage I/O operations, which could affect other virtual machines. You can also configure the minimum IOPS value and receive a notification when the IOPS for that virtual hard disk is below the configured value. In addition, the virtual machine metrics infrastructure is updated with storage-related parameters so that you can monitor the performance and chargeback for used resources. Note: Virtual disk maximum IOPS settings are specified in terms of normalized IOPS. IOPS are measured in 8 KB increments. Note: Storage QoS is not available if you are using shared virtual hard disks. Storage Quality of Service for Hyper-V http://go.microsoft.com/fwlink/?LinkID=386689

Hyper-V Considerations for Virtual Hard Disk Storage When working with virtual machines, virtual hard disks require by far the largest amount of storage space. In addition, virtual hard disks should have the highest possible access speed and throughput, and you should store them on redundant, highly available storage. The main Hyper-V considerations for virtual hard disks are as follows: •

Virtual hard disks encapsulate the content of the entire virtual machine hard disk. They can be very large, and their size increases through time if they are dynamically expanding or differencing. You should ensure that there is enough space for the virtual hard disks on the storage and implement monitoring to increase available space when needed.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-13



Virtual machines that are running on the same Hyper-V host are in competition for disk I/O. To improve performance, you should have as many of the fastest physical disks as possible.



Windows Server 2012 includes storage spaces so that you can create redundant storage for virtual hard disks.



If available, you should use solid-state drives (SSDs) for best possible performance. They do not have moving parts, and they provide fast access speed and high throughput.



Windows Server 2012 R2 introduces tiered storage, which you can use to combine classical spindle base disks and SSDs in the same storage. Tiered storage significantly increases access speed and throughput.



You can store the virtual hard disks of running virtual machines on an SMB 3.0 share. Windows Server 2012 introduced this capability, and it provides a similar level of availability and performance as storing virtual hard disks on a SAN. When accessing an SMB 3.0 file share, you can use features such as SMB transparent failover, SMB scale-out, SMB multichannel, and SMB direct.



You can use SAN for storing virtual hard disks. SAN provides several benefits, such as high performance and high availability, and the possibility to expand LUNs dynamically if you need additional storage.



Antivirus software should exclude Hyper-V-specific files, including virtual hard disks (.vhd and .vhdx). Question: For storing virtual machines, what are the benefits of SAN compared to local storage?

Demonstration: Managing Virtual Hard Disks In this demonstration, you will see how to manage virtual hard disks.

Demonstration Steps 1.

On LON-HOST1, use the Edit Virtual Hard Disk Wizard to expand Fixed.vhdx to 2 GB.

2.

Use the Edit Virtual Hard Disk Wizard to expand Dynamic.vhdx to 200 GB.

3.

On LON-CL1, use Disk Management to confirm that Disk 1 and Disk 2 have expanded, and now have 2 GB and 200 GB of unallocated space.

Lesson 2

Creating and Configuring Virtual Machines

MCT USE ONLY. STUDENT USE PROHIBITED

3-14 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Hyper-V is the infrastructure that you use for running virtual machines. You can create virtual machines in several different ways. This lesson explains how you can create virtual machines by using Hyper-V Manager and Windows PowerShell. This lesson also explores hardware components of the virtual machine and explains the differences between Generation 1 and Generation 2 virtual machines. You will also learn about Integration Services, which provides support for synthetic devices, in addition to any communication required between the parent and the guest operating system, such as heartbeat and time sync. A SCSI controller and a virtual Fibre Channel adapter are examples of synthetic devices. Virtual machines use synthetic devices to access storage directly on Fibre Channel SANs.

Lesson Objectives After completing this lesson, you will be able to: •

Describe the components of a Generation 1 virtual machine.



Describe Generation 2 virtual machines.



Create virtual machines.



Describe the configuration of virtual machine settings.



Describe dynamic memory.



Describe smart paging.



Describe Integration Services.



Configure Integration Services.



Describe the use of virtual Fibre Channel adapters.

What Are the Components of a Generation 1 Virtual Machine? A virtual machine represents a physical computer in a virtualization environment. Virtual computers have components that are similar to physical computers. However, virtual computers can only use components that are part of Hyper-V virtualization. A virtual machine cannot use components that you can attach to the physical Hyper-V host unless they are properly configured to do so. Virtual hardware is either emulated, synthetic, or in rare cases, such as with single-root I/O virtualization (SR-IOV) network adapters, directly mapped to virtual machines. Hyper-V can present devices to a virtual machine in the following two ways: •

Hyper-V presents an emulated device to the virtual machine as if it is actual hardware, although such a physical component does not exist in the Hyper-V host. Emulated devices present standard and well-known functionalities that are universal to all devices of that type. This means that almost any operating system supports them. Emulated devices are available when the virtual machine starts, and

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-15

the virtual machine can start from them. These emulated devices include IDE controllers or legacy network devices. However, because these devices are emulated, they do not perform as well and present additional overhead for the Hyper-V host. •

Hyper-V does not present synthetic components to the virtual machine as actual hardware. It presents them to the operating system on the virtual machine as a functionality that the device driver can use. When an operating system has support for that functionality, it can pass the communication with it through virtual machine bus (VMBus). Operating systems must support VMBus, and device drivers for that functionality must be loaded for the virtual machine to be able to use synthetic components. This is why synthetic components are not available during startup, and why you cannot start a Generation 1 virtual machine from a SCSI controller.

Until Windows Server 2012 R2, you could create only one type of virtual machine—Generation 1. A Generation 1 virtual machine contains the components in the following table. Component

Description

BIOS

Specifies startup order of the boot devices.

Memory

Configures the amount of memory assigned to the virtual machine, the dynamic range of memory that can be used, and memory weight. When the virtual machine is running, that memory allocates exclusively and cannot be used by other virtual machines or by the Hyper-V host.

Processor

Configures the number of processors that are available to the virtual machine, the resource control, the processor compatibility settings, and the non-uniform memory access (NUMA) settings.

IDE controller

Connects IDE virtual disks and DVD to the virtual machine. Generation 1 virtual machines have two IDE controllers. Devices that connect to IDE controllers can be used to start the virtual machine.

SCSI controller

Connects SCSI virtual disks to the virtual machine. SCSI controllers are synthetic, which means that a Generation 1 virtual machine cannot start from a virtual disk that is connected to it.

Network adapter

Connects a virtual machine with the virtual switch. A network adapter is synthetic, which means that Generation 1 virtual machines cannot use it for Pre-Boot Execution Environment (PXE) startup.

Legacy network adapter

Connects the virtual machine with the virtual switch. A legacy network adapter is emulated, which means that it is available during startup, and Generation 1 virtual machines can use it for PXE.

Fibre Channel adapter

Accesses Fibre Channel–based storage directly from the virtual machine. This is a synthetic device, which means that it is not available during startup.

RemoteFX 3D video adapter

Enables a rich graphic experience in virtual machines.

COM port

Configures the virtual COM port to communicate with the physical server through a named pipe.

Diskette drive

Connects virtual floppy disks to the virtual machine.

In addition to virtual hardware components, you can also configure virtual machine management components such as Integration Services, checkpoint file location, smart paging file location, automatic start action, and automatic stop action.

Overview of Generation 2 Virtual Machines Virtual machines work the same way that physical computers do. Most operating systems and applications that run in virtual machines will not be aware that they are virtualized. By using emulated hardware, operating systems that are not virtualization-aware can still run in virtual machines. In machines that are run enlightened operating systems, Integration Services allow the virtual machines to access synthetic devices, and thus, perform better. With the broad adoption of virtualization, many modern operating systems now include Integration Services.

MCT USE ONLY. STUDENT USE PROHIBITED

3-16 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Windows Server 2012 R2 changes all of this. It still fully supports the existing type of virtual machines by naming them Generation 1 virtual machines, but it also provides support for the new type of virtual machines, called Generation 2 virtual machines. Generation 2 is built on the assumption that operating systems are virtualization-aware. Generation 2 removes all the legacy and emulated virtual hardware devices and uses only synthetic devices. BIOS-based firmware is replaced by advanced UEFI firmware, which supports Secure Boot. Virtual machines start from a SCSI controller or by using PXE from a network adapter. All the legacy and emulated devices are removed from Generation 2 virtual machines, and the remaining virtual devices use VMBus to communicate with parent partitions.

Generation 1 and Generation 2 virtual machines have similar performance, except during startup and when installing operating system. In these instances, Generation 2 is considerably faster. You can run Generation 1 and Generation 2 virtual machines side-by-side on the same Hyper-V host. You select virtual machine generation when you create a new virtual machine and you cannot change it later. Generation 1 virtual machines will still be in use for a long time because you can install almost any operating system on such virtual machines. Generation 2 virtual machines currently support only Windows Server 2012, Windows 8 (64-bit), and newer 64-bit Windows operating systems. Generation 2 Virtual Machine Overview http://go.microsoft.com/fwlink/?LinkID=386690 Question: Can you convert a Generation 1 Windows Server 2012 R2 virtual machine to a Generation 2 virtual machine?

Demonstration: Creating Virtual Machines In this demonstration, you will see how to create a virtual machine.

Demonstration Steps 1.

On LON-HOST1, use Hyper-V Manager to create a new virtual machine with the following settings: o

Name: LON-VM2

o

Generation: Generation 2

o

Startup Memory: 1024 MB

o

Use Dynamic Memory: Enabled

2.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-17

Use the Windows PowerShell cmdlet New-VM to create a new virtual machine with the following settings: o

Name: LON-VM1

o

Generation: Generation 1

o

Startup Memory: 1 GB

o

Boot Device: IDE

3.

Use the cmdlet Add-VMHardDiskDrive to add the C:\Shares\VHDs\Differencing.vhd disk to the IDE Controller of LON-VM1.

4.

On LON-HOST1, use Hyper-V Manager to confirm that there are three types of hardware listed in the Add Hardware section in the details pane for LON-VM2. Confirm also that no BIOS, IDE Controllers, COM ports or Diskette Drive are listed, but that Firmware is listed.

5.

Use Hyper-V Manager to confirm that you can add five hardware types to LON-VM1. Confirm also that BIOS, IDE Controllers, COM ports and a Diskette Drive display, but no Firmware displays.

Configuring Virtual Machine Settings

When you create a virtual machine by using the New Virtual Machine Wizard or the Windows PowerShell New-VM cmdlet, you can configure only a limited number of options. For example, you cannot adjust dynamic memory settings, add more than one virtual hard disk to the virtual machine, or configure the virtual machine with a directly attached or differencing disk. However, after you create the virtual machine, you have many more options that you can configure. You can configure most of the virtual machine settings and modifications to hardware configuration only when the virtual machine is turned off (not paused or in saved state). However, you can configure options such as the virtual switch to which network adapter is connected, or add a virtual hard disk to the SCSI controller while the virtual machine is running. Configuration options also depend slightly on the virtual machine generation because some virtual hardware is available only for Generation 1 virtual machines. You can enable safe boot for Generation 2 virtual machines, whereas Generation 1 does not have such an option. You can configure virtual machine settings in Hyper-V Manager or by using Windows PowerShell. In Hyper-V Manager, you right-click the virtual machine, click Settings, and then modify properties of the hardware component that you want to configure. In Windows PowerShell, you can use several different cmdlets to configure a virtual machine, depending on whether you want to configure virtual machine settings (Set-VM), add virtual hardware components (Add-VMHardDiskDrive, Add-VMNetworkAdapter) or modify existing hardware component settings (Set-VMHardDiskDrive, Set-VMNetworkAdapter).

MCT USE ONLY. STUDENT USE PROHIBITED

3-18 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

As part of the virtual machine settings, you can also configure management settings. In the Management section, you can configure the components that are listed in the following table. Component

Description

Name

Specify the name of the virtual machine and add comments about it.

Integration Services

Enable services that the Hyper-V host will offer to the virtual machine. To use any of the services, Integration Services must be installed and supported on the virtual machine operating system.

Checkpoint File Location

Specify the folder in which checkpoint files for the virtual machine will be stored. You can modify this location until the first checkpoint is created.

Smart Paging File Location

Specify the folder in which the Smart Paging file for the virtual machine will be created, if necessary.

Automatic Start Action

Specify whether to start the virtual machine automatically after the Hyper-V host restarts, and how long after Hyper-V is running to start them.

Automatic Stop Action

Specify the state in which to place the virtual machine once the Hyper-V host shuts down.

Question: Can you modify virtual machine memory settings while the virtual machine is running?

What Is Dynamic Memory?

Physical computers have a static amount of memory, which does not change until you shut down the computer and add additional physical RAM. The experience with virtual machines is the same when you do not configure them to use dynamic memory. Virtual machines are assigned the same amount of memory while they are running. However, with Hyper-V, you can configure virtual machines to use dynamic memory, which enables more efficient use of the available physical memory. If you enable dynamic memory, the memory is treated as a shared resource, which can be reallocated automatically between running virtual machines. Dynamic memory adjusts the amount of memory that is available to a virtual machine based on memory demand, available memory on the Hyper-V host, and the virtual machine memory configuration. This can make it possible to run more virtual machines simultaneously on the Hyper-V host. This can be especially beneficial in environments that have many idle or low-load virtual machines, such as pooled VDI environments.

You can configure virtual machine memory usage on the Memory Settings page for each virtual machine. On this page, you can configure the following settings: •

Startup RAM. Use this setting to configure the amount of memory that will be available to the virtual machine at startup time. If dynamic memory is not enabled, the virtual machine will use this memory all the time while it is running (static memory).





MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-19

Enable Dynamic Memory. Use this setting to configure the virtual machine to use dynamic memory by enabling this option. If you enable this setting, the following three options become available: o

Minimum RAM. Use this option to set the minimum amount of memory that the virtual machine can use while it is running. The virtual machine cannot use less than this amount. You can decrease this value while the virtual machine is running.

o

Maximum RAM. Use this option to set the maximum amount of memory that a virtual machine can use while it is running. The virtual machine cannot use more than this amount of memory. You can increase this value while the virtual machine is running.

o

Memory buffer. Use this option to specify the percentage of memory that Hyper-V should reserve as a buffer. Hyper-V uses the percentage and the current memory demand to determine an amount of memory for the buffer.

Memory weight. Use this option to specify how to prioritize the memory availability for the virtual machine compared to other virtual machines that are running on the same Hyper-V host.

As with most other virtual machine settings, you cannot modify virtual machine memory settings while the virtual machine is running. If you enable dynamic memory, however, you can decrease virtual machine minimum RAM settings and increase maximum RAM while the virtual machine is running.

When enabled, dynamic memory results in more efficient use of the physical memory and enables more virtual machines to run simultaneously. For example, consider a Hyper-V host with 8 GB of available physical RAM, and four virtual machines created for the Finance, Engineering, Sales, and Services departments. Each virtual machine has dynamic memory enabled and is configured with 1 GB of startup RAM, 512 MB of minimal RAM, and 4 GB maximum RAM. In this scenario, when you start three virtual machines, they will each be allocated 1 GB of RAM, which presents 37.5 percent utilization of the Hyper-V host’s physical RAM. After a few minutes, the operating systems on all virtual machines will be running. In the Finance and Engineering departments, running virtual machine applications require more RAM, and memory utilization will increase to 3 GB and 2 GB, and the Sales virtual machine will still use 1 GB of memory. All three virtual machines will be using 6 GB of memory total, which is 75 percent of the Hyper-V host’s physical RAM. After another 15 minutes, the Finance virtual machine load lessens and no longer needs as much memory. Dynamic memory will automatically decrease the memory that is assigned to the Finance virtual machine to 2 GB. The Sales virtual machine, which is inactive for a long time, has a decrease to 512 MB RAM. The Engineering virtual machine, which becomes even more active, has more dynamic memory assigned to it. It now uses 4 GB of RAM, which is the maximum amount of configured RAM allowed. Now that you have enough available resources, you can also start the fourth virtual machine for the Services department. This results in Hyper-V using 7.5 GB of RAM, which is near its limit, and is 94 percent RAM utilization of the Hyper-V host. Hyper-V Dynamic Memory Overview http://go.microsoft.com/fwlink/?LinkID=386694 Question: How does dynamic memory enable you to run more virtual machines on the same amount of physical RAM?

What Is Smart Paging?

MCT USE ONLY. STUDENT USE PROHIBITED

3-20 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

When you enable dynamic memory for a virtual machine, minimum RAM setting can be less than the startup RAM assigned to a virtual machine. This is because operating systems typically need more memory during startup than when they are running with high idle. Startup and minimum RAM settings allow the Hyper-V host to reclaim memory that the virtual machine no longer needs. However, if the Hyper-V host is low on memory, it can also result in insufficient available memory (startup RAM), when the virtual machine is restarted. In such a case, Hyper-V needs additional memory to restart the virtual machine. It uses smart paging to bridge the memory gap between minimum and startup memory.

Smart Paging

Smart paging is a memory management technique. It pages memory to the physical disk as additional, temporary memory when more memory is required to restart a virtual machine. This approach provides a reliable way to keep virtual machines running when there is not enough available physical memory. However, it degrades virtual machine performance because disk access is much slower than memory access. The default location for the smart paging file is configurable per virtual machine.

To minimize the performance impact of smart paging, Hyper-V uses it only when it is absolutely needed, and if all of the following three conditions are met: •

The virtual machine is restarted.



There is not enough available physical memory on the Hyper-V host.



Memory cannot be reclaimed from other virtual machines on the Hyper-V host.

Smart paging is not used in any other situation, including the following three situations: •

The virtual machine is being started from an Off state.



You want to configure the virtual machine with more memory than is physically available.



The virtual machine is moved over or failed over from another Hyper-V cluster node.

Guest Paging

Hyper-V relies on guest paging (operating system paging inside the virtual machine) because it is more effective than smart paging. With guest paging, the memory manager performs the paging operation inside virtual machines. The memory manager has more information about memory usage within a virtual machine than does the Hyper-V host. This means that the memory manager can provide Hyper-V with better information to use when it is choosing the memory to be paged. Because of this, internal guest paging incurs less overhead to the system compared with smart paging. To reduce the impact of smart paging further, Hyper-V removes memory from the virtual machine after it completes the restart process. It accomplishes this by coordinating with dynamic memory components inside the virtual machine so that the virtual machine stops using smart paging. This process is also called ballooning. The use of smart paging is temporary and is not longer than 10 minutes.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-21

To continue the example from the previous topic, if you assume that the Finance and Engineering virtual machines use all 8 GB of available physical memory on the Hyper-V host, you can restart the other two virtual machines only when using smart paging. However, you can only restart them if they are already running. If they are off already, and if there are not enough resources to start them, you will get an error when you try to start the virtual machines. Question: Does Hyper-V use smart paging if a virtual machine is configured with the same amount of startup and minimum RAM?

Overview of Integration Services When an operating system is not virtualization-aware, it behaves the same on a virtual machine as it does on a physical computer that does not have proper device drivers for some hardware. It can still use emulated virtual devices, but not synthetic virtual devices. It also is unable to use features that are available only on virtual machines, such as time synchronization with the Hyper-V host, or releasing the mouse when the cursor reaches the edge of the virtual machine window.

By default, newer operating systems that are virtualization-aware already include support for synthetic devices, VMBus, and other virtualization-specific features. If the operating system is supported by Hyper-V but it does not include virtualization support, then you should install Hyper-V Integration Services on the virtual machine with that operating system. If the operating system includes Integration Services, but Hyper-V provides newer version of Integration Services, you should install them into operating system on the virtual machine. Integration Services provide better interoperability with the Hyper-V environment and support for VMBus, synthetic devices, and other virtualization-specific features. Hyper-V Integration Services that are available in virtual machines are: •

Hyper-V Guest Shutdown Service. If you want to shut down a virtual machine without interacting directly with the operating system on the virtual machine, the Hyper-V Guest Shutdown Service provides a virtual machine shutdown function. Hyper-V initiates the shutdown request by using a Windows Management Instrumentation call.



Hyper-V Time Synchronization Service. This service synchronizes the time on the virtual machine with the time on the Hyper-V host.



Hyper-V Data Exchange Service. This service provides a method to set, delete, enumerate, and exchange specific registry key values between the virtual machine and the Hyper-V host.



Hyper-V Heartbeat Service. The Hyper-V host uses this service to verify if an operating system that is running on a virtual machine is responding to requests.



Hyper-V Volume Shadow Copy Requestor. When operating systems on virtual machines support VSS, the Hyper-V Volume Shadow Copy Requestor service allows the Hyper-V host to request the synchronization and backup of a running virtual machine.



Hyper-V Remote Desktop Virtualization Service. This service enables the Remote Desktop Virtualization Host to communicate with and manage virtual machines that are part of a VDI collection.



MCT USE ONLY. STUDENT USE PROHIBITED

3-22 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Hyper-V Guest Service Interface. This is a new integration service in Hyper-V in Windows Server 2012 R2. It enables enhanced session mode communication with virtual machines, including device redirection, shared Clipboard, and drag-and-drop functionality between the Hyper-V host and virtual machines.

In virtual machine settings, on the Integration Services page, you can control which Integration Services will be offered to a virtual machine. To use Integration Services, you must install it and ensure that the operating system that is running on the virtual machine supports it. When you have installed Integration Services on the virtual machine, you can see the services among other services on the virtual machine. By default, all Integration Services except Hyper-V Guest Service Interface are enabled for the virtual machines that you create in Hyper-V in Windows Server 2012 R2. You can find out which version of Integration Services is installed on a virtual machine by running the following cmdlet: Get-VM | Get-VMIntegrationService | ft VMName,PrimaryStatusDescription,OperationStatus

Note: Integration Services are available for Windows operating systems and supported Linux operating systems. The current release of Integration Services for Linux adds support for dynamic memory and for backing up a Linux virtual machine while it is running, in the same manner as Windows-based virtual machines. Question: Do you need to install Integration Services on a virtual machine if the operating system on the virtual machine already includes it and is aware that it is running in a virtualized environment?

Demonstration: Configuring Integration Services In this demonstration, you will see how to configure Integration Services.

Demonstration Steps 1.

On LON-CL1, use a command prompt to make note of the local time, and then reset it to 11:00.

2.

On LON-CL1, verify the local time again, and then confirm that it was set back automatically to its previous value.

3.

On LON-HOST1, use Hyper-V Manager, to disable Time synchronization Integration Service for 20409B-LON-CL1.

4.

On LON-CL1, use a command prompt to set the local time to 11:00.

5.

Confirm that the local time is now a few second after 11:00, as the time in virtual machine is no longer synchronizing with the Hyper-V host.

6.

Use Device Manager to confirm that virtual machine is using the Microsoft Hyper-V Video adapter and several System devices with Hyper-V in their name, including Microsoft Hyper-V Dynamic Memory. All those of these virtual devices are provided as part of Integration Services.

Using a Virtual Fibre Channel Adapter The virtual Fibre Channel adapter in Hyper-V provides an operating system on a virtual machine with direct access to a Fibre Channel SAN by using a standard World Wide Name (WWN), which is associated with each adapter. This enables you to virtualize servers that require access to the Fibre Channel SAN, for example, as shared storage in guest failover cluster scenarios.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-23

Before using a virtual Fibre Channel adapter, you must create virtual SANs on the Hyper-V host. You can connect a Hyper-V host to multiple Fibre Channel SANs through multiple Fibre Channel ports. A virtual SAN defines a named group of physical Fibre Channel ports that are connected to the same physical SAN. For example, a Hyper-V host can connect through two physical Fibre Channel ports to a production SAN and a test SAN. You could configure two virtual SANs: one named Production SAN with two physical Fibre Channel ports connected to the production SAN, and one named Test SAN, which has two physical Fibre Channel ports connected to the test SAN. You can then use the same approach to name two separate paths to a single storage target. Virtual machines can have up to four virtual Fibre Channel adapters, and you can associate each with a different virtual SAN. Each virtual Fibre Channel adapter connects with one or two WWN addresses. Two WWN addresses are required for highly available virtual machines, and to maintain Fibre Channel connectivity during live migration. You can set a WWN address automatically or manually. If you want to use a virtual Fibre Channel adapter, your environment must meet the following requirements: •

The Hyper-V host must have one or more physical Fibre Channel host bus adapters (HBAs), which support N_Port ID Virtualization.



Virtual machines must have Windows Server 2008 or a newer Windows Server operating system installed to be able to use a virtual Fibre Channel adapter. Windows client operating systems do not support the virtual Fibre Channel adapter.



A virtual Fibre Channel adapter is a synthetic adapter. Virtual machines can use a Fibre Channel SAN for storing data, but storage that is accessed through a virtual Fibre Channel adapter cannot be used as boot media.

When a virtual machine has virtual Fibre Channel adapters, consider the following limitations: •

You cannot create checkpoints of the volumes that are stored on a Fibre Channel SAN.



Backups that are created on the Hyper-V host-by using the Hyper-V VSS provider do not include SAN data. If you want to create a backup of the data on a Fibre Channel SAN, you should use a backup program or a backup agent that is on the virtual machine.



Hyper-V cannot perform live migration of data that is stored on a Fibre Channel SAN. Hyper-V Virtual Fibre Channel Overview http://go.microsoft.com/fwlink/?LinkID=386691 Question: You have a Hyper-V host that has a Fibre Channel host bus adapter (HBA) and access to a Fibre Channel SAN. Can you add a virtual Fibre Channel adapter to a virtual machine that has Windows 8.1 installed and is on that Hyper-V host?

Lab A: Creating and Managing Virtual Hard Disks and Virtual Machines Scenario A. Datum Corporation is continuing with its pilot virtualization project. You have deployed the virtualization hosts by installing Hyper-V on Windows Server 2012 R2 in one of the subsidiaries. The next step is to deploy virtual machines on these hosts. Because the virtualization platform is new to A. Datum, you need to spend some time familiarizing yourself with the Hyper-V features and components. To do this, you decide to deploy and evaluate different hard disk types and virtual machine configurations.

Objectives After completing this lab, you will be able to: •

Create and manage virtual hard disks.



Create and manage virtual machines.

Lab Setup Estimated Time: 70 minutes Virtual machines: 20409B-LON-HOSTx, 20409B-LON-CLx, 20409B-LON-DC1, 20409B-LON-SS1 User name: Adatum\Administrator Password: Pa$$w0rd

MCT USE ONLY. STUDENT USE PROHIBITED

3-24 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps: 1.

Sign in to the LON-HOSTx computer as Adatum\Administrator with the password of Pa$$w0rd.

2.

On LON-HOST1, start Hyper-V Manager.

3.

In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.

4.

In the Actions pane, click Connect. Wait until the virtual machine starts.

5.

Sign in by using the following credentials: o

User name: Adatum\Administrator

o

Password: Pa$$w0rd

6.

Repeat steps 3 and 4 for 20409B-LON-SS1.

7.

Repeat steps 3 through 5 for 20409B-LON-CLx. The letter x is 1 for the first student in the team, and 2 for the second student in the team.

Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines. You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.

Exercise 1: Creating and Managing Virtual Hard Disks Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-25

In this exercise, you will create different types of virtual hard disks. You will use Hyper-V Manager and Windows PowerShell to create the virtual hard disks and to explore the differences between them. You will confirm that differencing virtual hard disks can already have some content when created, while a fixed-size disk allocates its full size on the storage when created. You will also confirm that the differencing virtual hard disk expands when you add data to it. You will add virtual disks to the virtual machine and expand them while the virtual machine is running. You will also see how you can add a directly attached disk to the virtual machine. The main tasks for this exercise are as follows: 1.

Create virtual hard disks.

2.

Explore different virtual hard disk types.

3.

Manage virtual hard disks.

4.

Add a directly attached disk.

 Task 1: Create virtual hard disks 1.

On LON-HOSTx, use the Set-VMHost cmdlet to set the virtual hard disk path to C:\Shares\VHDs, and to set the virtual machine path to C:\Shares.

2.

Use the New Virtual Hard Disk Wizard in Hyper-V Manager to confirm that the default disk type for VHD hard disk is Fixed size, and that the maximum size is 2,040 GB.

3.

Use Hyper-V Manager to create a new virtual hard disk with the following settings:

4.

o

Format: VHDX

o

Type: Dynamically expanding

o

Name: Dynamic.vhdx

o

Size: 100 GB

Use Hyper-V Manager to create a new virtual hard disk with the following settings: o

Format: VHD

o

Type: Differencing

o

Name: Differencing.vhd

o

Parent: E:\Program Files\Microsoft Learning\base\Base14A-WS12R2.vhd

Note: The actual drive letter on which base images are stored can be different and, it depends on the physical server configuration. Drive E is used in the instructions, but you should use the drive on which base images are stored in your environment. 5.

In Windows PowerShell, use the New-VHD cmdlet to create a new virtual hard disk with the following settings: o

Path: C:\Shares\VHDs\Fixed.vhdx

o

Size: 1 GB

o

Type: Fixed size

 Task 2: Explore different virtual hard disk types

MCT USE ONLY. STUDENT USE PROHIBITED

3-26 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

1.

On LON-HOSTx, in File Explorer, browse to C:\Shares\VHDx, and then confirm that Fixed.vhdx allocates 1 GB disk space, while Dynamic.vhdx and Differencing.vhd allocates much less disk space.

2.

Use Hyper-V Manager to add Fixed.vhdx as a SCSI disk to LON-CLx.

3.

Use the Windows PowerShell Add-VMHardDiskDrive cmdlet twice to add both Dynamic.vhdx and Differencing.vhd as SCSI disks to 20409B-LON-CLx.

4.

On LON-CLx, use Disk Management to confirm the following: o

The computer now has multiple disks.

o

The last three disks have 1023 MB (1 GB), 100 GB, and 127 GB.

o

The last disk has two partitions, which are assigned letters E: and F:.

o

The first two disks have only unallocated space.

Note: Those are fixed, dynamically expanding, and differencing virtual hard disks that you added in this task. 5.

Create a Simple Volume with default values on Disk 1.

6.

Create a Simple Volume with default values on Disk 2.

7.

Use File Explorer to confirm that there are multiple folders on volume F:.

8.

Copy folder C:\Windows\Inf to volumes F:, G:, and H:.

9.

On LON-HOSTx, in File Explorer, browse to C:\Shares\VHDx, and then confirm that Fixed.vhdx still allocates 1 GB of disk space, while the size of Dynamic.vhdx and Differencing.vhd has increased. This is because you copied content to them, but they are still allocating less space than Fixed.vhdx.

 Task 3: Manage virtual hard disks 1.

On LON-HOSTx, use the Edit Virtual Hard Disk Wizard to expand Fixed.vhdx to 2 GB.

2.

Use the Edit Virtual Hard Disk Wizard to expand Dynamic.vhdx to 200 GB.

3.

On LON-CLx, use Disk Management to confirm that Disk 1 and Disk 2 have expanded and now have 1 GB and 100 GB of unallocated space. Note that Hyper-V expanded the virtual hard disks while the virtual machine was running.

4.

On LON-HOSTx, use the Windows PowerShell cmdlet Remove-VMHardDiskDrive twice to remove SCSI disks on locations 0 and 1 from 20409B-LON-CLx.

5.

Use the Edit Virtual Hard Disk Wizard to convert Dynamic.vhdx to VHD format, and then save it as C:\Shares\VHDs\Converted.vhd.

6.

On LON-HOSTx, use File Explorer to confirm that Converted.vhd is created, and that that size of Fixed.vhdx is now 2 GB.

 Task 4: Add a directly attached disk 1.

On LON-HOSTx, use the iSCSI Initiator to connect to the target with Lab3 in the name, on the iSCSI target with IP address 172.16.0.14.

2.

Use Disk Management to confirm that the disk is added to LON-HOSTx, and that it has a status of Offline. Make note of its size.

Note: Two disks are added on LON-HOST1. One disk is added on LON-HOST2.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-27

3.

In the Settings for LON-CLx virtual machine, modify the settings of the SCSI Hard Disk to use Physical hard disk.

4.

On LON-CLx, use Disk Management to confirm that Disk 1 displays that it has the same size as the disk that was added to LON-HOSTx, and that it is not initialized. This is directly attached disk that was added to LON-CLx.

5.

Create Simple Volume with default values on Disk 1.

6.

On LON-HOSTx, use the Windows PowerShell cmdlet Remove-VMHardDiskDrive to remove the SCSI virtual hard disks from 20409B-LON-CLx.

7.

On LON-CLx, use Disk Management to confirm that Disk 1 no longer displays.

8.

On LON-HOSTx, use the iSCSI Initiator to disconnect the existing iSCSI target.

Results: After completing this exercise, you should have created and managed virtual hard disks.

Exercise 2: Creating and Managing Virtual Machines Scenario

You were asked to create and demonstrate the differences between Generation 1 and Generation 2 virtual machines. You first will create the virtual machines by using different administrative tools, and then you will review this configuration and modify it. You will also explore how to enable dynamic memory and how virtual machines use it. You will also see how to configure storage for QoS. In the last task, you will configure Integration Services for virtual machines and explore how the time synchronization service works. The main tasks for this exercise are as follows: 1.

Create virtual machines.

2.

Manage virtual machines.

3.

Work with dynamic memory.

4.

Work with storage Quality of Service management.

5.

Configure Integration Services.

 Task 1: Create virtual machines 1.

On LON-HOSTx, use Hyper-V Manager to create a new virtual machine with the following settings: o

Name: LON-VM2

o

Generation: Generation 2

o

Startup Memory: 1024 MB

o

Use Dynamic Memory: Enabled

2.

3.

Use the Windows PowerShell cmdlet New-VM to create a new virtual machine with the following settings: o

Name: LON-VM1

o

Generation: Generation 1

o

Startup Memory: 1 GB

o

Boot Device: IDE

Use the Windows PowerShell cmdlet Add-VMHardDiskDrive to add the C:\Shares\VHDs\Differencing.vhd disk to the IDE Controller of LON-VM1.

 Task 2: Manage virtual machines

MCT USE ONLY. STUDENT USE PROHIBITED

3-28 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

1.

On LON-HOSTx, use Hyper-V Manager to confirm that three types of hardware display in the Add Hardware section in the details pane for LON-VM2. Confirm also that no BIOS, IDE Controllers, COM ports and Diskette Drive display, but Firmware does displays.

2.

Set Hard Drive as the first boot device for LON-VM2.

3.

For LON-VM1, use Hyper-V Manager to confirm that you can add five hardware types to LON-VM1. Confirm also that BIOS, IDE Controllers, COM ports, and Diskette Drive display, but Firmware does not display.

4.

Confirm that you can change Startup order, but you cannot set Secure Boot for LON-VM1. Also, confirm that LON-VM1 is not configured to use Dynamic Memory, and it has a single Network Adapter.

5.

Use the Windows PowerShell cmdlet Set-VM to enable dynamic memory for LON-VM1.

6.

Use the Windows PowerShell cmdlet Add-VMNetworkAdapter to add a network adapter to LON-VM1.

7.

Use Hyper-V Manager to confirm that LON-VM1 is using Dynamic Memory, and that LON-VM1 has two Network Adapters.

 Task 3: Work with dynamic memory 1.

Use Hyper-V Manager to confirm that LON-CLx is configured to use Dynamic Memory.

2.

In Hyper-V Manager, make note of the currently Assigned Memory for the LON-CLx virtual machine.

3.

On LON-CLx, run the following two commands: C:\LabFiles\Mod03 .\TestLimit64.exe –d 400 –c 1

4.

On LON-HOSTx, use Hyper-V Manager to confirm that LON-CLx is using more memory.

5.

Wait a few minutes, and then verify that the Assigned Memory for LON-CLx has decreased.

 Task 4: Work with storage Quality of Service management 1.

On LON-CLx, run the following command: C:\LabFiles\Mod03\sqlio.exe

2.

After the test completes, make note of the IOs/sec result.

3.

On LON-HOSTx, use Hyper-V Manager to select Enable Quality of Service management, type 100 as Minimum and 200 as Maximum for Hard Drive under IDE Controller 0.

4.

On LON-CLx, run the following command again: C:\LabFiles\Mod03\sqlio.exe

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-29

5.

After the test completes, verify the IOs/sec result, and then confirm that it is close to 200, which is the limit you set and that it is considerably lower than the first result.

6.

On LON-HOSTx, in Windows PowerShell, use the cmdlet Set-VMHardDiskDrive to disable Quality of Service management for IDE Hard Disk on 20409B-LON-CLx.

 Task 5: Configure Integration Services 1.

On LON-CLx, open the Services console, and then confirm that Hyper-V Time Synchronization Service is running.

2.

On LON-CLx, verify the local time, and set it to 11:00.

3.

On LON-CLx, verify the local time again, and then confirm that it was set back automatically to its previous value, as Integration Services automatically synchronizes the time on LON-CLx with the time on LON-HOSTx.

4.

On LON-HOSTx, use Hyper-V Manager to disable the Time synchronization Integration Service for LON-CLx.

5.

On LON-CLx, confirm that Hyper-V Time Synchronization Service is not running.

6.

On LON-CLx, set the local time to 11:00. Confirm that the local time is now a few seconds after 11:00, as time on the virtual machine is no longer synchronizing with the Hyper-V host.

7.

Use Device Manager to confirm that the virtual machine is using the Microsoft Hyper-V Video adapter, and several System devices with Hyper-V in their name, including Microsoft Hyper-V Dynamic Memory. All of these virtual devices are provided as part of Integration Services.

8.

On LON-HOSTx, use the Windows PowerShell cmdlet Enable-VMIntegrationService to enable time synchronization for 20409B-LON-CLx.

9.

On LON-CLx, confirm that the time on the virtual machine is synchronized once again with the time on LON-HOSTx.

Results: After completing this exercise, you should have created and managed virtual machines.

Lesson 3

Installing and Importing Virtual Machines

MCT USE ONLY. STUDENT USE PROHIBITED

3-30 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

When you need to install an operating system on a virtual machine, you have more options than when you install an operating system on a physical computer. In both cases, you can use network installation or installation media such as a CD, DVD, or .iso image. However, with virtual machines, you also have the options of importing a virtual machine by using a differencing virtual hard disk and then pointing it to a virtual hard disk with a preinstalled operating system, or by migrating an existing physical computer. In this lesson, you will learn about the different methods of installing an operating system on a virtual machine. You will learn about Virtual Machine Connection and how to customize it. This lesson also describes enhanced session mode and explains its benefits.

Lesson Objectives After completing this lesson, you will be able to: •

Describe the various methods of installing a virtual machine.



Describe the process of importing virtual machines.



Import a virtual machine.



Describe the process of virtualizing a physical computer.



Describe the Virtual Machine Connection application.



Describe enhanced session mode.



Use enhanced session mode.

Virtual Machine Installation Methods After you create and configure a virtual machine, you can install an operating system on it. On a Generation 1 virtual machine, you can install any operating system that does not have specific hardware requirements, including non-Microsoft operating systems. The operating system might not be virtualization-aware. However, on a Generation 2 virtual machine, you can only install Windows Server 2012, 64-bit Windows 8, and newer 64-bit Windows operating systems.

Installing an operating system on a virtual machine is not much different from installing an operating system on a physical computer. However, you can benefit from some virtualization features that are not available with physical computers, such as differencing virtual hard disks. When installing an operating system on a virtual machine, you have the following options: •

Install an operating system from a bootable CD or DVD. A virtual machine can start from physical CD or DVD media that is attached to the Hyper-V host. You should be aware that only one virtual machine can use the physical drive at a time on the Hyper-V host. To use this option, insert the installation media in the Hyper-V host drive, and then start the virtual machine. If you have already

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-31

created the virtual machine, you first will need to capture the physical CD/DVD drive. The virtual machine will start from the physical media, and installation will progress as it would on a physical computer. •

Install an operating system from an .iso file. Installing a virtual machine from an .iso file is very similar to the previous method, the only difference being that it uses an .iso image instead of physical media. The benefit of this method is that multiple virtual machines can use the same .iso image simultaneously.



Install an operating system from a network-based installation server. If you have Windows Deployment Services (DS) on the network, you can use this option to install the operating system on the virtual machines. A Generation 1 virtual machine can start from the network by using PXE only if you configured it with a legacy network adapter, whereas a Generation 2 virtual machine has no such limitations. When the virtual machine starts from the network adapter, the installation procedure is the same as on a physical computer, where you typically have to press the F12 key to connect to Windows DS.



Copy a virtual hard disk file. If you have a virtual machine that already has an operating system, you can copy its virtual hard disk file, and then use the copied disk file for the new virtual machine. This process is similar to cloning physical computers, and you should generalize the virtual hard disk before copying it by running the Sysprep command to avoid duplicate name and security identifier (SID).



Use differencing virtual hard disks. If you have a virtual hard disk with an installed operating system, you can use it as a parent for a differencing virtual hard disk, and then configure the virtual machine to use the differencing virtual hard disk. You should first generalize the parent disk. Keep in mind that you should not modify a parent virtual hard disk after you have connected child differencing virtual hard disks to it. Question: Can you install an operating system on a virtual machine by using a USB flash drive?

Importing Virtual Machines Prior to Hyper-V in Windows Server 2012, if you wanted to move a virtual machine between Hyper-V hosts, you first had to export the virtual machine, copy the exported files to the target Hyper-V host, and then import the virtual machine. If the Hyper-V hosts were configured differently, for example, if they were not configured with the virtual switch with the same name, then the imported virtual machine potentially would not start, or it would not have network connectivity.

In Hyper-V in Windows Server 2012, the same export and import process still works, but the import process has been enhanced considerably, and the export process is no longer required. You can simply copy virtual machine data files between Hyper-V hosts and then run the Import Virtual Machine Wizard at the destination Hyper-V host to import virtual machines. The Import Virtual Machine Wizard detects and fixes more than 40 types of incompatibilities between Hyper-V hosts. It prompts you to provide missing information, such as the location of a parent virtual hard disk or virtual switch to which the virtual machine should be connected, when the appropriate

virtual switch is not available at the destination Hyper-V host. When importing a virtual machine, the Import Virtual Machine Wizard performs the following steps:

MCT USE ONLY. STUDENT USE PROHIBITED

3-32 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

1.

Creates a copy of the virtual machine configuration file as a precaution for an unexpected reboot, for example, because of a power outage.

2.

Validates hardware and compares the information in the virtual machine configuration file with the physical hardware on the target Hyper-V host. For example, consider a scenario in which the source Hyper-V host has 16 processors, and the virtual machine is configured to use all of them. However, the destination Hyper-V host has only eight processors. The wizard will detect such issues.

3.

Compiles a list of incompatibilities. The list identifies which virtual machine settings you should reconfigure to import the virtual machine successfully. For example, if a virtual machine is using a virtual switch that is not available on the target Hyper-V host, you should connect the virtual machine to a different virtual switch. The incompatibilities determine which pages appear next in the wizard.

4.

Displays the relevant pages, one category at a time. The wizard identifies incompatibilities and asks you for the new configuration so that virtual machine settings are compatible with the target Hyper-V host.

5.

Removes the copy of the configuration file. After the wizard finishes running, the virtual machine is imported, and you can start it.

When you are importing virtual machines from previous Hyper-V versions, you should consider the following limitations: •

You cannot start an imported virtual machine from a saved state if it was created on Hyper-V prior to Windows Server 2012 or on a different CPU architecture.



You cannot start an imported virtual machine from a checkpoint if it was created while the virtual machine was running on Hyper-V prior to Windows Server 2012 or on a different CPU architecture.

After the virtual machine import completes, you should update Integration Services on the virtual machine. Simplified Import Overview http://go.microsoft.com/fwlink/?LinkID=386692 Question: Can you import a virtual machine that is configured with 16 processors to a Hyper-V host that has two quad core CPUs?

Demonstration: Importing a Virtual Machine In this demonstration, you will see how to import a virtual machine.

Demonstration Steps 1.

2.

On LON-HOST1, use Hyper-V Manager to import a virtual machine by using the following settings: o

Virtual Machine in Folder: C:\VirtualMachines\LON-EXPORT\

o

Number of virtual processors: 1

o

Connect to Network: External Network

You will receive an error message because the parent virtual hard disk was not found.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-33

3.

In Hyper-V Manager, use the Edit Virtual Hard Disk Wizard to link the C:\VirtualMachines \LON-EXPORT\Virtual Hard Disks\LON-EXPORT.vhd virtual hard disk to the following parent disk: E:\Program Files\Microsoft Learning\Base\Base14A-WS12R2.vhd. Note that this path might differ based on the host machine.

4.

Use Hyper-V Manager to import the LON-EXPORT virtual machine again.

Virtualizing a Physical Computer When you create a new virtual machine in Hyper-V Manager, it contains an empty virtual hard disk by default. However, sometimes you need to create a virtual machine that already has an installed operating system, or you need to convert a physical computer to a virtual machine. To create a new virtual machine with an installed operating system, you can use one of the following options: •

Create a virtual machine and perform the operating system installation.



Create a virtual machine that uses an existing virtual hard disk with a preinstalled operating system.



Create a differencing virtual hard disk that uses a virtual hard disk with a generalized operating system as its parent, and configure a virtual machine to use that differencing virtual hard disk.



Virtualize the content of the existing physical computer.

Remember that Hyper-V does not include virtual-to-physical functionality. Products such as Microsoft System Center 2012 - VMM include real physical-to-virtual machine conversion (P2V conversion) solutions. However, you can still use Hyper-V to move the content of physical disks into the virtual hard disks.

When you create a new virtual hard disk, you can use Hyper-V to duplicate the contents of a physical disk into a new virtual hard disk. Before you use the New Virtual Hard Disk Wizard method of migrating data from a physical disk to a virtual hard disk, you should consider several factors. One of these factors is that the wizard is limited to copying the entire physical disk only, not a volume or a partition. In addition, the wizard should be used only with data disks because migrating physical disks that contain operating systems (boot and system disks) is not supported. Depending on the size of the physical disk, this process can take a considerable amount of time. Once you create the virtual hard disk, you then can add it to the virtual machine and access data on it. Note: You can also create a new virtual hard disk by using the Disk Management or Diskpart tool, attaching a virtual hard disk as a new disk on a Hyper-V host, and then copying the content to the disk.

Disk2vhd

When you want to create a virtual hard disk from the content of a physical disk, including system and boot partitions, you can use the Disk2vhd tool. The Disk2vhd tool is available on the Microsoft website as a free download. When you run Disk2vhd on a physical computer, it will show you the available volumes

that you can convert. The tool uses VSS, which is part of the Windows operating system, to create consistent, point-in-time snapshots and write them into virtual hard disks while the physical computer is running. Disk2vhd v2.0 http://go.microsoft.com/fwlink/?LinkID=386697

MCT USE ONLY. STUDENT USE PROHIBITED

3-34 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

After Disk2vhd creates a virtual hard disk, you can attach it to a virtual machine. If a virtual hard disk contains only data files, you can add it to any virtual storage controller. If you used Disk2vhd to convert a system partition and you want the virtual machine to be able to start from that virtual hard disk, you should add it to the virtual IDE controller of a Generation 1 virtual machine or the virtual SCSI controller of a Generation 2 virtual machine. When you start the virtual machine that is using the virtual hard disk for the first time, the Windows operating system will detect different hardware and will install appropriate drivers automatically. You should not forget to install or update Integration Services on the virtual machine. Note: Remember that the virtual machine has the same identity as the original system; you should not connect it to the same network as the physical computer. Question: Do you need to shut down a physical computer during the P2V conversion process?

The Virtual Machine Connection Application Virtual Machine Connection is a Hyper-V feature that you can use to connect to and manage virtual machines that run on a local or remote Hyper-V host. This tool is installed as part of the Hyper-V role or the Remote Server Administration Tools (RSAT) feature. There are several ways to connect to virtual machines by using Virtual Machine Connection. You can double-click the virtual machine in Hyper-V Manager, or right-click the virtual machine and then click Connect, or run Vmconnect.exe.

Regardless of how you connect, each virtual machine opens in a separate Virtual Connection Manager window, with the name of the virtual machine appearing in the title bar along with the Hyper-V host the virtual machine is running. In this way, you can distinguish between connections.

By default, Virtual Machine Connection connects remotely by using TCP port 2179, which you can modify in the registry at HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization. Virtual Machine Connection uses the Remote Desktop Protocol (RDP) to connect to the Virtual Machine Management service on the Hyper-V host, which listens for incoming connection requests on TCP port 2179. Although Virtual Machine Connection uses RDP to connect to virtual machines, the operating system on the virtual machine does not have to support Remote Desktop connections to connect to the virtual machine. Virtual Machine Connection simply is a shell and uses the same ActiveX control that the Remote Desktop Connection client uses to connect to virtual machines.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-35

You can use Virtual Machine Connection to establish only a single connection to the virtual machine. If a connection is already established and the second user establishes a connection to the same virtual machine, the first user will disconnect and the second user will take over the session. This can cause privacy and security issues because the second user will be able to view the first user's desktop, documents, and applications.

Any user with Console Read or Console Read/Write operations permissions in the authorization policy can connect to the virtual machine. This includes members of Hyper-V Administrators and Administrators groups on the Hyper-V host. You can use the Windows PowerShell Grant-VMConnectAccess and Revoke-VMConnectAccess cmdlets to grant and revoke permissions to a virtual machine. For example, if you want to grant permissions to a user named User1 in the Contoso domain for connecting to a virtual machine named VM1, you could run the following cmdlet: Grant-VMConnectAccess -VMName VM1 -UserName "Contoso\user1"

Question: Do you have to use Virtual Machine Connection if you want to connect to a virtual machine?

Overview of Enhanced Session Mode Hyper-V uses the Virtual Machine Connection application to connect to virtual machines by using RDP. Until Windows Server 2012 R2, Virtual Machine Connection provided only basic redirection of the virtual machine screen, keyboard, and a mouse, similar to how a KVM (Keyboard Video Mouse) switch over IP does. Virtual Machine Connection also historically provided limited copy and paste functionality, which only supported text and not any other content, such as graphics or files. To work around this, you could configure and use Remote Desktop on a virtual machine for a richer experience, but this requires the virtual machine to have network connectivity and uses one of the available Remote Desktop connections on the virtual machine. In addition, the Windows client operating system supports only one Remote Desktop connection.

Virtual Machine Connection in Windows Server 2012 R2 is improved and includes support for enhanced session mode. This functionality has specific requirements. For example, the Hyper-V host policy must allow it, and an enhanced session can be used only with virtual machines that are running supported operating systems. When using enhanced session mode, you get a considerably better experience and the same features as Remote Desktop Services (RDS), but without requiring the virtual machine to have network connectivity or using the Remote Desktop functionality of the guest operating system. With enhanced session mode, you can redirect local drives, printers, USB, and other devices to the virtual machine, and you can use a shared Clipboard, redirected folders, rich copy and paste for copying files or graphics, and redirected sound from virtual machines.

Enhanced session mode depends on RDS in the virtual machine, which is why it is available only when the virtual machine is running a supported operating system. Currently supported operating systems are Windows 8.1 and Windows Server 2012 R2.

Enhanced session mode establishes a Remote Desktop session over VMBus, which is available even when the virtual machine is not connected to the virtual switch, and when connecting to virtual machines that are running on a local or remote Hyper-V host. When you use enhanced session mode for connecting to

MCT USE ONLY. STUDENT USE PROHIBITED

3-36 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

virtual machines, you have access to the entire Remote Desktop experience. This includes configuring the parameters of a session that you can save for future connections to the same virtual machine. You can also sign in to the virtual machine. When you use simple mode, you connect to the virtual machine without having to sign in. You can use enhanced session mode to connect only to virtual machines that are already running. If the virtual machine is turned off, you can connect to it only by using simple mode. You configure enhanced session mode at three different levels. On the Hyper-V host level, you configure Enhanced Session Mode Policy, which controls if the Hyper-V host will allow enhanced session mode connections to virtual machines that are running on this server. At the user settings level, you configure enhanced session mode, which controls whether Virtual Machine Connection will attempt to use enhanced session mode when establishing connections with virtual machines. On the virtual machine level, you can control whether Guest services Integration Service is enabled (in other words, if the virtual machine offers enhanced session mode.) In addition, the operating system in a virtual machine must support enhanced session mode, which means that it must be either Windows 8.1 or Windows Server 2012 R2. Virtual Machine Connection - Enhanced Session Mode Overview http://go.microsoft.com/fwlink/?LinkID=386665 Question: Can you use enhanced session mode to start a virtual machine from a USB device?

Demonstration: Using Enhanced Session Mode In this demonstration, you will see how to use enhanced session mode.

Demonstration Steps 1.

On LON-HOST1, confirm that when Virtual Machine Connection with LON-CL1 opens, your previous session displays.

2.

On LON-HOST1, use Hyper-V Manager to configure Allow enhanced session mode.

3.

Use Hyper-V Manager to connect to 20409B-LON-CL1. Confirm that local drives are redirected.

4.

Confirm that you are not signed in automatically to LON-CL1, and then sign in as ADATUM\administrator, with Pa$$w0rd as the password.

5.

On LON-HOST1, use File Explorer to browse to C:\Windows, and then copy Write.exe.

6.

On LON-CL1, paste Write.exe on the desktop.

7.

On LON-CL1, use File Explorer to confirm that drives from LON-HOST1 are mapped to a virtual machine.

8.

On LON-CL1, confirm that Remote Desktop is disabled.

Lesson 4

Managing Virtual Machine Checkpoints

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-37

A Checkpoint is a Hyper-V feature that you can use to create a point-in-time snapshot of a virtual machine, and then revert to it if needed. In previous versions of Hyper-V, this feature was called a snapshot, and you can still see references to it. The primary benefit of checkpoints in Hyper-V is that you can use them to create hierarchies of changes quickly and easily, and then revert to them at any time. Checkpoints can be quite useful in some scenarios, such as when testing Windows operating system updates. However, you must use checkpoints carefully to avoid issues, especially when reverting virtual machines in distributed environments such as Active Directory Domain Services (AD DS). This lesson describes how to create and work with virtual machine checkpoints.

Lesson Objectives After completing this lesson, you will be able to: •

Describe virtual machine checkpoints.



Explain how Hyper-V implements checkpoints.



Describe checkpoints at file level.



Describe how to export virtual machines and checkpoints.



Work with checkpoints.



Describe issues with checkpoints in distributed environments.



Describe checkpoints and virtual machine Generation ID.

What Are Virtual Machine Checkpoints?

When a virtual machine is running, changes are written to both its memory and virtual hard disk. Checkpoints are a Hyper-V feature that you can use to create a point-in-time snapshot of a virtual machine, including its configuration, memory, and disk state. You can create checkpoints when a virtual machine is running, turned off, or in a saved state, but not when it is in a paused state. You can create multiple checkpoints of a virtual machine and revert it to any of the previous states for which checkpoints exist by applying a checkpoint to the virtual machine. Checkpoints do not affect the running state of a virtual machine, but they can affect virtual machine performance, as they are implemented by using differencing virtual hard disks. Note: Do not edit or modify a virtual hard disk file when it is used by a virtual machine that has checkpoints.

Checkpoints can be useful when you need to revert virtual machines to an earlier state. You can undo all the changes that took place after the specified state, such as those that occurred during testing, development, or in a training environment. Conversely, checkpoints in production environments can cause serious issues, such as losing user data. When running on a virtual machine, Windows Server 2012

works much better at detecting if the virtual machine was reverted, and if so, to avoid issues that this might cause. Some functionality, such as Hyper-V Replica or pooled desktops in VDI deployments, depends on the use of checkpoints.

Creating Checkpoints

MCT USE ONLY. STUDENT USE PROHIBITED

3-38 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

When you create a checkpoint, the result is always the same, irrespective of the method you choose. After you create a checkpoint, you should not modify its files directly on the disk because this could cause problems with the checkpoint or even with the running virtual machine. You can create checkpoints in one of the following ways: •

In Hyper-V Manager, you can highlight a virtual machine, right-click it, and then click Checkpoint, or in the Action pane, click Checkpoint.



You can use Virtual Machine Connection by clicking Checkpoint in the Action menu, or by using the Windows PowerShell cmdlet Checkpoint-VM.

Factors to Consider When you are considering checkpoints, you should be aware of the following factors: •

When you create a checkpoint of a virtual machine, the virtual machine is configured with a differencing virtual hard disk even if it was using a fixed-size virtual hard disk before. Differencing virtual hard disks might perform slower than normal disks because the two files (base and differencing) need to be read from.



If a virtual machine is using directly attached disks, you cannot create checkpoints of those disks because they do not support differencing virtual hard disks.



Checkpoints require additional storage space. If you create a checkpoint of a running virtual machine, it also contains a virtual machine memory snapshot, and taking multiple checkpoints can use up a large amount of storage space.



Although you can use checkpoints to revert a virtual machine to an earlier point in time, you should not consider them backups. Even if you use checkpoints, you should still make regular backups.



If you no longer need a checkpoint, you should delete it immediately. However, this can cause merging of differencing virtual hard disks. Prior to Windows Server 2012, merging of the differencing virtual hard disks happened only after you turned off the virtual machine. In Windows Server 2012 and newer, the merging process happens asynchronously in the background while the virtual machine is running.



A virtual machine is limited to 50 checkpoints. The actual number of checkpoints might be lower, depending on the available storage. Hyper-V Virtual Machine Snapshots: FAQ http://go.microsoft.com/fwlink/?LinkID=386687 Question: Which checkpoint requires more space: a checkpoint of a running virtual machine, or a checkpoint of a virtual machine that is turned off?

Implementing Hyper-V Checkpoints Checkpoints consist of several files that represent the complete state of a virtual machine at a certain moment in the past. Because you cannot modify a previous state, checkpoints are readonly, and you cannot modify one after you create it. You can only view a checkpoint, change its name, or delete it. You use checkpoints to revert virtual machines back to the state they were in when you created the checkpoints.

Creating Checkpoints When you create a checkpoint, Hyper-V performs the following steps in the background:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-39

1.

Pauses the virtual machine.

2.

For each virtual hard disk that the virtual machine is using, Hyper-V creates a differencing virtual hard disk, configures it to use the virtual machine's virtual hard disk as a parent, and then updates virtual machine settings to use the created differencing virtual hard disk.

3.

Creates a copy of the virtual machine configuration file.

4.

Resumes the running of the virtual machine.

5.

Saves the content of the virtual machine memory to disk.

Because the virtual machine is paused before the checkpoint is created, you cannot create a checkpoint of a virtual machine that is in a paused state. As the virtual machine resumes, while the memory is saving to the disk, Hyper-V intercepts memory changes that have not yet been written to the disk, writes the memory pages to the disk, and then modifies the virtual machine memory. Creating a checkpoint can take considerable time, depending on virtual machine memory, Hyper-V host utilization, storage speed, and what is running on the virtual machine. However, the process is transparent, and users who are connected to the virtual machine do not experience any outage.

Virtual Machine Checkpoint Files A virtual machine checkpoint can consist of the following files: •

Virtual machine configuration file (*.xml)



Virtual machine saved state file (*.vsv)



Virtual machine memory content (*.bin)



Checkpoint differencing virtual hard disks (*.avhd)

Hyper-V creates the virtual machine saved state file and the virtual machine memory content file only if a checkpoint is created while the virtual machine is running, and not if the virtual machine is turned off.

The location of virtual machine checkpoint files is configured for each virtual machine, and by default, it is the same location where the virtual machine configuration is stored. When you create the first checkpoint, Hyper-V creates a Snapshots subfolder and stores checkpoint files there. You can modify the location of the checkpoint files only until the first checkpoint is created. After this, the checkpoint file location setting is read-only. You can modify this setting only after deleting all checkpoints or by using live storage migration in Hyper-V Manager (the Move Virtual Machine Wizard).

Using Checkpoints When you select a checkpoint, the following options are available in the Actions pane:

MCT USE ONLY. STUDENT USE PROHIBITED

3-40 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints



Settings. Opens the virtual machine settings that were effective at the moment the checkpoint was created. All of the settings are read-only because you cannot change the configuration that was used in the past. The only settings that you can modify are the checkpoint name and the notes that are associated with the checkpoint.



Apply. Applies a checkpoint to a virtual machine, which means that you want to return the virtual machine to the exact historical state it was in. When you apply a checkpoint, any change in the virtual machine since the last checkpoint was made is lost. Before applying a checkpoint, Hyper-V prompts you to create a new checkpoint to avoid possible data loss.



Export. Exports a virtual machine checkpoint, which will create an exact copy of the virtual machine as it existed at the moment you created the checkpoint.



Rename. Renames the checkpoint to provide better information about the state of the virtual machine when you created the checkpoint. The checkpoint name is independent of the checkpoint content, and by default, it contains the date and time of checkpoint creation.



Delete Checkpoint. Deletes a checkpoint if you no longer want to be able to revert a virtual machine to the state it was in when you created the checkpoint.



Delete Checkpoint Subtree. Deletes the selected checkpoint and any checkpoints that originate from it. Checkpoints that originate from it are listed below it in the Checkpoint pane.

When you right-click a virtual machine with at least one checkpoint, you can also click the Revert option. This returns a virtual machine to the last checkpoint. Question: Can you modify the configuration of a virtual machine checkpoint if you created that checkpoint when the virtual machine was turned off?

Overview of Checkpoints at File Level

When you create a checkpoint of a running virtual machine, Hyper-V creates several files. Some of these files, such as virtual machine configuration, are quite small. Others, such as virtual machine memory content, can be considerably larger, and their sizes depend on the size of the memory that the virtual machine is configured to use. However, the largest in size and the greatest impact on virtual machine performance are the differencing virtual hard disks that checkpoints create. A differencing virtual hard disk is small when you create it, but its size increases through time because it stores all the changes that the virtual machine writes to its virtual hard disk. Of all the disk types that a virtual machine can use, differencing virtual hard disks have the worst performance, and its performance can become even worse when you use multiple levels of differencing virtual hard disks in a hierarchy, such as when you create multiple checkpoints for a virtual machine.

Each time you create a checkpoint, a new differencing virtual hard disk is created and configured to use the previous virtual machine disk as a parent. For example, consider a virtual machine that is configured with a fixed-size virtual hard disk named Disk1.vhd. When you create a checkpoint, a differencing virtual hard disk is created, and it is configured to use Disk1.vhd as a parent. The virtual machine settings are

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-41

updated to use the differencing virtual hard disk as its virtual hard disk. The same sequence repeats when you create a second checkpoint. The only difference is that it uses the previous differencing virtual hard disk as its parent, and the virtual machine now has three virtual hard disks in a hierarchy. All changes that the virtual machine makes are written into the last (differencing) virtual hard disk. If you decide to apply the last checkpoint to the virtual machine, which effectively reverts it to the moment when the last checkpoint was created, the last differencing virtual hard disk will be deleted. All changes that were performed in the virtual machine since the last checkpoint will be lost, and a new differencing virtual hard disk will be created with the same parent as the previous one.

When you no longer need the ability to revert a virtual machine to a first checkpoint, you can delete it. This will delete the virtual machine configuration and virtual memory content from that checkpoint. However, you cannot delete the differencing virtual hard disk that was created at that time—you still need it because the current disk content depends on it. When you delete the first checkpoint, the differencing virtual hard disk will merge dynamically with the fixed parent virtual disk while the virtual machine is running. Note: Prior to Windows Server 2012, Hyper-V would merge virtual hard disks only after the virtual machine was turned off.

If you want to apply the first checkpoint and create a branch, Hyper-V will delete the content of the differencing virtual hard disk that was created during the last checkpoint. You will have the option to create a new checkpoint prior to this. Hyper-V will create a new differencing virtual hard disk that will use a fixed-size virtual hard disk as its parent. You can use checkpoint branches to have multiple different states of the same virtual machine, where each state is independent from the others. When you no longer need the last checkpoint and decide to delete it, you are effectively telling Hyper-V that you no longer need to return to that moment in time. Because no other checkpoint depends on it, if you want to delete the last checkpoint in a hierarchy, Hyper-V can in this case delete all checkpoint files, including the differencing virtual hard disk. Question: If a virtual machine is running and you delete a checkpoint, when will the parent disk merge with the differencing virtual hard disk? Question: How are multiple branches created in a checkpoint tree?

Exporting Virtual Machines and Checkpoints In Hyper-V in Windows Server 2012 and newer, you no longer need to export a virtual machine to be able to import it later. You can simply copy a virtual machine and its files to the new Hyper-V host and then use the Import Virtual Machine Wizard to specify the location of the virtual machine and update its settings, if required. This registers the virtual machine at the target Hyper-V host and makes it available for use. You can also transfer the virtual machine to removable media, and recover virtual machines if the system disk fails, but the data disk that stores the virtual machines is still working.

MCT USE ONLY. STUDENT USE PROHIBITED

3-42 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

In Windows Server 2012 R2, you can perform a live export of a virtual machine or checkpoint. You can export them while the virtual machine is running. In Hyper-V on Windows Server 2012, you first have to save the state or shut down the virtual machine prior to performing the export. When you want to perform an export, you need to specify a location to export the files. Export creates a subfolder and consolidates virtual machine files there. If, for example, a virtual machine uses virtual disks from different locations, after the export, all the virtual disks will be stored in the same folder. If a virtual machine is using differencing virtual hard disks, Hyper-V exports all the parent disks. If multiple virtual machines are exported and they all use the same parent disk, the parent disk is exported for each machine. This can increase the total size of export considerably when you compare it to the size of virtual machines prior to export. When you export a virtual machine, Hyper-V also exports all the checkpoints of that virtual machine. Exporting checkpoint exports only a single point-in-time snapshot of the virtual machine. The exported virtual machine is the exact copy of the virtual machine at the moment you created the checkpoint. If there are additional checkpoints in a hierarchy before the one you are exporting, which means that the virtual machine is using the hierarchy of differencing virtual hard disks, all those differencing virtual hard disks will be merged for the exported virtual machine.

After you import an exported virtual machine (when you export a checkpoint, the virtual machine is exported without a checkpoint), you should update Integration Services on the virtual machine, especially if the target Hyper-V host is running a newer version of Hyper-V. You should also be aware that if the imported virtual machine contains a saved state or a checkpoint that was created when the virtual machine was running, you will have to discard its memory content, if the saved state or checkpoint was created on the Hyper-V host prior to Windows Server 2012, or if the Hyper-V host was running on a different hardware architecture, such as Intel or AMD. You can export a virtual machine or a checkpoint in the Hyper-V Manager console by right-clicking it and then clicking Export. You can also use the Windows PowerShell cmdlets Export-VM and Export-VMSnapshot to export a virtual machine or a checkpoint. Question: Can you export a virtual machine checkpoint on a Hyper-V host that is running on a physical server with Intel processors, and then import it to a Hyper-V host that has AMD processors?

Demonstration: Working with Checkpoints In this demonstration, you will see how to work with checkpoints.

Demonstration Steps 1.

Confirm that LON-VM1 is using the Differencing.vhd virtual hard disk.

2.

Create a checkpoint for LON-VM1.

3.

Start LON-VM1.

4.

Complete the setup by clicking Next, and then clicking I accept.

5.

On the Settings page, provide the password Pa$$w0rd.

6.

Sign in as Administrator by using the password Pa$$w0rd.

7.

Confirm that LON-VM1 is now using a virtual hard disk with a GUID in its name.

8.

On LON-VM1, create a folder named Folder1 on the desktop.

9.

Create a checkpoint for LON-VM1, and name it Folder1.

10. On LON-VM1, create a folder named Folder2 on the desktop.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-43

11. On LON-HOST1, use the Windows PowerShell cmdlet Checkpoint-VM to create a checkpoint for LON-VM1, and name it Folder2. 12. Use the cmdlet Get-VMSnapshot to view existing checkpoints for LON-VM1. 13. Use Hyper-V Manager to confirm that LON-VM1 has three checkpoints. Apply the Folder1 checkpoint. 14. On LON-VM1, confirm that there is only one folder named Folder1 on the desktop. 15. On LON-VM1, on the desktop, create a folder named Folder1.1. 16. Use Hyper-V Manager to create a checkpoint for LON-VM1, and then rename it Folder1.1.

17. On LON-HOST1, use File Explorer to browse to C:\Shares\Snapshots, and then confirm that there are four .xml files and four subfolders.

18. Confirm that the size of the oldest folder in the details pane is 0. This is because the first checkpoint was created when LON-VM1 was turned off. 19. Confirm that each of other folders have larger sizes, as the other checkpoints were created while LON-VM1 was running.

Issues with Checkpoints in Distributed Environments Checkpoints are point-in-time snapshots of a virtual machine. When you apply a checkpoint, you effectively revert the virtual machine back to the moment when you created the checkpoint. Depending on the virtual machine’s role and the applications that are installed on it, taking a virtual machine back to a previous checkpoint can have disastrous implications and might result in data corruption. The following two types of applications can be negatively affected when you take a virtual machine back in time: •

Cryptographic applications. Windows provides API functions that generate random values with a high level of entropy. The checkpoint captures the logic for creating these random values when you create a checkpoint, and this can severely reduce the entropy of the random data. For example, consider the generation of GUIDs. When the GUID value generates, it should be unique and never repeated. However, if you request a GUID immediately after applying a checkpoint, there is a high probability that a duplicate GUID value will generate each time the checkpoint is applied.



Applications that use vector-clock synchronization. Applying a checkpoint to a virtual machine can corrupt applications that use vector-clock synchronization. Examples of such applications are AD DS, Distributed File System (DFS) Replication, and Microsoft SQL Server replication. For these applications to work, each member of a replica set must maintain a monotonically increasing logical clock. When you apply a checkpoint, it reverts back the logical clock on the virtual machine, causing clock values to associate to different transactions. As a result, members of the replica set will not converge to the same state, thereby causing data corruption.

A checkpoint contains an exact snapshot of a virtual machine. Applications that run on a virtual machine have no knowledge of checkpoints and have no way of detecting when you create or apply a checkpoint

MCT USE ONLY. STUDENT USE PROHIBITED

3-44 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

to a virtual machine. When you apply the checkpoint, you also undo all the changes in a virtual machine that you made after creating the checkpoint. This can result in data loss and reversal of passwords to their previous values. Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100) http://go.microsoft.com/fwlink/?LinkID=386693 Question: Can you prevent checkpoint creation from inside a virtual machine?

Checkpoints and Virtual Machine Generation ID To address situations in which virtual machines are reverted back to a previous checkpoint, Hyper-V in Windows Server 2012 uses the virtual machine Generation ID feature. Generation ID is a 64-bit integer value that is associated with an instance of a virtual machine configuration file. Every checkpoint has its own configuration file, which also means that it has a different Generation ID value. The Generation ID value is accessible to the operating system through the virtual machine BIOS, and it is unique across all virtual machine configurations. An application in a virtual machine can read the Generation ID value when the virtual machine starts or resumes and then compare it with the last value of which the application is aware. If both values are the same, the state of the virtual machine did not change. For example, the virtual machine was not cloned and a checkpoint was not applied, so the application can continue to run normally.

If the previous and current Generation ID values are different, this means that the virtual machine identity is not the same. This can be the result of different actions, such as creating a new virtual machine and attaching it to a virtual hard disk with an installed operating system, restoring a system backup to a different virtual machine, or applying the checkpoint to the existing virtual machine. When the application detects a change in Generation ID, it should consider that it is running in a different virtual machine and act accordingly. For example, when AD DS detects a change in Generation ID value, it updates its InvocationID value and effectively modifies the identity of the domain controller. To use the virtual machine Generation ID from inside a virtual machine, the following prerequisites apply: •

The virtual machine must be running on a hypervisor that implements support for virtual machine Generation ID. Several virtualization platforms meet this requirement, including Windows 8, Windows Server 2012, and newer Windows operating systems, and VMware vSphere 5.0 update 2 and newer.



The virtual machine must be running an operating system that is aware of and is using Generation ID. Windows 8, Windows Server 2012, and newer Windows operating systems meet this requirement: o

If a virtual machine has Integration Services installed from Windows 8 or Windows Server 2012, applications on other operating systems such as Windows Server 2008 Service Pack 2 or Windows 7 Service Pack 1 can also read the Generation ID value. These older operating systems are not Generation ID–aware, but applications that are running on the virtual machine can still read the Generation ID value.

Note: The Generation ID value is projected into a virtual machine through an emulated BIOS device, and Integration Services presents it as a Hyper-V Generation Counter. Because of this, operating systems on a virtual machine can access the Generation ID value only if it has Integration Services installed from Windows 8, Windows Server 2012, or newer. Actions that will cause the Generation ID to change include: •

The virtual machine starts from a checkpoint.



The same checkpoint is applied multiple times.



The virtual machine is restored from a backup.



The virtual machine is migrated by using System Center 2012 - VMM (Export and Import).



The virtual machine is imported.

Actions that will not cause the Generation ID to change include: •

The virtual machine is live-migrated.



The virtual machine is paused or resumed.



The virtual machine is restarted.



The Hyper-V host is restarted. Note: Virtualized domain controller cloning takes advantage of the Generation ID feature.

For more information, refer to the Virtual Machine Generation ID paper from the following website: Microsoft Download Center http://go.microsoft.com/fwlink/?LinkId=260709 Virtual machine generation identifier http://go.microsoft.com/fwlink/?LinkID=386685 Question: Can you use Generation ID in a Windows Server 2008 R2 virtual machine?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-45

Lesson 5

Monitoring Hyper-V

MCT USE ONLY. STUDENT USE PROHIBITED

3-46 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Monitoring your virtualization environment is important. You are most likely already familiar with the monitoring tools included with Windows Server 2012 R2, but you should remember that not all of them are virtualization-aware. Only Performance Monitor can provide you with real performance data, and when you install the Hyper-V role, many additional performance counters are added to Performance Monitor. If you are more interested in chargeback data, you should enable and use resource metering, which is included with Hyper-V in Windows Server 2012 and newer Windows Server operating systems.

Lesson Objectives After completing this lesson, you should be able to: •

Describe performance monitoring.



Explain different aspects of monitoring a Hyper-V host.



Describe virtual machine monitoring.



Use Performance Monitor to monitor Hyper-V.



Describe Hyper-V resource metering.

Overview of Performance Monitoring Every application that runs on a server, including the operating system itself, uses system resources. Performance monitoring is the process of capturing and analyzing data on how resources, including memory, processors, disks, and networks, are used. Regular performance monitoring ensures that you have up-to-date information on how your server is operating. Performance data helps you recognize trends, detect performance issues, and optimize system resource usage. When you are troubleshooting system problems, performance data provides an insight into the behavior of system resources at the time the problem occurs. It also helps you decide when to upgrade the server, and then determine whether the upgrade improved the server’s performance. Windows Server 2012 R2 includes the following tools for monitoring system performance: •

Task Manager. Task Manager displays real-time monitoring data for a local server. You can view information related to running processes, performance data, resource use by connected users, and detailed information on running processes and Windows Server services. You can customize Task Manager, for example, to configure update speed or view additional details of running processes. You can also start new tasks, disconnect users, and end tasks from the Task Manager.

Task Manager is often the first tool to use when performance-related problems occur. For example, you might examine the running processes in Task Manager to determine if a particular program is using excessive CPU resources. However, Task Manager only shows real-time utilization for the local server. You cannot use it to monitor remote servers or to store performance data.

Note: The Performance tab in Task Manager shows overall CPU utilization. If you want to view individual processor utilization on a multiprocessor server, you must change the graph to the Logical Processor view.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-47



Resource Monitor. Resource Monitor provides an in-depth look at real-time performance for a local server. You can use it to monitor the use and performance of CPU, disk, network, and memory. By using Resource Monitor, you can identify and resolve resource conflicts and bottlenecks. By expanding the monitored elements, you can identify which processes are using which resources. Resource Monitor shows only real-time utilization for a local server.



Event Viewer. You can use Event Viewer to work with Windows events. Events are collected in event logs and can occur locally, or they can be collected from remote computers. Events include information, warnings, and errors on Windows components and installed applications. Events also include performance events, such as a disk is almost full. You can filter events, create custom views, and attach tasks to the events.



Reliability Monitor. Reliability Monitor provides an historical view of server reliability and problem history. It assesses server stability on a scale from 1 to 10 and can show you hardware and software problems that impacted the server during a specific period. If you want Reliability Monitor to start collecting data, you first must enable the RACTask scheduled task.



Performance Monitor. This is the most robust and complete monitoring tool in Windows operating systems. You can use it to view real-time performance for local and remote servers and to store and view historical data, which is gathered by using data collector sets. In Performance Monitor, you can also create performance counter alerts, which generate alerts and start tasks when the performance counter is either less than or more than the specified value. You can monitor operating system performance through performance objects and counters in the objects. When you install an additional role, for example, Hyper-V, additional performance objects are added in Performance Monitor.

Each server role uses processor, memory, disks, and networks, but it uses them differently. Performance counters that are relevant for monitoring servers are different, based on the server roles. For example, you should monitor different performance counters on a file server than on a Hyper-V host or a domain controller. Note: Microsoft System Center 2012 R2 - Operations Manager provides infrastructure monitoring, alerts, and reporting for an enterprise environment.

For more information, refer to the Performance Tuning Guidelines for Windows Server 2012 paper from the following website: Microsoft Download Center http://go.microsoft.com/fwlink/?LinkID=285313 Question: Which of the monitoring tools in Windows Server 2012 R2 must you first enable to provide you with data after at least a few hours?

Monitoring a Hyper-V Host Although Windows Server 2012 R2 includes several tools for monitoring system performance, not all of them are appropriate for monitoring Hyper-V host performance. Tools such as Task Manager and Resource Monitor are not virtualization-aware. As such, they only display utilization of the resources that are available inside the virtual environment in which they run, either the virtual machine or parent partition. For example, a Hyper-V host can have the processor at 60 percent utilization, but the Task Manager in the parent partition is aware of and displays only 10 percent utilization because virtual machines use most of the processor resources.

MCT USE ONLY. STUDENT USE PROHIBITED

3-48 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

You should use Performance Monitor to monitor Hyper-V host performance. You can monitor memory, disk, and network performance on the Hyper-V host in the same way, and by using the same performance counters as on any other server. For example, you can monitor: •

Disk latency by using the \Logical Disk(*)\Avg. sec/Read and \Logical Disk(*)\Avg. sec/Write Performance Monitor counters. These performance counters measure the time that read and write operations take to respond to the operating system. Requests from virtual machines and the parent partition affect this counter. If one virtual machine accesses the disk heavily, this will increase disk latency.



Available memory by monitoring the \Memory\Available MBytes Performance Monitor counter on the Hyper-V host. This counter reports the amount of available physical memory in the parent partition. When a virtual machine starts, its memory is no longer available for the parent partition and is subtracted from this counter value. You can use the following two counters to provide you with better insight into available memory to the Hyper-V host:



o

\Memory\Available Mbytes. This counter measures the amount of available physical memory to processes that are running in the parent partition, expressed as a percentage of total physical memory.

o

\Memory\Pages/sec. This counter measures the rate at which pages are read and written to disk to resolve hard page faults. To resolve hard page faults, the Hyper-V host must swap the contents of memory to disk. A high value for this counter in correlation with low available physical memory might indicate insufficient physical memory on the Hyper-V host.

Network utilization on the Hyper-V host by using \Network Interface(*)\Bytes Total/sec and \Network Interface(*)\Output Queue Length Performance Monitor counters.

Processor utilization on a Hyper-V host is measured differently than on a physical server. On a physical server, you would monitor processor utilization by using the \Processor(*)\% Processor Time Performance Monitor counter. However, on the Hyper-V host, this counter is not appropriate, because the parent partition is treated as another virtual machine. Therefore, this counter monitors utilization of available processor resources for the parent partition, not the entire physical Hyper-V host. To monitor total processor utilization on the Hyper-V host, which includes parent partition and virtual machines, you should use the \Hyper-V Hypervisor Logical Processor(_Total)\% Total Run Time Performance Monitor counter. This counter measures the total percentage of time spent by the processor for running the Hyper-V host and all the virtual machines on the Hyper-V host.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-49

You can use the following Performance Monitor counters to monitor processor usage on a Hyper-V host: •

Hyper-V Hypervisor\Partitions. Monitors the number of virtual machines.



Hyper-V Hypervisor\Logical Processors. Monitors the number of logical processors.



Hyper-V Hypervisor\Virtual Processors. Monitors the number of virtual processors.



Hyper-V Hypervisor Logical Processor\% Total Run Time. Monitors the total non-idle time of the logical processors.



Hyper-V Hypervisor Logical Processor\% Hypervisor Run Time. Monitors the non-idle time of the logical processors for the Hyper-V host only.



Hyper-V Hypervisor Root Virtual Processor. Monitors processor utilization for the host (Hyper-V host) operating system only. Question: Can you use Performance Monitor in virtual machines to monitor Hyper-V host performance?

Monitoring Virtual Machines

If you want to monitor virtual machine performance, you should be aware that Hyper-V counters are not available in Performance Monitor, which is running on the virtual machine. The monitoring tools on a virtual machine are not aware that they are running inside of a virtual environment. Although the virtual machine is allocated only part of the Hyper-V host resources, monitoring tools that are running on the virtual machine see them as complete resources because they would be running on a physical server. Task Manager on the virtual machine, otherwise known as the \Processor(*)\% Processor Time Performance Monitor counter, reports processor utilization relative to the number of processors allocated to the virtual machine. If you add more processors to the virtual machine, the value reported for the \Processor (*)\% Processor Time Performance Monitor counter will be lower, even if processor utilization of the Hyper-V host is an issue. This happens because virtual processors use the physical processors in a round robin fashion, and each virtual processor is allocated a share of the overall system processor resources. In a physical four-processor system with virtual machines that utilize four virtual processors, each virtual processor will be able to use 25 percent of the physical processor resources. If eight virtual processors are used on the same Hyper-V host, for example, if there are four virtual machines with two processors each, the combined virtual processors will attempt to use 200 percent of the physical processor capacity. In such an environment, each virtual processor will report low \Processor(*)\% Processor Time utilization because utilization is low for the level it expects. Excessive context switching between virtual processors will result in poor performance for each virtual machine. On a Hyper-V host, you have Hyper-V hypervisor performance counters to monitor the performance of both logical and virtual processors. A logical processor correlates directly to the number of processors on the physical server. For example, single quad core processors correlate to four logical processors. Virtual machines use virtual processors to execute the code. The virtual processors perform all the execution in the parent partition and the virtual machines.

MCT USE ONLY. STUDENT USE PROHIBITED

3-50 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

You can use processor settings for the virtual machine to configure resource control and limit the processor resources that the virtual machine can use. In the Resource control section, you can configure the following settings: •

Virtual machine reserve (percentage). Use this setting to reserve a certain portion of the Hyper-V host processor resources for the virtual machine. By configuring this setting, you can ensure that the virtual machine will always have at least that part of processor resources available to it. By default, the virtual machine reserve is set to 0, which means that no processor resources are reserved.



Virtual machine limit (percentage). This setting limits processor resources that are available to the virtual machine and prevents it from consuming an excessive amount of processor resources.



Percent of total system resources. This setting is read-only, and its value is set based on the virtual machine limit, number of virtual processors, and the number of physical processors in the Hyper-V host. For example, consider a virtual machine that is allowed to use 100 percent of the processor, has a single virtual processor, and four physical processors in the Hyper-V host. In this case, the percentage of total system resources is set to 25, because 100 percent utilization of one processor is equal to 25 percent utilization of total Hyper-V processor resources.



Relative weight. Virtual machines with higher relative weights receive more processor time, and virtual machines with lower relative weights receive less processor time. By default, all virtual machines are assigned a relative weight of 100. Question: How can you limit processor resources that a virtual machine can use?

Demonstration: Using Performance Monitor to Monitor Hyper-V In this demonstration, you will see how to use Performance Monitor to monitor Hyper-V.

Demonstration Steps 1.

On LON-HOST1, start Performance Monitor, and then add the following counters: o

Hyper-V Hypervisor Virtual Processor\% Guest Run Time for LON-CL1 instance

o

Hyper-V Virtual Storage Device\Read Operations/sec for the instance that refers to 20409B-LON-CLx

o

LogicalDisk\Disk Reads/sec for the C: instance

2.

Set Scale Selected Counters for Disk Reads/sec and Read Operations/Sec.

3.

On LON-CL1, run C:\LabFiles\Mod03\sqlio.exe in Windows PowerShell.

4.

On LON-HOST1, use Performance Monitor to follow how disk access increased in virtual machine and on the Hyper-V host while sqlio.exe is running on the virtual machine.

5.

On LON-CL1, run C:\LabFiles\Mod03\Cpustres.exe in Windows PowerShell.

6.

In CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread Priority to Highest and Activity to Busy.

7.

On LON-HOST1, use Performance Monitor to follow how processor utilization in a virtual machine and on Hyper-V increases.

8.

On LON-HOST1, use Hyper-V Manager to view CPU Usage for the LON-CL1 virtual machine.

9.

Set Virtual machine limit (percentage) for LON-CL1 to 10.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-51

10. Use Hyper-V Manager to confirm that CPU Usage for the LON-CL1 virtual machine is considerably lower. 11. On LON-CL1, close CPU Stress and Task Manager.

Resource Metering in Hyper-V

In a virtualized environment, you often need data on resources that are used by virtual machines in a given period. For example, you might need resource data so that you can charge back the business units that are using them. When you create a virtual machine, you configure it with processors, memory, disks, and network adapters. It would be misleading to provide chargeback data based only on virtual machine configuration because resources that are used by virtual machines change through time. For example, virtual machine memory utilization is between the minimum and maximum RAM configured when dynamic memory is used, processor utilization varies depending on load, and the size of dynamically expanding disks increases until it reaches its configured maximum size. Performance Monitor can provide real-time information on resources that virtual machines use, but the tool is not practical for providing chargeback data. Hyper-V in Windows Server 2012 includes resource metering, a feature that you can use to monitor resource consumption over time, per virtual machine or resource pool. Resource pools are logical containers that collect resources of the virtual machines that one business unit uses. When you use resource pools, you can enable resource metering and query on resource use in the same way as for a single virtual machine. Resource metering works with all Hyper-V operations. The movement of virtual machines between Hyper-V hosts, for example, by using live migration, does not affect the data collection process. The following cmdlets are used for resource metering: •

Enable-VMResourceMetering. Enables resource metering for a virtual machine.



Disable-VMResourceMetering. Disables resource metering for a virtual machine.



Reset-VMResourceMetering. Resets resource metering counters for a virtual machine.



Measure-VM. Displays resource metering data for a virtual machine.



Measure-VMResourcePool. Displays resource metering data for a resource pool.

For example, you can enable resource metering and view all of the resource metering data for the LON-DC virtual machine by running the following cmdlets: Get-VM -Name LON-DC | Enable-VMResourceMetering Get-VM –Name LON-DC | Measure-VM

Resource metering in Hyper-V collects and reports on the following resource use data: •

Average CPU use. The average CPU, in megahertz (MHz), that a virtual machine uses over a period.



Average memory use. The average physical memory, in MB, that a virtual machine uses over a period.

MCT USE ONLY. STUDENT USE PROHIBITED

3-52 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints



Minimum memory use. The lowest amount of physical memory, in MB, assigned to a virtual machine over a period.



Maximum memory use. The highest amount of physical memory, in MB, assigned to a virtual machine over a period.



Maximum disk allocation. The highest amount of disk space capacity, in MB, allocated to a virtual machine over a period.



Incoming network traffic. The total incoming network traffic, in MB, for a virtual network adapter over a period.



Outgoing network traffic. The total outgoing network traffic, in MB, for a virtual network adapter over a period.

Before you can obtain data on resources that are used by virtual machines, you first must enable resource metering. You can use Windows PowerShell to enable resource metering and retrieve collected data. Windows Server 2012 R2 does not include a graphical reporting tool on virtual machine resource utilization, but you can use one of the non-Microsoft tools, or develop your own tool.

Lesson 6

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-53

Designing Virtual Machines for Server Roles and Services

You can use Hyper-V Manager to manage multiple Hyper-V hosts, but it is not the optimal tool when you have to manage an enterprise environment. The Hyper-V module for Windows PowerShell is a better tool when you need to automate operations or perform repetitive tasks on multiple servers. However, not all administrators like to work with a command shell. For environments with multiple Hyper-V hosts, System Center 2012 - VMM is the recommended tool, although, you must obtain it separately.

Hyper-V does not support the concept of templates, but copying a virtual hard disk that has an installed operating system or the use of differencing virtual hard disks can achieve similar results. By using that approach, companies can create libraries of virtual disks with different operating systems and applications and then use them as templates. In this lesson, you will learn about recommendations for running domain controllers, Microsoft SQL Server, and Microsoft Exchange Server on virtual machines.

Lesson Objectives After completing this lesson, you will be able to: •

Plan Hyper-V host management.



Plan virtual machine management.



Design virtual machines for a domain controller.



Design virtual machines for SQL Server.



Design virtual machines for Exchange Server.

Planning Hyper-V Host Management Hyper-V hosts are the infrastructure for running virtual machines. It is important that you carefully plan and deploy a standard server configuration, configure high availability, implement remote management, and regularly monitor the infrastructure. Consider the following best practices for configuring and administering Hyper-V hosts: •

Simplify and standardize the platform on which you will deploy server virtualization. Use a standard configuration for the operating system and Hyper-V to make it easier to deploy and manage the environment. Automate the deployment and use the latest version of Windows Server 2012 because it provides new and improved features.



Use a Server Core installation (or better yet, Microsoft Hyper-V Server 2012 R2) for Hyper-V hosts. A Server Core installation has fewer components than the full server installation, which means that there are fewer components to update and less overhead. A Server Core installation also provides the same virtualization features and remote management as a GUI installation of Windows Server 2012 and Windows Server 2012 R2.

MCT USE ONLY. STUDENT USE PROHIBITED

3-54 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints



Servers that you will use for virtualization should have only the Hyper-V role installed to minimize overhead and the potential attack surface. If you plan to implement a highly available environment, you should also consider installing failover clustering and multipath I/O features.



Test and apply updates to Hyper-V hosts. This includes hardware updates (for example, firmware updates), and Microsoft updates. Always test updates before deploying them in a production environment.



Implement shared storage and high availability. Shared storage is required for high availability, and you can use SAN or SMB 3.0 file shares for shared storage. A highly available virtualization infrastructure is critical, for which you should implement Hyper-V failover clusters.



Monitor performance to optimize and manage server utilization. Server workloads change over time, and you must ensure that the Hyper-V host is not overused.



Automate and standardize administration of the Hyper-V host environment. Large organizations might have hundreds of Hyper-V hosts, and the only way to manage them efficiently is to standardize deployment and then automate management tasks. To do so, you can: o

Standardize the Hyper-V configuration. For example, consider using the same path for storing virtual machines, and create virtual switches with the same name on all Hyper-V hosts.

o

Join Hyper-V hosts to the domain unless your security policy states differently. Domain membership makes it possible to centralize the management of policies for identity, security, and auditing. Hyper-V hosts must be domain members if you want to create a Hyper-V failover cluster.

o

Implement remote management. Administering servers locally is not practical, for example, when they are running a Server Core installation or Hyper-V Server, or you do not have physical access to them. You can use remote management to centralize administration and automate procedures.

o

Use Windows PowerShell whenever possible. You can use Windows PowerShell cmdlets and scripts to manage Hyper-V hosts. Windows PowerShell is installed by default, and you can use it to automate and standardize administration.

o

Consider implementing VMM, which provides tools for simplifying administrative tasks to manage a large virtualization environment. For example, a company can use VMM to store templates and to automate virtual machine deployment.

Windows Server 2012 Hyper-V Best Practices (In Easy Checklist Form) http://go.microsoft.com/fwlink/?LinkID=386657 Question: How can you standardize Hyper-V host management?

Planning Virtual Machine Management By now, you should be aware that when working with virtual machines, you can perform complete administration by using Hyper-V Manager and Windows PowerShell. However, when you have more than a few Hyper-V hosts and several virtual machines to manage, you should try to standardize and automate administration as much as possible. This implies that you should use standard configurations, scripting, and enterprise management tools such as VMM, if possible. However, even without standardization, and by using only tools that are part of Windows Server 2012 R2, it is possible to achieve a level of automation.

Virtual Machine Templates

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-55

Virtual machine templates are beneficial when you want to standardize virtual machine configurations and make their deployment as fast as possible. Unfortunately, Hyper-V does not understand the concept of templates. However, you can mimic virtual machine templates by storing virtual hard disks with a generalized installation of an operating system in a library, which can be a shared folder. You can then copy the appropriate virtual disk for each new virtual machine that you create. In test environments, you can even create differencing virtual hard disks and point them to use the same parent disk. By doing so, you will reduce storage space by many gigabytes, but the downside will be inferior performance.

Windows PowerShell

When you create new virtual machines, you should provide them with appropriate virtual hardware, which can be based on the recommendations for the physical servers. Multiple virtual machines run on the same Hyper-V infrastructure, but you should be careful not to oversubscribe processor resources because it can result in poor performance. Some applications, such as Exchange Server or SQL Server, are only supported if the P2V conversion processor ratio is 1:2 or lower. To avoid creating virtual machines with the same configuration manually, and if VMM is not an option, you should use Windows PowerShell for virtual machine creation and for other administrative tasks.

Operating System

If possible, use the latest Windows Server operating system when building virtual machines because it provides new and improved features such as Generation ID for detecting when a checkpoint was applied. Newer Windows operating systems (Windows Server 2008 R2 and newer versions, and Windows 7 and newer versions) also include Integration Services, and virtual machines should always run the latest version of integration services.

Monitoring

It is important that your virtualization infrastructure is not overused and that virtual machines have enough available resources. In smaller environments, you should implement monitoring by using Performance Monitor. In enterprise environments, you should also use Operations Manager. Remember that if you are using both products, Operations Manager can integrate with VMM, and System Center components must be implemented in your environment. Question: How can you use Hyper-V Manager to create a virtual machine with four processors, two virtual hard disks, and two network adapters?

Designing Virtual Machines for a Domain Controller When planning virtual machines for a domain controller, you should follow the same recommendations as for other virtual machines. However, several recommendations and best practices are specific to virtualized domain controllers. The following list includes some of these best practices:

MCT USE ONLY. STUDENT USE PROHIBITED

3-56 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints



Avoid a single point of failure. You should always have at least two domain controllers for a domain, and when virtualized, they should be running on different physical servers.



A Hyper-V host should be just as secure as a domain controller. A Hyper-V administrator has full permissions in a virtualization infrastructure and could potentially perform an elevation-of-privilege attack. Such an attack could compromise all virtual machines, domains, and forests that Hyper-V is hosting: o

If a Hyper-V host is a domain member in a domain for which it hosts virtual domain controllers, then domain administrators have administrative permissions on the Hyper-V host.

o

Consider applying different Group Policy Objects to your Hyper-V hosts and to your domain controllers to secure them both.



The virtual hard disk of a virtualized domain controller is equivalent to the physical hard drive of a physical domain controller. It stores important identity data, and you should protect it just as you protect the disks of physical domain controllers.



Avoid using differencing virtual hard disks for a domain controller. They have more overhead than other disk types, and they provide slower performance.



Avoid using checkpoints for domain controllers. If a domain controller is running an operating system prior to Windows Server 2012, you should not use checkpoints at all, because they can cause an update sequence number (USN) rollback. Domain controllers that run Windows Server 2012 or newer detect that a checkpoint was applied by monitoring the Generation ID and resolve the USN rollback situation.



Disable time synchronization of a virtual domain controller with a Hyper-V host. Windows Time Service has its own algorithm for time synchronization within a domain. You should only disable the time synchronization service, but still use other Integration Services.



Store AD DS files on a different virtual hard disk than the operating system, and connect that virtual hard disk to the virtual SCSI controller. Virtual hard disks that are attached to a virtual SCSI controller provide better performance than virtual hard disks that are attached to a virtual IDE controller. They also support additional functions such as forced unit access. Forced unit access ensures that the operating system writes and reads data directly from the disk and bypasses all caching mechanisms.



Windows Server 2012 includes virtualization-safe capabilities and enables faster deployment of virtual domain controllers by using cloning. Running Domain Controllers in Hyper-V http://go.microsoft.com/fwlink/?LinkID=386696

Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100) http://go.microsoft.com/fwlink/?LinkID=386693

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-57

Active Directory Virtualization Safeguards and Domain Controller Cloning with Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=386679 Question: How can you disable virtual domain controller time synchronization in a Hyper-V virtual machine?

Designing Virtual Machines for SQL Server Virtual machines for SQL Server should follow similar best practices as virtual machines for any other server load. For example, you should always install the latest version of Integration Services because it improves I/O throughput and decreases CPU usage of virtual machines. You should also avoid using emulated devices because they can cause significant CPU overhead. When configuring a virtual machine for SQL Server, you should also consider the following recommendations: •

SQL Server should have sufficient resources. Memory and processors are the most critical resources. Allocate SQL Server enough memory so that it can handle the expected loads. Do not overcommit processors. Minimize background activities and services, and do not install any additional applications on the SQL Server virtual machine.



Hyper-V on Windows Server 2012 provides considerably better scalability than older versions, and SQL Server can better take advantage of that scalability.



Use fixed-size virtual hard disks or directly attached disks for SQL Server. Do not use dynamically expanding or differencing virtual hard disks.



Do not use checkpoints on a SQL Server virtual machine. Checkpoints can cause significant issues, including slower performance and data loss.



Ensure high availability for SQL Server. You can use different features to ensure high availability for SQL Server, such as Hyper-V failover clustering, guest clustering, and AlwaysOn Availability Groups.



Attach the SQL Server virtual hard disks to the Virtual SCSI controller for more flexibility.



If you use virtual Fibre Channel, use Multipath I/O (MPIO) inside the virtual machine to ensure resilient connections from the virtual machine to storage.



Monitor performance of the Hyper-V host on which the SQL Server virtual machine is running, in addition to the performance of the virtual machine.



Consider using SQL optimization for better performance. The database administrator will most likely perform this tuning, which includes the following: o

Configure SQL Server to use large page allocations (/T834 startup flag) to reduce memory overhead.

MCT USE ONLY. STUDENT USE PROHIBITED

3-58 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

o

Set Max Worker Threads to the number of maximum concurrent user connections.

o

Consider dynamic memory to reduce I/O overhead.

o

Grant user rights for Lock pages in memory to the SQL Server service account. This helps when dynamic memory is trying to reduce the virtual machine memory because it will prevent Windows Server from paging out a large amount of buffer pool memory.

o

Set the SQL Server processor affinity mask to isolate system resources for the SQL Server instance from other SQL Server instances, or other applications that are running on the same virtual machine.

o

Set a fixed amount of memory for the SQL Server process to use. About three percent of the total available memory is used for the system, and another one percent is used for memory management structures. Use the following equation to calculate the total memory to be used by SQL Server: Memory – (1%memory * (NUMA_nodes)) – 3%memory – 1GB

SQL Server 2012 supports cloning by using the System Preparation Tool (Sysprep). You can use Sysprep to install SQL Server on a virtual machine, generalize the operating system, and use it as a template when creating new virtual machines. By using this approach, you can create a new virtual machine that has SQL Server installed, which is considerably faster than if you installed it again. Best Practices for Virtualizing and Managing SQL Server http://go.microsoft.com/fwlink/?LinkID=386683 Install SQL Server 2012 Using SysPrep http://go.microsoft.com/fwlink/?LinkID=386684 Question: Can you only use virtual hard disks attached to a virtual SCSI controller for a SQL Server virtual machine?

Designing Virtual Machines for Exchange Server When designing virtual machines, you should be aware that with Exchange Server 2013, all of the Exchange Server roles, including the Unified Messaging server role, are supported in the virtual environment. This enables you to virtualize the entire Exchange Server infrastructure. When virtualizing Exchange Servers, you should consider the following guidelines: •

The Hyper-V host should not have any other role and should not run any other application, such as SQL Server, AD DS, or Exchange Server. You should install only management software, such as antivirus software, backup agents, or virtual machine management software on the Hyper-V host.



Hyper-V in Windows Server 2012 R2 does not enforce a limit on the virtual processor-to-logical processor ratio. You can have as many virtual processors used by virtual machines as the physical hardware allows. Exchange supports a physical-to-logical processor ratio no greater than 2:1,

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-59

although the recommended ratio is 1:1. For example, a dual processor system that uses quad core processors contains 8 logical processors in the host system. On a system with this configuration, do not allocate more than 16 virtual processors to all the guest virtual machines. Oversubscribing the processor on the Hyper-V host decreases performance, depending on how much CPU is oversubscribed. •

Exchange 2013 is not NUMA-aware, but it can benefit from NUMA in the same way as any other application that is not NUMA-aware, by taking advantage of the Windows scheduler algorithms that keep threads isolated to particular NUMA nodes.



Dynamic memory is not supported for virtual machines that run any of the Exchange Server 2013 roles. Exchange Server 2013 uses in-memory data caching to provide better performance and faster I/O operations. For this, Exchange Server 2013 needs sufficient memory at all times and full control over the memory. If Exchange Server 2013 does not have full control of the memory that is allocated to the virtual machine, system performance is considerably lower. Because of this, dynamic memory is not supported for Exchange Server 2013.



Differencing and dynamically expanding virtual hard disks are not supported in Exchange Server 2013 virtual machines. Thin provisioned dynamically expanding disks can overcommit the available storage, and as they are growing, the underlying storage could run out of space if not monitored closely. When you create fixed-size virtual hard disks, they are allocated their full size on the physical storage, which ensures that storage will not later run out of space.



Virtual machine checkpoints are not supported. When you create a checkpoint, Hyper-V creates a new differencing virtual hard disk for the virtual machine. Changes are written only on the differencing virtual hard disk, and data is read from both disks, which increases overhead and reduces performance. You can also use checkpoints to revert a virtual machine back to any of the previous states. Exchange Server 2013 is not checkpoint-aware, and applying checkpoints can have unintended consequences for applications such as Exchange Server, which maintains state data.



Exchange Server virtual machines, including Exchange Mailbox virtual machines that are part of database availability group (DAG), might be protected by Hyper-V failover clustering and migration technology. When failover happens, it must result in a system restart when the virtual machine is started on a different node.



Hyper-V Replica is not supported for Exchange Server. Replica makes sense for applications that do not include disaster recovery capability. You should use DAG with Exchange Server 2013. Exchange 2013 Virtualization http://go.microsoft.com/fwlink/?LinkID=386695 Best Practices for Virtualizing and Managing Exchange 2013 http://go.microsoft.com/fwlink/?LinkID=386682 Exchange 2013 Server Role Requirements Calculator http://go.microsoft.com/fwlink/?LinkID=386677 Question: How many virtual processors at most can you assign to Exchange Server virtual machines that are running on a test Hyper-V host with two double-core CPUs?

Lab B: Creating and Managing Checkpoints and Monitoring Hyper-V Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

3-60 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

A. Datum is continuing with its pilot virtualization project. You have deployed the virtualization hosts by installing Windows Server 2012 R2 Hyper-V in one of the subsidiaries. The next step is to deploy virtual machines on these hosts.

Because the virtualization platform is new to A. Datum, you need to spend some time becoming familiar with Hyper-V features and components, including checkpoints. As the pilot project continues, you will need to be able to monitor server performance to ensure that virtual machines are configured properly. For now, you will familiarize yourself with the monitoring tools that are available in Windows Server 2012 R2 and Hyper-V.

Objectives After completing this lab, you will be able to: •

Import virtual machines and work with checkpoints.



Monitor Hyper-V.

Lab Setup Estimated Time: 60 minutes Virtual machines: 20409B-LON-HOSTx, 20409B-LON-CLx, 20409B-LON-DC1 User name: Adatum\Administrator Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps: 1.

Sign in to LON-HOSTx as Adatum\Administrator with the password of Pa$$w0rd.

2.

On LON-HOST1, start Hyper-V Manager.

3.

In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.

4.

In the Actions pane, click Connect. Wait until the virtual machine starts.

5.

Sign in by using the following credentials:

6.

o

User name: Adatum\Administrator

o

Password: Pa$$w0rd

Repeat steps 3 through 5 for 20409B-LON-CLx. The letter x is 1 for the first student in the team, and 2 for the second student in the team.

Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines. However, you can shut down all virtual machines after finishing this lab. You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.

Exercise 1: Importing Virtual Machines and Working with Checkpoints Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-61

Your colleague has heard about the enhanced session mode when connecting to a virtual machine, but he has never seen it. You want to demonstrate to your colleague how to configure it, use it, and show the benefits of the enhanced session mode. You are aware that you should avoid using checkpoints in the production environment, but you want to test them for use in training and explore how to implement checkpoints at the file level. You would also like to see how a virtual machine can detect whether a checkpoint was applied. The main tasks for this exercise are as follows: 1.

Import a virtual machine.

2.

Use enhanced session mode.

3.

Create checkpoints.

4.

Manage checkpoints.

5.

Explore Generation ID.

 Task 1: Import a virtual machine 1.

On LON-HOSTx, use Hyper-V Manager to import a virtual machine by using the following data: o

Virtual Machine in Folder: C:\VirtualMachines\LON-EXPORT\

o

Number of virtual processors: 1

o

Connect to Network: External Network

2.

You will get an error message because the parent virtual hard disk was not found.

3.

In Hyper-V Manager, use the Edit Disk feature to link the C:\VirtualMachines\LON-EXPORT \Virtual Hard Disks\LON-EXPORT.vhd virtual hard disk to the parent disk E:\Program Files \Microsoft Learning\Base\Base14A-WS12R2.vhd. Note that this path might differ on your host machine.

4.

Use Hyper-V Manager to import the LON-EXPORT virtual machine again from C:\VirtualMachines\LON-EXPORT\.

5.

Use Hyper-V Manager to confirm that LON-EXPORT is imported, that it is configured with a single virtual processor, and that it is connected to a virtual switch named External Network.

 Task 2: Use enhanced session mode 1.

On LON-HOSTx, copy a few line of text from the C:\Windows\Win.ini file.

2.

On LON-CLx, confirm that the Paste option in Notepad is disabled.

3.

In Virtual Machine Connection to LON-CLx, from the Clipboard menu, click Type clipboard text. Confirm that the text that you copied from the Win.ini file displays. Close the LON-CLx window.

4.

On LON-HOSTx, use Hyper-V Manager to configure Allow enhanced session mode.

5.

Use Hyper-V Manager to connect to LON-CLx. Configure the option to redirect the local drives.

6.

Confirm that you are not signed in automatically to LON-CLx, and then sign in as ADATUM\administrator, with Pa$$w0rd as the password.

7.

In Notepad, paste the copied text from Win.ini.

8.

On LON-HOSTx, use File Explorer to copy the C:\Windows\Write.exe file.

9.

On LON-CLx, paste Write.exe to the desktop.

10. On LON-CLx, use File Explorer to confirm that drives from LON-HOSTx are mapped to the virtual machine. 11. On LON-CLx, confirm that Remote Desktop is disabled. 12. Turn Off 20409B-LON-CLx. 13. On LON-HOSTx, start the LON-CLx virtual machine, and then connect to it. 14. Confirm that after LON-CLx is started and the sign-in screen displays, the Connect to LON-CLx window opens. Note: Because Integration Services are not available during system start, enhanced session mode is available only after the operating system is fully started. 15. On LON-HOSTx, use Hyper-V Manager to disable enhanced session mode.

 Task 3: Create checkpoints 1.

On LON-HOSTx, confirm that LON-VM1 is using the Differencing.vhd virtual hard disk.

2.

Create a checkpoint for LON-VM1.

3.

Start LON-VM1.

4.

Confirm that LON-VM1 is now using a virtual hard disk with a GUID in its name.

5.

Complete the setup by clicking Next, and then clicking I accept.

6.

On the Settings page, provide the password of Pa$$w0rd.

7.

Sign in as Administrator by using the password Pa$$w0rd.

8.

On LON-VM1, on the desktop, create a folder named Folder1.

9.

Create a checkpoint for LON-VM1, and name it Folder1.

10. On LON-VM1, on the desktop, create a folder named Folder2. 11. Create a checkpoint for LON-VM1, and name it Folder2. 12. On LON-VM1, on the desktop, create a folder named Folder3. 13. On LON-HOSTx, use the Windows PowerShell cmdlet Checkpoint-VM to create checkpoint for LON-VM1, and then name it Folder3. 14. Use the cmdlet Get-VMSnapshot to view existing checkpoints for LON-VM1. 15. Use Hyper-V Manager to confirm that LON-VM1 has four checkpoints. 16. Apply the Folder1 checkpoint. 17. Confirm that on the LON-VM1 desktop, there is only one folder named Folder1. 18. On LON-VM1, on the desktop, create a folder named Folder1.1. 19. Use Hyper-V Manager to create a checkpoint for LON-VM1, and then rename it Folder1.1.

MCT USE ONLY. STUDENT USE PROHIBITED

3-62 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

20. On LON-HOSTx, use File Explorer to browse to C:\Shares\Snapshots, and then confirm that there are five .xml files and five subfolders.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-63

21. Confirm that Size of the oldest folder in the details pane is 0, as the first checkpoint that you created was when LON-VM1 was turned off. 22. Confirm that each of other folders has larger sizes, as the other checkpoints were created while LON-VM1 was running.

 Task 4: Manage checkpoints 1.

On LON-HOSTx, use the Windows PowerShell cmdlet Get-VMSnapshot to view checkpoints for LON-VM1, and then view how they relate to each other.

2.

Use the Windows PowerShell cmdlet Export-VMSnapshot to export the Folder2 checkpoint of LON-VM1 to the C:\Exported folder.

3.

On LON-HOSTx, use File Explorer to confirm that in C:\Exported\LON-VM1 there is no Snapshots subfolder. Double-click the Virtual Hard Disks folder, and then confirm that it contains multiple virtual hard disks, the Differencing.vhd virtual hard disk, and all of its parent disks.

4.

Rename folder LON-VM1 to Folder2.

5.

Use the Windows PowerShell cmdlet Export-VM to export LON-VM1 to the C:\Exported folder.

6.

Use File Explorer to confirm that there is a Snapshots subfolder in C:\Exported\LON-VM1.

7.

Double-click the Virtual Hard Disks folder, and then confirm that it contains the Differencing.vhd virtual hard disk, its parent disk, and all of the differencing virtual hard disks that the checkpoints created.

8.

Use the Windows PowerShell cmdlet Restore-VMSnapshot to apply the Folder3 checkpoint to LON-VM1.

9.

On LON-VM1, confirm that on the desktop, there are three folders named Folder1, Folder2, and Folder3.

10. Use Hyper-V Manager to confirm that you cannot modify Folder2 checkpoint settings, except for the Name and Description. 11. Use Hyper-V Manager to delete the Folder1 checkpoint and its subtree.

12. Use Hyper-V Manager to confirm that all checkpoints for LON-VM1 except the first checkpoint are deleted instantly. 13. On LON-HOSTx, use File Explorer to confirm that there is single .xml file, and one subfolder in the C:\Shares\Snapshots folder.

 Task 5: Explore Generation ID 1.

On LON-HOSTx, on LON-VM1, use Device Manager to confirm that the Microsoft Hyper-V Generation Counter system device is present. This is how virtual machine presents Generation ID to the operating system.

2.

Turn off LON-VM1.

Results: After completing this exercise, you should have imported virtual machines and worked with checkpoints.

Exercise 2: Monitoring Hyper-V Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

3-64 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

One of your colleagues is sure that you can monitor Hyper-V host utilization by using Task Manager. You want to show your colleague that this is incorrect. You also want to demonstrate the proper way to monitor the Hyper-V host and virtual machines and how to retrieve chargeback information for the running virtual machines. The main tasks for this exercise are as follows: 1.

Use Task Manager.

2.

Use Performance Monitor to monitor Hyper-V performance.

3.

Use Resource Metering.

 Task 1: Use Task Manager 1.

On LON-HOSTx, open Task Manager, and then click the Performance tab.

2.

On LON-CLx, sign in as Adatum\Administrator with the password Pa$$w0rd. Open Task Manager, and then click the Performance tab.

3.

On LON-CLx, use Windows PowerShell to run the C:\LabFiles\Mod03\Cpustres.exe command.

4.

In CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread Priority to Highest, and set Activity to Busy.

5.

Confirm that the LON-CLx Task Manager shows high utilization, while the LON-HOSTx Task Manager shows low utilization.

Note: As each Task Manager is reporting utilization of its own virtual environment, the utilization shown is very different. 6.

In CPU Stress, in the Thread 1 section, set Thread Priority to Idle, and set Activity to Low.

7.

On LON-HOSTx, in Task Manager, click Open Resource Monitor. The Resource Monitor opens.

8.

On LON-CLx, run the Windows PowerShell command C:\LabFiles\Mod03\sqlio.exe.

9.

Confirm that on LON-CLx, Task Manager reports almost 100 percent Disk 0 utilization. Resource Monitor on LON-HOSTx reports only a slight increase in disk activity.

 Task 2: Use Performance Monitor to monitor Hyper-V performance 1.

On LON-HOSTx, start Performance Monitor, and then add the following counters: o

Hyper-V Hypervisor Virtual Processor\% Guest Run Time for the 20409B-LON-CLx instance

o

Hyper-V Virtual Storage Device\Read Operations/sec for the instance that refers to 20409B-LON-CLx

o

LogicalDisk\Disk Reads/sec for the C: instance

2.

Set Scale Selected Counters for Disk Reads/sec and Read Operations/Sec.

3.

On LON-CLx, run the Windows PowerShell command C:\LabFiles\Mod03\sqlio.exe.

4.

On LON-HOSTx, use Performance Monitor to follow how disk access increases in the virtual machine and on the Hyper-V host while sqlio.exe is running on the virtual machine.

5.

On LON-CLx, in CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread Priority to Highest and Activity to Busy.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

3-65

6.

On LON-HOSTx, use Performance Monitor to follow how processor utilization on the virtual machine and on Hyper-V increases.

7.

On LON-HOSTx, use Hyper-V Manager to view CPU Usage for the LON-CLx virtual machine.

8.

Set Virtual machine limit (percentage) for 20409B-LON-CLx to 10.

9.

Use Hyper-V Manager to confirm that CPU Usage for the LON-CLx virtual machine is considerably lower.

10. On LON-CLx, close both CPU Stress and Task Manager. 11. On LON-HOSTx, close Performance Monitor, Resource Monitor, and Task Manager. 12. In Hyper-V Manager, set Virtual machine limit (percentage) for LON-CLx to 100.

 Task 3: Use Resource Metering 1.

On LON-HOSTx, use the Windows PowerShell cmdlet Get-VM to view whether resource metering is enabled for 20409B-LON-CLx.

2.

Use the Windows PowerShell cmdlet Enable-VMResourceMetering to enable resource metering for 20409B-LON-CLx.

3.

Use the Windows PowerShell cmdlet Measure-VM to view resource metering data for 20409B-LON-CLx.

4.

On LON-CLx, run the Windows PowerShell command C:\LabFiles\Mod03\Cpustres.exe.

5.

In CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread Priority to Highest, and then set Activity to Busy.

6.

Run the Windows PowerShell command C:\LabFiles\Mod03\TestLimit64.exe –d 400 –c 5.

7.

On LON-HOSTx, use the Windows PowerShell cmdlet Measure-VM to view resource metering data for 20409B-LON-CLx. Compare the data with previous results, and then notice the increase in use of AvgRAM(M) and AvgCPU(MHz).

8.

On LON-CLx, close CPU Stress.

9.

On LON-HOSTx, use the Windows PowerShell cmdlet Disable-VMResourceMetering to disable resource metering for LON-CLx.

Results: After completing this exercise, you should have monitored Hyper-V.

Module Review and Takeaways Review Questions Question: Are synthetic devices available in all operating systems that you install on a virtual machine? Question: Can you use shared virtual hard disks with two virtual machines that have Windows 8.1 installed? Question: Can you use virtual machine settings to discover whether it is Generation 1 or Generation 2? Question: Can you use enhanced session mode to connect to a Windows Server 2012 R2 virtual machine that is running on Windows Server 2012 Hyper-V host? Question: Which monitoring tool can you use to monitor multiple servers simultaneously and to provide you with alerts when the performance of servers is different than normal?

MCT USE ONLY. STUDENT USE PROHIBITED

3-66 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

MCT USE ONLY. STUDENT USE PROHIBITED 4-1

Module 4 Creating and Configuring Virtual Machine Networks Contents: Module Overview

4-1

Lesson 1: Creating and Using Hyper-V Virtual Switches

4-2

Lab A: Creating and Using Hyper-V Virtual Switches

4-9

Lesson 2: Advanced Hyper-V Networking Features

4-13

Lab B: Creating and Using Advanced Virtual Switch Features

4-23

Lesson 3: Configuring and Using Hyper-V Network Virtualization

4-26

Lab C: Configuring and Testing Hyper-V Network Virtualization

4-34

Module Review and Takeaways

4-38

Module Overview

Virtual machines are isolated, even when they are running on the same Hyper-V host and are communicating only over the network. Hyper-V in Windows Server 2012 and Windows Server 2012 R2 includes an entirely redesigned and extensible virtual switch, which enables basic network packet forwarding and more advanced features such as support for network virtualization. You can connect a virtual switch to different networks, and based on this connection, you can create a private, internal, or external virtual switch. If supported by server hardware, you can also use features such as single root I/O virtualization (SR-IOV) and Dynamic Virtual Machine Queue, which enable higher network throughput and lower CPU utilization.

On the Hyper-V host, the host operating system (for example Windows Server 2012 R2) is also running in the virtual machine (parent partition), which means that its traffic can be controlled by a virtual switch. One of the new features of the Hyper-V virtual switch is support for network virtualization, which you can use to create multiple isolated tenant networks on the same physical network. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.

Objectives After completing this module, you will be able to: •

Create and use Hyper-V virtual switches.



Describe advanced Hyper-V networking features.



Configure and use Hyper-V network virtualization.

Lesson 1

Creating and Using Hyper-V Virtual Switches

MCT USE ONLY. STUDENT USE PROHIBITED

4-2 Creating and Configuring Virtual Machine Networks

Virtual machines are rarely disconnected from a network. Most users typically will want virtual machines to communicate with other computers. To provide virtual machines with network connectivity, you must first connect them to a virtual switch. The virtual switch in Windows Server 2012 and Windows Server 2012 R2 is fully extensible, and provides advanced features such as port access control lists (ACLs), network traffic monitoring, packet inspection, and network virtualization. The virtual switch also enables basic features such creating different virtual switch types, and using virtual local area network (VLAN) tagging. In this module, you will learn about basic Hyper-V virtual switch management, the different types of virtual switches, and how to configure virtual switches by using Virtual Switch Manager and Windows PowerShell.

Lesson Objectives After completing this lesson, you will be able to: •

Describe the Hyper-V virtual switch.



Describe the different types of virtual switches.



Describe VLAN tagging.



Use Virtual Switch Manager.



Explain the use of dynamic switch ports.



Configure and use VLANs.

Overview of the Hyper-V Virtual Switch When you have multiple physical computers that you want to connect inside the same network segment, you typically connect them by using network switches. Switches operate at Layer 2 (data-link layer) of the Open Systems Interconnection (OSI) model. Switches act as network hubs, except with an intelligent layer added to them. Network switches can inspect data packets, determine the source and destination of each data packet, and then forward the data packets appropriately. By delivering packets only to the intended connected device, network switches conserve network bandwidth and offer better performance than network hubs.

The Hyper-V virtual switch offers similar functionalities as hardware network switches. The Hyper-V virtual switch is a software-implemented Layer 2 network switch that is available as part of the Hyper-V role. You can use the Hyper-V virtual switch to connect virtual machines to virtual networks and physical networks. On the Hyper-V host, the host operating system, for example Windows Server 2012 R2, is also running in the virtual machine (parent partition). This means that the Hyper-V virtual switch can be used when the parent partition connects to the network. Prior to Windows Server 2012, Hyper-V included a simple network switch that was not extensible and provided only basic networking features. The Hyper-V Virtual Switch in Windows Server 2012 and Windows Server 2012 R2 is fully extensible. It provides advanced features such as policy enforcement,

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-3

tenant isolation, traffic shaping, and protection against malicious virtual machines. You can also extend it with non-Microsoft extensions.

The Hyper-V virtual switch provides ways to extend the virtual switch without replacing the entire switch; for example, to add monitoring, filtering, or forwarding functionality. You implement extensions by using network device interface specification (NDIS) filter drivers and Windows Filtering Platform (WFP) callout drivers. NDIS and WPF are two public platforms for extending the Windows networking functionality. If you extend the virtual switch, the virtual switch extensions are listed in the Virtual Switch Manager feature of Hyper-V Manager. You can manage Hyper-V virtual switches by using the Virtual Switch Manager, or by using Windows PowerShell cmdlets. For example, the following cmdlet lists all of the Hyper-V virtual switches on a Hyper-V host: Get-VMSwitch

VMNetworkAdapter is the primary noun that you can use to manage various security features, Quality of Service (QoS), port mirroring, and other features. You can get more information on these features by running the following cmdlet: Get-Help Set-VMNetworkAdapter

The host operating system on Hyper-V host is also running inside a virtual machine (parent partition), which means that you can add and manage virtual network adapters to it in a similar manner as to other virtual machines. Each virtual network adapter can be connected to a separate Hyper-V virtual switch, or to the same Hyper-V virtual switch as other adapters. You can create multiple parent virtual network adapters that you then use for different purposes such as live migration, accessing the storage area network (SAN), and parent operating system management. You can also limit bandwidth for each virtual network adapter by assigning the QoS policy to the adapter. If you want to create a virtual network adapter in the parent partition, run the following Windows PowerShell cmdlets: Add-VMNetworkAdapter –ManagementOS –Name Management Add-VMNetworkAdapter –ManagementOS –Name Storage Add-VMNetworkAdapter –ManagementOS –Name “Live Migration”

Question: Do you need to create a virtual switch on a Hyper-V host?

Types of Virtual Switches Hyper-V Manager includes the Virtual Switch Manager, which you can use to create and manage virtual switches. If you want virtual machines to be able to communicate on a network, you must first create at least one virtual switch, and then connect virtual machine network adapter(s) to the virtual switch. The parent partition is an exception to the rule. It can communicate on the network even if a network switch is not created. Note: The parent partition is a virtual machine in which you can manage and monitor Hyper-V, and in which device drivers for accessing Hyper-V physical hardware are installed.

MCT USE ONLY. STUDENT USE PROHIBITED

4-4 Creating and Configuring Virtual Machine Networks

You can connect only one virtual switch to a specific physical network adapter, wireless adapter, or network interface card (NIC) team. Once you connect a Hyper-V virtual switch to a network adapter, all other protocols are automatically unbound from that network adapter and reassigned to the virtual network adapter.

Hyper-V supports three types of virtual switches: external, internal, and private. There is no limit on how many virtual switches you can create on a Hyper-V host, or how many virtual machines you can connect to a virtual switch. However, you cannot have more external virtual switches than the number of network adapters on the Hyper-V host. Virtual switches can connect to three types of networks: •

Private network. A virtual switch that you connect to a private network provides connectivity only between virtual machines on the same Hyper-V host, and that connect to the same virtual switch. Virtual machines cannot communicate with virtual machines that are connected on a different virtual switch, Hyper-V host, or external physical network. You can use a private switch if you need to isolate virtual machines for security reasons, or if you are using them for testing and you do not want them to access the company network inadvertently. When you create a private switch, there is no new network connection added in the parent partition.



Internal network. A virtual switch that you connect to an internal network provides connectivity between virtual machines on the same Hyper-V host, and with the Hyper-V host itself. Virtual machines that connect to an internal switch cannot communicate with any physical network, unless the Hyper-V host provides network address translation (NAT) functionality. You use an internal virtual switch when virtual machines must have network connectivity to a Hyper-V host, but not to external resources. When you create an internal virtual switch, an additional virtual network connection is added in the parent partition, and it is connected to the virtual switch.



External network. A virtual switch is connected to a physical network adapter, wireless adapter, or NIC team on the Hyper-V host, and it enables virtual machine connectivity to a physical network. You use an external switch to provide virtual machines with access to external resources, or to the Internet. When you create a new external virtual switch, Hyper-V creates a virtual network adapter in the parent partition, unless you clear the option to Allow management operating system to share this network adapter.

Note: If you create an external virtual switch and clear the Allow management operating system to share this network adapter option, the physical network adapter will be available only to virtual machines, and will not be accessible by the Hyper-V host. This is recommended, because you should separate the production network from the network used to manage Hyper-V host.

After you create a virtual switch, you can view and manage virtual switch extensions. By default, Hyper-V includes two virtual switch extensions: Microsoft NDIS Capture, and Microsoft Windows Filtering Platform. The Microsoft NDIS Capture extension enables the capture of network packets traversing the virtual switch, which is the same functionality as is included in the Microsoft Network Monitor packet capturing utility. The Microsoft NDIS Capture extension is not enabled by default. The Microsoft Windows Filtering Platform processes network traffic as it traverses the virtual switch, and it is enabled by default for each virtual switch that you create in Hyper-V.

You can create virtual switches by using the New Virtual Switch Wizard, which is part of Hyper-V Manager. Alternatively, you also can use the new Windows PowerShell cmdlet New-VMSwitch. The cmdlet syntax is determined by the type of virtual switch that you want to create.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-5

The external virtual switch type is associated with a physical network adapter that is present in the Hyper-V host. When you create an external virtual switch, the Hyper-V Extensible Virtual Switch protocol is bound to a physical adapter. All other bindings are moved to the virtual adapter that is created, and display in the Network Connections interface. When you create an internal virtual switch, an additional virtual adapter is created, which allows the host to connect to the virtual machines. If you create a private virtual switch, no virtual adapter is created on the host. Question: Can a virtual machine access the Internet if it is connected to an internal virtual switch? Question: What will happen in the parent partition when you create a new internal virtual switch? Will it be the same as when you create a new private virtual switch?

Demonstration: Using Virtual Switch Manager

In this demonstration, you will see how to use Virtual Switch Manager for configuring virtual switches. You will also see how to connect virtual machines to virtual switches, and how virtual machines do not have connectivity when they are connected to different virtual switches.

Demonstration Steps 1.

On LON-HOST1, in Hyper-V Manager, confirm that there is one virtual switch present named External Network.

2.

On LON-HOST1, in Hyper-V Manager, create a private virtual switch named Private Switch.

3.

On LON-HOST1, connect the 20409B-LON-PROD1 and 20409B-LON-TEST1 virtual machines to the Private Switch virtual switch.

4.

On LON-PROD1, attempt to ping IP address 10.0.0.16.

5.

Confirm that four replies are received, and that LON-TEST1 has an IP address of 10.0.0.16.

6.

On LON-HOSTx, connect the 20409B-LON-PROD1 virtual machine to the External Network virtual switch.

7.

On LON-PROD1, try to ping IP address 10.0.0.16, and confirm that it does not have connectivity with LON-TEST1.

8.

On LON-PRODx, in Windows PowerShell, use the cmdlet Set-NetIPInterface to enable dynamic TCP/IP configuration for Ethernet network connection.

9.

In Windows PowerShell, use ipconfig to confirm that LON-PRODx obtained the IP address from the Dynamic Host Configuration Protocol (DHCP) server that is running on LON-DC.

What Is VLAN Tagging? When you want to isolate and partition logical networks that are using the same networking infrastructure, you can use VLAN tagging to separate the networks. By using VLAN tagging, you can create multiple distinct broadcast domains that are mutually isolated, and networking traffic can only pass between them if a router is used.

MCT USE ONLY. STUDENT USE PROHIBITED

4-6 Creating and Configuring Virtual Machine Networks

VLANs are the method that most organizations use currently to provide address space reuse and tenant isolation. VLAN uses explicit tagging in the Ethernet frames, and it relies on the switches to enforce isolation and restrict traffic to network adapters that are configured with the same tag. You can specify VLAN tags for the virtual machine network adapter, and for the internal and external virtual switches. If you specify the VLAN tag for the internal and external virtual switches, the VLAN tag is applied to the virtual network adapter in the parent partition. Note: The word virtual in the VLAN definition has nothing to do with server virtualization, although server virtualization supports it. VLANs have been in use for more than thirty years.

VLAN cannot span multiple logical subnets. This limits the number of computers within a single VLAN, and restricts the placement of virtual machines based on physical location. Even though VLANs can be stretched across physical sites, the stretched VLAN must be all on the same subnet. A VLAN ID is 12 bits long, which limits the value of VLAN IDs to 4,094. When you need to move a virtual machine that is configured with a VLAN ID, you must ensure that you have reconfigured the underlying networking infrastructure properly.

To enable VLAN Identification (VLAN ID) for management operating systems, you must enable the VLAN ID for an external or internal virtual switch, and specify an ID. You can specify the VLAN ID in Hyper-V Manager, on the Virtual Switch Manager page, under Switch Properties. Note: The VLAN ID that you configure for the virtual switch specifies the VLAN that the management operating system is using for all network communications through this network adapter. This setting does not affect virtual machine networking. To enable VLAN ID for a virtual machine, open Virtual Machine Settings, select the virtual network adapter, select the Enable virtual LAN identification check box and then specify an ID that you want the virtual machine connection to use. A virtual machine may have multiple network adapters, and the adapters may use either the same or different VLAN IDs. You must perform this configuration on each network adapter.

Hyper-V on Windows Server 2012 and Hyper-V on Windows Server 2012 R2 supports enhanced functionality and simple VLAN tagging, which includes private VLAN and trunk mode to a virtual machine. Question: Why can you create only a maximum of 4,094 VLAN networks?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Demonstration: Configuring and Using VLANs In this demonstration, you will see how to configure and use VLANs on the Hyper-V virtualization platform.

Demonstration Steps

4-7

1.

On LON-HOSTx, connect the 20409B-LON-TESTx virtual machine to the External virtual switch.

2.

On LON-PROD1, try to ping IP address 10.0.0.16 and verify that four replies are received. This confirms that LON-PROD1 and LON-TEST1 have network connectivity.

3.

On LON-HOST1, in Hyper-V Manager, configure the network adapter for the 20409B-LON-PROD1 virtual machine with a virtual LAN identification value of 2.

4.

On LON-PROD1, try to ping IP address 10.0.0.16. Confirm that destination host is now not reachable. This is because LON-PROD1 is connected to different VLAN as LON-TEST1.

5.

On LON-HOST1, in Hyper-V Manager, configure the network adapter for the LON-TEST1 virtual machine with a virtual LAN identification value of 2.

6.

On LON-PROD1, try to ping IP address 10.0.0.16. Confirm that four replies are returned. LON-PROD1 and LON-TEST1 have network connectivity because now they are connected to the same VLAN.

Ethernet Resource Pool The Hyper-V virtual switch is designed to provide multiple data streams to and from virtual machines using the physical network adapters in the Hyper-V host. You create a virtual switch and connect the virtual machine network adapter to the virtual switch to gain network connectivity. The virtual switch type defines the scope of network connectivity available to a virtual machine. For example, access to a company network over a physical Hyper-V network adapter requires an external virtual switch.

The virtual switch type and other configurations such as VLAN settings, bandwidth requirements, and security parameters are not included as part of the virtual machine configuration, but are stored as part of the virtual switch configuration on the Hyper-V host. You can move a virtual machine to a different Hyper-V host by using live migration, or by using the Import Virtual Machine Wizard. When you move the virtual machine, you could encounter a problem if the destination Hyper-V host does not have a virtual switch with the same name, and is not configured identically. When using Ethernet resource pools, virtual machines do not connect to precreated and preconfigured ports in a virtual switch. The virtual machine is configured to connect to one or more virtual switches in a pool of virtual switches. By default, every virtual switch is placed in the default primordial pool automatically until other pools of type Ethernet are created.

MCT USE ONLY. STUDENT USE PROHIBITED

4-8 Creating and Configuring Virtual Machine Networks

You can create resource pools by using the New-VMResourcePool Windows PowerShell cmdlet. You cannot use Hyper-V Manager to create resource pools. However, if resource pools already exist, you can use Hyper-V Manager to configure virtual machines to use a virtual switch from the resource pool. When configured properly, you can move virtual machines between Hyper-V hosts with compatible pool configurations without having to do any reconfiguration. When you configure a virtual machine to connect to an Ethernet resource pool, the Hyper-V management layer configures the connections when a virtual machine is started. Ports of the virtual switches in a pool are reclaimed automatically when they are no longer in use. The virtual machine switch port configuration becomes an integral part of a virtual machine overall configuration, and it is migrated automatically in all mobility scenarios. Note: You can also use resource pools to collect resource pool usage information for chargeback purposes. Question: Is there any default Ethernet resource pool in Hyper-V? Question: Can you configure a virtual network adapter to connect to a virtual switch in the Ethernet resource pool by using Hyper-V Manager?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Lab A: Creating and Using Hyper-V Virtual Switches Scenario

4-9

A. Datum Corporation has implemented the Hyper-V virtualization platform in one of their subsidiaries. You have created several test virtual machines and familiarized yourself with many of the configuration options. The next step is to implement and test network connectivity for the virtual machines. You have been asked to verify current Hyper-V networking, and explore the differences between various Hyper-V virtual switch types.

Objectives After completing this lab, you will be able to: •

Create and use Hyper-V virtual switches.

Lab Setup Estimated Time: 20 minutes

Virtual machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-PROD1, 20409B-LON-PROD2, 20409B-LON-TEST1, and 20409B-LON-TEST2 User name: Adatum\Administrator Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps: 1.

Sign in to the LON-HOSTx computer as Adatum\Administrator with the password of Pa$$w0rd.

2.

On LON-HOST1 start Hyper-V Manager.

3.

In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.

4.

In the Actions pane, click Connect. Wait until the virtual machine starts.

5.

Sign in by using the following credentials: o

User name: Adatum\Administrator

o

Password: Pa$$w0rd

6.

Repeat steps 2 and 3 for 20409B-LON-TESTx and 20409B-LON-PRODx. The letter x is 1 for the first student in the team, and 2 for the second student in the team.

7.

For 20409B-LON-TESTx and 20409B-LON-PRODx, sign in as Administrator. For both accounts, use the password Pa$$w0rd.

LON-HOST1 and LON-HOST2 are sometimes referenced as LON-HOSTx, which indicates that each student performs the lab tasks on his or her computer. Note: You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.

Exercise 1: Creating and Using Windows Server 2012 R2 Hyper-V Virtual Switches Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

4-10 Creating and Configuring Virtual Machine Networks

The Hyper-V virtualization platform is now installed, and you need to demonstrate to junior administrators the different networking options that you can configure in Hyper-V. You will first show them the current Hyper-V host networking configuration. After that, you will create new virtual network adapters in a parent partition, and then show them as new network connections. You will also create different types of Hyper-V virtual switches, and explore with junior administrators the connectivity options when using each of them. The main tasks for this exercise are as follows: 1.

Verify current Hyper-V network configuration.

2.

Create virtual network adapters in a parent partition.

3.

Create virtual switches.

4.

Use Hyper-V virtual switches.

 Task 1: Verify current Hyper-V network configuration 1.

On LON-HOSTx, in Hyper-V Manager, confirm that External Network is the only virtual switch present.

2.

Confirm that LON-HOSTx has two network connections: Ethernet 2 and vEthernet (External Network).

3.

View the properties of the Ethernet 2 network connection, and confirm that it is using only the Hyper-V Extensible Virtual Switch, and that the check boxes for all other items are not selected.

4.

View the properties of the vEthernet (External Network) network connection, and confirm that it is using most items, but is not using the Hyper-V Extensible Virtual Switch, which is the only item for which the check box is not selected.

 Task 2: Create virtual network adapters in a parent partition 1.

On LON-HOSTx, in Windows PowerShell, use the cmdlet Get-VMNetworkAdapter with the All parameter to confirm that one network adapter named External Network, is present on the system.

2.

Use the Windows PowerShell cmdlet Add-VMNetworkAdapter with the ManagementOS parameter to add the following three virtual network adapters to the parent partition:

3.

o

Management

o

Storage

o

Live Migration

Use the Network Connections window to confirm that three network connections have been added to LON-HOSTx, and that they are named: o

vEthernet (Management)

o

vEthernet (Storage)

o

vEthernet (Live Migration)

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-11

4.

View the properties of the vEthernet (Management) network connection, and confirm that the network connection is using most items, including Internet Protocol Version 4 (TCP/IPv4), but it is not using the Hyper-V Extensible Virtual Switch.

5.

In Windows PowerShell, use the cmdlet Get-VMNetworkAdapter with the All parameter to confirm that the network adapters that you added by using Windows PowerShell are present on the system.

 Task 3: Create virtual switches 1.

On LON-HOSTx, in Hyper-V Manager, try to create an external virtual switch.

Note: You should get an error, because the physical network adapter is already bound to the external switch. 2.

In Hyper-V Manager, create an internal virtual switch and name it Internal Switch.

3.

Use the Network Connections window to confirm that a network connection is added and that it is named vEthernet (Internal Switch).

4.

View the properties of vEthernet (Internal Switch), and confirm that the network connection is using most items, including Internet Protocol Version 4 (TCP/IPv4), but that it is not using Hyper-V Extensible Virtual Switch.

5.

Use the Windows PowerShell cmdlet Get-VMNetworkAdapter with the All parameter to confirm that there is a network adapter named Internal Switch present on the system.

6.

On LON-HOSTx, in Hyper-V Manager, create a private virtual switch, and name it Private Switch.

7.

Use the Network Connections window to confirm that no network connection was added when you created the private virtual switch.

8.

In Windows PowerShell, use the Get-VMNetworkAdapter cmdlet with the All parameter to confirm that no network connection was added when you created the private virtual switch.

9.

Use Hyper-V Manager to confirm that External Network, Internal Switch and Private Switch have the same two extensions available: Microsoft NDIS Capture, which is not enabled, and Microsoft Windows Filtering Platform, which is enabled.

 Task 4: Use Hyper-V virtual switches 1.

On LON-HOSTx, connect both the LON-PRODx and LON-TESTx virtual machines to the Private Switch virtual switch.

2.

Confirm that LON-PRODx has an IPv4 address of 10.0.0.x5 (where x is 1 if you are using LON-HOST1, and x is 2 if you are using LON-HOST2).

3.

Open Windows PowerShell in Administrator mode, and to try to ping IP address 10.0.0.x6.

4.

Confirm that four replies are received Note: LON-TESTx has an IP address of 10.0.0.x6.

5.

On LON-HOSTx, connect the LON-PRODx virtual machine to an Internal Switch.

6.

On LON-PRODx, try to ping the IP address 10.0.0.x6, and confirm that it does not have connectivity with LON-TESTx.

7.

On LON-HOSTx, try to ping IP address 10.0.0.x5.

Note: Confirm that the destination host is unreachable. This is because the virtual network adapter in LON-HOSTx that is connected to the Internal switch does not have IP address from the same subnet as LON-PRODx. 8.

9.

MCT USE ONLY. STUDENT USE PROHIBITED

4-12 Creating and Configuring Virtual Machine Networks

On LON-HOSTx, configure the vEthernet (Internal Switch) network connection with the following settings: o

IP address: 10.0.0.100

o

Subnet mask: 255.255.255.0

On LON-HOSTx, try to ping IP address 10.0.0.x5. Confirm that four replies are returned, which confirms that LON-HOSTx and LON-PRODx now have network connectivity.

10. On LON-HOSTx, connect the LON-PRODx virtual machine to the External Network virtual switch.

11. On LON-PRODx, use the Windows PowerShell cmdlet Set-NetIPInterface to enable dynamic TCP/IP configuration for the Ethernet network connection. To do this, you will need to run Windows PowerShell in Administrator mode. 12. In Windows PowerShell, use ipconfig to confirm that LON-PRODx obtained the IP address from the DHCP server. Write down the LON-PRODx IPv4 address.

13. On LON-HOSTx, try to ping the IP address of LON-PRODx, and confirm that four replies are returned. 14. On LON-DC1, try to ping the IP address of LON-PRODx, and confirm that four replies are returned. Note: Leave the virtual machines running, as you will use them in the next lab.

Results: After completing this exercise, you should have created and used Hyper-V virtual switches.

Lesson 2

Advanced Hyper-V Networking Features

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-13

The Hyper-V virtual switch provides many other features in addition to the basic packed forwarding functionality It supports the following features, if they are supported by the physical network adapters in the Hyper-V host hardware: •

Virtual local area networks (LANs)



Private VLANs



Port ACLs



Network traffic monitoring



Basic packet inspection



Capabilities such as SR-IOV and Dynamic Virtual Machine Queue

The Hyper-V virtual switch is fully extensible, which means that you can extend or replace existing switch functionalities. You can configure some of the advanced virtual switch functionalities by using a GUI, and at virtual switch levels and at virtual network adapter levels. However, by using Windows PowerShell you can configure many more functionalities.

Lesson Objectives After completing this lesson, you will be able to: •

Explain virtual switch expanded functionality.



Explain virtual switch extensibility.



Describe SR-IOV.



Describe Dynamic Virtual Machine Queue.



Describe the network adapter advanced features.



Describe the Network Adapter Teaming (NIC Teaming) feature in virtual machines.



Configure network adapter advanced features.

Virtual Switch Expanded Functionality The Hyper-V virtual switch is a software-implemented Layer 2 networking switch that provides network connectivity between virtual machines, the Hyper-V host, and physical networks. The Hyper-V virtual switch provides more functionality than simply forwarding data packets between computers that are connected to virtual switch ports. It also provides the following functions: •

Inspect network packets.



Limit bandwidth.



Allow connectivity only between certain virtual switch ports.



Block suspicious network activity.



Perform network virtualization.

MCT USE ONLY. STUDENT USE PROHIBITED

4-14 Creating and Configuring Virtual Machine Networks

You can use Hyper-V Manager to configure some of the Hyper-V virtual switch functionality and expanded features, such as configuring virtual machine networking adapter settings. However, you must use Windows PowerShell to configure some of the other features. The Hyper-V virtual switch expanded functionality includes the following features: •

ARP/ Neighbor Discovery Poisoning (spoofing) protection. This feature provides protection against malicious virtual machines that try to use Address Resolution Protocol (ARP) spoofing to associate their media access control (MAC) addresses with the IP addresses of another virtual machine. By doing this, they effectively steal IP addresses and intercept network traffic that is being sent to other virtual machines. This feature also provides protection against attackers who use IPv6 Neighbor Discovery spoofing.

You can enable this feature in the Advanced Features settings for the virtual machine network adapter by selecting the Enable router advertisement guard option. You can also enable it by using the Windows PowerShell cmdlet Set-VMNetworkAdapter. For example, if you want to enable this feature on a network adapter in a virtual machine named VM1, you would run the following cmdlets: $vmNIC = Get-VMNetworkAdapter -VMName VM1 Set-VMNetworkAdapter -VMNetworkAdapter $vmNIC -RouterGuard On



DHCP guard protection. This feature protects against a malicious virtual machine that is running a rogue DHCP server that can be used for man-in-the-middle attacks. If you enable the DHCP guard protection option, the virtual switch drops DHCP acknowledgement packets that the virtual machine sends. This effectively prevents other computers from obtaining TCP/IP configuration from the DHCP server that is running in the malicious virtual machine. You can enable this feature in the Advanced Features settings for the virtual machine network adapter, by selecting the Enable DHCP guard option. You also can enable this feature by using the Windows PowerShell cmdlet Set-VMNetworkAdapter. For example, if you want to enable this feature on a network adapter in virtual machine named VM1, you can run the following cmdlets: $vmNIC = Get-VMNetworkAdapter -VMName VM1 Set-VMNetworkAdapter -VMNetworkAdapter $vmNIC -DHCPGuard On



Port ACLs. The virtual switch performs traffic filtering based on MAC or IP addresses and ranges. With this feature, you can set up virtual network isolation by creating two lists: a list of computers with which a virtual switch port can communicate (white list), and a list of computers with which a virtual switch port cannot communicate (black list). A network port ACL has several entries, which include a network address and an associated permit, deny, or meter action. When a network packet matches one of the entries, the virtual switch takes the appropriate action.

Port ACLs can be based on MAC address, IPv4 address, or IPv6 address. You can configure this feature only by using Windows PowerShell, by running the Add-VMNetworkAdapterAcl cmdlet. For example, if you want to allow network traffic in both directions between a virtual machine named VM1 and computers on the 10.0.0.0/8 subnet, you can run the following cmdlet: Add-VMNetworkAdapterAcl -VMName VM1 -RemoteIPAddress 10.0.0.0/8 -Direction Both -Action Allow



Trunk mode to a VM. A VLAN logically isolates computers that are connected to the same local network, irrespective of their actual physical location. By using VLANs, you can assign computers on different switches to the same Layer 2 broadcast domain. This enables network communication between the computers while they are isolated from the other computers that are either assigned to

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-15

a different broadcast domain or have a different VLAN ID. A VLAN trunk enables traffic from multiple VLANs to be visible and accessible on the same network adapter, as defined in the IEEE 802.1Q standard.

Prior to Windows Server 2012 Hyper-V, the virtual switch did not have the ability to set a switch port to trunk mode, and you could not have multiple VLANs assigned to the same virtual NIC. Hyper-V in Windows Server 2012 supports the IEEE 802.1Q standard, and can forward traffic from multiple different VLANs to the same network adapter. You can configure this feature only by using Windows PowerShell, by running the cmdlet Set-VMNetworkAdapterVlan. For example, if you want to enable trunk mode to a virtual machine named VM1, you would run the following cmdlets: $vmNIC = Get-VMNetworkAdapter -VMName VM1 Set-VMNetworkAdapterVlan $vmNIC -Trunk -AllowedVlanIdList 1-100 -NativeVlanId 10



Network traffic monitoring. You can use this feature to monitor and review all incoming or outgoing network traffic that the network switch is forwarding to a specific virtual machine network adapter. When you configure this feature, network traffic is copied and you can view it inside a virtual machine by using a packet capture tool such as Network Monitor. You can enable this feature in the Advanced Features settings for the virtual machine network adapter by configuring the port mirroring mode. You can also configure it by using the Windows PowerShell cmdlet Set-VMNetworkAdapter. For example, if you want to configure network traffic monitoring for a virtual machine named VM1, you would run the following cmdlets: $vmNIC = Get-VMNetworkAdapter -VMName VM1 Set-VMNetworkAdapter $vmNIC -PortMirroring Source



Isolated VLAN or private VLAN. Private VLANs were introduced to help with VLAN scalability issues. A private VLAN consists of a primary VLAN, which has secondary VLANs. The secondary VLAN IDs differentiate the various private VLANs, and all secondary VLANs share the same primary VLAN ID. Private VLANs are designed to reduce the number of IP subnets and VLANs for some types of network configurations. The virtual switch supports private VLANs to restrict communication between computers on the same VLAN or network segment. Private VLANs support an isolated mode in which virtual machines can share the same VLAN ID, but can only communicate externally. You can configure this feature only by using Windows PowerShell, by running the cmdlet Set-VMNetworkAdapterVlan. For example, if you want to configure private VLAN for a virtual machine named VM1 and configure it with primary VLAN ID 10 and secondary VLAN ID 200, you would run the following cmdlet: $vmNIC = Get-VMNetworkAdapter -VMName VM1 Set-VMNetworkAdapter $vmNIC -Isolated -PrimaryVlanId 10 -SecondaryVlanId 200



Bandwidth limits and burst support. By setting a minimum bandwidth, you can guarantees at least that amount of bandwidth for the virtual machine network adapter. The maximum bandwidth setting specifies the maximum amount of bandwidth that a virtual machine network adapter can consume. You can enable and configure this feature only for network adapters, and not for legacy network adapters.

You can enable and configure this feature on the virtual machine network adapter settings, or by using the Windows PowerShell cmdlet Set-VMNetworkAdapter. For example, for a network adapter in a virtual machine named M1, if you want to specify a minimum bandwidth of 10 megabytes (MB) and maximum bandwidth of 1 gigabyte (GB), you can run following cmdlets: $vmNIC = Get-VMNetworkAdapter -VMName VM1 Set-VMNetworkAdapter $vmNIC -MinimumBandwidthAbsolute 10MB -MaximumBandwidth 1GB

Question: Do you need to enable DHCP guard protection on each virtual machine that you want to protect from obtaining TCP/IP configuration from the rogue DHCP server?

Virtual Switch Extensibility Prior to Windows Server 2012, Hyper-V included a simple virtual switch that was built on a closed architecture. It provided only basic networking functionality and was not extensible in any way. Windows Server 2012 Hyper-V uses a completely redesigned virtual switch, which is built on an open framework, is extensible, and allows developers to extend existing features and add new features into the virtual switch. For example, other companies can add their own monitoring, filtering, and forwarding features without having to replace all of the Hyper-V virtual switch functionality.

MCT USE ONLY. STUDENT USE PROHIBITED

4-16 Creating and Configuring Virtual Machine Networks

You can also implement extensions by using NDIS filter drivers or Windows Filtering Platform (WFP) callout drivers, which are two public Windows platforms used for extending the Windows networking functionality. Both platforms are available in Windows Server 2008 and newer Windows Server platforms, and you can use them to extend a virtual switch in different ways. NDIS filter drivers or WFP callout drivers have the following characteristics: •

NDIS filter driver. The NDIS filter driver is a filtering service that monitors and modifies network packets in Windows operating systems. For example, you can use the NDIS filter driver to perform packet inspection, to modify packets when transiting a virtual switch, or to perform packet forwarding based on their content. NDIS filters were introduced with the NDIS 6.0 specification, which was first implemented in Windows Server 2008 and Windows Vista.



WFP callout drivers. Developers can use WFP callout drivers to filter and modify TCP/IP packets, and to monitor or authorize connections, filter Internet Protocol security (IPsec)–protected traffic, and filter remote procedure calls (RPCs). Filtering and modifying TCP/IP packets provides unlimited access to the TCP/IP traffic that passes through the virtual switch. WFP callout divers can examine and modify outgoing and incoming packets before additional processing occurs. By using WFP callout drivers, developers can create firewalls, antivirus software, diagnostic software, intrusion detection software, and other types of applications and services. WFP callout drivers were first implemented in Windows Server 2008 and Windows Vista.

Non-Microsoft Extension Support

Non-Microsoft extensions can extend three aspects of the switching process: inbound (ingress) filtering, destination look-up and forwarding, and outbound (egress) filtering. Monitoring extensions also can gather statistical data by monitoring traffic at different layers of the virtual switch. You can add multiple monitoring and filtering extensions to a virtual switch. However, you can only use one instance of the forwarding extension per switch instance, and if you use a non-Microsoft forwarding extension, it will override the default forwarding of the virtual switch.

After you install virtual switch extensions, you can control them on the Extensions settings for the virtual switch, or by using Windows PowerShell. By default, there are two virtual switch extensions included with Hyper-V. These virtual switch extensions are the Microsoft NDIS Capture monitoring extension, which is disabled by default, and the Microsoft Windows Filtering Platform filtering extension, which is enabled by default.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-17

The following table lists some of the virtual switch extensions, functionalities they provide, and which platform you can use to provide such functionality. Extension

Purpose

Extensibility component

Network packet inspection

Inspects network packets that are exchanged between virtual machines and passed through a virtual switch. Network packets cannot be modified.

NDIS filter driver

Network packet filter

Creates, filters, and modifies network packets that are entering or leaving the virtual switch.

NDIS filter driver

Network forwarding

Provides network packets with a forwarding logic extension. This extension replaces the default forwarding extension, because the virtual switch can have only one forwarding extension.

NDIS filter driver

Intrusion detection or firewall

Filters and modifies network packets, monitors or authorizes connections, and filters traffic based on different criteria (for example, if the network packets are protected by IPsec).

WFP callout driver

Getting Started Writing a Hyper-V Extensible Switch Extension http://go.microsoft.com/fwlink/?LinkID=386699 Question: Can you write Hyper-V virtual switch extensions in Windows PowerShell?

What Is SR-IOV? SR-IOV is a standard that specifies how a hardware device can make its functionality available for direct use by virtual machines. These functionalities are called virtual functions, and are associated with physical functions. Physical functions are what the parent partition uses in Hyper-V.

SR-IOV in Hyper-V uses remapping of interrupts and direct memory access (DMA), and allows SR-IOV–capable devices to be assigned directly to a virtual machine. Hyper-V enables support for SR-IOV–capable network devices, and allows an SR-IOV Virtual Function of a physical network adapter to be assigned directly to a virtual machine. By doing this, the network adapter bypasses the virtual switch, and as a result network throughput increases, and the network latency and CPU overhead on the Hyper-V host decrease. If you want to use SR-IOV, both the Hyper-V host hardware and the network device and its device driver must support it. Because SR-IOV requires compliant hardware, it can be only associated with an external virtual switch that maps to an SR-IOV–capable network adapter in the Hyper-V host. You can only configure SR-IOV at the time that you create the virtual switch. You cannot convert an external virtual switch with SR-IOV enabled, to an internal or private switch. You can enable SR-IOV on virtual machine network adapters.

MCT USE ONLY. STUDENT USE PROHIBITED

4-18 Creating and Configuring Virtual Machine Networks

In Windows Server 2012 and newer Windows Server operating systems, you can use live migration to move running virtual machines without noticeable downtime, even when virtual machines are configured to use SR-IOV. During live migration, Hyper-V can check whether the destination server has SR-IOV capabilities, and if so, move the virtual machine to that server. You also can configure live migration to refuse migrations of SR-IOV–dependent virtual machines to a Hyper-V host that does not have SR-IOV capabilities.

You also can use live migration to move virtual machines that are configured to use SR-IOV between Hyper-V hosts even if Hyper-V hosts have different SR-IOV–enabled network adapters. When you move a virtual machine, you will notice that it is using a different network adapter, but the configuration and network connectivity will be preserved.

SR-IOV Requirements When you want to enable and use SR-IOV, the Hyper-V host must meet the following requirements: •

Server hardware must support SR-IOV, which includes chipset support for interrupt, and DMA remapping and firmware support to enable and make the hardware system SR-IOV capabilities available to the Windows Server operating system.



An SR-IOV–capable network adapter and network adapter device driver must be present on the Hyper-V host (in the parent partition). The network adapter device driver also must be present in each virtual machine, where an SR-IOV–capable network adapter (its virtual function) is assigned.

Note: When using SR-IOV, virtual machine traffic bypasses the Hyper-V virtual switch. If any switch port policies are set, SR-IOV functionality is disabled for that virtual machine. Everything you wanted to know about SR-IOV in Hyper-V. Part 1 http://go.microsoft.com/fwlink/?LinkID=386698 Question: Can you configure a Hyper-V virtual switch to use SR-IOV after you have created it?

What Is Dynamic Virtual Machine Queue? The Virtual Machine Queue (VMQ) was first supported in Hyper-V on Windows Server 2008 R2. VMQ provides support for virtual machines similar to how Receive Side Scaling provides support for multicore systems. Receive Side Scaling enables network adapters to distribute the network processing load across multiple processors in multicore computers, which makes it possible to support higher network bandwidth than a single CPU core can process.

Hyper-V host supports the multiple unicast MAC addresses per network adapter feature. If a network adapter also supports this feature, it can receive network packets with a destination MAC address that matches any of the unicast MAC addresses that are set on the adapter, without being in promiscuous mode. Such an adapter can allocate a receive queue for each MAC address, and then route incoming

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-19

traffic to the corresponding queue. For VMQ support, you must have both the multiple unicast MAC addresses per network adapter feature, and the ability to create queues in the memory address space that is assigned to the virtual machines. VMQ uses network adapter queues to: •

Classify received packets.



Group received packets.



Apply VLAN filtering.



Provide concurrent processing on the network traffic for multiple virtual machines.



Distribute interrupts to multiple cores for multiple virtual machines.



Avoid copying receive buffers to virtual machine address spaces.

VMQ allows the efficient transfer of the incoming network traffic to a virtual machine. A VMQ-capable network adapter can use DMA to transfer incoming packets to the appropriate virtual machine. This reduces CPU overhead when transferring packets to the virtual machines, which can be beneficial when virtual machines are receiving large amounts of traffic when performing tasks such as file backup, database replication, or data mirroring.

Hyper-V in Windows Server 2008 R2 associated the VMQ queue with virtual machine statically. In Windows Server 2012 and newer versions, Hyper-V provides automatic configuration and tuning for VMQ queues. This is accomplished by allowing VMQ to be associated with a processor dynamically, based on processor networking and CPU load. The number of processors that network processing uses can increase or decrease automatically, based on the network load. This allows the Hyper-V host to process more networking traffic and support higher network bandwidth. The ability to dynamically adjust number of processor cores that are used for processing VMQ queues is called Dynamic Virtual Machine Queue. Dynamic Virtual Machine Queue is enabled automatically in the virtual switch whenever an administrator enables VMQ on the virtual network adapter that is connected to the switch. The only ways to disable the VMQ feature either is to disable VMQ in the virtual network adapter Hardware Acceleration settings, or to use the Windows PowerShell cmdlet Set-VMNetworkAdapter. Note: VMQ requires a physical network adapter that supports this feature. If the VMQ feature is enabled on a virtual network adapter, but the Hyper-V host does not have a physical adapter that supports VMQ, this feature cannot be used. Question: Is VMQ beneficial when a virtual machine has to perform complex calculations and database searches?

Network Adapter Advanced Features The Hyper-V virtual switch provides expanded switch functionality, which developers can also extend. You also can replace the Hyper-V virtual switch entirely, with a non-Microsoft virtual switch implementation. Hyper-V is built on an open and extensible framework.

MCT USE ONLY. STUDENT USE PROHIBITED

4-20 Creating and Configuring Virtual Machine Networks

You can manage some of the more advanced Hyper-V virtual switch features, but only by using Windows PowerShell. However, you can configure other features by using graphical tools such as Hyper-V Manager. Some virtual switch settings such as virtual switch type, VLAN ID, SR-IOV or virtual switch extension used are configured for virtual switch by using Virtual Switch Manager. You can configure other settings that also rely on Hyper-V virtual switch functionality, as properties of the virtual network adapter. You can configure the following network adapter advanced features: •

MAC Addresses. By using this setting, you can configure a virtual machine either to use a dynamic MAC address assignment (which is the default configuration), or to specify a static MAC address that the virtual machine will use. As with most other settings, you can configure this setting only if the virtual machine is not running. In this setting, you can also enable MAC Address spoofing, which allows virtual machines to change the source MAC addresses in outgoing packets to one that is not assigned to them. This can be beneficial when the virtual machine is a node in the Network Load Balancing (NLB) cluster, in which nodes should be using the same MAC address for outgoing traffic. If a virtual machine has NIC Teaming configured, MAC address spoofing must be enabled.



DHCP guard. This is a security feature that can prevent a rogue DHCP server that is running in a virtual machine from providing TCP/IP settings on the network. This option is disabled by default, which means that the virtual switch is forwarding DHCP Acknowledge packets from the virtual machine. If you enable this option, the DHCP server that is running in the virtual machine will not be able to offer TCP/IP settings over the virtual network adapter that has this feature enabled.



Router guard. This is also a security feature that can prevent virtual machines from sending router advertisements and redirection messages, and prevent man-in-the-middle type attacks. This option is disabled by default. If you enable it, the virtual switch will drop router advertisements and redirection messages, which are sent from the virtual machine over a virtual network adapter that has this feature enabled.



Protected network. This option is enabled by default, and enables network health detection and recovery. If a virtual machine is running on a Hyper-V host cluster and a network is disconnected on a protected virtual network, the failover cluster will use live migration to move the affected virtual machine to a Hyper-V node on which that external virtual network is available.



Port mirroring. This feature enables monitoring of the incoming and outgoing traffic for a virtual machine. You can configure port mirroring as either the source or as the destination, and the virtual switch will copy all traffic from the source virtual network adapter to the destination adapter. In a virtual machine that has the virtual network adapter configured as a destination, you should typically be running a network monitoring application.



NIC Teaming. By using this setting, you can add multiple network adapters that are configured in a virtual machine to a network team. This aggregates their bandwidth and provides redundancy, even if NIC Teaming is not configured on the Hyper-V host itself.

Note: You can configure the same network adapter advanced features for network adapters, legacy network adapters, and network adapters that are used in Generation 2 virtual machines. Question: How can you monitor network traffic when you enable port mirroring for a network adapter?

NIC Teaming in Virtual Machines NIC Teaming is one of the features in Windows Server 2012 R2 that you can use to consolidate up to 32 physical network adapters, and then use them as a single interface. This strategy provides both higher network throughput and redundancy. NIC Teaming is not a Hyper-V–specific feature. Because of this, all applications that are running at the system level on Windows Server 2012 R2 can benefit from it, including Hyper-V.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-21

NIC Teaming is also available to guest operating systems that are running inside virtual machines, regardless of whether NIC Teaming is used at the system level or not. This enables virtual machines with multiple virtual network adapters to team the adapters and still have connectivity, even when one of the adapters is disconnected or one of the virtual switches (physical network adapter that is connected to the virtual switch) fails. This is especially important when using SR-IOV, because SR-IOV traffic bypasses the virtual switch and cannot benefit from NIC Teaming at the system level, whereas the Hyper-V virtual switch can use it.

Using NIC Teaming

To benefit from virtual machine NIC Teaming, you should create at least two external virtual switches, and then connect virtual machine network adapters to them. Physical network adapters that connect to virtual switches can be configured to use SR-IOV, although this is not mandatory. If virtual machine network adapters are connected to SR-IOV–enabled virtual switches, the virtual machine will install virtual functions for them and will be able to use them in an NIC team. If one of the physical network adapters is disconnected or fails, the virtual machine will continue to use the virtual functions of the remaining SR-IOV–enabled network adapters, and will still have network connectivity.

If virtual switches are connected to physical network adapters that are not SR-IOV–enabled, the end result will be the same. However, physical network adapters will not be directly mapped to the virtual machine by using virtual function, but will map instead by using the Hyper-V virtual network adapter. Another option is to use a combination of adapters that are SR-IOV–enabled, and those which are not in the same virtual machine NIC team. You can enable virtual machine NIC Teaming either from the Advanced Properties settings page of the virtual network adapter, or by using the Windows PowerShell cmdlet Set-VmNetworkAdapter. Virtual machine NIC Teaming is not enabled by default. If you do not enable it, and if one of the physical network adapters stops working, the NIC team that is created in the guest operating system in the virtual machine will lose connectivity.

Note: Because failover between network adapters in a virtual machine results in traffic being sent with the MAC address of the other network adapter, each virtual network adapter that is using NIC Teaming must be set to allow MAC address spoofing, or must have the “AllowTeaming=On” parameter set by using the Windows PowerShell cmdlet Set-VmNetworkAdapter.

MCT USE ONLY. STUDENT USE PROHIBITED

4-22 Creating and Configuring Virtual Machine Networks

At the Hyper-V host level, NIC Teaming is not supported when physical network adapters are using SRIOV or Remote Direct Memory Access (RDMA). This is because network traffic is delivered directly to the adapter, thereby bypassing the network stack, and not allowing path redirection. When you configure NIC Teaming at the virtual machine level, physical network adapters that are connected to virtual switches can be using SR-IOV. Question: Are there any special hardware requirements if you want to use NIC Teaming in virtual machines?

Demonstration: Configuring Network Adapter Advanced Features In this demonstration, you will see how to configure advanced Hyper-V virtual switch features, such as bandwidth management and DHCP guard.

Demonstration Steps 1.

On LON-PROD1, in File Explorer, copy the C:\Windows\Inf folder and paste it to the network share \\10.0.0.16\share. Be aware of the copy speed and how long the process takes.

2.

After the copy finishes, delete the copied Inf folder.

3.

On LON-HOST1, in Hyper-V Manager, enable bandwidth management for the network adapter in the LON-PROD1 virtual machine. Type 10 as both the Minimum bandwidth and Maximum bandwidth.

4.

On LON-PROD1, in File Explorer, copy the C:\Windows\Inf folder, and paste it again to the network share \\10.0.0.16\share. Notice that copy process takes noticeably longer to complete.

5.

On LON-PROD1, in Windows PowerShell, use the ipconfig command to release and renew TCP/IP settings.

6.

On LON-HOST1, in Hyper-V Manager, enable DHCP guard on the network adapter of the 20409B-LON-DC1 virtual computer.

7.

On LON-PROD1, in Windows PowerShell, use the ipconfig command to release renew TCP/IP settings. Notice that this time the process takes considerably longer, and LON-PROD1 is not able to obtain TCP/IP settings.

Lab B: Creating and Using Advanced Virtual Switch Features Scenario IT management has identified several cases of client computers obtaining network settings from unauthorized DHCP servers. You have been asked to demonstrate how Hyper-V can prevent rogue DHCP servers from providing network settings. You also need to demonstrate some of the advanced virtual switch settings, and demonstrate how to limit bandwidth that virtual machines can use.

Objectives After completing this lab, you will be able to: •

Configure and use advanced virtual switch features.

Lab Setup Estimated Time: 20 minutes

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-23

Virtual machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-PROD1, 20409B-LON-PROD2, 20409B-LON-TEST1, and 20409B-LON-TEST2 User name: Adatum\Administrator Password: Pa$$w0rd For this lab, you will use the available virtual machine environment. Note: You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.

Exercise 1: Configuring and Using Advanced Virtual Switch Features Scenario

One of your managers would like to see how the Hyper-V virtual switch can protect network clients from rogue DHCP servers. You plan to demonstrate how to configure DHCP guard, and at the same time, demonstrate how to configure VLANs and bandwidth management. The main tasks for this exercise are as follows: 1.

Configure and use DHCP guard.

2.

Configure and use VLANs.

3.

Configure and use bandwidth management.

 Task 1: Configure and use DHCP guard Note: In this exercise you will see how you can prevent rogue DHCP servers on your network. Because your partner is also using the same DHCP server, you should synchronize this task with him or her. 1.

On LON-PRODx, use ipconfig to release and renew TCP/IP settings.

2.

On LON-HOSTx, in Hyper-V Manager, on the network adapter of the 20409B-LON-PRODx virtual computer, enable DHCP guard.

3.

On LON-PRODx, use ipconfig to release and renew TCP/IP settings.

Note: This step confirms that the DHCP guard setting on the virtual network adapter has no effect on whether or not the virtual machine can obtain TCP/IP settings over that adapter or not. Note: The following lab steps will also affect your lab partner, so let him or her know that you will perform the change on the LON-DC virtual machine. Your partner should wait until you finish this change, and then proceed. 4.

On LON-HOST1, in Hyper-V Manager, enable the DHCP guard on the network adapter of the 20409B-LON-DC1 virtual computer.

5.

On LON-PRODx, use ipconfig to release and renew TCP/IP settings.

Note: Notice that this time it takes considerably longer, and that LON-PRODx is not able to obtain TCP/IP settings. 6.

On LON-HOST1, use the Windows PowerShell Set-VMNetworkAdapter cmdlet to disable DHCP guard on the LON-DC1 virtual computer. Note: The DHCP server in LON-DC1 can once again offer TCP/IP settings.

Note: In step 6 you disabled DHCP guard on LON-DC1, so now your partner can now perform steps 4 through 6.

 Task 2: Configure and use VLANs 1.

On LON-HOSTx, connect the virtual machine 20409B-LON-TESTx to the External Network virtual switch.

2.

On LON-PRODx, configure the Ethernet network connection with the following settings: o

IP address: 10.0.0.x5

o

Subnet mask: 255.255.255.0

MCT USE ONLY. STUDENT USE PROHIBITED

4-24 Creating and Configuring Virtual Machine Networks

3.

On LON-PRODx, try to ping IP address 10.0.0.x6, and verify that four replies are received, which confirms that LON-PRODx and LON-TESTx have network connectivity.

4.

On LON-HOSTx, in Hyper-V Manager, configure the LON-PRODx virtual machine network adapter with the virtual LAN identification value of 2.

5.

On LON-PRODx, try to ping IP address 10.0.0.x6. Confirm that the destination host is no longer reachable. This is because LON-PRODx is connected to a VLAN different from LON-TESTx.

6.

On LON-HOSTx, in Hyper-V Manager, disable virtual LAN identification for the network adapter in the LON-PRODx virtual machine.

 Task 3: Configure and use bandwidth management

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-25

1.

On LON-PRODx, in File Explorer, copy the C:\Windows\Inf folder, and then paste it to the \\10.0.0.x6\share network share. Make note of the copy speed and how long the process takes.

2.

After the copy completes, delete the copied Inf folder.

3.

On LON-HOSTx, in Hyper-V Manager, enable bandwidth management for the network adapter in the 20409B-LON-PRODx virtual machine. For the values of both the Minimum bandwidth and the Maximum bandwidth, type 10.

4.

On LON-PRODx, in File Explorer, copy the C:\Windows\Inf folder, and paste it to the \\10.0.0.x6\share network share. Notice that the copy process takes noticeably longer to complete.

5.

On LON-HOSTx, in Hyper-V Manager, disable Bandwidth management for the network adapter in the 20409B-LON-PRODx virtual machine. Note: Leave the virtual machines running, as you will use them in the next lab.

Results: After completing this exercise, you should have configured and used advanced virtual switch features.

Lesson 3

Configuring and Using Hyper-V Network Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

4-26 Creating and Configuring Virtual Machine Networks

Network virtualization, which was introduced with Hyper-V in Windows Server 2012, provides similar functionality to network traffic as does server virtualization to the server load. With network virtualization, network traffic between different computers is isolated, even when it is on the same physical network. You can isolate network traffic by using different features such as VLANs, private VLANs, and Port ACLs. However, all of these features have limitations. Therefore, for Hyper-V network virtualization (which is an implementation of Software Defined Networking, you use Network Virtualization Generic Routing Encapsulation. You can configure network virtualization by using Windows PowerShell, but this process is much easier when you use tools such as VMM.

Lesson Objectives After completing this lesson, you will be able to: •

Describe solutions to provide network isolation in a multi-tenant environment.



Describe network virtualization.



Explain the benefits of network virtualization.



Describe Network Virtualization Generic Routing Encapsulation.



Describe network virtualization policies.



Configure network virtualization.

Providing Multitenant Network Isolation

Virtualization provides many benefits, including consolidation, better hardware utilization, and virtual machine separation from the physical server hardware. As a result, many companies are virtualizing most of their server load. With virtualization and the ability to host virtual machines from different departments or even from multiple companies in the same data center, it is important to be able to separate and isolate those virtual machines. One of the basic requirements is to isolate virtual machines that are running on the same physical hardware. Until recently, there was no easy, inexpensive, and scalable solution to separate or isolate the network traffic generated on the same network infrastructure by different tenants. Tenants are the virtual machines that belong to different departments or organizations, or for which you need to isolate network traffic for any other reason. You could always use physical network separation, but this option is neither scalable nor inexpensive.

The different solutions that you can use to provide network isolation in a multiple tenant environment are: •

VLANs. This is the solution that most organizations use today to support address space reuse and multiple tenant isolation. A VLAN uses an additional header that contains a VLAN ID. It relies on switches to enforce isolation of network traffic between computers that are connected on the same network but use different VLAN IDs. One of the drawbacks of VLAN is that it provides limited scalability. Because VLAN ID only uses 12 bits, you can theoretically have a maximum of 4,094

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-27

different VLANs on the same infrastructure. However, many switches can support much less than 4,094 VLANs. The second drawback is that VLANs cannot span multiple logical subnets. This limits the number of computers in a single VLAN, and restricts the placement of virtual machines based on physical location.

Although you can enhance or stretch VLANs across physical locations, a stretched VLAN must be on the same subnet. You should also be aware that switches and routers should be configured to support VLANs and you need to reconfigure them whenever virtual machines or isolation boundaries move in the dynamic data center. This can be automated to a certain extent, but it increases risk of an inadvertent network outage due to incorrectly performed reconfiguration. •

Private VLANs. You can use private VLANs to avoid some of the VLAN scalability limitations. You implement private VLANs in a similar way as you implement VLANs, but you can use private VLANs to divide a VLAN into a number of separate and isolated subnetworks, which you can then assign to tenants. Private VLANs consist of a primary and secondary VLAN pair, and share the IP subnet that is assigned to the parent VLAN. Although computers that are connected to different private VLANs still belong to the same IP subnet, they require a router to communicate with each other, and with resources on any other network.

When you use private VLANs, you can assign a large number of tenants to the same primary VLAN and have isolated secondary VLAN IDs. For example, if you have 4,000 tenants and you could not use private VLANs, you would need 4,000 VLANs to provide isolation. However, if you use private VLANs, you can use only one primary VLAN, and assign each tenant a different secondary VLAN. When using such a configuration, you would need only a single VLAN ID, instead of 4,000. •

Port ACLs. You can use port ACLs to configure network traffic filtering based on MAC or IP addresses or IP ranges. By using port ACLs, you can configure virtual network isolation by creating two lists: one list contains addresses of computers with which a virtual switch port can communicate, and the second list contains addresses of computers with which a virtual switch port cannot communicate or share data.

When you add a new virtual machine or move an existing virtual machine, you must manage and update these two lists, which can be challenging and error-prone. Technically, it is possible to provide multiple tenancy isolation by using only port ACLs. However, you typically do not use the port ACLs feature for this purpose. Instead, you typically use port ACLs to ensure that virtual machines do not pretend to have different IP or MAC addresses than what they are assigned. All three solutions—VLANs, PVLANs and port ACLs—are also supported and can be implemented by using the Hyper-V virtual switch. However, the virtual switch also supports network virtualization, and this is the best solution for providing multitenant networking. Question: Can two virtual machines always communicate if they are connected to an external virtual switch?

What Is Network Virtualization? Network virtualization provides similar functionality to network traffic as server virtualization provides to virtual machines. You can use server virtualization to run multiple virtual machines on the same physical server. Each virtual machine is isolated from other virtual machines. From each virtual machine, it seems as though that virtual machine is the only one running on the physical server, even when multiple virtual machines are running on the same physical server simultaneously.

MCT USE ONLY. STUDENT USE PROHIBITED

4-28 Creating and Configuring Virtual Machine Networks

The same is true for network virtualization, which separates the network configuration from the physical network infrastructure. You can have multiple virtual networks that are logically isolated, and potentially each virtual network is using overlapping IP address space on the same physical network infrastructure. From each virtual network, it seems as if only that virtual network is using the physical network infrastructure, even though multiple virtual networks could be using the same physical infrastructure at the same time. This enables scenarios in which you want to isolate multiple networks on the same physical network infrastructure, such as when a company is using the same physical network for testing and production environments. Network virtualization also simplifies virtual machine movement, because you do not need to change the virtual machine networking configuration when you move it to a different data center. Network virtualization is an implementation of Software Defined Networking. It provides a layer of abstraction between the physical network and network traffic. To achieve this abstraction, the virtualization platform has to support it.

The Hyper-V virtual switch in Windows Server 2012 and newer Windows Server versions supports this virtualization by using two IP addresses for each virtual machine. By using two IP addresses, network virtualization enables you to keep the logical network topology (which is virtualized), and kept separate from the actual underlying physical network topology and addresses that are used on the physical network. This enables you to run virtual machines and provide them with the same network access without any modification on any Hyper-V host, assuming that the Hyper-V hosts are configured to map between both IP addresses. Question: Can you use network virtualization to allow virtual machines that are running on multiple segments to communicate, while isolating that traffic from other network traffic?

Benefits of Network Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-29

Network virtualization provides a layer of abstraction between a physical network and network traffic. Virtual machines can run on physical servers, while being unaware that they are virtualized. Similarly, networks can be virtualized and can use their own IP address space, regardless of the IP address space used on the physical network. You can implement network isolation by using different solutions such as VLANs, private VLANs, and port ACLs. However, network virtualization avoids their limitations related to scalability and complex configuration, and provides a scalable, standard-based, and inexpensive solution for providing multitenant network isolation. Network virtualization provides the following benefits: •

Flexible virtual machine placement. Network virtualization provides abstraction and separates virtual machine IP addresses (customer address) from the physical network IP addresses (provider address). This way, you can place virtual machine on any Hyper-V host in the data center, and placement is no longer restricted by the IP address assignment or VLAN isolation restrictions of the physical network.



Multitenant network isolation without VLANs. You can define and enforce network traffic isolation without using VLANs or reconfiguring physical network switches. You are also not limited to 4,094 VLAN IDs. In addition, with network virtualization, when you move existing virtual machines or create new ones, you do not need to manually reconfigure the physical hardware.



IP address reuse. Virtual machines in different virtual networks can use the same or overlapping IP address space, even when they are deployed on the same physical network. Virtual networks are isolated, and they can use the same address space without any conflict or issue.



Live migration across subnets. Previously, virtual machine live migration was limited to the same IP subnet or VLAN, because when a virtual machine was moved to different subnets, it should have changed its IP address. With network virtualization, you can use live migration to move a virtual machine between two Hyper-V hosts in different subnets, without needing to change the virtual machine IP address. With network virtualization, the virtual machine location change is updated and synchronized among computers that have ongoing communication with the migrated virtual machine.



Compatibility with the existing network infrastructure. Network virtualization is compatible with existing network infrastructure, and you can deploy it in an existing data center.



Transparent moving virtual machines to a shared infrastructure as a service (IaaS) cloud. When you use network virtualization, IP addresses, IP policies, and virtual machine configurations remain unchanged, regardless of on which Hyper-V host the virtual machine is running. As a result, you can move virtual machines between Hyper-V hosts in your data center, between Hyper-V hosts in different data centers, and between Hyper-V hosts in your data center and shared IaaS cloud.



Configuration by Windows PowerShell. Network virtualization supports Windows PowerShell for configuring the network virtualization and isolation policies. The Hyper-V module includes cmdlets that you can use to configure, monitor, and troubleshoot network virtualization. You should use tools such as VMM to configure and manage network virtualization. Question: Do you need to modify a network virtualization configuration when you migrate virtual machines between Hyper-V hosts?

What Is Network Virtualization Generic Routing Encapsulation? Windows Server 2012 Hyper-V and newer versions use Network Virtualization Generic Routing Encapsulation to implement network virtualization. When using network virtualization, each virtual network adapter is associated with two IP addresses:

MCT USE ONLY. STUDENT USE PROHIBITED

4-30 Creating and Configuring Virtual Machine Networks



Customer Address. This is the IP address that the virtual machine configures and uses. You configure this address in the properties of the virtual network adapter, by the guest operating system that is running on the virtual machine, irrespective of whether network virtualization is used. Virtual machines use customer addresses when communicating with other systems, and if you migrate a virtual machine to a different Hyper-V host, the customer addresses can remain the same.



Provider Address. This is the IP address that the virtualization platform (Hyper-V) assigns, and is dependent on the physical network infrastructure where Hyper-V host is connected. When network virtualization is being used and the virtual machine sends network traffic, the Hyper-V host encapsulates the packets and includes the provider address as the source address from where packets were sent. The provider address is visible on the physical network, but not to the virtual machine. If you migrate a virtual machine to a different Hyper-V host, the provider address changes.

Using Network Virtualization Generic Routing Encapsulation

When a virtual machine has to communicate over a network, Network Virtualization Generic Routing Encapsulation encapsulates its packets. For example, assume that one virtual machine is configured with the IP address 10.1.1.11 (customer address 1), and is running on a Hyper-V host that uses IP address 192.168.2.22 (provider address 1). The second virtual machine is configured with IP address 10.1.1.12 (customer address 2) and is running on a Hyper-V host with IP address 192.168.5.55 (provider address 2). If those two virtual machines need to communicate, they must communicate over the network, as they are running on two different Hyper-V hosts. However, if you use network virtualization, the first Hyper-V host will use Network Virtualization Generic Routing Encapsulation to encapsulate virtual machine packets. These packets contain the source IP address (customer address 1) and destination IP address (customer address 2), which are encapsulated into an envelope that uses its own IP address (provider address 1) as a source and IP address of the Hyper-V host on which second virtual machine is running (provider address 2) as the destination. Encapsulated packages will be sent on the physical network, and it will appear as network traffic between two Hyper-V hosts. The destination Hyper-V host (provider address 2) will separate the envelope from the encapsulated packet, and then pass it on to the destination virtual machine (customer address 2), which is running on that Hyper-V host.

You can configure several virtual machines with the same IP addresses, but when they are on the different virtual networks, Network Virtualization Generic Routing Encapsulation can isolate their traffic. In the GRE envelope header, aside from the new source and destination addresses (provider address 1 and provider address 2), there is also a file named Key, which represent the virtual subnet ID. The virtual subnet ID is used to separate and isolate traffic from different virtual networks, and enables the Hyper-V host to pass the traffic only to virtual machines on the same virtual network. When multiple virtual machines (customer address) on the same Hyper-V host (provider address) have the same IP address (customer address), the Hyper-V host can still differentiate between them, based on which virtual network the virtual machine is connected.

Question: How many customer addresses does a virtual machine have? Question: Does a virtual machine customer address change when you move the virtual machine between Hyper-V hosts?

What Are Network Virtualization Policies? If you configure network virtualization, and if two virtual machines have to communicate, the Hyper-V host on which the first virtual machine is running must be aware on which Hyper-V host the second virtual machine is running before it can encapsulate network packets into GRE envelopes. If both virtual machines are running on the same Hyper-V host, Hyper-V already has this knowledge. In reality, virtual machines are usually running on different Hyper-V hosts, and you must configure network virtualization.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-31

You can configure network virtualization by deploying network virtualization policies. These policies define mappings between the IP address spaces that the virtual machines use (customer address space), and the IP addresses of Hyper-V hosts on which those virtual machines are running (provider address space). Before sending traffic on the physical network, the Hyper-V host consults network virtualization policies, discovers on which Hyper-V host the target virtual machine is running, and encapsulates the traffic with a GRE envelope. Only after that is the encapsulated traffic sent on the physical network. For example, assume that you are hosting two companies, Blue Yonder Airlines and Woodgrove Bank, with the following configuration: •

Blue Yonder Airlines is running Microsoft SQL Server in a virtual machine with the IP address 10.1.1.1, and a web server in a virtual machine with the IP address 10.1.1.2. The web server is using SQL Server as a database for storing transactions.



Woodgrove Bank is running SQL Server in a virtual machine with the same IP address 10.1.1.1, and a web server in a virtual machine with the IP address 10.1.1.2. The web server is using SQL Server as a database for storing transactions.

SQL servers for both companies are running on Hyper-V Host 1, which has the IP address 192.168.1.10. Web servers for both companies are running on Hyper-V Host 2, which has the IP address 192.168.1.12. Therefore, the virtual machines have the following customer addresses: Company Name

SQL

Web

Blue Yonder Airlines

10.1.1.1

10.1.1.2

Woodgrove Bank

10.1.1.1

10.1.1.2

MCT USE ONLY. STUDENT USE PROHIBITED

4-32 Creating and Configuring Virtual Machine Networks

Based on which Hyper-V host the virtual machines are running on, the virtual machines are also assigned the following provider addresses: Company Name

SQL

Web

Blue Yonder Airlines

192.168.1.10

192.168.1.12

Woodgrove Bank

192.168.1.10

192.168.1.12

When you configure virtual networks, Blue Yonder Airlines is assigned virtual subnet ID of 5001, and Woodgrove Bank is assigned virtual subnet ID of 6001. You also need to create network virtualization policies for both companies, and then apply policies to Hyper-V Host 1 and Hyper-V Host 2.

When the Blue Yonder Airlines web virtual machine on Hyper-V Host 2 queries its SQL Server at 10.1.1.11, the following happens: 1.

2.

Hyper-V Host 2, based on its policy settings, translates the addresses in the packet: a.

From source: 10.1.1.2 (the customer address of Blue Yonder Airlines web)

b.

To destination: 10.1.1.1 (the customer address of Blue Yonder Airlines SQL Server)

Into the encapsulated packet, that contains: a.

GRE header with virtual subnet ID: 5001

b.

Source: 192.168.2.12 (the provider address for Blue Yonder Airlines web)

c.

Destination: 192.168.1.10 (the provider address for Blue Yonder Airlines SQL Server)

Note: The encapsulated packet also contains the original packet. When Hyper-V Host 1 receives the packet, based on its policy settings, it unencapsulates the Network Virtualization Generic Routing Encapsulation packet, sees that it is for the Blue Yonder Airlines virtual network (virtual subnet ID 5001), and then passes it on to the virtual machine with IP address 10.1.1.1, as specified in the original (encapsulated) packet. Note: You can configure network virtualization policies by using Windows PowerShell, but this can be a daunting and error-prone task. Instead, this configuration is easier to perform with tools such as VMM.

You can use network virtualization and network virtualization policies to move virtual machines between Hyper-V hosts while preserving their network configuration. When you move a virtual machine, you only need to update the network virtualization policies to reflect the new Hyper-V host on which the virtual machine is running. The virtual machine network configuration stays the same, and it is still connected to the same virtual network. If you are using network virtualization between virtual machines, you do not need any additional infrastructure. However, when you need to provide connectivity between the Hyper-V network virtualization environment and resources that are not part of the same Hyper-V network virtualization environment, you will need a network virtualization gateway. Windows Server Gateway is an example of such a gateway, which is a virtual machine-based router that is built on Windows Server 2012 R2. Windows Server Gateway http://go.microsoft.com/fwlink/?LinkID=386700

Question: Why do you need network virtualization policies needed using network virtualization?

Demonstration: Configuring Network Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-33

In this demonstration, you will see that network virtualization is not configured at first. Because all computers (LON-PROD1, LON-PROD2, LON-TEST1, and LON-TEST2) are connected to an external virtual switch, each computer can ping the other three. Next, you will see how to configure network virtualization and virtualization policies for LON-PRODx computers by defining on which Hyper-V host they are running. Finally, you will see that after network virtualization is enabled, the LON-PRODx computers can ping each other, but they cannot ping LON-TESTx computers, which are not on the same virtual network.

Demonstration Steps 1.

On LON-PROD1, ping the following IP addresses: o

LON-TEST1: 10.0.0.16

o

LON-PROD2: 10.0.0.25

o

LON-TEST2: 10.0.0.26

2.

Confirm that LON-PROD1 has connectivity with the other three virtual machines.

3.

On LON-HOST1, use the Windows PowerShell cmdlet Get-VMNetworkAdapter to confirm that LON-PROD1 has a VirtualSubnetId property value of 0, which means that virtual subnets are not being used.

4.

Use the Get-NetAdapter cmdlet to determine the Ethernet index number for the network adapters on LON-HOST1 and LON-HOST2. Write these numbers down.

5.

On LON-HOST1, open the file C:\LabFiles\Mod04\ConfigureNWx.ps1 in Windows PowerShell ISE.

6.

Review the Windows PowerShell script to see how network virtualization is being configured. Review the variables as well, which are defined at the start.

7.

In Windows PowerShell ISE, on the toolbar, click Run Script. (Alternatively, you can also press the F5 key).

8.

When prompted, enter the index numbers of LON-HOST1 network adapter and the-HOST2 network adapter that you recorded in step 4.

9.

On LON-HOST1, use the cmdlet Get-VMNetworkAdapter to confirm that LON-PROD1 has the VirtualSubnetId property with a value 5001, which you configured with the Windows PowerShell script.

10. On LON-PROD1, ping the following IP addresses: o

LON-TEST1: 10.0.0.16

o

LON-PROD2: 10.0.0.25

o

LON-TEST2: 10.0.0.26

11. Verify that four replies are returned, but only from IP address 10.0.0.25. Note: This confirms that LON-PROD1 has connectivity with LON-PROD2, but it does not have connectivity with LON-TEST1 or LON-TEST2.

Lab C: Configuring and Testing Hyper-V Network Virtualization Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

4-34 Creating and Configuring Virtual Machine Networks

You have been asked to demonstrate how you can use network virtualization to separate test and preproduction environments that are using the same network infrastructure. IT management would like to ensure that the servers in both environments can use the same IP addresses, and can communicate with other servers that are part of the same environment.

Objectives After completing this lab, you will be able to: •

Configure Hyper-V network virtualization.

Lab Setup Estimated Time: 20 minutes Virtual machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-PROD1, 20409B-LON-PROD2, 20409B-LON-TEST1, and 20409B-LON-TEST2 User name: Adatum\Administrator Password: Pa$$w0rd For this lab, you will use the available virtual machine environment. Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines. However, you can shut down all virtual machines after finishing this lab. You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.

Exercise 1: Configuring Hyper-V Network Virtualization Scenario

Your company is using VLANs to isolate network traffic between test and production environments. While this solution is sufficient, reconfiguring network equipment while removing servers and adding new virtual machines is challenging. As a result, you have been asked to demonstrate how network virtualization can achieve the same goal. To do this, you need to set up a proof of concept environment with four virtual machines. You then will use these virtual machines to demonstrate how to configure Hyper-V network virtualization. The main tasks for this exercise are as follows: 1.

Verify that network virtualization is not configured on LON-HOST1.

2.

Verify that network virtualization is not configured on LON-HOST2.

3.

Configure Hyper-V network virtualization.

4.

Test Hyper-V network virtualization.

5.

Remove Hyper-V network virtualization.

 Task 1: Verify that network virtualization is not configured on LON-HOST1 Note: Only the student who is using LON-HOST1 performs this task. 1.

On LON-PROD1, ping the IP addresses of the following virtual machines: o

LON-TEST1: 10.0.0.16

o

LON-PROD2: 10.0.0.25

o

LON-TEST2: 10.0.0.26

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-35

2.

Confirm that LON-PROD1 has connectivity with all three virtual machines.

3.

On LON-HOST1, in Windows PowerShell, use the Get-VMNetworkAdapter cmdlet to confirm that 20409B-LON-PROD1 has a VirtualSubnetId property value of 0, which means that virtual subnets are not in use.

4.

On LON-HOST1, use the Get-NetVirtualizationLookupRecord cmdlet to verify that no virtualization lookup records are defined.

5.

On LON-HOST1, use the Get-NetVirtualizationCustomerRoute cmdlet to verify that no virtualization customer routes are defined.

6.

In Windows PowerShell, run the Get-NetAdapter cmdlet.

7.

For the physical network adapter, under the ifIndex column, write down the Index number.

 Task 2: Verify that network virtualization is not configured on LON-HOST2 Note: Only the student who is using LON-HOST2 performs this task. 1.

On LON-TEST2, ping IP addresses of the following virtual machines: o

LON-PROD1: 10.0.0.15

o

LON-TEST1 10.0.0.16

o

LON-PROD2: 10.0.0.25

2.

Confirm that LON-TEST2 has connectivity with the three virtual machines.

3.

On LON-HOST2, use the Get-VMNetworkAdapter cmdlet to confirm that 20409B-LON-TEST2 has a VirtualSubnetId property value of 0, which means that virtual subnets are not in use.

4.

On LON-HOST2, use the Get-NetVirtualizationLookupRecord cmdlet to verify that virtualization lookup records are not yet defined.

5.

On LON-HOST2, use the Get-NetVirtualizationCustomerRoute cmdlet to verify that virtualization customer routes have yet to be defined.

6.

In Windows PowerShell, run the Get-NetAdapter cmdlet.

7.

For the physical network adapter, under the ifIndex column, write down the Index number.

 Task 3: Configure Hyper-V network virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

4-36 Creating and Configuring Virtual Machine Networks

1.

On LON-HOSTx, open the file C:\LabFiles\Mod04\ConfigureNWx.ps1 in Windows PowerShell ISE.

2.

Review the Windows PowerShell script to see how network virtualization is configured. Review also the variables that are defined at the start.

3.

In Windows PowerShell ISE, on the toolbar, press Run Script, or press F5. If you run the script on LON-HOST1, enter the index number of your physical server network adapter and the index number of your partner physical server network adapter that were recorded earlier.

 Task 4: Test Hyper-V network virtualization 1.

On LON-HOSTx, in Windows PowerShell ISE, use the Get-NetVirtualizationLookupRecord cmdlet to confirm that virtualization records are created for the IP addresses of LON-PRODx and LON-TESTx virtual machines.

2.

Use the Get-NetVirtualizationCustomerRoute cmdlet to confirm that one virtualization route is defined. Note: Only the student who is using LON-HOST1 will perform steps 3 and 4.

3.

On LON-HOST1, use the Get-VMNetworkAdapter cmdlet to confirm that 20409B-LON-PROD1 has a VirtualSubnetId property with the value 5001, which you configured with the Windows PowerShell script.

4.

On LON-PROD1, ping the following IP addresses:

5.

o

LON-TEST1: 10.0.0.16

o

LON-PROD2: 10.0.0.25

o

LON-TEST2: 10.0.0.26

Verify that four replies are returned, but only from IP 10.0.0.25, which confirms that LON-PROD1 has connectivity with LON-PROD2, but it does not have connectivity with LON-TEST1 and LON-TEST2. Note: Only the student who is using LON-HOST2 will perform steps 6 and 7.

6.

On LON-HOST2, use the Get-VMNetworkAdapter cmdlet to confirm that 20409B-LON-TEST2 has a VirtualSubnetId property with the value 6001, which you configured with the Windows PowerShell script.

7.

On LON-TEST2, ping the following IP addresses:

8.

o

LON-TEST1: 10.0.0.16

o

LON-PROD1: 10.0.0.15

o

LON-PROD2: 10.0.0.25

Verify that four replies are returned, but only from IP 10.0.0.16, which confirms that LON-TEST2 has connectivity with LON-TEST1, but it does not have connectivity with LON-PROD1 and LON-PROD2.

 Task 5: Remove Hyper-V network virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

4-37

1.

On LON-HOSTx, open the file C:\LabFiles\Mod04\RemoveNWx.ps1 in Windows PowerShell ISE.

2.

Review the script to see how network virtualization configuration is removed.

3.

In Windows PowerShell ISE, on the toolbar, press Run Script, or press F5. If you run the script on LON-HOST1, enter the index number of your physical server network adapter and the index number of your partner’s physical server network adapter that you recorded earlier.

4.

After network virtualization is removed, confirm network connectivity by performing the following steps: a.

b.

If you are using LON-HOST1, on LON-PROD1, ping the IP addresses of the following virtual machines: 

LON-TEST1: 10.0.0.16



LON-PROD2: 10.0.0.25



LON-TEST2: 10.0.0.26

If you are using LON-HOST2, on LON-TEST2, ping the IP addresses of the following virtual machines: 

LON-PROD1: 10.0.0.15



LON-TEST1: 10.0.0.16



LON-PROD2: 10.0.0.25

Results: After completing this exercise, you should have configured Hyper-V network virtualization.

Module Review and Takeaways Review Questions Question: Where can you configure extended virtual switch functionalities, such as traffic monitoring and DHCP guard protection? Question: Is there a limit on how many virtual switches you can create on a Hyper-V host? Question: Why is it that you can configure VLAN IDs for external and internal virtual switches, but you cannot configure VLAN ID for a private virtual switch?

MCT USE ONLY. STUDENT USE PROHIBITED

4-38 Creating and Configuring Virtual Machine Networks

MCT USE ONLY. STUDENT USE PROHIBITED 5-1

Module 5 Virtual Machine Movement and Hyper-V Replica Contents: Module Overview

5-1

Lesson 1: Providing High Availability and Redundancy for Virtualization

5-2

Lesson 2: Implementing Virtual Machine Movement

5-8

Lab A: Moving Virtual Machine and Configuring Constrained Delegation

5-14

Lesson 3: Implementing and Managing Hyper-V Replica

5-18

Lab B: Configuring and Using Hyper-V Replica

5-29

Module Review and Takeaways

5-33

Module Overview

Using virtualization to host server loads provides you with multiple benefits, such as the ability to make virtual machines highly available, and the ability to move them around within the same failover cluster. With Windows Server 2012, you can move running virtual machines and their storage between two Hyper-V hosts, even when they are not part of a failover cluster. This feature is called live migration, and in this module, you will learn how to implement the Live Migration feature, and how to utilize live migration. Throughout this module, you will see how to move virtual hard disks while a virtual machine is running, and you will test this feature in the lab. You will also learn how to use Hyper-V Replica (a feature of Windows Server 2012 Hyper-V) to protect virtual machines on one site by replicating them to another site.

Objectives After completing this module, you will be able to: •

Explain the importance of providing high availability and redundancy for virtualization.



Implement virtual machine movement.



Implement and manage Hyper-V Replica.

Lesson 1

Providing High Availability and Redundancy for Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

5-2 Virtual Machine Movement and Hyper-V Replica

When providing redundancy and high availability for virtual machines, you can choose from a variety, or even a combination of methods. Some of these, such as failover clustering, Network Load Balancing (NLB), and Network Adapter Teaming (NIC Teaming) are part of the operating system. Other applications, such as Microsoft Exchange Server 2013 and Microsoft SQL Server 2012, also include their own high availability features. In this lesson, you will learn about high availability features, their requirements, and the situations in which you can benefit from high availability.

Lesson Objectives After completing this lesson, you will be able to: •

Describe the importance of high availability.



Explain redundancy in Windows Server 2012 R2 and Hyper-V.



Describe the use of NLB to achieve high availability at the operating-system level.



Describe the use of clustering to achieve high availability at the operating-system level.



Describe high availability at the application level.

Why Is High Availability Important? In an ideal computer environment, servers would always be available and free of failure. Bandwidth and other resources would be infinite, and you would not need to worry about high availability. In reality, server downtime is unavoidable, and you need to consider this when you are planning to provide uninterrupted services that must be constantly available. Such uninterruptable services include virtual machines, because some virtual machines will host critical systems, such as email, databases, or file servers.

What Is High Availability?

High availability means that systems and services are up and running, regardless of what happens. The goal of high availability is to make systems and services as constantly available as possible, and to eliminate as many potential single points of failure. Availability is often expressed numerically, as the percentage of time that a service is available. For example, a requirement for 99.9 percent availability allows 8.75 hours of downtime per year, or approximately 40 minutes of downtime every four weeks. However, with 99.999 percent up time, the allowed service downtime reduces to only five minutes per year. If your service or virtual machine is running on a single system, these high availability rates are virtually unachievable, because a single restart will most likely use up those five minutes. In addition, many actions such as upgrading hardware or applying updates require system restart. No matter how reliable the hardware is, components fail from time to time. Although rare, power outages or natural disasters such as earthquakes or hurricanes are always a possibility as well. To make a virtual machine highly available, you must first ensure that the hardware on which it is running is as reliable as possible. You should store virtual machine data files on shared storage, so they are still

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-3

available even if the physical host fails. You should then provide redundancy of all components, including power and networking, by using redundant power supplies and physical network paths to virtual machines. There is no benefit if the virtual machine is running, but clients cannot access it because of network failure. Question: Can you ensure high availability by simply copying the virtual machine that is providing a critical service, and making both the original virtual machine and the copy available on the network?

Redundancy in Windows Server 2012 R2 and Hyper-V To make a virtual machine highly available, you must deploy it in an environment that provides redundancy for all components, and makes it available even when failure occurs. The most basic high availability strategy is to ensure that hardware is as robust as possible, thereby minimizing failures in the first place. Windows Server 2012 R2 provides high availability features such as NIC Teaming, NLB, and failover clustering. Hyper-V builds on top of the Windows Server 2012 R2 high availability features by introducing its own virtualization-specific features, such as live migration, live storage migration, and Hyper-V Replica.

Hyper-V builds on and includes the following features to mitigate failures and provide high availability at different levels: •

Hardware failure. Hyper-V benefits from Windows Server 2012 R2 availability and serviceability, in addition to Windows Hardware Error Architecture, which provides a common infrastructure for managing hardware errors on Windows platforms. With Hyper-V, if a memory error is detected at a memory location that Hyper-V does not use, it will be marked as bad and in the future, the operating system will not use it. If the memory error is in the physical random access memory (RAM) that the virtual machine is using, only that virtual machine will be affected. The entire host and all virtual machines will fail only if the memory error is in the physical RAM that the Hyper-V host kernel is using.



Physical server failure. Hyper-V uses the failover clustering feature to provide redundancy if the entire physical server fails. The failover clustering feature is part of all Windows Server 2012 R2 editions, in addition to Hyper-V Server 2012 R2. If the server is a node in a failover cluster, virtual machines that were running on it will fail over automatically to other cluster nodes, and will be available after minimum downtime as a result of the virtual machine reboot. Hyper-V also includes live migration, which enables you to move virtual machines between Hyper-V hosts without downtime. An example is if you need to upgrade hardware or install updates to a Hyper-V host, or if you simply want to rebalance your virtualization workload.



Input/output (I/O) redundancy. Windows Server 2012 R2 includes several features such as server message block (SMB) 3.0 multichannel, storage Multipath I/O (MPIO), NIC Teaming, and NLB, which can provide high availability and benefit from network path redundancy. If a network adapter or other network infrastructure fails, Hyper-V uses these features to preserve network connectivity. If there are multiple network paths between the source and the destination, and if network equipment of one of those paths fails, Hyper-V uses these features to maintain connectivity to the virtual machine.

MCT USE ONLY. STUDENT USE PROHIBITED

5-4 Virtual Machine Movement and Hyper-V Replica



Application or service failover. If a service or application inside a virtual machine fails or loses network connectivity, Hyper-V host can detect it and try to recover the application by moving the virtual machine to another node. You also can configure failover clustering inside virtual machines, either by using Internet small computer system interface (iSCSI) or Fibre Channel shared storage, an SMB 3.0 file share, or by using virtual hard disk sharing. In the same way that you can benefit from teaming physical network adapters on a Hyper-V host, you can also use team network adapters in virtual machines, which can be especially beneficial when using single-root I/O virtualization (SR-IOV).



Disaster Recovery. Windows Server 2012 R2 includes Cluster Shared Volume (CSV) integration with storage arrays for synchronous replication. This can provide protection against disaster at a single location, because Hyper-V hosts are also at the alternate location and accessing replicated storage. However, Hyper-V also includes Hyper-V Replica, a feature that provides asynchronous replication of the running virtual machines to an alternate location with configurable intervals. Hyper-V Replica failover requires virtual machine downtime during failover. Question: Can you configure virtual machine guest clustering only if iSCSI or Fibre Channel storage area network (SAN) is available as a shared storage?

Using NLB to Provide High Availability at the Operating System Level

NLB is an effective and scalable way to achieve high availability for stateless services such as a web server. The term stateless refers to workloads that respond to each request independently from previous requests, and without keeping client state. For example, when a client requests a webpage, the web server gathers all of the necessary information from the request, and then returns the generated webpage to the client. When the client requests the next webpage, it may request the webpage from the same web server, or from any other identically configured web server in the NLB farm. This is because all the information that the web server needs is in the request. Using NLB to achieve high availability provides the following benefits: •

NLB enhances the availability and scalability of other Internet server applications such as file transfer protocol (FTP), firewall, proxy, virtual private network (VPN), and other mission-critical servers.



All of the Windows Server 2012 R2 editions include the NLB feature. You can include up to 32 servers in an NLB farm, and you can add or remove a server dynamically from the NLB farm. For a loadbalanced service, the load is redistributed automatically among the servers that are still operating when a server fails or goes offline. If the failure is unexpected, only active connections to the failed server are lost. When you repair the server, it can rejoin the NLB farm transparently and regain its share of the requests.



Hyper-V can use NLB for load-balancing requests for virtual machines on the same Hyper-V host, or for virtual machines across multiple Hyper-V hosts. When you use NLB in unicast mode to distribute load among virtual machines, you must enable MAC Spoofing for the virtual machine network adapter. This is because the network adapter does not use its own media access control (MAC) address, but the MAC address of the unicast NLB. Question: If multiple virtual machines will be part of the same NLB farm, should you configure them with the same IP address or with different IP addresses?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Using Clustering to Achieve High Availability at the Operating System Level Failover clustering is an operating system feature that is included in all editions of Windows Server 2012 R2. Failover clustering provides high availability at the operating system level, but it does not provide scalability. If you add an additional server to the failover cluster, you will not be able to respond to more requests than before.

5-5

You often use failover clustering to provide high availability for mission-critical, stateful applications such as databases, virtualization infrastructure, or business applications. You can implement failover clustering at the Hyper-V host level or at the virtual machine guest operating system level.

A failover cluster can include up to 64 servers (called nodes), and all servers must be running the same version of the Windows Server operating system. The servers should have access to shared storage that contains the application configuration and data. If a server hosting a highly available application fails, the failover cluster detects the failure by using heartbeats. The hosting server immediately moves the application to another failover cluster node, and then starts it there without administrative intervention. During the failover, the application (or virtual machine in the case of Hyper-V failover cluster) is restarted, which causes some downtime. The clients detect the failover in the same way as they would an application running on a single server that you turn off and then turn on again. It would take some time for that server to restart, for the application to initialize and verify its consistency, and for the database to perform rollback of uncommitted transactions. However, in the end, the application would become available again automatically.

Because clients connect to the application by using the cluster name and not the name of the node where the application was running, the clients are reconnected to the node to where the application was moved. If Hyper-V is running on a failover cluster, Hyper-V can monitor the state of a virtual machine, the services running inside the virtual machine, and whether the virtual network adapter has connectivity. If connectivity is lost but the virtual machine is still running, then the virtual machine can be moved to a different node. The same is true if a monitored service within the virtual machine stops. Understanding Microsoft’s High-Availability Solutions http://go.microsoft.com/fwlink/?LinkID=386709 Question: Does a virtual machine operating system have to support the failover feature if you want to make the virtual machine highly available by using failover clustering?

High Availability at the Application Level You can provide high availability at varying levels. Reliable and redundant hardware helps keep servers and networking infrastructure highly available. Failover clustering and NLB help provide high availability at the operating system level, and applications and services can benefit from them. However, some applications such as SQL Server or Exchange Server extend those highly available features or provide their own. This topic covers some of those applications and their high availability features.

MCT USE ONLY. STUDENT USE PROHIBITED

5-6 Virtual Machine Movement and Hyper-V Replica

SQL Server is one of the critical applications, so it is mandatory that you make it highly available. SQL Server 2012 extends the failover clustering functionality that Windows Server 2012 R2 provides. SQL Server 2012 provides multiple high availability features, which you can use to achieve different goals and make an entire database server or single databases available even in the case of a failure. High availability features that SQL Server 2012 provides are: •

AlwaysOn failover cluster instances. This feature builds on top of the failover clustering feature in Windows Server 2012. It provides high availability at the SQL Server instance level through redundancy, which is called failover cluster instance. Failover cluster instance is an instance of SQL Server that provides failover between nodes if the current node becomes unavailable. Failover cluster instance is added to a failover cluster and is visible to clients as a SQL Server instance running on a single server. Only one failover cluster instance node owns the failover clustering resource group at any time. If failure happens, resource group ownership moves to another failover clustering node. The process is transparent to the clients, and this minimizes the downtime that clients experience during a failure.



AlwaysOn Availability Groups. This is a new feature in SQL Server 2012, and it maximizes the availability for one or more user databases (called availability databases). The databases in an availability group are treated as a unit, and all the databases in the same availability group fail over together. An availability group supports a set of read-write primary databases and up to four sets of corresponding secondary databases. Each instance of an availability group is called an availability replica, and secondary databases can be configured for read-only access or used for backup. Failover clustering provides high availability for listeners. Availability replica is stored locally and SQL Server provides synchronization between databases in the availability group by either asynchronous-commit or synchronous-commit mode.

Note: Each availability replica must reside on a different node of a single Windows Server failover cluster. •

Database mirroring. This feature increases SQL Server database availability. SQL Server implements mirroring at the database level, which works only if the database is using a full recovery model. With mirroring, two copies of a database are maintained, and each copy is on separate servers that are running SQL Server, typically in different locations. Clients access one server running SQL Server, and the other server acts as a hot or warm standby server, depending on configuration. When the servers that are running SQL Server synchronize, database mirroring provides a hot standby server that supports rapid failover without a loss of data from committed transactions.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Note: Database mirroring will be removed in a future version of SQL Server. Therefore, you should not include it in your applications, and you should plan to modify applications that are using this feature. Instead, you should use AlwaysOn Availability Groups. •

5-7

Log shipping. This feature operates at the database level and automatically sends transaction log backups from a production (or primary) database to one or more standby secondary databases on a separate server that is running SQL Server. The transaction log backups are applied to each of the secondary databases individually. You can also configure an optional third server or monitor server, which records the status of backup and restore operations, and can raise alerts if these operations fail to occur as scheduled.

With Exchange Server 2013, you can simply install two or more Exchange Server 2013 mailbox servers as stand-alone servers, and then when needed, configure these servers and mailbox databases for high availability and site resilience. Exchange Server provides high availability for the mailboxes by configuring database availability groups (DAGs). A DAG is a collection of up to 16 servers that provides the infrastructure for replicating and activating database copies. Any server in a DAG can host a copy of a mailbox database from any other server in the DAG. The DAG uses continuous replication to each of the passive database copies within the DAG.

DAG requires the Windows Server failover clustering feature, although all installation and configuration is performed by Exchange Server. Failover clustering does not manage database failover. Instead, Active Manager performs this task. Active Manager will recover from the failure automatically by failing over to a database copy on another mailbox server in the DAG. Windows Server failover clustering is also useful for some failure-detection scenarios, such as a server failure. If you need to provide high availability for client access in Exchange Server 2013, you can add multiple Client Access servers to the Exchange deployment and use NLB or round-robin Domain Name System (DNS) to distribute clients among the Client Access servers in an NLB farm. High Availability Solutions (SQL Server) http://go.microsoft.com/fwlink/?LinkID=386708 High Availability and Site Resilience http://go.microsoft.com/fwlink/?LinkID=386704 Question: Can you implement application high availability features such as AlwaysOn Availability Groups in SQL Server 2012 without operating system support?

Lesson 2

Implementing Virtual Machine Movement

MCT USE ONLY. STUDENT USE PROHIBITED

5-8 Virtual Machine Movement and Hyper-V Replica

One benefit of virtualization is that you can move virtual machines between Hyper-V hosts. In the past, you could move virtual machines without downtime (referred to as live migration), but only between nodes in the same failover cluster. In Windows Server 2012, the Live Migration feature is improved, so that you now can move virtual machines between any two Hyper-V hosts, providing there is network connectivity between them. You can also move virtual hard disks, checkpoints, and other virtual machine items while a virtual machine is running. In this lesson, you will learn how to implement storage migration and live migration, and you will learn how you can perform these types of migrations using Hyper-V Manager and Windows PowerShell.

Lesson Objectives After completing this lesson, you will be able to: •

Describe virtual machine moving options.



Explain how storage migration works.



Describe the Move Wizard.



Move virtual machine storage.



Describe live migration of non-clustered virtual machines.



Move a running virtual machine.

Virtual Machine Moving Options A virtual machine is always running on a Hyper-V host. However, sometimes you need to move a virtual machine or its components from one volume to another, or between Hyper-V hosts, even if they are not cluster nodes. For example, you might want to move a virtual machine from local storage to an SMB 3.0 share, between logical unit numbers (LUNs), or between Hyper-V nodes in different failover clusters. Hyper-V in Windows Server 2012 R2 has several options that you can use to move a virtual machine and its data files. Based on the environment and requirements, you can select one of the following methods: •

Virtual machine and storage migration. With this method, you can move an entire virtual machine or only its data files from one location to another or between Hyper-V hosts, while the virtual machine is running, and without noticeable downtime. Virtual machine and storage migration do not require failover clustering or any other high availability solution to work. They only require network connectivity between the source and destination. When you are moving a virtual machine and storage from Windows Server 2012 Hyper-V, a destination server can be either Windows Server 2012 or Windows Server 2012 R2 (cross-version migration).

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-9



Quick migration. Windows Server 2008 introduced the quick migration method, which you can use to move virtual machines only between Hyper-V hosts within the same failover cluster. The virtual machine is unavailable for the short time during the move operation.



Live Migration. Windows Server 2008 R2 introduced the Live Migration feature, which is an improvement over quick migration functionality. When first introduced, you could use the Live Migration feature only to move virtual machines between Hyper-V hosts in the same failover cluster. The benefit of live migration functionality is that there is no noticeable virtual machine downtime. In Windows Server 2012, live migration functionality is improved. Failover clustering is no longer a requirement, and you can move multiple virtual machines from the same Hyper-V host simultaneously. Windows Server 2012 R2 provides further improved live migration performance, because you can use compression, SMB Direct, and SMB Multichannel during live migration.



Hyper-V Replica. Windows Server 2012 introduced the Hyper-V Replica feature, which you can use to replicate a virtual machine asynchronously over IP networks, typically to a remote disaster recovery site. With Hyper-V Replica, the virtual machine is replicating while it is running, and its changes are synchronized with the replica. In Windows Server 2012 R2, you can configure replication frequency and extended replication. Extended replication forwards the virtual machine changes to a third Hyper-V host.



Exporting and importing virtual machines. In Windows Server 2012 R2, you can export a virtual machine while it is running. You can also copy virtual machine data files, because in Windows Server 2012 and newer versions, you can import a virtual machine and then configure necessary settings during the import operation even if you did not first export the virtual machine. This can be a very time-consuming operation however, because you need to copy virtual machine data files between Hyper-V hosts, and the virtual machine is typically turned off during that time. Question: What is the main difference between quick migration and live migration?

How Storage Migration Works Using storage migration, you can move virtual hard disks and data files that the virtual machine is using to a different physical storage, while the virtual machine is running. You can perform storage migration by using the Move Wizard in Hyper-V Manager, or by using the MoveVMStorage cmdlet in Windows PowerShell.

Windows Server 2012 introduced the storage migration feature, which you use to move virtual machine data files without downtime. For example, you can use storage migration when you need to upgrade physical storage, or when you need to move virtual machine storage from locally attached disks to an SMB 3.0 share or SAN. You can also use storage migration to move various virtual machine items (such as virtual hard disks, configuration, checkpoints, and smart paging), to different locations while the virtual machine is running. For example, after you create the first checkpoint for a virtual machine, you cannot modify the checkpoint file location setting unless you delete all virtual machine checkpoints or use storage migration. Storage migration is performed in the following steps: 1.

Before the migration starts, all virtual machine Read and Write operations are performed at the source virtual hard disk.

MCT USE ONLY. STUDENT USE PROHIBITED

5-10 Virtual Machine Movement and Hyper-V Replica

2.

When storage migration starts, virtual hard disk content is copied over the network to the destination, while all the Read and Write operations are still performed on the source virtual hard disk.

3.

After the initial copy is complete, Write operations for the virtual hard disks are mirrored to both the source and destination virtual hard disks.

4.

After the source and destination virtual hard disks are synchronized, the virtual machine switches over and starts using the destination virtual hard disk.

5.

The source virtual hard disk is deleted.

Storage migration is only supported for virtual hard disks, current virtual machine configuration, checkpoints, and smart paging file. If you try to perform storage migration on any other storage type, such as directly-attached (pass-through) disks or data on a Fibre Channel SAN (not the virtual Fibre Channel adapter itself), the storage migration attempt will result in an error. Note: You cannot move virtual machine storage if the virtual machine is using directlyattached physical disks.

When you are migrating virtual machine storage, you can move all the data files to the same location, or to different locations. During this storage migration process, the virtual machine continues to run on the same Hyper-V host, and access to it is uninterrupted. Note: Use the Storage Migration Hyper-V settings to specify how many storage migrations can be performed simultaneously. By default, two simultaneous storage migrations are configured, but you can increase this number. Virtual Machine Storage Migration Overview http://go.microsoft.com/fwlink/?LinkID=386706 Question: Can you use storage migration to move only virtual hard disks?

Overview of the Move Wizard You can use either the Move Wizard in Hyper-V Manager, or Windows PowerShell cmdlets to move an entire virtual machine (or just its data) while the virtual machine is running. Before you can start moving a virtual machine, you must first enable Live Migration in both hosts, because this feature is disabled by default. If you want to move virtual machine data only, you do not need to enable Live Migration. Hyper-V allows for two simultaneous storage migrations by default.

To access and use the Move Wizard, click the virtual machine in Hyper-V Manager, and then click Move. After you become familiar with the Move Wizard, you need to select if you want to move the entire virtual machine, or just the virtual machine storage.

Alternatively, you can also use Windows PowerShell to move a virtual machine. If you want to move an entire virtual machine, use the Windows PowerShell cmdlet Move-VM. If you want to move just the virtual machine data, you use the Windows PowerShell cmdlet Move-VMStorage.

Moving Virtual Machines

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-11

To move a virtual machine, you must specify the target Hyper-V host, which you must also configure to allow live migrations. You must specify if you want to move only the virtual machine, or if you want to include its data files in the move process. If you want to include the data files, you must specify where to put them on the target Hyper-V host, or on the SMB 3.0 share. You typically select to move only the virtual machine when its data is already on the SMB 3.0 share.

You can then complete the Move Wizard and perform the move. This process can occur quickly if you use a fast network, if the virtual machine is turned off, and if its storage is small. Conversely, the process can take considerable time for large virtual machines. However, at the end of the move process, the virtual machine is running on the target Hyper-V host, and is no longer present at the source Hyper-V host.

Moving Virtual Machine Storage

To move virtual machine storage, you have an option to move all of the virtual machine data to a single location, to move the virtual machine data to different locations, or to move only the virtual machine virtual hard disks. If you select to move the virtual machine data to different locations, you can specify a new location for each of the virtual machine data items, which includes virtual hard disks, current configuration, checkpoints, and smart paging file. You can move virtual machine storage to other folders on the same Hyper-V host, or to an SMB 3.0 share. You can then complete the Move Wizard, and perform the move. For example, you can use the Move Wizard to modify checkpoint file location when the virtual machine already has checkpoints. Question: Do you need to be local administrator to use the Move Wizard?

Demonstration: Moving Virtual Machine Storage In this demonstration, you will see how you use the Move Wizard and the Windows PowerShell Move-VMStorage cmdlet to move virtual machine storage, while the virtual machine is running.

Demonstration Steps 1.

On LON-HOST1, use Hyper-V Manager to confirm that LON-MOVE1 is running and is configured with a locally stored VHD.

2.

Use the Move Wizard to move the LON-MOVE1 virtual machine VHD to \\LON-HOST2\VHDs \LON-MOVE1. Because the VHD is dynamically expanding and is small, notice that the move completes quickly.

3.

Use Hyper-V Manager to confirm that the LON-MOVE1 virtual machine VHD is now stored on a network share. Notice that the VHD was moved while virtual machine was running.

4.

On LON-HOST1, use Hyper-V Manager to confirm that LON-MOVE2 is running, is configured with a locally stored VHD, and that its checkpoints are stored locally.

5.

Use the Windows PowerShell cmdlet Move-VMStorage with the DestinationStoragePath parameter to move LON-MOVE2 storage to the \\LON-HOSTy\VHDs\LON-MOVE2 folder.

6.

Use the Windows PowerShell cmdlet Get-VM to view the LON-MOVE2 virtual machine Path and SnapshotFileLocation.

7.

Use Hyper-V Manager to confirm that the LON-MOVE2 VHD and checkpoints are now stored on the network share, and that they were moved while the virtual machine was running.

Live Migration of Non-Clustered Virtual Machines With Windows Server 2008 R2, you can perform live migration only when a virtual machine is running on a failover cluster node and only if its data is stored on the shared storage. You can still perform live migration of clustered virtual machines in Windows Server 2012, but a failover cluster is no longer a requirement. You also can use Windows Server 2012 to perform live migration in two other ways without a failover cluster:

MCT USE ONLY. STUDENT USE PROHIBITED

5-12 Virtual Machine Movement and Hyper-V Replica



When virtual machine storage is on an SMB 3.0 share.



When virtual machine storage is local, and on a Hyper-V host. This is sometimes referred to as shared nothing live migration.

Note: If you are managing a Hyper-V host remotely and you want to move a virtual machine, you must first allow Kerberos protocol delegation for the computer account of the Hyper-V host. You can review the detailed steps for configuring Kerberos delegation in the hands-on lab at the end of this module.

When virtual hard disks of a virtual machine are stored on an SMB 3.0 share, only the virtual machine is moved during live migration, and the virtual machine storage remains on the SMB 3.0 share. If virtual hard disks are on local Hyper-V storage, then the virtual machine storage is copied to the destination server over the network by using storage migration. After the source and destination storage are synchronized, the virtual machine live migration starts. The steps are in the following order: 1.

The virtual machine configuration is copied to the destination Hyper-V host, which is a blank virtual machine with the same configuration but without any data created. Memory is allocated to the destination virtual machine.

2.

The virtual machine memory is copied over the network to the destination Hyper-V host. This memory is called the working set of the migrating virtual machine, and consists of memory pages that are each 4 kilobytes (KB) in size. The Hyper-V host monitors the memory, and as the source virtual machine modifies the memory pages, it tracks and marks the pages as modified.

3.

After all the memory pages are copied, Hyper-V also copies the modified pages. Hyper-V iterates the memory copy process several times, and each iteration requires copying a smaller number of modified pages.

4.

After all of the modified memory pages are copied to the destination Hyper-V host, the working set for the virtual machine is in the same exact state as on the source Hyper-V host.

5.

In the final stage of a live migration, a network package is sent to the network switch, which causes it to obtain a new MAC addresses for the moved virtual machine. This enables network traffic for the moved virtual machine to use the correct switch port. The final stage of the live migration completes in less time than the Transmission Control Protocol (TCP) time-out interval.

Live migration speed is affected by the following variables: •

The number of modified memory pages in the source virtual machine



The available network bandwidth between the source and destination Hyper-V hosts



The hardware configuration and utilization of the source and destination Hyper-V hosts

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-13

After the live migration completes and the virtual machine is running on the destination Hyper-V host, virtual machine data is deleted on the source Hyper-V host, but virtual machine storage is not deleted from the SMB 3.0 share. Note: In Windows Server 2012 R2, you can configure use of compression or SMB Multichannel and SMB Direct when performing live migration. Virtual Machine Live Migration Overview http://go.microsoft.com/fwlink/?LinkID=386705 Question: How does the virtual machine memory size affect live migration time? Question: Does live migration use compression when migrating virtual machines?

Demonstration: Moving a Running Virtual Machine In this demonstration, you will see how to move a running virtual machine.

Demonstration Steps 1.

On LON-HOST1, use Hyper-V Manager to confirm that LON-PROD1 is running, is configured with a locally stored VHD, and that its checkpoints are stored locally.

2.

On LON-PROD1, use the Windows PowerShell ping command with the –t parameter to send network packets to IPv4 address 10.0.0.25. This will ping the LON-PROD2 computer, which is running on your partner’s Hyper-V host.

3.

Use the Move Wizard to move the LON-PROD1 virtual machine to LON-HOST2, and to move all data to the C:\Moved\LON-PROD1 folder on the target host.

4.

Use Hyper-V Manager to monitor the progress of live migration, and to verify that LON-PROD1 is able to ping LON-PROD2 throughout the live migration.

5.

After live migration completes, confirm that LON-PROD1 is no longer running on LON-HOST1.

6.

In Hyper-V Manager, confirm that the LON-PROD1 VHD is now in the C:\Moved\LON-PRODx \Virtual Hard Disks folder.

Lab A: Moving Virtual Machine and Configuring Constrained Delegation Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

5-14 Virtual Machine Movement and Hyper-V Replica

A. Datum Corporation has implemented the Hyper-V virtualization platform in one of their subsidiaries. Some of the physical servers have been virtualized, and additional virtual machines have been created. Several key servers have been virtualized, including servers that need to be available at all times.

IT management has approved the purchase of several additional Hyper-V hosts. You now need to balance the number of virtual machines running on both the existing hosts and the new hosts. You need to ensure that you can move virtual machines to the new hosts in such a way that the virtual machines are available during the move operation.

Objectives After completing this lab, you will be able to: •

Move Hyper-V storage and virtual machines.

Lab Setup Estimated Time: 45 minutes

Virtual machines: 20409B-LON-HOSTx, 20409B-LON-DC1, 20409B-LON-TESTx, and 20409B-LON-PRODx User name: Adatum\Administrator Password: Pa$$w0rd Note: You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.

Exercise 1: Moving Hyper-V Storage and Virtual Machines Scenario

To balance the number of virtual machines running on both the existing hosts and the new hosts, you need to move a virtual machine between Hyper-V hosts as it is running, and without downtime. First, you will configure a destination Hyper-V host to allow live migration. Next, you will move virtual machine storage, its virtual hard disk, and its checkpoints, to the Hyper-V host of your partner, first by using the Move Wizard, and then by using Windows PowerShell cmdlets. You will also move the running Windows 8.1 virtual machine LON-PRODx, and confirm that it has network connectivity the entire time during the move operation. When you initiate the move operation remotely, you must allow the Hyper-V host to act on your behalf on the destination Hyper-V host, so you will also configure constrained delegation. After that, you will use the Move-VM cmdlet to move the virtual machine from the Hyper-V host that your partner is using. The main tasks for this exercise are as follows: 1.

Move virtual machine storage by using the Move Wizard.

2.

Move virtual machine storage by using Windows PowerShell.

3.

Configure Hyper-V host for live migration.

4.

Move a virtual machine by using Live Migration.

5.

Configure constrained delegation.

6.

Run live migration from Windows PowerShell.

 Task 1: Move virtual machine storage by using the Move Wizard Note: Before starting with this lab, run the C:\Labfiles\Mod05\Mod05setup.ps1 script to prepare environment for the lab.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-15

1.

On LON-HOSTx, use Hyper-V Manager to confirm that LON-MOVE1 is running and configured with a locally stored VHD.

2.

Use the Move Wizard to move the LON-MOVE1 virtual machine VHD to \\LON-HOSTy\VHDs \LON-MOVE1. Note: Because the VHD is dynamically expanding and is small, it moves quickly.

3.

Use Hyper-V Manager to confirm that the LON-MOVE1 virtual machine VHD is now stored on a network share. Note: The VHD was moved while the virtual machine is running.

4.

Confirm that the LON-MOVE1 checkpoints are stored locally, and that you cannot change the location.

5.

Use the Move Wizard to move the LON-MOVE1 virtual machine checkpoints to \\LON-HOSTy \VHDs\LON-MOVE1.

6.

Confirm that LON-MOVE1 checkpoints are now stored on the network share, and that they were moved while the virtual machine was running.

 Task 2: Move virtual machine storage by using Windows PowerShell 1.

On LON-HOSTx, use Hyper-V Manager to confirm that LON-MOVE2 is running and is configured with a locally stored VHD, and that its checkpoints are stored locally.

2.

Use the Windows PowerShell cmdlet Move-VMStorage with the DestinationStoragePath parameter to move LON-MOVE2 storage to the \\LON-HOSTy\VHDs\LON-MOVE2 folder.

3.

Use the Windows PowerShell cmdlet Get-VM to view the Path and SnapshotFileLocation of the LON-MOVE2 virtual machine.

4.

Use Hyper-V Manager to confirm that the LON-MOVE2 VHD and checkpoints are stored on the network share, and that they were moved while the virtual machine was running.

 Task 3: Configure Hyper-V host for live migration 1.

Use the Move Wizard on LON-HOSTx to try to move the 20409B-LON-PRODx virtual machine to LON-HOSTy. Note: You will get an error, as the computer is not configured for live migration.

2.

Enable live migration on LON-HOSTx. Confirm that incoming live migration can Use any available network for live migration, that Kerberos is used as Authentication Protocol, and that Compression is used.

3.

In Hyper-V Manager, add a connection to LON-HOSTy.

Note: Live migration must be enabled on both LON-HOSTx machines before you can continue with the lab. Make sure that your partner has finished this task before you continue.

 Task 4: Move a virtual machine by using Live Migration

MCT USE ONLY. STUDENT USE PROHIBITED

5-16 Virtual Machine Movement and Hyper-V Replica

1.

On LON-HOSTx, use Hyper-V Manager to confirm that 20409B-LON-PRODx is running, is configured with a locally stored VHD, and that its checkpoints are stored locally.

2.

On LON-PRODx, open Windows PowerShell, and use the ping command with the –t parameter to send network packets to the IPv4 address 10.0.0.y5. This will ping the LON-PRODy computer, which is running on your partner’s Hyper-V host.

3.

Use the Move Wizard to move the 20409B-LON-PRODx virtual machine to LON-HOSTy, and move all data to the C:\Moved\LON-PRODx folder on the target host.

4.

Monitor the progress of migration, and notice that LON-PRODx is able to ping LON-PRODy throughout the live migration.

5.

After live migration completes, confirm that LON-PRODx is no longer running on LON-HOSTx.

6.

Use Hyper-V Manager to confirm that the 20409B-LON-PRODx VHD is in the C:\Moved\LONPRODx\Virtual Hard Disks folder, and that the checkpoint files location is C:\Moved\LON-PRODx.

7.

Use the Move Wizard again to move the LON-PRODx virtual machine back to LON-HOSTx, and to move its data to the C:\Moved\LON-PRODx folder.

8.

Confirm that this time, a Move Wizard error dialog box opens, and reports that there was an error during the move operation. The error occurs because you are managing a remote Hyper-V host, which is not allowed to delegate your permissions.

 Task 5: Configure constrained delegation 1.

On LON-HOSTx, use the Windows PowerShell cmdlet Install-WindowsFeature to install Active Directory administrative tools on LON-HOSTx.

2.

Use Active Directory Users and Computers to configure delegation on the Delegation tab of the LON-HOSTy computer object. Select to use Kerberos only, and add cifs and Microsoft Virtual System Migration Services service types on LON-HOSTx.

3.

Close Active Directory Users and Computers.

4.

Use winrs command to remotely purge cached Kerberos tickets on LON-HOSTy by running following command: Winrs –r:LON-HOSTy klist -lh 0 -li 0x3e7 purge

 Task 6: Run live migration from Windows PowerShell 1.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-17

Use the Windows PowerShell cmdlet Move-VM to move the 20409B-LON-PRODx virtual machine to LON-HOSTx by using following parameters: o

Name: LON-PRODx

o

DestinationHost: LON-HOSTx

o

ComputerName: LON-HOSTy

o

DestinationStoragePath: C:\Moved\LON-PRODx

2.

View the Status column in Hyper-V Manager to monitor migration progress.

3.

After migration completes, confirm that 20409B-LON-PRODx is no longer running on LON-HOSTy.

4.

Use Hyper-V Manager to confirm that the LON-PRODx VHD is located in the C:\Moved\LONPRODx\ Virtual Hard Disks folder, and that checkpoints are located in the C:\Moved\LON-PRODx folder. Note: Leave the virtual machines running for the next lab.

Results: After completing this exercise, you should have moved Hyper-V storage and virtual machines.

Lesson 3

Implementing and Managing Hyper-V Replica

MCT USE ONLY. STUDENT USE PROHIBITED

5-18 Virtual Machine Movement and Hyper-V Replica

Hyper-V Replica is a disaster recovery feature that is built into Hyper-V. You can use it to replicate a running virtual machine to a secondary location, and in Windows Server 2012 R2, you can extend the replication to a third location. While the primary virtual machine is running, Hyper-V Replica is turned off. Hyper-V Replica is updated regularly, and when needed, you can perform failover from primary virtual machine to a replica virtual machine. You perform failovers manually, and they can be planned or unplanned. Planned failovers are without data loss, whereas unplanned failovers can cause loss of last changes, up to five minutes by default. In this lesson, you will learn how to implement and manage Hyper-V Replica, and how to perform both a test failover and a planned failover.

Lesson Objectives After completing this lesson, you will be able to: •

Explain the prerequisites for Hyper-V Replica.



Describe Hyper-V Replica.



Explain the process of enabling a virtual machine for replication.



Enable virtual machine replication.



Explain the concept of Hyper-V Replication Health.



Describe test failover, planned failover, and failover.



Describe Hyper-V Replica synchronization.



Perform a planned Hyper-V failover.

Prerequisites for Hyper-V Replica In situations where you have concerns about virtual machine availability, you can implement a Hyper-V failover cluster and make virtual machines highly available. However, failover clusters are often limited to a single location, because multi-site clusters require specialized hardware, and are expensive to implement. If a natural disaster such as an earthquake or a flood affects occurs, all server infrastructure at that location may be lost.

Windows Server 2012 introduced Hyper-V Replica, which you can use to implement an affordable business continuity and disaster recovery solution for the virtual environment. Providing you have network connectivity, you are not limited to a single site, and you can use Hyper-V Replica to replicate virtual machines to a Hyper-V host in a secondary location across a wide area network (WAN) link. If you have a single location, you can still use Hyper-V Replica to replicate virtual machines to your partner company in another state or hosting provider. This is because Hyper-V hosts that participate in replication do not have to be in the same Active Directory Domain Services (AD DS) forest, or have the same configuration. In addition, you can encrypt network traffic between them.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-19

You also can use Hyper-V Replica to have two instances of a single virtual machine residing on different Hyper-V hosts. One of the instances will be the primary, running virtual machine, and the other instance will be a replica, offline copy. Hyper-V synchronizes these instances, and you can perform manual failover at any time. If a failure occurs at a primary site, you can use Hyper-V Replica to execute a failover of the virtual machines to replica servers at a secondary location, thereby minimizing downtime. Before you implement Hyper-V Replica, ensure that the virtualization infrastructure meets the following prerequisites: •

Windows Server 2012 or a newer Windows Server version with the Hyper-V role installed at both locations. Server hardware should have sufficient capacity to run all of the virtual machines—its local virtual machines, as well as replicated virtual machines. Replicated virtual machines are in a turned-off state, and they will be started only if you perform a failover.



Sufficient storage is available on both the primary and replica Hyper-V hosts. This is necessary to store both local and replicated virtual machine data.



Network connectivity is available between the locations that are hosting the primary and replica Hyper-V hosts. Connectivity can be through either a WAN or local area network (LAN) link.



Firewall rules to allow replication between the primary and replica sites are in place. When you install the Hyper-V role, the Hyper-V Replica HTTP Listener (TCP-In) and Hyper-V Replica HTTPS Listener (TCP-In) rules are added to the Windows Firewall. Before you can use Hyper-V Replica, you need to enable one or both of these rules on the replica Hyper-V host.



If you want to use certificate-based authentication, ensure that an X.509v3 certificate from the trusted certification authority (CA) exists to support mutual authentication at both Hyper-V hosts.



If you use Kerberos authentication, both Hyper-V hosts must be joined to the same AD DS forest.

Note: You can configure Hyper-V replica regardless of whether the Hyper-V host is a node in the failover cluster. Hyper-V Replica Overview http://go.microsoft.com/fwlink/?LinkID=386707 Question: Can you use Hyper-V Replica to replicate only virtual machines that have integration services installed?

Overview of Hyper-V Replica Hyper-V Replica provides a virtual machine-level replication, which efficiently and securely replicates virtual machine data and changes over a LAN or WAN link to a remote location, and does not require any additional software or hardware.

Hyper-V Replica High-Level Architecture When you configure a virtual machine for replication, initial replication is performed, and a copy of the virtual machine is created on the recovery host. However, the replicated virtual machine remains turned off until you initiate the

MCT USE ONLY. STUDENT USE PROHIBITED

5-20 Virtual Machine Movement and Hyper-V Replica

failover, while primary virtual machine is running. When you enable replication, changes in the primary virtual machine are written in the log file, which is periodically replicated and applied to the replica. Hyper-V Replica has several components: •

Replication engine. This component manages the replication configuration details and initial replication, replication of delta changes, and failover and test failover operations. It also tracks virtual machine and storage mobility events, and takes appropriate actions when necessary. For example, the replication engine pauses replication when you start moving a virtual machine, and then resumes replication where it was paused, after the move operation is complete.



Change tracking module. This component tracks changes that occur to the virtual machine on the source Hyper-V host. The change tracking module tracks the Write operations to the virtual hard disks, regardless of where the virtual hard disks are stored—locally, on the SAN, on SMB 3.0 share, or on a CSV.



Network module. This component provides a secure and efficient way to transfer virtual machine data between Hyper-V hosts in the primary site and replica site. It minimizes the traffic by compressing data by default. The network module can also encrypt data when https and certification-based authentication are used.



Hyper-V Replica Broker. This component is used only when a Hyper-V failover cluster is the source or destination for Hyper-V Replica traffic. This role enables you to use Hyper-V Replica with highly available virtual machines, which can move between cluster nodes. The Hyper-V Replica Broker role queries the cluster database, and then redirects all requests to the cluster node where the virtual machine is currently running.



Management tools. These tools enable you to configure and manage Hyper-V Replica. Aside from Hyper-V Manager and Windows PowerShell, you can also use Failover Cluster Manager, which you should use for all virtual machine management and Hyper-V Replica configurations when the source or replica Hyper-V hosts are part of a Hyper-V failover cluster. Understand and Troubleshoot Hyper-V Replica in Windows Server "8" Beta http://go.microsoft.com/fwlink/p/?LinkId=237258

Security Considerations

You can establish Hyper-V Replica with a Hyper-V host regardless of its location and domain membership, as long as you have network connectivity with it. There is no requirement for Hyper-V hosts to be part of the same AD DS domain. You can also implement Hyper-V Replica when Hyper-V hosts are members of untrusted domains or workgroups, because you can configure certificate-based authentication. Hyper-V Replica implements security at the following different levels: •

On each server, Hyper-V creates a local security group called Hyper-V Administrators. Members of this group, in addition to local administrators, can configure and manage Hyper-V Replica.



You can configure a replica server to allow replication from any authenticated server, or to limit replication to specific servers. In that case, you need to specify a fully qualified domain name (FQDN) for the primary server (for example hv1.contoso.com), or use a wildcard with a domain suffix, for example *.contoso.com. Use of IP addresses is not allowed. If the replica server is in a failover cluster, replication is allowed at the cluster level. When you are limiting replication to specific servers, you also need to specify a trust group, which is used to identify the servers within which a virtual machine can move. For example, if you provide disaster recovery service to partner companies, the trust group prevents one company from gaining access to another company's replica machines.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-21



Replica Hyper-V host can authenticate primary Hyper-V host by using Kerberos authentication and certificates. Kerberos authentication requires both Hyper-V hosts to be in the same AD DS forest, whereas you can use certificate authentication in any environment. Kerberos authentication is used with http traffic and is not encrypted, whereas certificate-based authentication is used with https traffic and is encrypted.



You can establish Hyper-V Replica only if network connectivity exists between the Hyper-V hosts. You should configure Windows Firewall to allow either HTTP or HTTPS Hyper-V Replica traffic. Question: You want to replicate your virtual machines to a hosting provider. How must the replica Hyper-V host that is running at the hosting provider be configured so that it can authenticate your primary Hyper-V host? Question: How can you limit primary Hyper-V hosts to be able to access only virtual machines that originate from the same company?

Enabling a Virtual Machine for Replication After you configure a Hyper-V replica server to allow incoming replication, you then need to enable replication on the virtual machines on the primary Hyper-V host. You must configure replication for each virtual machine individually, either by using the Enable Replication Wizard in Hyper-V Manager, or by using the Windows PowerShell cmdlet Enable-VMReplication. When you use the Enable Replication Wizard, you can configure the following replication settings: •

Replica Server. Specify the computer name or the FQDN of the replica server (an IP address is not allowed). If the Hyper-V host that you specify is not yet configured to allow replication traffic, you can configure it here. If the replica server is a node in a failover cluster, you should enter the name or FQDN of the connection point for the Hyper-V Replica Broker.



Connection Parameters. If the replica server is accessible, the Enable Replication Wizard populates the authentication type and replication port fields automatically with the appropriate values. If the replica server is inaccessible, you can configure these fields manually. However, you should be aware that you will not be able to enable replication if you cannot establish a connection to the replica server. On the Connection Parameters page, you can also configure Hyper-V to compress the replication data before transmitting it over the network.



Replication virtual hard disks. By default, all virtual hard disks are replicated. If some of the virtual hard disks are not required at the replica Hyper-V host, you can exclude them from replication. An example would be a virtual hard disk that is dedicated for storing page files. You should not exclude virtual hard disks that include operating systems or applications, because this can result in that particular virtual machine being unusable at the replica server.



Replication Frequency. Prior to Windows Server 2012 R2, replication frequency was always five minutes, and was not configurable. In Windows Server 2012 R2, you can set replication frequency to 30 seconds, 5 minutes, or 15 minutes, based on the network link to the replica server and acceptable state delay between primary and replica virtual machines.



Additional recovery points. You can configure the number and types of recovery points to be sent to the replica server. By default, the option to Maintain only latest point for recovery is selected, which

MCT USE ONLY. STUDENT USE PROHIBITED

5-22 Virtual Machine Movement and Hyper-V Replica

means that only the parent virtual hard disk is replicated and all the changes are merged into that virtual hard disk. However, you can select to create additional hourly recovery points, and then set the number of additional recovery points (up to 24). You can also configure the Volume Shadow Copy Service (VSS) snapshot frequency, which is used to save application-consistent replicas for the virtual machine, and not just the changes in the primary virtual machine. •

Initial replication method and schedule. The default selection is to send an initial copy immediately over the network. Because virtual machines can have large virtual disks, initial replication can take a long time and can cause a large amount of network traffic. If you do not want immediate replication, you can schedule it to start at a specific time. If you want an initial replication but want to avoid network traffic, you can select to send the initial copy to external media, or to use an existing virtual machine on the replica server. You would use the last option if you already restored a copy of the virtual machine at the replica server, and you want to use it as the initial copy.

After the replication relationship is established, the Status column in Hyper-V Manager shows replication progress as a percentage of the total replication for the configured virtual machine. Virtual machine replica is in the turned off state, and you cannot start it until the failover is performed.

When replication is enabled, virtual machine network adapters get additional settings that were previously unavailable. These new settings pages are Failover TCP/IP and Test Failover. Failover TCP/IP is available only for network adapters, and not for legacy network adapters. The settings on this page are useful when a virtual machine has a static IP address assigned, and the replica site is using different IP settings than the primary site. You can configure TCP/IP settings that a network adapter will use after the failover is performed. If static IP addresses are used, you should configure failover TCP/IP on the primary and replica virtual machines. Virtual machines must also have integration services installed to be able to apply failover TCP/IP settings. Virtual machines for which you enable replication have an additional management setting called Replication. You use this setting to review and modify replication parameters. Note: In Windows Server 2012 R2, you can extend Hyper-V Replica from the replica virtual machine to a third Hyper-V host (the Extended Replica Server). This enables you to use Hyper-V Replica to create two virtual machine replicas. Question: Are failover TCP/IP settings useful if a virtual machine is using Dynamic Host Configuration Protocol (DHCP) for obtaining an IP address?

Demonstration: Enabling Virtual Machine Replication In this demonstration, you will see how to enable a virtual machine for replication.

Demonstration Steps 1.

Use Hyper-V Manager to confirm that in the 20409B-LON-TEST1 virtual machine settings, under Network Adapter, two nodes display: Hardware Acceleration, and Advanced Features.

2.

Confirm that there are six settings in the Management section for the 20409B-LON-TEST1 virtual machine, and that Replication is not one of them.

3.

Use Hyper-V Manager to enable replication for the 20409B-LON-TEST1 virtual machine, and provide the following settings: o

Replica Server: LON-HOST2

o

Connection Parameters: Kerberos authentication (HTTP)

o

Replication VHDs: LON-TEST1

o

Replication Frequency: 30 seconds

o

Initial Replication Method: Immediately send initial copy over the network

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-23

4.

Use Hyper-V Manager to confirm that 20409B-LON-TEST1 is one of the virtual machines on LON-HOST2, and that it is in the Off state.

5.

View Replication Health for 20409B-LON-TEST1. As initial replication is probably not yet completed, Replication Health should be in the Warning state.

6.

Use Hyper-V Manager to confirm that there are two new nodes under Network Adapter for the 20409B-LON-TEST1 virtual machine, which were not present before: Failover TCP/IP, and Test Failover.

7.

Confirm that there are seven settings in the Management section for 20409B-LON-TEST1, including Replication, which was not present before.

8.

Use the Windows PowerShell cmdlets Get-VMReplication and Measure-VMReplication to review replication settings and status for 20409B-LON-TEST1.

9.

In Hyper-V Manager, view Replication Health for 20409B-LON-TEST1. If initial replication has finished, Replication Health will be Normal.

Hyper-V Replication Health When you enable replication for a virtual machine, changes in the primary virtual machine are written to a log file, which is periodically transferred to the replica Hyper-V host and then applied to a virtual hard disk of a replica virtual machine. Replication Health monitors the replication process and shows important events, as well as the replication and synchronization state of the Hyper-V host. Replication Health includes the following data: •

Replication State. Indicates whether replication is enabled for the virtual machine.



Replication Type. Indicates whether you are monitoring Replication Health on the primary virtual machine or on the replica virtual machine.



Primary and Replica server names. Indicates on which Hyper-V host the primary virtual machine is running, and which Hyper-V host is the replica.



Replication Health. Indicates replication status. Replication Health can have one of three possible values: Normal, Warning, or Critical.



Replication statistics. Displays replication statistics since virtual machine replication started, or since you reset the statistics. Statistics include data such as maximum and average size of the replication, average replication latency, number of errors encountered, and number of successful replication cycles.



Pending replication. Displays information about the size of data that still needs to be replicated, and when the replica was last synchronized with the primary virtual machine.

MCT USE ONLY. STUDENT USE PROHIBITED

5-24 Virtual Machine Movement and Hyper-V Replica

Replication Health can have one of three possible values, based on how well the replication is performing: •





Normal o

Less than 20 percent replication cycles are missed.

o

Last synchronization point was less than an hour ago.

o

Average replication latency is less than the configured limit.

Warning o

More than 20 percent of replication cycles have been missed.

o

Last replication data was sent more than an hour ago.

o

Initial Replication has not been completed.

o

Failover was initiated, but reverse replication has not been configured.

o

Replication is paused in the primary virtual machine.

Critical o

Replication is paused on the replica virtual machine.

o

Primary server is unable to send the replica data.

You can monitor Replication Health in Hyper-V Manager, where you can add a Replication Health column to the virtual machines pane. You can also right-click the virtual machine that has replication enabled, and then click View Replication Health. From Windows PowerShell, you can also view Replication Health by using the cmdlets Get-VMReplication and Measure-VMReplication. You can also monitor Replication Health by using Performance Monitor and Event Viewer. For Replication Health to be in Normal state, the Hyper-V Replica replication engine must regularly replicate changes in the primary virtual machine, and then apply those changes to the virtual hard disk of the replica based on the replication frequency. If more than 20 percent of the replication cycles have not been applied, Replication Health automatically changes to the Warning state. The following tables show the number of replications based on replication frequency, and the number of successful replications required for Normal Replication Health. Replication frequency

1 hour

12 hours

24 hours

1 week

30 seconds

120

1,440

2,880

20,160

5 minutes

12

144

288

2,016

15 minutes

4

48

96

672

Replication cycles

Successful

Failed

% Success

Health state

12

10

2

80%

Normal

144

116

28

80%

Normal

288

231

57

80%

Normal

2,016

1613

403

80%

Normal

You can save a Replication Health report as a .csv file.

Interpreting Replication Health – Part 1 http://go.microsoft.com/fwlink/?LinkID=386702 Question: How can you monitor virtual machine replication health from Windows PowerShell?

Test Failover, Planned Failover, and Failover You can perform three types of failover actions: test failover, planned failover, and failover. These three options offer different benefits, and are useful in different scenarios.

Test Failover

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-25

After you configure Hyper-V Replica and after the virtual machines start replicating, you can perform a test failover. A test failover is a nondisruptive task that enables you to test a virtual machine on the replica server while the primary virtual machine is running, and without interrupting the replication. You can initiate a test failover on the replica virtual machine, which will create a new checkpoint and allow you to select a recovery point from which the new test virtual machine is created. The test virtual machine has the same name as the replica, but with - Test appended to the end. The test virtual machine is not started, and is disconnected by default to avoid potential conflicts with the running primary virtual machine.

When you finish testing, you can stop test failover. This option is available only if test failover is running. When you stop test failover, it stops the test virtual machine and deletes it from the replica Hyper-V host. If you run a test failover on a failover cluster, you will have to remove the Test-Failover role from the failover cluster manually.

Planned Failover

You can initiate a planned failover to move the primary virtual machine to a replica site, for example, before site maintenance or before a disaster. Because this is a planned event, there is no data loss, but the virtual machine will be unavailable for some time during its startup. A planned failover confirms that the primary virtual machine is turned off prior to executing the failover. During the failover, it sends all the data that has not yet been replicated, to the replica server. It then fails over the virtual machine to the replica server, and starts it there. After the planned failover, the virtual machine is running on the replica server, and its changes are not replicated. If you want to establish replication again, you should reverse the replication. You will have to configure similar settings to when you enabled replication, and the existing virtual machine will be used as an initial copy.

Failover

A failover is an unplanned event that can result in data loss, because changes at the primary virtual machine might not have replicated before the disaster happened. (Replication frequency setting controls how often changes are replicated). In the event that an occurrence disrupts the primary site, you can perform a failover. You initiate a failover at the replica virtual machine only if primary virtual machine is either unavailable or turned off. Similar to planned failover, during a failover the virtual machine is running on a replica server. If you need to start failover from a different recovery point and discard all changes, you can cancel the failover. After you recover the primary site, you can use reverse replication to reestablish replication. This will also remove the option to cancel failover.

Other Hyper-V replication-related actions include the following:

MCT USE ONLY. STUDENT USE PROHIBITED

5-26 Virtual Machine Movement and Hyper-V Replica



Pause Replication. This action pauses replication for the selected virtual machine.



Resume Replication. This action resumes replication for the selected virtual machine. It is available only if replication for the virtual machine is paused.



View Replication Health. This action provides data about the replication events for a virtual machine.



Extend Replication. This action is available on replica virtual machines. It is available only on Windows Server 2012 R2, and it extends virtual machine replication from the replica server to a third server (the Extended Replica Server).



Remove Recovery Points. This action is available only during a failover. If you select it, all recovery points (checkpoints) for a replica virtual machine are deleted, and their differencing virtual hard disks are merged.



Remove Replication. This action stops replication for the virtual machine.

Note: If you have implemented Microsoft System Center 2012 R2 and you are interested in using Hyper-V Replica for disaster recovery, you should consider using the Windows Azure Hyper-V Recovery Manager. The Hyper-V Recovery Manager helps to orchestrate the recovery of private cloud services across multiple locations in the event of an outage at the primary site. Question: Which of the three failover actions can you perform while the primary virtual machine is running: test failover, planned failover, or failover?

Hyper-V Replica Resynchronization After you configure virtual machine replication and perform the initial replication, the replica is regularly updated with the changes from the primary virtual machine. One of the configuration steps is configuring the replication frequency setting. This setting controls the longest time interval until changes from the primary virtual machine are applied to the replica.

In a real-world environment, there can be many reasons why changes from the primary virtual machine are not applied to the replica for extended periods of time. This may be, for example, because network connectivity is lost, or because you paused the replication. This will be reflected on the Replication Health, but when replication is established again, all changes will be applied to the replica. There are also more serious reasons that can affect synchronization, such as: •

Issues on the primary server with change tracking. The replication engine tracks changes in the virtual machine only while the virtual machine is running. If you turn off the virtual machine and then modify the virtual hard disk, (for example, to perform offline patching), these modifications will not be replicated to the replica when you start the primary virtual machine.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-27



Replication issues with tracking logs. Changes in a virtual machine are first written into a tracking log, and are then transferred to the replica. If network connectivity with the replica is lost, the tracking log can increase in size and can be larger than 50 percent of the virtual hard disk size.



Problems linking the virtual hard disk with the parent. This problem can occur if a virtual machine is using a differencing virtual hard disk, and a replica Hyper-V host is not able to link the replicated differencing virtual hard disk with its parent.



Virtual machine is restored from the backup. If you restore the primary or replica virtual machines from a backup, their state changes and is no longer synchronized.



Reverse replication after failover. If you perform a planned failover and you reverse replication, the virtual machine will already exist on the target Hyper-V host, but it will not be up-to-date.

In all the above cases, the primary and replica virtual machine are not synchronized, and there is no tracking log that could simply be applied to synchronize them. However, in all cases, virtual machines already exist on both sides, and it would be inefficient to perform full initial replication. The resynchronization process is optimized for virtual hard disks with size up to 500 GB. It tries to find and replicate only the differences between virtual machines, not the entire virtual hard disk. The virtual hard disk of the primary virtual machine and the replica are split into chunks of 2 megabytes (MB). The, CRC64 checksum of each chunk is generated, and then compared to determine which chunks from the primary virtual machine need to be applied to the replica. The resync process also has logic built into it, which decides if the process would take longer than six hours. If so, you should perform a full initial replication.

The resynchronization process is processor-intensive, storage-intensive, and network-intensive. You can trigger the resynchronization process manually, but you also can schedule it to perform resynchronization automatically when needed. You configure these settings on the Replication settings of the primary virtual machine. Resynchronization of virtual machines in Hyper-V Replica http://go.microsoft.com/fwlink/?LinkID=386703 Question: Is resynchronization between primary and replica virtual machines always required?

Demonstration: Performing a Planned Hyper-V Failover In this demonstration, you will see how to perform a planned Hyper-V failover.

Demonstration Steps 1.

Connect to the LON-TEST1 computer that is running on the LON-HOST1 Hyper-V host. On the desktop, create a folder named Current State.

2.

Use Hyper-V Manager to start a planned failover for 20409B-LON-TEST1.

3.

Confirm that the Planned Failover error displays, as the virtual machine is not prepared for a planned failover.

4.

Shut down LON-TEST1.

5.

Use Hyper-V Manager to perform a planned failover for 20409B-LON-TEST1.

6.

Confirm that 20409B-LON-TEST1 is in a Running state on the LON-HOST2 Hyper-V host.

MCT USE ONLY. STUDENT USE PROHIBITED

5-28 Virtual Machine Movement and Hyper-V Replica

7.

On LON-TEST1, confirm that a folder named Current State is on the desktop. With planned failover, all changes from the primary virtual machine are replicated.

8.

Create a folder named Planned Failover on the LON-TEST1 desktop.

9.

Use Hyper-V Manager to start reverse replication for 20409B-LON-TEST1, and accept all default values.

10. Shut down LON-TEST1 and perform its Planned Failover. 11. Start and connect to LON-TEST1 on LON-HOST2. 12. Confirm that on the LON-TEST1 desktop, the two folders named Current State, and Planned Failover display.

Lab B: Configuring and Using Hyper-V Replica Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-29

You have successfully moved the Hyper-V storage and virtual machines. Because many of the virtualized servers host business-critical applications or data, A. Datum is also planning to provide a disaster recovery solution for the virtual machines. Virtualization hosts currently are backed up daily, but a much faster recovery solution is required for some of the virtual machines. To provide this solution, you need to configure and test the Hyper-V Replica feature.

Objectives After completing this lab, you will be able to: •

Configure and manage Hyper-V Replica.

Lab Setup Estimated Time: 45 minutes

Virtual machines: 20409B-LON-HOSTx, 20409B-LON-DC1, 20409B-LON-TESTx, and 20409B-LON-PRODx User name: Adatum\Administrator Password: Pa$$w0rd For this lab, you will use the available virtual machine environment. Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines. However, you can shut down all virtual machines after finishing this lab. You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.

Exercise 1: Configuring and Managing Hyper-V Replica Scenario

Your company has set up a disaster recovery location, and you need to configure virtualization infrastructure to replicate virtual machines to that location. To perform this task, you will use Hyper-V Replica in this exercise. You will first configure a remote Hyper-V host to allow incoming replication. Then you will configure replication of the LON-TESTx virtual machine, explore new settings that you can configure, and test the effect of those settings. You will also perform test failover and planned failover, to ensure that test failover does not interrupt the replication process, and that during planned failover no modifications in virtual machine are lost. As one of the steps, you will also monitor Replication Health. The main tasks for this exercise are as follows: 1.

Configure Hyper-V host for incoming replication.

2.

Enable virtual machine replication.

3.

Test Hyper-V Replica failover.

4.

Perform a planned failover.

 Task 1: Configure Hyper-V host for incoming replication 1.

2.

MCT USE ONLY. STUDENT USE PROHIBITED

5-30 Virtual Machine Movement and Hyper-V Replica

Use Hyper-V Manager on LON-HOSTx to enable LON-HOSTy as a replica server with the following configuration: o

Authentication: Kerberos (HTTP)

o

Default location to store Replica files: C:\shares\replicated

Add the Windows Firewall with Advanced Security snap-in to MMC, connect to the LON-HOSTy computer, and enable the Hyper-V Replica HTTP Listener (TCP In) rule.

 Task 2: Enable virtual machine replication 1.

Use Hyper-V Manager to confirm that in the 20409B-LON-TESTx virtual machine settings, under Network Adapter, two nodes display: Hardware Acceleration, and Advanced Features.

2.

Confirm that for the 20409B-LON-TESTx virtual machine, in the Management section, six settings display, and Replication is not one of them.

3.

Confirm that the LON-TESTx computer has an IPv4 address of 10.0.0.x6.

4.

Use Hyper-V Manager to enable replication for the 20409B-LON-TESTx virtual machine using the following settings: o

Replica Server: LON-HOSTy

o

Connection Parameters: Kerberos authentication (HTTP)

o

Replication VHDs: LON-TESTx VHD

o

Replication Frequency: 30 seconds

o

Additional Recovery Points: Create 10 additional hourly recovery points

o

Initial Replication Method: Immediately send initial copy over the network

5.

Use Hyper-V Manager to confirm that 20409B-LON-TESTx is one of the virtual machines on LON-HOSTy, and that it is in the Off state.

6.

View Replication Health for 20409B-LON-TESTx.

Note: Because initial replication is most likely not yet completed, Replication Health is in a Warning state. 7.

Use Hyper-V Manager to confirm that two new nodes display under Network Adapter for 20409B-LON-TESTx: Failover TCP/IP, and Test Failover.

8.

Confirm that there are now seven settings in the Management section for 20409B-LON-TESTx, including Replication, which was not present before.

9.

Use the Windows PowerShell Get-VMReplication and Measure-VMReplication cmdlets to review replication settings and status for 20409B-LON-TESTx.

10. In Hyper-V Manager, view Replication Health for 20409B-LON-TESTx. If initial replication has finished, Replication Health will be Normal.

 Task 3: Test Hyper-V Replica failover 1.

2.

Use Hyper-V Manager to configure Failover TCP/IP for 20409B-LON-TESTx with the following settings: o

IPv4 Address: 192.168.10.15

o

Subnet Mask: 255.255.255.0

o

Default gateway: 192.168.10.1

o

Preferred DNS server: 192.168.10.100

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-31

Use Hyper-V Manager to configure Test Failover for 20409B-LON-TESTx to connect to the Private Switch. Note: If initial replication of 20409B-LON-TESTx has not yet finished, wait until it finishes.

3.

Use Hyper-V Manager to start Test Failover for 20409B-LON-TESTx. Confirm that the checkpoint for 20409B-LON-TESTx is created, and a new virtual machine named 20409B-LON-TESTx – Test is created.

4.

Confirm that the 20409B-LON-TESTx – Test virtual machine is connected to Private Switch.

5.

Start the 20409B-LON-TESTx virtual machine, and sign in as Administrator with the password Pa$$w0rd.

6.

Confirm that it has the same IP configuration as you configured in Failover TCP/IP for 20409B-LON-TESTx.

7.

Stop the test failover for 20409B-LON-TESTx. Confirm that the 20409B-LON-TESTx – Test virtual machine has been deleted, in addition to the 20409B-LON-TESTx virtual machine checkpoint.

 Task 4: Perform a planned failover 1.

Connect to the 20409B-LON-TESTx computer running on the LON-HOSTx Hyper-V host, and on the desktop create a folder named Current State.

2.

Use Hyper-V Manager to start Planned Failover for 20409B-LON-TESTx.

3.

Confirm that a Planned Failover error displays. Note: This is because the virtual machine is not prepared for planned failover.

4.

Shut down LON-TESTx.

5.

Use Hyper-V Manager to perform a Planned Failover for the 20409B-LON-TESTx virtual machine.

6.

Confirm that 20409B-LON-TESTx is in the Running state on the LON-HOSTy Hyper-V host.

7.

On LON-TESTx, confirm that a folder named Current State displays on the desktop. Note: With planned failover, all changes from the primary virtual machine are replicated.

8.

Create a folder named Planned Failover on the LON-TESTx desktop.

9.

Use Hyper-V Manager to start Reverse Replication for 20409B-LON-TESTx, and accept all default values.

10. Shut down LON-TESTx, and then perform its Planned Failover. 11. Start and connect to 20409B-LON-TESTx on LON-HOSTx.

MCT USE ONLY. STUDENT USE PROHIBITED

5-32 Virtual Machine Movement and Hyper-V Replica

12. Confirm that two folders display on the LON-TESTx desktop: Current State, and Planned Failover. 13. On LON-HOSTx, remove replication for 20409B-LON-TESTx. 14. On LON-HOSTy, delete 20409B-LON-TESTx.

Results: After completing this exercise, you should have configured and managed Hyper-V Replica.

Module Review and Takeaways Review Questions Question: What would be the most probable reason that Replication Health is not in the Normal state after you enable replication for a virtual machine? Question: Can you use self-signed certificates for authentication with Hyper-V Replica? Question: Can you perform live migration of a virtual machine from a Windows Server 2012 Hyper-V host to a Windows Server 2012 R2 Hyper-V host?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

5-33

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED 6-1

Module 6 Implementing Failover Clustering with Hyper-V Contents: Module Overview

6-1

Lesson 1: Overview of Failover Clustering

6-2

Lesson 2: Configuring and Using Shared Storage

6-12

Lesson 3: Implementing and Managing Failover Clustering with Hyper-V

6-22

Lab: Implementing Failover Clustering with Hyper-V

6-31

Module Review and Takeaways

6-38

Module Overview

Failover clustering is a Windows Server 2012 feature that provides high availability. Hyper-V in Windows Server 2012 uses failover clustering to provide highly available virtual machines. It is crucial for critical virtual machines to be highly available, which means that if the node on which a virtual machine is running fails, then the failover cluster will start the virtual machine automatically on a different node.

The first lesson in this module provides a general overview of failover clustering. You will learn about the components of failover clusters, how failover clusters provide high availability, and why shared storage is important. You will also learn about the different quorum modes, and understand how you can provide encryption for Cluster Shared Volumes (CSVs). The second lesson in this module details shared storage. You will see how you can use Server Message Block (SMB) 3.0 file shares for Hyper-V. You will also learn how to configure Internet small computer system interface (iSCSI) shared storage by using an iSCSI target server, which is part of Windows Server 2012. If you are considering failover clustering in virtual machines, you will learn more about Windows Server 2012 R2, in which you can use virtual hard disk sharing to present shared storage to virtual machines.

The third lesson explains how you can implement failover clustering. You will also learn about the settings that you can configure for highly available virtual machines, and how you can configure monitoring for services that run inside a virtual machine. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.

Objectives After completing this module, you will be able to: •

Describe failover clustering.



Configure and use shared storage.



Implement and manage failover clustering with Hyper-V.

Lesson 1

Overview of Failover Clustering

MCT USE ONLY. STUDENT USE PROHIBITED

6-2 Implementing Failover Clustering with Hyper-V

Hyper-V uses failover clustering to provide highly available virtual machines. Before you can create highly available virtual machines, you need to understand the basics of failover clustering. In this lesson, you will learn about failover clustering components, the importance of shared storage, and how you can provide network redundancy. By default, failover clustering uses CSVs as the default storage type. This lesson explains the requirements for CSVs, and their advantages over logical unit numbers (LUNs). You will also learn about quorums, the different quorum modes that failover clustering supports, and what the differences are between the quorum modes. Because some highly available data can be sensitive, you will also learn about how you can use BitLocker Drive Encryption to encrypt CSVs.

Lesson Objectives After completing this lesson, you will be able to: •

Describe a failover cluster.



Describe failover and failback.



Describe the different networks that failover clusters use.



Explain the importance of failover cluster storage.



Describe CSVs.



Describe quorum and different quorum models.



Describe encrypted cluster volumes.

What Is a Failover Cluster? A failover cluster is a pair or group of Windows servers that work together to make applications and services highly available. The servers in a failover cluster are called nodes. If a node in a cluster fails or becomes unavailable, another node in the same failover cluster starts providing the services that the failed node was offering. This process is called failover and it results in minimal (or in certain cases, no) service disruptions for clients that are accessing the service. Failover clusters also provide CSV functionality, which provides a common namespace that you can use to access shared storage from all nodes. Failover clustering has several components, including the following: •

Nodes. Nodes are Windows Server computers that are members of a failover cluster. These computers have the failover clustering feature installed, and they run highly available services, applications, and other resources that are associated with a cluster. A failover cluster in Windows Server 2012 R2 can have up to 64 nodes, which can run up to 8,000 virtual machines. A single node can run up to 1,024 virtual machines.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-3



Networks. Networks enable communication between nodes that are still available and responsive, and also between nodes and client computers. Because clusters use external storage such as iSCSI or Fibre Channel Storage Area Network (SAN), nodes also use networks for accessing the shared storage.



Clustered role. A clustered role is a highly available role or service that is running on the cluster node and to which clients connect. If such a service becomes unavailable on one node, the failover cluster fails it over automatically to another node and redirects client requests for the service to the new node.



Resources. Resources are physical or logical elements such as a shared folder, disk, or IP address, which the failover cluster manages. Resources may provide service to clients or may be integral parts of highly available applications. Resources are the most basic and smallest configurable units. A resource can run only on a single node at any given time.



Cluster Storage. Each node has local storage (where the Windows operating system is installed), in addition to server roles and highly available applications. Cluster storage is a shared storage, where application configuration and data is stored. When a node fails, other nodes can access data on the cluster storage, and can start applications from that point. For example, the highly available virtual machine stores configuration data and virtual hard disks of the highly available virtual machine are stored on the cluster storage.



Clients. These are computers that access highly available services and applications that are running in the failover cluster. There should be multiple network paths between clients and the cluster. Clients should also try to reconnect to the service automatically if a cluster node fails.

In a failover cluster, each node in the cluster: •

Has full connectivity and communication with other failover cluster nodes.



Is aware of configuration changes to the failover cluster, such as when an additional node joins or leaves the cluster. Each node is also aware of other node failures, and has the ability to run services that the failed node hosted. You can configure which services to run on which nodes.



Connects to a network through which client computers can access the node.



Connects to other nodes, and regularly checks their availability and responsiveness.



Connects to shared storage, where configuration and data of highly available applications is stored.



Has awareness of the services and applications that are running locally, and resources that are running on other failover cluster nodes. Failover Clustering Overview http://go.microsoft.com/fwlink/?LinkID=386723 Question: Will clients still be able to connect to a cluster role if the failover cluster has only two nodes and the internode network fails?

What Are Failover and Failback?

MCT USE ONLY. STUDENT USE PROHIBITED

6-4 Implementing Failover Clustering with Hyper-V

Failover is a process in which a highly available role, together with all its resources (such as IP address and disk) moves between nodes in a failover cluster. Failover can happen automatically. For example, the node on which the highly available virtual machine was running might fail, or one of the resources that the highly available application depends upon may become unavailable. Other possible reasons are that a monitored service in a highly available virtual machine may stop, or the network adapter may lose network connectivity. Failover can also be manual. For example, administrators can start a maintenance procedure, during which they move highly available virtual machines to a different node before updating and restarting the current node. When failover is initiated, the following steps occur: 1.

The cluster service takes all of the resources of the highly available role offline in an order that is determined by the instance’s dependency hierarchy. First, the cluster service takes the clustered role offline, and then it takes offline the resources on which it the cluster role depends. For example, if a role depends on a disk resource, the cluster service takes the role offline first, which allows the role to write uncommitted changes to the disk, before taking the disk offline.

2.

When all resources are offline, the cluster service attempts to move the role to the node that is next on the list of preferred owners for that role. If the preferred owner is not available, then the cluster service contacts the next server on the list.

3.

If the cluster service moves the role successfully to a different node, it attempts to bring all role resources back online. This time, it takes the resources online in reverse order, from the bottom of the dependency hierarchy. Failover is complete when all of the resources are online on the new node.

In most cases, failover results in some downtime and data loss. If a node on which a highly available role is running fails, everything that was not saved on the shared storage (such as in-memory state of the open client connections), are lost. Failover restarts the role based on the configuration and state of the shared storage. Clients experience this as if you turn off and then turn on a single server on which the role runs. For some highly available roles such as scale-out file server, failover is transparent and without downtime. The cluster service can fail back a highly available role that was originally running on the failed node, after you repair or recover the failed node and it is available once again. When the cluster service fails back the highly available role, it uses the same steps that it performed during failover. The cluster service takes all the resources offline, moves the role, and then brings all the resources back online. You can configure in the properties of the highly available role how many times the cluster service will attempt to fail over and then fail back the role. You can also configure the list of preferred owners for the role. Question: Does failback always follow failover when the failed node is back online?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Failover Cluster Networks

6-5

Networks and network adapters are important parts of each failover cluster implementation. You cannot configure a failover cluster without configuring the networks that the cluster will use. Because you are using a failover cluster to provide high availability, you should always have multiple network paths. We recommend that each node have multiple fast network adapters, so that you can avoid single network adapter failure and provide higher throughput. You can add adapters to the team and create multiple virtual network adapters for different purposes, such as management, internode communication, and live migration. You can also use Quality of Service (QoS) to limit the bandwidth made available to the network adapter. You can classify networks in failover clustering based on their use. You can configure the following three settings: •

Do not allow cluster network communication on this network. The nodes in the failover cluster cannot use this network for internode communication or for communication with the clients. You would typically use such a network for accessing shared storage, for example iSCSI SAN.



Allow cluster network communication on this network. The nodes in the failover cluster can use this network for intranetwork communication. For example, nodes can use this network for updating the cluster database, monitoring the health of other nodes, or for live migration data.



Allow clients to connect through this network. Clients can access the failover cluster nodes over this network, for example, to access a highly available database. (The term client refers not only to client computers accessing clustered applications, but also to remote computers that you use to administer the cluster.) You can allow clients to connect through this network only if it can be used for cluster communication as well.

Technically, it is possible to have a failover cluster node with a single network adapter that is used for all network traffic, including internode communication, client communication, and access to shared storage. However, we do not recommend having a single network adapter for all network traffic, and validation will generate a warning to alert you of a potential single point of failure. When you install the failover clustering feature, it adds the Failover Cluster Virtual Adapter to the node. This is a hidden and completely self-configuring network adapter, which provides the failover node with a fault-tolerant connection across all available network adapters. The Failover Cluster Virtual Adapter is similar to NIC Teaming for clustering, and it hides all underlying network complexity from the failover cluster; for example, when other nodes are on remote networks, or when a node obtains an IP address from a Dynamic Host Configuration Protocol (DHCP) server. You can view the Failover Cluster Virtual Adapter in Device Manager as a hidden device. The networking features in failover clustering include the following: •

The node transmits and receives a heartbeat, which is used to monitor the health status of network interfaces, and is sent over all cluster-enabled networks. The heartbeat is sent by using unicast User Datagram Protocol (UDP) traffic over port 3343.



Failover cluster nodes can be on different segments, providing there is network connectivity between them.



The Failover Cluster Virtual Adapter hidden network adapter is added to each node. This adapter is assigned a media access control (MAC) address based on the first physical adapter, and it is used to

build redundant and fault-tolerant routes to other nodes. You can also clone Windows Server computers when they have the failover clustering role installed.

MCT USE ONLY. STUDENT USE PROHIBITED

6-6 Implementing Failover Clustering with Hyper-V



Failover clusters fully support IPv6 for both internode and client communication.



Cluster nodes can use static or dynamic IP addresses. If some nodes in a failover cluster use static IP addresses, and if others are configured with dynamic IP settings, validation will report an error. Failover Cluster Networking Essentials http://go.microsoft.com/fwlink/?LinkID=386716 Question: Do you need to manually put network adapters in a failover clustering node in a NIC team?

Failover Cluster Storage Failover cluster deployments require shared storage to provide consistent data and configuration for the highly available applications. When data is stored on a shared storage, this data is still available, even when the node on which the cluster role is running fails. This means that another node can access the same data and restart the cluster role from where the first node wrote data on the shared storage. There are different options for shared storage in Windows Server: •

Serial Attached SCSI. You can use Serial Attached SCSI storage to connect shared storage to two failover nodes that are located close to the Serial Attached SCSI storage. If the failover cluster will have multiple nodes, or if distance to the storage will be more than 10 meters (30 feet), you should consider a different option for shared storage.



iSCSI. Servers access iSCSI SANs by sending SCSI commands over an IP network. Performance is acceptable over fast 10 gigabits per second (Gbps) or slower 1 Gbps networks. iSCSI is not limited by the length or the number of servers that access the storage. The physical medium for data transmission is Ethernet, and no special hardware is required. You can build an iSCSI SAN by using the iSCSI target feature, which is part of Windows Server 2012 R2.



Fibre Channel. Fibre Channel SANs require special network infrastructure for accessing the storage. They often have better performance than iSCSI storage, but they are considerably more expensive to implement.



Fibre Channel over Ethernet. This network technology encapsulates Fibre Channel traffic over Ethernet networks. This enables Fibre Channel to use high-speed Ethernet networks, while preserving the Fibre Channel protocol.

You can also use SMB 3.0 file shares as shared storage for servers that are running Hyper-V, regardless of whether they are part of failover cluster nodes. Servers can access storage on a SAN as a LUN, or as a CSV. When you are considering shared storage for the failover cluster, you should consider using it as a CSV. This is because it provides many benefits, such as simultaneous access from multiple failover cluster nodes, and more efficient use of the storage space.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

When you choose the storage type, you should consider the following storage requirements:

6-7



A failover cluster does not support dynamic disks for a shared storage. You should therefore use basic disks for the shared storage, and not dynamic.



As a best practice, use NTFS file system on all failover node volumes. If the volume is on shared storage and you will use it as CSVs, you must format it by using NTFS file system.



If you will use disk witness for your quorum, you can format the volume with either NTFS file system or Resilient File System (ReFS).



You can use either master boot record (MBR) or GUID partition table (GPT) partition style for the disks in a failover cluster node.



Storage must support the SCSI-3 standard. Failover clusters require that storage supports persistent reservations commands so that storage spaces can be properly managed as clustered disks, and those commands are part of the SCSI-3 standard.



Confirm storage compatibility. You should verify that that the storage, drivers, firmware, and software used for the storage are compatible with failover clusters in Windows Server 2012.



Isolate storage devices, one cluster per device. You should not allow nodes from different failover clusters to access the same storage. You can achieve this by using LUN masking or zoning. This prevents LUNs that you use on one failover cluster from being accessible from another failover cluster.



Use Multipath I/O (MPIO) and teamed network adapters. This will provide the highest level of redundancy and availability for accessing the storage.



Consider using storage spaces. Storage spaces virtualize access to the storage and provide resilient and highly available shared storage. Failover Clustering Hardware Requirements and Storage Options http://go.microsoft.com/fwlink/?LinkID=386727 Question: Can you use a network-attached storage (NAS) device as a shared storage for a failover cluster?

What Is CSV? In a classic failover cluster deployment, only a single failover cluster node can access and use LUN on the shared storage at any given time. This means that other failover cluster nodes cannot access the same LUN, and that multiple LUNs are used for different highly available applications on different nodes. A LUN is also the smallest unit of failover. If multiple virtual machines are stored on the same LUN, they all fail over to another node, and it is not possible to fail over just one of them.

CSV is a technology that enables multiple nodes to access a single LUN concurrently. CSV provides a distributed file access solution, which enables multiple nodes to access the same NTFS file system simultaneously. CSV has multiple files. All failover cluster nodes can access CSV at the same time, but

MCT USE ONLY. STUDENT USE PROHIBITED

6-8 Implementing Failover Clustering with Hyper-V

each node can only access a different file on the CSV. Nodes cannot access the same file at the same time, even when it is stored on CSV. In Windows Server 2008 R2, CSV was supported only for storing virtual machine files. This way, you could have multiple virtual machines on the same storage, with each virtual machine running on a different node. CSV also enables individual virtual machines to fail over between failover cluster nodes. This provides better use of storage space, because you no longer have to maintain multiple LUNs, one per each virtual machine.

CSVs in Windows Server 2012

Windows Server 2012 offers improvements to CSV. It now supports roles other than just Hyper- V, such as file server, or Microsoft SQL Server 2014. Windows Server 2012 also adds support for CSV cache, which allows allocation of system memory as a write-through cache. Other improvements in CSVs are: •

CSV file system. CSV volumes appear as if they are using a CSV file system. This is not a new file system, the underlying technology is still NTFS, and CSV volumes are formatted with NTFS. However, based on the file system, applications can discover that they are running on CSV.



Simplified CSV setup. CSV is integrated into the Failover Cluster Manager Storage view, and you do not need to enable it explicitly. Instead, you can simply right-click a disk, and then add it to CSV.



Support for BitLocker. You can use BitLocker to encrypt a shared CSV volume, and protect data. Each node performs decryption by using the computer account for the cluster server.



Integration with SMB Multichannel and SMB Direct. This enables CSV traffic to stream across multiple networks in the cluster, and to utilize network adapters that support Remote Direct Memory Access (RDMA).



Integration with the Storage Spaces feature in Windows Server 2012. This enables failover cluster to use virtualized storage on clusters of inexpensive disks.



Ability to scan and repair volumes. CSVs can scan and repair volumes without moving storage offline. Understanding Cluster Shared Volumes in a Failover Cluster http://go.microsoft.com/fwlink/?LinkID=386719 Question: Can you format a CSV by using a CSV file system?

What Is a Quorum? A failover cluster can have up to 64 failover cluster nodes. A quorum is the consensus that enough nodes are online and that the cluster can continue running. Each node has one vote. If there is an even number of nodes, then votes from the witness element, which can be either a file share witness or a disk witness, is also counted. Quorum mode defines who will have a vote, and until Windows Server 2012, that configuration was static. Each voting element contains a copy of the cluster configuration, and the cluster service keeps all copies synchronized at all times.

A failover cluster stops providing failover protection if the quorum does not have more than half of the votes. This means that most of the nodes have failed, or they are not able to vote because of some other

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-9

problem such as a network connectivity issue. Without a quorum, each set of nodes could continue to operate as a failover cluster, even if it would have half of the nodes or less, which could result in creation of two cluster instances from a single failover cluster. A quorum prevents such a splitting of a failover cluster into two parts, where each part would continue to operate as a failover cluster concurrently.

If the available nodes do not achieve majority, then the vote of the witness becomes crucial. Quorum mode, which is configured at the failover cluster level, defines which elements can vote. If the number of votes drops below the majority, the cluster stops running and does not provide failover protection if there is a node failure. Nodes continue to listen for the presence of other nodes, in case another node appears again on the network. However, nodes will not function until a majority consensus or quorum is achieved. Note: Failover cluster functionality depends not only on a quorum, but also on the resources available to cluster nodes and their ability to run cluster services that fail over to that node. For example, a cluster with five nodes will still have a quorum even if two nodes fail. However, each remaining cluster node will continue serving clients only if it has enough resources to run cluster roles that failed over to the remaining three nodes. These resources include storage space, processing power, network bandwidth, and memory. You can configure priority, preferred hosts, and anti-affinity to decide the nodes on which the cluster role can run.

Quorum Modes in Windows Server 2012 Windows Server 2012 R2 supports the following quorum modes: •

Node Majority. Each failover cluster node that is online and has network connectivity can vote. Only failover cluster nodes have a vote, and the cluster provides its services only when the quorum has majority, with more than half the votes. This is the default quorum mode when the cluster has an odd number of nodes and a witness is not necessary, such as when all nodes are located in the same site.



Node and Disk, or Node and File Share Majority. Each failover cluster node and a witness, which is either a disk or file share, can vote when they are online and have network connectivity. The cluster provides its services only when quorum has majority of the votes. This quorum model is appropriate when the failover cluster has an even number of nodes.



No Majority: Disk Only. The cluster has a quorum if at least one node is available and it has connectivity with a specific disk in the failover cluster storage. Only nodes that can communicate with that disk can join the cluster.

Note: If the disk in the No Majority: Disk Only quorum model is not available, the cluster will stop functioning, even if all nodes are still available. In this mode, a quorum-shared disk is a single point of failure. Therefore, use of this mode is not recommended.

Except for the No Majority: Disk Only quorum mode, all quorum modes are based on a simple majority vote model. As long as a quorum has majority of the votes, the cluster continues to accept client requests. For example, if there are five votes in the cluster, the cluster continues to accept requests as long as the quorum has at least three votes, and the source of the votes is not relevant. A quorum can get a vote from a failover cluster node, a disk witness, or a file-share witness. The failover cluster stops answering requests if the quorum does not receive the majority of the votes. In the No Majority: Disk Only mode, the quorum-shared disk can veto all other possible votes. In this mode, the cluster will continue to function as long as the quorum-shared disk and at least one node are available.

Cluster Node Weights and Dynamic Quorum

MCT USE ONLY. STUDENT USE PROHIBITED

6-10 Implementing Failover Clustering with Hyper-V

Failover clustering in Windows Server 2012 introduces two new concepts regarding quorum: cluster node weights, and dynamic quorum. The concept of cluster node weight is used primarily in environments where failover nodes are located in multiple physical locations. In such environments, you might want the failover cluster running at the primary location even if the failover cluster nodes at the recovery location are not available. To accomplish this, you can assign node weights of 0 for the failover cluster nodes at the recovery location, which effectively revokes their default ability to participate in the quorum voting. For example, if you have a four-node failover cluster and you assign node numbers 3 and 4 a weight of 0, they would not participate in the calculation of a quorum, and only nodes 1 and 2 would participate. If both nodes 3 and 4 were to fail, the failover cluster would continue to work, even if only nodes 1 and 2 are available. Dynamic quorum provides higher availability within a failover cluster by continuously monitoring and adjusting the quorum model based on the available cluster nodes. Cluster quorum calculation is adjusted each time the number of nodes changes, so that even if a failover cluster has less than 50 percent of the original number of nodes, the failover cluster continues to work and cluster roles are still available. With dynamic quorum enabled, a failover cluster can survive with only one node up and running. The only limiting factor is the availability of enough resources such as memory and processor to support the workload. The dynamic quorum model is enabled by default. Windows Server 2012 R2 includes several quorum enhancements, including: •

Dynamic witness. If a failover cluster is configured to use dynamic quorum, which is the default configuration, the witness vote is also dynamically adjusted based on the number of voting nodes in the failover cluster. If the failover cluster has an odd number of votes, the quorum witness does not have a vote. If the failover cluster has an even number of votes, the quorum witness has a vote. The quorum witness vote is also dynamically adjusted based on the state of the witness resource. If the witness resource is offline or has failed, then the witness does not have a vote.



Tie breaker for 50 percent node split. Failover cluster can dynamically adjust a node's vote to keep the total number of votes at an odd number. To maintain an odd number of votes, the failover cluster will first adjust the quorum witness vote through dynamic witness. If a quorum witness is not available, then the failover cluster can adjust a node's vote. There is also a new failover cluster property that you can use to determine which site survives if there is a 50 percent node split and neither site has quorum.



Quorum user interface improvements. Failover Cluster Manager shows the assigned quorum vote and the current quorum vote for each failover cluster node. Configure and Manage the Quorum in a Windows Server 2012 Failover Cluster http://go.microsoft.com/fwlink/?LinkID=386728 Question: Can a failover cluster that originally had six nodes still run cluster roles if three nodes fail and only three nodes remain online?

What Is Encrypted Cluster Volume? Failover clusters can store sensitive data on shared storage. With Windows Server 2012, you can protect the data on shared storage by using BitLocker-encrypted volumes. BitLocker encryption adds an additional layer of protection for sensitive, highly available data, and you can use it to encrypt both physical disks and CSVs. You can protect data volumes by using BitLocker prior to adding them to the failover cluster, or after they are already in use in the failover cluster. Using BitLocker encryption helps to provides physical security for deployments outside secure data centers, and meets compliance requirements for volume-level encryption.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-11

You can use BitLocker encryption with physical disk resources such as a LUN on a SAN, NAS, or with a CSV. You can turn on BitLocker prior to adding the disk to the storage pool within a cluster. Otherwise, you will need to put the resource into maintenance mode before you can perform BitLocker encryption.

When you use BitLocker on a stand-alone server, the BitLocker protector is stored locally. However, when you use BitLocker encryption in a failover cluster, multiple cluster nodes must be able to access the encrypted volume, and because of this, an Active Directory-based protector is used. You must add the failover cluster Active Directory Domain Services (AD DS) identity as a BitLocker protector to the target disk volumes.

You can manage BitLocker on a failover cluster by either using Windows PowerShell, or by using the Manage-bde.exe command. BitLocker encryption introduces minimal (less than one percent) performance overhead. Before you can use BitLocker in a failover cluster, the following prerequisites must be met: •

Windows Server 2012 or a newer Windows Server operating system with the Failover Clustering feature must be installed and configured on each failover cluster node.



Domain controller running Windows Server 2012 or a newer Windows Server operating system must be reachable from all failover cluster nodes.



BitLocker must be installed on all failover cluster nodes.



Manage-BDE.exe or the BitLocker module for Windows PowerShell must be available to configure BitLocker-encrypted volumes in failover cluster. How to Configure BitLocker Encrypted Clustered Disks in Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=386710 Question: Can you protect data on shared storage by using an encrypted cluster volume if the failover cluster is a member of an AD DS domain with a Windows Server 2008 R2 domain-functional level?

Lesson 2

Configuring and Using Shared Storage

MCT USE ONLY. STUDENT USE PROHIBITED

6-12 Implementing Failover Clustering with Hyper-V

Each node in a failover cluster has local storage on which the operating system and applications are installed. Each node should have access to shared storage, where it can store application configuration information and data. Shared storage is useful in enabling a failover cluster node to continue the cluster service from the point at which it was before the originating node failed.

In this lesson, you will learn how you can use an SMB 3.0 file share as a shared storage for virtual machines, and how you can install and configure an iSCSI target for use by a failover cluster. You will also learn about virtual hard disk sharing, which enables virtual machines to use a virtual hard disk on a highly available location as a shared storage.

Lesson Objectives After completing this lesson, you will be able to: •

Describe the requirements and process of storing virtual machines on an SMB 3.0 file share.



Explain the benefits and use of scale-out file servers.



Describe iSCSI.



Describe the iSCSI target server.



Use an iSCSI target server.



Describe the considerations for implementing iSCSI storage.



Explain how to use virtual hard disk sharing as shared storage.

Storing a Virtual Machine on an SMB 3.0 Shared Folder In the past, if you wanted to run a virtual machine, its data files should have been stored either locally, or on the block storage on the SAN. However, in Windows Server 2012 and newer versions, you can use also SMB 3.0 file shares for storing data files of running virtual machines, which include configuration data, virtual hard disks, checkpoints, and smart paging. Using of SMB 3.0 has many advantages, because you can use the existing knowledge, networking, and server infrastructure, in addition to benefitting from SMB 3.0 features such as SMB transparent failover, SMB scale-out, and SMB multichannel.

Considerations for Use of SMB 3.0

SMB 3.0 file shares can have similar performance and reliability as SANs. Before using them, you should be aware of the following considerations: •

AD DS forest infrastructure is required if you want to use SMB 3.0 file shares. You need to grant permissions for the SMB 3.0 file share to the Hyper-V host computer account, which is created only in a domain environment.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-13



The file server must support SMB 3.0 protocol, which means that it must have Windows Server 2012 or a newer Windows Server operating system installed. You can use also non-Microsoft file servers, if they support the SMB 3.0 protocol. Hyper-V does not block older versions of SMB, but Hyper-V Best Practice Analyzer raises an alert when it detects an older version of SMB.



Loopback configurations are not supported. These are configurations in which the Hyper-V host is used as the file server, and is configured to use local SMB 3.0 file shares for storing virtual machines.



When Hyper-V is running in a failover cluster, it must not store virtual machines on the file server in the same failover cluster. Instead, it must use a file server in another failover cluster or stand-alone file server. This is because when a failover node fails, it could potentially result in the Hyper-V and file server roles running on the same failover cluster node.



We recommend that the Hyper-V host stores virtual machines on a continuously available file share on a file server in the failover cluster, and not on a stand-alone file server.

Configuration Steps

The two most important steps when configuring an SMB 3.0 file share for storing virtual machines are: •

Select the SMB Share - Applications profile for the shared folder. You can configure this profile when creating the shared folder by using Server Manager. You will notice that you cannot enable accessbased enumeration or allow caching, because those features are not supported with this share profile.



Configure the appropriate NTFS file system and share permissions. The necessary permissions include allowing Full Control for the Hyper-V host and Hyper-V Administrators. If Hyper-V is running in a failover cluster, the computer account for the failover cluster must also have Full Control permissions on the SMB 3.0 file share.

You can also create a shared folder and grant the permissions by using Windows PowerShell. You can create a shared folder for C:\VMs, and grant Full Permissions for the LON-HOST1 account and local Hyper-V Administrators group by running the following Windows PowerShell cmdlets: New-SmbShare -Name VMs -Path C:\VMs -FullAccess Adatum\LON-HOST1$, "Hyper-V administrators" (Get-SmbShare VMs).PresetPathAcl | Set-Acl

Deploy Hyper-V over SMB http://go.microsoft.com/fwlink/?LinkID=386725 Question: Can you store a virtual machine on a shared folder on a Windows Server 2008 R2 file server?

Using a Scale-Out File Server Scale-out file server is one of the failover cluster server roles. Unlike other roles whose behavior in the cluster is the same as on stand-alone server, a scale-out file server features several important improvements. When you add a file server as a cluster role, you can configure it as a file server for general use, or as a scale-out file server for application data. A file server for general use enables you to configure highly available shared folders, which are accessible on one cluster node at the time. If that node fails, another node takes ownership and clients can access the shared folder through that node. Although shared folders are highly available, clients always access them through a single node.

Benefits of Scale-Out File Servers

MCT USE ONLY. STUDENT USE PROHIBITED

6-14 Implementing Failover Clustering with Hyper-V

A scale-out file server has a different approach. Multiple failover nodes can host this role simultaneously, and they all provide access to the data on the same CSV. One node coordinates write operations, and any node on the failover cluster can read the data files on the CSV. This means that if you add a node to a scale-out file server, you increase the total bandwidth that is available for accessing the shared folders. This cluster role is sometimes referred to as an active-active file server, because shared folders can be accessed through multiple nodes. A scale-out file server provides the following benefits: •

Ability to scale capacity dynamically. Because clients can access shared folders through multiple nodes, if the number of clients increases, you can add an additional node to the scale-out file server. You can build a scale-out file server with only two nodes, and you can expand it with additional nodes as needed.



Higher Utilization. All failover cluster nodes can accept and serve client requests for all scale-out shared folders. When you combine their bandwidth and processor power, you can achieve higher utilization rates than with any single node. A single failover cluster node is no longer a potential bottleneck, because a scale-out file server can support as many clients as the shared storage can manage.



Non-disruptive maintenance and updates. When you need to check the disk, perform maintenance, update, or restart a failover cluster node, the scale-out file server is available without an interruption. This is also true for file server for general use.



CSV cache. You can use this feature to allocate system memory as a write-through cache. The CSV cache provides caching of read-only data, which can improve performance for applications such as Hyper-V, when accessing virtual hard disks. CSV cache performs caching at the block level, and not at the file level.



Automatic rebalancing of the clients. SMB client connections are tracked per shared folder, instead of per server as it was before Windows Server 2012 R2. Clients are redirected to the failover cluster node with the best access to the volume used by the shared folder. This improves efficiency by reducing redirection traffic between file server nodes.



Support for multiple SMB instances. A default SMB instance manages incoming SMB client traffic, while an additional SMB instance is created on each failover cluster node to manage only internode CSV traffic. This feature improves scalability and reliability of traffic between CSV nodes.



MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-15

Simpler management. You can view and manage file server, storage, and networking by using Server Manager. You can also manage the scale-out file server by using Windows PowerShell.

Note: Clients must support the SMB 3.0 protocol to utilize all the benefits of the scale-out file server. Older clients such as the Windows 7 operating system or Windows Server 2008 R2, which support SMB 2.x, are able to connect to scale-out shared folders. However, they cannot benefit from the SMB transparent failover functionality. Scale-Out File Server for Application Data Overview http://go.microsoft.com/fwlink/?LinkID=386722 Storage and Availability Improvements in Windows Server 2012 R2 http://go.microsoft.com/fwlink/?LinkID=386715 Question: Does a file server cluster for general use support more clients than a stand-alone file server?

What Is iSCSI? iSCSI is a client-server protocol that enables access to remote, small computer system interface (SCSI)–based devices over a TCP/IP network. You can use iSCSI for encapsulating and sending standard SCSI commands over IP networks to any target device that supports SCSI commands. You can use iSCSI to transmit data over local area networks (LANs), wide area networks (WANs), or even over the Internet. The Windows operating system has implemented iSCSI only for accessing block storage devices, and uses the iSCSI initiator to access storage on iSCSI SANs, but not other remote SCSI devices.

iSCSI relies on standard Ethernet networking and does not require any special hardware. It uses the TCP/IP protocol and TCP port 3260 by default to send SCSI commands and transfer data. This means that iSCSI enables two hosts that are communicating over the network to negotiate the session and connection parameters, and then exchange SCSI commands and data as they would were they locally connected. iSCSI emulates a local storage subsystem over LANs and WANs, and provides access to the SAN as if it were a locally attached disk. Unlike Fibre Channel, iSCSI does not require a separate network, and you can run it over the existing IP network infrastructure. Although not required, as a best practice you should use a dedicated and highly available network for iSCSI traffic. An iSCSI deployment includes the following: •

TCP/IP network. You can use standard network infrastructure for connecting servers to iSCSI storage devices. To provide expected performance, the network should be fast, at least 1 Gbps. Understand that with iSCSI, all storage access, read, and write operations happen over the network and not locally. You should also consider having multiple paths between the server and iSCSI storage for redundancy.

MCT USE ONLY. STUDENT USE PROHIBITED

6-16 Implementing Failover Clustering with Hyper-V



iSCSI target. iSCSI targets present and advertise local storage as a network block device, as an iSCSI SAN. Many storage vendors implement hardware-level iSCSI targets as part of their storage appliances. Windows Server 2012 includes iSCSI target server as a role service. Because it is critical for storage to be available constantly, you should implement an iSCSI target server as a failover cluster role to make it highly available. To provide network redundancy, you should also configure the MPIO feature to use multiple paths between the server and iSCSI target.



iSCSI initiator. The iSCSI initiator is an iSCSI client that connects to the remote iSCSI target and presents it as a locally attached disk. Windows client and Windows Server operating systems include iSCSI initiator, and can connect to iSCSI targets. To use an iSCSI initiator, the iSCSI service must be running. Because this service is not running by default, you should start it before you start using an iSCSI initiator.



iSCSI qualified name. iSCSI qualified names are globally unique identifiers that address initiators and targets on an iSCSI network. When you configure an iSCSI target, you must configure it with an iSCSI qualified name. Understanding Microsoft iSCSI Initiator Features and Components http://go.microsoft.com/fwlink/?LinkID=386721 Question: What must you enable and configure in Windows Server 2012 R2 to be able to use storage on an iSCSI SAN?

What Is an iSCSI Target Server? When you install and configure the iSCSI target server role service, Windows Server 2012 R2 can present locally attached storage as an iSCSI block storage device to the clients. By using an iSCSI target server, you can create virtual disks that are similar to LUNs on physical SANs, and expose them as SCSI Logical Units (LUs) to iSCSI initiators. Virtual disks created by using an iSCSI target server have similar names as the virtual hard disks used by Hyper-V, because they use the same .vhdx format, and they share the same characteristics and 64 terabyte (TB) size limits as virtual hard disks. They also can be of the same types as virtual hard disks: fixed size, dynamically expanding, or differencing.

When you create a fixed-size virtual disk, you can clear it on allocation. This means that its entire content is filled with zero values, which removes any fragments of data that might remain on the underlying storage.

After you create a virtual disk, you can assign it to the iSCSI target to make it available to the iSCSI initiators over the network. You can identify the initiators that can access the logical unit by providing their iSCSI qualified name, Domain Name System (DNS) name, IP address or MAC address, or by querying the initiator computer for ID, which is supported only for Windows Server 2012, or for Windows 8 or newer computers that are members of the same AD DS forest. You can also enable the Challenge Handshake Authentication Protocol (CHAP) to authenticate initial connection and iSCSI target. After the client iSCSI initiator connects to the logical unit, it can start using it as a locally attached disk, which means initializing the disk, creating volumes, formatting them, and storing data. If the client is

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-17

running out of space on the logical unit, you can provide it with additional space by extending the virtual disk. Conversely, if the logical unit has too much space for client needs, you can shrink the virtual disk. You can perform both operations online, while the client is connected to the iSCSI target. The iSCSI target server also enables backup applications that are connected to an iSCSI target and are using Volume Shadow Copy Service (VSS) to complete the application-consistent snapshot, while the application is accessing the logical unit. The iSCSI target VSS hardware provider communicates with the iSCSI target server during the VSS snapshot process, and ensures that the snapshot is application-consistent.

The iSCSI target server includes a Storage Management Initiative – Specification provider, which is an industry standard for discovery and management of heterogeneous storage systems. For example, VMM can use functionality to perform the following actions on iSCSI target server: •

Discover and list iSCSI targets and their properties.



Discover and list iSCSI logical units and their properties.



Create new and delete existing iSCSI logical units.



Add storage capacity to a Hyper-V failover cluster.



List, create, and delete logical unit snapshots.



Mask and unmask logical units on an iSCSI target.

You can manage the iSCSI target server by using Server Manager, or by using Windows PowerShell cmdlets. For example, you can create a new virtual disk by running the following Windows PowerShell cmdlet: New-IscsiVirtualDisk

You can create a new iSCSI target by running the following cmdlet: New-IscsiServerTarget

You can add a virtual disk to an iSCSI target by running the following cmdlet: Add-IscsiVirtualDiskTargetMapping

Introduction of iSCSI Target in Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=386711 iSCSI Target Server in Windows Server 2012 R2 http://go.microsoft.com/fwlink/?LinkID=386712 Question: Can you use an iSCSI target server on Windows Server 2012 R2 to provide storage to a server that is running a non-Microsoft operating system?

Demonstration: Using an iSCSI Target Server In this demonstration, you will see how to use an iSCSI target server.

Demonstration Steps 1.

On LON-HOST1, add LON-SS1 to All Servers.

2.

Use Server Manager to add an iSCSI Virtual disk with following data:

3.

4.

5.

o

Location: E:\

o

iSCSI virtual disk name: Disk11

o

iSCSI virtual disk size: 15 GB

o

iSCSI virtual disk type: Dynamically expanding

Connect the iSCSI virtual disk to the New iSCSI target with following data: o

Target name: Lab6-Host1

o

Access servers: LON-HOST1 and LON-HOST2

MCT USE ONLY. STUDENT USE PROHIBITED

6-18 Implementing Failover Clustering with Hyper-V

Use the Windows PowerShell New-IscsiVirtualDisk cmdlet to create new virtual disk with following parameters: o

Path: C:\iSCSIVirtualDisks\Disk12.vhdx

o

Size: 15 GB

o

ComputerName: LON-SS1

Use the Windows PowerShell Add-IscsiVirtualDiskTargetMapping cmdlet to add a virtual disk to an iSCSI target with the following parameters: o

TargetName: Lab6-Host1

o

Path: C:\iSCSIVirtualDisks\Disk12.vhdx

o

ComputerName: LON-SS1

6.

Refresh Server Manager, and confirm that virtual disk Disk12.vhdx now displays and it is mapped to the Lab6-Host1 target.

7.

On LON-HOST1, open iSCSI Initiator and connect to the Lab6-Host1 target on the LON-SS1 iSCSI target server. Disconnect any previously connected targets.

8.

Use Disk Management to confirm that two disks are now added, that they have a size of 15 GB, and they are all Offline. Note that these are the virtual disks that you just added on the iSCSI target.

Considerations for Implementing iSCSI Storage iSCSI storage is presented as a locally attached disk, although all communication with the storage is over the network. Therefore, it is critical that storage is accessible at all times. When you are planning the iSCSI implementation, you should be aware of the following best practices:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-19



Use a fast network for iSCSI communication. This network will be used for sending SCSI commands and transferring data to and from storage, similar to a local bus for the locally attached storage. You should use at least a 1 Gbps dedicated network for iSCSI. If you use a shared physical network, then you should use QoS policies to ensure that iSCSI is allocated adequate bandwidth. In addition, configure network cards to use jumbo frames on the iSCSI network.



Data for the mission-critical workload will be stored on the shared iSCSI storage. Therefore, redundancy is very important. iSCSI SAN appliances have redundancy built into them, but when you use iSCSI target software, you should add the iSCSI target as a cluster role in a failover cluster. You should also ensure that multiple network paths exist between the servers and the storage, and you should install and configure the MPIO feature in Windows Server 2012. Be sure to also consider network equipment such as switches and routers, and ensure that they have redundancy as well.



In enterprise environments, you should consider implementing a Microsoft Internet Storage Name Service (iSNS) server, which is used for discovering storage devices on an Ethernet network. iSNS provides automated discovery, management, and configuration of iSCSI devices on a TCP/IP network.



Implement security for iSCSI devices. This includes configuring iSCSI targets to allow only connections from approved initiators, configuring authentication for iSCSI traffic, and encrypting iSCSI traffic if required. Be aware that encryption requires additional overhead, and you should offload it to network equipment.



Read the vendor-specific best practices for implementing iSCSI storage, and for using it with your applications, such as Hyper-V. Question: How can you control which iSCSI initiators can connect and use an iSCSI target?

Using Virtual Hard Disk Sharing as Shared Storage You can implement failover clustering either at the Hyper-V host level or at the virtual machine level, or you can combine them. Failover clustering at the host level provides high availability for virtual machines. If a virtual machine stops responding or loses network connectivity, it fails over automatically to a different node. Failover clustering at the virtual machine level ensures that cluster roles inside a virtual machine (such as scale-out file server, DHCP server, or generic application), are highly available. If the cluster role is no longer responsive, it fails over automatically to a different virtual machine that is configured as a failover

MCT USE ONLY. STUDENT USE PROHIBITED

6-20 Implementing Failover Clustering with Hyper-V

clustering node. This virtual machine must be running either on the same Hyper-V host, or on a different one. When you use failover clustering at both levels, you realize many benefits. However, you also realize the downside of increased complexity. Virtual machines and the cluster roles are highly available. To provide failover clustering functionality, you need shared storage for the quorum, for cluster roles configuration, and for data storage. You can use iSCSI or Fibre Channel SAN as a shared storage with Hyper-V failover clustering, in addition to an SMB 3.0 file share. You can also use both SAN types with virtual machine clustering.

Windows Server 2012 R2 introduces a third option—you can use virtual hard disk sharing and use that disk as shared storage. Virtual hard disk sharing presents a disk as a Serial Attached SCSI disk, and failover clustering can then use it as a shared storage.

The following table shows a comparison between iSCSI, Fibre Channel, and virtual hard disk sharing when used for virtual machine shared storage: Capability

Shared .vhdx

Virtual Fibre Channel

ISCSI in a virtual machine

Supported storage

Storage Spaces, Serial Attached SCSI, Fibre Channel, iSCSI, SMB

Fibre Channel SAN

iSCSI SAN

How is storage presented in virtual machine

Virtual Serial Attached SCSI

Virtual Fibre Channel LUN

iSCSI LUN

Data flows through the HyperV switch

No

No

Yes

Storage is configured at the Hyper-V host level

Yes

Yes

No

Provides low latency and low CPU use

Yes (RDMA or Fibre Channel)

Yes (Fibre Channel)

No

Requires specific hardware

No

Yes

No

Switch must be reconfigured when virtual machine is migrated

No

Yes

No

Exposes storage architecture

No

Yes

Yes

Before you can use a shared virtual hard disk as a shared storage, you must first meet the following requirements: •

The virtual hard disk must use .vhdx format. You can enable virtual hard disk sharing only on .vhdx disks, and not on virtual hard disks that use the .vhd format.



The virtual hard disk must be connected to a SCSI virtual controller. You cannot enable virtual hard disk sharing for disks that are connected to a virtual IDE adapter.



A shared virtual hard disk can only store data, and you cannot start a virtual machine from it. This is also true for Generation 2 virtual machines, which can start from the virtual SCSI controller.



A shared virtual hard disk must be stored on a highly available location, either on scale-out file server share, or on CSV. If a virtual hard disk is stored locally or on the SMB 3.0 file share, you cannot enable virtual hard disk sharing.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-21



You can enable virtual hard disk sharing only if the virtual machine is turned off. Although you can add or remove virtual hard disks to a virtual SCSI adapter while the virtual machine is running, you can enable or disable virtual hard disk sharing only when the virtual machine is turned off.



To be able to use virtual hard disk sharing, the virtual machine must be running a supported Windows Server operating system, and it must have the latest version of integration services installed. Supported operating systems are currently Windows Server 2012 and Windows Server 2012 R2. You cannot use shared virtual hard disks from client operating systems or older Windows Server operating systems.

You can enable virtual hard disk sharing from the advanced settings of the virtual hard disk in Hyper-V Manager, or by using the Windows PowerShell Add-VMHardDiskDrive cmdlet with the ShareVirtualDisk parameter. For example, if you want to add shared virtual hard disk named disk1.vhd, which is located on the highly available share \\LON-HOST1\files, to a virtual machine named VM1, you would run the following cmdlet: Add-VMHardDiskDrive -VMName VM1 -Path \\LON-HOST1\files\Disk1.vhdx -ShareVirtualDisk

Deploy a Guest Cluster Using a Shared Virtual Hard Disk http://go.microsoft.com/fwlink/?LinkID=386720 Question: Do you need to install anything into the virtual machine to enable virtual hard disk sharing?

Lesson 3

Implementing and Managing Failover Clustering with Hyper-V

MCT USE ONLY. STUDENT USE PROHIBITED

6-22 Implementing Failover Clustering with Hyper-V

Failover clustering provides high availability for virtual machines. Making virtual machines highly available is similar to making any other role highly available. You should first install servers, configure the shared storage, install the Hyper-V role on all the servers that will run virtualization load, validate and create cluster, and then create highly available virtual machines. You should ensure that all virtual machine data files are on shared storage, otherwise the virtual machine will not be highly available. When configuring the virtual machine cluster role, you will notice that many configuration settings such as priority, failover, and failback, are the same as for the other cluster roles. However, some other settings such as monitoring virtual machine heartbeat and applications, or network connectivity are specific to virtual machines. For running virtual machines in a failover cluster, you do not need any additional cluster roles, but when you want to replicate a virtual machine to a failover cluster node, you should first add the Hyper-V Replica Broker cluster role to a failover cluster.

Lesson Objectives After completing this lesson, you will be able to: •

Describe the steps for failover cluster implementation.



Describe Hyper-V validation tests.



Create a failover cluster.



Describe the configuration of highly available virtual machines.



Describe virtual machine monitoring.



Create and manage a virtual machine clustered role.



Describe the Hyper-V Replica Broker role.



Describe cluster-aware updating.

Implementing a Failover Cluster Before you can implement a failover cluster, you must have all required infrastructure available, such as AD DS domain and server hardware. To implement a failover cluster, you must complete the following high-level steps: 1.

Install and configure servers that will become failover cluster nodes. You should verify that servers use the same hardware, including processors and network adapters. You should also ensure that you install the same Windows Server operating system version on all servers. Ensure also that you install the Failover Cluster feature on all servers.

2.

Configure shared storage. This includes configuring the storage, for example creating LUNs or iSCSI targets, configuring MPIO, connecting servers to the storage, and creating volumes.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-23

3.

Install roles on the servers that you want to make highly available. For example, you can install Hyper-V if you plan to create highly available virtual machines, and install file and storage services if you plan to create a scale-out file server. You need to install roles only on servers that will host the cluster role. For example, if you plan to have an eight-node failover cluster, but virtual machines will run on only five nodes, you should install the Hyper-V role on only five servers.

4.

Validate the configuration and create a failover cluster. The failover cluster includes the Validate a Configuration Wizard, which validates all of the prerequisites for creating a failover cluster and provides warnings or errors if any component does not meet the requirements. Before you create a failover cluster, you should resolve any issues that the wizard reports. You can create a failover cluster by using the Failover Cluster Manager, or by using Windows PowerShell.

5.

Create cluster roles. These are the highly available roles that run in a failover cluster. The High Availability Wizard has several often-used cluster roles, such as file server or virtual machine. After you create the cluster role, you can test the failover by moving the role between failover cluster nodes. Deploy a Hyper-V Cluster http://go.microsoft.com/fwlink/?LinkID=386729 Question: Can you implement a failover cluster by using the Windows Server 2012 R2 Standard operating system?

Hyper-V Validation Tests The failover clustering feature includes a collection of tests, which you should perform on the failover cluster. You can run the validation process at any time before, during, or after creating a failover cluster. You should run the initial validation before creating the failover cluster, and prior to making any change to the failover cluster configuration.

To obtain Microsoft support for the failover cluster (if needed), you must have successfully validated the failover cluster. The validation process includes a series of tests to validate configuration of the nodes, including connectivity between the nodes, and connectivity and functionality of the shared storage. You require at least two nodes to run all the tests. This is because if you run the validation with a single node, several important storage tests will not be performed. You can validate a cluster as part of the cluster creating process, or you can run it later from the Failover Cluster Manager or by using the Windows PowerShell cmdlet Test-Cluster. Note: Some validation tests do not run until you create a cluster or install server roles. For example, the Cluster Configuration tests will not run until after you create the cluster, and Hyper-V tests will not run if you have not yet installed the Hyper-V role on the cluster nodes.

You can also use the cluster validation process as a troubleshooting tool on a configured cluster. When running the validation process, you can select a subset of the validation tests to help you troubleshoot. The validation process will warn you if storage tests are selected, but they will not run on a failover cluster that already has allocated storage online.

MCT USE ONLY. STUDENT USE PROHIBITED

6-24 Implementing Failover Clustering with Hyper-V

Validation is not mandatory, but we strongly recommend it as a best practice. Furthermore, validation is required if you want to have a supported failover clustering configuration. You should perform validation after each change in configuration, including the following: •

Run validation tests on the failover cluster. To have a supported configuration and to rule out configuration problems, you are required to run validation tests on the failover cluster successfully. The report shows any errors and warnings for your configuration, and what you should do to avoid them. For example, the report will warn you if there is no network redundancy or if servers are not running the same edition of the Windows Server or Windows client operating systems.



Before adding a node to a failover cluster. You should run a validation test to confirm that the server is configured properly and that it has connectivity to shared storage.



When adding new shared storage. When you add new shared storage to the cluster, you should run validation to confirm that new storage will function correctly (for example, that it supports SCSI-3 persistent reservation). To minimize the impact on availability, you should run the validation after you attach the storage, but before you begin using the new LUNs.



When updating firmware and drivers. You should run validation to confirm that the new combination of hardware, firmware, drivers, and software supports your failover cluster functionality.



After restoring a node from backup. Run the validation to confirm that the restored node can function properly as part of the failover cluster.

As part of the cluster role validation, the following tests are performed if the Hyper-V role is installed on failover cluster nodes: •

List Hyper-V Virtual Machine Information. This test lists virtual machine information for each virtual machine in the failover cluster. Test information includes the virtual machine name, the node that is hosting the virtual machine, heartbeat connectivity to the virtual machine, and the version of the installed integration services.



List Information About Servers Running Hyper-V. This test lists Hyper-V host-related information on each specified node, for example, if they are Virtual Machine Queue (VMQ)–capable and single root I/O virtualization (SR-IOV)–capable.



Validate Compatibility of virtual Fibre Channel SANs for Hyper-V. This test validates that each node in the failover cluster is configured with the same set of virtual Fibre Channel SANs.



Validate Hyper-V Integration Services Version. This test validates that all virtual machines are running the up-to-date version of the Hyper-V integration services.



Validate Hyper-V Memory Resource Pool Capability. This test validates that memory resource pools with the same names are present on all specified nodes.



Validate Hyper-V Network Resource Pool and Virtual Switch Compatibility. This test validates that all nodes in the failover cluster have the same set of network resource pools and virtual switches with the same names.



Validate Hyper-V Processor Resource Pool Compatibility. This test validates that all nodes in the failover cluster have the same set of processor resource pools.



Validate Hyper-V Role Installed. This test validates that all nodes in the failover cluster have the Hyper-V role installed.



Validate Hyper-V Storage Resource Pool Compatibility. This test validates that all nodes in the failover cluster have storage resource pools that share the same name.



Validate Hyper-V Virtual Machine Network Configuration. This test validates that all virtual machines on the failover cluster nodes are configured with cluster-compatible network settings; for example, virtual machines are configured with correct network resource pool.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-25



Validate Hyper-V Virtual Machine Storage Configuration. This test validates that all virtual machines are configured with cluster-compatible storage settings; for example, virtual machine data files are on cluster storage. If virtual Fibre Channel adapters are used, it verifies if the virtual machine is configured with at least two virtual Fibre Channel adapters.



Validate Machine Processor Manufacturers. This test validates that all failover cluster nodes use processors from the same manufacturer. Validate Hardware for a Failover Cluster http://go.microsoft.com/fwlink/?LinkID=386726 Question: Why is it important that all failover cluster nodes have processors from the same manufacturer?

Demonstration: Creating a Failover Cluster In this demonstration, you will see how to create a failover cluster.

Demonstration Steps Note: This task should be performed only on LON-HOST1. 1.

On LON-HOST1, use the Failover Cluster Manager to create a new cluster with the following data (accept default values on all other wizard pages): o

Servers in cluster: LON-HOST1, and LON-HOST2

o

Cluster Name: LON-CLUST.

o

Address: 172.16.10.105

2.

Use Active Directory Users and Computers to confirm that in the Computers container, there are computer accounts for LON-HOST1, LON-HOST2, and LON-CLUST (which was added when you created the failover cluster).

3.

On LON-HOST1, use File Explorer to confirm that the C:\ClusterStorage folder is empty.

4.

Use the Failover Cluster Manager to add Cluster Disk 2 to Cluster Shared Volumes.

5.

Use File Explorer to confirm that the C:\ClusterStorage folder now contains a mounted volume for Volume1.

Configuring Highly Available Virtual Machines A single Windows Server 2012 failover cluster can run up to 8,000 virtual machines, and each failover cluster node can run up to 1,024 virtual machines, providing it has enough resources. A highly available virtual machine must store all of its data on shared storage, which can be either a continuously available SMB 3.0 file share on scaleout file server, or a CSV.

MCT USE ONLY. STUDENT USE PROHIBITED

6-26 Implementing Failover Clustering with Hyper-V

You can create highly available virtual machines as a cluster role, either by using Windows PowerShell or by using the Failover Cluster Manager. You can also configure an existing virtual machine as highly available by using the High Availability Wizard. If the virtual machine data files are not stored on shared storage, you will receive a warning, and the virtual machine will not be highly available until you move its data to shared storage. You can configure basic properties for the highly available virtual machine on the role Properties page, The Priority setting is one of these properties, and it controls which virtual machines (or cluster roles in general) have priority over others. This is important when a failover cluster starts and when virtual machines fail over to a different node.

For example, when failover cluster starts, resources are allocated first to virtual machines with high priority, and as a result, they are started first. Only after that will virtual machines with medium priority be started. The failover cluster will continue to start virtual machines until they are all started or there are no more nodes in the failover cluster with resources available. The Priority setting is set to Medium by default, and you can change it to Low, High, and No Auto Start. When a failover cluster is placing virtual machines on the failover nodes, it uses the following rules: •

Start a virtual machine on the same node it was running on previously.



Move a virtual machine to a node that is on the virtual machine’s Preferred Owners list.



If the node on which a virtual machine was running previously is not available, the failover cluster will place the virtual machine on another node, based on available resources (primarily memory).



If a virtual machine cannot be started, the failover cluster continues to contact all the nodes every five minutes to find out if any node has enough resources available. When enough resources become available, the virtual machine is started.

You can configure the virtual machine’s Preferred Owners list on the role Properties page. The failover cluster will try to start the virtual machine on the Hyper-V host that is highest on the virtual machine’s Preferred Owners list. If it is not able to start the virtual machine on any of the preferred owners, it will try to start it on one of the possible owners, which you can configure on the Advanced Policies tab for the virtual machine’s resource properties. If the virtual machine cannot be started on any possible owners, then the failover cluster will move it to any other failover cluster node, but will not start it there. On the Failover tab of the role properties page, you can also configure failover and failback settings. You can specify the number of times that the failover cluster will attempt to restart or fail over the cluster role in the specified period, and whether the cluster role will fail back automatically to the most preferred owner when it is available again.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-27

On the Settings tab of the virtual machine’s resource properties page, you can configure two settings regarding virtual machine health monitoring, both of which are enabled by default: •

Enable heartbeat monitoring for the virtual machine. This setting enables the failover cluster to periodically check the Heartbeat integration service in the virtual machine. If the heartbeat stops, it can restart and fail over the virtual machine.



Enable automatic recovery for application health monitoring. This setting enables you to configure application health monitoring for applications and services that are running inside the virtual machine.

When you want to prevent virtual machines from running on the same Hyper-V host, you can use anti-affinity. Some examples include when virtual machines use a significant amount of resources, or because a company policy requires that they never run on the same physical host. The failover cluster will move virtual machines that have the same AntiAffinityClassNames property to different failover cluster nodes. You can configure this property by using Windows PowerShell, or by using VMM, in which AntiAffinityClassNames is called availability sets. You cannot configure it by using Failover Cluster Manager. Clustered Role and Resource Properties http://go.microsoft.com/fwlink/?LinkID=386718 AntiAffinityClassNames http://go.microsoft.com/fwlink/?LinkID=386717 Question: Will a virtual machine ever fail over to a node that is not on either its preferred owners list or its possible owners list?

Virtual Machine Monitoring Failover clusters provide high availability for the roles that are configured in that cluster. Failover clusters also monitor the roles, and take action when there is an issue with role availability. A virtual machine is one of the cluster roles and when a virtual machine does not respond to a heartbeat, the failover cluster can restart or fail over the virtual machine to a different cluster node.

Prior to Windows Server 2012, a failover cluster was not able to monitor applications that were running inside a virtual machine. For example, if you used a virtual machine as a print server, the failover cluster was not able to detect if the Print Spooler service in the virtual machine had stopped. As a result, the failover cluster would not take any action, even though the print server did not work, because the virtual machine was still responding to a heartbeat. Failover clustering in Windows Server 2012 has the ability to monitor and detect application health for applications and services that run inside a virtual machine. If a service in a virtual machine stops responding, or if an event is added to the System, Application, or Security logs, the failover cluster can take actions such as restarting the virtual machine or failing it over to a different node to restore the

MCT USE ONLY. STUDENT USE PROHIBITED

6-28 Implementing Failover Clustering with Hyper-V

service. The only requirement is that the failover cluster node and virtual machine must be running Windows Server 2012 or newer Windows Server operating system, and have integration services installed. You can configure virtual machine monitoring by using either the Failover Cluster Manager or Windows PowerShell. By default, a failover cluster is configured to monitor virtual machine health, in addition to applications and services within that virtual machine. Heartbeat monitoring requires that integration services is installed on the virtual machine, and that you can verify the monitoring configuration on the Settings tab of the virtual machine resource Properties dialog box.

To add monitoring of the specific services that are running in the virtual machine, right-click the virtual machine cluster role, click More actions, and then click Configure Monitoring. From there you can select services to monitor inside the virtual machine. The failover cluster will take action only if a service stops responding, and in the Services Control Manager if the service is configured with Take No Actions recovery setting.

Windows Server 2012 R2 can also monitor failure of virtual machine storage and loss of network connectivity. Storage failure detection can detect the failure of a virtual machine boot disk or any other virtual hard disk that the virtual machine is using. If failure happens, the failover cluster moves the virtual machine and then restarts it on a different node. You can also configure a virtual network adapter to connect to a protected network. If network connectivity to such network is lost because of reasons such as physical switch failure or disconnected network cable, the failover cluster will move the virtual machine to a different node to restore network connectivity. Guest Clustering and VM Monitoring in Windows Server 2012 http://go.microsoft.com/fwlink/?LinkID=386714 Question: How can you monitor an application that is installed in a Windows Server 2012 R2 virtual machine, but is not running as a service? Question: How should you configure a service in a highly available virtual machine by using Service Control Manager, if you plan to monitor it by failover cluster?

Demonstration: Creating and Managing the Virtual Machine Clustered Role In this demonstration, you will see how to create and manage a virtual machine clustered role.

Demonstration Steps 1.

On LON-HOST1, use the Failover Cluster Manager to create a new virtual machine with following data: o

Host to create virtual machine on: LON-HOST1

o

Name: LON-HA1

o

Location: C:\ClusterStorage\Volume1\

o

Memory: Use Dynamic Memory

2.

On LON-HOST1, use the Failover Cluster Manager to set LON-HA1 startup priority to Low.

3.

Use the Failover Cluster Manager to configure LON-HOST1 as the preferred owner for the LON-HA1 role.

4.

5.

Configure LON-HA1 with the following values: o

Maximum failures in the specified period: 2

o

Period in which this can happen: 3

Configure the Virtual Machine LON-HA1 resource with the following value: o

Period for restart (mm:ss): 10:00 minutes

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-29

6.

Confirm that LON-HOST1 and LON-HOST2 are set as Possible Owners.

7.

On LON-HOST1, use the Windows PowerShell Add-ClusterVirtualMachineRole cmdlet to add the 20409B-LON-PROD1 virtual machine as a clustered role.

8.

On LON-HOST1, use the Failover Cluster Manager to confirm that in the 20409B-LON-PROD1 clustered role, no services are monitored currently.

9.

Use Failover Clustering Manager to configure monitoring for LON-PROD1, and then click Print Spooler as service to be monitored.

10. Use Failover Cluster Manager to confirm that Print Spooler is listed under Monitored Services.

What Is the Hyper-V Replica Broker Role? Hyper-V Replica is a feature that provides a business continuity solution for virtual machines. It allows virtual machines that are running on a Hyper-V host or a Hyper-V failover cluster at a primary site to be replicated to a replica Hyper-V host at a secondary site, (usually across a WAN link). Primary and replica Hyper-V hosts can be part of a failover cluster, and virtual machines that are configured for replication can move between cluster nodes. For replication to continue without interruption, it is important to know at all times on which failover cluster node the virtual machine is running.

The Hyper-V Replica Broker cluster role provides the virtual machine to the replica Hyper-V cluster node mapping. It also redirects incoming replication traffic for a virtual machine to the appropriate node in the failover cluster on which the virtual machine is running. When the replica virtual machine is moved, it sends a notification packet to the primary server with the new Hyper-V node to which the replica has been moved. The primary Hyper-V host then connects to the replica Hyper-V host, which is a node in the failover cluster, and then continues the replication.

For example, consider a primary virtual machine that is running on ServerA in Failover cluster 1, and a replica virtual machine that is running on Server1 in Failover cluster 2. If Server1 fails, the replica fails over to Server2 in the same failover cluster. The Hyper-V Replica Broker sends a notification message to the primary Hyper-V host, which then establishes a replication connection with Server2 as a replica. If ServerA fails, the primary virtual machine fails over to ServerC in Failover cluster 1. ServerC queries the Hyper-V Replica Broker, and then establishes a replication connection with Server2. Question: When do you need a Hyper-V Replica Broker?

What Is Cluster-Aware Updating? Installing operating system updates is often a manual and time-consuming process, especially with a failover cluster that has many nodes. Cluster-Aware Updating (CAU) is a feature that updates failover cluster nodes automatically, without user interaction and with minimal or no downtime. For many cluster roles, CAU triggers a planned failover, which can cause a short service interruption for connected clients. For roles such as scale-out file server and Hyper-V, which have continuous availability and live migration, CAU updates the failover cluster without interrupting service availability. CAU orchestrates and automates the update process by performing the following actions: 1.

Puts a failover cluster node into maintenance mode.

2.

Moves the cluster roles to a different failover cluster node.

3.

Installs the updates and any dependent updates.

4.

Restarts the failover cluster node, if necessary.

5.

Brings the node out of maintenance mode.

6.

Fails back cluster roles that were moved from this node.

7.

Continues the update on the next failover cluster node.

CAU can coordinate the complete cluster updating operation in two modes:

MCT USE ONLY. STUDENT USE PROHIBITED

6-30 Implementing Failover Clustering with Hyper-V



Remote-updating mode. In this mode, updating is coordinated by a computer, which is not the failover cluster node. This computer is called the orchestrator, and it must have failover clustering administrative tools installed. You can trigger on-demand updating from the orchestrator by using a default or custom Updating Run profile. Remote-updating mode is useful for monitoring real-time progress during the Updating Run, or for updating failover cluster nodes that do not have a GUI.



Self-updating mode. In this mode, CAU is configured as a cluster role in the failover cluster, and an associated update schedule is defined. In this mode, CAU does not have a dedicated orchestrator computer, but the cluster updates itself at scheduled times by using a default or custom Updating Run profile. During the Updating Run, the CAU orchestrator process starts on the failover cluster node that currently owns the CAU cluster role, and the process updates cluster nodes one after another. In the self-updating mode, CAU can update the failover cluster by using a fully automated updating process. You can also trigger updates on demand if so desired. You can view information about an Updating Run by running the Windows PowerShell cmdlets Get-CauRun and Get-CauReport. Cluster-Aware Updating Overview http://go.microsoft.com/fwlink/?LinkID=386724

Update Management in Windows Server 2012: Revealing Cluster-Aware Updating and the New Generation of WSUS http://go.microsoft.com/fwlink/?LinkID=386713 Question: Is there any downtime when you update nodes in a failover cluster by using CAU?

Lab: Implementing Failover Clustering with Hyper-V Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-31

A. Datum Corporation has implemented the Hyper-V virtualization platform in one of their subsidiaries. Most of the host servers in the subsidiary have been converted to Hyper-V hosts, including several servers that run critical business applications. These critical applications need to be available at all times, and the availability should not be affected by the failure of a single host machine. A. Datum has identified failover clustering as the best option for implementing this level of availability. You need to implement a high availability solution for these virtual machines by deploying failover clustering for the virtual machines. You also need to configure highly available virtual machines and virtual machine monitoring.

Objectives After completing this lab, you will be able to: •

Create a Hyper-V failover cluster.



Manage a Hyper-V failover cluster.

Lab Setup Estimated Time: 90 minutes Virtual machines: 20409B-LON-HOSTx, 20409B-LON-CLx, 20409B-LON-DC1, and 20409B-LON-SS1 User name: Adatum\Administrator Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps: 1.

Sign in to the LON-HOSTx computer as Adatum\Administrator with the password of Pa$$w0rd.

2.

On LON-HOST1 start Hyper-V Manager.

3.

In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.

4.

In the Actions pane, click Connect. Wait until the virtual machine starts.

5.

Sign in by using the following credentials:

6.

o

User name: Adatum\Administrator

o

Password: Pa$$w0rd

Repeat steps 3-5 for 20409B-LON-SS1 and 20409B-LON-CLx.

LON-HOST1 and LON-HOST2 are sometimes referenced as LON-HOSTx, which indicates that each student can perform the lab tasks on his or her computer. Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines. However, you can shut down all virtual machines after finishing this lab. You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with each other during this lab.

Exercise 1: Creating a Hyper-V Failover Cluster Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

6-32 Implementing Failover Clustering with Hyper-V

A. Datum has decided that they will use iSCSI shared storage for failover clusters. For this purpose, you need to create a proof-of-concept deployment, where you can also demonstrate how to extend iSCSI logical units online. To perform this task, you decide to use one of the existing file servers and configure the iSCSI target server on it. You also need to add the shared storage to the servers, verify that it is configured properly, and create a failover cluster. The main tasks for this exercise are as follows: 1.

Create an Internet small computer system interface (iSCSI) target.

2.

Connect to an iSCSI target and create volumes.

3.

Extend iSCSI logical units online.

4.

Install the Failover Clustering feature.

5.

Create a failover cluster.

6.

Add a Cluster Shared Volume (CSV).

 Task 1: Create an Internet small computer system interface (iSCSI) target 1.

On LON-HOSTx, add LON-SS1 to All Servers.

2.

Use Server Manager to add an iSCSI Virtual disk with the following settings:

3.

4.

5.

6.

o

Location: E:\

o

Name: Diskx1

o

iSCSI virtual disk size: 10 GB

o

iSCSI virtual disk type: Dynamically expanding

Connect the iSCSI virtual disk to the New iSCSI target with following data: o

Target name: Lab6-Hostx

o

Access servers: LON-HOST1 and LON-HOST2

Use the Windows PowerShell New-IscsiVirtualDisk cmdlet to create a new virtual disk with following parameters: o

Path: E:\iSCSIVirtualDisks\Diskx2.vhdx

o

Size: 10GB

o

ComputerName: LON-SS1

Use the Windows PowerShell New-IscsiVirtualDisk cmdlet to create a new virtual disk with the following parameters: o

Path: E:\iSCSIVirtualDisks\Diskx3.vhdx

o

Size: 15GB

o

ComputerName: LON-SS1

Use the Windows PowerShell Add-IscsiVirtualDiskTargetMapping cmdlet to add the virtual disk to the iSCSI target with the following parameters: o

TargetName: Lab6-Hostx

o

Path: E:\iSCSIVirtualDisks\Diskx2.vhdx

o

ComputerName: LON-SS1

7.

8.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-33

Use the Windows PowerShell Add-IscsiVirtualDiskTargetMapping cmdlet to add a virtual disk to the iSCSI target with the following parameters: o

TargetName: Lab6-Hostx

o

Path: E:\iSCSIVirtualDisks\Diskx3.vhdx

o

ComputerName: LON-SS1

Refresh Server Manager, and confirm that virtual disks Diskx2.vhdx and Diskx3.vhdx now display, and that they are mapped to target Lab6-Hostx.

Note: Although both students created an iSCSI target, only the Lab6-Host1 iSCSI target will be used for creating the failover cluster.

 Task 2: Connect to an iSCSI target and create volumes 1.

On LON-HOSTx, use iSCSI Initiator to connect to the target with Lab6-Host1 in the name, on the iSCSI target server named LON-SS1. Disconnect any pre-existing targets.

2.

Use Disk Management to confirm that three disks are added, that they have size of 10GB, 10GB, and 15GB, and that they are all Offline. These are the virtual disks that you just added on the iSCSI target.

3.

On LON-HOST1, use Computer Management to bring Disk 3, Disk 4, and Disk 5 online, and to initialize all three disks.

4.

Create and format simple volumes on Disk 3, Disk 4, and Disk 5 with default values. Note: Perform step 5 only on LON-HOST2.

5.

Use Computer Management to bring the three new disks online.

 Task 3: Extend iSCSI logical units online 1.

On LON-HOST1, use Server Manager to extend the E:\iSCSIVirtualDisks\Diskx1.vhdx virtual disk to 15 GB.

2.

Refresh Disk Management, and confirm that disk in the details pane is extended with 5 GB of unallocated space.

3.

Use the Extend Volume Wizard to extend the volume on the disk to allocate all available disk space.

4.

Confirm that the partition is now expanded to 15 GB. You expanded it while it was online, while it was in use.

 Task 4: Install the Failover Clustering feature •

On LON-HOSTx, use Server Manager to install the Failover Clustering feature. Note: Both students should finish with this task before you continue.

 Task 5: Create a failover cluster Note: Perform this task only on LON-HOST1. 1.

2.

MCT USE ONLY. STUDENT USE PROHIBITED

6-34 Implementing Failover Clustering with Hyper-V

On LON-HOST1, use the Failover Cluster Manager to create a new cluster with following data (accept default values on all other wizard pages): o

Servers in cluster: LON-HOST1 and LON-HOST2

o

Cluster Name: LON-CLUST

Use Active Directory Users and Computers to confirm that in the Computers container there are computer accounts for LON-HOST1, LON-HOST2, and LON-CLUST (which was added when you created the failover cluster).

 Task 6: Add a Cluster Shared Volume (CSV) 1.

On LON-HOSTx, use File Explorer to confirm that the C:\ClusterStorage folder is empty.

2.

Use the Failover Cluster Manager to add the first Cluster Disk with Available Storage status to Cluster Shared Volumes if you are on LON-HOST1, or the second Cluster Disk with Available Storage status to Cluster Shared Volumes if you are on LON-HOST2.

3.

Use File Explorer to confirm that the C:\ClusterStorage folder contains mounted volumes for Volume1 and Volume2, which were added when you and your partner added disks to the CSV.

4.

Create a new text document with your name in the C:\ClusterStorage\Volumex folder.

5.

Confirm that the C:\ClusterStorage\Volumey folder contains a file with your partner’s name. Notice that now, all cluster nodes have access to the CSV.

Note: If file with your partner’s name is not in the C:\ClusterStorage\Volumey folder, wait until your partner creates a file.

Results: After completing this exercise, you should have created a Hyper-V failover cluster.

Exercise 2: Managing a Hyper-V Failover Cluster Scenario

As part of the proof-on concept deployment, you need to configure virtual hard disk sharing, which you will use later as shared storage for virtual machine clustering. You also need to create highly available virtual machines and configure their settings. Because several virtual machines will be used as print servers, you need to configure monitoring that will notify you if the print spooler service in those virtual machines stops. The main tasks for this exercise are as follows: 1.

Configure virtual hard disk sharing.

2.

Create a highly available virtual machine.

3.

Configure a highly available virtual machine.

4.

Configure virtual machine monitoring.

5.

Move a virtual machine between failover cluster nodes.

6.

Destroy a failover cluster.

 Task 1: Configure virtual hard disk sharing 1.

2.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-35

On LON-HOSTx, use the Windows PowerShell New-VHD cmdlet to create virtual hard disks on local storage by using following parameters: o

Path: C:\Shares\HDD1x.vhdx

o

SizeBytes: 10 GB

o

Type: Dynamically Expanding

Use the Windows PowerShell New-VHD cmdlet to create virtual hard disks on CSV by using following parameters: o

Path: C:\ClusterStorage\Volumex\HDD2x.vhdx

o

SizeBytes: 10 GB

o

Type: Dynamically Expanding

3.

Use the Windows PowerShell Add-VMHardDiskDrive cmdlet to add both of the virtual hard disks that you created to the SCSI virtual adapter of the 20409B-LON-PRODx virtual machine.

4.

If the 20409B-LON-PRODx virtual machine is running, then turn it off.

Note: You cannot modify a virtual hard disk’s sharing setting while the virtual machine is running. 5.

Use Hyper-V Manager to confirm that 20409B-LON-PRODx has two hard disks listed under SCSI Controller: HDD1x.vhdx, and HDD2x.vhdx.

6.

Try to Enable virtual hard disk sharing for the HDD1x.vhdx virtual hard disk.

Note: The Error applying Hard Disk Drive changes message displays, because local storage where HDD1x.vhdx is located does not support virtual hard disk sharing. 7.

Try to Enable virtual hard disk sharing for HDD2x.vhdx. Note: This time you do not get any error, because the virtual hard disk is stored on a CSV.

8.

Verify that that 20409B-LON-TESTx is turned off.

9.

Use the Windows PowerShell Add-VMHardDiskDrive cmdlet to add the C:\ClusterStorage \Volumex\HDD2x.vhdx virtual hard disk to the SCSI virtual controller of the LON-TESTx virtual machine.

10. Start the 20409B-LON-PRODx virtual machine. 11. Start the 20409B-LON-TESTx virtual machine. Note: Notice that an error message displays, because HDD2x.vhdx is already in use by a virtual machine.

12. Use Hyper-V Manager to Enable virtual hard disk sharing for the HDD2x.vhdx virtual hard disk of the 20409B-LON-TESTx virtual machine.

13. Start the 20409B-LON-TESTx virtual machine. Note: Notice that this time LON-TESTx starts without an error, as it is now configured with virtual hard disk sharing. 14. Sign in to both the LON-TESTx and LON-PRODx computers.

MCT USE ONLY. STUDENT USE PROHIBITED

6-36 Implementing Failover Clustering with Hyper-V

15. Open Disk Management, and confirm that the shared virtual hard disk is available as shared storage to both computers. 16. Remove HDD1x.vhdx and HDD2x.vhdx virtual hard disks from 20409B-LON-PRODx. 17. Remove HDD2x.vhdx virtual hard disk from 20409B-LON-TESTx.

 Task 2: Create a highly available virtual machine 1.

2.

On LON-HOSTx, use the Failover Cluster Manager to create a new virtual machine with the following settings: o

Host to create virtual machine on: LON-HOSTx

o

Name: LON-HAx

o

Location: C:\ClusterStorage\Volumex\

o

Memory: Use Dynamic Memory

On LON-HOSTx, use the Windows PowerShell Add-ClusterVirtualMachineRole cmdlet to add a highly available virtual machine with following parameters: o

3.

VMName: 20409B-LON-CLx

Use the Failover Cluster Manager to confirm that LON-HAx and 20409B-LON-CLx are listed as clustered Roles.

 Task 3: Configure a highly available virtual machine 1.

On LON-HOSTx, use the Failover Cluster Manager to set LON-HAx startup priority to Low.

2.

Use Failover Cluster Manager to configure LON-HOSTx as the preferred owner for the LON-HAx role.

3.

Use Failover Cluster Manager to configure LON-HAx with the following settings: o

Maximum failures in the specified period: 2

o

Period: 3

4.

Use the Failover Cluster Manager to configure Virtual Machine LON-HAx on the Resources tab with Period for restarts (mm:ss) set to 10:00 minutes.

5.

Confirm that both LON-HOST1 and LON-HOST2 are set as Possible Owners, and that heartbeat monitoring is enabled for LON-HAx.

 Task 4: Configure virtual machine monitoring 1.

On LON-HOSTx, use the Windows PowerShell Add-ClusterVirtualMachineRole cmdlet to add the 20409B-LON-PRODx virtual machine as a clustered role.

2.

On LON-PRODx, configure the Print Spooler service with Take No Action if Second failure occurs.

3.

On LON-HOSTx, use the Summary tab in the Failover Cluster Manager to confirm that currently no services are monitored in the LON-PRODx clustered role.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

6-37

4.

In the Failover Cluster Manager, in details pane, right-click 20409B-LON-PRODx, click More Actions, and then configure monitoring for the Print Spooler service that is running on LON-PRODx.

5.

Use the Summary tab in the Failover Cluster Manager to confirm that Print Spooler is now listed under Monitored Services.

6.

Use the Failover Cluster Manager to review Settings for 20409B-LON-PRODx clustered virtual machine, and confirm that Protected Network is enabled for Network Adapter.

 Task 5: Move a virtual machine between failover cluster nodes 1.

On LON-HOSTx, use the Failover Cluster Manager to confirm that the LON-HAx virtual machine is running on the LON-HOSTx node.

2.

Use the Failover Cluster Manager to start live migration of LON-HAx to the LON-HOSTy node.

3.

Use the Failover Cluster Manager to confirm that Live Migration is moving LON-HAx, and that after the move, the virtual machine is running on the LON-HOSTy node.

4.

On LON-HOSTx, use the Windows PowerShell Move-ClusterVirtualMachineRole cmdlet to move the LON-HAx clustered role back to the LON-HOSTx node by using live migration.

 Task 6: Destroy a failover cluster Note: Perform this task only on LON-HOST1. 1.

On LON-HOST1, remove all clustered roles for the CLUST.Adatum.com failover cluster.

2.

Use the Failover Cluster Manager and click Destroy Cluster to remove the LON-CLUST.Adatum.com failover cluster.

3.

On LON-HOST1 and LON-HOST2, delete the LON-HAx virtual machine.

Results: After completing this exercise, you should have managed a Hyper-V failover cluster.

Module Review and Takeaways Review Questions Question: What must you do if you want support from Microsoft for a Windows Server 2012 R2 failover cluster? Question: How can you configure anti-affinity for virtual machines that are running in a failover cluster?

MCT USE ONLY. STUDENT USE PROHIBITED

6-38 Implementing Failover Clustering with Hyper-V

MCT USE ONLY. STUDENT USE PROHIBITED 7-1

Module 7

Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager Contents: Module Overview

7-1

Lesson 1: Integrating System Center and Server Virtualization

7-2

Lesson 2: Overview of VMM

7-13

Lesson 3: Installing VMM

7-19

Lesson 4: Adding Hosts and Managing Host Groups

7-28

Lab: Installing and Configuring System Center 2012 R2 Virtual Machine Manager

7-41

Module Review and Takeaways

7-47

Module Overview

Microsoft provides several built-in tools, such as Hyper-V Manager, that you can use for virtual platform management. Alternatively, you can use specialized software such as Microsoft System Center 2012 R2 Virtual Machine Manager. Using Virtual Machine Manager (VMM) provides many benefits over built-in utilities, particularly in enterprise environments with many virtual host servers. This module explains how to integrate VMM into an existing virtual environment, and how to manage that virtual environment. System Center 2012 R2 VMM is the successor to System Center 2012 – Virtual Machine Manager, which is a management solution for virtual data centers. By using VMM, you can consolidate physical servers, provision new virtual machines rapidly, and perform unified management of virtual infrastructure through one console. Note: For the purpose of this course, we are referring to all instances of Microsoft System Center 2012 R2 Virtual Machine Manager as VMM.

Objectives After completing this module, you will be able to: •

Explain how to use different System Center 2012 components for managing a virtual environment.



Describe the key features of VMM.



Explain how to install VMM.



Add virtualization hosts to VMM, and manage virtualization hosts and host groups.

Lesson 1

Integrating System Center and Server Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

7-2 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

In addition to integrating Hyper-V with Windows Server 2012, Microsoft provides hypervisor integration into several System Center 2012 products, specifically with VMM. Understanding how the System Center 2012 products integrate is an important part of running a highly virtualized data center. In this lesson, you will learn how VMM and other System Center products work together with the hypervisor.

Lesson Objectives After completing this lesson, you will be able to: •

Provision server virtualization with VMM.



Manage server virtualization by using System Center 2012 R2 App Controller.



Monitor server virtualization by using System Center 2012 R2 Operations Manager.



Integrate System Center 2012 R2 Service Manager.



Automate tasks with System Center 2012 R2 Orchestrator.



Use System Center 2012 R2 Data Protection Manager to help protect a virtualized server deployment.



Use the Windows Azure Pack to provide self-servicing.

Provisioning Server Virtualization with VMM VMM is a management solution for creating and managing a virtualized data center. It enables you to configure and manage your virtualization host, networking, and storage resources to create and deploy virtual machines and services to private clouds. VMM provides the following features: •

Multihost and multivendor virtual machine management support. You can host your virtual machines on several hypervisors, such as Hyper-V on Windows Server 2012, Citrix XenServer, and VMware ESX servers. All hardware that these hypervisors support is also supported for VMM virtual machine placement.



Intelligent placement. You can use VMM resources to determine the best available host for a new virtual machine.



Dynamic optimization. Dynamic optimization enables you to react to alerts sent by Operations Manager so that you can move virtual machines to other hosts to maintain performance continuity.



Physical-to-virtual machine (P2V) conversion. You can use VMM to convert a physical machine to a virtual machine.



Microsoft Application Virtualization (App-V) support. You can use this feature to virtualize server applications.



Live migration. In VMM, you can move virtual machines to different host machines without affecting users or workloads.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-3



Delegated administration. You can delegate administrative tasks to users, and allow them to create and manage virtual machines on their own.



Cloud, infrastructure, and services management. You can manage your cloud environment and services from a single console.



Power optimization. VMM can optimize hosts by moving virtual machines from underused hosts, and then powering off the host machine.

Microsoft has introduced several new enhancements to VMM in the System Center 2012 R2 release. The following are available enhanced categories and improvements: •







Networking features include: o

Site-to-site network connections using private IP addresses

o

Cisco Network Virtualization using Generic Routing Encapsulation

o

IP Address Management (IPAM) integration, top-of-rack switch integration

o

Forwarding extensions for Hyper–V extensible switch work with Hyper–V network virtualization

Virtual machines and cloud features include: o

Differencing disks

o

Live cloning of virtual machines

o

Online .vhdx resizing

o

Enhanced support for Windows Server 2012 dynamic memory features

o

Grant permissions to users for individual clouds

o

Support for file-based virtual machine customization processes

o

Leverage of the new Hyper–V file transfer application programming interface (API) in Windows Server 2012 R2 to transfer files to guest operating systems

o

Ability to create Windows-based and Linux-based virtual machines and multiple virtual machine services, from a template gallery

o

Faster live migration and support for migration of Windows Server 2012 R2 operating systems

Storage features include: o

Virtual Fibre Channel support

o

Management of zones

o

Support for Windows Offloaded Data Transfers (ODX)

o

Shared .vhdx support

o

Provision scale-out file server clusters from bare-metal deployments

o

Integration of storage with differencing disks optimization and storage spaces files

Services features include: o

Services on Citrix XenServers

o

Allowing the script that runs on the first deployed virtual machine to differ from the script that runs on the other virtual machines in the tier





Infrastructure features include:

MCT USE ONLY. STUDENT USE PROHIBITED

7-4 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

o

Ability for automatic tasks to resume after virtual machine failover

o

Expanded computer scope for VMM update management

o

Management packs updated with new metrics for chargeback purposes based on allocation and utilization

Additional enhancements include: o

Support for Windows Server 2012 R2 and Windows 8.1 operating systems

o

Enhancements to replication and recovery

o

Addition of direct links to missing prerequisites in setup Note: By design, P2V conversion is no longer available in System Center 2012 R2 VMM.

Managing Server Virtualization by Using App Controller You can use App Controller to manage private clouds that you create with VMM, and public clouds that are running on the Windows Azure platform.

App Controller provides role-based views that administrators can customize for an application owner. This allows the application owner to manage services that are deployed into the private and public clouds. A service is an instance of an application along with its associated configuration and virtual infrastructure that is deployed to the cloud. For example, the application owner can deploy a service to the private cloud, and can scale the service in or out, depending on the owner’s requirements. Additionally, the owner can connect directly to virtual machines in the private cloud from the App Controller portal.

Benefits of App Controller System Center 2012 App Controller provides application owners with a self-service experience across VMM, and gives them a unified view that lets them manage applications and services across private clouds and Windows Azure. App Controller provides users with the ability to manage application components in the context of a holistic service. App Controller provides the self-service component of a solution by enabling application owners to: •

Configure, deploy, and manage services through a service-centric interface, while using a library of standard templates.



Provide self-service application management, visibility, and control across both the Microsoft cloud services and the various public cloud services (such as Windows Azure).



Create, manage, and move services using a web-based interface that presents a customized view of resources based on the application owner’s role in the organization, and enables them to manage services rather than servers.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center



7-5

View virtual machines, and both private and public cloud services. Control components at each layer, track jobs, and maintain a detailed history of changes.

App Controller also enables data center administrators to delegate authority to application owners. Predefined templates ensure compliance with company IT standards and policies. Using App Controller, data center administrators can create a customized, role-based view of private and public cloud services, and a consumed and available resources view for application owners. In addition, application owners can customize all service components, including virtual machines, network resources, and load balancing.

You can also use App Controller to move applications and components within public and private cloud environments. You can copy Windows Azure configuration, package files, and .vhd files among Windows Azure subscriptions, and you can copy service templates and resources from one VMM server to another.

Managing Private Clouds

After you connect the App Controller portal to the VMM environment, the business unit clouds, virtual machines, and libraries become available through the App Controller portal. Private cloud administrators can create services and service templates from within VMM, and then deploy them to the private cloud. Business unit IT administrators can then manage and deploy these services and service templates through the App Controller portal.

App Controller also helps users manage the individual virtual machines that are running within a service. All of the typical VMM management capabilities—such as stopping, starting, mounting an ISO image, and opening a remote desktop connection—are available to the user. Because the App Controller functionality is delivered under the context of the service, the user only has access to the resources within it.

Managing Public Clouds

When connecting App Controller to a Windows Azure subscription, you can delegate subscription access to users through their Active Directory Domain Services (AD DS) credentials. This provides a common access model across the management of private and public clouds, including the services that are running in them. For example, you can manage the development of a service that is running in the Windows Azure environment while managing a production implementation of a service that is running in your private cloud environment. You can also use App Controller to move applications between private and public clouds, and copy resources such as service templates between VMM servers.

You install App Controller as a separate component. You can choose to host this service on a separate server, or you can host it together with an existing service such as VMM. In both cases, you should first ensure that your server meets the system requirements for App Controller. For better performance, you should install the App Controller server on a separate computer from the VMM management server.

MCT USE ONLY. STUDENT USE PROHIBITED

7-6 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

The following table displays some limits for App Controller. You should be aware of these limits when you plan App Controller deployment.

App Controller Limits Measure

Value

Maximum number of objects in a Windows Azure storage directory

900

Maximum number of VMM management servers

5

Maximum number of Windows Azure subscriptions per user

20

Maximum number of concurrent users

75

Maximum number of jobs that can be run in a 24-hour interval

10,000

Note: App Controller can connect only to System Center 2012 R2 VMM. The new enhancements introduced with App Controller in System Center 2012 R2 are: •

Support for System Center 2012 R2 VMM.



Service Provider Foundation in System Center 2012 R2.

Monitoring Server Virtualization by Using System Center Operations Manager You can use Operations Manager to monitor services, devices, and operations for many computers from a single console. Administrators can use Operations Manager to gain immediate insight into the state of the IT environment and the IT services that are running across different systems and workloads. Numerous views show state, health, performance information, and alerts generated for availability, performance, configuration, and security situations.

IT departments today are responsible for ensuring the performance and availability of critical services and applications. Therefore, IT departments need to know when there is a problem, identify where the problem is, and determine what is causing the problem. Ideally, IT does all this before the users of the applications encounter problems. The more computers and devices in the business, the more challenging this task becomes. You can use Operations Manager to monitor applications in both the private cloud and the public cloud. Additionally, you can simultaneously monitor Microsoft platforms and non-Microsoft platforms such as UNIX, Linux, and VMware. Operations Manager displays monitored objects that are not healthy. Operations Manager also sends alerts (such as a short text message or an email) when problems are identified, and provides information to help you identify the cause of a problem and possible solutions. You can also use Operations Manager to create reports or dashboards from collected data.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-7

The components for Operations Manager are organized into a management group. Most organizations have a single management group, although you can have multiple management groups. If you have multiple management groups, the alerts from one management group can roll up to another management group. This enables you to centralize monitoring for multiple management groups.

Operations Manager Agents

The most common way to monitor Windows computers or UNIX and Linux computers is by installing the Operations Manager agent. You install the Operations Manager agent on a computer to facilitate communication with the management server. After installation, the Operations Manager agent obtains its configuration from the management server. Only data that is defined by the configuration from the management server is forwarded to the management server.

Agentless Monitoring

You also can monitor Windows-based computers without installing an agent. This is referred to as agentless monitoring. The information that you collect by using agentless monitoring may be limited because some management packs do not work with agentless monitoring. Agentless monitoring also creates a high load on the management server and is not very scalable. For these reasons, agentless monitoring is generally not recommended.

Queries for agentless monitoring perform with remote procedure calls (RPCs) that are difficult to perform through firewalls. When no firewall exists between the management server and the monitored system, a management server can query the monitored system directly. If there is a firewall between the management server and the monitored system, then you must configure an agent-managed computer as a proxy agent. The proxy agent queries the monitored system, and then transfers the data to the management server. Microsoft has introduced several new enhancements to Operations Manager in the System Center 2012 R2 release. These enhancements include: •

Fabric monitoring. Fabric monitoring is the System Center cloud hybrid monitoring of physical and virtual layers for hybrid cloud environments. Other enhancements include the Fabric Health Dashboard, which generates a detailed overview of your private clouds and the fabric that services those clouds. In each cloud, the Fabric Health Dashboard displays the following information: o

Host state

o

Storage pools state, file share, and logical unit number (LUN) state

o

Network node state

o

Active alerts

o

Number of virtual machines

Fabric monitoring also includes the Fabric Monitoring Diagram view, which displays the health states of the cloud environment and the on-premises environments. •

The Microsoft Monitoring Agent. This tool now includes full functionality for the IntelliTrace Collector tool in Microsoft Visual Studio. You can also use it as a stand-alone tool for collecting application traces locally.



Integrating Operations Manager with the development processes. There are new alert fields in Team Foundation Server (TFS) work item IDs, and TFS work item owners.



Conversion of application performance monitoring (APM) for performance events to the IntelliTrace format. You can open the APM for performance events from the Visual Studio integrated development environment (IDE), if the performance event was captured during an IntelliTrace Collector historical debugging session. APM is also integrated tightly with the TFS work item synchronization management.

MCT USE ONLY. STUDENT USE PROHIBITED

7-8 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager



Support for IPv6. You can now accept IPv6 addresses as input for network discovery in the Operations console.



Java application performance monitoring. You can monitor Java application performance and exception events using the Operations Manager Application Advisor console.



System Center Advisor. You can use this online service to analyze installations of Windows Server software.

Integrating Service Manager Service Manager is a comprehensive IT service management solution that you can use to add process-driven automation and self-service infrastructure provisioning to your private cloud infrastructure. To help organizations manage help desks, Service Manager automates help desk functions such as ticketing and change request processes. Service Manager integrates with AD DS, and with products such as System Center 2012 Configuration Manager, Operations Manager, and VMM to build a single, reconciled inventory of an organization’s assets. Service Manager provides several key benefits to organizations, including increased productivity, reduced costs, swifter problem resolution, and built-in compliance management. Built-in processes in Service Manager are based on industry best practices such as those found in Information Technology Infrastructure Library (ITIL) and the Microsoft Operation Framework.

Service Manager comes enabled with process management packs for incident and problem resolution, service request provisioning, change and release control, and configuration and knowledge management. Through its integration with other System Center components and key infrastructure services such as AD DS, Service Manager provides accurate configuration management database population and private cloud process integration. By using Service Manager, you can: •

Reduce the mean time to resolve issues through user self-service.



Improve private cloud efficiency through centralized management of incident, problem, and change processes.



Provide self-service deployment of private cloud resources through integration with other System Center 2012 components.



Implement compliance controls for the management of private cloud infrastructure components.

In Service Manager, you define various types of templates and workflows so that you can automate many administrative processes. As part of your initial Service Manager configuration, you must configure settings and workflows for change and activity management.

Change requests are generated typically when the IT infrastructure requires a configuration change to achieve a desired result. Change requests are also generated to support new technologies, processes, or applications. Service Manager allows you to collect and process change requests automatically by defining

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-9

workflows and activities that you should perform during the change management process. End users and administrators can create change requests. In Service Manager, you use workflows to close completed change requests automatically, and to send notifications to users when activities require approval. To maintain change requests, you create change request templates. You can use a workflow to apply these templates automatically. You generally use change request templates when users submit new change requests. The templates are particularly useful when you create a change request for a recurring type of issue. Change request templates allow you to: •

Set an issue category, then define a standard priority, effect, and risk level for it in the template.



Create additional templates for other types of recurring change requests.



Include a number of activities in one template. However, any activities that you want to include in a change request template you must have created previously as activity templates.

Additionally, by using change request templates, users spend less time submitting new change requests. This is because the request templates store commonly used settings, and then the templates apply these settings to new change requests. For example, you can create a change request template to modify the Microsoft Exchange Server infrastructure. You also can create change templates that include an activity that automatically changes a standard change priority request to Low. Note: When you create a change request template, do not create links to configuration items or work items, and do not enter any user information. If you create a template with these objects, you cannot remove them and you will have to re-create the template.

Manual activity templates help ensure that all manual activities are assigned to the person who is designated as the activity implementer. After you create the manual activity template, you need to create a workflow that applies to the template.

Service Manager 2012 R2 fully supports the Windows Server 2012 R2 and Windows 8.1 operating systems.

Automating Tasks with Orchestrator Orchestrator (formally known as Opalis), is an IT process automation solution for the private cloud. You use Orchestrator to automate the creation, monitoring, and deployment of key resources in your private cloud environment.

Private cloud administrators perform many critical daily tasks to ensure that their infrastructure is highly available and reliable. They also require the ability to reduce the time it takes to provision new infrastructure, while providing self-service capabilities to end users. Additionally, the administrators must maintain quality standards and system efficiency. Orchestrator can combine disparate tasks and procedures together by using the Runbook Designer (formerly known as Opalis Client) to create reliable, flexible, and efficient end-to-end solutions in the private cloud environment.

By using Orchestrator, you can: •

Automate processes in your private cloud, regardless of hardware or platform.



Automate your private cloud operations, and standardize best practices to improve operational efficiency.



Connect different systems from different vendors without using scripting and programming languages.

As part of the enhancements in System Center 2012 R2 Orchestrator, you can now install the Service Management Automation Web service with up to three runbook workers from the Orchestrator setup program. You can then use these runbooks as part of the Windows Azure Pack for Windows Server, or you can use the runbooks and conduct other automation tasks using Windows PowerShell cmdlets.

MCT USE ONLY. STUDENT USE PROHIBITED

7-10 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

There are also new and updated integration packs available for System Center 2012 R2 Orchestrator. System Center Integration Pack for Microsoft SharePoint Server is the new integration pack, while the updated packs are Windows Azure Integration Pack for Orchestrator, and System Center Integration Pack for System Center 2012 Virtual Machine Manager.

Using Data Protection Manager to Protect a Server Virtualization Deployment Data Protection Manager (DPM) provides diskbased and tape-based data protection and recovery for servers such as Microsoft SQL Server, Microsoft Exchange Server, Microsoft SharePoint Server, virtual servers, file servers, and support for Windows client operating systems. DPM can also centrally manage system state and bare-metal recovery. By using DPM, you can: •

Recover bare-metal servers and desktops running Windows operating systems. This allows you to recover servers and desktops quickly without first installing the operating system.



Back up and recover from disk or tape. Depending on the backup storage type that is available, you can decide whether you want to store it on disk or in a tape library.



Centrally manage the DPM servers with the DPM Administrator Console. In larger environments, managing all DPM servers from a central console is particularly beneficial.



Use role-based access permissions to distribute backup and restore management. You can assign permissions to users that allow them to restore the systems for which they are responsible. The benefit is that you do not grant them full permissions, so they will not be able to access data that they do not own.



Perform quick item-level recovery for virtual machines. To recover a specific item (such as a file), you do not need to recover the entire virtual machine. Instead, you can just recover the particular file.

The following new features and enhancements are available in System Center 2012 R2 DPM:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-11



Windows Azure Backup. You can use this Windows Azure service to back up DPM data in System Center 2012 R2 to Windows Azure Backup.



SQL Server cluster support. You can use clustered SQL Server nodes in DPM. In System Center 2012 R2, DPM no longer has the limitation that existed in System Center 2012 - DPM and System Center 2012 SP1 DPM. This provides greater reliability, scalability, and consistency. You can also install the DPM server on the same stand-alone or clustered SQL Server that hosts the DPM database.



Virtualized deployment. With System Center 2012 R2, you can now deploy DPM on a virtual machine, and you can configure storage using .vhd storage pool disks that are shared in the Virtual Machine Manager library.



Linux virtual machine backup. DPM now allows for greater protection of Linux virtual machines beyond previous versions support. DPM also provides for backup of the Linux virtual machines. However, only file-consistent snapshots are supported for Linux backups. Windows Azure Backup does not support protection of Linux virtual machines.

Using the Windows Azure Pack for Self-Service Capabilities

Windows Azure customers can now download and run the Windows Azure Pack for Windows Server. The Windows Azure Pack is free for Windows Azure customers. The Windows Azure Pack increases your private cloud and data center capabilities with enhanced self–service, multitenant features that integrate with the public Windows Azure cloud. This means that you can use resources provided by Windows Azure (such as applications, virtual machines, and SQL Server databases), along with your private cloud resources and data centers. For example, you can replicate SQL Server databases between your data center and Windows Azure backup. This capability can add to the reliability and survivability of your data. The Windows Azure Pack lets you more easily manage this type of integration with data centers and private cloud resources. Windows Azure Pack includes the following capabilities: •

Windows Azure Management Portal. The Management Portal is a self–service portal that lets you provision, monitor, and manage services. You can customize the portal for tenants.



Service management application programming interface (API). This API uses a Representational state transfer (REST API that helps a range of integration scenarios from custom portals through billing systems.



Websites. Windows Azure Pack helps provide high density, scalable, shared web hosting platforms for Microsoft ASP.NET, PHP: Hypertext Preprocessor (PHP), and Node.js web applications. The Windows Azure Pack also has a customizable web application gallery of open source web applications, and integration for source control systems for custom developed applications and for websites.



Virtual machines. The Windows Azure Pack includes a virtual machine service that provides Infrastructure-as-a-Service (IaaS) capabilities for virtual machines running both Windows operating systems and Linux operating systems. This service contains a virtual machine template gallery, scaling options, and virtual networking capabilities.



Service Bus. The Service Bus service delivers reliable messaging services between distributed applications. This includes queued and topic-based publishing and subscription resources.



Automation and extensibility. The Windows Azure Pack allows you to automate and integrate additional custom services into the services framework. Custom services include a runbook editor, and an execution environment.

MCT USE ONLY. STUDENT USE PROHIBITED

7-12 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

You can install the Express option or use a distributed deployment of Windows Azure Pack. Several components make up the Windows Azure Pack for Windows Server. If you are using the Express version, all the components can go on one computer. Otherwise, you can distribute the components to up to seven separate machines. Windows Azure Pack includes the following components: •

Management portals and the service management API. The available portals include the portal for administrators and the portal for tenants.



Website roles: o

Web Sites Controller

o

Web Sites REST API

o

Web Workers

o

Front End

o

Publisher

o

File Server



SQL/MySQL. These are the database services that are included in the Windows Azure Pack.



Virtual machines. Two components are available for tenants to control their virtual machines: VMM, and the Service Provider Foundation.

Lesson 2

Overview of VMM

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-13

Before you begin a VMM installation, you should carefully plan the integration and deployment in an existing virtual and physical infrastructure. VMM provides several benefits for business environments and enhancements for built-in management tools. VMM consists of several components that provide various features and functionalities, and you need to plan the deployment and integration of each of these features with the current environment.

Lesson Objectives After completing this lesson, you will be able to: •

Describe the features and functionalities of VMM.



Describe the purpose of fabric management.



Describe the features and benefits of using cloud services.



Describe the service life cycle management.



Describe the VMM architecture.

Introducing VMM VMM includes several enhancements to the previous VMM iterations, including enterprise– class performance enhancements. The latest version of VMM includes simplified provisioning and migration abilities, support for cloud services and cloud infrastructure, and enhanced ability for business units to manage their resources individually with multitenant cloud infrastructure improvements. Additionally, System Center 2012 R2 has been extended to allow further provisioning of on-premises virtual machines and resources into the Windows Azure cloud infrastructure.

Enterprise-Class Performance System Center 2012 R2 supports enterprise-class scale and performance for Windows Server-based environments. The System Center 2012 R2 version of VMM is key to enabling the virtualization and management scale. In this version of VMM, a VMM server can support up to 1,000 hosts and 25,000 virtual machines.

Another important VMM enhancement is the Dynamic VHDX resize feature, which enables you to grow a SCSI virtual disk without any downtime. VMM support for an automated Hyper-V cluster upgrades virtual machines without downtime, and reduces the time, effort, cost, and downtime required to upgrade from Windows Server 2012 to Windows Server 2012 R2. You can upgrade Hyper-V clusters automatically using the Live Migration feature with VMM.

VMM also has many new and enhanced private cloud management capabilities. VMM enables dynamically allocated memory changes in addition to snapshots of running virtual machines without downtime. Additionally, VMM includes enhanced support for deploying VMM services to Citrix XenServer

MCT USE ONLY. STUDENT USE PROHIBITED

7-14 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

and VMware ESX hosts. This allows for consistent management of Hyper-V, Citrix XenServer, and ESXbased virtual machines through the VMM console. You can treat ESX and XenServer hosts the same as any other VMM host.

Simplified Provisioning and Migration

Windows Server 2012 includes improved File and Storage Services, including Storage Spaces. This means that you can use industry-standard storage that you can manage entirely with server software. You can also use industry-standard servers as opposed to specialty hardware technologies for your more expensive infrastructure, for storage, and for disaster recovery. Industry-standard server technologies have advanced to the same level as specialty hardware technologies, and offers similar performance and capabilities at a reduced price. Using System Center 2012 R2 VMM, you can support large, company-wide storage technology infrastructure such as a bare-metal provisioning of scaled out Windows file server clusters, physical disk discovery, and virtualized storage pools creation. Another new VMM feature is simplification of cross-data center disaster recovery for virtual machinebased infrastructure services. This is achieved by providing the private cloud abstraction layer in the source and destination data centers.

Multitenant Cloud Infrastructure

Many organizations want to enhance their data center infrastructure to include increased efficiency, and have the ability to scale resources quickly. Additionally, organizations want the ability to provide multitenancy with increased IP flexibility, chargeback, and infrastructure standardization. VMM provides greater support for multitenant environments through support for virtual networks. Using VMM, you also now have the ability to combine multiple instances of VMM infrastructures with the sender policy framework (SPF) API. Additionally, the latest VMM version strengthens Microsoft software-defined network solutions by allowing you to add multitenant edge gateways to bridge your organization’s physical and virtual data centers. This enables you to combine private cloud elements with certain elements in the public cloud, resulting in better hybrid cloud integration while enhancing mobility and delivering flexible workloads. VMM also provides for multitenant enhanced chargeback with greater granular infrastructure metering, and the ability to analyze various business and operational metrics.

Provisioning Windows Azure Infrastructure

VMM is well integrated into the other System Center 2012 R2 products. Combined with those products, VMM offers a unified set of tools to help you provision and manage virtual machines both on-premises and in Windows Azure environments. This includes workload portability without requiring format conversion. By using App Controller, you can migrate on-premises VMM virtual machines into Windows Azure virtual machines, and then manage those virtual machines from within the App Controller console.

Fabric Management In VMM 2012 R2, fabric is the infrastructure and services that you use to manage and deploy hosts, and that you use to create and deploy virtual machines and services to both the data center and the private cloud. This includes: •

Host groups



Networking



Storage elements



Pre-Boot Execution Environment (PXE)



Windows Server Update Services (WSUS) servers



Virtual Machine Manager libraries



VMware ESX and Citrix XenServer servers

The main benefits of using the fabric are:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-15



Aggregate private cloud resources. The goal of the fabric is to aggregate private cloud resources in meaningful ways that enable you to deploy these resources more easily and comprehensively. The fabric is a logical manifestation of the networks, storage, and services that will be available as resources in your cloud environment.



Abstract your networking resources. The fabric combines logical networks with Hyper V virtual networks to define IP address assignments and route traffic, and set up static addresses for host servers. The VMM fabric can supply IP addresses by using combinations of IP ranges, media access control (MAC) address pools, and virtual IP templates. The VMM fabric also provides IP load balancer support.



Storage. VMM uses the Microsoft Storage Management Service extensively to create this storage aspect of the fabric. You can automate storage assignments across your public or private cloud, providing the storage device is supported through the Storage Management Initiative Specification (SMI-S). Additionally, if you are using Windows Server 2012 R2 with the File Server role and the Internet small computer system interface (iSCSI) Target Server role enabled, you can attach storage, create storage pools, create discs and volumes, and create iSCSI disks and targets, which you can then add into your fabric storage.



Management. The VMM console has a workspace devoted to the fabric that lets you manage the overall fabric that makes up all of these resources mentioned in this list. In System Center 2012 R2 VMM, the fabric workspace has an additional element entitled Infrastructure. Your VMM management servers, PXE servers, VMware servers, and library servers are now located in this Infrastructure.

What Is Cloud Computing? Cloud computing is the latest technological evolution in virtual computing technology. Cloud computing extends virtualization concepts to make them even more elastic. Cloud computing increases the accessibility of public and private clouds to business unit IT teams, and increases their accountability through features such as the cost center-based chargeback model for billing.

MCT USE ONLY. STUDENT USE PROHIBITED

7-16 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

The National Institute of Standards and Technology (NIST) defines cloud computing as a model for enabling highly available, convenient, on-demand network access to a shared pool of configurable computing resources. Using cloud computing, you can rapidly provision and release computing resources, with minimal management effort or service provider interaction. Cloud computing resources can include networks, servers, storage, applications, and services. Cloud computing makes maximum use of the resources that are available in a data center. For example, an application owner can deploy a developed application to the private cloud infrastructure and the infrastructure will dynamically adjust resources for the application, scale the application, and enable the application to migrate across servers based on best resource match. The benefits of cloud computing include: •

Virtualized data center. Cloud computing provides methods to access computing services that are independent of both your physical location, and the hardware that you use to access it. With cloud computing, you no longer need to store data or applications on your local computer. The data center remains a key element when adopting cloud computing; however, cloud computing emphasizes virtualization technologies that focus on delivering applications rather than supporting the data center infrastructure.



Reduced operational costs. Cloud computing helps mitigate issues such as low system use, inconsistent availability, and high operational costs by providing pooled resources, elasticity, and virtualization technology.



Server consolidation. Cloud computing allows you to host multiple virtual machines on a virtualization host, which enables you to consolidate servers across a data center.



Improved resilience and agility. With products such as System Center 2012, cloud computing can reduce costs and improve efficiency.

There are two main types of clouds: the public cloud, and the private cloud: •

Public cloud. A public cloud is cloud services infrastructure that is made available to the public or a large industry group, and is owned by an organization (or service provider) that sells cloud services. The company that purchases the space on the public cloud, known as the tenant, shares cloud resources with other organizations. The public cloud exists only off-premises.



Private cloud. A private cloud infrastructure is dedicated to one organization only. The cloud infrastructure that an organization uses can exist either on-premises or off-premises. A private cloud may be managed by the organization itself, or by an outside company.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-17

The key difference between a public cloud and a private cloud is the workloads that are running on the infrastructure: •

With public cloud services, the tenant organization has less management overhead than organizations that use private clouds. This also means, however, that control of the infrastructure and services is reduced greatly, because the service provider manages the infrastructure and services for the tenant organization. In addition, the public cloud hosts the infrastructure and services for multiple organizations (multitenant), which introduces security implications that you need to review.



Private clouds are owned by their respective organizations. The cloud infrastructure is managed and maintained in the organization’s data center. One of the key benefits of this is that the organization has complete control over the cloud infrastructure and services that it provides. However, the organization also has the management overhead and costs that are associated with this model.

A hybrid cloud is a cloud infrastructure that combines certain elements from both a public cloud and a private cloud. For example, you could use Windows Azure virtual machines in your private cloud.

Service Life-Cycle Management When planning your private cloud infrastructure, you must know which services are suitable for cloud computing, and how you will manage them. For example, some of your business-critical applications might not be suitable for the private cloud because of security or budget constraints. A service can be an application, process, function, or it can be data. When you implement service management process automation for your organization, you should have a standardized and well-defined process for requesting and managing private cloud services. Many elements make up a successful private cloud service, including: •

Groups of machines that work together



Machine definitions as well as applications



Supported application types such as: o

Web Apps (MSDeploy)

o

Virtual apps (App-V)

o

Database Apps (SQL DAC)

Implementing and integrating the various private cloud service elements is a complicated process. System Center 2012 provides you with the necessary tools and services to help you with this process. To implement your custom-designed service management processes, you can automate the specific System Center 2012 components to interact with each other. For example, you can configure Service Manager so that it initiates a workflow that starts an Orchestrator runbook that interacts with VMM automatically.

You can combine your services into VMM service templates. This allows you to add virtual machine templates, network configurations, applications, and storage into a single element. For example, suppose you want to deploy a new virtual machine based on characteristics of an existing virtual machine. While could clone the existing virtual machine, the cloning process can take several minutes before you can

MCT USE ONLY. STUDENT USE PROHIBITED

7-18 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

deploy it, and a sysprep process typically takes up more time. Instead, you can create a service template that has that type of virtual machine with its various resources already assigned, and then deploy the service template to create quickly a virtual machine based on the template.

Typically, providing for service management is a recurring cycle, which is known as service life cycle management. You can begin service life cycle management by creating the appropriate service template. You can then use the template to customize a particular virtual machine or application deployment, and then deploy that service template. If you need to update that service, you can create a new service template that incorporates those updates. When you create a new service template with the updates, you will have completed one full life cycle for the initial template. After this point, you would then customize the deployment, and then deploy the service.

VMM Architecture VMM is a System Center 2012 component that offers a management solution for a virtualized data center. You can use VMM to create and deploy virtual machines and services to private clouds by configuring and managing your virtualization host, networking, and storage resources. By using VMM, you can discover, capture, and aggregate information about the virtualization infrastructure and enable automatic management of policies and processes. In the private cloud infrastructure, VMM helps transition enterprise IT from an infrastructure-focused deployment model into a service-oriented, user-centric environment. VMM architecture consists of several different, interrelated components, including: •

VMM management server. The VMM management server is the computer on which the VMM service runs. The VMM management server processes commands and controls communications with the database, the library server, and the virtual machine hosts. The VMM management server is the hub of a VMM deployment through which all other VMM components interact and communicate. The VMM management server also connects to a SQL Server database that stores all VMM configuration information.



Database. VMM uses a SQL Server database to store the information that you view in the VMM management console. This information includes managed virtual machines, virtual machine hosts, virtual machine libraries, jobs, and other virtual machine-related data.



Management console. The management console is a program that you use to connect to a VMM management server. Through the management console, you can view and manage physical and virtual resources, including virtual machine hosts, virtual machines, services, and library resources.



Library. A library is a catalog of resources such as virtual hard disks, templates, and profiles, which are used to deploy virtual machines and services. A library server also hosts shared folders that store filebased resources. The VMM management server is always the default library server, but you can add additional library servers later.



Command shell. Windows PowerShell is the command-line interface in which you use cmdlets to perform all available VMM functions. The VMM console is built by using Windows PowerShell. You can use VMM–specific cmdlets to manage all the actions in a VMM environment.

Lesson 3

Installing VMM Installing the VMM server and VMM console is a key process in establishing the VMM infrastructure. You should perform installation procedures for these components based on prior planning.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-19

Before starting to install the VMM server and VMM console, consider the potential issues and requirements. After completing installation, you will need to perform several post-installation tasks, such as adding physical hosts, creating and deploying host groups, and ensuring that the configuration is set appropriately for your organization’s goals.

Lesson Objectives After completing this lesson, you will be able to: •

Determine the required topology for a VMM deployment.



Identify the system requirements for installing VMM.



Describe the considerations for implementing a highly available VMM management server.



Describe the requirements for installing VMM.



Explain how to install a VMM management server and a VMM console.

Determining Topology for a VMM Deployment VMM deployment topology varies according to each customer’s needs. Major design factors include defining administrative boundaries, and placing the components in a network segment, site, or geographical zone with sufficient bandwidth. When you plan a VMM deployment, you should consider the following factors: •

Number of hosts



Number of branch sites with hosts



Security, administrative groups, and selfservice options that you require



Availability and recovery time that each of the components require

The number of hosts determines the physical or virtual resources that each component server in the VMM deployment requires. In System Center 2012 SP1 VMM, the scale of a VMM management server has the capacity to manage 1,000 hosts and 25,000 virtual machines. However, the demand on a single management server would suggest that you should use multiple VMM instances. You can use App Controller with five VMM instances. Therefore, in theory, you could manage resources of over 125,000 virtual machines. If your deployment has thousands of hosts, you should consider contacting your regional Microsoft office for guidance on a personalized deployment to fit your environment. The number of branch sites with hosts and the wide area network (WAN) links capabilities between the branches and the VMM management server determines if you should have a single VMM deployment with multiple Virtual Machine Manager library servers or individual VMM deployments at each branch.

MCT USE ONLY. STUDENT USE PROHIBITED

7-20 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

VMM offers delegated administration and self-service. You can use App Controller, Service Manager, or your own customized portals to provide self-service to your users. When you determine what type of VMM deployment is appropriate for your environment, you can then plan a self-service deployment that is appropriate for the design. For example, App Controller can span five VMM deployments. However, your security requirements may require you to have an App Controller deployment for each VMM deployment.

The availability and recovery time for VMM components is also important when determining the topology for your VMM deployment. VMM is a cluster-aware application that you can configure to be highly available. SQL Server is cluster-aware, and you can install the Virtual Machine Manager library server on a Microsoft file server cluster, but not on the same cluster that hosts a clustered VMM instance. DPM can back up your VMM components and if required, you can locate DPM at a remote site and use it to restore one or more offsite components.

For the latest information on deployment scenarios, and for the individual component hardware and software prerequisites for the most current service pack, review the information provided on the Microsoft TechNet website. If you are deploying VMM, you should consider that: •

The VMM database no longer supports SQL Express. Therefore, you must move your database to a supported version of SQL Server.



A Windows Deployment Services (Windows DS) server is required for bare-metal deployment of Hyper-V hosts. A bare-metal deployment refers to deploying a host on a computer that does not have an operating system.



At least one library server is necessary, but you should consider at least one library for each site that you will separate with a low-speed WAN link.



You should use WSUS or Configuration Manager for update management.



App Controller has replaced the self-service portal. There is no longer an upgrade path from existing self-service portals to App Controller.



Operations Manager is required to use VMM reporting, and to leverage Performance and Resource Optimization (PRO) tips.



Managing VMware ESX and VMware ESXi hosts requires that you integrate VMware vSphere. If you need more than the maximum number of hosts for business or network reasons, you must have multiple VMM servers. You can use App Controller to view resources for up to five VMM servers.

Consider which VMM services you will use in your topology and review the associated ports that VMM uses to communicate between its components. Ensure that firewalls are not blocking ports, and determine whether the component coexists with another application that these ports review. If you need to amend a default port, make sure that you update the associated firewall rules.

The following table lists some default ports that you can change during the VMM installation. Port

Description

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-21

8100

Provides communication with the VMM console

5985

Provides communication with agents on hosts and on library servers

443

Enables file transfers to agents on hosts and on library servers

8102

Provides communication with Windows DS

8101

Provides communication with Windows Preinstallation Environment (Windows PE) agents

8103

Provides communication with the Windows PE agent for time synchronization

VMM System Requirements Before you can deploy a System Center 2012 VMM solution, you need to ensure that your system meets a number of prerequisites. Although Microsoft provides both the minimum and recommended requirements for VMM, the requirements that work best for you might vary depending on your organization’s operations, budget, schedule, time requirements, and other factors. In addition, remember that System Center 2012 R2 VMM has additional requirements, which will be covered in a later topic.

System Requirements for a VMM Management Server The following table describes the hardware requirements for managing up to 150 hosts on a VMM Management server. Hardware component

Minimum

Recommended

Processor

Pentium 4, 2 gigahertz (GHz) (x64)

Dual-processor, 2.8 GHz (x64) or greater

Random access memory (RAM)

2 gigabyte (GB)

4 GB

Hard disk space (without a local VMM database)

2 GB

40 GB

Hard disk space (with a local, full version of SQL Server)

80 GB

150 GB

The following table describes hardware requirements for managing more than 150 hosts. Hardware component

Minimum

Recommended

MCT USE ONLY. STUDENT USE PROHIBITED

7-22 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

Processor

Pentium 4, 2 GHz (x64)

Dual-processor, 3.6 GHz (x64) or greater

RAM

4 GB

8 GB

Hard disk space

10 GB

50 GB

If you are managing more than 150 hosts, you can enhance performance by separating the VMM components. For example, rather than using the default library share on the same server as the VMM server, you can deploy a separate library server. Conversely, you can use a VMM database on a dedicated computer that is running SQL Server. The following table describes the software requirements for installing the VMM management server. Software requirement

Notes

A supported operating system

Windows Server 2012 Standard or Windows Server 2012 Datacenter operating system (full installation)

Windows Remote Management service

Windows Remote Management is included in Windows Server 2012. By default, Windows Remote Management (formerly known as WSManagement) is set to start automatically. If the Windows Remote Management is not yet started, setup will display an error during the prerequisites check. You must start the service before setup can continue.

Microsoft .NET Framework 4 or newer

System Center 2012 SP1 requires .NET Framework 4 or newer, which Windows Server 2012 includes.

Windows Assessment and Deployment Kit (Windows ADK) for Windows 8

Windows ADK is available from the Microsoft Download Center.

Windows Assessment and Deployment Kit (ADK) for Windows® 8 http://go.microsoft.com/fwlink/?LinkID=386730 When you install the Windows ADK, select the Deployment Tools and the Windows Preinstallation Environment features.

System Requirements for VMM Consoles The following table describes the hardware requirements for managing up to 150 hosts. Hardware component

Minimum

Recommended

Processor

Pentium 4, 550 megahertz (MHz)

Pentium 4, 1 GHz or greater

RAM

512 megabytes (MB)

1 GB

Hard disk space

512 MB

2 GB

The following table describes the hardware requirements for managing more than 150 hosts. Hardware component

Minimum

Recommended

Processor

Pentium 4, 1 GHz

Pentium 4, 2 GHz or greater

RAM

1 GB

2 GB

Hard disk space

512 MB

4 GB

The following table describes the software requirements for installing the VMM console. Software requirement

Notes

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-23

A supported operating system

See the approved operating systems in the next table

Windows PowerShell 2.0 or Windows PowerShell 3.0

Windows PowerShell 2.0 is included in Windows Server 2008 R2 and Windows 7. Windows PowerShell 3.0 is included in Windows Server 2012.

At least .NET Framework 4

On a computer that is running Windows 7, .NET Framework 3.5 with SP1 is installed by default. On a computer that is running Windows Server 2008 R2, .NET Framework 3.5 with SP1 is not installed by default. However, you can use the VMM Setup Wizard to install the feature. On a computer that is running Windows 8 or Windows Server 2012, .NET Framework 4 is included. .NET Framework 4.5 is available at the Microsoft Visual Studio 2012 download page at http://go.microsoft.com/fwlink/p/?linkId=285269.

The following table lists the supported operating systems on which you can install the Virtual Machine Manager console. Operating system

Edition

System architecture

Windows Server 2008 R2 SP1 (full installation)

Standard, Enterprise, and Datacenter

x64

Windows 7 SP1

Professional, Enterprise, and Ultimate

x86 and x64

Windows Server 2012 and Windows Server 2012 R2

Standard and Datacenter

x64

Windows 8 and 8.1 Client

Standard, Pro, and Enterprise

x86 and x64

You can deploy the VMM console on the same server as the VMM management server, or on another server or workstation that is running a supported operating system. To enable integration with App Controller and Operations Manager, you must first install the VMM console on the other servers that are running System Center 2012. You can integrate VMM with Orchestrator, and you optionally can install the console on the same server as the Runbook Designer.

Virtual Machine Manager Self-Service Portal System Center 2012 SP1 and System Center 2012 R2 do not include the optional Virtual Machine Manager Self-Service Portal. App Controller is now the web component for self-service. (In Module 12, you will learn more about App Controller planning and deployment.) Note: It is not possible to upgrade the Virtual Machine Manager Self-Service Portal to App Controller.

VMM and SQL Server Database

MCT USE ONLY. STUDENT USE PROHIBITED

7-24 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

Prior to System Center 2012 VMM, the SQL Server Express edition was an option during the installation. However, currently only full versions of SQL Server are supported with VMM. Note: If you are upgrading from an earlier version of VMM and you use an unsupported version of SQL Server, first you will need to move the database. To move the VMM database, you must back up the VMM database, copy it to the computer that is running a supported version of SQL Server, and then restore the database. When you are planning the design and placement of your VMM database, you should consider availability. If you need to install the VMM server as a highly available clustered application, you also should plan availability for the SQL Server that is hosting the database.

The VMM database can reside on a SQL Server along with other application databases. For example, in smaller deployments, you could consider hosting the App Controller database and the VMM database on the same SQL Server. When planning to host multiple application databases, review the prerequisites for each application. The VMM database either must be in the same domain as the VMM server, or a two-way trust must be in place. The SQL Server database server name may not be longer than 15 characters, and must not be case sensitive.

VMM Database Requirements The following table lists the SQL Server versions that are supported for use with VMM 2012 SP1. SQL Server edition

Service pack

Editions

SQL Server 2008 R2 (64-bit)

SP1 or Service Pack 2 (SP2)

Standard, Enterprise, and Datacenter

SQL Server 2012 Enterprise, SQL Server 2012 Standard (64-bit)

SP1

All

Considerations for a Highly Available VMM Management Server The VMM management server runs the VMM service, which processes all commands and manages all communication between the VMM database, the library servers, and the virtual machine hosts. The VMM server is cluster-aware, and you can deploy it as highly available if your virtualization environment is large.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-25

When you are deploying a highly available VMM management server, ensure that you have created a domain account for the VMM service. This account has to have local administrator rights on every computer where you install the VMM management server, console, or agent. For security purposes, it is important to use only the VMM service account for its specifically designated purpose. For example, if you remove the VMM service accounts from the VMM management server, the VMM service account is also removed from the local administrators group. You should also be aware that after you install the VMM management server you cannot change the identity of the VMM service account or move it from a local system account to a domain account. To move it or change its identity, you would have to uninstall VMM, and then reinstall it. You can however, retain the VMM database and reattach it upon the reinstallation. When communicating to multiple VMM components in a highly available environment, you must use distributed key management to store encryption keys in AD DS so that you do not encounter encryption errors. Encrypted data is stored locally in the VMM database using the Windows Data Protection API by default. If you need to move your VMM management server, this encrypted data will not be copied over. However, if you use distributed key management and store the keys in AD DS, this encryption data will be accessible even if you move the VMM management server. Note that before you install VMM, you must prepare AD DS to store encryption keys. You must create a container in AD DS with a Lightweight Directory Access Protocol (LDAP) distinguished name. The user account installing VMM must have Full Control access to this container, to the This object container, and all descended objects of the container. Whenever possible, try to use a highly available installation of SQL Server that is installed on a separate failover cluster from the failover cluster on which you are installing the VMM management server.

When you are planning a VMM deployment, keep in mind that App Controller can connect to multiple VMM management servers. This can be useful when you deploy multiple management servers, as it enables you to reduce traffic between branch office hosts and a centralized management server. Note: If you deploy a highly available (clustered) management server, keep in mind that you cannot install the Virtual Machine Manager library share as a clustered share on the same server on which the management servers reside. Note: When you are naming the VMM management server, the computer name cannot contain the character string SCVMM. For example, you cannot name the server ADATUMSCVMM-01, but you can name it ADATUMSCVMMM01.

Requirements for Installing System Center 2012 R2 VMM The additional requirements for installing System Center 2012 R2 VMM focus on the operating systems on which the various server components can run, and what SQL Server version can store the database. The following table lists the operating system requirements for VMM.

System Center 2012 R2 serverside component

Windows Server 2008 R2

Windows Server 2008 R2 with SP1

VMM management server

Windows Server 2012 Standard, Windows Server 2012 Datacenter

Windows Server 2012 Datacenter, Windows Server 2012 R2 Preview, and Windows Server 2012 R2 Standard











VMM PXE server







VMM update server







Virtual Machine Manager library







VMM virtual machine hosts



The following table lists the SQL Server requirements for VMM. System Center 2012 R2 component VMM database server

SQL Server 2008 R2 SP1 Standard, SQL Server 2008 Datacenter

SQL Server 2008 R2 SP2 Standard, Datacenter 

SQL Server 2012 Enterprise, Standard (64-bit) 

MCT USE ONLY. STUDENT USE PROHIBITED

7-26 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

SQL Server 2012 SP1 Enterprise, Standard (64-bit) 

Some System Center 2012 R2 components such as the DPM management server, the Operations Manager management server, the Service Manager management server, and the Service Manager data warehouse management server do not work correctly if they are combined on the same server. Other components including App Controller, Orchestrator, and VMM can run together on the same computer without issues. Keep this in mind when deploying VMM and other System Center 2012 R2 components.

Demonstration: Installing the VMM Management Server and VMM Console

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-27

In this demonstration, you will see how to install the VMM management server and the VMM console.

Demonstration Steps 1.

Sign in to LON-VMM1 as Adatum\administrator with a password of Pa$$w0rd.

2.

Check the VMM management server prerequisites by examining the Local Server page in Server Manager on LON-VMM1. Review the locations to get this information.

3.

Sign in to the SQL Server Management Studio and review where to find SQL Server version information.

4.

Navigate to the CD ROM drive, and then run the setup.exe file, which will open the Microsoft System Center 2012 R2 Installation splash screen.

5.

In the Microsoft System Center 2012 Virtual Machine Setup Wizard, install VMM, and configure the options as follows: o

o

Select features to install: 

VMM management server



VMM console

Product registration information page: 

Name: Administrator



Organization: A. Datum, Inc.



Product key: Leave blank

o

On the Customer Experience Improvement Program (CEIP) page, click No, I am not willing to participate.

o

On the Microsoft Update page, click Off.

o

On the Installation location page, accept the default settings.

o

On the Database configuration page, use the following settings:

o



Server name: accept default



Instance name: MSSQLSERVER



Database name: VirtualManagerDB

On the Configure service account and distributed key management page, use the following settings: 

User name and domain: ADATUM\SCService



Password: Pa$$w0rd

o

On the Port configuration page, accept the default settings.

o

On the Library configuration page, set the shared folder location to C:\ProgramData \Virtual Machine Manager Library Files, and set the Share name to MSSCVMMLibrary.

6.

After the installation finishes, close the splash screen and launch the VMM console.

7.

On the Connect to page, accept the default settings.

8.

Close the VMM console, and sign out of LON-VMM1.

Lesson 4

Adding Hosts and Managing Host Groups

MCT USE ONLY. STUDENT USE PROHIBITED

7-28 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

Using a Hyper-V server to manage multiple virtual machines offers several advantages. The Hyper-V Manager console becomes the single, central location to conduct all virtual machine configuration and management. You can then add the Hyper-V host to VMM along with other hosts, and create host groups to further centralize your administrative and management oversight. You can then add selected hosts to these groups. When you need to manage several hosts (but not all) in a particular manner, you can set distinct properties for host groups, which simultaneously configures all the hosts belonging to that host group.

Lesson Objectives After completing this lesson, you will be able to: •

Describe the VMM console.



Describe the considerations for adding Hyper-V virtualization resources.



Explain how to add Citrix XenServer and VMware vSphere virtualization resources.



Explain how to add a Hyper-V virtualization host to VMM.



Describe the purpose and functionality of host groups.



Explain how to manage host groups.



Deploy Hyper-V hosts to bare-metal computers.

Demonstration: Using the VMM Console In this demonstration, you will see how to use the VMM console.

Demonstration Steps 1.

Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.

2.

On the desktop, open the Connect to Server page, and review the parameters on the page. Note the example of testing out User Role assignments.

3.

On the desktop, connect to the Virtual Machine Manager console.

4.

The Virtual Machine Manager console opens. Note that the Virtual Machine Manager console always comes up at node it was in when you last closed it. The main areas of the console are as follows:

5.

o

Lower left, Workspace. There are five main workspaces: VMs and Services, Fabric, Library, Jobs, and Settings. Review each main workspace.

o

Named workspace Console tree: Review the various named console trees,

o

Details panes: Review the details panes, and what is included in them, depending on the workspace item selected.

o

Ribbon. Note that System Center 2012 products all have a ribbon at the top of their respective consoles. Note how the tabs and items on the ribbon change depending on what workspace item has been selected.

In the Library workspace, on the ribbon, click the Create Service Template item on the ribbon. This lets you create a new service template. Note the View Script button, and see how it brings up Notepad with Windows PowerShell cmdlets that can be used to create the same item that the user

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-29

interface can create. These cmdlets can be saved as a Windows PowerShell script and is a very useful tool. Notice that the Create items in the Virtual Machine Manager console will have a View Script button. 6.

In the Settings workspace, select the Run As Accounts item.

7.

Close the Virtual Machine Manager console, and sign of off LON-VMM1.

Considerations for Adding Hyper-V Virtualization Resources For VMM to manage a Hyper-V virtualization host, you must deploy the VMM software to the host by using the Add hosts function in the VMM console. In the case of a host in a perimeter network, you deploy the agent software manually, and then add the host in the VMM console. To deploy a Hyper-V host in a trusted domain: 1.

Open the Virtual Machine Manager console, click the VMs and Services workspace, from the ribbon click Add Resources, and then click Hyper-V Hosts and Clusters.

2.

On the Resource location page, click Windows Server computers in a trusted Active Directory domain, and then click Next.

3.

On the Credentials page, choose to either use a Run As account (an account already configured with domain privileges) or manually enter credentials of an account with privileges to install the agent on the host server, and then click Next.

4.

On the Discovery Scope page, you can either specify computer names by entering them on separate lines in the Computer name text box, or you can click Specify an Active Directory query to search for Windows Server computers, type a query, and then click Next.

5.

On the Target resources page, you can click each host or click Select all, and then click Next. A dialog box will prompt you that you are about to enable the Hyper-V role on any servers as part of the process. If you choose to enable the role, the servers will reboot during the process. You can click OK to close the dialog box.

6.

On the Host settings page, you can assign the host or hosts to a Host group. A later section of this module details host groups. Additionally, if you have multiple VMM servers, and another VMM environment currently is managing your host, you can reassociate the host with this environment by clicking Reassociate. You also can assign default placement paths, which is the location in which the Windows operating system will store new or migrated Hyper-V virtual machine files. Additionally, you can assign these paths after you add the host, and then click Next.

7.

On the Summary page, confirm the settings, and then click OK.

8.

In the Jobs window, you can review the progress of the agent deployments.

When you add a host in a perimeter network, you install the agent from the VMM installation media, which will prompt you to generate an encryption key file and assign a password. You must remember the password, and as a best practice, you should copy the generated file to somewhere secure on the VMM server so that you can access it. When adding a host, on the Target resources page, you enter the password in the Encryption key text box, and then provide the location of the encryption key file.

Note: By default, the VMM management server uses port 5986 for agent communication with hosts in a perimeter network, and port 443 for file transfers.

MCT USE ONLY. STUDENT USE PROHIBITED

7-30 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

The DHCPv4 Server Switch Extension is a new feature in System Center 2012 R2 VMM. You can use this extension to assign custom addresses through Dynamic Host Configuration Protocol (DHCP) or you can continue to use static IP addresses as was previously required. When you create IP address pools for a virtual machine subnet, the pool is enabled automatically to provide IP addresses by either mechanism. For DHCP to work correctly, the new DHCPv4 server switch extension is required on all Windows Server 2012 Hyper-V hosts. For Hyper-V hosts running Windows 2012 or Windows Server 2012 R2, VMM offers support for online resizing of .vhdx disks while the disks are in use. This supports the Hyper-V online resizing feature.

Adding Citrix XenServer and VMware vSphere Virtualization Resources You also can use VMM to manage VMware ESX and VMware ESXi hosts, and to manage Citrix XenServer hosts. The steps for adding other vendor hosts are similar to the steps for Hyper-V hosts provided your environment meets the prerequisites for adding each type. Before you can add a VMware host to VMM, you must have a VMware vCenter server, and configure VMM to connect to it. Before you can add a Citrix XenServer host, you need to add the Citrix XenServer - Microsoft System Center Integration Pack to the host. When VMM manages Citrix XenServer hosts, the features in the following table are supported. Feature

Details

Adding Citrix XenServer hosts and pools

You can add stand-alone Citrix XenServer hosts and clusters or pools to the VMM management server. You must install and configure Citrix XenServer before you add the hosts. You must create and configure the Citrix XenServer pools in Citrix XenCenter.

Conversion

Use the P2V conversion process to convert a Citrix XenServer–based virtual machine to a Hyper-V virtual machine. The Citrix Tools for Virtual Machines can remain on the virtual machine. However, VMM 2012 only supports Citrix XenServer virtual machines that are running Windows guest operating systems.

Dynamic optimization and power optimization

The Dynamic Optimization feature is available for Citrix XenServer hosts in VMM. You can use the Live Migration feature to load-balance virtual machines on Citrix XenServer host clusters. You can turn Citrix XenServer hosts on and off with the Power Optimization feature.

Library

You can use VMM to organize and store Citrix XenServer virtual machines, templates, and virtual hard disk files in the Virtual Machine Manager library. When storing Citrix XenServer .vhd and .vhdx files in the Virtual Machine Manager library, open the file’s properties, and on the General page, change the Virtualization platform to Citrix XenServer server.

Feature

Details

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-31

Maintenance mode

You can move Citrix XenServer hosts in and out of maintenance mode from the Virtual Machine Manager console.

Migration

VMM 2012 supports the following VMware transfer types: o Live migration between hosts in a managed pool using Citrix XenMotion. o

LAN Migration between a Citrix XenServer host in the library using Background Intelligent Transfer Service (BITS).

Use TransferVM for each virtual hard disk. Networking

The new VMM network management features are supported on Citrix XenServer hosts. Use Citrix XenServer XenCenter to create external virtual networks. VMM will recognize and use any existing external networks from Citrix XenServer. You should be aware that: a single virtual switch represents all Citrix XenServer switches with different virtual local area network (VLAN) IDs bound to a single physical network adapter.

PRO

You can monitor and provide alerts for Citrix XenServer hosts by integrating Operations Manager with PRO.

Placement

When you create Citrix XenServer virtual machines, VMM uses virtual machine placement on host ratings in the same manner as it does for Hyper-V virtual machines.

Private clouds

Citrix XenServer host resources can be used by private clouds simply by creating a private cloud from host groups wherever Citrix XenServer hosts reside. You can configure quotas, and apply self-service user roles to these clouds without distinction between the different host types.

Services

You can deploy VMM services to Citrix XenServer hosts.

Storage

VMM 2012 supports several Citrix XenServer storage repositories, as follows: o Software iSCSI, network file system (NFS) virtual hard disks, hardwarebased host bus adapters, and Citrix StorageLink technology o

ISO repositories on an NFS where Windows File Sharing/Common Internet File System (CIFS) share with these conditions:

 ISO images deployed from the Virtual Machine Manager library to the Citrix XenServer host must have their permissions set on the ISO repository to Read /Write.  ISO images can only be attached from the Virtual Machine Manager library. o

Shared and local storage

Note: New VMM storage automation features are not supported for Citrix XenServer hosts.

Feature Virtual machine management

Details Paravirtual and hardware-assisted virtualization virtual machines are supported in VMM with the following conditions: o Hardware-assisted virtualization virtual machines can only run Windows-based operating systems.

MCT USE ONLY. STUDENT USE PROHIBITED

7-32 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

o

Creating new virtual machines with the VMM console only creates hardware-assisted virtualization virtual machines.

o

To create virtual machines with paravirtual properties, you first must clone a virtual machine with paravirtual properties to the library, and then you can deploy the virtual machine. You cannot create virtual machines with paravirtual properties by using the New Virtual Machine Wizard from any existing hard disk.

Similar to any other virtual machine, you can start, stop, save state, pause, and shut down Citrix XenServer host-based virtual machines from the VMM console. VMM templates

You can create Citrix XenServer templates with the following restrictions: o Generalization and customization can occur on Windows-based virtual machines only. o

You must install Citrix Tools for Virtual Machines manually.

o

VMM virtual machine templates created from Citrix XenServer virtual machines cannot have any associated disk images modified. You can modify all other properties.

XenServer templates

VMM does not use Citrix XenServer templates. However, you can, use Citrix XenCenter to create a virtual machine, and then make a VMM template from that virtual machine.

VMM command shell

The VMM command shell features work across all hypervisors.

The following features are supported when VMM manages VMware ESX hosts through vCenter Server. Feature

Details

Conversion

This describes the virtual–to-virtual (V2V) machine conversion process to convert a VMware-based virtual machine to a Hyper-V virtual machine. You cannot perform a V2V conversion if the virtual hard disk is on an IDE bus.

Dynamic Optimization & Power Optimization

The Dynamic Optimization feature is available for VMware ESX hosts in VMM 2012. You can use the Live Migration feature to load-balance virtual machines on VMware ESX host clusters. You can turn VMware ESX hosts on and off with Power Optimization.

Library

You can use VMM to organize and store VMware virtual machines, VMware templates, and .vmdk hard disk files in the Virtual Machine Manager library. You should be aware that VMM does not support older .vmdk file types. The only types that are supported are those .vmdk files that are stored as VMware’s Virtual Machine File System, and monolithicFlat.

Maintenance mode

VMware ESX hosts can be put in and out of maintenance mode from the VMM console.

Feature Migration

Details VMM 2012 supports the following VMware transfer types: o Live migration between hosts in a cluster using VMware vSphere vMotion o

Live Storage Migration using Storage VMware vSphere vMotion

Supported VMM transfer types: o Network migration to and from the library o Networking

Network migration between hosts

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-33

VMM supports VMware standard vSwitches, VMware distributed vSwitches, and port groups. You must make all vSwitches and port group configurations through the VMware vCenter server. In addition, VMware ESX hosts support the new VMM network management features. Note: Port groups are not created automatically. Use VMware vCenter server to configure port groups with the necessary VLANs that correspond to VMM logical network sites.

PRO

You can monitor and provide alerts for VMware ESX hosts by integrating Operations Manager with PRO.

Placement

When you create VMware virtual machines, VMM uses virtual machine placement on host ratings in the same manner as it does for Hyper-V virtual machines.

Private clouds

VMware ESX host resources can be used by private clouds simply by creating a private cloud from host groups wherever VMware ESX hosts reside, or by using a VMware resource pool. You can configure quotas and apply self-service user roles to these clouds without distinction between the different host types. However, you should be aware that VMM does not integrate with VMware vCloud.

Services

You can deploy VMM 2012 services to VMware ESX hosts. However, you cannot use VMM to deploy VMware vApps.

Storage

VMM 2012 supports the following VMware storage technologies: o VMware Paravirtual SCSI storage adapters o

VMware thin-provision virtual hard disks using the dynamic disk type with the following conditions:  Creating and deploying virtual machines with a dynamic disk to VMware ESX hosts actually creates the disk as a thin-provisioned disk.

 A virtual machine with a thin provisioned disk created out of band has that disk displayed as a dynamic disk in the VMM console.  Thin-provisioned disks that are saved to the Virtual Machine Manager library are converted to a fixed-thick disk. o

Hot add and hot removal of VMware virtual machine’s virtual hard disks

VMM storage automation features are not supported for ESX hosts.

Feature

Details

MCT USE ONLY. STUDENT USE PROHIBITED

7-34 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

Templates

You can create templates using .vmdk files that are stored in the library, and you can import templates stored on VMware ESX hosts. Importing templates from the VMware vCenter server only imports template metadata, and not the .vmdk file itself.

VMM command shell

The VMM command shell works across all hypervisors.

Consider security requirements before you add other vendor hosts to your network. For example, you must decide how to implement certificates for virtualization hosts, and you may want to determine how to use a Run As account. System Requirements: VMware ESX Hosts http://go.microsoft.com/fwlink/p/?linkId=285337 System Requirements: Citrix XenServer Hosts http://go.microsoft.com/fwlink/p/?linkId=285261

Demonstration: Adding a Hyper-V Virtualization Host to VMM In this demonstration, you will see how to add a Hyper-V host to a VMM installation.

Demonstration Steps 1.

Sign in to LON-DC1 as adatum\administrator with a password of Pa$$w0rd.

2.

In the Group Policy Management Editor, open the Default Domain Policy. Apply the following settings to the domain policy located at: Computer Configuration, Administrative Templates \Network\Network Connections\Windows Firewall\Domain Profile. a.

In the Windows Firewall: Allow inbound file and printer sharing exception dialog box, click Enabled, in the Options text box, type an asterisk (*), which indicates all IP addresses.

b.

In the Windows Firewall: Allow ICMP exceptions dialog box, click Enabled, and then in the Options area, select the Allow inbound echo request check box.

c.

In the Windows Firewall: Define inbound port exceptions dialog box, click Enabled, in the Options section, click Show, and under Value, type 5985.

3.

In the Group Policy Management Editor, navigate to Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service.

4.

In the Allow remote server management through WinRM section, click Enabled. In Options, in both the IPv4 and IPv6 text boxes, type an asterisk (*).

5.

Close the Group Policy Management Editor.

6.

On both the LON-HOST1 and LON-HOST2 physical machines, update group policy with the gpupdate.exe /force cmdlets.

7.

Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.

8.

Open the Virtual Machine Manager console, and add LON-HOST1 as a Hyper-V server to the All Hosts node in VMs and Services, using the following parameters: a.

Resource Location page: Windows Server computers in a trusted Active Directory

b.

c.

Credentials page: Manually enter the credentials. 

User name: ADATUM\Administrator



Password Pa$$w0rd

Discovery Scope page: Specify Windows Server computers by names. 

9.

Computer names: lon-host1.adatum.com

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-35

d.

Target resources page: Discovered computers: check lon-host1.adatum.com

e.

Host Settings page: All Hosts

f.

Summary page: View Script, save script in the documents library as AddHost.ps1 (ensure the All Files (*.*) type is selected).

Observe that LON-HOST1 now displays in the VM’s and Services console tree. Select it and review the details pane showing all the virtual machines from the host that now display. Review all the different management tasks that you can run on the virtual machines.

10. In Windows PowerShell, navigate to the documents folder and then use Notepad to open AddHost.ps1.

11. In Notepad, examine the script by reviewing all of the different cmdlets and text. Note the two variables that are created and the cmdlets they are based on. Note the Add-SCVMHost cmdlets and the various parameters that it calls. Check if there is anything on this line that needs to be changed. The answer should be just the -ComputerName parameter to identify lon-host2 rather than lon-host1 as is written. Go ahead and make this change, and save the file. 12. Close Notepad. 13. Run the Windows PowerShell script that you just saved, by typing ./addhost.ps1. Use the ADATUM\administrator credentials. 14. Wait for Windows PowerShell to display parameters and values in columnar form. 15. Close Windows PowerShell.

16. In the Virtual Machine Manager console, in the VMs and Services console tree, under All Hosts, notice that LON-HOST2 now displays. Click Lon-host2, and note that no virtual machines have been assigned to this host. This verifies that the Windows PowerShell script worked. Remember that the Virtual Machine Manager console is built on Windows PowerShell, and therefore things you do in the console are run in Windows PowerShell at the lower level. 17. With LON-HOST2 still selected, on the ribbon, click the Folder tab, and then click Properties.

18. Take a few moments to review each of the pages in the lon-host2.adatum.com Properties dialog box. 19. Close the Properties dialog box, close all open windows, and sign off of LON-VMM1.

What Are Host Groups? You can use host groups to organize and manage your servers, which makes it easier to apply management settings at a group level. All servers reside in the default host group called All Hosts, unless you specify another location. Host groups may be nested. Therefore, unless you clear the inherited parent host group settings, the parent group’s settings will apply to the hosted group. You can make this change in the Properties page of the selected child object.

MCT USE ONLY. STUDENT USE PROHIBITED

7-36 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

You can create host groups by clicking the VMs and Services workspace, then right-clicking in the Navigation pane, and then clicking Create Host Group. The default host group is called All Hosts. To edit host group properties, right-click a host group, and then click Properties. From the Host group Properties, General page, you can edit the following settings: •

Name of the group



Location of (move) the group



Provide a group description



Allow unencrypted files transfers to the group

Placement Rules

By default, a host group uses the placement setting from the parent host group. If you opt to configure custom placement rules at the individual group level, you can block inheritance by modifying the parent host-group setting.

On the Placement Rules page of the host group properties, you can assign custom placement rules. For example, you can assign custom values to hosts and virtual machines that will determine placement based upon criteria, including one of the following criteria: •

The virtual machine must match the host



The virtual machine should match the host



The virtual machine must not match the host



The virtual machine should not match the host

Host Reserves

Host reserves are placement settings that enable the host system to retain resources for its own use. This is useful when a Hyper-V host has additional services running, such as in a branch office where you have configured a Virtual Machine Manager library.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-37

The following table details how you can set or override the following host reserves at the individual host level. Resource

Notes

CPU

You can set CPU as a percentage. The default percentage value is 10. However, 10 percent of one dual-core processor that is running at 2 GHz is not the same as 10 percent of four six-core processors that are running at 2.8 GHz.

Memory

The default is memory value is 256 MB, but you can change this or set this as a percentage.

Disk I/O

The default value is 0, but you can set this as a percentage. You may wish to ensure a minimal amount of disk I/O is reserved if you are using a host as a Virtual Machine Manager library.

Disk space

You can set disk space as a numeric value or percentage.

Network I/O

The default value is 0, but you can set this as a percentage. You may wish to ensure a minimal amount of network I/O is reserved if you are using a host as a Virtual Machine Manager library.

Dynamic Optimization

Dynamic Optimization enables VMM to balance the virtual machine loads automatically within a host cluster. By defining minimum resource thresholds for hosts, VMM migrates the virtual machine to alternative hosts if available resources fall below those assigned thresholds. The following table lists the thresholds that you can set. Resource

Notes

CPU

Default is 30 percent

Memory

Default is 512 MB

Disk I/O

Default is 0

Disk space

Set as a numeric value or percentage

Network I/O

Default is 0

Note that these settings will impact all hosts within the host group.

In addition to workload balancing, VMM also can invoke power optimization. You can enable power optimization by selecting Settings under the Power Optimization section of the Dynamic Optimization page.

Power Optimization Prerequisites

To enable power management, you must have a baseboard management controller that support one of the following out-of-band management protocols: •

Intelligent Platform Management Interface versions 1.5 or 2.0



Data Center Manageability Interface version 1.0



Systems Management Architecture for Server Hardware version 1.0 over Web Services for Management (WS-Management)

Network The network page defaults to inheriting network logical resources from the parent host group. You can clear these settings and assign different resource types including IP pools, load balancers, logical networks, and MAC pools.

Storage

MCT USE ONLY. STUDENT USE PROHIBITED

7-38 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

Storage capacity for the host group includes storage allocated to the parent host groups. Here you can allocate storage pools and logical units, if they exist.

Custom Properties You can assign and manage custom properties here. The Manage Custom Properties button lets you select various object types, and the Create button allows you to create custom properties.

Demonstration: Managing Host Groups In this demonstration, you will see how to manage host groups.

Demonstration Steps 1.

Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.

2.

In the Virtual Machine Manager console, in the VMs and Services console tree, create a new host group, and name it LocalGroup.

3.

Using the ribbon, move LON-HOST1 into the group.

4.

Using the context menu, move LON-HOST2 into the group.

5.

Review the LocalGroup Properties dialog box, and note all the various options on each page. Click Cancel when done.

6.

Close the Virtual Machine Manager console, and sign off from LON-VMM1.

Deploying Hyper-V Hosts to Bare-Metal Computers When an organization acquires a new physical server, typically you perform a series of tasks to configure and prepare the server prior to using it. For example, you would install a server operating system, configure that server’s storage and networking, configure roles and features, and provide security hardening. You would then test everything to make sure it all worked correctly, and if it did, only then would you start using it.

Usually, administrators must complete these tasks manually. However, you can now avoid this by deploying a Hyper-V host with virtual machines, and by using the various VMM technologies to configure bare-metal computers. (For this course, a baremetal computer refers to a server, usually new, with no operating system installed.) Therefore, instead of having to perform manually all the steps described earlier, you can now deploy the Windows Server 2012 R2 operating system with the Hyper-V role installed, and add it automatically as a physical host to VMM.

To do this, your infrastructure must meet a number of prerequisites:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-39



The physical computers must be configured correctly and be able to run the Hyper-V role (such as 64-bit processors, and virtualization technologies). In addition, a PXE server must exist and you must add it to VMM management. You can do this by deploying the Windows DS role on any supported operating system, which is most any Windows Server 2008 R2 or newer domain member server. Your Windows DS server can continue to deploy various operating systems as always, because VMM will only respond to requests from computers that you designate as new virtual machine hosts in VMM.



You must set the bare-metal computer’s BIOS or Extensible Firmware Interface (EFI) boot order to boot first from a PXE-enabled network adapter.



Baseboard management controllers (BMCs) must have logon credentials and an IP address assigned, either statically or through DHCP, and the BMC's network segment must be accessible to the VMM management server. This will allow the out–of–band management to discover the physical computers.



You must create a host profile, and any needed driver files must be in the Virtual Machine Manager library.



If you are assigning static IP addresses to the hosts, then you must obtain the network adapter MAC address of those hosts that you will use for management. This adapter will be used to communicate with the VMM management server. If the hosts have multiple network adapters and locally attached storage, you should collect this information, such as the MAC addresses of the adapters and the sizes of the disks, before you begin the deployment. However, if you are running System Center 2012 SP1 VMM or System Center 2012 R2 VMM, you can use the process for discovering physical computers to create as physical hosts known as deep discovery to view this information during the deployment.



If you wish to use a Run As account to launch the deployment process, the account must have permissions to access the BMCs.



If you have multiple Domain Name System (DNS) servers that take time to replicate information, you can create DNS host records for the computer names that will be assigned to the hosts, and allow this information to replicate to all the DNS servers.

You start the process to deploy the Hyper-V host to bare-metal computers in the Fabric workspace on the Virtual Machine Manager console, using the following procedures: 1.

In the Fabric console tree, click Servers.

2.

On the home tab of the ribbon, click the Add Resources drop-down list box, and then click Hyper-V Hosts and Clusters.

3.

In the Add Resource Wizard, on the Resource location page, select the radio button for Physical computers to be provisioned as virtual machine hosts. Note: This step will fail if you do not have any host profiles.

4.

On the Credentials and protocol page, if you have created a Run As account, you can click the Browse button, and find it here. There is also the option to Create Run As Account. In the Protocol area, you can select the out-of-band management protocol: you can use either the Intelligent Platform Management interface (which includes the Data Center Management interface), or you can use the Systems Management Architecture for Server Hardware (SMASH).

MCT USE ONLY. STUDENT USE PROHIBITED

7-40 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

5.

On the Discovery scope page, type the IP address scope that includes the BMC’s IP addresses. You can also specify a single IP address. If you use the subnet or range of IP addresses, the Target resources page will display all the discovered computers for those addresses. Each computer has a check box next to it; select the check boxes of the computers that you wish to convert to a Hyper-V host.

6.

On the Provisioning options page, you can select the host group to which to assign the Hyper-V host, regardless of whether the Hyper-V hosts will use DHCP or static addresses. You do this by using the appropriate host profile. If you are running System Center 2012 SP1 VMM or System Center 2012 R2 VMM, when you select the check box next to a computer name, the system runs deep discovery. You must allow time for this process to occur.

7.

On the Deployment customization page, the options will vary based on the host profile you previously selected.

8.

On the Summary page, click Finish to deploy the bare metal computers as Hyper-V hosts. This will also place them as physical hosts that are controlled by the VMM management server.

Lab: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-41

The first phase of the virtualization project was very successful, and A. Datum Corporation is starting to implement a Hyper-V virtualization platform in the remaining three subsidiaries and in the main data center. As part of the second phase of the project, A. Datum also wants to implement a better management solution that will enable administrators to manage the entire virtualization environment from a single management interface. Administrators in the main office require a management tool to manage the entire infrastructure, whereas administrators in each of the subsidiaries only need to manage the servers and other components located within their data center. A. Datum has decided to implement System Center 2012 R2 VMM to manage their virtualization infrastructure. You need to deploy the VMM server components and add the existing Hyper-V hosts to the environment. You also need to ensure that you configure the environment in such a way that administrators in each subsidiary can manage the virtualization hosts at their location.

Objectives After completing this lab, you will be able to: •

Install and configure VMM, including managing VMM from a remote host.



Configure and manage hosts and host groups in System Center VMM.

Lab Setup Estimated Time: 45 Minutes

Virtual machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-VMM1, and 20409B-LON-CL1 User name: Adatum\Administrator Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps: 1.

Start both 20409B-LON-HOST1 and 20409B-LON-HOST2.

2.

Sign in to the LON-HOST1 and LON-HOST2 computers as Adatum\Administrator with the password of Pa$$w0rd.

3.

On LON-HOST1 and LON-HOST2, start Hyper-V Manager.

4.

In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.

5.

In the Actions pane, click Connect. Wait until the virtual machine starts.

6.

Sign in by using the following credentials: o

User name: Adatum\Administrator

o

Password: Pa$$w0rd

7.

Repeat steps 4-6 for 20409B-LON-VMM1 and 20409B-LON-CL1.

8.

In the 20409B-LON-VMM1 on LON-HOST1 – Virtual Machine Connection, click the Media dropdown list box, click DVD Drive, and then click Insert Disk.

9.

In the Open pop-up window, navigate to D:\Program Files\Microsoft Learning\20409\Drives, select the SC2012R2.iso file, and then click Open. Note that the drive letter for the Microsoft Learning folder may differ based on the initial setup of the course files.

MCT USE ONLY. STUDENT USE PROHIBITED

7-42 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

In addition, for the rest of the labs, the tasks need be done only once in each lab partnership. There will not be some steps done by the LON-HOST1 student and others by the LON-HOST2 student. The lab partners can decide and even switch between themselves as to who does what for each task. This applies to this lab through the lab in Module 13. Note: Because you will be using the same virtual machines in the next lab, at the conclusion of this lab do not revert the virtual machines. However, you can shut down all virtual machines after finishing this lab.

Exercise 1: Installing and Configuring System Center 2012 R2 VMM Scenario

In this exercise, you will install System Center 2012 R2 VMM and its prerequisites into a Windows Server 2012 R2 virtual machine. They will also install a VMM console in a client virtual machine that will be used for managing VMM. The main tasks for this exercise are as follows: 1.

Review the email from Ed Meadows, CIO, A. Datum, Inc.

2.

Check for VMM prerequisites, and install VMM.

3.

Install the VMM management server and Virtual Machine Manager console on LON-VMM1.

4.

Install the Virtual Machine Manager console on LON-CL1.

 Task 1: Review the email from Ed Meadows, CIO, A. Datum, Inc.

Email From: Ed Meadows, CIO, A. Datum Corp. To: IT department Subject: Ready to add System Center 2012 R2 Virtual Machine Manager! I really appreciate the way you have set up our Hyper-V environment! Everything looks great. Now that we have our virtualization infrastructure in place, I would like you create a test implementation of System Center 2012 R2 Virtual Machine Manager. To do this, we need to: 1.

Load the software on one of our servers in the London Site. We need at least two physical hosts, but have plenty of virtual machines on them. Do you recommend putting this on a virtual machine or physical computer? Please let me know what computers you’ll be using. Remember that the test data that you gather will be used to further deploy a much more robust solution that we will use to build our private clouds.

2.

Make sure that all the prerequisites Microsoft has recommended are met. If there are any shortfalls, let me know as soon as possible. Create a list of the prerequisites that you will need to verify.

3.

After you have created the VMM management server and installed a Virtual Machine Manager console on a desktop client in the Developer department, finish testing the console and ensure everything works.

4.

Finally, create the local host group and assign at least two physical hosts.

Ed

To create the test implementation, answer the following questions: 1.

How many VMM servers do you need to deploy in the Adatum environment?

2.

What are the VMM prerequisites that need to be met?

3.

Will you deploy VMM on a single server, or will you separate components onto dedicated servers?

4.

Will you install the VMM server inside a virtual machine or on a physical machine?

5.

What computers will you use, and what will be their roles?

 Task 2: Check for VMM prerequisites, and install VMM

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-43

1.

On LON-VMM1, verify the VMM management server prerequisites by examining the Local Server page in Server Manager on LON-VMM1.

2.

Verify that LON-VMM1 is in the Adatum.com domain.

3.

Verify that the Operating system version is either the Standard or Datacenter version of Windows Server 2012 R2.

4.

Confirm that the operating system has at least a 2 GHz Pentium processor, 4 GB of RAM, and 80 GB of disk space available.

5.

From the Start screen, open and then sign in to SQL Server Management Studio.

6.

Verify that the version of SQL Server supports System Center 2012 R2 VMM.

7.

Open the Registry Editor. In the Registry Editor window, click the HKEY_LOCAL_MACHINE subkey. Navigate to SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\.

8.

In the Version item, note the value in the Data column. It should be 4.5.51641 or higher.

9.

Close the Registry Editor window.

10. Open the Services console, and verify that the Windows Remote Management (WS–Management) service is running and is set to Automatic. 11. On the taskbar, click the File Explorer icon. 12. In the This PC window, double-click the DVD Drive icon. 13. In the VMM folder, verify that installation files are visible.

 Task 3: Install the VMM management server and Virtual Machine Manager console on LON-VMM1 1.

In File Explorer, in the VMM window, double-click the setup.exe file, which will open the Microsoft System Center 2012 R2 Installation splash screen.

2.

Use the Microsoft System Center 2012 Virtual Machine Setup Wizard to install VMM, and set the options on each page, as follows: a.

Select features to install page: VMM management server and VMM console.

b.

Product registration information page:

c.



Name: Administrator



Organization: A. Datum, Inc.



Product key: blank

Customer Experience Improvement Program (CEIP) page: No, I am not willing to participate

d.

Microsoft Update page: Off

e.

Installation location page: Accept default

f.

Database configuration page:

g.



Server name: accept default



Instance name: MSSQLSERVER



Database name: VirtualManagerDB

Configure service account and distributed key management page: 

User name and domain: ADATUM\SCService



Password: Pa$$w0rd

h.

Port configuration page: Accept defaults

i.

Library configuration page: 

Shared folder location: C:\ProgramData\Virtual Machine Manager Library Files



Share name: MSSCVMMLibrary

3.

After the installation finishes, clear the Check for the latest Virtual Machine Manager updates check box, and then click Close.

4.

On the Connect to Server page, click Connect.

5.

Close both the Virtual Machine Manager console and the Microsoft System Center 2012 R2 splash screen.

 Task 4: Install the Virtual Machine Manager console on LON-CL1 Note: Perform these steps from LON-HOST2. In Hyper-V Manager on LON-HOST2, rightclick Hyper-V Manager in the console tree and select Connect to server, select Another computer, and type LON-HOST1 and then click OK. Select and connect to LON-CL1.

MCT USE ONLY. STUDENT USE PROHIBITED

7-44 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

1.

On LON-CL1, click to the desktop.

2.

Open File Explorer, and then navigate to \\lon-vmm1.adatum.com\c$\Program Files \Microsoft System Center 2012 R2\Virtual Machine Manager\setup\msi\Client.

3.

Run the AdminConsole.msi file. The MSI file will open a pop-up window stating that it is installing and displaying a progress bar. If it does not encounter an error, then after installing the Virtual Machine Manager console successfully, the window will close itself.

4.

Open the Apps by name start screen, and then pin the Virtual Machine Manager Console NEW tile to the desktop taskbar.

5.

Launch the Virtual Machine Manager Console NEW program from the taskbar.

6.

On the Connect to Server page, change the Server name to LON-VMM1.adatum.com:8100.

7.

Navigate around the console, and observe that is the same Virtual Machine Manager console as is installed on LON-VMM1.

8.

Close the Virtual Machine Manager console, and sign off of LON-CL1.

Results: After completing this exercise, you should have installed System Center 2012 R2 VMM.

Exercise 2: Managing Hosts and Host Groups Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-45

In this exercise, you will create host groups, add physical servers and configure host group properties. The main tasks for this exercise are as follows: 1.

Set the default domain group policy to allow domain members to become hosts.

2.

Add LON-HOST1 and LON-HOST2 to VMM.

3.

Create a LocalGroup host group, and then add LON-HOST1 and LON-HOST2 to the LocalGroup host group.

4.

Configure LocalGroup properties.

 Task 1: Set the default domain group policy to allow domain members to become hosts 1.

On LON-DC1, in Server Manager, open the Group Policy Management Editor, and then edit the Default Domain Policy.

2.

Navigate to Computer Configuration\Profiles\Administrative Templates\Network \Network Connections\Windows Firewall\Domain Profile, and then apply the following settings: a.

In Windows Firewall: Allow inbound file and printer sharing exception, click Enabled, in Options, type an asterisk (*) (which indicates all IP addresses).

b.

In Windows Firewall: Allow ICMP exceptions, click Enabled, in Options, click Allow inbound echo request.

c.

In Windows Firewall: Define inbound port exceptions, select Enabled, in Options: Define port exceptions, click Show, and under Value, type 5985.

3.

In the Group Policy Management Editor, navigate to Computer Configuration\Profiles \Administrative Templates\Windows Components\Windows Remote Management (WinRM) \WinRM Service.

4.

In the Allow remote server management through WinRM window, select Enabled, in Options, for both IPv4 and IPv6, type an asterisk (*).

5.

Close the Group Policy Management Editor.

6.

On both LON-HOST1 and LON-HOST2 physical machines, use Windows PowerShell to update the group policy with gpupdate.exe /force.

 Task 2: Add LON-HOST1 and LON-HOST2 to VMM 1.

On LON-VMM1, open the VMM console, and add LON-HOST1 as a Hyper-V server to the All Hosts node in VMs and Services, using the following parameters: a.

Resource Location page: 

b.

c.

Windows Server computers in a trusted Active Directory

Credentials page: Manually enter the credentials. 

User name: ADATUM\Administrator



Password: Pa$$w0rd

Discovery Scope page: Specify Windows Server computers by names. 

Computer names: lon-host1.adatum.com

d.

Target resources page: 

Discovered computers: lon-host1.adatum.com

MCT USE ONLY. STUDENT USE PROHIBITED

7-46 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

e.

Host Settings page: All Hosts.

f.

Summary page: View Script, save script in the documents library as AddHost.ps1 (ensure the All Files (*.*) type is selected).

2.

Observe that LON-HOST1 now displays in the VM’s and Services console tree.

3.

Open Windows PowerShell, navigate to the documents folder, and then use Notepad to open AddHost.ps1.

4.

In Notepad, in Add-SCVMHost, change the -ComputerName parameter to identify LON-HOST2 rather than LON-HOST1.

5.

Save the file, and close Notepad.

6.

Run the Windows PowerShell script that you just saved by typing ./addhost.ps1.

7.

When prompted, use the ADATUM\administrator credentials.

8.

When Windows PowerShell displays a number of parameters and values in columnar form, review this data.

9.

Close Windows PowerShell.

10. In the Virtual Machine Manager console, in the VMs and Services console tree, under All Hosts, verify that LON-HOST2 now displays.

 Task 3: Create a LocalGroup host group, and then add LON-HOST1 and LON-HOST2 to the LocalGroup host group 1.

On LON-VMM1, if the Virtual Machine Manager console is not already open, then open it.

2.

In the Virtual Machine Manager console, in the VMs and Services console tree, create a new host group named LocalGroup.

3.

Use the tools on the ribbon to move LON-HOST1 into the group.

4.

Use the context menu to move LON-HOST2 into the group.

 Task 4: Configure LocalGroup properties 1.

Right-click LocalGroup and then click Properties.

2.

In the LocalGroup Properties dialog box, in the Properties pages, configure the following: a.

On the General page, add the description, The local group of virtualization hosts the A. Datum IT department is using.

b.

On the Host Reserves page, clear the Use the host reserves settings from the parent host group check box. In the Disk space, amount text box, change the values from 1% to 2%.

3.

On the LocalGroup Properties page, click OK.

1.

Close the VMM Console, and sign out of LON-VMM1.

Results: After completing this exercise, you should have created and configured hosts and host groups.

Module Review and Takeaways Review Questions Question: In which scenarios will it be beneficial to deploy System Center 2012 R2 App Controller? Question: In which scenarios is it beneficial for you to use Windows PowerShell rather than a GUI such as the VMM console?

Common Issues and Troubleshooting Tips Common Issue

Troubleshooting Tip

You cannot add the physical computer as a host.

You cannot perform a V2V conversion of a VMware ESX–hosted virtual machine.

Tools Tool

Use for

Where to find it

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

7-47

SQL Server Management Studio

Manage all aspects of a SQL Server installation.

SQL Server installation DVD

Disk2vhd

Tool that creates virtual hard disks of physical disks for use on Hyper-V hosts as virtual machines. You can convert the operating system disk and the data disks on a physical computer.

Windows Sysinternals download page: http://go.microsoft.com/fwlink /?LinkID=386697

Windows ADK

A collection of tools that you can use to customize, assess, and deploy Windows operating systems to new computers.

Microsoft Download Center: http://go.microsoft.com/fwlink /?LinkID=386730

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED 8-1

Module 8

Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager Contents: Module Overview

8-1

Lesson 1: Managing Networking Infrastructure

8-2

Lab A: Network Infrastructure Management

8-18

Lesson 2: Managing Storage Infrastructure

8-22

Lab B: Managing Infrastructure Storage

8-32

Lesson 3: Managing Infrastructure Updates

8-36

Lab C: Infrastructure Updates Management

8-42

Module Review and Takeaways

8-45

Module Overview

Microsoft System Center 2012 R2 includes components that you can deploy and manage through the System Center 2012 R2 Virtual Machine Manager (VMM) console. The Fabric workspace in the VMM console simplifies working with a variety of storage and network technologies. Using these components, you can build and connect your virtualization network and storage infrastructure, thereby creating the underlying framework for deploying virtual machines, services, and clouds. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.

Objectives After completing this module, you will be able to: •

Manage the networking infrastructure in VMM.



Manage the storage infrastructure in VMM.



Manage infrastructure updates by creating update baselines, and by scanning and remediating noncompliant servers.

Lesson 1

Managing Networking Infrastructure Managing physical network infrastructure in dynamic and complex data center environments can be challenging. You might require multiple applications, consoles, and command-line interfaces to administer the infrastructure. VMM provides a single console from which you can perform most of the administrative tasks, and thus simplifies working with logical and virtual networking components.

MCT USE ONLY. STUDENT USE PROHIBITED

8-2 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

This lesson introduces you to the VMM networking fundamentals and provides high-level overviews of advanced concepts. This lesson also explains the VMM networking components and integration options with other vendor networking tools. Finally, this lesson describes how to design and implement the various virtualization options.

Lesson Objectives After completing this lesson, you will be able to: •

Describe VMM logical networks.



Describe the components and features of the networking infrastructure.



Describe the configuration options for virtual networks.



Explain how to configure logical networking in VMM.



Explain how to configure ports and logical switches in VMM.



Configure virtual network components in VMM.



Describe how to use virtual machine networks to isolate networking.



Explain how to manage network virtualization in VMM.



Configure network virtualization.



Describe Windows Server Gateway

VMM Logical Networks A VMM logical network is a collection of VMM network sites, IP subnet information, and virtual local area network (VLAN) information. You can associate IP address pools with IP subnets that are part of a logical network. You can use logical networks in VMM to describe networks with different purposes and then associate those networks with adapters. For example, you can create one logical network for traffic isolation (such as a network used for cluster node communication), and then associate the network adapters reserved for this communication with this VMM logical network.

At least one logical network must exist before you can deploy virtual machines and services. By default, when you add a Hyper-V host to VMM, if a physical network adapter on the host does not have an associated logical network, VMM automatically creates and associates a logical network that matches the first Domain Name System (DNS) suffix label of the connection-specific DNS suffix.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

For example, if the DNS suffix for the host network adapter is adatum1.adatum.com, VMM creates a logical network with the name adatum1.

8-3

When you create a logical network, you can create one or more associated network sites. A network site is a collection of one or more subnets, VLANs, and subnet-VLAN pairs. You can control which host groups connect to a network site. For example, if you have a Seattle host group and a New York host group, and if you want to make the BACKEND logical network available to each, you can create two network sites for the BACKEND logical network. You then can scope one network site to the Seattle host group (and any desired child host groups), and the other network site to the New York host group (and any desired child host groups). When you associate one or more IP subnets with a network site, you can create an IP address pool. An IP address pool is a range of IP addresses within an IP subnet. For example, the range 10.0.0.2 to 10.0.0.150 would be an address pool within the 10.0.0.0/24 subnet. A static IP address pool enables VMM to assign static IP addresses to hosts and allows you to manage IP addresses for the virtual environment. Configuring static IP address pools is optional and you can assign addresses automatically through Dynamic Host Configuration Protocol (DHCP), if it is available on the network. For more information on Logical Networks, consult the following TechNet article: Configuring VM Networks in VMM Illustrated Overview http://go.microsoft.com/fwlink/?LinkID=386735

What Is the VMM Networking Infrastructure? In VMM, the networking infrastructure is a group of configurable network resources that you can use to create, model, organize, and manage your virtualized server network connectivity. The following sections describe the configurable components and their subcomponents.

Logical Networks

Logical networks are a set of logical network objects that you can use to model your network environment. You can create multiple logical networks, and then associate them with one or more host groups. For example, you can create a perimeter logical network, a development logical network, and a production logical network. When administrators or application administrators deploy virtual machines and services, they will be able to select a logical network without the need to understand the underlying networking infrastructure.

Network Sites

You can create network sites to associate subnets and VLANs with a location or department. You associate sites with the logical network, and then assign the host group that can use the network site.

MAC Address Pools

VMM can assign static media access control (MAC) addresses automatically to new virtual network devices on Windows-based virtual machines that are running on any managed Windows Server 2012 Hyper-V, VMware ESX, or Citrix XenServer host. VMM has two default static MAC address pools: the default MAC address pool for Hyper-V and Citrix XenServer, and the default VMware MAC address pool for VMware ESX hosts. You should use the default static MAC address pools only if you set the MAC address type for a virtual machine to Static. If you set the virtual machine setting to Dynamic, the hypervisor will assign the

MAC address. You can use the default MAC address pools, or you can configure custom MAC address pools that you scope to specific host groups.

Virtual IP Templates

MCT USE ONLY. STUDENT USE PROHIBITED

8-4 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

A virtual IP template contains a load balancer and related configuration settings for a specific type of network traffic. For example, you could create a template that specifies the load balancing behavior for HTTPS traffic on a specific load balancer manufacturer and model. These templates represent the best practices from a load balancer configuration standpoint. After you create a virtual IP template, users (including self-service users), can specify the virtual IP template to use when they create a service. When users model a service, they can choose an available template that best matches the needs of their load balancers and type of application.

Load Balancer Integration

By adding a load balancer to VMM, you can load balance requests to the service tier’s virtual machines. You can use Network Load Balancing (NLB), or you can add supported hardware load balancers through the VMM console. VMM includes NLB as an available load balancer, and it uses the round-robin method for load balancing. To add supported hardware load balancers, you must install a configuration provider that is available from the load balancer manufacturer. The configuration provider is a plug-in to VMM that translates Windows PowerShell commands to application programming interface (API) calls, which are specific to a load balancer manufacturer and model. Supported hardware load balancer devices are F5 BIG-IP, Brocade ServerIron, and Citrix Netscaler. You must obtain the load-balancer provider from the load-balancer vendor, and then install it on the VMM management server.

Logical Switches

You can use logical switches to apply a single configuration to multiple hosts. You configure logical-toHyper-V port profiles and uplink profiles, port classification, and virtual-switch extensions. By using logical switches, you can enforce compliance among the host servers and reduce the time required to deploy and administer hosts.

Port Profiles You can create and use two Hyper-V port profiles in VMM: •

Virtual network adapter port profiles. You create this type of profile for use by virtual machines and hosts. These profiles have configurable offload, security, and bandwidth settings.



Uplink port profiles. You configure this type of profile to use with uplink ports. You can configure the load-balancing algorithm and teaming mode.

Port Classifications

You can create port classifications, and then use them across multiple logical switches to help identify and group sets of features.

Network Service

A network service in VMM includes components such as gateways, virtual switch extensions, top-of-rack switches, and network managers. To add a network service, you must first install the associated provider, and then restart the System Center Virtual Machine Manager service. You can configure each of the following components by using the Add Network Service Wizard: •

Gateway. In VMM, you can configure a gateway to allow network traffic in and out of a virtual machine network that is using network virtualization. You can configure this for local network routing which routes traffic between the virtual machine network and the physical network. Alternatively, you can configure it for remote network routing, which first creates a virtual private network (VPN) connection with another endpoint of a site-to-site VPN, and then routes in and out of the virtual machine network through the VPN tunnel.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-5



Virtual switch extensions. Virtual switch extensions provide non-Microsoft vendors the ability to add monitoring, filtering, and forwarding extensions. For example, Cisco has created the Cisco Nexus 1000V for Hyper-V. This forwarding extension allows Cisco administrators to configure networking in VMM by using familiar Cisco commands. An example of a monitoring extension is Host sFlow, which exports performance metrics using the sFlow protocol.



Network managers. Network managers enable you to use a non-Microsoft network management console to configure forwarding extensions. With network managers, you can manage settings such as logical networks, sites, and virtual machine networks.



TOR switches. By using VMM to manage TOR switches, you can control physical switch ports. For example, you can create the corresponding VLAN and apply it to the physical port, thus keeping both physical and virtual switch settings synchronized.

Configuration Options for Virtual Networks You can create Hyper-V virtual switches in the VMM console just as you can create them in the Virtual Switch Manager in the Hyper-V console. In the VMM console, you can apply the same options as in the Virtual Switch Manager, although you cannot control switch extensions within this area. You can create three types of virtual switches on your Hyper-V host servers: •

External. You can create a virtual network switch that you bind to a physical network adapter in the host server. After you have created this virtual switch, you can then connect one or more virtual machine network adapters, thereby permitting virtual machines access to a physical network. You can create only one external virtual switch for each physical network adapter. However, you can optionally allow the host to share the network adapter with the virtual switch.



Internal. Creating an internal switch enables virtual machines to communicate with each other and with the Hyper-V host. However, internal switches do not allow any communication with the physical network.



Private. The private virtual switch allows virtual machines to communicate with each other. You can create multiple private virtual switches on a single Hyper-V host to isolate different groups of virtual machines.

You can use VLAN settings and external virtual switches to share the network adapter with the virtual guest machines. If you do this, you can then set VLAN IDs for the host server. However, this does not control virtual machine VLAN configuration. You can add a virtual switch in the VMM console by performing the following steps: 1.

In the VMM console, click the Fabric icon.

2.

In the Fabric workspace, click Servers, or if required, navigate to the host group containing the server to which you wish to add the virtual switch.

3.

In the central workspace, right-click the server you want to add the switch to, and then click Properties.

4.

MCT USE ONLY. STUDENT USE PROHIBITED

8-6 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

In the Properties dialog box, on the left side, click Virtual Switches, click New Virtual Switch, and then click New Standard Switch.

Note: You also have the option of creating a new logical switch. However, you can only create a new logical switch after creating at least one logical switch elsewhere in VMM. You will learn more about logical switches later in this module. 5.

Provide a name and optional description for the switch, and then click the required switch type (External, Internal, or Private). Define whether the host should share the adapter using VLAN 0 or anther VLAN, and then click OK.

6.

When a warning that the host may temporarily lose network connectivity displays, click OK.

You can monitor the progress in the Jobs workspace.

Configuring Logical Networking in VMM The first step in building logical networks is to define and determine your network requirements. Considering the answers to the following questions: •

How many logical networks do you require?



How many network sites do you require?



Is isolation required?



Will you need to route isolated traffic between hosts or sites?



What IP subnets will you use?



What VLAN ID will you use?

When creating the logical network, you will be able to choose a single, routable network that includes the option to allow virtualized virtual machine networks, to use VLAN-based independent networks, or to use Private VLAN (PVLAN) networks. To create the logical network, use the following steps: 1.

Launch the VMM console, click the Fabric workspace, on the ribbon, click Create, and then click Logical Network.

2.

On the Name page, in the Name text box, type the required network name such as INTRANET, and in the Description text box, type a description. Click the required network option, VLAN, PVLAN, or leave the default option selected (One connected network). If required, click Allow new VM networks created on this logical network to use network virtualization, and then click Next.

3.

On the Network Site page, click Add, and then in the Host groups that can use this network site section, select the host groups that will use this network site, for example, All Hosts.

4.

In the Associated VLANs and IP subnets area, click Insert row, and then in the VLAN text box, type a VLAN number, for example, 2.

5.

In the IP subnet text box, type an IP subnet, for example 172.20.0.0/16.

6.

Click Next, and then click Finish.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Configuring Ports and Logical Switches in VMM Logical Switches You can use logical switches to apply a single configuration to multiple hosts, and you configure them to use uplink profiles, port classification, and virtual-switch extensions. The supported switch extensions types are:

8-7



Monitoring. Use monitoring extensions to monitor and report network traffic, but you cannot use them to modify packets.



Capturing. Use capturing extensions to inspect and sample traffic but you cannot use them to change packets.



Filtering. Use filtering extensions to block, modify, or defragment packets, and to block ports.



Forwarding. Use forwarding extensions to direct traffic by defining destinations, and to capture and filter traffic. To avoid conflicts online, only one forwarding extension can be active on a logical switch.



Virtual switch extension manager. Use virtual switch extension manager to allow use of a vendor network-management console and VMM together. To do this, you need to install the vendor’s provider software on the VMM server.

Uplink Profiles

You can use native uplink profiles to configure uplink adapters. Uplink adapters must be available on the physical network adapters to which a switch connects. You can assign uplink profiles to host groups, and then enable them to support network virtualization in Windows operating systems. You also can use uplink profiles to configure virtual adapters for enabling offload settings, such as Virtual Machine Queue (VMQ), Internet Protocol security (IPsec) task offloading, and single-root I/O virtualization (SR-IOV). Virtual network adapter port profiles allow you to reuse the same settings across multiple switches, which simplify your virtual environment deployments.

Additionally, you can specify minimum and maximum bandwidth settings and relative bandwidth weights. These settings define how much bandwidth a virtual network adapter can use in relation to other virtual network adapters that connect to the same switch. The following default uplink profiles have already been created in VMM: •

SR-IOV profile



Network load balancer (NLB) network interface card (NIC) profile



Low, medium, and high bandwidth adapters



Host management



Live migration



Cluster



Guest dynamic IP



Internet small computer system interface (iSCSI)



Default

Each of these profiles comes already configured with varying offload, security, and bandwidth settings.

Port Classifications

MCT USE ONLY. STUDENT USE PROHIBITED

8-8 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

You can create port classifications, and then use them across multiple logical switches to help identify and group sets of features. The following default port classifications have already been created in VMM: •

SR-IOV



Network load balancing (NLB)



Live migration workload



Host cluster workload



Low, medium and high bandwidth



Guest dynamic IP



iSCSI workload

Demonstration: Configuring Virtual Network Components in VMM

In this demonstration, you will see how you can use VMM to create and configure the following network components: •

Logical networks



IP pools



Logical switches



Native port profiles



Port classifications

You also will see how to assign logical switches to Hyper-V hosts.

Demonstration Steps 1.

On LON-VMM1, launch the Virtual Machine Manager console.

2.

Create a logical network named Adatum UK that permits the use of network virtualization.

3.

Create two network Sites that use the All Hosts host group using the following details: a.

Network site name: Docklands

b.

VLAN: 0

c.

IP Subnet: 192.168.1.0/24

d.

Network site name: Gatwick

e.

VLAN: 0

f.

IP Subnet: 192.168.2.0/24

4.

When setup is complete, close the Jobs window.

5.

From the Fabric workspace, create a new IP Pool named Adatum UK IP Pool. Use the Adatum UK logical network.

6.

Using the Docklands network site and the 192.168.3.0/24 IP subnet, complete the wizard accepting the defaults, and then close the Jobs window.

7.

Create another IP pool named Gatwick IP Pool. Use the Adatum UK logical network, and the Gatwick network site.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-9

8.

From the Fabric workspace, create a Hyper-V Port Profile named Adatum UK Uplink. Use the Hyper-V port load balancing algorithm.

9.

On the Network configuration page, select the Docklands and Gatwick network sites, and enable Hyper-V Network-Virtualization.

10. When setup is complete, close the Jobs window. 11. From the Fabric workspace, create a Logical Switch named Adatum UK. Enter the description Adatum production hosts logical switch. Use the default extensions, and use the Adatum UK uplink.

12. Add a Virtual Port using the Medium Bandwidth port classification and the Medium Bandwidth virtual network adapter port profile. 13. When setup is complete, close the Jobs window.

14. From the Fabric workspace, open the properties page for lon-host1.adatum.com, click Hardware, then click the logical network associated with your network card, (this will be connected to External Network). 15. Click the Adatum UK logical network, read the warning about VLANs, click OK, and then click OK again. 16. In the Fabric workspace, click LON-HOST1, click Properties, click Virtual Switches, click New Virtual Switch, and then click New Logical Switch.

17. Notice the error message that displays stating that VMM cannot create a virtual switch without any physical network adapters. At this point, if you have another network card, you can assign the logical switch to a physical adapter. In the error message pop-up window that displays, click OK.

18. In the Properties dialog box, click Hardware, and then scroll down and expand Network adapters. Click your physical network adapter, and note that you can select or clear the adapter for virtual machine placement and management use. Click the Logical network, and on the right under Logical network connectivity, note that you can assign the logical networks and IP subnets. 19. Click Cancel, and then click Yes to close the warning.

Using Virtual Machine Networks for Isolating Networking You can use virtual machine networks to create isolation, which separates network traffic for different customers. The network isolation types are described in the following sections.

Network Virtualization You can use network virtualization to isolate virtual machines from different organizations, even if they share the same Hyper-V host. When you configure network-virtualization, each guest virtual machine has two IP addresses, which include: •

Customer IP address. The customer assigns this IP address to the virtual machine. You can configure this IP address so that communication with the customer's internal network can occur even if the virtual machine is hosted on a Hyper-V server that connects to a separate public IP network. Using the ipconfig command on the virtual machine will return the customer IP address.



Provider IP address. The hosting provider assigns this IP address, which is visible to the hosting provider and to other hosts on the physical network. This IP address is not visible from within the virtual machine.

Note: You can create virtual machine networks after you create a logical network, because they are associated with a logical network. You can have many isolated virtual machine networks using one logical network, but for each logical network you can only have one virtual machine network that does not use isolation.

VLAN Isolation

MCT USE ONLY. STUDENT USE PROHIBITED

8-10 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

VLANs are layer 2 broadcast domains that are created by tagging packets. These tags tell the switches and routers where the packets can travel. VLANs are widely used due to their reliability. However, they do have some limitations that can make running a larger virtualization environment more difficult and costly, and can result in high management overheads.

PVLAN Isolation

PVLANs enable you to separate a VLAN into multiple isolated sub-networks, which are then allocated to different tenants. The PVLAN will share the IP subnet it that the parent VLAN allocates to it. The PVLAN requires a router to communicate with hosts on other PVLANs and with other networks.

Which Isolation for Logical Networks Is Best? The following table is a guide to when you may want to use the different logical network types. Logical network type

When to use

Infrastructure network

VLAN or no isolation

Load balancer, back-end and Internet-facing

PVLAN

Tenant networks

Network virtualization

The table above is a rough guide, because each company differs. In networking, having many options helps to facilitate the best design for a given scenario, application, or customer. For example, you may have a network team who will be configuring most of the virtual networks using their preferred network tools and switch extensions. Note: For an example that requires both network virtualization and VLANs, review the scenario following the end of this topic. To create logical networks with VLAN or PVLAN: 1.

Launch the VMM console, click the Fabric workspace, on the ribbon, click Create, and then click Logical Network.

2.

On the Name page, in the Name text box, type the required network name (such as INTRANET). In the Description text box, type a description, click the required network option—VLAN, PVLAN, or leave the default option (One connected network) selected. Then, if required, click Allow new VM networks created on this logical network to use network virtualization, and then click Next.

3.

On the Network Site page, click Add, and then in the Host groups that can use this network site section, select the host groups that will use this network site, for example All Hosts.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-11

4.

In the Associated VLANs and IP subnets area, click Insert row, and then in the VLAN text box, type a VLAN number, for example 2.

5.

In the IP subnet field, type an IP subnet, for example 172.20.0.0/16, click Next, and then click Finish.

A routable logical network in the VMM console is called One connected network. These logical networks and any network sites can be routed to one another. Configuring VM Networks in VMM Illustrated Overview http://go.microsoft.com/fwlink/?LinkID=386735 Networking in VMM 2012 SP1 – Logical Networks (Part I) http://go.microsoft.com/fwlink/?LinkID=386731

Real-world Issues and Scenarios

A. Datum Corporation (UK) is based in London and has 10 physical sites that mostly consume resources from two small data centers. The infrastructure has been assembled over many years and by many different providers. The chief executive officer and chief information officer have given authorization to set up the two data centers to run Hyper-V with System Center 2012 R2. As part of their long-term vision, the organization wants one or more highly available private clouds that have the ability to run from either data center. Extensive changes and building new sites are not an option. A multi-year virtualization projected has started, and all new systems are required to be virtualized. Those built using Windows 2008 R2 and newer are being virtualized using physical-to-virtual (P2V) migrations. Many servers have the same IP addresses, and to ensure that the customized applications on those can be accessed, Hyper-V network virtualization will be used.

A. Datum uses multiple backup technologies, and the System Center 2012 R2 Operations Manager has a backup VLAN that isolates backup traffic. You discussed virtualizing some file servers, and will want to make sure that these, and possible other servers can access the VLAN to be backed up.

Managing Network Virtualization in VMM In larger VMM environments, you will need to administer a higher number of logical networks, virtual machine networks, and virtual network components. If you have multiple administrators, the potential for error or complexity also increases. Best Practice: In most sections of the VMM console, you can filter the view by entering text in the search field. Keep this feature in mind and apply a good naming convention to all your virtual network components. This will help you and other administrators when you are working with and or troubleshooting virtual networking. This also applies to everything you can label in VMM.

MCT USE ONLY. STUDENT USE PROHIBITED

8-12 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

There are a few considerations that you should be aware of before you start working with virtual machine networks in VMM. As a first step, you should plan your network and document the proposed configurations. You will need to determine if you should implement isolation. You then need to create the underlying logical network components. After you have created your prerequisite logical network, perform the following steps to create a virtual machine network in the VMM console: 1.

Open the VMM console, click the VMs and Services workspace, and then on the ribbon, click Create VM Network.

2.

On the Name page, type the name and description for your VM network, click the drop-down list box, select the logical network, and then click Next.

3.

On the Isolation page, select either Isolate using Hyper-V network-virtualization or No isolation, choose between IPv4 and IPv6 for your VM network and logical network, and then click Next.

4.

On the VM Subnets page, click Add, and in the Name text box, type the name for your VM subnet. In the Subnet text box, type the IP address and mask for your subnet. If necessary, add and remove further subnets, and then click Next.

5.

On the Connectivity page, choose the setting for connecting directly to an additional logical network, and specify whether that connection will use network address translation (NAT). If you have not added a gateway, no option will be available. Review the message, and then click Next.

6.

On the Summary page, review the summary, and then click Finish.

7.

Close the Jobs window.

In a large host or environment, you may want to quickly discover which virtual machines connect to which networks. Rather than investigate each virtual machine individually, you can investigate using the built-in VMM network diagrams. You can review hosts and virtual machine network topology by performing the following steps: 1.

Open the VMM console, and then click the Fabric workspace.

2.

In the Fabric navigation pane, click to expand the host group containing your hosts. In the main section of the console, right-click the host that you want review, and then click View Networking.

3.

On the left, you can select the hosts, host groups, and clouds that you want to include in the diagram. On the ribbon, you can choose to view the following diagrams: o

VM Networks

o

Host Networks

o

Host/VM Networks

o

Network Topology

To delegate access to virtual machine networks, you assign an owner for a virtual machine network, and delegate access to other administrators and self-service users. You can configure access by performing the following steps: 1.

Open the VMM console, click the VMs and Services workspace, and then on the ribbon, click Properties.

2.

On the left, click Access. You can now select an owner and delegate access to the virtual machine network.

If you want to delete a virtual machine network, you must first confirm that there are no dependent resources. You can review dependent resources using these steps:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-13

1.

Open the VMM console, and then click the VMs and Services workspace.

2.

In the VMs and Services navigation pane, click VM Networks on the right, click to highlight a virtual machine network, and then on the ribbon, click View Dependent Resources.

3.

Review the Names and Type of resources. Make a note of them, and then click OK.

4.

To delete other VMM resources that may have dependent resources, you can right-click them. If they have dependent resources, the dependent resource option will display, and clicking on it will display those dependencies.

Adding a Gateway

When you deploy network virtualization, you most likely will want virtual machines to communicate with other virtual machines on other Hyper-V hosts, or with physical machines outside of the virtualization environment. To facilitate this, you must provision a network gateway, which in VMM is configured in the Network Service section of the Fabric workspace. The gateway connects to remote networks using a VPN tunnel. To add a gateway, you must first install its provider software. You can review the list of installed providers by using the following procedure: 1.

Open the VMM console.

2.

Click the Settings workspace, and then in the Settings pane, click Configuration Providers. The lists of providers displays along with information such as Type, Version, Publisher, Manufacturer and Model. The default providers in VMM are: o

Microsoft IP Address Management Provider

o

Microsoft Network Load Balancing (NLB)

o

Microsoft Standards-Based Network Switch Provider

o

Microsoft Windows Server Gateway Provider

The default installation directory for providers is C:\Programs Files\Microsoft System Center 2012 R2 \Virtual Machine Manager\Bin\Configuration Providers. 3.

Confirm that the necessary provider software for the gateway device has been installed and is listed.

For more information about gateway prerequisites and to review the setup steps, refer to: Configuring VM Networks and Gateways in VMM http://go.microsoft.com/fwlink/?LinkID=386734 How to Add a Gateway in VMM in System Center 2012 R2 http://go.microsoft.com/fwlink/?LinkID=386732

Demonstration: Configuring Network Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

8-14 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

In this demonstration, you will see how to configure network virtualization in Windows Server 2012 R2 by using VMM.

Demonstration Steps 1.

In the Virtual Machine Manager console, from the VMs and Services workspace, create a virtual machine network named Adatum North.

2.

Ensure that Adatum UK is selected as the Logical network, and enable Hyper-V network virtualization.

3.

Add the following VM Subnets: o

Subnet name: Adatum Finance

o

Subnet address: 192.168.4.0/24

o

Subnet name: Adatum Engineering

o

Subnet address: 192.168.5.0/24

4.

When setup is complete, close the Jobs window.

5.

In the Virtual Machine Manager console, from the VMs and Services workspace, create a virtual machine network named Adatum South. Ensure that Adatum UK is selected as the Logical network, and enable Hyper-V network virtualization.

6.

Add the following VM Subnets: o

Subnet name: Adatum Warehouse

o

Subnet address: 192.168.4.0/24

o

Subnet name: Adatum Logistics

o

Subnet address: 192.168.5.0/24

7.

When setup is complete, close the Jobs window.

8.

From the VMs and Services workspace, create a virtual machine network IP pool for the Adatum Finance VM Network. Name this pool Adatum Finance VM Network IP Pool.

9.

Ensure the VM subnet is set to Adatum Finance (192.168.4.0/24), and accept the default settings.

10. When setup is complete, close the Jobs window. 11. From the VMs and Services workspace, create a virtual machine network IP pool for the Adatum Finance VM Network. Name this pool Adatum Logistics VM Network IP Pool.

12. Ensure the VM subnet is set to Adatum Logistics (192.168.5.0/24), and accept the default settings. 13. When setup is complete, close the Jobs window.

Windows Server Gateway When you use the Hyper-V virtual switch to implement network virtualization, the switch operates as a router between different Hyper-V hosts in the same infrastructure. Network virtualization policies define how packets are routed from one host to another.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-15

However, when you use network virtualization a virtual switch cannot route to networks outside the Hyper-V server infrastructure. If you do not use network virtualization, you connect the virtual machine to an external switch, and the virtual machine connects to the same networks as the host machine. In a network virtualization scenario, you may have multiple virtual machines running on a Hyper-V host that share the same IP addresses. You also want to be able to move the virtual machine to any host in the network without disrupting network connectivity. You need to be able to connect the virtualized networks to the Internet by using a mechanism that is multitenant-aware so that traffic to external networks is routed correctly to the internal addresses used by the virtual machines.

Windows Server 2012 R2 provides Windows Server Gateway to address this scenario. Windows Server Gateway is a virtual machine-based software router that allows you to route network traffic between the virtual networks on the Hyper-V hosts and the physical networks. This enables the virtual machines to connect to other resources on the internal network and also to connect to external networks such as the Internet. You can implement Windows Server Gateway in three different configurations: •

Multitenant-aware VPN gateway. In this configuration, Windows Server Gateway is configured as a VPN gateway that is aware of the virtual networks that are deployed on the Hyper-V hosts. Deploying the Windows Server Gateway with this configuration means that you can connect to the Windows Server Gateway by using a site-to-site VPN from a remote location, or by configuring individual users with VPN access to the Windows Server Gateway. The Windows Server Gateway operates like any other VPN gateway, whereby it allows the remote users to connect directly to the virtual networks on the Hyper-V servers. The main difference is that the Windows Server Gateway is multitenant-aware, so you can have multiple virtual networks that are located on the same virtual infrastructure, and that have overlapping address spaces. This configuration is useful for organizations that have multiple locations, or multiple business groups that share the same address spaces and must to be able to route traffic to virtual networks. Hosting providers also can use this configuration to provide remote clients direct network access between their on-premises network and the hosted networks.



Multi-tenant aware NAT gateway for Internet access. In this configuration, Windows Server Gateway provides access to the Internet for virtual machines on virtual networks. The Windows Server Gateway is configured as a NAT device, translating addresses that can connect to the Internet to addresses used on the virtual networks. In this configuration, Windows Server Gateway is also multitenantaware, so all virtual networks behind the Windows Server Gateway can connect to the Internet, even if they use overlapping address spaces.



Forwarding gateway for internal physical network access. In this configuration, Windows Server Gateway provides access to internal network resources that are located on physical networks. For example, an organization may have some servers that are still deployed on physical hosts. When configured as a forwarding gateway, Windows Server Gateway enables computers on the virtual networks to connect to those physical hosts.

MCT USE ONLY. STUDENT USE PROHIBITED

8-16 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

Windows Server Gateway is Microsoft’s implementation of a multitenant-aware gateway. Other vendors have also developed similar gateways. For more details about Windows Server Gateway, go to the following link: Windows Server Gateway http://go.microsoft.com/fwlink/?LinkID=386700

You can configure Windows Server Gateway by deploying appropriate Windows Server 2012 R2 roles, and by configuring the network settings by using Windows PowerShell. The high-level steps for implementing Windows Server Gateway are as follows: 1.

Verify that your Hyper-V deployment meets the requirements for the Windows Server Gateway deployment. Although you can deploy a Windows Server Gateway on a host with single network adapter, we recommend that you configure multiple network adapters on the host. You must configure multiple virtual network adapters on the Windows Server Gateway virtual machine. As a best practice, configure the physical and virtual network adapter names to match the intended use for each network.

2.

Install the Remote Access role on the Windows Server Gateway virtual machine, including the Direct Access and VPN (RAS) and Routing role service. Install the required management tools.

3.

On the Hyper-V host running the Windows Server Gateway virtual machine, do the following: a.

Enable the multitenancy mode on the virtual machine network adapter by using the Set-VMNetworkAdapterIsolation cmdlet with the –IsolationMode parameter.

b.

Map the tenant’s routing domains and virtual subnets by using the Add-VmNetworkAdapterRoutingDomainMapping parameter.

c.

Configure the network virtualization settings by using the New-NetVirtualizationProviderAddress, New-NetVirtualizationLookupRecord, and NewNetVirtualizationCustomerRoute cmdlets.

4.

On Windows Server Gateway, configure the IP addresses and network routes for each tenant network.

5.

On the Hyper-V hosts running the tenant virtual machines, configure the network virtualization settings by using the New-NetVirtualizationProviderAddress, New-NetVirtualizationLookupRecord, and New-NetVirtualizationCustomerRoute cmdlets.

When deploying a gateway in VMM, configure a gateway in the Network Service section of the Fabric workspace. The gateway connects to remote networks using a VPN tunnel. To add a gateway, you must first install its provider software. You can review the list of installed providers by using the following procedure: 1.

Open the VMM console.

2.

Click the Settings workspace, and then in the Settings pane, click Configuration Providers. The lists of providers displays along with information such as Type, Version, Publisher, Manufacturer and Model. The default providers in VMM are: o

Microsoft IP Address Management Provider

o

Microsoft Network Load Balancing (NLB)

o

Microsoft Standards-Based Network Switch Provider

o

Microsoft Windows Server Gateway Provider

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-17

The default installation directory for providers is C:\Programs Files\Microsoft System Center 2012 R2 \Virtual Machine Manager\Bin\Configuration Providers. 3.

Confirm that the necessary provider software for the gateway device has been installed and is listed.

For more information about gateway prerequisites and to review the setup steps, refer to: Configuring VM Networks and Gateways in VMM http://go.microsoft.com/fwlink/?LinkID=386734 How to Add a Gateway in VMM in System Center 2012 R2 http://go.microsoft.com/fwlink/?LinkID=386732

Lab A: Network Infrastructure Management Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

8-18 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

One of the reasons that A. Datum Corporation decided to use VMM as its virtualization management solution was that administrators also could use VMM to manage many of the other components that a virtualized environment requires. To manage the virtual environment efficiently, administrators need the ability to manage from within VMM, components such as storage devices and the network infrastructure.

Objectives After completing this lab, you will be able to: •

Implement a network infrastructure.

Lab Setup Estimated Time: 30 Minutes Virtual Machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-VMM1, 20409B-LON-SS1, 20409B-LON-SVR1 User Name: Adatum\Administrator Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin, you must complete the following steps: 1.

On the host computer, start Hyper-V Manager.

2.

In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start. Wait 30 seconds.

3.

Click 20409B-LON-VMM1, in the Actions pane, click Start, and then click Connect. Wait until the virtual machine starts.

4.

Sign in by using the following credentials:

5.

o

User name: Administrator

o

Password: Pa$$w0rd

o

Domain: Adatum

Repeat steps 2 through 4 for 20409B-LON-SS1 and 20409B-LON-SVR1.

Exercise 1: Implementing a Network Infrastructure Scenario

As the virtualization administrator, you have been asked to provide a network virtualization proof-ofconcept for Adatum. You plan to start with four departments that currently have server infrastructure in primary and secondary London data centers. Because departments originate from different companies and consequently have some overlapping IP addresses on their servers, your virtualized network will allow for running virtual machines for any department from any data center. In this exercise, you will prepare a proof of concept for the Adatum London virtual network. You will connect a host server with logical networks, configure network virtualization, and connect virtual machines to a virtual machine network.

The main tasks for this exercise are as follows: 1.

Configure logical networks.

2.

Connect a host server with a logical network.

3.

Configure network virtualization.

4.

Connect virtual machines to a virtual machine network.

 Task 1: Configure logical networks 1.

On LON-VMM1, launch the Virtual Machine Manager console.

2.

Create a logical network named Adatum UK that permits the use of network virtualization.

3.

Create two network Sites that use the All Hosts host group using the following details: a.

Network site name: Docklands

b.

VLAN: 0

c.

IP Subnet: 192.168.1.0/24

d.

Network site name: Gatwick

e.

VLAN: 0

f.

IP Subnet: 192.168.2.0/24

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-19

4.

When setup is complete, close the Jobs window.

5.

From the Fabric workspace, create a new IP Pool named Adatum UK IP Pool. Use the Adatum UK logical network.

6.

Using the Docklands network site and the 192.168.3.0/24 IP subnet, complete the wizard accepting the defaults, and then close the Jobs window.

7.

Create another IP pool named Gatwick IP Pool. Use the Adatum UK logical network, and the Gatwick network site.

8.

From the Fabric workspace, create a Hyper-V Port Profile named Adatum UK Uplink. Use the Hyper-V port load balancing algorithm.

9.

On the Network configuration page, select the Docklands and Gatwick network sites, and enable Hyper-V Network-Virtualization.

10. When setup is complete, close the Jobs window. 11. From the Fabric workspace, create a Logical Switch named Adatum UK. Enter the description Adatum production hosts logical switch. Use the default extensions, and use the Adatum UK uplink.

12. Add a Virtual Port using the Medium Bandwidth port classification and the Medium Bandwidth virtual network adapter port profile. 13. When setup is complete, close the Jobs window.

 Task 2: Connect a host server with a logical network 1.

From the Fabric workspace, open the properties page for lon-host1.adatum.com, click Hardware, then click the logical network associated with your network card, (this will be connected to External Network.)

2.

Click the Adatum UK logical network, read the warning about VLANs, click OK, and then click OK again.

MCT USE ONLY. STUDENT USE PROHIBITED

8-20 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

3.

In the Fabric workspace, click LON-HOST1, click Properties, click Virtual Switches, click New Virtual Switch, and then click New Logical Switch.

4.

Notice the error message that displays stating that VMM cannot create a virtual switch without any physical network adapters. At this point, if you have another network card, you can assign the logical switch to a physical adapter. In the error message pop-up window that displays, click OK.

5.

In the Properties dialog box, click Hardware, and then scroll down and expand Network adapters. Click your physical network adapter, and note that you can select or clear the adapter for virtual machine placement and management use. Click the Logical network, and on the right under Logical network connectivity, note that you can assign the logical networks and IP subnets.

6.

Click Cancel, and then click Yes to close the warning.

 Task 3: Configure network virtualization 1.

In the Virtual Machine Manager console, from the VMs and Services workspace, create a virtual machine network named Adatum North.

2.

Ensure that Adatum UK is selected as the Logical network, and enable Hyper-V network virtualization.

3.

Add the following VM Subnets: o

Subnet name: Adatum Finance

o

Subnet address: 192.168.4.0/24

o

Subnet name: Adatum Engineering

o

Subnet address: 192.168.5.0/24

4.

When setup is complete, close the Jobs window.

5.

In the Virtual Machine Manager console, from the VMs and Services workspace, create a virtual machine network named Adatum South. Ensure that Adatum UK is selected as the Logical network, and enable Hyper-V network virtualization.

6.

Add the following VM Subnets: o

Subnet name: Adatum Warehouse

o

Subnet address: 192.168.4.0/24

o

Subnet name: Adatum Logistics

o

Subnet address: 192.168.5.0/24

7.

When setup is complete, close the Jobs window.

8.

From the VMs and Services workspace, create a virtual machine network IP pool for the Adatum Finance VM Network. Name this pool Adatum Finance VM Network IP Pool.

9.

Ensure the VM subnet is set to Adatum Finance (192.168.4.0/24), and accept the default settings.

10. When setup is complete, close the Jobs window. 11. From the VMs and Services workspace, create a virtual machine network IP pool for the Adatum Finance VM Network. Name this pool Adatum Logistics VM Network IP Pool.

12. Ensure the VM subnet is set to Adatum Logistics (192.168.5.0/24), and accept the default settings. 13. When setup is complete, close the Jobs window.

 Task 4: Connect virtual machines to a virtual machine network

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

1.

In the VMs and Services workspace, edit the properties of 20409B-LON-TEST1, and connect Network Adapter 1 to VM network.

2.

Ensure that Adatum North is selected, and ensure that subnet Adatum Finance is selected.

3.

Edit the properties of 20409B-LON-PROD1, and connect Network Adapter 1 to VM network.

4.

Ensure that Adatum South is selected, and ensure that the subnet Adatum Logistics is selected.

5.

Power on 20409B-LON-TEST1 and 20409B-LON-PROD1.

6.

Connect to 20409B-LON-TEST1, and sign in as Administrator with the password Pa$$word.

7.

Configure the virtual machine to use a dynamically assigned IP address, and then verify that the dynamically assigned IP address is in the range configured for Adatum Finance.

8.

Connect to 20409B-LON-PROD1, and sign in as Administrator with the password Pa$$word.

9.

Configure the virtual machine to use a dynamically assigned IP address, and then verify that the dynamically assigned IP address is in the range configured for Adatum Logistics.

10. Open Windows PowerShell, and use the ping command to verify that LON-PROD1 cannot communicate with LON-TEST1. 11. Use the Virtual Machine Manager console to shut down LON-TEST1 and LON-PROD1.

8-21

Results: After completing this exercise, you should have created and configured a new virtual network, configured network virtualization, and connected virtual machines to a virtual machine network.

Lesson 2

Managing Storage Infrastructure

MCT USE ONLY. STUDENT USE PROHIBITED

8-22 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

This lesson describes how to manage a storage infrastructure in VMM. VMM can use three different types of storage: Fibre Channel, iSCSI, and file share. The lesson explains how to implement and deploy these different types of storage, and the considerations that you need to be aware of before you implement highly available storage.

Lesson Objectives After completing this lesson, you will be able to: •

Describe storage options for server virtualization.



Describe how to implement block storage.



Describe how to implement file storage.



Deploy storage in VMM.



Deploy block storage in VMM.



Explain how to manage storage in VMM.



Deploy and manage storage in VMM.

Storage Options for Server Virtualization A key factor when provisioning virtual machines is ensuring that the underlying storage infrastructure is reliable and can provide sufficient performance. This includes managing peak utilization times, such as during backups, antivirus sweeps, and multiple, concurrent virtual machine startups. Storage is one of the more complicated and costly resources to manage in virtualization projects. Therefore, you should design storage solutions that have the flexibility to scale up and meet future growth, but not overprovision capacity. Windows Server 2012 R2 builds upon, and introduces new storage options for virtualization, which enables small to midsize companies to utilize highly available storage solutions. These solutions were historically available only by investing in storage area network (SAN) technologies or non-Microsoft software.

When planning a virtualization environment, the .vhdx file type performance can affect the virtual machine’s performance. Servers that you otherwise provision with random access memory (RAM) and processor capacity can still experience unsatisfactory performance if you misconfigure the storage system or if it becomes overwhelmed with traffic. Therefore, you should ensure that the storage design provides adequate performance, and that your design includes a plan for monitoring storage for availability and performance.

Consider the following factors when planning the storage options.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-23



Storage connectivity. You can locate .vhd or .vhdx files on local or remote storage. When you locate these files on remote storage, you must ensure that there is adequate bandwidth and minimal latency between the host and the remote storage. Slow network connections to storage, or connections where there is latency, result in poor virtual machine performance.



Storage redundancy. The volume that the .vhdx files are stored on should be fault tolerant. This should apply whether the .vhdx file is stored on a local disk, or on a remote SAN device. Hard disks often fail. Therefore, the virtual machine and the Windows Server 2012 Hyper-V host should remain in operation after a disk failure. Replacement of failed disks should not affect Hyper-V host or virtual machine operations.



Storage performance. The storage device where .vhdx files are stored should have excellent I/O characteristics. Many enterprises use solid-state drive (SSD) hybrid drives in a redundant array of independent disk (RAID) 1+0 arrays. This helps with achieving maximum performance and redundancy, particularly when multiple virtual machines are running simultaneously on the same storage. However, this can place a tremendous I/O burden on a disk subsystem, so you need to ensure that you select high performance storage. Otherwise, your virtual machine performance may suffer. The assessment and planning tool measures I/O, and its output can assist in storage planning.



Storage capacity. If you configure .vhdx files to grow automatically, it is important that there is adequate space in which these files can grow. Additionally, you need to monitor growth carefully so that you experience no service disruptions if a .vhdx file consumes all available space.



Data protection. Consider the performance of your backup solution, its impact on your storage design, and the amount of data virtual machines will host. Review existing data, and ensure that you will be able to back up required virtual machines and their storage within an acceptable timeframe.



Flexible storage options. Hyper-V offers flexible storage options include most of the options that Windows Server supports, such as locally attached storage (for example, Serial Advanced Technology Attachment (SATA), SCSI, and SSD). Hyper-V supports remotely connected Fibre Channel, iSCSI, and Serial Attached SCSI storage. Hyper-V also supports running virtual machines in file shares using the Server Message Block (SMB) 3.0 protocol. Shared .vhdx files allow guest virtual machines to be clustered without needing iSCSI or Fibre Channel SANs. Hyper-V and VMM support live migration outside of a clustered environment, sometimes referred to as shared-nothing live migration.

Note: When selecting your virtualization storage options, closely examine all the features and components that you plan to use. Carefully review the prerequisites of each technology to ensure compatibility. For example, if you are planning to use the Windows Server 2012 R2 .odx feature for virtual machine SAN transfers, you cannot have Windows Server Data Deduplication or BitLocker Drive Encryption enabled. •

Storage availability. Using VMM, you can manage both block storage and file storage for deploying and storing your virtual machines. You can do this by using Windows Storage Management API deployment.

The following topics will discuss the various storage types in more detail.

Implementing Block Storage Fibre Channel Each Fibre Channel SAN is different. Some SANs have built-in features such as storage tiering, thin provisioning, volume snapshots, and volume replication. If you are designing a Fibre Channel SAN for high availability, you should consider the following factors:

MCT USE ONLY. STUDENT USE PROHIBITED

8-24 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager



The hosts should have multiple physical Fibre Channel host bus adaptors (HBAs). You should install multiple SAN switches and storage controllers, and then enable multipath I/O in your Windows Server operating system. Given the throughput and capacity capabilities of modern Hyper-V host servers, it is possible to build clusters that can outperform many small to mid-range SANs, if you plan carefully, and plan for circumstances such as planned shutdown. Consider what may happen if someone tried to start several hundred virtual machines simultaneously. Would the SAN controllers manage this, and how would the hosts behave?



With Virtual Fibre Channel adapters, you can now access Fibre Channel SANs directly from the Hyper-V host’s guest operating system. Virtual Fibre Channel adapters in Hyper-V are virtual hardware components that you can add to a virtual machine, which enable the adapters to access Fibre Channel storage on SANs. To deploy a virtual Fibre Channel adapter: o

You must configure the Hyper-V host with a Fibre Channel HBA.

o

The Fibre Channel HBA must have a driver that supports Virtual Fibre Channel.

o

The virtual machine must support virtual machine extensions.

Virtual Fibre Channel adapters support port virtualization by exposing HBA ports in the guest operating system. This allows the virtual machine to access the SAN by using a standard World Wide Name (WWN) associated with the virtual machine.

Hyper-V supports multipath I/O (MPIO) to provide highly available access to the logical unit numbers (LUNs) that have been exposed to the host. With Virtual Fibre Channel adapters, you can provide access to LUNs directly from virtual machines that also support MPIO. You can use a combination of both in your virtualization environment. iSCSI

A less expensive and simpler way to configure a connection to remote disks is to use iSCSI storage. Many application requirements dictate that remote storage connections must be redundant in nature for fault tolerance or high availability. Additionally, many companies already have fault-tolerant networks that make it less expensive to retain redundancy compared to using SANs. When designing your iSCSI storage solution, you should consider the following: •

Deploy the iSCSI solution on at least a 1 gigabyte per second (Gbps) network. Review specific features that you intend to use, and ensure that all of your hardware can support these features.



Have a high availability design. This is crucial for your network infrastructure, because network devices and components conduct the transfer of data from servers to iSCSI storage.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-25



Design an appropriate security strategy for your iSCSI storage solution.



Involve all relevant teams in the storage implementation, and confirm whether storage deployment automation will be possible for virtualization administrators and application administrators.

iSCSI is a protocol that supports access to remote SCSI–based storage devices over a TCP/IP network. iSCSI carries standard small computer system interface (SCSI) commands over IP networks to facilitate data transfers over intranets, and to manage storage over long distances. You can use iSCSI to transmit data over local area networks (LANs), wide area networks (WANs), or even over the Internet.

iSCSI relies on standard Ethernet networking architecture. Whether you want to utilize specialized hardware, such as HBA or network switches, is optional. iSCSI uses TCP/IP (typically, Transmission Control Protocol (TCP) port 3260). This means that iSCSI enables two hosts to negotiate tasks, such as session establishment, flow control, or packet size, and then exchange SCSI commands by using an existing Ethernet network. iSCSI uses a commonly used, high performance, local storage-bus subsystem architecture, which it emulates over LANs and WANs, thereby creating a SAN. Unlike Fibre Channel SAN technologies, iSCSI requires no specialized cabling. You can run it over the existing switching and IP infrastructure. However, as a best practice, you can increase the performance of an iSCSI SAN deployment by operating it on a dedicated network or subnet. Note: Although you can use a standard Ethernet network adapter to connect the server to the iSCSI storage device, you also can use dedicated iSCSI HBAs. An iSCSI SAN deployment includes the following: •

TCP/IP network. You can use standard network-interface adapters and Ethernet protocol network switches to connect the servers to the storage device. To provide sufficient performance, the network should provide speeds of at least 1 Gbps, and for redundancy, multiple paths to the iSCSI target. As a best practice, use a dedicated physical network. For high bandwidth adapters and switches, you can use converged logical network with Quality of Service to achieve fast, reliable throughput.



iSCSI targets. iSCSI target are used to present the storage, similar to controllers for hard-disk drives of locally attached storage. However, you access this storage over a network, instead of accessing it locally. Many storage vendors implement hardware-level iSCSI targets as part of their storage device’s hardware. Other devices or appliances, such as Windows Storage Server 2012 devices, implement iSCSI targets by using a software driver and at least one Ethernet adapter. Windows Server 2012 provides the iSCSI target server, which is a role service that acts a driver for the iSCSI protocol.



iSCSI initiators. The iSCSI target displays storage to the iSCSI initiator, or client, which acts as a local disk controller for the remote disks. Windows Server 2008 and newer Windows Server versions include the iSCSI initiator, and can connect to iSCSI targets. Windows 7 and newer Windows client operating systems also include the iSCSI initiator.



iSCSI qualified name. iSCSI qualified names are unique identifiers for initiators and targets on an iSCSI network. When you configure an iSCSI target, you must configure the iSCSI qualified name for the iSCSI initiators that will connect to it. iSCSI initiators also use iSCSI qualified names to connect to the iSCSI targets. However, if name resolution on the iSCSI network is a possible issue, you can identify iSCSI endpoints (both target and initiator) by their IP addresses.

VMM can manage and deploy block storage for your virtualization environment, which can be especially useful if you plan to build a private cloud or plan to delegate virtualization deployment rights. This is discussed in more detail later in the lesson in the Managing Storage in Virtual Machine Manager topic.

Implementing File Storage SMB 3.0 SMB file share provides an alternative to storing virtual machine files on iSCSI or Fibre Channel SAN devices. Hyper-V supports storing virtual machine data, such as virtual machine configuration files, snapshots, and .vhd files, on SMB 3.0 file shares. If you opt to implement SMB file shares, consider the following:

MCT USE ONLY. STUDENT USE PROHIBITED

8-26 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager



The file share must support SMB 3.0, which limits placement of .vhdx files to file servers that are running a Windows Server 2012 host. Versions of Windows Server prior to Windows Server 2012 do not support SMB 3.0.



You must ensure that network connectivity to the file share is 1 gigabyte (GB) or more.



When creating a virtual machine in Hyper-V on Windows Server 2012, you can specify a network share when you select the virtual machine location and virtual hard disk location. You also can attach disks stored on SMB 3.0 file shares. You can use both .vhd and .vhdx disk types with SMB file shares.

Note: Hyper-V over SMB assigns the computer account permissions on the share, so you can configure it only in an Active Directory Domain Service (AD DS) environment. The VMM service account requires administrative permissions on the file server, which must be assigned outside of VMM. The new SMB protocol in Windows Server 2012 includes the following features: •

SMB transparent failover. The SMB protocol has the built-in ability to manage failure so that the client and server can coordinate a transparent move that allows continued access to resources with only a minor I/O delay. This ensures that there is no failure for applications.



SMB scale-out. You can use the SMB scale-out feature to access shares through multiple cluster nodes by using Cluster Shared Volumes (CSVs). By using this feature, you can balance loads across a cluster.



SMB Direct (SMB or Remote Direct Memory Access (RDMA)). Formerly seen only on highperformance computing scenarios, SMB Direct is available now in Window Server 2012. SMB Direct allows an RDMA–enabled network interface to perform file transfers by using technology onboard the network interface, without the operating system intervening.



SMB Multichannel. SMB Multichannel, which is enabled automatically, enables SMB to detect a network’s configuration. For example, if it detects that two network interfaces are configured and teamed on the client and server, SMB can make use of all available bandwidth.



SMB encryption. SMB encryption allows for encryption without the need for (IPsec. You can configure SMB encryption per share or at the server level. Previous versions of SMB clients cannot connect to encrypted shares or servers.



VSS for SMB file shares. Volume Shadow Copy Services (VSS) is enhanced to allow snapshots at the share level. Remote file shares act as a provider and integrate with a backup infrastructure.



SQL Server over SMB. You can store Microsoft SQL Server databases on SMB 3.0 shares, which could allow for infrastructure consolidation.

NFS

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-27

Network file system (NFS) is a file-sharing solution that uses the NFS protocol, and which enables you to transfer files between computers that are running Windows Server 2012 and other non-Windows computers.

Windows Server 2012 includes an updated NFS stack, which enables it to provide transparent failover to NFS clients by using continuously available NFS shares. You can use NFS as storage for VMware virtual machines. However, NFS is not an option for Hyper-V storage.

Deploying Storage in VMM Storage Array Settings After you have added a storage array, you can choose how your SAN will allocate and provision new storage. The following logical unit allocation and deployment methods are for VMM: •

Snapshots. With this method, the SAN creates a writable snapshot of an existing logical unit. This is the fastest deployment method with the least storage cost.



Cloning. With this method, the SAN creates an independent copy of an existent logical unit. This is a slower method, and the new unit is equal in size to the one that has been cloned.

Note: Each method must be supported by the storage array, and may require a license from the storage vendor. To configure the allocation method for a storage array, complete the following procedure: 1.

Launch the VMM console, and then click the Fabric workspace.

2.

In the Fabric navigation pane, click and expand Storage, and then click Arrays.

3.

Right-click the storage array you want to update, and in the storage array Properties dialog box, click Settings. You can then click either Use snapshots or Clone logical units. Only the supported storage method will be made available.

Provisioning Storage Logical Units

You can create and manage storage logical units within the VMM console. To create a new storage logical unit, use the following procedure: 1.

Launch the VMM console, and then click the Fabric workspace.

2.

On the ribbon, click Create Logical Unit.

3.

Click the storage pool drop-down list box, and then click an available storage pool.

4.

Confirm there is enough capacity, enter a name and optionally a description, type the size in gigabytes, or click to use the arrows to select a size, and then click OK.

5.

To view the new logical unit, click Classifications and Pools.

MCT USE ONLY. STUDENT USE PROHIBITED

8-28 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

If you allocate a storage pool to a host group, you can also create and assign logical units directly from managed Hyper-V hosts in the host group.

Demonstration: Deploying Block Storage in VMM In this demonstration you will see how to: •

Add a storage provider.



Deploy block storage.

Demonstration Steps Add an iSCSI storage provider 1.

On LON-VMM1, add a storage provider, and select SAN and NAS devices discovered and managed by a SMI-S provider.

2.

Click the Protocol drop-down list box, and then click SMI-S WMI.

3.

In the Provider IP address or FQDN: text box, type lon-ss1.adatum.com, and then click Browse.

4.

Create a Run As account with the following settings: o

Name: StorageAdmin

o

User name: Adatum\Administrator

o

Password: Pa$$w0rd

o

Confirm password: Pa$$w0rd

5.

Use the StorageAdmin Run As account to create classifications, one named Gold with a description of 15K SAS Drives, and another named Silver with a description of 7K SATA Drives.

6.

Select the iSCSITarget: LON-SS1:C, check box, and from the Classification drop-down list box, click Silver.

7.

Select the iSCSITarget: LON-SS1:E check box. From the Classification drop-down list box, click Gold, and then click Next.

8.

On the Summary page, click Finish.

9.

Close the Jobs window.

Deploy Block Storage • In the Fabric workspace, create a Logical Unit using iSCSITarget: LON-SS1:E named LON-APP1_C. Set the size to 20 GB.

Managing Storage in VMM Managing Host Storage VMM is aware of the storage that is attached to Hyper-V hosts. When VMM makes virtual machine placement calculations, it can calculate the amount of free storage on the associated host disks. Note: Updating the Hosts When you add storage to a virtualization host, VMM will not discover it until you refresh the host. To work with newly added storage immediately, you can perform a manual refresh on the virtualization host.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-29

To see and work with host storage, right-click a host, and then from the Properties dialog box, click Storage. In the Storage area, you will see areas for each disk subsystem type. If they are present, you can expand, review, or configure them.

Managing Storage Arrays

Through the VMM console, you can discover, classify, and provision remote storage on supported storage arrays. VMM fully automates storage assignment to a Hyper-V host or Hyper-V host cluster, and then tracks any storage that it manages. To enable new storage features, VMM uses the new Storage Management Service feature to communicate with external arrays through a SMI-S provider.

By default, the Storage Management Service installs during the VMM installation. To manage storage, you must install a supported SMI-S provider on an available server, and then add the provider to VMM.

Storage Overview Display

To display the storage overview, in the Fabric workspace, click Storage, and then on the ribbon, click Overview. As your virtual data center grows, the overview displays what the data center is provisioning, and what resources continue to remain available. You must complete the following steps to discover, classify, and assign storage through VMM: 1.

For a supported storage array, obtain a Storage Management Initiative Specification (SMI-S) storage provider from your storage array vendor, and then install the SMI-S storage provider on an available server as instructed by your storage vendor.

2.

From the VMM console, in the storage node, connect to the SMI-S storage provider to discover and classify the storage. Connect to the provider by using either the IPv4 address or the fully qualified domain name (FQDN).

3.

Classify storage. Classifying storage entails assigning a meaningful classification to storage pools. For example, you may assign a classification of GOLD to a storage pool that resides on the fastest, most redundant storage array. This enables you to assign and use storage-based classification without actually knowing its hardware characteristics.

4.

Create logical units. In the storage node, you optionally can create logical units from a managed storage pool.

5.

From either the VMM console storage node or the target host group’s Properties dialog box, allocate either precreated logical units or storage pools to specific host groups. If you allocate storage pools, you can create and assign logical units directly from managed hosts in the host group that can access

MCT USE ONLY. STUDENT USE PROHIBITED

8-30 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

the storage array. Additionally, if you use rapid provisioning to provision virtual machines by using SAN snapshots or cloning, VMM can create logical units from the storage pool automatically. 6.

In the Virtual Machine Manager console, from either the host or host cluster Properties dialog box, assign logical units from the host group to specific Hyper-V hosts or to Hyper-V host clusters, as shared CSV or available storage. If you allocated a storage pool to a host group, you can create and optionally assign logical units directly from a host or host cluster’s Properties dialog box. If the storage array supports iSCSI host connectivity, you can create iSCSI sessions to the storage array from a host’s Properties dialog box.

For a list of Supported Storage Arrays, go to: Configuring Storage in VMM http://go.microsoft.com/fwlink/?LinkID=285283

Assigning Storage to Host Groups

You can assign storage pools to host groups, and using host groups you can define logical groups of physical computing resources. These groups can help VMM and administrators determine placement for deploying new virtual workloads. For example, you could create some host groups and assign storage pools with classifications as shown in the following table. Host group name

Storage classification

Storage type

Host server CPU

Tier 1

Platinum

SSDs

3.6 gigahertz (GHz)

Tier 2

Gold

Serial Attached SCSI 15,000 rotations per minute (RPM)

3.0 GHz

Tier 3

Silver

Serial Attached SCSI 10,000 RPM

2.4 GHz

Tier 4

Bronze

Serial ATA (SATA) 7,200 RPM

2.0 GHz

To add storage to a host group, you must perform the following steps: 1.

Right-click the host group, and then click Properties.

2.

Click Storage, and then either click Allocate Storage Pools, or click Allocate Logical Units.

3.

Add storage as required.

Note: The iSCSI Target SMI-S Provider for Windows Server is located at either of the following locations: •

The System Center Virtual Machine Manager 2012 Service Pack 1 (SP1) Installation CD in path:\amd64\Setup\msi\iSCSITargetSMISProvider.msi



The VMM server at %systemdrive%\Program Files\Microsoft System Center 2012\Virtual Machine Manager\setup\msi\iSCSITargetProv\iSCSITargetSMISProvider.msi

Demonstration: Deploying and Managing Storage in VMM In this demonstration, you will see how to: •

Use VMM to review and configure storage for virtualization hosts.



Add classifications to storage.



Add storage providers.

Demonstration Steps Add file storage to VMM 1. On LON-VMM1, in the Virtual Machine Manager console, add a storage device provider.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-31

2.

On the Select Provider Type page, click Windows-based file server, and then click Next.

3.

In the Provider IP address or FQDN text box, type lon-svr1.adatum.com, and then click Browse.

4.

On the Select a Run As account page, click Administrator, and then click OK.

5.

Complete the wizard, accepting the default settings. Click Finish, and then close the Jobs window.

Create file shares from within the Virtual Machine Manager console 1.

On LON-VMM1, click Fabric, and on the ribbon, click Create File Share.

2.

On the Create File Share page, in the Name text box, type SVR1, click the Classification drop-down list box, and then click Gold. In the Local path text box, type c:\SVR1_Gold, and then click Create.

Assign storage to the host server 1. On LON-VMM1, click Fabric, click All Hosts, click lon-host1.adatum.com, and then on the ribbon, click Properties. 2.

Click Host Access, and then click Browse.

3.

Click StorageAdmin, and then click OK twice.

4.

On the lon-host1.adatum.com Properties page, click Storage.

5.

On the Storage page, click Add, and then click Add File Share. Click the File share path drop-down list box, click \\lon-svr1.adatum.com, and then click OK.

Allocate storage to a host group 1.

On LON-VMM1, click Fabric, and then click Storage.

2.

On the ribbon, click Allocate Capacity, and then click Allocate Storage Pools.

3.

In the Available storage pools section, click iSCSITarget LON-SS1:E:, click Add, click OK, and then click Close.

Lab B: Managing Infrastructure Storage Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

8-32 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

One of the reasons that A. Datum Corporation decided to use VMM as its virtualization management solution was that administrators also could use VMM to manage many of the other components that a virtualized environment requires. To manage the virtual environment efficiently, administrators need this ability to manage components such as storage devices and the network infrastructure, from within VMM.

Objectives After completing this lab, you will be able to Implement a storage infrastructure.

Lab Setup Estimated Time: 25 Minutes Virtual Machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-VMM1, 20409B-LON-SVR1, 20409B-LON-SS1 User Name: Adatum\Administrator Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin, you must complete the following steps: 1.

On the host computer, start Hyper-V Manager.

2.

Verify that the following virtual machines are still running. If they are not, perform steps 3 through 6. o

20409B-LON-DC1

o

20409B-LON-VMM1

o

20409B-LON-SS1

o

20409B-LON-SVR1

3.

In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start. Wait 30 seconds.

4.

Click 20409B-LON-VMM1, in the Actions pane, click Start, and then click Connect. Wait until the virtual machine starts.

5.

Sign in by using the following credentials:

6.

o

User name: Administrator

o

Password: Pa$$w0rd

o

Domain: Adatum

Repeat steps 3 and 4 for 20409B-LON-SS1 and 20409B-LON-SVR1.

Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines at the end of this lab.

Exercise 1: Implementing a Storage Infrastructure Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-33

As part of the A. Datum Corporation United Kingdom proof-of-concept deployment, you will be testing virtual machine storage using Window Server iSCSI storage and Windows Server file shares. You will also review how to add and classify storage, and then deploy and allocate storage. The main tasks for this exercise are as follows: 1.

Install the SMI-S storage provider.

2.

Deploy block storage.

3.

Add file storage to VMM.

4.

Assign and allocate storage.

 Task 1: Install the SMI-S storage provider 1.

On LON-VMM1, in the Virtual Machine Manager console, on the ribbon, click PowerShell.

2.

Wait until the Windows PowerShell prompt opens, and then type the following Windows PowerShell command: $Cred = Get-Credential

3.

In the Windows PowerShell credential request dialog box, in the User name text box, type adatum\administrator, in the Password text box, type Pa$$w0rd, and then click OK.

4.

In the Windows PowerShell window, type the following Windows PowerShell script:

$Runas = New-SCRunAsAccount –Name “iSCSIRunas” –Credential $Cred Add-SCStorageProvider -Name "Microsoft iSCSI Target Provider" -RunAsAccount $Runas ComputerName "LON-SS1.adatum.com" –AddSmisWmiProvider

 Task 2: Deploy block storage 1.

On LON-VMM1, in the Virtual Machine Manager console, click Fabric, right-click Storage, and then click Add Storage Devices.

2.

On the Select Provider Type page, click SAN and NAS devices discovered and managed by a SMI-S provider, and then click Next.

3.

In the Protocol drop-down list box, click SMI-S WMI. In the Provider IP address or FQDN text box, type lon-ss1.adatum.com, and then click Browse.

4.

On the Select a Run As account page, click iSCSIRunas, and then click OK.

5.

On the Specify Discovery Scope page, click Next.

6.

On the Gather Information page, review the discovery result, and then click Next.

7.

On the Select Storage Devices page, click Create Classification, and in the Name text box, type Gold. In the Description text box, type 15K SAS Drives, and then click Add.

8.

Click Create Classification, and in the Name text box, type Silver. In the description text box, type 7K SATA Drives, and then click Add.

9.

Select the iSCSITarget: LON-SS1:C check box, and then in the Classification drop-down list box, click Silver.

10. Select the iSCSITarget: LON-SS1:E: check box, in the Classification drop-down list box, click Gold, and then click Next.

11. On the Summary page, click Finish, and wait for the job to finish. 12. Close the Jobs window. 13. On LON-VMM1, in the Virtual Machine Manager console, click Fabric. 14. In the Fabric navigation pane, click Storage, and on the ribbon, click Create Logical Unit.

MCT USE ONLY. STUDENT USE PROHIBITED

8-34 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

15. Click the storage pool drop-down list box, and then click iSCSITarget: LON-SS1:E. In the Name text box, type LON-APP1_C, in the Size (GB) text box, clear the existing value, type 20, and then click OK. 16. In the Fabric navigation pane, click Classifications and Pools. Verify that you can now see the new LUN listed.

 Task 3: Add file storage to VMM 1.

On LON-VMM1, in the Virtual Machine Manager console, click Fabric, right-click Storage, and then click Add Storage Devices.

2.

On the Select Provider Type page, click Windows-based file server, and then click Next.

3.

In the Provider IP address or FQDN: field, type lon-svr1.adatum.com, and then click Browse.

4.

On the Select a Run As account page, click Create Run As Account.

5.

In the Name box, type Administrator. In the User name box, type Adatum\Administrator, in the Password and Confirm password boxes, type Pa$$w0rd, and then click OK.

6.

In the Select a Run As Account box, click Administrator, and then click OK.

7.

On the Specify Discovery Scope page, click Next.

8.

On the Gather Information page, review the discovery result, and then click Next.

9.

On the Select Storage Devices page, click Next.

10. On the Summary page, click Finish. 11. Close the Jobs window. 12. On LON-VMM1, click Fabric, and on the ribbon, click Create File Share. 13. Create a file share using the following information: o

Name: SVR1

o

Classification: Gold

o

Path: C:\

 Task 4: Assign and allocate storage 1.

On LON-VMM1, click Fabric, click All Hosts, click lon-host1.adatum.com, and then, on the ribbon, click Properties.

2.

Click Host Access, and then click Browse.

3.

Click Administrator, and then click OK.

4.

Click OK again to accept the changes.

5.

Click lon-host1.adatum.com, and then, on the ribbon, click Properties.

6.

Click Storage, on the Storage page, click Add, and then click Add File Share.

7.

In the File share path drop-down list box, click \\lon-svr1.adatum.com\SVR1_Gold, and then click OK.

8.

On LON-VMM1, from the Fabric workspace, allocate the iSCSITarget LON-SS1:E storage pool.

9.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-35

In the Virtual Machine Manager console, create a new virtual machine using the following details: o

Name: LON-APP1

o

Disk: blank virtual hard disk

o

VM Network: Adatum North

o

VM Subnet: Adatum Finance

10. Deploy the new virtual machine to lon-host1.adatum.com using the virtual machine path C:\Program Files\Microsoft Learning\20409\Drives. (Note: this path may differ on your host.) 11. Confirm that the Create Virtual Machine job completes successfully. 12. Close the Jobs windows. 13. On LON-VMM1, click VMs and Services, click All Hosts, right-click LON-APP1, and then click Migrate Virtual Machine.

14. In the Migrate VM Wizard, on the Select Host page, ensure that lon-host1.adatum.com is selected, and then click Next. 15. On the Select Path page, in the Storage location for VM configuration text box, type \\lon-svr1.adatum.com\SVR1_Gold, click Automatically place all VHDs with the configuration, and then click Next. 16. On the Select Network page, leave the defaults, click Next, and then click Move. 17. Check the job status. 18. Close the Jobs Wwindow.

Results: After completing this exercise, you should have implemented a storage infrastructure.

Lesson 3

Managing Infrastructure Updates As is the case with physically deployed servers and software, if you do not apply software updates to virtual machines and the applications they host, you make your virtually and physically deployed computers more vulnerable to being exploited by attackers inside and outside of your organization. After completing this lesson, students will be able to manage infrastructure updates in Virtual Machine Manager.

Lesson Objectives After completing this lesson, you will be able to: •

Describe infrastructure updates.



Explain how to configure an infrastructure update in VMM.



Plan an update baseline.



Describe the considerations for updating a server.



Explain how to manage infrastructure updates.



Implement infrastructure updates.

What Are Infrastructure Updates? Microsoft provides a number of solutions for deploying software updates and scanning computers for compliance. However, some network clients (such as cluster-based server nodes or other highly available server roles) typically present complexities that can make it difficult and time-consuming to maintain a standard update management process. VMM integrates with Windows Server Update Services (WSUS) to provide on-demand compliance scanning and remediation of servers that comprise an infrastructure. These servers include Hyper V hosts, library servers, Pre-Boot Execution Environment (PXE) servers, and the VMM management server.

MCT USE ONLY. STUDENT USE PROHIBITED

8-36 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

Integrating WSUS with VMM also provides you with the ability to perform orchestrated updates of Hyper-V host clusters. When you remediate a host cluster, VMM places one cluster node at a time in maintenance mode, and then installs the approved updates. For clusters that support live migration, intelligent placement moves virtual machines off the cluster node that you are updating. If a cluster does not support live migration, VMM saves the state of the virtual machines before updating the cluster node. Note: You must have Windows Server 2008 R2 or Windows Server 2012 installed on a Hyper-V cluster node for live migration support.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-37

You can use the Update Server role in VMM to manage more complex update tasks for servers in your private cloud infrastructure. These servers include: •

Hyper-V hosts



Hyper-V clusters



Virtual Machine Manager library servers



PXE servers



VMM management servers



Infrastructure servers

To determine compliance status, the System Center 2012 VMM update compliance function allows you to scan computers managed through VMM against a baseline of approved updates. For any servers that are noncompliant, you can perform update remediation tasks to install missing updates and restart servers, if necessary. You also can use the VMM update compliance functionality to deploy the VMM agent to a non-VMM server, and then use that server in the process of evaluating compliance with baselines.

Configuring Update Management in VMM To configure update management within your VMM environment, use the following process: 1.

Use VMM to manage updates by first enabling update management. You do this either by adding an existing WSUS server to VMM, or by installing a dedicated WSUS server, and then adding the new Update Server to VMM.

2.

Configure and manage update baselines, which specify the set of updates for deployment to a host group, a stand-alone host, a host cluster, or a VMM server.

3.

After you add an Update Server, you can perform the following tasks from within the VMM console: o

Perform on-demand synchronization of WSUS with Windows Update.

o

Configure proxy server name and port settings, which are required for connecting to the Internet for WSUS synchronizations.

o

Specify update classifications to synchronize.

o

Specify products to synchronize.

o

Specify supported languages to synchronize.

4.

After you assign an update baseline, start a scan to determine compliance status. During a compliance scan, WSUS checks each update in the assigned update baseline to determine whether the update is applicable, and if so, whether it is installed on the target server. The target server then reports a compliance status for each update.

5.

Perform an update remediation to bring a managed server or Hyper-V host cluster into compliance. You can choose to remediate all update baselines assigned to a computer, all noncompliant updates in a specific update baseline, or a single update, as necessary.

6.

MCT USE ONLY. STUDENT USE PROHIBITED

8-38 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

Specify which update exemptions will prevent a specific update from being installed on a server. The computer will remain accountable for the assigned baseline, even if you exempt a specific update from being installed.

Planning an Update Baseline After you add a WSUS server to VMM to perform the Update Server role, your next step is to determine which updates you should install on each server within the private cloud infrastructure. VMM adds the updates that you select to an update baseline, against which each server scans. VMM then remediates any server that does not meet the baseline, and installs the missing updates immediately.

After you determine which updates are required for your VMM infrastructure servers, you then need to create a list for VMM to use as a baseline from which to scan against and remediate. VMM uses the update baseline as the list, and you can add or remove updates as necessary.

What Is an Update Baseline? When you synchronize with WSUS, all updates from a specific product and category will display within the VMM console. To specify only the updates necessary for your requirements, you create an update baseline. An update baseline is a set of required updates that are assigned to a scope of infrastructure servers within the private cloud. You can assign an update baseline to the following: •

All hosts within all host groups



Specific host groups



A specific stand-alone server within a host group



A specific host cluster within a host group



Library servers



PXE servers



VMM server



Update Server

Planning for Update Baselines You should consider the following factors carefully when you are planning update baselines: •

If you assign a baseline to a host group, any host or host cluster within that group will be assigned to that baseline. If you move a host to a new host group, WSUS removes the original baseline, and the host will inherit the baseline associated with the new host group.



If you assign a baseline specifically to a stand-alone host or host cluster, the baseline will stay with the object when it moves from one host group to another.



When you first add the Update Server, two built-in update baselines are provided. The Sample Baseline for Critical Updates contains all of the critical updates that synchronize initially, and the Sample Baseline for Security Updates contains all of the security updates that synchronize initially.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-39

If you plan to use these built-in update baselines, you will need to maintain the updates as you perform subsequent synchronization tasks. You also need to assign computers to the baseline before you are able to use the baseline for compliance scanning and remediation.

You can create a new update baseline that contains the updates that you require, in addition to those that you assign to the servers for which you want to maintain update compliance.

Update Server Considerations When you integrate WSUS into the VMM infrastructure you should consider the following factors carefully: •

If you are using a dedicated WSUS server, consider limiting the languages, products, and classifications to only those that are required by the servers that comprise the VMM infrastructure.



If you are using a WSUS server that is shared with a System Center 2012 R2 Configuration Manager environment:



o

You should make WSUS configuration changes only by using Configuration Manager.

o

You should note that for the VMM environment, the synchronization schedule is always on demand.

o

You should create a collection in Configuration Manager of all of the servers for which VMM will manage updates. Exclude this collection from any software update deployments that Configuration Manager deploys.

If you add the WSUS server to VMM, ensure that you clear the Allow Update Server configuration changes check box. You configure this in the VMM console, in the Update Server Properties dialog box.

Managing Infrastructure Updates You can manage the update compliance of any servers that are included in the scope of an update baseline. You can create multiple update baselines and create update exceptions for an individual server, or for multiple servers. Delegated administrators can scan and remediate server compliance, but only the VMM administrator can synchronize VMM with WSUS. The following steps outline the process for managing the infrastructure updates in VMM.

Scanning for Compliance You can scan a server or group of servers for compliance using the VMM console as follows:

MCT USE ONLY. STUDENT USE PROHIBITED

8-40 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

1.

In the VMM console, click the Fabric workspace. On the ribbon, click Compliance, and then in the Fabric pane, click Servers.

2.

In the Managed Computers section, review the compliance status and operational status.

3.

To start a compliance scan, click the server to scan, and then on the ribbon, click Scan. Optionally, you can hold down the Shift key, select multiple servers, and then from the ribbon, click Scan. The Operational status will change to Scanning. When the scan completes, the Compliance status will be updated. Note: If the Scan button is grayed out on the ribbon, then no baseline has been assigned.

Remediating Servers You can remediate servers as follows: 1.

In the VMM console, click the Fabric workspace. On the Fabric navigation pane, click Servers.

2.

Click and select the server or servers for remediation, and then on the ribbon, click Remediate.

3.

On the Update Remediation page, click to select the update baseline or individual updates. Choose if you want servers to restart automatically, and then click Remediation.

Creating Update Exceptions To create update exceptions, use the following procedure: 1.

In the VMM console, click the Fabric workspace. On the Fabric navigation pane, click Servers.

2.

Click and select the server or servers for exception, and then on the ribbon, click Compliance Properties.

3.

On the Compliance Properties page, click Create. Select the updates to exclude, and then click OK.

When remediating Hyper-V clusters, the nodes will be put into maintenance mode and if possible, virtual machines will be live migrated until the upgrade is complete. How to Perform Rolling Updates on a Hyper-V Host Cluster in VMM http://go.microsoft.com/fwlink/?LinkID=386733

Demonstration: Implementing Infrastructure Updates In this demonstration, you will see how to: •

Integrate WSUS and VMM.



Create an update baseline.

Demonstration Steps Integrate WSUS and VMM 1.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-41

On LON-VMM1, in the Virtual Machine Manager console, from the Fabric workspace, expand the Infrastructure node, and then add an Update Server with the following configuration: o

Computer name: LON-WSUS

o

TCP/IP port: 8530

o

User name: Adatum\Administrator

o

Password: Pa$$w0rd

2.

In the Jobs window, select the Add Update Server job. On the Summary and Details tabs, monitor the status of the configuration job.

3.

When the job displays as Completed w/info, close the Jobs window.

Create a Baseline 1.

In the Virtual Machine Manager console, click the Library workspace.

2.

Expand the Update Catalog and Baselines node, and then create a Baseline using the Update Baseline Wizard.

3.

On the General page, in the Name field, type Windows Server 2012 (Demo Baseline), and then click Next.

4.

On the Updates page, click Add.

5.

In the Add Update to Baseline dialog box, create a new baseline called Windows Server 2012. Click the first update, on your keyboard press and hold down the Ctrl and Shift keys, and then press the down arrow key. This will select all the filtered updates, and then click Add.

6.

On the Assignment Scope page, select all of the check boxes, and then click Next.

7.

On the Summary page, review the details, and then click Finish.

8.

When the job displays as Completed, close the Jobs window.

9.

Confirm that the new baseline is available.

Lab C: Infrastructure Updates Management Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

8-42 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

One of the reasons that A. Datum Corporation decided to use VMM as its virtualization management solution was that administrators then could use VMM to manage many of the other components that a virtualized environment requires. In addition, the virtualization management solution should provide a way to apply updates to the Hyper-V servers.

Objectives After completing this lab, you will be able to: •

Manage infrastructure updates.

Lab Setup Estimated Time: 25 minutes Virtual Machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-VMM1, 20409B-LON-SVR1, 20409B-LON-WSUS, 20409B-LON-SS1 User Name: Adatum\Administrator Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin, you must complete the following steps: 1.

On the host computer, start Hyper-V Manager.

2.

Verify that the following virtual machines are still running. If they are not, perform steps 3 to 6. o

20409B-LON-DC1

o

20409B-LON-VMM1

o

20409B-LON-SS1

o

20409B-LON-SVR1

o

20409B-LON-WSUS

3.

In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start. Wait 30 seconds.

4.

Click 20409B-LON-VMM1, in the Actions pane, click Start, and then click Connect. Wait until the virtual machine starts.

5.

Sign in by using the following credentials:

6.

o

User name: Administrator

o

Password: Pa$$w0rd

o

Domain: Adatum

Repeat steps 3 through 4 for 20409B-LON-SS1, 20409B-LON-SVR1, and 20409B-LON-WSUS.

Note: Because you will be using the same virtual machines in the next lab, do not revert the virtual machines at the end of this lab. However, you can shut down all virtual machines after finishing this lab.

Exercise 1: Managing Infrastructure Updates Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-43

In this exercise, you will add an Update Server to the VMM infrastructure. You will configure the Update Baseline, scan for update compliance in VMM, configure update exemption, and verify how to update WSUS settings in VMM. The main tasks for this exercise are as follows: 1.

Integrate Windows Server Update Services (WSUS) with VMM.

2.

Perform a manual synchronization with WSUS from VMM.

3.

Create the update baseline in VMM.

4.

Assign an existing baseline in VMM.

5.

Scan for update compliance in VMM.

 Task 1: Integrate Windows Server Update Services (WSUS) with VMM 1.

In the Virtual Machine Manager console, click the Fabric workspace.

2.

In the navigation pane, expand the Servers node, expand the Infrastructure node, and then click Update Server.

3.

Add an Update Server with the following configuration: o

Computer name: LON-WSUS

o

TCP/IP port: 8530

o

User name: Adatum\Administrator

o

Password: Pa$$w0rd

4.

In the Jobs window, select the Add Update Server job.

5.

Using the Summary and Details tabs, monitor the status of the configuration job.

6.

When the job displays as Completed w/info, close the Jobs window.

 Task 2: Perform a manual synchronization with WSUS from VMM 1.

In the Virtual Machine Manager console, click the Fabric workspace.

2.

In the navigation pane, expand the Servers node, expand Infrastructure, and then click Update Server.

3.

Click Synchronize to synchronize VMM with the WSUS server.

4.

In the Jobs window, select the Synchronize Update Server job.

5.

On the Summary and Details tabs, monitor the status of the configuration job.

6.

When the job displays an error message, close the Jobs window.

Note: An error is expected because there is no Internet connection. However, this will not affect the rest of the lab exercise.

 Task 3: Create the update baseline in VMM

MCT USE ONLY. STUDENT USE PROHIBITED

8-44 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

1.

In the Virtual Machine Manager console, click the Library workspace.

2.

In the navigation pane, expand the Update Catalog and Baselines node, and then click Update Baselines.

3.

Create a Baseline with the name LON Base1 that includes all updates, and assign it to All Hosts and LON-VMM1.Adatum.com.

4.

In the Jobs window, select the Change properties of a baseline job.

5.

On the Summary and Details tabs, monitor the status of the configuration job.

6.

When the job displays as Completed, close the Jobs window.

7.

With the Update Baselines node selected, verify that LON Base1 displays in the Baselines pane with Assignments set to 2.

 Task 4: Assign an existing baseline in VMM 1.

In the Virtual Machine Manager console, click the Library workspace.

2.

In the navigation pane, expand the Update Catalog and Baselines node, and then click Update Baselines.

3.

Open the Properties for LON Base1, and assign LON-WSUS.Adatum.com to it.

4.

Click the Jobs workspace.

5.

Click History, and then select the Change properties of a baseline job.

6.

On the Summary and Details tabs, monitor the status of the configuration job.

7.

When the job displays as Completed, switch back to the Library workspace.

8.

With the Update Baselines node selected, verify that LON Base1 displays in the Baselines pane with Assignments set to 3.

 Task 5: Scan for update compliance in VMM 1.

In the Virtual Machine Manager console, click the Fabric workspace.

2.

In the navigation pane, click the Servers node, and then click Compliance.

3.

Select LON-WSUS.Adatum.com, and then click Scan.

4.

In the Results pane, verify that the Compliance Status lists as Compliant.

Results: After completing this exercise, you should have added and configured an Update Server to manage infrastructure updates.

Module Review and Takeaways Review Questions Question: You have been assigned the responsibility for selecting a storage solution for the Hyper-V virtualization deployment. You are considering several Fibre Channel and iSCSI SANs. What do you need to consider for compatibility with VMM? Question: Which storage types does VMM allows you to integrate with and configure automation for? Question: Before you can configure a virtual machine network, what other network should you configure? Question: You have been advised that a potential compatibility issue exists between a Windows operating system security update and the antivirus software that you are using to protect your Hyper-V hosts. What could you do in VMM to prevent this issue from affecting your Hyper-V hosts?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

8-45

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED 9-1

Module 9

Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager Contents: Module Overview

9-1

Lesson 1: Virtual Machine Management Tasks in VMM

9-2

Lesson 2: Creating, Cloning, and Converting Virtual Machines

9-13

Lesson 3: Overview of Virtual Machine Updating

9-22

Lab: Creating and Managing Virtual Machines by Using System Center 2012 R2 Virtual Machine Manager

9-26

Module Review and Takeaways

9-29

Module Overview

One of the main tasks that administrators can perform with Microsoft System Center 2012 R2 Virtual Machine Manager (VMM) is creating and deploying virtual machines and placing them on physical hosts. You can also use VMM to manage existing virtual machines. This module explains how administrators can use VMM to deploy a new virtual machine in various ways. For example, you can create a virtual machine from the beginning, or by using a stored virtual machine from the VMM library. You can also use VMM to manage virtual disks that virtual machines use, and to create and manage virtual machine checkpoints for restoring virtual machines to specific points in time. This module will describe management tasks on virtual machines, disks, and checkpoints that you can perform in the VMM console. This module also explains how you can use VMM to convert a physical machine to a virtual machine, and how to convert a virtual machine that you built with another platform to a virtual machine that you host in Hyper-V on Windows Server 2012. You will also learn how to clone existing virtual machines to build new ones. Lastly, this module explains how to use VMM to update virtual machines, and how to use the Virtual Machine Servicing Tool for older VMM versions. Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.

Objectives After completing this module, you will be able to: •

Explain virtual machine management tasks in VMM.



Explain how to create, clone, and convert virtual machines.



Describe methods and tools for updating virtual machines.

Lesson 1

Virtual Machine Management Tasks in VMM

MCT USE ONLY. STUDENT USE PROHIBITED

9-2 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager

VMM provides the VMM console that is built on Windows PowerShell. This console is a central utility for managing virtual machines, and you can use it to perform various tasks, such as starting and stopping virtual machines, and modifying their properties. You can perform many tasks in VMM that you typically would perform on virtual machines through Hyper-V Manager. However, with VMM, you can manage virtual machines that reside on several different hosts. Because Hyper-V Manager is built on Windows PowerShell, you can also use Windows PowerShell cmdlets to manage any VMM task that you would manage using the VMM console.

Lesson Objectives After completing this lesson, you will be able to: •

Describe actions for operating and managing virtual machines.



Operate virtual machines.



Describe virtual machine properties.



Describe virtual machine checkpoints.



Create and manage checkpoints.

Actions for Operating and Managing Virtual Machines You can use VMM to manage and operate every virtual machine on a host that the VMM server manages. On each virtual machine, you can perform various actions. You can perform some actions (such as pausing a virtual machine) only when the virtual machine is running. You can perform other actions (such as storing data in the VMM library) only when the virtual machines is shut down. You can also perform some actions (such as configuring network connections) irrespective of the virtual machine’s state. Windows PowerShell 3.0 has equivalent cmdlets for all of the functionality that you can perform through the VMM console.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

The following table lists actions that you can perform on virtual machines both from the VMM console ribbon, or using Windows PowerShell cmdlets. Ribbon option name Create

Description This option has a drop-down list box that you can use to create either a clone or a virtual machine template.

Windows PowerShell equivalent cmdlet New-SCVirtualMachine

Note: You will learn more about cloning and templates in a topic later in this module. Shut Down

Use this option to perform a proper shutdown of a virtual machine’s operating system. Using the Shut Down option is equivalent to performing a shutdown within the guest operating system. We recommend using this method to turn off your production environment virtual machines. This functionality requires that the guest operating system have Integration Services installed.

Power On

This option starts a virtual machine that is stopped, paused, or is in a saved state. When you start a virtual machine that is stopped or turned off, you are initiating an operating system boot, just like when you turn on a physical computer. When you start a virtual machine that is in paused or saved state mode, you resume the virtual machine to the state in which it was when you paused it.

Power Off

This option stops a virtual machine without saving any state information. This action has the same effect on the virtual machine as pulling out the power cord on a physical computer. If you stop a virtual machine in production, you risk losing data because it was not saved, or because of service interruption. In a production environment, you typically use this option only when you cannot perform a proper shutdown. In test environments, you can stop a virtual machine to save time when you are reverting to a checkpoint and data consistency is not an important requirement.

Stop-SCVirtualMachine

with the –Shutdown parameter

Start-SCVirtualMachine

Stop-SCVirtualMachine

with the -Force parameter

9-3

Ribbon option name

Description

Pause

This option stops virtual machine operations temporarily. It suspends execution of a virtual machine, and keeps all virtual machine state in memory. The services that the virtual machine provides become unavailable while the virtual machine is in a paused state. However, VMM retains all data in the virtual machine, including the memory’s contents. You can resume a paused virtual machine quickly, usually within one to two seconds. After you resume a paused virtual machine, all its services return to the states that they were in prior to the paused state. When you pause a virtual machine, the virtual machine does not release the resources that it is using. For example, if a virtual machine is allocated 1 gigabyte (GB) of memory, it will continue to use that memory even while paused. You can pause and resume a virtual machine in test environments to simulate network interruptions.

Resume

Use this option to remove the virtual machine from the Pause state. You can use this option only when a virtual machine is paused. When you use the Resume option, the virtual machine once again becomes fully available.

Reset

This is an immediate operation that acts like a Reset button on a physical machine. Using this option causes the virtual machine to reboot immediately. Similar to the Power Off option, we do not recommend using the Reset option because you risk losing data if it was not saved, or because of service interruption.

Save State

Use this option to suspend a virtual machine for an extended time. In this state, the contents of memory are written to disk into a .vsv file in the same directory as the virtual machine, for long-term storage. The services that the virtual machine provides are unavailable when the virtual machine is in a saved state. You can restart a saved virtual machine quickly. When you restore the virtual machine from the saved state, it returns to the condition that it was in when you saved its state. When a virtual machine is in a saved

Windows PowerShell equivalent cmdlet Suspend-SCVirtualMachine

Resume-SCVirtualMachine

Reset-SCVirtualMachine

Stop-SCVirtualMachine

with the -SaveState parameter.

MCT USE ONLY. STUDENT USE PROHIBITED

9-4 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Ribbon option name

Description

Windows PowerShell equivalent cmdlet

state, the virtual machine releases the resources that it is using. For example, a virtual machine that is allocated 1-GB of memory will release that memory for use by other virtual machines. Saving the state of a virtual machine in a test environment allows you to stop it temporarily and free resources for running another virtual machine. Discard Saved State

Migrate Storage

Use this option to delete the saved state of a virtual machine. When you do this, the .vsv file gets deleted. This is equivalent to stopping a virtual machine. Use this option to migrate a virtual machine’s .vhd files to a new location. When you use this option, the Migrate Virtual Machine Wizard opens.

Stop-SCVirtualMachine

with the –DiscardSavedState parameter Move-SCVirtualMachine

with the –Path parameter

Note: The Migrate Virtual Machine Wizard presents you with several options, which will be discussed more in-depth later in this module. Migrate Virtual Machine

Use this option to migrate a virtual machine between hosts. This is useful when you need to balance workloads between different hosts. This option also starts the Migrate Virtual Machine Wizard.

Store in Library

Use this option to add a virtual machine to a library. When you store a virtual machine in the library, you cannot start it directly. You must first deploy it from the library to a host.

Create Checkpoint

In Hyper-V in Windows Server 2008 and in Windows Server 2012, checkpoints were called snapshots. In Hyper-V in Windows Server 2012 R2, checkpoints have identical functionality to snapshots. When you use this option, you create an .avhd file that contains any subsequent changes, rather than storing them in the original .vhd file. When you revert a virtual machine to the state that it was in when you created the checkpoint, the system deletes the .avhd file. You can make up to 64 checkpoints per virtual machine. However, you should never checkpoint production systems. Failure to manage checkpoints properly can result in serious errors for all virtual machines on the same volume.

Move-SCVirtualMachine

Save-SCVirtualMachine

New-SCVMCheckpoint

9-5

Ribbon option name

Description

Manage Checkpoints

When you click this option, the Virtual Machine Properties dialog box displays in the Checkpoints workspace. From this dialog box, you can create new checkpoints, view the properties of the selected checkpoint, or delete, restore, or revert checkpoints.

Refresh

Use this option to refresh the content of the screen. The screen should periodically refresh as items change, but clicking this option refreshes the content immediately.

Repair

Select this option to open the Repair window, where you can restart a job that failed. You may revert a virtual machine to a previous state if it was checkpointed. (If the virtual machine was not checkpointed, this option will be grayed out.) You can also use the Ignore option, which simply refreshes the virtual machine without attempting to rerun the job. If any one of these actions fails, use the Repair-SCVirtualMachine Windows PowerShell command with the parameters Ignore and Force. This performs a deep cleanup of the virtual machine. The option to perform a deep cleanup is grayed out if a failure has not occurred.

Install Virtual Guest Services

In VMM, Hyper-V integration components and older virtual machine additions are collectively known as Virtual Guest Services. Virtual Guest Services improve virtual machine integration and performance by improving communications between the host and guest operating systems. For example, virtual guest services can add synthetic drivers, and synchronize time between the host and the virtual machines. You can deploy Virtual Guest Services depending on the system level of the host. Normally, this option is grayed out because Virtual Guest Services are part of virtual machine creation. Note: The Refresh, Repair, and Install Virtual Guest Services options appear as icons only (with no text name) on the ribbon. However, when you rightclick a virtual machine, the icons appear in the context menu with text.

Windows PowerShell equivalent cmdlet Set-SCVMCheckpoint

Read-SCVirtualMachine

Repair-SCVirtualMachine

Set-SCVirtualMachine

with the -InstallVirtualizationGuestServices $True parameter and value

MCT USE ONLY. STUDENT USE PROHIBITED

9-6 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Ribbon option name

Description

Connect or View

This option provides a drop-down list box with the following sub-options: Connect via Console, Connect via RDP, and View Networking. You can use the first two sub-options to remote to the virtual machine either through the VMM console’s Virtual Machine Viewer, or through the Remote Desktop Protocol (RDP), if it is enabled on the virtual machine. The View Networking sub-option provides a graphical representation of how the virtual machine is connected to the rest of the network environment. The ribbon contains multiple view options of the network environment, and check boxes to add or remove other virtual machines.

Delete

Use this option to delete the virtual machine permanently, including all files associated with the virtual machine. This option also removes the virtual machine either from the host on which it is deployed, or from the library server on which it is stored. Before this action completes, a confirmation pop-up window displays, asking you to confirm this option.

Properties

Use this option to view information about a virtual machine. If the virtual machine is not running, you can also use this option to make changes to the hardware environment and other select configurations, just as you would when using the Settings option in Hyper-V. Several workspaces in the console tree allow you to observe or make changes to these various configurable items.

Windows PowerShell equivalent cmdlet vmconnect.exe

Remove-SCVirtualMachine

There is no Windows PowerShell cmdlet equivalent for this option. However, you can use the Get-SCVirtualMachine cmdlet in a pipeline to retrieve a particular virtual machine’s information.

Demonstration: Operating Virtual Machines In this demonstration, you will see how to operate a virtual machine.

Demonstration Steps 1.

Sign in to LON-VMM1 as Adatum\Administrator with the password Pa$$w0rd.

2.

On the desktop, on the taskbar, click the VMM console button.

3.

On the Connect To page, click Connect.

4.

In the VMM console, in the lower left workspace, click VMs and Services.

5.

Click the 20409B–LON– SVR1 virtual machine.

9-7

Note: View the ribbon at the top of the console. Notice how this ribbon provides icons and text that enable you to manage a virtual machine. Notice how some of the icons on the ribbon are grayed out or dimmed. This is because this particular virtual machine is turned off, and therefore these functions will not work. 6.

On the ribbon, click Power On. Wait for the virtual machine to turn on, and then start up.

Note: View the various icons and their functionality, including the Power Off, Connect or View, Manage Checkpoints, Properties, and Delete icons. Explore the other icons as time permits. 7.

Shut down the virtual machine, and review the Create icon. Note: View the Home tab, and notice how you can create a new virtual machine with it.

Overview of Virtual Machine Properties Each virtual machine that VMM manages has a set of properties that determine the various attributes and configuration settings of the virtual machine. By editing these properties, you can modify the virtual machine’s hardware configuration, and define the virtual machine’s owner, cost, and other attributes and settings.

MCT USE ONLY. STUDENT USE PROHIBITED

9-8 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager

You can access the virtual machine properties, in the VMM console, by clicking the Virtual Machine tab of the VMs and Services Workspace, and then clicking the Properties icon on the ribbon. Alternatively, you can right-click the virtual machine, and then click Properties. Nodes in the console tree represent various groups of settings, and contain the virtual machine properties. The virtual machine properties are present on the following pages: •

General. On the General page of the virtual machine properties, you can change the name of the virtual machine, define the cost-center property to track resources that the virtual machine allocates, and optionally define the virtual machine tag that you can use for filtering inside the Virtual Machine Manager Administrator Console. On the General page, you can also configure or modify the operating system that is installed inside the virtual machine, associate the virtual machine with a defined cloud, and view information about dates and times when the virtual machine was added, modified, or refreshed.



Status. On the Status page, you can view the status of your virtual machine. You can also view refresher and deployment information, whether there have been any errors, and if the machine is running or stopped. If there are errors, you have the option to copy them.



Hardware Configuration. On this page, you can configure hardware settings for virtual machines. You can configure most of the hardware components of a virtual machine only when the virtual machine is in the stopped state. However, you can modify the Network Adapter configuration when the virtual machine is running.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V® and System Center

Hardware configuration is divided into several nodes, each of which has a set of the following configurable items: o

Cloud Compatibility Profile: You can select the VMware ESX Server, Hyper-V and/or Citrix XenServer profile.

o

General:

o



You can define the number of processors, and even allow migration to a virtual machine host with a different processor version.



You can also define the floppy drives, the COM port configuration, amount of random access memory (RAM), the Video Adapter, including the Microsoft RemoteFX 3D video adapter, and the maximum number of monitors.

Bus Configuration: 

o

You can configure hard drives and CD/DVD drives, including integrated drive electronics (IDE) and small computer system interface (SCSI).

Network Adapters: 

o

9-9

You can define network adapters and their configuration. There is a new option that you can use to connect to Fibre Channel ports in existing storage arrays via a Fibre Channel Adapter. You can therefore use your existing Fibre Channel infrastructure to support virtualized workloads. Support for Fibre Channel in Hyper-V virtual machines provides many features, such as virtual storage area networks (SAN), live migration, and Multipath IO (MPIO).

Advanced: 

You can configure Integration Services to allow operating system shutdown, time synchronization, data exchange, heartbeat, and backup by using the Volume Shadow Copy Service (VSS).



You can use availability to configure a virtual machine as highly available. Note that this requires that you have host clustering configured.



You can use CPU Priority to control which virtual machines get first access to CPU resources when there is contention. A virtual machine with low priority will not be allocated as much processing power as a virtual machine with normal priority.



You can use virtual non-uniform memory access (NUMA), a memory-access optimization method that prevents memory-bandwidth bottlenecks in servers with multiple physical CPUs.



You can use memory weight to ensure that when memory usage on a host is high, virtual machines with a higher priority are allocated memory resources over those with a lower priority.

Note: You also can use these settings from hardware profiles that are precreated and stored in the Library. •

Checkpoints. Use the Checkpoints page to manage virtual machine checkpoints. You can create new checkpoints, remove existing checkpoints, or restore a virtual machine to a specific checkpoint state. (The next topic in this lesson details checkpoints.)



Custom Properties. Use the Custom Properties page in the Virtual Machine Properties to assign as many as 10 custom fields to a virtual machine. Use the custom fields to identify, track, and sort virtual machines by any property, including department, geographic area, or function.

MCT USE ONLY. STUDENT USE PROHIBITED

9-10 Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual Machine Manager



Settings. Use the Settings page to configure quota points for self-service. You can use the VMM selfservice feature to restrict the resource utilization of users by assigning a quota limit. VMM uses the quota points that you define for a virtual machine to calculate how much of the quota it can use when a user starts the virtual machine.



Actions. On the Actions page, you can choose to specify which actions to perform on the virtual machine when Hyper-V on the host starts and stops, which usually happens when rebooting the host machine. You can choose for the virtual machine to start with the host, or require it to start manually after the host is running. You also can choose what action the virtual machine will perform when the physical server shuts down, and whether to disable Performance and Resource Optimization (PRO) for the virtual machine.

Note: PRO has the ability to implement changes automatically, such as migrating virtual machines between hosts for load balancing. When you enable the option to Exclude virtual machine from optimization actions host-level for a virtual machine, any PRO actions that initiate automatically will not affect the virtual machine. PRO is available when you integrate VMM with System Center 2012 R2 Operations Manager. •

Servicing Windows. On the Servicing Windows page, you can manage servicing windows by applying them to the virtual machine. Servicing windows indicate when you can take down the virtual machine for servicing, such as for applying updates. You must first create servicing windows before you can assign them in the virtual machine’s Properties window.



Dependencies. On the Dependencies page, you will see the dependencies that are assigned to virtual machines. Dependencies are resources that are necessary for the virtual machine to operate. These resources can be as virtual hard disk drives, ISO files, and other items.



Validation Errors. The Validation Errors page lists errors tha