Archive

Posts Tagged ‘Hyper-V’

Preparing a VM Server Image for Hyper-V Lab Environment

June 21st, 2012 2 comments

 

Few days back I had to reset my lab environment and first thing I had to do was to create a Windows 2008 R2 Virtual Machine Image.  The purpose was to have a readily configured and to an extend customized windows image which can be just copied whenever I have to create a virtual machine of that OS.  In this post I will describe the high level steps on how I did it.

 Its done is three stages, at first creation of a VM with minimal settings, Installing the base OS and initial configuration, and customizing the image for sysprep.

 Creating a VM is the first step, I don’t want to describe the steps or walk through the Hyper-V new virtual machine wizard, there is enough articles out there for that. Below are the points I did consider while creating the VM.

  • Naming the VM: provide a meaning full name, I used Win2K8R2SP1Template
  • Storage: Store this VM in a separate Folder
  • Network Adapter – Choose “Not Connected”
    • Some time back when I did similar setup, I had issues with hidden cards when  image was used, so I prefer not to have any cards connected to the master image
  • Set Automatic Start and Stop Actions to the VM as per your preference

The second step is to install Windows 2008 R2 and perform initial configuration, use an ISO and start installation of the OS.  Once operating system installation is complete you can perform basic setting you want to give for your image, its purely up to your preference and once completed restart the VM. I did the following settings:

  • Rename Computer Name and Give a description to the server  – E.g.,  WIN2K8R2SP1 – “W2K8R2SP1 Template”
  • From System Properties – Advanced Tab, select “Adjust for Best Performance” Option
  • Configure “Remote Desktop” settings from the Remote tab of the system properties
  • You can Stop + Disable any services which are not needed in your server infrastructure
  • Disable Automatic Update, Opt out from Error Reporting, Opt Out from Customer Experience Program
  • Disable Windows Firewall (do not go and stop the service) from Server Manager – Windows Firewall -  Advanced Security Properties
  • Update the Profile Pic (of the Administrator Account currently logged in)
  • Install updated Hyper-V Integration Services Component  and Restart the VM

Customizing the Desktop Profile for default users:

For all the customization files, create a folder in C Drive and keep those files in there, I have the folder called C:\Data .  Next is some customization to the Windows Profile Desktop, so Download and Install BGInfo . Have a BackGround Image for the Desktop Background ( my Pic is shown below), this can be replaced when the image Is later deployed.

Create a Config file from the BGInfo Tool by choosing the information you want to put on the desktop, I choose the below information for my lab image:

 Set the Background image in BGInfo as seen below

 Now Apply and see the preview, then from File Menu save the configuration as BGInfoConfig.bgi in C:\Data Folder

 Open notepad and create a auto run file named backinfo.cmd and have the below lines in it

CD C:\Data

Bginfo.exe C:\Data\BGInfoConfig.bgi /silent /timer:0

EXIT

 Copy the backinfo.cmd and put it in Startup folder of the Administrator(currently logged on user)

 

Any other customization you have in mind, configure it and next step is to create an answer file for image deployment customization.

Next – On a separate VM, download and  install Windows AIK (Automated Installation Kit).  Copy Install.wim from the source folder under Windows 2008 R2 Install Media (CD/DVD or ISO) to a folder inside VM.  Open Windows System Image Manager from Start Menu and from its file menu choose “Select Windows Image File” and locate Install.wim which was copied to a local folder inside VM. Click on YES when prompted to create a Catalogue file, this step will take some time to complete.

Now click on the Answer File Pane and create a new answer file. From the left pane by right click or drag option add settings to each passes of the OS Deployment, Understand More About Passes of Deployment here.  after its done (with what configurations I wanted to customize the screen looked like below):

The CopyProfile option is used to copy the profile where sysprep will be run as the default windows desktop profile.

 FirstLogonCommands are used to run any scripts when any user is first logged onto the server.

*  Admin password will show here  in plain text so take care of security., in the output xml anyways it will be encrypted. See the xml showing the Admin Password below:

You can read this TechNet Article – to have a basic understanding some useful image deployment options.

Now save the XML from the file menu, name it as Unattend.xml , there will be a validation done automatically, check for any errors.  Warnings can be ignored.

Get this Unattend.xml file and copy it to our Template VM under C:\Data folder, we are now almost done, below are the snapshot of my C:\Data folder and here is a copy of my xml answer file – A Sample XML File

Remove any Attached ISO or Additional VHDs from the VM, Set the memory to static (if you have set dynamic the Export VM will fail in later step)  and then run the Sysprep command as below (all in one line):

%sysprep%\system32\sysprep\sysprep.exe /oobe /shutdown /generalize /unattend:C:\Data\Unattend.xml

 Once sysprep is completed, the VM is shutdown automatically. Now you can Export the VM and keep it in your Templates location. Whenever a new VM is required from this template follow below steps:

  • Import VM using Hyper-V Import Virtual Machine Wizard, locate the folder of the Exported VM
  • Select options as seen below and import the VM
  •  Rename the VM to the desired name of the new VM
  • The VHD is imported to the default VHD location of the Hyper-V Host
    • Rename the VHD and Move the VHD to your Desired Storage Location
    • Update VHD Name and Location in VM Settings Page
  • Update the Desktop Background Image as per your need (its in c:\data\backimage.bmp)
  • Rename the Windows System Name
  • Shutdown VM and Attach to a Network Adapter
  • Start the VM 

                        

  • Your new VM from the Template is ready to use.

I hope this will be of help to someone.

Please drop your comments or feedbacks

Categories: Virtualization Tags: ,

BITPro UG Meet – Windows 2008 R2 Virtualization Jump Start

June 7th, 2012 2 comments

On 2nd Jun 2012, I had the opportunity to attend the Bangalore IT Pro UG Meet, it was a full day session at Microsoft Bangalore, the agenda was “Jump Start to Windows 2008 R2 Virtualization Exam 70-659.  It was a great event, many UG leads and experts around with a great audience. The most important part was it was a fully interactive sessions.  I really appreciate how speakers handle audience queries (it was a almost full house crowd), they took enough time to explain and clarify the doubts even stood back after the sessions to listen to those specific questions from the audience.
I really like such UG Meets, where people dont just listen to the speaker and leave, they communicate with the experts and the Leads taking proper care to listen and answer. Since it was a full day event we had a great luch and coffee breaks too (just to keep you up and running). And finally to note that the event did start on time and was on time end.
 

The technical tracks:

Session Speaker
Windows Server 2008 Virtualization – Part 1
(Hyper-V Fundamentals, Planning, Configurations & Management)
Aresh Sarkari, Technical Architect at Unisys.
Windows Server 2008 Virtualization – Part II
(Hyper-V Architectures, Networking, Storage, Backup & Restore)
Gaurav Anand, Microsoft MVP
Windows Server 2008 Virtualization – Part III
(Hyper-V Security, Best Practices)
Precheta / MS Anand, Microsoft India
Quiz, Q&A, Exam Tips & Tricks Chalk Talk with Industry Expert to clear the Exam-70-659

Session Summary:

First session was an overview of the Hyper-V components and Architecture, then followed by a complete drill down on the architecture and backup restore. Later the third session was on security and best practices.  I would try to summarize all of these together below based on my limited knowledge on Hyper-V.

Hyper-V Hardware Requirements:

    •  X64 Processor with Intel-VT or AMD-V support.
    •  Hardware enforced DEP must be enabled – The Intel XD bit (execute disable bit) or AMD NX bit (no execute bit)

Networking Terminologies:

 Network Adapter: Each VM can be assigned  up to 12  virtual network adapters, out of which 8 of type “Network Adapter” and 4 of “Legacy Network Adapter”.  For better performance of Network Adapters, Integration Service is required.

 MAC Address: You can configure Static or Dynamic MAC Address.  Hyper-V Supports VLAN and you can create unlimited number of Virtual LANs and a maximum of 512 VMs can be assigned to a particular VLAN.

 Network Types: External, Internal and Private – and then Dedicated, for different uses of them check this blog. For making dedicated network you would need to use WMI to configure it. Check here some detailed explanation on  How does basic networking work in Hyper-V  - A Multi Part series on Virtual Networking for Hyper-V 

 

Hardware Devices:

Virtual IDE: There can be upto 4 IDE Devices, Note that your startup disk (the disk where Virtual OS is installed) must be on a IDE device.

Virtual SCSI Device: Maximum of 4 Virtual SCSI Controller, each controller can have  upto 64 disks totaling 256 Virtual SCSI disks. SCSI also require Integration Services to be installed on the Guest OS, probably that is the reason you cannot use SCSI for your startup disk!

HDD:

Virtual Hard Disk: there are three types of VHDs – Fixed, Dynamic, and Differencing, VHDs can be of maximum 2040 GB.

      Fixed: The full capacity of the VHD is allocated at the time of creation(it takes some time to create the disk initially due to this), and this gives better performance.

       Dynamic: The full capacity of the VHD is NOT allocated at the beginning, but the disk is expanded as and when data is added to the disk. This is good in a capacity contraint setup such as Lab or Development, but not for Production.

        Differencing: In this a parent VHD is kept as read only, and all the changed blocks are written as differencing vhds, multiple differencing vhds(child image)  form a diferrencing chain.  You should not make any changes to the Parent VHD and both parent and differencing vhd should be kept on same location.

 Physical Disks:  There are no Virtual limitation on physical disks. Physical Disks are used as pass-through disks, for this the Original Physical disk attached to the Hyper-V host should be Offline (It Means, first initialize the disk, make it online, and then bring it offline).  Physical disks give maximum performance.

 Snapshot:

Snapshots are point in time copy of the Virtual Machine, it is stored in .avhd files.  Hyper-V supports upto 50 Snapshots (be clear that snapshots are not considered backups!).  About Virtual Machine Snapshots in Hyper-V and FAQ on Hyper-V VM Snapshots.

Integration service components:

This is a VM component (or may be drivers) to be installed on the Guest OS, it will enable many features for the better VM performance and Guest to Host Integrations. Below are the components included in Integration Services.

  • Operating System Shutdown (Enables a shutdown function from the Host by using  a WMI Call)
  • Time Synchronization (enables Guest to synchronize time with Host)
  • Data Exchange (I think its called key/value pair, I do not get it clear yet.
  • Heartbeat (Host sends heartbeat requests to see if the VM is responsive or not)
  • Backup (Volume snapshot) – this helps improve backup process

       A quick more info on Integration Services

One thing interesting I noted in the hyper-v console support for virtual floppy drive, its hard to find machines with floppy drives,  so how is this useful – I wonder (mounting iso to a floppy drive ??)

 

Windows Hyper-V Architecture 

Ring Security Model, and where does Hyper-V components fit it:

 

 

Parent(host) Partition and Child(guest) Partition:

The hypervisor manages resources by dividing the system into partitions, hypervisor makes use of two types of partitions:

Parent partition – The parent partition is where the operating system and the Windows Virtualization components reside, there will be only one parent partition. 

Child partition -  A child partition is a virtual machine.  A new child partition is created when you create a new virtual machine.

Partitions are fully isolated.

Did you know: Complete Hyper-V code is of 6MB(or was it KB), cool right?

HyperCall:  Hypercalls are interface used for interacting between the Guest and the Host.

Important files: Vmswitch.sys – driver where the hyper-v switch is implimented and Hvboot.sys -Hypervisor Boot Driver.  Check the excel file provided in my skydrive for a list of files and process, i have got this from google.

VMWP – Virtual Machine Worker Process, each VM running will have a worker process

VMMS – Virtual Machine Management Service, the service running on the host

Backup: No backup is possible on a Paused VM | Snapshot => Called Checkpoint in SCVMM

 

Security Best Practices:

  • Server Core  is better to reduce attack surface.
  • Secure the VHDs
  • Use bitlocker drive encryption to protect resources.
  • Use Hyper-V RBAC (Role Based Access Control)
    • Use Authorization Manager (Azman.msc) to define customized roles
    • RBAC Components: Membership, Profile, Scope, Role
    • AzMan needs an authorization policy data store to define access to role tasks and groups.  Hyper-V uses an xml file named initialstore.xml as the data store.
    • Check out Hyper-V Planning and Deployment guide  – Appendix A – there is a good collection of Roles and Operations required in each Administrative  Tasks.
      • There is even a role for passing CRLT+ALT+DELETE – when would you allow this or block this?? I wonder.
  • File Level Antivirus exclusion: Vmms.exe and Vmwp.exe
  • Do not run any applications in the management operating system—run all applications on virtual machines
  • Use the security level of your virtual machines to determine the security level of your management operating system
  • Do not give virtual machine administrators permissions on the management operating system.
  • Ensure that virtual machines are fully updated before they are deployed in a production environment.

 

Other Best Practices:

  •  Plan for Dynamic Memory
  • There is a Best Practice Analyzer (BPA) available for Hyper-V – Run and review your hyper-v configuration
  • Restrict Number of snapshot chains, and delete not required snapshots, a restart of the VM is required for the files to get deleted from the file system.
  • Avoid Legacy Network Adapters
  • Understand host and guest clustering based on application behaviour and best fit choose the option.
  • Run Cluster Validation Wizard to verify cluster configuration and best practices.
  • Ensure integration services are installed on virtual machines and up to date.
  • Use a dedicated network adapter for the management operating system of the virtualization server. 

 

Exam Notes:

  • Take a tour around Remote Destkop Service (RDS) features
  • Add Remote Desktop Session Host (RD Session Host)  role service
  • Review how authentication works with RDS connections
  • Review connection/sessions options and settings
  • Understanding device CALs for RDS scenarios
  • Configure RD connection authorization policy
  • Failover Clustgering  with R2 & iSCSI initiator
  • Understand iSCSI & logical unit number (LUNs)
  • Enhanced shared storage is a key new feature in R2
  • Ge hands on, build lab with highly available virtual machines (HAVM), utilizing iSCSI LUN technology
  • Once configured and “live”, avoid editing a virtual network, except within Failover Cluster Manager.
  • RSAT (Remote Server Administration Tools)
  • Netsh commands to modify firewall rules
  • Adding VHDs to a SCSI controller whilst VM is hot
  • Leverage Integration Services for optimum performance
  • Learn Hyper-V before SCVMM
  • Remove .avhd snapshot files by shutting down VMs
  • Know when to use VLANs – i.e., security or resources
  • Pass-through disks – to be visible, it must be offline on Host
  • Know when a legacy network adapter is essential
  • Use latest NIC firmware/drivers for TCP Chhimney Offload
  • Understand the folder/file structure behind Hyper -V VMs
  • Focus on New Functionality and new R2 features
  • Do not forget the Hyper-V Powershell cmdlets ( I didnt see any native cmdlets in Hyper 2.0)
  • Learn network types: Private, Internal, External
  • Essentials for Hyper-V to launch – Must Have:
    • Intel XD Bit or AMD NX bit
    • Set in BIOS Settings (some times Advanced BIOS)

Goodies: 

 

 At the end of last session on QnA and Exam tricks, five questions where asked as Quiz and whoever got the answer right first did recieve free 70-659 exam voucher, and my friend Sudeeptha got one.

There are few more free 70-659 exam vouchers to be distributed, and the criteria is to complete virtualization track “Microsoft Virtualization for VMWare Professionals – The Platform” – a cource from MVA  and send the proof(screenshot) of each assessment completion (i guess it can be send to info@bitpro.in – if this is wrong i will update the correct address here).

Our UG Lead Kaliyan did share some further learning materials, which includes few pdfs and video files, i have uploaded them to my skydrive you can dowload them for reference, i couldnt upload the videos as the max file size is 300Mb and the video files are more than 600Mb.

Further Learning:

 

 

Conclusion:

Okey – So, lets get Virtualized* and get certified if you are lucky to have the free coupon or you are ok to pay for the exam :-)

* Virtualize when it makes sense and Dont Virtualize when its stupid to do it. So for your critical applications understanding to be virtualized or not to be virtualized is the key and these sessions and learning will help you do that too.

 

<span style="color: #0000ff;"><em>Keep Learning</em></span>