BITPro UG Meet – Windows 2008 R2 Virtualization Jump Start
The technical tracks:
|Windows Server 2008 Virtualization – Part 1
(Hyper-V Fundamentals, Planning, Configurations & Management)
|Aresh Sarkari, Technical Architect at Unisys.|
|Windows Server 2008 Virtualization – Part II
(Hyper-V Architectures, Networking, Storage, Backup & Restore)
|Gaurav Anand, Microsoft MVP|
|Windows Server 2008 Virtualization – Part III
(Hyper-V Security, Best Practices)
|Precheta / MS Anand, Microsoft India|
|Quiz, Q&A, Exam Tips & Tricks||Chalk Talk with Industry Expert to clear the Exam-70-659|
First session was an overview of the Hyper-V components and Architecture, then followed by a complete drill down on the architecture and backup restore. Later the third session was on security and best practices. I would try to summarize all of these together below based on my limited knowledge on Hyper-V.
Hyper-V Hardware Requirements:
- X64 Processor with Intel-VT or AMD-V support.
- Hardware enforced DEP must be enabled – The Intel XD bit (execute disable bit) or AMD NX bit (no execute bit)
Network Adapter: Each VM can be assigned up to 12 virtual network adapters, out of which 8 of type “Network Adapter” and 4 of “Legacy Network Adapter”. For better performance of Network Adapters, Integration Service is required.
MAC Address: You can configure Static or Dynamic MAC Address. Hyper-V Supports VLAN and you can create unlimited number of Virtual LANs and a maximum of 512 VMs can be assigned to a particular VLAN.
Network Types: External, Internal and Private – and then Dedicated, for different uses of them check this blog. For making dedicated network you would need to use WMI to configure it. Check here some detailed explanation on How does basic networking work in Hyper-V - A Multi Part series on Virtual Networking for Hyper-V
Virtual IDE: There can be upto 4 IDE Devices, Note that your startup disk (the disk where Virtual OS is installed) must be on a IDE device.
Virtual SCSI Device: Maximum of 4 Virtual SCSI Controller, each controller can have upto 64 disks totaling 256 Virtual SCSI disks. SCSI also require Integration Services to be installed on the Guest OS, probably that is the reason you cannot use SCSI for your startup disk!
Virtual Hard Disk: there are three types of VHDs – Fixed, Dynamic, and Differencing, VHDs can be of maximum 2040 GB.
Fixed: The full capacity of the VHD is allocated at the time of creation(it takes some time to create the disk initially due to this), and this gives better performance.
Dynamic: The full capacity of the VHD is NOT allocated at the beginning, but the disk is expanded as and when data is added to the disk. This is good in a capacity contraint setup such as Lab or Development, but not for Production.
Differencing: In this a parent VHD is kept as read only, and all the changed blocks are written as differencing vhds, multiple differencing vhds(child image) form a diferrencing chain. You should not make any changes to the Parent VHD and both parent and differencing vhd should be kept on same location.
Physical Disks: There are no Virtual limitation on physical disks. Physical Disks are used as pass-through disks, for this the Original Physical disk attached to the Hyper-V host should be Offline (It Means, first initialize the disk, make it online, and then bring it offline). Physical disks give maximum performance.
Snapshots are point in time copy of the Virtual Machine, it is stored in .avhd files. Hyper-V supports upto 50 Snapshots (be clear that snapshots are not considered backups!). About Virtual Machine Snapshots in Hyper-V and FAQ on Hyper-V VM Snapshots.
Integration service components:
This is a VM component (or may be drivers) to be installed on the Guest OS, it will enable many features for the better VM performance and Guest to Host Integrations. Below are the components included in Integration Services.
- Operating System Shutdown (Enables a shutdown function from the Host by using a WMI Call)
- Time Synchronization (enables Guest to synchronize time with Host)
- Data Exchange (I think its called key/value pair, I do not get it clear yet.
- Heartbeat (Host sends heartbeat requests to see if the VM is responsive or not)
- Backup (Volume snapshot) – this helps improve backup process
One thing interesting I noted in the hyper-v console support for virtual floppy drive, its hard to find machines with floppy drives, so how is this useful – I wonder (mounting iso to a floppy drive ??)
Windows Hyper-V Architecture
Ring Security Model, and where does Hyper-V components fit it:
Parent(host) Partition and Child(guest) Partition:
The hypervisor manages resources by dividing the system into partitions, hypervisor makes use of two types of partitions:
Parent partition – The parent partition is where the operating system and the Windows Virtualization components reside, there will be only one parent partition.
Child partition - A child partition is a virtual machine. A new child partition is created when you create a new virtual machine.
Partitions are fully isolated.
Did you know: Complete Hyper-V code is of 6MB(or was it KB), cool right?
HyperCall: Hypercalls are interface used for interacting between the Guest and the Host.
Important files: Vmswitch.sys – driver where the hyper-v switch is implimented and Hvboot.sys -Hypervisor Boot Driver. Check the excel file provided in my skydrive for a list of files and process, i have got this from google.
VMWP – Virtual Machine Worker Process, each VM running will have a worker process
VMMS – Virtual Machine Management Service, the service running on the host
Backup: No backup is possible on a Paused VM | Snapshot => Called Checkpoint in SCVMM
Security Best Practices:
- Server Core is better to reduce attack surface.
- Secure the VHDs
- Use bitlocker drive encryption to protect resources.
- Use Hyper-V RBAC (Role Based Access Control)
- Use Authorization Manager (Azman.msc) to define customized roles
- RBAC Components: Membership, Profile, Scope, Role
- AzMan needs an authorization policy data store to define access to role tasks and groups. Hyper-V uses an xml file named initialstore.xml as the data store.
- Check out Hyper-V Planning and Deployment guide – Appendix A – there is a good collection of Roles and Operations required in each Administrative Tasks.
- There is even a role for passing CRLT+ALT+DELETE – when would you allow this or block this?? I wonder.
- File Level Antivirus exclusion: Vmms.exe and Vmwp.exe
- Do not run any applications in the management operating system—run all applications on virtual machines
- Use the security level of your virtual machines to determine the security level of your management operating system
- Do not give virtual machine administrators permissions on the management operating system.
- Ensure that virtual machines are fully updated before they are deployed in a production environment.
Other Best Practices:
- Plan for Dynamic Memory
- There is a Best Practice Analyzer (BPA) available for Hyper-V – Run and review your hyper-v configuration
- Restrict Number of snapshot chains, and delete not required snapshots, a restart of the VM is required for the files to get deleted from the file system.
- Avoid Legacy Network Adapters
- Understand host and guest clustering based on application behaviour and best fit choose the option.
- Run Cluster Validation Wizard to verify cluster configuration and best practices.
- Ensure integration services are installed on virtual machines and up to date.
- Use a dedicated network adapter for the management operating system of the virtualization server.
- Take a tour around Remote Destkop Service (RDS) features
- Add Remote Desktop Session Host (RD Session Host) role service
- Review how authentication works with RDS connections
- Review connection/sessions options and settings
- Understanding device CALs for RDS scenarios
- Configure RD connection authorization policy
- Failover Clustgering with R2 & iSCSI initiator
- Understand iSCSI & logical unit number (LUNs)
- Enhanced shared storage is a key new feature in R2
- Ge hands on, build lab with highly available virtual machines (HAVM), utilizing iSCSI LUN technology
- Once configured and “live”, avoid editing a virtual network, except within Failover Cluster Manager.
- RSAT (Remote Server Administration Tools)
- Netsh commands to modify firewall rules
- Adding VHDs to a SCSI controller whilst VM is hot
- Leverage Integration Services for optimum performance
- Learn Hyper-V before SCVMM
- Remove .avhd snapshot files by shutting down VMs
- Know when to use VLANs – i.e., security or resources
- Pass-through disks – to be visible, it must be offline on Host
- Know when a legacy network adapter is essential
- Use latest NIC firmware/drivers for TCP Chhimney Offload
- Understand the folder/file structure behind Hyper -V VMs
- Focus on New Functionality and new R2 features
- Do not forget the Hyper-V Powershell cmdlets ( I didnt see any native cmdlets in Hyper 2.0)
- Learn network types: Private, Internal, External
- Essentials for Hyper-V to launch – Must Have:
- Intel XD Bit or AMD NX bit
- Set in BIOS Settings (some times Advanced BIOS)
At the end of last session on QnA and Exam tricks, five questions where asked as Quiz and whoever got the answer right first did recieve free 70-659 exam voucher, and my friend Sudeeptha got one.
There are few more free 70-659 exam vouchers to be distributed, and the criteria is to complete virtualization track “Microsoft Virtualization for VMWare Professionals – The Platform” – a cource from MVA and send the proof(screenshot) of each assessment completion (i guess it can be send to firstname.lastname@example.org – if this is wrong i will update the correct address here).
Our UG Lead Kaliyan did share some further learning materials, which includes few pdfs and video files, i have uploaded them to my skydrive you can dowload them for reference, i couldnt upload the videos as the max file size is 300Mb and the video files are more than 600Mb.
- Link to my skydrive: (Only pdfs shared at the event and some more i have collected from internte are available)
- Microsoft Virtual Academy (MVA):
- Virtualization Jump Start Videos: TechNet Video – This contains all the 12 Session Videos of the jumpstart you can view online or download for offline viewing.
- Born to Learn: This site contains information about lots of new events for learning, check it out – there is an event this month on Windows 2012 Jump Start – there is one catch, it all starts 21:30 IST and untill 4:00 in the morning.
- MAP Toolkit for Hyper-V: Microsoft Assessment and Planning Toolkit
- IPD for Virtualization: Infrastructure Planning and Deployment Guide
- Windows Server Virtualization Guide: A Guide for Windows Server Virtualization
- Another Useful Blog: John Howard – Senior Program Manager, Hyper-V team
Okey – So, lets get Virtualized* and get certified if you are lucky to have the free coupon or you are ok to pay for the exam
* Virtualize when it makes sense and Dont Virtualize when its stupid to do it. So for your critical applications understanding to be virtualized or not to be virtualized is the key and these sessions and learning will help you do that too.
<span style="color: #0000ff;"><em>Keep Learning</em></span>