You are on page 1of 640

M I C R O S O F T

20409B

L E A R N I N G

P R O D U C T

MCT USE ONLY. STUDENT USE PROHIBITED

O F F I C I A L

Server Virtualization with Windows Server


Hyper-V and System Center

Server Virtualization with Windows Server Hyper-V and System Center

MCT USE ONLY. STUDENT USE PROHIBITED

ii

Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.

The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
2014 Microsoft Corporation. All rights reserved.
Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty
/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are
property of their respective owners.

Product Number: 20409B


Part Number: X19-32457
Released: 02/2014

MCT USE ONLY. STUDENT USE PROHIBITED

MICROSOFT LICENSE TERMS


MICROSOFT INSTRUCTOR-LED COURSEWARE

These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its
affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which
includes the media on which you received it, if any. These license terms also apply to Trainer Content and any
updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms
apply.
BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS.
IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT.
If you comply with these license terms, you have the rights below for each license you acquire.
1.

DEFINITIONS.

a. Authorized Learning Center means a Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, or such other entity as Microsoft may designate from time to time.

b. Authorized Training Session means the instructor-led training class using Microsoft Instructor-Led
Courseware conducted by a Trainer at or through an Authorized Learning Center.
c.

Classroom Device means one (1) dedicated, secure computer that an Authorized Learning Center owns
or controls that is located at an Authorized Learning Centers training facilities that meets or exceeds the
hardware level specified for the particular Microsoft Instructor-Led Courseware.

d. End User means an individual who is (i) duly enrolled in and attending an Authorized Training Session
or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee.
e. Licensed Content means the content accompanying this agreement which may include the Microsoft
Instructor-Led Courseware or Trainer Content.
f.

Microsoft Certified Trainer or MCT means an individual who is (i) engaged to teach a training session
to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a
Microsoft Certified Trainer under the Microsoft Certification Program.

g. Microsoft Instructor-Led Courseware means the Microsoft-branded instructor-led training course that
educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led
Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware.
h. Microsoft IT Academy Program Member means an active member of the Microsoft IT Academy
Program.
i.

Microsoft Learning Competency Member means an active member of the Microsoft Partner Network
program in good standing that currently holds the Learning Competency status.

j.

MOC means the Official Microsoft Learning Product instructor-led courseware known as Microsoft
Official Course that educates IT professionals and developers on Microsoft technologies.

k. MPN Member means an active Microsoft Partner Network program member in good standing.

MCT USE ONLY. STUDENT USE PROHIBITED

l.

Personal Device means one (1) personal computer, device, workstation or other digital electronic device
that you personally own or control that meets or exceeds the hardware level specified for the particular
Microsoft Instructor-Led Courseware.

m. Private Training Session means the instructor-led training classes provided by MPN Members for
corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware.
These classes are not advertised or promoted to the general public and class attendance is restricted to
individuals employed by or contracted by the corporate customer.
n. Trainer means (i) an academically accredited educator engaged by a Microsoft IT Academy Program
Member to teach an Authorized Training Session, and/or (ii) a MCT.

o. Trainer Content means the trainer version of the Microsoft Instructor-Led Courseware and additional
supplemental content designated solely for Trainers use to teach a training session using the Microsoft
Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer
preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Prerelease course feedback form. To clarify, Trainer Content does not include any software, virtual hard
disks or virtual machines.
2.

USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy
per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed
Content.

2.1

Below are five separate sets of use rights. Only one set of rights apply to you.

a. If you are a Microsoft IT Academy Program Member:


i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User who is enrolled in the Authorized Training Session, and only immediately prior to the
commencement of the Authorized Training Session that is the subject matter of the Microsoft
Instructor-Led Courseware being provided, or
2. provide one (1) End User with the unique redemption code and instructions on how they can
access one (1) digital version of the Microsoft Instructor-Led Courseware, or
3. provide one (1) Trainer with the unique redemption code and instructions on how they can
access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure each End User attending an Authorized Training Session has their own valid licensed
copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training
Session,
v. you will ensure that each End User provided with the hard-copy version of the Microsoft InstructorLed Courseware will be presented with a copy of this agreement and each End User will agree that
their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement
prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required
to denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Authorized Training Session,

MCT USE ONLY. STUDENT USE PROHIBITED

vii. you will only use qualified Trainers who have in-depth knowledge of and experience with the
Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware being taught for
all your Authorized Training Sessions,
viii. you will only deliver a maximum of 15 hours of training per week for each Authorized Training
Session that uses a MOC title, and
ix. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer resources
for the Microsoft Instructor-Led Courseware.

b. If you are a Microsoft Learning Competency Member:


i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User attending the Authorized Training Session and only immediately prior to the
commencement of the Authorized Training Session that is the subject matter of the Microsoft
Instructor-Led Courseware provided, or
2. provide one (1) End User attending the Authorized Training Session with the unique redemption
code and instructions on how they can access one (1) digital version of the Microsoft InstructorLed Courseware, or
3. you will provide one (1) Trainer with the unique redemption code and instructions on how they
can access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure that each End User attending an Authorized Training Session has their own valid
licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized
Training Session,
v. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Authorized Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training
Sessions,
viii. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is
the subject of the MOC title being taught for all your Authorized Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.

MCT USE ONLY. STUDENT USE PROHIBITED

c.

If you are a MPN Member:


i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User attending the Private Training Session, and only immediately prior to the commencement
of the Private Training Session that is the subject matter of the Microsoft Instructor-Led
Courseware being provided, or
2. provide one (1) End User who is attending the Private Training Session with the unique
redemption code and instructions on how they can access one (1) digital version of the
Microsoft Instructor-Led Courseware, or
3. you will provide one (1) Trainer who is teaching the Private Training Session with the unique
redemption code and instructions on how they can access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure that each End User attending an Private Training Session has their own valid licensed
copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session,
v. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed
copy of the Trainer Content that is the subject of the Private Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training
Sessions,
viii. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the
subject of the MOC title being taught for all your Private Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.

d. If you are an End User:


For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for your
personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you may access the
Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the
training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to
three (3) Personal Devices. You may also print one (1) copy of the Microsoft Instructor-Led Courseware.
You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control.
e. If you are a Trainer.
i.
For each license you acquire, you may install and use one (1) copy of the Trainer Content in the
form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized
Training Session or Private Training Session, and install one (1) additional copy on another Personal
Device as a backup copy, which may be used only to reinstall the Trainer Content. You may not
install or use a copy of the Trainer Content on a device you do not own or control. You may also
print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training
Session or Private Training Session.

MCT USE ONLY. STUDENT USE PROHIBITED

ii.

You may customize the written portions of the Trainer Content that are logically associated with
instruction of a training session in accordance with the most recent version of the MCT agreement.
If you elect to exercise the foregoing rights, you agree to comply with the following: (i)
customizations may only be used for teaching Authorized Training Sessions and Private Training
Sessions, and (ii) all customizations will comply with this agreement. For clarity, any use of
customize refers only to changing the order of slides and content, and/or not using all the slides or
content, it does not mean changing or modifying any slide or content.

2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not
separate their components and install them on different devices.

2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may
not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any
third parties without the express written permission of Microsoft.
2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the
third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included
for your information only.
2.5 Additional Terms. Some Licensed Content may contain components with additional terms,
conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also
apply to your use of that respective component and supplements the terms described in this agreement.
3.

LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Contents subject


matter is based on a pre-release version of Microsoft technology (Pre-release), then in addition to the
other provisions in this agreement, these terms also apply:

a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of
the Microsoft technology. The technology may not work the way a final version of the technology will
and we may change the technology for the final version. We also may not release a final version.
Licensed Content based on the final version of the technology may not contain the same information as
the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you
with any further content, including any Licensed Content based on the final version of the technology.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or
through its third party designee, you give to Microsoft without charge, the right to use, share and
commercialize your feedback in any way and for any purpose. You also give to third parties, without
charge, any patent rights needed for their products, technologies and services to use or interface with
any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback.
You will not give feedback that is subject to a license that requires Microsoft to license its technology,
technologies, or products to third parties because we include your feedback in them. These rights
survive this agreement.
c.

Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on
the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the
Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the
technology that is the subject of the Licensed Content, whichever is earliest (Pre-release term).
Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies
of the Licensed Content in your possession or under your control.

MCT USE ONLY. STUDENT USE PROHIBITED

4.

SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more
rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only
allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:

access or allow any individual to access the Licensed Content if they have not acquired a valid license
for the Licensed Content,

alter, remove or obscure any copyright or other protective notices (including watermarks), branding
or identifications contained in the Licensed Content,

modify or create a derivative work of any Licensed Content,

publicly display, or make the Licensed Content available for others to access or use,

copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or
distribute the Licensed Content to any third party,

work around any technical limitations in the Licensed Content, or

reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the
Licensed Content except and only to the extent that applicable law expressly permits, despite this
limitation.

5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to
you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws
and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the
Licensed Content.
6.

EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations.
You must comply with all domestic and international export laws and regulations that apply to the Licensed
Content. These laws include restrictions on destinations, end users and end use. For additional information,
see www.microsoft.com/exporting.

7.

SUPPORT SERVICES. Because the Licensed Content is as is, we may not provide support services for it.

8.

TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail
to comply with the terms and conditions of this agreement. Upon termination of this agreement for any
reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in
your possession or under your control.

9.

LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed
Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for
the contents of any third party sites, any links contained in third party sites, or any changes or updates to
third party sites. Microsoft is not responsible for webcasting or any other form of transmission received
from any third party sites. Microsoft is providing these links to third party sites to you only as a
convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party
site.

10.

ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and
supplements are the entire agreement for the Licensed Content, updates and supplements.

11.

APPLICABLE LAW.
a. United States. If you acquired the Licensed Content in the United States, Washington state law governs
the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws
principles. The laws of the state where you live govern all other claims, including claims under state
consumer protection laws, unfair competition laws, and in tort.

MCT USE ONLY. STUDENT USE PROHIBITED

b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that
country apply.
12.

LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws
of your country. You may also have rights with respect to the party from whom you acquired the Licensed
Content. This agreement does not change your rights under the laws of your country if the laws of your
country do not permit it to do so.

13.

DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS


AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE
AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY
HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT
CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND
ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

14.

LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP
TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL,
LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.

This limitation applies to


o
anything related to the Licensed Content, services, content (including code) on third party Internet
sites or third-party programs; and
o
claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence,
or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.

Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this
agreement are provided below in French.
Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en franais.

EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute
utilisation de ce contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre garantie
expresse. Vous pouvez bnficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualit marchande, dadquation un usage particulier et dabsence de contrefaon sont exclues.

LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES


DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages
directs uniquement hauteur de 5,00 $ US. Vous ne pouvez prtendre aucune indemnisation pour les autres
dommages, y compris les dommages spciaux, indirects ou accessoires et pertes de bnfices.
Cette limitation concerne:
tout ce qui est reli au le contenu sous licence, aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers; et.
les rclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit
stricte, de ngligence ou dune autre faute dans la limite autorise par la loi en vigueur.

MCT USE ONLY. STUDENT USE PROHIBITED

Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel dommage. Si
votre pays nautorise pas lexclusion ou la limitation de responsabilit pour les dommages indirects, accessoires
ou de quelque nature que ce soit, il se peut que la limitation ou lexclusion ci-dessus ne sappliquera pas votre
gard.

EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits
prvus par les lois de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de votre
pays si celles-ci ne le permettent pas.
Revised July 2013

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

xi

Server Virtualization with Windows Server Hyper-V and System Center

Acknowledgments

MCT USE ONLY. STUDENT USE PROHIBITED

xii

Microsoft Learning wants to acknowledge and thank the following for their contribution toward
developing this title. Their effort at various stages in the development has ensured that you have a good
classroom experience.

Slavko Kukrika Content Developer

Slavko Kukrika has been a Microsoft Certified Trainer (MCT) for more than 15 years. He holds many
technical certifications, and he is honored to be one of Microsoft Most Valuable Professionals (MVPs).
He has worked with virtualization since the early days of Windows Virtual PC, and he cannot imagine life
without it. He regularly presents at technical conferences, and he is author of several Microsoft Official
Courses. In his private life, Slavko is the proud father of two sons, and he tries to extend each day to at
least 25 hours!

Dave Franklyn Content Developer

Dave Franklyn, MCT, Microsoft Certified Solutions Expert (MCSE), Microsoft Certified IT Professional
(MCITP), Microsoft MVP Windows Expert--It Pro, is a Senior Information Technology Trainer and
Consultant at Auburn University in Montgomery, Alabama, and is the owner of DaveMCT, Inc. LLC. He also
is an East U.S.A. Microsoft Regional Lead MCT. Dave has been a Microsoft MVP since 2011, and has been
teaching at Auburn University since 1998. Working with computers since 1976, Dave started out in the
mainframe world, and moved early into the networking arena. Before joining Auburn University, Dave
spent 22 years in the US Air Force as an electronic communications and computer systems specialist,
retiring in 1998. Dave is president of the Montgomery Windows IT Professional Group.

Orin Thomas Subject Matter Expert

Orin Thomas is an MVP, an MCT and has a string of Microsoft MCSE and MCITP certifications. He has
written more than 20 books for Microsoft Press and is a contributing editor at Windows IT Pro magazine.
He has been working in IT since the early 1990s. He is a regular speaker at events such as TechED in
Australia and around the world on Windows Server, Windows Client, System Center, and security topics.
Orin founded and runs the Melbourne System Center Users Group.

Mitch Garvis Technical Reviewer

Mitch Garvis is a renaissance man of the IT world. In addition to being a Virtual Technical Evangelist
for Microsoft Canada, he also is a senior partner with SWMI Consulting Group. Among his numerous
certifications are several MCITPs, as well as the new MCSE: Private Cloud. He lectures and trains on a
variety of topics, including System Center, server virtualization, desktop deployment, and security. You can
read his blog at www.garvis.ca, and follow him on Twitter as @MGarvis. In his spare time, he likes to break
things, and has recently earned his Second Degree Black Belt in Taekwondo. He makes his home outside
Toronto, Canada, where he has a wife, two kids, two dogs, and three minutes to himself every day.

Contents
Module 1: Evaluating the Environment for Virtualization
Lesson 1: Overview of Microsoft Virtualization

1-2

Lesson 2: Overview of System Center 2012 R2 Components

1-9

Lesson 3: Evaluating the Current Environment for Virtualization

1-16

Lesson 4: Extending Virtualization to the Cloud Environment

1-25

Lab: Evaluating the Environment for Virtualization

1-29

Module 2: Installing and Configuring the Hyper-V Role


Lesson 1: Installing the Hyper-V Role

2-2

Lesson 2: Managing Hyper-V

2-12

Lesson 3: Configuring Hyper-V Settings

2-20

Lesson 4: Hyper-V Host Storage and Networking

2-26

Lab: Installing and Configuring the Hyper-V Role

2-33

Module 3: Creating and Managing Virtual Hard Disks, Virtual Machines,


and Checkpoints
Lesson 1: Creating and Configuring Virtual Hard Disks

3-3

Lesson 2: Creating and Configuring Virtual Machines

3-14

Lab A: Creating and Managing Virtual Hard Disks and Virtual Machines

3-24

Lesson 3: Installing and Importing Virtual Machines

3-30

Lesson 4: Managing Virtual Machine Checkpoints

3-37

Lesson 5: Monitoring Hyper-V

3-46

Lesson 6: Designing Virtual Machines for Server Roles and Services

3-53

Lab B: Creating and Managing Checkpoints and Monitoring Hyper-V

3-60

Module 4: Creating and Configuring Virtual Machine Networks


Lesson 1: Creating and Using Hyper-V Virtual Switches

4-2

Lab A: Creating and Using Hyper-V Virtual Switches

4-9

Lesson 2: Advanced Hyper-V Networking Features

4-13

Lab B: Creating and Using Advanced Virtual Switch Features

4-23

Lesson 3: Configuring and Using Hyper-V Network Virtualization

4-26

Lab C: Configuring and Testing Hyper-V Network Virtualization

4-34

Module 5: Virtual Machine Movement and Hyper-V Replica


Lesson 1: Providing High Availability and Redundancy for Virtualization

5-2

Lesson 2: Implementing Virtual Machine Movement

5-8

Lab A: Moving Virtual Machine and Configuring Constrained Delegation

5-14

Lesson 3: Implementing and Managing Hyper-V Replica

5-18

Lab B: Configuring and Using Hyper-V Replica

5-29

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

xiii

Server Virtualization with Windows Server Hyper-V and System Center

Module 6: Implementing Failover Clustering with Hyper-V


Lesson 1: Overview of Failover Clustering

6-2

Lesson 2: Configuring and Using Shared Storage

6-12

Lesson 3: Implementing and Managing Failover Clustering with Hyper-V

6-22

Lab: Implementing Failover Clustering with Hyper-V

6-31

Module 7: Installing and Configuring Microsoft System Center 2012 R2


Virtual Machine Manager
Lesson 1: Integrating System Center and Server Virtualization

7-2

Lesson 2: Overview of VMM

7-13

Lesson 3: Installing VMM

7-19

Lesson 4: Adding Hosts and Managing Host Groups

7-28

Lab: Installing and Configuring System Center 2012 R2 Virtual


Machine Manager

7-41

Module 8: Managing the Network and Storage Infrastructure in Microsoft


System Center 2012 R2 Virtual Machine Manager
Lesson 1: Managing Networking Infrastructure

8-2

Lab A: Network Infrastructure Management

8-18

Lesson 2: Managing Storage Infrastructure

8-22

Lab B: Managing Infrastructure Storage

8-32

Lesson 3: Managing Infrastructure Updates

8-36

Lab C: Infrastructure Updates Management

8-42

Module 9: Creating and Managing Virtual Machines by Using Microsoft


System Center 2012 R2 Virtual Machine Manager
Lesson 1: Virtual Machine Management Tasks in VMM

9-2

Lesson 2: Creating, Cloning, and Converting Virtual Machines

9-13

Lesson 3: Overview of Virtual Machine Updating

9-22

Lab: Creating and Managing Virtual Machines by Using System


Center 2012 R2 Virtual Machine Manager

9-26

Module 10: Configuring and Managing the Microsoft System Center 2012 R2
Virtual Machine Manager Library and Library Objects
Lesson 1: Overview of the Virtual Machine Manager Library

10-2

Lesson 2: Working with Profiles and Templates

10-9

Lab: Configuring and Managing the Microsoft System Center 2012 R2


Virtual Machine Manager Library and Library Objects

10-23

MCT USE ONLY. STUDENT USE PROHIBITED

xiv

Module 11: Managing Clouds in Microsoft System Center 2012 R2 Virtual


Machine Manager
Lesson 1: Introduction to Clouds

11-2

Lesson 2: Creating and Managing a Cloud

11-11

Lesson 3: Working With User Roles in Virtual Machine Manager

11-19

Lab: Managing Clouds in Microsoft System Center 2012 R2


Virtual Machine Manager

11-27

Module 12: Managing Services in Microsoft System Center 2012 R2 Virtual


Machine Manager and App Controller
Lesson 1: Understanding Services in VMM
Lesson 2: Creating and Managing Services in VMM
Lesson 3: Using App Controller

12-2
12-9
12-16

Lab: Managing Services in Microsoft System Center 2012 R2


Virtual Machine Manager and App Controller

12-24

Module 13: Protecting and Monitoring Virtualization Infrastructure


Lesson 1: Overview of Backup and Restore Options for Virtual Machines

13-2

Lesson 2: Protecting Virtualization Infrastructure by Using DPM

13-9

Lesson 3: Using Operations Manager for Monitoring and Reporting

13-21

Lesson 4: Integrating VMM with Operations Manager

13-29

Lab: Monitoring and Reporting Virtualization Infrastructure

13-35

Module Review and Takeaways

13-40

Lab Answer Keys


Module 1 Lab: Evaluating the Environment for Virtualization

L1-1

Module 2 Lab: Installing and Configuring the Hyper-V Role

L2-7

Module 3 Lab A: Creating and Managing Virtual Hard Disks and


Virtual Machines

L3-17

Module 3 Lab B: Creating and Managing Checkpoints and


Monitoring Hyper-V

L3-25

Module 4 Lab A: Creating and Using Hyper-V Virtual Switches

L4-35

Module 4 Lab B: Creating and Using Advanced Virtual Switch Features

L4-40

Module 4 Lab C: Configuring and Testing Hyper-V Network


Virtualization

L4-43

Module 5 Lab A: Moving Virtual Machine and Configuring


Constrained Delegation

L5-47

Module 5 Lab B: Configuring and Using Hyper-V Replica

L5-52

Module 6 Lab: Implementing Failover Clustering with Hyper-V

L6-57

Module 7 Lab: Installing and Configuring System Center 2012 R2


Virtual Machine Manager

L7-65

Module 8 Lab A: Network Infrastructure Management

L8-73

Module 8 Lab B: Managing Infrastructure Storage

L8-78

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

xv

Server Virtualization with Windows Server Hyper-V and System Center

Module 8 Lab C: Infrastructure Updates Management

L8-81

Module 9 Lab: Creating and Managing Virtual Machines by Using


System Center 2012 R2 Virtual Machine Manager

L9-83

Module 10 Lab: Configuring and Managing the Microsoft System


Center 2012 R2 Virtual Machine Manager Library and Library Objects

L10-87

Module 11 Lab: Managing Clouds in Microsoft System


Center 2012 R2 Virtual Machine Manager

L11-91

Module 12 Lab: Managing Services in Microsoft System


Center 2012 R2 Virtual Machine Manager and App Controller

L12-99

Module 13 Lab: Monitoring and Reporting Virtualization


Infrastructure

L13-105

MCT USE ONLY. STUDENT USE PROHIBITED

xvi

About This Course


This section provides a brief description of the course, audience, suggested prerequisites, and course
objectives.

Course Description

MCT USE ONLY. STUDENT USE PROHIBITED

About This Course

xvii

This course will provide you with the knowledge and skills necessary to create, maintain, monitor, and
protect a virtualization infrastructure. You will learn about creating and managing virtual machines,
managing virtual machine networks, and providing high availability for a Windows Server 2012 R2
Hyper-V environment. This course also will describe how to create and manage virtual machines, clouds,
and services by using Microsoft System Center 2012 R2 Virtual Machine Manager (VMM).

Audience

This course is intended for IT professionals who design, implement, manage, and maintain virtualization
infrastructures, and for IT decision makers who will determine which virtualization product to implement
in their data centers. This course also is suitable for IT professionals who want to learn about current
Microsoft virtualization technologies.

Student Prerequisites
This course requires that you meet the following prerequisites:

An understanding of TCP/IP, iSCSI, and networking.

An understanding of different storage technologies.

The ability to work on a team or a virtual team.

Good documentation and communication skills to create proposals and make budget
recommendations.

An understanding of Windows PowerShell.

Course Objectives
After completing this course, students will be able to:

Evaluate their organizations virtualization requirements and plan for server virtualization.

Install and configure the Hyper-V role.

Create virtual machines, create and manage virtual hard disks, and work with checkpoints.

Create and configure virtual machine networks in a Hyper-V environment.

Implement virtual machine movement and the Hyper-V Replica feature.

Provide high availability for a Hyper-V environment by implementing failover clustering.

Manage a virtual environment by using VMM.

Manage networking and storage infrastructure in VMM.

Create and manage virtual machines by using VMM.

Configure and manage a VMM library and library objects.

Create and manage clouds by using VMM.

Create and manage services in VMM.

Protect virtualization infrastructure by using Windows Server Backup and Data Protection Manager.

About This Course

Course Outline
The course outline is as follows:

MCT USE ONLY. STUDENT USE PROHIBITED

xviii

Module 1, Evaluating the Environment for Virtualization" describes the Microsoft virtualization products
and System Center 2012 R2 components. It provides a broad overview of virtualization and a foundation
for the following modules.

Module 2, Installing and Configuring the Hyper-V Role" describes the Windows Server 2012 R2 features
that are beneficial for Hyper-V. It also describes how to add the Hyper-V role to Windows Server 2012 R2,
and how to configure the role.

Module 3, Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints" describes how
to create and configure virtual hard disks, virtual machines, and their components in the Hyper-V
environment. It also describes checkpoints and how to manage them in the Hyper-V environment.
Module 4, Creating and Configuring Virtual Machine Networks" describes Hyper-V virtual machine
networking options and explains how network virtualization works in the Hyper-V environment. It also
describes the different types of virtual switches, and how you can create and manage them.

Module 5, Virtual Machine Movement and Hyper-V Replica" describes the configuration and use of
Hyper-V, and the options that you can use to provide high availability in the Hyper-V environment. It also
describes how to move virtual machines between Hyper-V hosts and how to use Hyper-V Replica.
Module 6, Implementing Failover Clustering with Hyper-V" describes failover clustering, and how you
can implement and manage it in the Hyper-V virtual environment. It also describes how you can use
failover clustering to provide high availability for the Hyper-V environment.

Module 7, Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager"
describes how to install VMM, and explains its main features. It also describes how to add virtualization
hosts to VMM, and manage virtualization hosts and host groups.

Module 8, Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual
Machine Manager" describes VMM networking options, and how to manage storage infrastructure and
infrastructure updates in VMM.
Module 9, Creating and Managing Virtual Machines by Using Microsoft System Center 2012 R2 Virtual
Machine Manager" describes how to create and manage virtual machines in VMM, and how to configure
virtual machine updating.
Module 10, Configuring and Managing the Microsoft System Center 2012 R2 Virtual Machine Manager
Library and Library Objects" describes how to use and manage the Virtual Machine Manager library, and
how to configure library settings. It also explains how to use profiles and templates in VMM.

Module 11, Managing Clouds in Microsoft System Center 2012 R2 Virtual Machine Manager" describes
how to create and manage clouds and user roles in VMM.

Module 12, Managing Services in Microsoft System Center 2012 R2 Virtual Machine Manager and App
Controller" describes services in VMM and App Controller, and how to manage them. It also explains how
to use App Controller for cloud management.
Module 13, Protecting and Monitoring Virtualization Infrastructure" describes how to use the backup
and restore options in VMM, and how to protect the virtualization infrastructure by using DPM. It also
describes how to monitor the virtualization infrastructure and generate reports by using System Center
2012 R2 Operations Manager, and how to configure Operations Manager integration with VMM.

Course Materials
The following materials are included with your kit:

Course Handbook: a succinct classroom learning guide that provides the critical technical
information in a crisp, tightly-focused format, which is essential for an effective in-class learning
experience.

MCT USE ONLY. STUDENT USE PROHIBITED

About This Course

xix

Lessons: guide you through the learning objectives and provide the key points that are critical to
the success of the in-class learning experience.

Labs: provide a real-world, hands-on platform for you to apply the knowledge and skills learned
in the module.

Module Reviews and Takeaways: provide on-the-job reference material to boost knowledge
and skills retention.

Lab Answer Keys: provide step-by-step lab solution guidance.

Course Companion Content on the http://www.microsoft.com/learning/en/us


/companion-moc.aspx Site: searchable, easy-to-browse digital content with integrated premium
online resources that supplement the Course Handbook.

Modules: include companion content, such as questions and answers, detailed demo steps and
additional reading links, for each lesson. Additionally, they include Lab Review questions and
answers and Module Reviews and Takeaways sections, which contain the review questions and
answers, best practices, common issues and troubleshooting tips with answers, and real-world
issues and scenarios with answers.

Resources: include well-categorized additional resources that give you immediate access to the
most current premium content on TechNet, MSDN, or Microsoft Press.

Student Course files on the http://www.microsoft.com/learning/en/us/companion-moc.aspx


Site: includes the Allfiles.exe, a self-extracting executable file that contains all required files for the
labs and demonstrations.

Course evaluation: At the end of the course, you will have the opportunity to complete an online
evaluation to provide feedback on the course, training facility, and instructor.

To provide additional comments or feedback on the course, send an email to


support@mscourseware.com. To inquire about the Microsoft Certification Program, send an
email to mcphelp@microsoft.com.

About This Course

Virtual Machine Environment

MCT USE ONLY. STUDENT USE PROHIBITED

xx

This section provides the information for setting up the classroom environment to support the business
scenario of the course.

Virtual Machine Configuration


In this course, you will use Microsoft Hyper-V to perform the labs.
The following table shows the role of each virtual machine that is used in this course:
Virtual machine

Role

20409B-LON-HOST1

Boot to VHD image one of a pair

20409B-LON-HOST2

Boot to VHD image second server in the pair

20409B-LON-DC1

Domain controller in the Adatum.com domain

20409B-LON-SVR1

Member server in the Adatum.com domain

20409B-LON-SVR2

Member server in the Adatum.com domain

20409B-LON-VMM1

Member server in the Adatum.com domain, Microsoft System Center


2012 R2 VMM and Microsoft System Center 2012 R2 App Controller
will be installed on this server

20409B-LON-SS1

Windows Server 2012 R2 with Internet small computer system


interface (iSCSI) target

20409B-LON-OM1

Microsoft System Center 2012 R2 Operations Manager (Operations


Manager)

20409B-LON-WSUS

A Window Server Update Services server

20409B-LON-CL1

Windows 8.1 client with Microsoft Office 2013 installed

20409B-LON-CL2

Windows 8.1 client with Office 2013 installed

20409B-LON-TEST1

Stand-alone server

20409B-LON-TEST2

Stand-alone server

20409B-LON-PROD1

Stand-alone Windows 8.1 client

20409B-LON-PROD2

Stand-alone Windows 8.1 client

Classroom Setup

This course requires two host computers for the instructor and for each student (or pair of students
working in a team). The two computers for each person must have network connectivity with each other,
but must not be able to communicate with other computers on the network.

The two host computers will be configured to run Hyper-V as part of the classroom installation, or as part
of the student labs. Each host computer will also host several virtual machines.

Course Hardware Level

MCT USE ONLY. STUDENT USE PROHIBITED

About This Course

To ensure a satisfactory student experience, Microsoft Learning requires a minimum equipment


configuration for trainer and student computers in all Microsoft Certified Partner for Learning Solutions
(CPLS) classrooms in which Official Microsoft Learning Product courseware is taught.
Hardware Level 7

64-bit Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor (2.8
gigahertz [GHz] dual core or more recommended)

Dual 500 gigabyte (GB) hard disks, 7200 RPM Serial ATA (SATA) or faster. Each hard disk must be
configured as a separate drive labeled Drive C and Drive D

16 GB RAM

DVD (dual layer recommended)

Network adapter

Dual SVGA monitors that are 17 inches or larger, supporting 1,440 x 900 minimum resolution

Microsoft mouse or compatible pointing device

Sound card with amplified speakers

Additionally, the instructor computer must be connected to a projection display device that supports
1,280 x 1,024 pixels, with 16-bit color.

Navigation in Windows Server 2012 R2 or Windows 8.1


If you are not familiar with the user interface in Windows Server 2012 R2 or Windows 8.1, then the
following information will help orient you to the new interface.

Sign in and Sign out replace Log in and Log out.

Administrative tools are found in the Tools menu of Server Manager.

Move your mouse to the lower right corner of the desktop to open a menu with:

Settings: This includes Control Panel and Power.

Start menu: This provides access to some applications.

Search: This allows you to search applications, settings, and files.

You also may find the following shortcut keys useful:

Windows: Opens the Start menu.

Windows+C: Opens the same menu as moving the mouse to the lower right corner.

Windows+I: Opens Settings.

Windows+R: Opens the Run window.

xxi

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


1-1

Module 1
Evaluating the Environment for Virtualization
Contents:
Module Overview

1-1

Lesson 1: Overview of Microsoft Virtualization

1-2

Lesson 2: Overview of System Center 2012 R2 Components

1-9

Lesson 3: Evaluating the Current Environment for Virtualization

1-16

Lesson 4: Extending Virtualization to the Cloud Environment

1-25

Lab: Evaluating the Environment for Virtualization

1-29

Module Review and Takeaways

1-33

Module Overview

Microsoft offers several virtualization technologies that organizations can use to resolve challenges
that they encounter when running traditional server computing environments. For example, server
virtualization can help reduce the number of physical servers, and provide a flexible and resilient server
solution for businesses. This module provides an overview of the different Microsoft virtualization
technologies, and explains how you can use these technologies to manage both virtualization and
traditional infrastructures. This module also describes how to evaluate your business environment to
plan for virtualization.
Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2
Virtual Machine Manager are referred to as VMM.

Objectives
After completing this module, you will be able to:

Describe the various virtualization technologies and the scenarios where you would apply each
technology.

Describe the different Microsoft System Center 2012 R2 components, and explain how you can use
them to manage both traditional and modern infrastructure solutions.

Evaluate your organizations virtualization requirements and plan for server virtualization.

Lesson 1

Overview of Microsoft Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

1-2 Evaluating the Environment for Virtualization

Microsoft offers a number of virtualization technologies that administrators and infrastructure architects
can use to create and administer a virtual environment. To use these tools effectively, it is important for
administrators and infrastructure architects to know how and when to apply which Microsoft technology.
In many cases, you can combine multiple technologies to build an effective virtualized business solution.
For example, a new email infrastructure may consist of a server and several client systems, and you may
want to consider the various virtualization technologies available before deciding on and implementing
the one that best meets your business requirements. This lesson describes the different types of
virtualization technologies and the principles of cloud computing.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the different types of virtualization technologies.

Explain the scenarios where you would implement server virtualization.

Describe the features and benefits of network virtualization.

Describe the features and benefits of user state virtualization.

Describe the features and benefits of presentation virtualization.

Describe the features and benefits of application virtualization.

Describe the features and benefits of cloud computing.

Different Types of Virtualization


Microsoft provides a host of virtualization options,
each of which you can use to meet a specific set
of challenges. The following list provides an
overview of each type of virtualization:

Server virtualization. You can use server


virtualization to host a large number of
virtual machines. Server Virtualization uses
the Windows Server 2012 Hyper-V platform.

Desktop virtualization. Desktop virtualization


can refer to either client side virtualization,
such as the Hyper-V client on a computer
running Windows 8.1, or virtual desktop
infrastructure, where the client computer operating systems run on a server virtualization host.

User state virtualization. User state virtualization captures and centralizes application and Windows
operating system settings for users. This enables users to sign in to any device while retaining their
settings.

Presentation virtualization. Presentation virtualization allows desktops and applications that are
running on a Remote Desktop Services server to display on remote clients.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-3

Network virtualization. Network virtualization enables you to isolate networks used in server
virtualization without requiring the implementation of virtual local area networks (VLANs).

Application virtualization. You can use application virtualization to virtualize applications, which then
enables applications to run in or be streamed to special containers on a host operating system.

Note: Later topics in this lesson discuss in more detail each type of virtualization and the
scenarios in which you would deploy them.

What Is Server Virtualization?

In Microsoft environments, server virtualization


involves running virtual machines on a host that
is running the Hyper-V role. Server virtualization
abstracts a physical servers resources, and then
presents the resources to each virtual machine
that is running on the physical host. For example,
server virtualization allows y multiple virtual
machines to share the same physical hardware,
yet appear as separate servers on the organization
network. Virtual machines (known as guests) that
run on a Hyper-V server (known as a host) can
run any supported operating system including
Windows Server, Windows client operating systems (such as Windows 8) and supported distributions of
Linux.

Server virtualization allows you to use hardware resources more efficiently. Consider a scenario where you
have separate computers running Microsoft Exchange Server 2013, Microsoft SQL Server 2012, Microsoft
SharePoint Server 2013, file and print services, Domain Name System (DNS), Dynamic Host Configuration
Protocol (DHCP). Additionally, you have another server functioning as an Active Directory domain
controller. If you use server virtualization, you can instead configure a single appropriately provisioned
server and run each of these separate computers as virtual machine guests. You can even make these
virtual machines highly available by deploying additional appropriately provisioned servers running
Hyper-V and configuring them in a failover cluster relationship.
Server virtualization allows you to detach the computer that is hosting a particular service or workload
from the hardware on which that service or workload runs. For example, you may have a virtualized
computer that hosts a SQL Server 2012 instance that is a guest on a Hyper-V host with other virtualized
computers. If the virtualized computer that hosts the SQL Server 2012 instance requires more computing
resources than are available on the current host, you can simply move the virtual machine to another
Hyper-V host that has resources that better meet the requirements of the workload.

What Is Desktop Virtualization?


Desktop virtualization often represents two
separate concepts:

Client-side virtualization. A hypervisor runs


on a desktop operating system such as
Windows 8.1 and hosts a small number of
virtual machines that the user will utilize.

Virtual Desktop Infrastructure (VDI). The client


operating system runs on a remote server,
and users connect to it by using a Remote
Desktop client.

Client-Side Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

1-4 Evaluating the Environment for Virtualization

Client-side virtualization uses the Hyper-V role on supported operating system editions and hardware
running Windows 8 and Windows 8.1. Virtual machines running on Hyper-V client are compatible with
servers running Hyper-V. Client-side virtualization is often used as an application compatibility solution,
allowing individual users to run multiple versions of the Windows client operating system simultaneously
on their client computer hardware.
You would typically use client-side virtualization in scenarios where you need to provide application
compatibility to a small number of users. When larger numbers of users require an application
compatibility solution, you should instead host the previous version of the Windows client operating
system on a server running Hyper-V.

For example, consider a scenario where in an organization of several hundred people you have five users
that need to run a series of applications on the Windows XP operating system for several months until a
replacement solution can be found. All users in this organization have desktop computers that run the
Windows 8.1 operating system. In this scenario, you should consider deploying Windows XP in a virtual
machine that runs client Hyper-V. If you have a large number of users that need to run a series of
incompatible applications, or the incompatible applications need to be used on a long-term basis, you
might consider a different solution such as VDI or System Center 2012 R2 Application Virtualization
(App-V).

VDI

VDI enables you to run some or all of an organizations client computers as virtual machines. Users can
connect to those virtual machines by using a Remote Desktop Client from any compatible computer or
device. Client computers in a VDI deployment run as a pool of virtual machines, which provides
organizations with the following benefits:

One client accessible through any device. Because the client operating system runs independently of
hardware, users can access their personal client virtual machine by using a variety of devices. VDI
provides a solution for Bring Your Own Device (BYOD) environments, ensuring that a standardized
environment is available even if each user has their own unique device.

Reduced hardware costs. Instead of having to manage and maintain a client computer for each user,
you only need to meet the minimum requirement of a keyboard, a mouse, and a display capable of
running a Remote Desktop client.

Simplified updates. Rather than updating clients individually, you can update virtual machines in a
VDI deployment in a centralized way.

Simplified deployment. You can deploy a new computer quickly from the existing virtual machine
pool. This is simpler than having to install and manage the operating system, applications, hardware,
and updates for each individual computer that you deploy.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-5

High availability. Because the client computer is a virtual machine, you can make it highly available by
running it on highly available virtualization hosts. In the event that the hardware or device on which
the client virtual machine runs experiences a hardware failure, you can issue a replacement without
the user losing access to applications or data. This is because the operating system, applications, and
data are kept separate from any client computer hardware.

Backup and recovery. Because virtual machines are data, VDI simplifies the process of centrally
backing up client computers.

What Is Network Virtualization?


Network virtualization provides a way to isolate
virtual networks and the virtual machines that
connect to them, without having to implement
VLANs. Network virtualization is of primary
interest to organizations that host large numbers
of virtual machines that require isolation of one
group of virtual machines from another. Isolation
may be required because the different groups of
virtual machines use the same IP address scheme,
or there may be political or regulatory reasons
why one set of virtual machines must be isolated
from other groups of virtual machines.

By using gateways or virtual private network (VPN) extensions, you can extend virtualized networks for
isolated communication between Hyper-V hosts. Network virtualization provides many of the benefits
that VLANs provide without requiring you to configure physical switches with appropriate VLAN IDs.
Hyper-V Network Virtualization technical details
http://go.microsoft.com/fwlink/?LinkID=285279

What Is User State Virtualization?


User State Virtualization allows users to sign in to
any device while retaining their operating system
and application settings. This provides users with
a consistent Windows operating system and
application experience. UE-V works with locally
installed desktops or VDI with any combination of
locally installed applications, App-Vsequenced
application, and applications that use RemoteApp.

User Experience Virtualization (UE-V) is a


System Center 2012 tool that enables users
to synchronize their user settings for both
applications and operating system across multiple
computers. Virtualizing user settings is also known as user state virtualization. UE-V includes the following
components:

Settings storage location. This is a file share that the UE-V agent uses to store the settings.

MCT USE ONLY. STUDENT USE PROHIBITED

1-6 Evaluating the Environment for Virtualization

User Experience Virtualization agent. This agent is installed on each computer that will synchronize
the settings stored in the Settings storage location.

Settings location templates. These are XML files that define what settings UE-V should monitor. The
UE-V installation includes these templates.

Settings package. These packages are generated by the UE-V agent, and are then copied to the
Settings storage location.

User state virtualization is useful in environments where users might sign in to different computers or
devices but need to access their customized and configured operating system and application settings.
One example might be in a call center environment where users are assigned a separate desk each time
they arrive at work, but where policies allow them to configure their own desktop background (including
shortcuts) and operating system settings.
High-Level Architecture for UE-V 1.0
http://go.microsoft.com/fwlink/?LinkID=386654

What Is Presentation Virtualization?


Presentation virtualization is another way of
describing the Remote Desktop and RemoteApp
functionality of the Remote Desktop Services role
in Windows Server 2012 R2. With presentation
virtualization, the application, or the entire remote
desktop runs on the server. The application user
interface, or the computers desktop, displays on
the clients device.

Presentation virtualization allows applications


that would normally not be able to run on a client
because of resource constraints, to be accessible
on that client because the application runs on the
server. For example, you can use RemoteApp to run an app that requires 4 gigabytes (GB) of random
access memory (RAM), on a computer with 2 GB of RAM. This is possible because the app will be
executing on the Remote Desktop server. Remote App supports file associations on some client operating
systems. For example, if a user double clicks on a Microsoft Visio document file, a Visio RemoteApp
session may open to a Remote Desktop Services server that is hosting the Visio app.

Remote Desktop client software exists for devices running the Windows RT, Windows Phone, Apple iOS,
Mac OSX, and Android operating systems. This makes Remote Desktop another possible solution in BYOD
environments where users may need to run apps that you do not want to or cannot run locally for
architectural or resource reasons.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

What Is App-V?
Application Virtualization (App-V) is a System
Center tool that virtualizes apps by abstracting
them from the operating system. App-V allows
apps to run without having to install them on the
computer or server that the user is accessing. As
App-V apps run in a separate virtualized silo, it
allows you to run apps side by side that would
otherwise cause conflicts. For example, using
App-V you can run different versions of a
Microsoft Office application concurrently, which
is not possible without App-V.
App-V benefits include:

1-7

Running applications that would otherwise conflict. For example, you can run two different versions
of Microsoft Office on the same computer or in an RD Session Host server. Each application has all the
necessary sequenced files that it requires to run.

Virtualized applications display as if they are installed locally. Users can start applications from the
Start Screen, from desktop icons, and by file extension association. App-V applications use local
resources+ and display in Task Manager.

App-V applications can be streamed on demand from an App-V server. This allows an application not
present locally to be started more quickly.

App-V applications can be stored locally once they have completely streamed from the host server.
App-V apps can also be installed.

Simplified management and deployment. With streaming, virtual applications are delivered on
demand from a server, thereby allowing users to download them automatically when they are
required. Administrators can update applications on the server and the App-V Desktop Client will
download the newer version automatically the next time the user runs the application.

What Is Cloud Computing?


Cloud computing is a term that describes the
delivery and consumption of computing and
application resources from a remote location,
often but not necessarily over the Internet. Users
can subscribe to cloud computing resources,
which are usually then measured and billed similar
to utility services. Cloud computing applications
are typically independent of an operating system,
and they are available to users across a wide
variety of devices. From an administrative
perspective, cloud computing infrastructure
should be pooled, should be able to deliver
multitenant services, and should allow rapid scalability.

Cloud computing service models include software as a service (SaaS), platform as a service (PaaS), and
infrastructure as a service (IaaS). Cloud computing has three main deployment models:

MCT USE ONLY. STUDENT USE PROHIBITED

1-8 Evaluating the Environment for Virtualization

Public cloud. Public clouds are infrastructure, platform, or application services that are delivered from
a cloud service provider for access and consumption by the public.

Private cloud. Private clouds are privately owned and managed clouds that offer similar benefits to
that of public clouds, but are designed and secured for use by a single organization.

Hybrid cloud. In a hybrid cloud, a technology binds two separate clouds (public and private) together
for the specific purpose of obtaining resources from both.

Microsoft cloud services provide technology and applications across all of these cloud computing models.
Some examples of Microsoft cloud services are:

Microsoft public cloud services:


o

Windows Azure. Windows Azure is a public cloud environment that offers PaaS, SaaS, and IaaS.
Developers can subscribe to Windows Azure services and create software, which is delivered as
SaaS. Microsoft cloud services uses Windows Azure to deliver some of its own SaaS applications.

Microsoft Office 365. Office 365 delivers online versions of the Microsoft Office applications and
online business collaboration tools.

Microsoft Dynamics CRM Online. Microsoft Dynamics CRM Online is the Microsoft-hosted version
of the on-premises Microsoft Dynamics CRM application.

Microsoft private cloud:


o

Hyper-V in Windows Server 2012 R2 combines with System Center 2012 R2 to create the
foundation for building private clouds. By implementing these products as a combined solution,
you can deliver much of the same functionality offered by public clouds.

Microsoft hybrid cloud:


o

Microsoft provides a number of hybrid cloud solutions that enable you to:

Back up an on-premises cloud application to a service provider.

Manage, monitor, and move virtual machines between different clouds.

Connect and federate directory services that allow your users to access applications that are
constructed across a combination of on-premises, service provider, and public cloud types.

You can reduce the computing costs of your organization by using Microsoft cloud computing
technologies. You can also improve the delivery times for infrastructure and application services, ensure
that they are always available, and monitor their performance.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

Lesson 2

Overview of System Center 2012 R2 Components

1-9

System Center 2012 R2 includes several integrated technologies that you can use to deploy, configure,
and manage servers, clients, mobile devices, services, and applications. In this lesson, you will review the
various technologies included in System Center 2012 R2, and explore their features and functionalities.

Lesson Objectives
After completing this lesson, you will be able to:

Explain how to use System Center 2012 R2 to manage a data center.

Describe the features and functionalities of System Center 2012 R2 Virtual Machine Manager.

Describe the features and functionalities of System Center 2012 R2 App Controller.

Describe the features and functionalities of System Center 2012 R2 Operations Manager.

Describe the features and functionalities of System Center 2012 R2 Orchestrator.

Describe the features and functionalities of System Center 2012 R2 Service Manager.

Describe the features and functionalities of System Center 2012 R2 Data Protection Manager.

Using Microsoft System Center 2012 R2 to Manage a Data Center


System Center 2012 R2 is a group of integrated
management technologies that predominantly IT
professionals use to deploy, manage, maintain,
monitor, and automate servers, computers, mobile
devices, services and applications. The following
list summarizes the components and their
purpose.

System Center 2012 R2 Virtual Machine


Manager

System Center 2012 R2 Virtual Machine Manager


(VMM) provides administrators with a single
administrative tool for deploying and managing a
virtualization infrastructure, including managing components such as hosts, storage, networks, libraries,
and update servers. VMM also provides the foundation for managing virtual machines configuration and
deployment.

System Center 2012 R2 App Controller

System Center 2012 R2 App Controller (App Controller) provides a self-service portal for administrators
who are deploying and managing applications and services across one or more sites. App Controller
enables you to access and manage resources from one or more VMM servers, and from multiple Windows
Azure subscriptions.

System Center 2012 R2 Service Manager

System Center 2012 R2 Service Manager (Service Manager) offers service management, process
automation, asset tracking, and a self-service portal to access resources that are defined in a service
catalog. Service Manager offers an easy-to-build configuration management database, which pulls data
from Active Directory Domain Services (AD DS) and System Center components. This allows companies to

establish and use controls and operations based on guidelines of either the Information Technology
Infrastructure Library or Microsoft Operations Framework.

System Center 2012 R2 Orchestrator


System Center 2012 R2 Orchestrator (Orchestrator) is a runbook automation component that allows
administrators to integrate and automate their data centers. Orchestrator utilizes integration packs,
including many built-in authored packs that allow administrators to connect different systems.

System Center 2012 R2 Operations Manager

MCT USE ONLY. STUDENT USE PROHIBITED

1-10 Evaluating the Environment for Virtualization

System Center 2012 R2 Operations Manager (Operations Manager) is the management component that
you use to monitor applications and performance. You can integrate Operations Manager with VMM,
Service Manager, Orchestrator, and DPM. Operations Manager utilizes vendor-authored management
packs that provide detailed information about the application and health-state monitoring.

System Center 2012 R2 DPM


System Center 2012 R2 DPM () is an enterprise backup component that performs application-aware
block-level backups. It utilizes Volume Shadow Copy Service (VSS) writers to help protect and recover
applications such as SQL Server, Exchange Server, SharePoint Server 2012, and AD DS. Additionally, it
provides specific VSS writers for System Center 2012 components.
For more information on what is new in the System Center 2012 R2 components, see:
What's New in System Center 2012 R2
http://go.microsoft.com/fwlink/?LinkID=386653
Note: The following topics will examine each of the System Center components, their
features, and their integration capabilities in more depth.

Overview of VMM
VMM provides you with a single administrative
tool for deploying and managing a virtualization
infrastructure. You use VMM to manage large
numbers of virtual machine hosts and virtual
machines. Using VMM, you can deploy and
manage all components of your virtual machine
and virtual machine host infrastructure. You can
use VMM to manage a single virtual machine host
computer, or to manage as many as 400 hosts and
8,000 guests.
You can use VMM to perform the following tasks:

Bare-metal deployment of hosts. You can


automate deployment of Windows Server host machines on physical servers.

Host and cluster creation. You can create Hyper-V hosts and clusters easily by using the VMM
console, which simplifies manual deployment and reduces the possibility of configuration errors.

Host groups. You can group hosts for manage multiple hosts.

Cross-platform management. VMM supports Citrix XenServer host and pool management, and
supports VMware ESX hosts through integration with VMware vSphere.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-11

Storage configuration. Configure and manage storage.

Network configuration. Allows you to create and manage virtual networks.

Intelligent placement. Intelligent placement helps you select an appropriate host for a virtual machine
based on available resources.

Dynamic optimization. VMM can balance workloads automatically, according to configurable


thresholds for core resources such as CPU, memory, disk, and network utilization.

Power optimization. You can configure VMM to use power thresholds that you specify. This enables
VMM to evaluate the performance requirements of a Hyper-V host cluster, and shut down hosts if
they are not required to provide adequate performance.

Performance and Resource Optimization (PRO). PRO allows you to ensure that virtual machines are
moved automatically when there is resource contention.

Microsoft Server Application Virtualization (Server App-V). Server App-V enables you to virtualize
server-based applications.
Whats New in System Center 2012 - Virtual Machine Manager
http://go.microsoft.com/fwlink/?LinkId=253224

Overview of App Controller


App Controller is a self-service portal that enables
administrators and end users to control, deploy,
and configure applications and virtual machines
across VMM deployments and public clouds. App
Controller provides self-service capabilities that
enable administrators to deploy and administer
resources across multiple VMM servers, and across
Window Azure and service-provider data center
resources.

You can configure App Controller to use up to five


VMM servers and their resources. App Controller
provides web-based access through which you
can control applications, virtual machines, and virtual machine resources, including libraries and shares.

App Controller can control as many as 20 Windows Azure subscriptions. It allows you to upload virtual
hard disks and images to Windows Azure from a library or from network shares, and add virtual machines
to deployed services in Windows Azure. Additionally, you can manipulate and migrate virtual machines to
and from Windows Azure.

Overview of Operations Manager


Operations Manager is a cross-platform
monitoring and alerting solution that provides
application and infrastructure monitoring.
Operations Manager can monitor both physical
and virtual layers, and it introduces a fabric health
dashboard and cloud health dashboard. These
dashboards provide status information such as
host state, storage pool state, network node state,
file share, and logical unit number (LUN) state.
Other benefits of integrating VMM with
Operations Manager, include:

MCT USE ONLY. STUDENT USE PROHIBITED

1-12 Evaluating the Environment for Virtualization

Monitoring the health and availability of the


VMM management server, the VMM database server, and the Virtual Machine Manager library
servers. You can also monitor a VMware-based virtual environment.

Viewing diagram views of your virtualized environment from within the Operations console.

Implementing PRO tips, which collect performance data from host machines, virtual machines, and
applications. PRO tips enable you to automate changes to the VMM and host environment, based
on the performance information that Operations Manager provides. For example, if a physical hard
disk fails, an alert in Operations Manager can trigger the migration of all virtual machines from a
host with a degraded disk subsystem. Another example could be using performance information to
automatically scale out a web farm in response to increased transactions in VMM. The reports are
available in the VMM console, but display data is retrieved from Operations Manager.

Enabling maintenance-mode integration. When you place hosts in maintenance mode, VMM
attempts to put them in maintenance mode in Operations Manager.

Integrating SQL Server Analysis Services (SSAS), which allows you to run forecasting reports that can
predict host activity based on history of disk space, memory, network I/O, disk I/O, and CPU usage.
SSAS also supports using a SAN for usage forecasting.
How to Connect VMM with Operations Manager
http://go.microsoft.com/fwlink/?LinkID=286069

Overview of Orchestrator
Orchestrator is the Microsoft runbook automation
platform. You use Orchestrator to automate
virtualization management tasks. Orchestrator
allows you to create automation using the
Orchestrator Runbook Designer. The Runbook
Designer is a simple drag-and-drop interface
that makes it easier to design processes to help
accomplish complex tasks. This allows you to
create quick automation without having to create
and manage complex Windows PowerShell scripts.

Orchestrator has a number of built-in runbook


activities that perform a wide range of functions,
and that you can extend with integration packs. Integrations packs contain Runbook activities and objects

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-13

that allow Orchestrator to extend its capabilities to other Microsoft and non-Microsoft components. The
Virtual Machine Manager integration pack includes tasks related to the management of VMM,
virtualization hosts, and virtual guests.

Overview of Service Manager


Service Manager is a System Center component
that you use to automate business processes
and implement service management as defined in
the Information Technology Infrastructure Library
and the Microsoft Operations Framework. Many
prebuilt products exist for incident and problem
management, and change, release, and life cycle
management.
Virtualization environments are dynamic by
nature. Therefore, you should manage them by
using documented processes and procedures that
are based around the Information Technology
Infrastructure Library or Microsoft Operations Framework. Service Manager can help you govern
virtualization or private cloud computing with the following functionality:

Management of incidents, problems, changes, and releases. For application and infrastructure owners,
administrators, service analysts, and end users, Service Manager offers a single location from which to
govern and manage deployment changes, and administrate a complex virtualization environment.
Service Manager provides a SharePointbased portal that you can customize and configure with a
software or service catalogue that you can link to self-service request offerings. You can configure
request offerings to trigger business approval processes and system processes that deliver the
request. This provides a level of automation that significantly increases efficiency.

Compliance. Service Manager has a downloadable management pack that can assist you with
managing and automating IT governance, risk, and compliance responsibilities, and can help you
connect complex business objectives to Microsoft infrastructure.

Note: Management packs extend System Center 2012 R2 functionality, and enable
integration between System Center components. You can download and install a wide variety of
management packs for most System Center components.

An integrated platform. Service Manager has several available connectors to leverage Service
Managers full integration capabilities. You can use these connectors to import data into the Service
Manager Configuration Management database from AD DS, .csvc files, and other System Center
components.

Overview of DPM
Data Protection Manager (DPM) is a data backup
and recovery solution that works with disk-to-disk
and disk-to-tape backups. You can use DPM to
back up and restore Windows Servers operating
system servers, and application servers such as:

SQL Server

Exchange Server

Hyper-V

File servers

AD DS

SharePoint Server

DPM also includes support for system state and bare-metal recovery, offers protection for Windows
desktop clients, and provides some elements of self-service.

MCT USE ONLY. STUDENT USE PROHIBITED

1-14 Evaluating the Environment for Virtualization

When planning a virtualization environment, you need to implement a backup system that will back up
the following items:

Virtual machines. Sometimes referred to as virtual machine backups, in-guest backups, or traditional
backups, these backups are usually unaware of virtualization and are designed with an application in
mind. For example, Exchange backups should protect Exchange components such as stores and
mailboxes. Additionally, if you want to protect your entire server structure, you should perform a
system-state backup and include data drivers. If you must recover your entire server structure, you
must use a recovery copy that includes a full backup of all components.

Host server backup. Not to be confused with backing up the host itself, a host-level backup is a
Hyper-Vaware backup designed to protect the virtualization files that comprise a virtual machine.
Virtualization files may include virtual machine configuration files, .vhd files, and snapshots. DPM uses
VSS to back up files while they run. You can use this form of backup to recover an entire virtual
machine or one of its disks, in place, to the same virtualization host server, or to an alternate
virtualization host server.

DPM provides the following important data center backup system features:

VSS backups. DPM uses VSS to protect data sources while the data source continues to run.
This means that applications and servers do not have to be taken offline while DPM provides the
protection for them. After an initial full backup is complete, DPM can back up just the block changes,
incrementally, which allows for faster and more efficient backup and recovery.

Hyper-V item-level recovery support. DPM can recover specific files, folders, volumes, and virtual hard
disks from a host-level backup of Hyper-V virtual machines.

Hyper-V host and guest support. DPM supports host-based protection when the agent is installed on
the host computer, and guest-based protection when the agent is installed on the virtual machine.
For guests running Windows Server 2003 and newer Windows Server versions, DPM provides online
backups that ensure that DPM does not impact the performance of the protected virtual machine
when providing protection.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-15

Integration with Operations Manager. Integrating DPM with Operations Manager provides
monitoring for the DPM environment via the DPM Management Pack. The DPM Central Console,
which is built on Operations Manager, allows you to monitor all DPM servers from a central
computer. You can use the Central Console to open a DPM Administrator Console to manage DPM
remotely.

Integration with other System Center 2012 components. With the integration of DPM and
Orchestrator, you can automate functions such as data protection and recovery. Using Service
Manager and the Self-Service Portal together with DPM and Orchestrator, you can also offer these
functions as services to private cloud users.

Self-service functionality. DPM also has a self-service function that administrators can use to configure
and delegate restore functionality to self-service users. You can grant permission to restore to the
same server, or to restore to an alternate server, including to which alternate servers.

Windows Azure Backup. You can back up DPM data to Windows Azure.

Linux virtual machine backup. DPM provides support for Linux virtual machines.

Note: When building a virtualization solution (or any solution), it is important to test and
validate data by using the restore functionality. Ensure that you can restore each type of backup,
and be sure to implement a plan with periodic testing of backup integrity.

Lesson 3

Evaluating the Current Environment for Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

1-16 Evaluating the Environment for Virtualization

Prior to implementing virtualization into your organization, you must first determine key evaluation
factors that you can use to assess your organizations virtualization requirements. You will learn about
some of the available resources, including solution accelerators such as the Microsoft Assessment and
Planning Toolkit (MAP). This lesson also describes some of the principal design factors for implementing a
server virtualization solution.

Lesson Objectives
After completing this lesson, you will be able to:

Evaluate your organizations requirements for server virtualization.

Describe the virtualization solution accelerators.

Describe the assessment features of MAP.

Assess the computing environment by using MAP.

Design a solution for server virtualization.

Evaluating Server Virtualization Factors


When you consider the challenges presented
by the traditional computer and application
environments, server virtualization is an effective
way to resolve many of the known issues.
Planning your server virtualization project is a
very important first step, and evaluating factors
that will contribute to a successful virtualization
project is the beginning of this process. Some of
the important evaluation factors are as follows:

Project scope. You should define the


virtualization project scope as early on as
possible. You should determine the business
factors driving the project, the staff that is responsible for determining these factors, and their goals.

You should also determine how you will measure success. For example, if your company is migrating
from Exchange Server 2007 to Exchange Server 2013, your migration project scope may include
server virtualization elements, but the overall success is measured by a transparent upgrade of the
organizations email platform. However if your project scope is to implement or upgrade a server
virtualization strategy, Exchange Server may just be a milestone goal of the overall consolidation or
improvement program. Understanding budgets and documenting the project are also important
factors.

Resource and performance. Assessing the resource and performance of the servers to be virtualized is
another evaluation factor. You can use MAP to provide detailed information on the number of hosts
and the host hardware requirements.
Typically, virtual machines require approximately the same resources as a physical server. For
example, if a physical server is currently utilizing 1-GB RAM, you should expect the virtual machine to
use the same amount of RAM, assuming that it runs the same operating system and applications as

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-17

the physical server. If a single virtual machine consumes more than half of your hosts workload, you
should consider whether virtualization is appropriate or if the hosts sizing is adequate.

Hardware is not the only consideration when implementing a server virtualization solution. You also
should review all aspects of a service or applications requirements before deciding whether you can host
it virtually. Some factors to consider when determining whether to virtualize server workloads are:

Compatibility. You must determine whether the application can run in a virtualization environment.
Business applications range from simple programs to complex, distributed multiple tier applications.
You need to consider requirements for specific components of distributed applications, such as
specific needs for communication with other infrastructure components, or requirements for direct
access to the system hardware. While you can virtualize some servers easily, other components may
need to continue running on dedicated hardware.

Applications and services. Applications and services that have specific hardware or driver
requirements generally are not well suited for virtualization. An application may not be a good
candidate for application virtualization if it contains low-level drivers that require direct access to
the system hardware. This may not be possible through a virtualization interface, or it may affect
performance negatively.

Supportability. You need to evaluate if a virtualized environment will support your operating system
and requisite applications. Verify vendor support policies for operating system and application
deployment using the virtualization technologies.

Licensing. You also need to evaluate whether you can license the application for use in a virtual
environment. Reduced licensing costs for multiple applications or operating systems could add up
and make a strong financial case for using virtualization.

Availability requirements. Most organizations have some applications that must always be available
in a virtual environment for users. Some applications provide built-in options for enabling high
availability, while other applications may be more difficult to make highly available outside of a
virtual machine environment. When considering whether to virtualize a server, evaluate whether the
application has high availability options, whether a virtual machine environment supports those
options, and whether you can use failover clustering to make the virtual machine highly available.

The goal in most organizations is to utilize all servers adequately, whether they are physical or virtual. You
can fully utilize some server roles such as SQL Server or Exchange Server Mailbox servers, by deploying
additional SQL Server instances or moving more mailboxes to the server. In some cases, you can virtualize
server workloads in one scenario, but not in another. For example, in a very large domain with thousands
of users logging on simultaneously, it may not be practical to virtualize a domain controller. However, in a
smaller domain or in a branch office deployment, virtualizing domain controllers may be your best option.

Overview of Virtualization Solution Accelerators


You can use MAP to conduct network-wide
deployment readiness assessments, and to
determine whether you can migrate Microsoft
technologies such as servers, desktops, and
applications, to a virtual environment. Using MAP,
you now can determine which servers you can
upgrade to Windows Server 2012, which servers
you can migrate to virtual machines on Hyper-V
in Windows Server 2008, and which client
computers you can upgrade to Windows 7. MAP
is the primary tool to help you identify which
applications, desktops, and servers would make
ideal candidates for virtualization.
You can use MAP to perform the following key functions:

Hardware inventory. MAP uses a secure process, which does not utilize an agent, to collect and
organize system resources and device information across your network from a single networked
computer. Some of the examples of the information that MAP returns includes operating system
information, system memory details, installed drivers, and installed applications. MAP saves this
information in a local database, and then uses it to provide you with specific reports and
recommendations.

MCT USE ONLY. STUDENT USE PROHIBITED

1-18 Evaluating the Environment for Virtualization

MAP uses technologies that are already available in your IT environment to perform inventory and
assessments. These technologies include Windows Management Instrumentation (WMI), the Remote
Registry service, Simple Network Management Protocol (SNMP), AD DS, and the Computer Browser
service.
You can use MAP to inventory the following operating systems:
o

Windows 8

Windows 7

Windows Vista

Windows XP Professional

Microsoft Office 2010 and previous Office versions

Windows Server 2012

Windows Server 2008 or Windows Server 2008 R2

Windows Server 2003 or Windows Server 2003 R2

Windows 2000 Professional or Windows 2000 Server

Windows Internet Explorer 9 and previous versions

Hyper-V

Microsoft Lync

System Center Configuration Manager

System Center Endpoint Protection

SQL Server

VMware vSphere

VMware vCenter

VMware ESX

VMware ESXi

VMware Server

Select Linux distributions

LAMP application stack discovery

MySQL

Oracle

Sybase

Data analysis. MAP performs a detailed analysis of hardware and device compatibility for
migration to:

Windows 8

Windows 7

Windows Server 2012

Windows Server 2008 R2

SQL Server 2012

SQL Server 2008 R2

Microsoft Office 2010

Office 365

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-19

MAP helps to gather performance metrics, and then generates server consolidation
recommendations. These recommendations identify candidates for server virtualization, including
how you might place the physical servers in a virtualized environment.

Readiness reporting. MAP generates reports containing both summary and detailed assessment
results for each migration scenario. MAP provides these results in Microsoft Excel and Microsoft Word
documents. Readiness reports are available for many technologies including Windows 8 and Windows
Server 2012.
MAP also helps to gather performance metrics and generates server consolidation recommendations.
These recommendations identify the candidates for server virtualization, and makes suggestions for
how you might place the physical servers in a virtualized environment.

The latest version of MAP includes planning for migrating to Office 2013, migrating to the latest Windows
Server and Windows client operating systems, and migrating workloads to Windows Azure.

Infrastructure Planning and Design Guides

The Infrastructure Planning and Design guides are free guides that describe architectural considerations,
and streamline the design processes for planning Microsoft infrastructure technologies. Each guide
addresses a unique infrastructure technology or scenario, including server virtualization, application
virtualization, and Remote Desktop Services implementations.

Windows Server Virtualization Guide


The Windows Server Virtualization Guide focuses on an earlier version of Hyper-V. However, it still
provides guidance on how to plan and implement server virtualization on Hyper-V.

Hyper-V Security Guide

Implementing virtualization can increase the number of security issues that you must consider. This is
because you must secure both the host computer and the virtual machines. The Hyper-V Security guide
provides guidance and recommendations to address key security concerns about server virtualization.

Assessment Features of the MAP Toolkit


Microsoft provides MAP as the primary tool for
server virtualization planning. It is easy to install
and it guides administrators through evaluation
by making use of built-in wizards, configurations,
and reports.

MCT USE ONLY. STUDENT USE PROHIBITED

1-20 Evaluating the Environment for Virtualization

Gathering information over time is one evaluation


factor. You may already have evaluation data
suitable for inclusion. For example, if you use
Operations Manager to monitor your physical
servers and virtual machines, your inventory and
performance data may already be collected. You
could use these Operations Manager reports to
gather useful information. When you want to plan for capacity and growth, you can use DPM to review
data trends by running capacity reports.
The following section summarizes MAP features that you can use for server virtualization assessments.

MAP Discovery

MAP can discover Windows, Linux, Unix, and VMware servers, computers, and virtual machines. It has the
following discovery methods and requirements for creating an inventory:

AD DS. Requires domain credentials. You can use this method to discover all computers in all
domains, or in specified domains, containers, and organization units.

Windows networking protocols, using WIN32 LAN Manager application programming interface (API).
Requires the Computer Browser service to be running on the computer, or the server running MAP.
You can use this method to discover Windows workgroups and Windows NT 4.0 domains.

Configuration Manager. MAP can use either Configuration Manager or Microsoft Systems
Management Server (an older version of Configuration Manager), for discovery. For discovery, you
require the primary site server name and appropriate credentials for Configuration Manager or
Systems Management Server.

IP Address Range. You can scan for computer and servers using one or more IP address ranges, up to
a maximum of 100,000 addresses.

NetBIOS names. You also can discover computers and servers by entering their NetBIOS names
manually, or by importing the names from a text file.

MAP Performance Metrics


After you have an inventory of discovered hardware, you can collect performance metrics for your
assessment. To gather performance metrics, you must run the Performance Metrics Wizard. You can
collect metrics for Windows and Linux-based machines by using WMI or Secure Shell. The minimum
collection period is 30 minutes. You are prompted to schedule an end date and time for when the
collection should stop.
Note: If required, you can use the Performance Metrics Wizard to collect additional metrics.
You must choose either to discard previous metrics or append the new ones to existing data.
While the performance metric data collection is running, you may not be able to perform other
tasks with MAP.

MAP Hardware Configuration

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-21

MAP hardware configuration provides you with details for the proposed hardware that you should use for
your virtualization host servers. When you run the Hardware Library Wizard, you can enter the resources
such as the number and type of processors, amount of RAM, and storage capacity. After configuring these
hardware parameters, you can determine the number of host servers required. If required, you also can
create a configuration for shared storage and network configurations, which will help ensure that you
plan clusters and share components correctly.

MAP Server Consolidation


The MAP Server Virtualization and Consolidation Wizard can help provide planning guidance for the
following versions of Hyper-V:

Window Server 2012 Hyper-V

Window Server 2008 R2 Service Pack 1 (SP1) Hyper-V

Window Server 2008 R2 Hyper-V

Window Server 2008 Hyper-V

To use the wizard, you must first complete an inventory, gather performance metrics, and input the
hardware configuration. When you run the wizard, you can select a utilization ceiling on the proposed
hardware, which allows for periodic spikes in utilization. The utilization settings include processor,
memory, storage capacity, storage I/O operations per second, and network throughput. Upon completing
this wizard, MAP will provide you with the recommended number of hosts.

MAP Private Cloud Fast Track

The MAP Private Cloud Fast Track Wizard provides guidance based upon a program that is a joint effort
between Microsoft and its hardware partners. The goal of the program is to help organizations decrease
the time, complexity, and risk of implementing private clouds.

Demonstration: Assessing the Computing Environment by Using MAP


In this demonstration, you will see how to use MAP for planning server virtualization, including:

Install MAP.

Use MAP to collect inventory data.

Use MAP to collect performance data.

Create a hardware configuration.

Demonstration Steps
Install MAP
1.

Sign in to LON-CL1, and then navigate to and run the file \\lon-dc1\e$\labfiles\mapsetup.exe.

2.

In the Microsoft Assessment and Planning Toolkit Setup Wizard, on the Installation Successful page,
ensure that the Open the Microsoft Assessment and Planning and Toolkit check box is selected,
and then click Finish.

3.

On the Datasource page, in the Create or select a database section in the Name text box, type
Demo, and then click OK.

Use MAP to collect inventory data


1.

In MAP, click Server Virtualization, and then click Collect inventory data.

2.

In the Inventory and Assessment Wizard, on the Inventory Scenarios page, select both Windows
computers and Use Active Directory Domain Services (AD DS).

3.

On the Active Directory Credentials page, use the following credentials:


o

Domain: Adatum

Account name: administrator

Password: Pa$$w0rd

MCT USE ONLY. STUDENT USE PROHIBITED

1-22 Evaluating the Environment for Virtualization

4.

On the Active Directory Options page, ensure that Find all computers in all domains, containers,
and organizational units is selected, and then click Next.

5.

On the All Computer Credentials page, use the following credentials:


o

Domain: Adatum

Account name: administrator

Password: Pa$$w0rd

6.

Complete the wizard.

7.

When the Inventory and Assessment page opens, review the results of the data collection, wait for
the assessment to show as complete, and then close the page.

Use MAP to collect performance data


1.

Run the Performance Metrics Wizard.

2.

In the wizard, select all computers.

3.

On the All Computer Credential page, ensure that the adatum\administrator account is selected.

4.

Review the details on the metrics page, and then close the window.

Create a hardware configuration

Before you can work with MAP features, you must first cancel the running process that was initiated in the
previous step.
1.

At the bottom left of the MAP console screen, in the running task drop-down list box, click Cancel
processing, and then click Yes.

2.

Under the Steps to complete section, click Create hardware configuration.

3.

On the Choose Scenarios page, click General Server Consolidation/Desktop Virtualization, and
then click Next.

4.

On the Hardware Configuration page, click Create New, and in the Create New text box, type
Server-Type1.

5.

Complete the wizard using approximate values based on a server that you might use.

Designing a Solution for Server Virtualization


Many organizations that adopt server
virtualization develop a server implementation
policy to virtualize all new and replaced systems.
These organizations opt for deploying physical
hardware as an alternative to virtualization only
when a valid reason exists, such as when custom
server hardware is incompatible with server
virtualization, or when a server application vendor
does not support their application on virtualized
servers.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-23

You now can use Windows Server 2012 R2 to


deploy servers with up to 320 logical processors
and 4 terabytes (TB) of system memory. This, in turn, allows new capabilities for virtual workloads and is a
significant improvement over earlier hypervisors.
Implementing a new virtualization solution can often include assessing physical and virtual servers, or
assessing an existing virtualization solution. A new virtualization solution can provide an opportunity to
consolidate physical servers, and in an existing server virtualization solution, it can improve virtual
machine density per host, possibly by virtualizing some more demanding workloads.
As a general guideline, each virtualization project should include the following steps:
1.

Determine the virtualization scope. The first step in planning a virtualization solution is to define the
projects scope. You may have one or more projects, each working to address different parts of an
overall server virtualization strategy. To ensure that a project is successful, you need to define scope,
milestones, and goals.

2.

Determine the workloads. Create a list of potential workloads that you want to virtualize, identify the
workloads that cannot be virtualized, then use MAP to discover and inventory all the remaining
servers. Collect the performance metrics of the required servers for a suitable period of time.

3.

Determine backup and fault-tolerance requirements for each workload. You use these requirements
when designing the virtual server deployment. For example, some server workloads may require
frequent and consistent backup of data located inside the virtual machine, while other server
workloads may require just a virtual machine-level or configuration information backup. You use the
fault-tolerance requirements for the server workload when you deploy clustered virtual machines, or
to provide another method for ensuring high availability for the virtual machine.

4.

Use MAP to aid in the design of the virtualization hosts. Use the hardware configurations and the
MAP Server Virtualization and Consolidation Wizard to assist in the design of the host server
infrastructure. As a best practice, to simplify host server management you should consider creating a
standard design for all virtualization hosts. Decide if you will require a maintenance host. As part of
the host server design, you also need to consider the number of virtual machines that each host
computer will be running.

5.

Map workloads to hosts. After designing the host server hardware, you can start mapping the virtual
machines to the host servers. There are many factors that you need to consider during this design,
including:
o

Host server capacity. How many virtual machines can you place on a host?

Reserve capacity. How much of a resource buffer do you want to implement on each host
computer?

MCT USE ONLY. STUDENT USE PROHIBITED

1-24 Evaluating the Environment for Virtualization

Virtual machine performance characteristics and resource utilization. Can you characterize the
network, CPU, disk, and memory utilization for each of the virtual machines on a host? You may
choose to deploy virtual machines with different resource requirements on the same host.

6.

Design host backup and fault tolerance. Use the information that you collected on the backup and
fault tolerance requirements for the virtual machines to design a backup and high availability solution
for the host computers.

7.

Determine storage requirements. As part of the server workload discovery, you should have
documented the storage requirements for each virtual machine. Before moving the server workloads
to virtual machines, ensure that you have space for both the operating system virtual hard disks and
the data associated with each virtual machine. You also need to include storage availability and
performance requirements. You can use the MAP share infrastructure configuration to assist.

8.

Determine network requirements. As a final step in the virtual machine design process, you also
should plan the network design. When planning your network design, you should consider a number
of factors:
o

What type of network access do the virtual machines require? Most virtual machines likely will
require access to the physical network, but some virtual machines may only need to
communicate with other virtual machines on the same host computer.

How much network bandwidth does each virtual machine require?

What are the network reliability requirements for each virtual machine?

Will Network Virtualization be used?

What non-Microsoft virtual switches will be required?

Note: A successful virtualization project is a well-documented project. Often, when


adopting a new virtualization technology, a proof of concept (POC) can be of great help
in determining the final infrastructure. A POC can also help bring staff up to speed on the
deployment and management technologies that will be used in the final solution.

Lesson 4

Extending Virtualization to the Cloud Environment

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-25

In this lesson, you will review some of the features in Window Azure, the public cloud services offering
from Microsoft. You will also learn about how and why you might want to join an on-premises
infrastructure to a public cloud infrastructure, and how you could make use of a hybrid cloud computing
solution.

Lesson Objectives
After completing this lesson, you should be able to:

Describe the purpose and features of Windows Azure.

Describe Windows Azure services.

Explain how to create and run virtual machines in Windows Azure.

Explain how to extend a data center.

What Is Windows Azure?


Windows Azure is the name for the public cloud
services offering from Microsoft. Window Azure
services are delivered over the Internet from
Microsoft data centers. Microsoft customers can
subscribe to a variety of the Windows Azure
services that are running in these data centers,
and at a fraction of the cost of purchasing and
hosting their own hardware or building their own
services and software. Windows Azure delivers
services such as PaaS, IaaS, and SaaS.

Individuals, customers, and Microsoft partners


can use several methods to access Window Azure
based services. Partners have access to programs such as Windows Azure platform Cloud Essentials for
Partners, and Cloud Accelerate. Both customers and partners can access resources through MSDN and
through the Microsoft BizSpark program, each of which provides a predefined amount of resources and
services to build solutions.
Windows Azure Free Trial
http://www.windowsazure.com/en-us/pricing/free-trial/

Windows Azure Services


Windows Azure services are grouped into four
categories: compute, data services, app services,
and virtual networks.

Compute

MCT USE ONLY. STUDENT USE PROHIBITED

1-26 Evaluating the Environment for Virtualization

Websites. You can use website services to


develop and deploy more secure and scalable
websites, which includes integration with
many source control technologies. Windows
Azure supports many languages including
ASP.NET (sometimes known as classic ASP),
PHP, Node.js, and Python. You can also
deploy a choice of SQL Server databases, or
deploy MySQL. The Web Application Gallery has many open source applications, frameworks, and
templates available, including WordPress, Umbraco, DotNetNuke, Drupal, Django, CakePHP, and
Express.

Virtual machines. You can build virtual machine instances from scratch, from templates, or you can
build them on your own site, and then transfer them to Windows Azure (or the other way around).
Virtual machines can run a variety of workloads including many Microsoft-certified workloads such
SQL Server, SharePoint Server, and BizTalk Server.

Mobile services. You can use these services to build mobile phone apps, including storage,
authentication, and notification services for Windows apps, Android apps, and Apple iOS apps.

Data Services

SQL Database. Windows Azure includes a SQL Database offering, previously known as SQL Azure
Database. SQL Database provides interoperability, enabling customers to build applications using
most development frameworks.

HD Insight. Windows Azure HDInsight is the Hadoop-based solution from Microsoft. Hadoop is used
to process and analyze Big Data.

Backup. You can back up directly to Windows Azure. You can configure the cloud backups from the
backup tools in Windows Server 2012 R2, or from System Center 2012 R2.

App Services

Media Services. You can use media services to create, manage, and distribute media across a large
variety of devices such as Xbox, computers running the Windows operating system, MacOS, iOS, and
Android.

Messaging. The Windows Azure Service Bus provides the messaging channel for connecting cloud
applications to on-premises applications, services, and systems.

Windows Azure Active Directory (Windows Azure AD). This is a modern, Representational State
Transfer-based service that provides identity management and access control capabilities for cloud
applications. It is the identity service used across Windows Azure, Office 365, Microsoft Dynamics
CRM Online, Windows Intune, and other non-Microsoft cloud services. Windows Azure AD also can
integrate with on-premises Active Directory deployments.

Network

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-27

Windows Azure Virtual Network. You can use the Windows Azure Virtual Network (Virtual Network)
to create a logically isolated section in Windows Azure, and then connect it securely either to your
on-premises data center, or to a single client machine, using an IPsec connection. Virtual Network is
discussed more in-depth in the next topic.

Windows Azure Traffic Manager. Windows Azure Traffic Manager (Traffic Manager) is used to loadbalance inbound traffic across multiple Windows Azure services. This ensures the performance,
availability, and resiliency of applications.

Virtual Machines in Windows Azure


With Windows Azure, you can create and run your
own virtual machines in the same way that you
create and run on-premises servers. Windows
Azure virtual machines are highly available and
can be consumed when and as you need them.

Creating Virtual Machines


After you log on to Windows Azure, you use a
simple, intuitive interface that displays a list of
technologies that you can work with and deploy.
You can create a virtual machine by clicking the
Virtual Machines icon, and from there you can
choose to create a new virtual machine from
scratch, or you can use templates to create the virtual machine.
Templates may have the base operating system installed, and in some cases, they may include an
additional application that is ready for you to work with or evaluate. The following list are few of the
available virtual machine templates in the Windows Azure gallery:

Windows Server 2012 Datacenter

Windows Server 2012 R2

Windows Server 2008 R2 SP1

SharePoint Server 2013

SQL Server 2014 Community Technology Preview 1 (CTP1) Evaluation Edition

SQL Server 2012 SP1 Standard Edition

BizTalk Server 2013 Enterprise

BizTalk Server 2013 Evaluation

In addition to the above lists, the Windows Azure gallery includes many Linux installation templates.

Apart from deploying a virtual machine from a template, you can create and capture your own images
using familiar tools such as Sysprep, or you can create virtual machines on-premises, and then import the
virtual machines into Windows Azure.
Creating and Uploading a Virtual Hard Disk that Contains the Windows Server Operating
System
http://go.microsoft.com/fwlink/?LinkID=386656

Extending Your Data Center


Virtual Network makes it easier to extend
your data center by using Windows Azure in the
same way that you might connect to a remote
office. You manage the network topology and
configuration in the same way you would for your
on-premises infrastructure.
You might want to connect your own
infrastructure to your private Windows Azure
network to meet the demands of several different
scenarios. For example, you may want to connect
your infrastructure and your private Windows
Azure network if you are:

Building a distributed application that is scalable on Windows Azure-hosted web servers, and are
building a database or data store that resides on your own physical infrastructure.

Creating a client extranet.

Building a test lab or development environment.

Needing to extend you own infrastructure rapidly.


Create a Virtual Network for Site-to-Site Cross-Premises Connectivity
http://go.microsoft.com/fwlink/?LinkID=386655

MCT USE ONLY. STUDENT USE PROHIBITED

1-28 Evaluating the Environment for Virtualization

The Windows Azure Pack includes Windows Azure technologies that you can run inside your data center,
and that enable you to offer your customers self-service and multi-tenant services.

Windows Azure Pack integrates with System Center 2012 R2 and Windows Server 2012 R2, and provides
an interface that has the look and feel of the Windows Azure Management Portal. The Windows Azure
Management Portal is customizable and offers a self-service user experience for provisioning, monitoring,
and managing services such as Web Sites, Virtual Machines, and Service Bus. The Windows Azure Pack
also has automation capabilities and additional custom services that include a runbook editor, and an
execution environment.
To find out more about the Windows Azure Pack for Windows Server, you can download and read the
whitepaper from the following link:
Windows Azure Pack for Windows Server
http://go.microsoft.com/fwlink/?LinkID=386652

Lab: Evaluating the Environment for Virtualization


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-29

A. Datum Corporation is a medium-sized manufacturing company that has four subsidiaries. Each
subsidiary has several hundred employees and its own data center. All subsidiaries are connected with
high-speed network connections. A. Datum IT infrastructure uses only physical servers.

A. Datum is rapidly expanding. To provide greater flexibility and the capability to respond quickly to
rapidly changing business environments, IT management has decided to virtualize many of the existing
servers, and deploy as many new servers as possible as virtual machines. A. Datum is planning to adopt
Hyper-V on Windows Server 2012 R2 as their virtualization platform.

As a senior server administrator at A. Datum, you are responsible for planning and implementing the
virtualized infrastructure. The first step in deploying the virtual environment is to analyze the current
A. Datum IT infrastructure, and to identify the appropriate virtualization methods for different business
requirements. In addition, you also need to evaluate the existing servers and identify which servers would
be appropriate candidates for virtualization.

Objectives
After completing this lab, you will be able to:

Determine which virtualization method you should use, based on the scenario.

Install MAP, and use it to evaluate the existing environment.

Perform virtualization candidate assessments.

Lab Setup
Estimated Time: 45 minutes
Virtual machines: 20409B-LON-CL1, 20409B-LON-DC1
User name: Adatum\Administrator
Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin, you must complete
the following steps:
1.

On the host computer, start Hyper-V Manager.

2.

In Hyper-V Manager, click 20409B-LON-DC1, and then in the Actions pane, click Start.

3.

Repeat step 2 for 20409B-LON-CL1.

4.

Click 20409B-LON-CL1, and then In the Actions pane, click Connect. Wait until the virtual machine
starts.

5.

Sign in by using the following credentials:


o

User name: Administrator

Password: Pa$$w0rd

Domain: Adatum

Note: Because you will be using the same virtual machines in the next lab, do not revert
the virtual machines at the end of this lab. However, you can shut down all virtual machines after
finishing this lab.

Exercise 1: Selecting the Appropriate Virtualization Method


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

1-30 Evaluating the Environment for Virtualization

In this paper-based exercise, you will select the appropriate virtualization method for a given scenario.
Several different scenarios will be presented (including application compatibility issues, hardware
consolidation, and application centralization), and you will decide which virtualization method you should
use.
The main tasks for this exercise are as follows:
1.

Design a virtualization solution to resolve a remote worker application scenario.

2.

Design a solution for a Microsoft Office upgrade.

3.

Design a solution for the development team.

4.

Respond to the CEOs green initiative enquiry.

Task 1: Design a virtualization solution to resolve a remote worker application


scenario
A. Datum has just passed a remote worker policy that allows up to an additional 50 people to work
remotely. Until now, only a few designated on-call IT staff were approved to work remotely, and they
all have fixed lines and secure virtual private networks (VPNs).
Remote workers will be required to use their own devices, although they should run the companys
applications, and ideally keep data such as documents, reports, and spreadsheets within the company
network.
1.

Which virtualization technology can assist with the remote worker requirements?

2.

What are three of the components required to deliver the remote worker solution?

3.

Approximately four months after A. Datum has gone live with the remote worker solution, users
begin to complain they cannot access the company systems from home. What could be a likely
problem?

4.

When designing the virtualization solution, you must be able to accommodate a physical server
failure by providing reasonable fast recovery. What are the options to achieve a fast recovery?

Task 2: Design a solution for a Microsoft Office upgrade

A. Datum urgently needs to upgrade from Office 2007 to Office 2010 for all staff. However, the remote
workers, some senior managers and most the IT staff should be piloting Office 2013 at the same time.
Remote workers will need to have access to both Office 2010 and Office 2013.

Providing separate computers is not an option, and application compatibility issues might exist between
different versions of Microsoft Office.
1.

Which virtualization technology could help you with these requirements?

2.

You create packages for the following products:


o

Microsoft Office 2010

Office 2013

Windows 7 Professional

Windows 8 Professional

For which other operating system do you need to create packages?

Task 3: Design a solution for the development team

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-31

A. Datum developers use Microsoft SharePoint and Microsoft SQL Server extensively. They frequently
need hardware, more disk space, and extra memory for their computers that are running client
hypervisors. Developers also frequently contact the helpdesk with requests for restores, or to confirm
that their databases are backed up. You have some additional budget that you could use for hardware
and software to help the development team, and to reduce the administrative and operation task load
that they create.
1.

Which virtualization and management technology could you implement to improve the development
department infrastructure?

2.

What tool can you use to find out how big the Hyper-V hosts must be to accommodate the
developers current systems?

3.

Which System Center 2012 R2 component could help you delegate some virtual machine
administration, and provide some elements of self-service to the developers?

Task 4: Respond to the CEOs green initiative enquiry

The Chief Executive Officer (CEO) of A. Datum has asked you to provide some feedback on how your new
virtualization project will meet the companys green initiatives. Your predecessor had already obtained
quotes for more power and cooling feeds to each of the companys five data centers, to accommodate
high-density blade centers that would provide the core virtualization infrastructure.

List a few suggestions that could form part of a report to the CEO.

Results: After completing this exercise, you should have evaluated a given scenario and selected the
appropriate virtualization method for that scenario.

Exercise 2: Assessing the Environment by Using MAP


Scenario

In this exercise, you will install MAP and assess your environment. As the classroom environment is
limiting, you will use pre-created sample database to generate different reports including a consolidation
report. You also will run the Server Consolidation Wizard.
The main tasks for this exercise are as follows:
1.

Install MAP.

2.

Review assessments.

Task 1: Install MAP


1.

On LON-CL1, navigate to and run the file \\lon-dc1\e$\labfiles\mapsetup.exe, and then click OK.

2.

In the Microsoft Assessment and Planning Toolkit Setup Wizard, on the Installation Successful page,
ensure that the Open the Microsoft Assessment and Planning and Toolkit check box is selected,
and then click Finish.

3.

On the Datasource page, in the Create or select a database section, in the Name text box, type
Demo, and then click OK.

4.

Leave the MAP console open for the next task.

5.

Locate and extract the file MAP_Training_Kit.zip from \\lon-dc1\e$\labfiles to c:\map.

6.

From the Microsoft Assessment and Planning Toolkit, import map_sampleDB.bak, and use the
database name of MAPDEMO.

7.

On the upgrade warning page, click Yes. This process may take a minute or two.

8.

When the sample map database has imported and upgraded successfully, click OK, and then click
Close.

9.

Click File, click Select a Database, click MAPDEMO, and then click OK.

Task 2: Review assessments

MCT USE ONLY. STUDENT USE PROHIBITED

1-32 Evaluating the Environment for Virtualization

1.

On LON-CL1, run the Server Consolidation Wizard.

2.

For virtualization technology, choose Windows Server 2012 Hyper-V, and then click Sample host.

3.

On the Utilization Settings page, type 75 in each field.

4.

On the Computer List page, select all the computers, and then complete the assessment.

5.

On the Summary page, review the settings, and then click Finish.

6.

When the assessment process completes, click Close.

7.

In the MAP console, on the Server Virtualization page, review the server consolidation information,
and then run the Server Virtualization Report.

8.

In File Explorer, locate and open the report.

9.

At the bottom of the Excel workbook, click each tab and review the information in the report.

10. When finished, close Excel, and then close File Explorer.

Results: After completing this exercise, you should have installed MAP and assessed a virtualization
environment.

Module Review and Takeaways


Review Questions
Question: What are some of the reasons that you would not virtualize a server or server
application?
Question: Which technology can assist you in managing large volumes of virtual machines
and Hyper-V clusters?

Best Practice

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

1-33

When working with the MAP toolkit, consider backing up your database regularly. If you are running
assessments over a long period of time, the data could become critical to the timeframe of your project.

Common Issues and Troubleshooting Tips


Common Issue
In MAP, when you click on most
operations, you receive a warning that
states, The task processor is currently
busy. You cannot perform this operation
while the task processor is running. Please
wait for the task processor to complete or
cancel the task process before retrying this
operation.

Troubleshooting Tip

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


2-1

Module 2
Installing and Configuring the Hyper-V Role
Contents:
Module Overview

2-1

Lesson 1: Installing the Hyper-V Role

2-2

Lesson 2: Managing Hyper-V

2-12

Lesson 3: Configuring Hyper-V Settings

2-20

Lesson 4: Hyper-V Host Storage and Networking

2-26

Lab: Installing and Configuring the Hyper-V Role

2-33

Module Review and Takeaways

2-39

Module Overview

In production environments, a majority of the new servers are installed on virtual machines, and not on
physical machines. Windows Server 2012 R2 supports virtualization, and you can run virtual machines
on it as soon as you install the Windows Server Hyper-V role. With virtualization, many virtual machines
are running on the same hardware. Therefore, it is important that Hyper-V is scalable and can utilize all
resources that the physical host can provide. As you will typically manage Hyper-V host remotely, you
should be familiar with how to use Hyper-V Manager, and how to use Windows PowerShell for
day-to-day and repetitive tasks.

This module describes how to install the Hyper-V role on Windows Server 2012 R2 operating system, and
how to perform basic configuration of the Hyper-V role. You will learn that Hyper-V is available as part of
Windows Server 2012 R2, and as part of Microsoft Hyper-V Server 2012 R2, which is freely available on the
Microsoft website. This module also describes Hyper-V scalability, the security model that Hyper-V uses,
and some of the changes that will occur when you install the Hyper-V role. You will also learn how to
manage Hyper-V from a GUI, and by using Windows PowerShell.
Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2
Virtual Machine Manager are referred to as VMM.

Objectives
After completing this module, you will be able to:

Install the Microsoft Hyper-V role.

Manage Hyper-V.

Configure Hyper-V settings.

Describe Hyper-V host storage and networking.

Lesson 1

Installing the Hyper-V Role


Before you can use virtualization on Windows Server 2012, you must first install the Hyper-V role. The
Hyper-V role is included in the following Windows products:

Windows Server 2008 (64-bit edition)

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows 8 and Windows 8.1 Pro

Windows 8 and Windows 8.1 Enterprise

MCT USE ONLY. STUDENT USE PROHIBITED

2-2 Installing and Configuring the Hyper-V Role

Client Hyper-V is the Hyper-V feature that comes with the Windows 8 and Windows 8.1 client operating
systems. In addition to having Client Hyper-V available as a role in these products, Microsoft Hyper-V
Server 2012 is available as a free download. You can install the free edition on new hosts as the underlying
operating system.
Hyper-V is a Layer 1 Hypervisor virtualization platform, which can run multiple isolated virtual machines
on the same physical host machine. Because many virtual machines may be running on the same physical
hardware, you must ensure that enough resources are available. When planning for the server hardware,
you should consider the required resources such as disks, storage, networking, and high availability.

This course refers to the Windows Server 2012 R2 server with the Hyper-V role installed as a Hyper-V host.
Hyper-V Server is a separate operating system, which also includes the Hyper-V feature.

Lesson Objectives
After completing this lesson, you will be able to:

Identify server platforms that provide Hyper-V as a feature.

Describe Hyper-V and virtual machine scalability.

Describe Hyper-V architecture.

Describe considerations for disk and storage.

Describe considerations for networking.

Describe considerations for high availability.

Explain changes on the host after installing the Hyper-V role.

Install the Hyper-V role.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

Server Platforms That Provide Hyper-V


Hyper-V is the Microsoft hypervisor (virtualization
platform) that you can use to run multiple virtual
machines on the same physical computer.
Microsoft first introduced Hyper-V in Windows
Server 2008, and has included it with the newer
Windows Server operating systems. You can also
obtain Hyper-V as part of the Hyper-V Server
standalone product, and with Windows 8 or newer
Windows client operating systems.

2-3

Hyper-V requires 64-bit architecture, whereas


virtual machines that run in Hyper-V can be either
32-bit or 64-bit. The Hyper-V role is part of both
the Standard and Datacenter editions of Windows Server 2012 R2, and Windows Server 2012 R2 is
available only as a 64-bit operating system. Hyper-V Server 2012 R2 is a 64-bit operating system, and the
Hyper-V feature is available only with the 64-bit version of Windows client operating systems, which are
the Pro and Enterprise editions only.

Comparison of Hyper-V Features on Different Platforms

When you compare Hyper-V features on different platforms, you may notice that the Hyper-V role in
Windows Server 2012 R2 has the same features as in Hyper-V Server 2012 R2. In fact, Hyper-V Server is a
Server Core installation of Windows Server 2012 R2 on which only one role (Hyper-V) is available. You can
manage this iteration of Hyper-V Server locally only from a command line.
In comparison, Windows Server includes additional roles and features (such as Dynamic Host
Configuration Protocol (DHCP) server), and you can manage the Hyper-V role locally from either a GUI
or a command line. Hyper-V Server 2012 R2 is a free product, but it does not include any license for
operating systems in virtual machines. This means that you should consider licensing for your virtual
machines in your planning process.

Standard vs. Datacenter Editions

Windows Server 2012 R2 Standard and Windows Server 2012 R2 Datacenter editions are both licensed
per physical processor, and include licenses either for two virtual machines running the Windows Server
Standard operating system, or for unlimited virtual machines running the Windows Server Datacenter
operating system.

Aside from virtualization rights, the only other difference between the Windows Server 2012 R2 Standard
and Datacenter editions is that the Windows Server 2012 R2 Datacenter edition provides automatic
activation of virtual machines (qualifying Windows Server operating systems), whereas the Windows
Server 2012 R2 Standard edition has no such feature. Currently, the only qualified Windows Server 2012
R2 operating systems that are activated automatically are the Standard, Datacenter, and Essentials
editions. Hyper-V Server 2012 R2 has the same virtualization capabilities as Windows Server 2012 R2,
including high availability and live migration; however, it does not include any GUI interfaces, or any
additional roles, or virtualization rights.

Client Operating Systems

Client Hyper-V in Windows client operating systems does not provide server-level features such as high
availability or live migration. However, Client Hyper-V has the same foundation, and uses the same
technology and file formats, which means that virtual machines that you create on Windows client

MCT USE ONLY. STUDENT USE PROHIBITED

2-4 Installing and Configuring the Hyper-V Role

operating systems can be used on Windows Server 2012 or Windows Server 2012 R2 and vice versa.
You can use Hyper-V management tools that are included with Windows client operating systems for
managing Hyper-V in Windows Server 2012 or Windows Server 2012 R2for example, on Hyper-V
Server 2012 R2.
Licensing Windows Server 2012 for use with virtualization technologies
http://go.microsoft.com/fwlink/?LinkID=386661
Competitive Advantages of Microsoft Hyper-V Server 2012 over the VMware vSphere
Hypervisor
http://go.microsoft.com/fwlink/?LinkID=386662
Automatic virtual machine activation
http://go.microsoft.com/fwlink/?LinkID=386667
Windows Server 2012 R2
http://go.microsoft.com/fwlink/?LinkID=386676
Question: Your company is using Hyper-V in Windows Server 2012 R2 as a virtualization
infrastructure. You are evaluating Virtual Desktop Infrastructure (VDI) for your company,
which would provide Windows 8.1 desktops to 20 employees in the Finance department.
Can you use Windows Server 2012 R2 Datacenter virtualization rights for setting up virtual
desktops for the users in the Finance department?

Hyper-V and Virtual Machine Scalability


When you are using virtualization, typically you
are running multiple virtual machines on the same
physical hardware. It is important that the physical
hardware has enough resources (CPU, random
access memory (RAM), storage, and network
bandwidth) to run multiple loads, and to provide
high availability and redundancy. In addition, the
operating system on the physical server must be
able to utilize all available resources. Previous
releases of Hyper-V had some limitations. For
example, previous Hyper-V versions supported up
to 1 terabyte (TB) of physical RAM and up to 64
CPUs. However, Hyper-V in Windows Server 2012 and Windows Server 2012 R2 support significantly
larger configurations and can fully utilize the most powerful servers.

Hyper-V enables you to create virtual machines with up to 64 virtual CPUs and 1 TB of virtual RAM, which
means that you can virtualize high-performance, scale-up workloads. Virtual hard disks can be up to 64
TB in size, and virtual machines can have virtual Fibre Channel adapters to access Fibre Channel storage
area networks (SANs) directly. Hyper-V in Windows Server 2012 R2 adds Generation 2 virtual machines,
which support Unified Extensible Firmware Interface (UEFI), Secure Boot, and booting from small
computer system interface (SCSI) controllers.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-5

Because todays physical servers are more powerful and have more resources, it is important that the
virtualization platform can utilize them. The following table lists the maximum resources that Hyper-V can
utilize.
Component

Maximum

Logical processors

320

Running virtual machines per


server

1,024

Virtual processors per server

2,048

Memory

4 TB

Physical network adapters

No limits imposed by
Hyper-V

Note

This is the number of cores that Hyper-V


can utilize.

No virtual processor per logical processor


ratio is imposed by Hyper-V.

Each external virtual switch requires a


separate adapter.

The following table lists the maximum resources that you can configure on each virtual machine.
Component

Maximum

Virtual processors

64

Memory

1 TB

Virtual hard disk capacity

64 TB / 2 TB

Virtual integrated device


electronics (IDE) disks

Virtual SCSI disks

256

Virtual Fibre Channel adapters

Checkpoints

50

Virtual network adapters

12

Note: The .vhdx format supports 64 TB, and the .vhd format supports 2 TB.

With virtualization, multiple virtual machines are running on the same physical host. Therefore, the
virtualization platform should be highly available. To meet this requirement, Hyper-V utilizes the failover
clustering feature. The following table lists the maximum number of components that apply to a Hyper-V
failover clustering environment.
Component

Maximum

Nodes per failover cluster

64

Running virtual machines per


cluster

8,000

Note

Nodes should have enough resources if


failover happens.

Hyper-V Scalability in Windows Server 2012


http://go.microsoft.com/fwlink/?LinkID=386675
Question: You plan to virtualize a computer that is running Microsoft SQL Server. The
computer has 8 processors and 96 gigabytes (GB) RAM. Can you virtualize the computer on
Hyper-V in Windows Server 2012 R2 and have the same resources? Can you virtualize it on
Hyper-V on servers running Windows Server operating systems prior to Windows Server
2012?

Hyper-V Architecture
When you install Windows Server 2012 R2, the
operating system accesses the server hardware
directly by using device drivers. Device drivers run
in the kernel mode and have full system access.
Programs such as Microsoft Office are executing
in the user mode and have limited access to the
system.

MCT USE ONLY. STUDENT USE PROHIBITED

2-6 Installing and Configuring the Hyper-V Role

After you add the Hyper-V role to Windows


Server 2012 R2, a thin hypervisor layer between
the operating system and the server hardware
is added, which is one of the reasons a system
restart is required. The currently installed
operating system moves into the parent partition, from where you can create and manage child partitions.
Child partitions are isolated and often called virtual machines. The virtualization stack runs within the
parent partition, and by using device drivers in the parent partition, has direct access to server hardware.
Child partitions cannot access server hardware directly. Instead, they are presented with virtual devices,
which communicate through the virtual machine bus (VMBus) with virtual service providers in the parent
partition. Device access requests from child partitions are redirected either through the VMBus or through
the hypervisor to the device drivers in the parent partition. The VMBus manages the requests, and it is a
logical and the fastest communication channel between parent and child partitions. The parent partition
hosts virtual Service Providers, and child partitions host Virtual Service Clients, which redirect device
requests to virtual Service Providers in the parent partition through the VMBus.
Hyper-V provides software infrastructure and management tools that you can use to create and manage
child partitions. You can install a 32-bit or 64-bit operating system into child partitions. Newer operating
systems such as Windows Server 2012 R2, Windows 8.1, or certain Linux distributions are aware that they
are running in virtual environment and that they include VMBus support. Older operating systems such as
Windows Server 2008 do not include VMBus support by default, but you can add support by installing
Integration Services. Legacy operating systems that are not supported by Integration Services can still run
in the child partition, but they will not be able to use VMBus, and device emulation will be used for all
virtual devices.
Hyper-V architecture
http://go.microsoft.com/fwlink/?LinkID=386663
Question: You install Windows Server 2012 R2 on a virtual machine named VM1. Can you
monitor disk input/output (I/O) for the physical server from VM1?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

Considerations for Disk and Storage


Each server role has different disk and storage
requirements, and the same is true for the
Hyper-V role. Hyper-V hosts run multiple virtual
machines, and each virtual machine requires
enough storage and disk access that is also as fast
as possible and high availability. To provide faster
access, Hyper-V hosts will typically have multiple
disks. solid-state drives (SSDs) are not uncommon,
because they provide much higher access and
throughput. Most Hyper-V hosts also use shared
storage, which is recommended for high
availability.

2-7

Although you can configure virtual machines to access disks directly, they typically use virtual hard disks,
which are managed by the Hyper-V host. Hyper-V can use the following different types of physical
storage to store virtual hard disks:

Direct-attached storage (DAS). DAS is storage that is directly attached to the physical host. You
can use different bus types for attaching DAS, such as SCSI, Serial Attached SCSI, Serial ATA (SATA),
external Serial Advanced Technology Attachment, or USB. USB is never recommended for server
environments.

SAN. SAN is storage that the operating system on the host accesses over a dedicated or nondedicated network. SAN provides block-based access, and is presented as local storage by the
host. You can use protocols such as Internet SCSI (iSCSI), Serial Attached SCSI, or Fibre Channel for
attaching SAN storage. You can use SAN for shared storage, and it is often used for this purpose.

Network-attached storage (NAS). NAS is storage that the host operating system accesses over a
network, and it provides file-based access. Windows Server 2012 and newer versions can use file
shares as the storage for storing virtual hard disks over Server Message Block (SMB) 3.0 or newer
protocols. Shared folders are increasingly popular, because they are an inexpensive option for shared
storage, and they provide additional benefits such as SMB Transparent Failover, SMB Multichannel,
and SMB Direct.

Aside from the operating system on the Hyper-V host, each virtual machine requires additional storage
for its data files. Virtual machines can utilize much more storage than is required for the virtual machine
operating system, installed programs, and data files. It is also important to remember that virtual machine
storage requirements can increase through time.
Virtual machines use storage for:

.vhd and .vhdx files. These files include the entire hard disk content, as the virtual machine sees it.
This includes operating system files, applications, and user and data files. Based on the virtual hard
disk type, .vhd or .vhdx files can be single or multiple files, and they can have fixed size or can be
dynamically expanding. Although a single virtual machine typically does not have many virtual hard
disk files, their size is considerable and can be measured in gigabytes.

Configuration. Configuration stores virtual machine settings, and specifies which virtual devices are
for use by the virtual machine. Configuration settings are stored in XML format, and are a few
kilobytes in size.

Checkpoints. Checkpoints are optional, and enable you to revert a virtual machine to an earlier state.
Checkpoint size depends on the virtual machine state (is the virtual machine running or not), and the
RAM that is assigned to the virtual machine. Prior to Windows Server 2012 R2, checkpoints were also
referred to as snapshots.

MCT USE ONLY. STUDENT USE PROHIBITED

2-8 Installing and Configuring the Hyper-V Role

Saved state. Saved state is created when you save a virtual machine. It includes the virtual machine
memory, which is written to the hard disk. Saved state size is approximately the same size as the
virtual machine RAM.

Note: Later in this module, you will find more extensive and in-depth information on how
the Hyper-V host uses disk and storage.
Question: Which virtual machine component requires the most storage space?

Considerations for Networking


For some workloads, a single network interface
card (NIC) may be sufficient; however, Hyper-V
hosts will often have multiple NICs. Although a
Hyper-V host can be fully functional with a single
NIC, we do not recommend this. A single NIC
does not provide redundancy, and if the NIC fails,
the Hyper-V host and all the virtual machines
that are running on that host will lose network
connectivity. A Hyper-V host may need to have
more NICs for a number of reasons, including
higher bandwidth for multiple virtual servers
sharing the same pipe, better performance,
management, and redundancy.
There is no single best recommendation on how many NICs a Hyper-V host should have, and different
factors such as virtualization load, storage type used, and Hyper-V features used, can all influence that
number. Consider the following recommendations as basic guidance:

A dedicated NIC for host management. Because you may manage the Hyper-V host remotely, you
may want to have a dedicated NIC just for that purpose. We typically do not recommend that you use
the same NIC for virtual machine access and Hyper-V management.

At least one NIC for virtual machine networks. If you want to provide virtual machines with
connectivity to an external network, you should dedicate at least one NIC for that purpose. This
number can increase for more complex virtual network scenarios, or if redundancy (such as NLB) is
required. If some of your virtual machines require higher network bandwidth, then we recommend
creating a network team of NICs within the host operating system, and then attaching the NIC
network to the external network.

At least one (and in some cases multiple) NICs for accessing shared storage (iSCSI or Fibre Channel).
Storage communication should have a dedicated network, and the second NIC provides redundancy
(multipath). This network also is used for accessing Cluster Shared Volumes (CSVs), if you are using
Hyper-V failover clustering.

A dedicated NIC for failover clustering. We recommend that cluster nodes send heartbeat and other
inter-node cluster communication over a dedicated network.

At least one NIC for live migration. Hyper-V can migrate virtual machine components such as virtual
disks, configuration, and checkpoints between Hyper-V hosts. It can also migrate between Hyper-V
hosts entire virtual machines that are running. You should use a dedicated network for live migration.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-9

Windows Server 2012 R2 includes Network Adapter Teaming (NIC Teaming), which you can use to
consolidate multiple NICs and use them as a single interface. This provides higher network throughput
and redundancy. You can also enable bandwidth management to limit bandwidth available to each
network adapter in the virtual machine.
Note: Module 4 provides a more details on NIC Teaming.
Windows Server 2012 Hyper-V Best Practices
http://go.microsoft.com/fwlink/?LinkID=386657
Question: Why would you not use the same network adapter in a Hyper-V host for
performing remote Hyper-V administration, and for providing network access to virtual
machines that are running on the Hyper-V host?

Considerations for Providing High Availability


High availability enables service or virtual
machines to be available even in a case of physical
component failure. Without high availability, if a
server fails, everything on that server is no longer
available. If a server is running a single server load,
outage caused by failure can be considerable.
However, with virtualization, if a single server is
running multiple virtual machines, outages caused
by server failure multiply. Therefore, It is critical
that virtual machines and services are highly
available. When planning Hyper-V deployment,
you should consider how to provide high
availability for your load.
When implementing virtual machines in Hyper-V, you have the following options:

Hyper-V host-based failover clustering. You can implement failover clustering on the Hyper-V host
servers, and then use the Failover Cluster Manager to configure the virtual machines to be highly
available. You must configure Hyper-V hosts as Cluster Nodes, and configure them with properly
configured shared storage. The shared storage must be able to store highly available virtual machines.
If the Hyper-V host fails, the highly available virtual machine will fail over to another Hyper-V host in
the failover cluster, and the cluster will attempt to restart the virtual machine. This will make the
virtual machine available even if the Hyper-V host fails.

Guest failover clustering. This option provides high availability for cluster roles that are running inside
virtual machines. You must configure virtual machines with shared storage, which can be on an iSCSI
target, a Fibre Channel SAN, or a shared virtual hard disk that is stored on an SMB 3.0 share or scaleout file server. If a virtual machine fails, cluster roles that are running on the virtual machine will fail
over to another virtual machine in the failover cluster, and the cluster will attempt to restart the failed
virtual machine. This will make cluster roles available even if the individual virtual machine fails. You
can use this approach with services and applications that are configurable as clustered roles.

Virtual machine-based Network Load Balancing (NLB). You can use NLB inside virtual machines
just as you use NLB with physical servers. NLB provides fault tolerance for stateless applications by
distributing inbound traffic across multiple virtual machines running the same application. If a virtual

MCT USE ONLY. STUDENT USE PROHIBITED

2-10 Installing and Configuring the Hyper-V Role

machine fails, remaining virtual machines in NLB will pick up the requests. When you implement NLB
in a virtual machine environment, you should configure virtual machines on different Hyper-V hosts
to be NLB members. With such configuration, the application that virtual machines provide is not
disrupted if a Hyper-V host or virtual machine fails.

Application-specific clustering. Some enterprise applications such as SQL Server or Microsoft


Exchange Server have built-in failover capabilities. These applications can utilize failover clustering,
but also include their own features such as database mirroring and continuous replication.

Each of these options provides a high availability solution in a Hyper-V environment. You should select
the most appropriate option for each virtualized workload.
Microsoft High Availability Overview
http://go.microsoft.com/fwlink/?LinkID=386660
Question: You need to provide virtual machine-based failover clustering. What can you use
for shared storage?

Host Changes After Installing the Hyper-V Role


Hyper-V in Windows Server it is not installed by
default. Based on your needs and preferences,
you can install it locally or remotely by using
different approaches. If you prefer using a GUI,
you can add the Hyper-V role by using the Add
Roles and Features Wizard from Server Manager.
You can also add the role by using the Windows
PowerShell Install-WindowsFeature cmdlet, or
by using the dism.exe command in a Command
Prompt window. After you add the Hyper-V role,
you must restart the server twice before you can
use Hyper-V.
Installation of the Hyper-V role results in the following important changes to the host:

The previously installed operating system is moved into the parent partition.

A hypervisor is added between the operating system and server hardware, and is configured to start
automatically.

Hyper-V management tools such as the Hyper-V Manager snap-in, the Virtual Machine Connection
tool, and the Hyper-V Windows PowerShell module are added to the parent partition.

Installing the Hyper-V role also adds several services, including Performance Monitor counters,
Applications and Services logs, and Windows Firewall rules, and it creates the Hyper-V Administrators
group in the parent partition.
Question: How can you verify that you have added Hyper-V hypervisor successfully and
configured it to start automatically on the host?
Question: You installed the Hyper-V role in Windows Server 2012 R2. Do you need to create
Windows Firewall rules to enable remote management of Hyper-V?

Demonstration: Installing the Hyper-V Role


In this demonstration, you will see how to install the Hyper-V role.

Demonstration Steps

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-11

1.

On LON-HOST2, in Windows PowerShell, use the Get-WindowsFeature cmdlet to verify that the
Hyper-V role is not installed.

2.

In Windows PowerShell, use the Get-Command Module Hyper-V cmdlet to verify that the Hyper-V
module is not yet installed.

3.

In Windows PowerShell, use bcdedit.exe to verify whether the hypervisor is configured to start
automatically.

4.

On the Start screen, search for and confirm that no program with the word hyper in the name is
installed.

5.

Confirm that only one counter starts with the word Hyper-V in Performance Monitor, Hyper-V
Dynamic Memory Integration Service.

6.

Confirm that no inbound Windows Firewall rules that start with the word Hyper-V display.

7.

Install Hyper-V role on LON-HOST2 by using the Windows PowerShell cmdlet


Install-WindowsFeature with the IncludeManagementTools parameter.

8.

Switch to LON-HOST1.

9.

On LON-HOST1, in Windows PowerShell, use the Get-WindowsFeature cmdlet to verify that


Hyper-V is installed.

10. In Windows PowerShell, use the Get-Command Module Hyper-V cmdlet to verify that the Hyper-V
module is installed.
11. In Windows PowerShell, use bcdedit.exe to verify that hypervisor is configured to start automatically.
12. Confirm that Hyper-V Manager and Hyper-V Virtual Machine Connection programs are installed.
13. Confirm that now there are multiple counters available in Performance Monitor that start with the
word Hyper-V.
14. Confirm that now there are inbound Windows Firewall rules that start with the word Hyper-V.

Lesson 2

Managing Hyper-V

MCT USE ONLY. STUDENT USE PROHIBITED

2-12 Installing and Configuring the Hyper-V Role

You will usually manage Hyper-V remotely, and not locally on the server where you installed it. Regardless
of from where you manage Hyper-V, you have two options: you can administer it in a GUI by using
Hyper-V Manager, or by using Windows PowerShell. When you manage Hyper-V remotely, you must
install the administrative tools locally on your remote machine. Ensure that you can connect to the server
that is hosting the Hyper-V role, and that you have appropriate permissions that allow you to manage
Hyper-V.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the Hyper-V Manager console.

Explain the addition of the Hyper-V Manager console.

Install and use Hyper-V Manager.

Explain how to use Windows PowerShell to manage Hyper-V.

Explain how to manage Hyper-V in a workgroup environment.

Describe the Hyper-V Best Practices Analyzer.

Describe the Hyper-V security model.

Overview of the Hyper-V Manager Console


You can use the Hyper-V Manager console
to manage the Hyper-V host, and any virtual
machines that you configure on the Hyper-V host.
You can access this console in several ways, such
as from Start screen, in Server Manager, from
Administrative Tools in Control Panel, or by
adding the Hyper-V Manager snap-in to a blank
Microsoft Management Console (MMC). You can
use Hyper-V Manager to administer multiple
Hyper-V hosts, but for larger deployments, you
should use other tools such as the Microsoft
System Center 2012 Virtual Machine Manager.
Note: System Center 2012 R2 is required to manage Windows Server 2012 R2. System
Center 2012 with Service Pack 1 (SP1) (or a newer version) is required to manage Windows Server
2012.

The Hyper-V Manager console has three panes. The navigation pane on the left provides a listing of all
connected Hyper-V hosts. The details pane in the middle provides information about the virtual machines
on the selected Hyper-V host. Detailed information includes their state, CPU usage, and assigned memory.
You can also add or remove additional columns in this pane. The details pane also lists checkpoints
(point-in-time snapshots), summary, memory, networking, and replication details for selected virtual
machine. The Actions pane on the right is divided into two parts: at the top are the actions available for
managing the Hyper-V host; below that is the contextual Actions pane that allows you to manage the

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-13

selected virtual machine. The same actions are available when you right-click the host in the navigation
pane, or right-click the virtual machine in the details pane.
Question: Your virtualization environment has three Hyper-V hosts. In Hyper-V Manager,
can you view Manager the virtual machines on all three Hyper-V hosts simultaneously?

Adding the Hyper-V Manager Console


When you install Hyper-V role by using the
Add Roles and Features Wizard, the Hyper-V
Manager console is added automatically.
However, when you install the role by using the
Install-WindowsFeature cmdlet, you must add the
-IncludeManagementTools parameter. Otherwise,
the Hyper-V Manager will not be installed. In
addition, if you install Hyper-V with dism.exe, the
Hyper-V Manager console is not added
automatically.
The Hyper-V Manager console and the Hyper-V
Module for Windows PowerShell are Windows
roles (and role services), and you can add them to any Windows Server 2012 R2 computers. This is
especially useful if you need to manage Hyper-V from a server that does not have the Hyper-V role.
You can also use Hyper-V Manager to manage Hyper-V Server 2012 R2 remotely from a GUI.

If you want to administer Hyper-V from a Windows 8 or newer Windows client operating system
computer, you need only to turn on the Hyper-V Management Tools feature. This is because Hyper-V
is part of the Windows client operating system. If you need to administer Hyper-V from a Windows 7
computer, you must first download and install Remote Server Administration Tools (RSAT) for Windows 7,
and then you can turn on the Hyper-V Management Tools feature. You should be aware that if you want
to administer Hyper-V from older operating systems such as Window 7 or Windows Server 2008 R2, you
will not be able to configure all Windows Server 2012 R2 Hyper-V features.
You can administer Hyper-V from your device even if Hyper-V Manager is not available for the device,
provided it supports Remote Desktop Protocol (RDP). You can allow remote desktop connections to a
computer where Hyper-V Manager is installed, and then connect to it from your device.
Question: Do you need to install RSAT on a Windows 8.1 workstation if you want to use it
for managing Hyper-V hosts?

Demonstration: Installing and Using Hyper-V Manager


In this demonstration, you will see how to install and use Hyper-V Manager.

Demonstration Steps
1.

Sign in to LON-CL1 with the user name Adatum\Administrator and password Pa$$w0rd.

2.

Confirm that no program that has the word hyper in the name is installed on LON-CL1.

3.

In Windows PowerShell, use the Get-WindowsOptionalFeature cmdlet to confirm that Hyper-V


management tools are not installed.

4.

Use the Windows Features window to enable the Hyper-V Management Tools feature.

5.

In Windows PowerShell, use the Get-Command Module Hyper-V cmdlet to confirm that the
Hyper-V module has been installed.

6.

Confirm that two programs, Hyper-V Manager and Hyper-V Virtual Machine Connection, are
installed on LON-CL1.

7.

Add LON-HOST1 to Hyper-V Manager, and review Hyper-V Settings for LON-HOST1.

Using Windows PowerShell to Manage Hyper-V

MCT USE ONLY. STUDENT USE PROHIBITED

2-14 Installing and Configuring the Hyper-V Role

You can manage Hyper-V from the GUI by using


the Hyper-V Manager console. However, that is
not always practical, especially when you need
to automate administrative tasks or perform the
same task on multiple Hyper-V hosts or virtual
machines. In such situations, Windows PowerShell
is a solution that also works for administrators
who prefer to use a command-line interface.
Windows PowerShell is part of Windows Server,
and it is designed for users to control and
automate the administration of Windows
operating systems. Everything that you can
configure through a Windows GUI, you can also configure by using Windows PowerShell. This is also true
for managing the Hyper-V role.
In Hyper-V Manager, you can view available options either in the Actions pane, or when you right-click
an object. To list all the Windows PowerShell commands (called cmdlets) that you can use to manage
Hyper-V, from a Windows PowerShell window, simply run the following cmdlet:
Get-Command -Module Hyper-V

You can pipe the result to the Measure alias by using the following command:
Get-Command Module Hyper-V | Measure

When you do this, you will discover that Windows Server 2012 R2 includes 178 cmdlets in the Hyper-V
module. If you need the detailed cmdlet syntax, you can use the following command:
Get-Help

If you remember only part of the cmdlet, you can use the following command, where part of name is the
part of the cmdlet that you can remember:
Get-Command cmdlet (Get-Command *part of name*)

Parts of Cmdlets
Cmdlets have consistent verb-noun names, so in most cases you will know from a cmdlet name what
action it will perform. Some examples are as follows:

Cmdlets starting with Get- will return the object property values, and will not modify objects in any
way.

Cmdlets starting with Set- will set object property values, and you can use these cmdlets for
configuring objects.

Cmdlets starting with Disable- will disable objects.

Cmdlets starting with Enable- will enable objects.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-15

The second part of a cmdlet name specifies the object type on which the cmdlet will act. Some examples
are as follows:

Get-VMHost lists Hyper-V host information.

Set-VMSwitch configures a virtual switch by setting its properties.

Enable-VMMigration enables migration on one or more virtual machine hosts.

You can specify the server on which you want to run the cmdlet by using the -ServerName parameter.
You also can specify more than one server:
Get-VMHost -ServerName LON-DC1, LON-SVR1

Another Windows PowerShell feature is pipeline ( | ), which you can use to pass results between cmdlets.
For example, if you want to save all virtual machines on LON-HOST1, you can run the following
command:
Get-VM -HostName LON-HOST1 | Save-VM

If you want to start only virtual machines that have DC in their name and are hosted on LON-HOST1, you
can run the following command:
Start-VM -Name *DC* -HostName LON-HOST1

When you run some cmdlets (for example Get-VMHost), you cannot see the entire output because of
formatting. However, you can always format output differently, for example by directing the output to the
Format-Table cmdlet (or to the ft alias):
Get-VMHost -HostName LON-HOST1 | ft

These examples are very basic examples of what you can do with Windows PowerShell. By using these
basic commands, you can start exploring Hyper-V with Windows PowerShell. You can also use Windows
PowerShell Integrated Scripting Environment (ISE), which includes an editor in which you can run cmdlets.
You also can use Windows PowerShell ISE to write, test, and debug scripts in a single GUI with multiline
editing, tab completion, syntax coloring, selective execution, and context-sensitive help.
Question: What must you do to be able to administer Hyper-V by using Windows
PowerShell?

Managing Hyper-V in a Workgroup Environment


A Hyper-V host can be an Active Directory
Domain Services (AD DS) member, or a member
of a workgroup. This has no effect on the virtual
machines that are running on the Hyper-V host.
However, AD DS membership greatly simplifies
Hyper-V host management. AD DS does require
additional infrastructure because domain
controllers and a DNS server are required, but
in most environments, they are already available
and in use.

MCT USE ONLY. STUDENT USE PROHIBITED

2-16 Installing and Configuring the Hyper-V Role

When you install the Hyper-V role, Windows


Firewall rules for remote management of Hyper-V
are created, and by default, enable remote connections and management. If the Hyper-V host is an AD DS
member, domain Group Policies apply to it. In this case, you can use your domain credentials to manage
Hyper-V remotely if your user account has sufficient permissions, without any additional configuration.
However, if Hyper-V host is not an AD DS member (which can be the case in small, high security, or test
environments), additional configuration is required if you want to manage the Hyper-V host remotely.
You must ensure that Windows Firewall allows remote management. In a server with a GUI, you create
and enable firewall rules by default when you install the Hyper-V role. However, in a Server Core
installation or in Hyper-V Server, you must enable firewall rules manually.

Remote management is enabled by default in Windows Server 2012 R2, but you still need to grant
administrative rights remotely to local users, which you can do by running the command winrm
quickconfig. You must also create a local user with the same username and password as the domain user
that will be managing Hyper-V host, and then grant the local user sufficient permissions by adding him or
her to the Hyper-V Administrators local group. Because Component Object Model (COM) security is set to
allow remote access for Everyone by default, no further configuration on the Hyper-V host is required.
Make sure that Hyper-V management tools are installed on the computer from which you want to
manage the Hyper-V host remotely. Then, when you open the Hyper-V Manager console, you should
be able to connect to the remote Hyper-V host and manage it remotely.
Best Practice: To simplify configuration of a workgroup member Hyper-V host for remote
management, use the Hyper-V Remote Management Configuration Utility (HVRemote).
Hyper-V Remote Management Configuration Utility (HVRemote)
http://go.microsoft.com/fwlink/?LinkID=386659
Question: Can you join virtual machines to the domain if they are running on a Hyper-V
host that is a member of a workgroup?

Hyper-V Best Practices Analyzer


Best practices for configuring a server are
guidelines on how you should configure a server
to be as effective and as secure as possible in a
typical environment. For example, a best practice
is to keep open only ports that the server requires
to communicate with other computers, and to
block all other unused ports. However, sometimes
it is not possible to follow all best practices. This
is not necessarily problematic, but it is helpful if
you are aware of the best practices you are not
implementing, and you can explain why you are
configuring your server differently from the
guidelines provided in the best practices.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-17

The Best Practices Analyzer (BPA) is a rule-driven framework that can scan server roles for compliance with
best practices. The Hyper-V BPA in Windows Server 2012 R2 is installed as part of the Hyper-V role, and
includes over 110 rules, which are grouped in several categories. Some of these categories are Hyper-V
and virtual machine configuration, Networking, Storage, and Backup. Hyper-V BPA rules includes many
best practice recommendations, such as the following:

Hyper-V should be the only enabled role on the server.

The Server Core installation option for Windows Server 2012 is recommended for servers running
Hyper-V.

Domain membership is recommended for servers running Hyper-V.

Virtual machines should be backed up at least once a week.

All networks for live migration traffic should have a link speed of at least 1 gigabits per second
(Gbps).

BPA is available as part of Server Manager or as Windows PowerShell cmdlets, contained in the
BestPractices module. You can use BPA to increase best practices compliance by scanning one or multiple
roles simultaneously, on either local or remote Hyper-V hosts, and regardless of whether you run scans
using the Best Practices Analyzer tile in Server Manager, or use Windows PowerShell cmdlets. You also can
instruct BPA to exclude or ignore scan results that you do not want to view.
BPA measures compliance with each best practice rule. Results can have one of the three following
security levels:

Error. Configuration is not compliant with best practices, and can potentially cause functionality
problems.

Information. Configuration is compliant and in accordance with best practice rules.

Warning. Configuration is not compliant, and the results of noncompliance can cause problems if
changes are not made. The configuration might be compliant as currently operating, but may not be
compliant if changes are not made.

After you perform a BPA scan in Server Manager, you can view compliance results in the BPA section.
When you select a result in this section, a preview pane in the section displays result properties, including
an indication of whether the role is compliant with the best practice. If a result is not compliant, and if you
want to know how to resolve the problem, you click links in the Error and Warning result properties
section.

Run Best Practices Analyzer Scans and Manage Scan Results


http://go.microsoft.com/fwlink/?LinkID=386668
Question: Should you always configure your Hyper-V host as best practices rules suggest?

Hyper-V Security Model


You implement security for Hyper-V differently
than for most other Windows components that
control access to objects by using access control
lists (ACLs). Hyper-V uses a role-based access
control (RBAC) role, which means that resources
are owned by the system, and users are granted
access to these resources by being assigned to
predefined roles. The Authorization Manager
framework is used to configure RBAC for Hyper-V.
Authorization Manager is deprecated in Windows
Server 2012, but it is still available in Windows
Server 2012 R2.

MCT USE ONLY. STUDENT USE PROHIBITED

2-18 Installing and Configuring the Hyper-V Role

Authorization Manager uses an authorization store for storing authorization information, and this store
can either be located in Active Directory, an XML file, or SQL Server. The default Hyper-V authorization
store is located in the C:\ProgramData\Microsoft\Windows\Hyper-V\InitialStore.xml file. Authorization
Manager is not often used, and many Hyper-V Administrators prefer to use either scripting or VMM to
implement security.

Simple Authorization

Two types of users work with Hyper-V authorization: administrators in enterprises who require complex
authorization policy, and administrators in smaller environments. Administrators in enterprises typically
use VMM, which hides Authorization Manager from them. If administrators in smaller environments are
not using VMM, then they must use Authorization Manager, even for a simple authorization policies. By
doing this, administrators can avoid having to make users who need to manage Hyper-V, local
administrators.

Hyper-V in Windows Server 2012 R2 uses a new security model called Simple Authorization. Simple
Authorization provides an alternative to using Authorization Manager to manage simple authorization
policy. It also improves the experience of granting Hyper-V administrator privileges to accounts, without
granting local administrator privileges on the Hyper-V host. As a result, security of the Hyper-V host is
improved.
You implement Simple Authorization on the Hyper-V host by creating a local security group named
Hyper-V Administrators. A group with the same name is also added at the domain level. Both groups
(local and domain) are empty by default. The Hyper-V Administrators group is also included in the
Authorization Manager authorization store. The local group is included in the workgroup Hyper-V host,
but as soon as the server is joined to the domain, the domain group replaces the local group in the
authorization store.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

Members of the Hyper-V Administrators group have complete and unrestricted access to all Hyper-V
features. They are granted permissions in:

Authorization Manager

DCOM permissions

Windows Management Instrumentation (WMI) virtualization namespace permissions

Common Information Model version 2 (CIMv2) namespace permissions


Configure Hyper-V for Role-based Access Control
http://go.microsoft.com/fwlink/?LinkID=386664
Question: You need to allow a user to manage virtual machines on a Hyper-V host, but this
user must not be able to manage Hyper-V host settings. What should you do?

2-19

Lesson 3

Configuring Hyper-V Settings

MCT USE ONLY. STUDENT USE PROHIBITED

2-20 Installing and Configuring the Hyper-V Role

Hyper-V settings control the Hyper-V host. For example, Hyper-V settings determine where new virtual
machines will be created by default, whether Hyper-V is configured with RemoteFX adapters, whether
virtual machines and virtual machine storage can be transferred via live migration, and if the host is
configured as a Hyper-V replica. You can configure Hyper-V settings in Hyper-V Manager, or in Windows
PowerShell. You should be familiar with available options (such as non-uniform memory access (NUMA)
spanning or enhanced session mode policy) before configuring them.

Lesson Objectives
After completing this lesson, you will be able to:

Describe Hyper-V settings.

Configure Hyper-V settings.

Describe NUMA.

Describe RemoteFX.

Describe enhanced session mode.

Describe resource pools.

Overview of Hyper-V Settings


You can use the Hyper-V Manager console or
Windows PowerShell to manage Hyper-V settings.
If you want to change the Hyper-V settings, you
can right-click Hyper-V host in the navigation
pane of Hyper-V Manager, and then click Hyper-V
Settings, or click Settings in the Actions pane. You
can configure the following settings in the
Settings window:

Virtual Hard Disks. This setting specifies the


default folder location for virtual hard disks
that you create on the Hyper-V host. When
you are running the New Virtual Hard Disk
Wizard, the location that you configure here will be used. By default, virtual hard disks are created in
the Public profile, and you should modify this default location.

When you are determining where to store the .vhdx and .vhd files, you should consider performance,
high availability, and available space. You should consider storing .vhd files on a separate disk, and
then distribute the .vhd files across as many disks as are available. If a SAN is available, you may
consider configuring this setting to point to a SAN logical unit number (LUN). If SMB 3.0 shares are
available, you can configure settings to point to this network location also.

Virtual Machines. This setting specifies the default folder location for storing virtual machine
configuration files. When running the New Virtual Machine Wizard, the location that you configure
here will be used. You should have similar considerations as with virtual hard disks, and if you want
virtual machines to be highly available, this location should point to a shared location on either a SAN
or SMB 3.0 share.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-21

Physical GPUs. This setting applies to Remote Desktop Virtualization and the VDI implementation. If
you want to enable RemoteFX 3D Video Adapters in virtual machines, you must install the Remote
Desktop Virtualization Host role service, and the Hyper-V host must have a physical graphics
processing unit (GPU) that supports RemoteFX.

NUMA Spanning. This setting allows virtual machines to span across NUMA nodes when CPU or
memory resources are needed. The default setting is to allow spanning, but administrators should
consider whether this is the optimal configuration for the applications and services that are running
in their virtual machines.

Live Migrations. This setting defines whether Hyper-V host can participate in virtual machine live
migrations. This setting is not enabled by default. If you enable this setting, there are additional
configuration options from which to choose, such as authentication protocol, maximum number
of simultaneous live migrations, which networks can be used for live migrations, and performance
options.

Storage Migrations. This setting controls how many storage migrations can occur simultaneously on
the Hyper-V host. The default setting is 2.

Enhanced Session Mode Policy. This setting defines whether redirection of local devices and resources
to virtual machines is allowed. The default Enhanced Session Mode Policy setting is to not allow
redirection. Enhanced session mode requires a supported operating system on the virtual machine
and requires additional virtual machine configuration.

Replication Configuration. This setting determines when Hyper-V host can be used as a Hyper-V
Replica server. The default setting is that Hyper-V is not enabled as a replica server. If you enable it as
a replica server, you can configure additional settings such as authentication, and from which servers
replication is allowed.

You can also configure the following user settings:

Keyboard. This setting controls how Windows key combinations (for example, Alt+Tab) are used
when using the Virtual Machine Connection interface. The default setting is to allow use of key
combinations with the virtual machine.

Mouse Release Key. This setting controls the key combination for releasing the mouse in the Virtual
Machine Connection interface, when the guest operating system does not have Integration Services
installed.

Enhanced Session Mode. This setting controls whether you want to use enhanced session mode
with Virtual Machine Connection, when an enhanced session mode is available in a guest operating
system. This setting is enabled by default. This setting allows the use of full Remote Desktop capability
when connecting to a virtual machine, including shared clipboard and device redirection.

Reset Check Boxes. When you click the Reset button here, all check boxes are cleared that when
checked, hide pages and messages.
Question: You want all virtual machines that you create on Hyper-V host to be stored in the
same folder. Which Hyper-V setting should you configure: Virtual Hard Disks, or Virtual
Machines?

Demonstration: Configuring Hyper-V Settings


In this demonstration, you will see how to configure Hyper-V settings.

Demonstration Steps

MCT USE ONLY. STUDENT USE PROHIBITED

2-22 Installing and Configuring the Hyper-V Role

1.

On LON-HOST1, in Hyper-V Manager, start the New Virtual Hard Disk Wizard, and confirm default
location for creating new virtual hard disks.

2.

In Hyper-V Manager, confirm that the same location is set as Virtual Hard Disk location Hyper-V
Setting.

3.

Set the Virtual Hard Disk location Hyper-V Setting to C:\Users and confirm that this location is
used as a default location when creating new virtual hard disks.

4.

In Windows PowerShell, use the Set-VMHost cmdlet with the VirtualHardDiskPath parameter to set
virtual hard disk location to \\LON-HOST2\VHDs.

5.

Use Hyper-V Manager to confirm that it was set successfully.

6.

In Windows PowerShell, use the Set-VMHost cmdlet to disable NUMA Spanning, and set the
maximum simultaneous storage migrations to 4.

7.

Use Hyper-V Manager to confirm the changes that you made in Windows PowerShell.

8.

Enable NUMA Spanning.

What Is NUMA?
A computer with a single processor has a single
bus for accessing memory, and that single
processor can access all of a computers memory
with the same latency. However, many modern
computers have multiple processors with multiple
cores. Each physical CPU uses its own bus for
accessing physical memory.

NUMA is a computer architecture that


multiprocessor systems use, in which the time
required for a CPU to access memory depends on
the memorys location relative to the processor.
Some memory regions are located and connected
directly to one or more CPUs. All memory is accessible by all CPUs, but a CPU can access local memory
(memory attached directly to the CPU) faster than it can access remote memory (memory that is local to
another CPU in the system). This is why NUMA architecture divides memory and processors into groups,
called NUMA nodes. For large, multiple CPU systems, using NUMA architecture can result in increased
system performance.
Modern operating systems and high-performance applications include optimizations that can recognize
and consider using system NUMA topology when scheduling threads or allocating memory to increase
system performance. To avoid remote access delays, a NUMAaware application attempts to allocate
storage and schedule threads to access data in the same NUMA node.

When a virtual machine starts, Hyper-V attempts to allocate all the memory for the virtual machine from
a single NUMA node, if enough memory is available. If the single NUMA node does not have enough
memory, Hyper-V also allocates memory from other NUMA nodesthis is known as NUMA spanning. At
the Hyper-V host level, a single check box controls whether to allow NUMA spanning. If this setting is

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-23

enabled (which is the default configuration, and which means that NUMA spanning is allowed), virtual
machines can span NUMA nodes and provide virtual machines with additional memory. However, when a
virtual machine allocates memory from multiple NUMA nodes, there is a performance cost because CPU
access to remote memory takes longer than when CPU accesses local memory in the same NUMA node.

Hyper-V in Windows Server 2012 and Windows Server 2012 R2 projects a virtualized NUMA topology to
virtual machines. By default, this virtual NUMA topology is optimized to match the NUMA topology of the
physical host. Projecting a virtual NUMA topology into a virtual machine enables optimal performance
and workload scalability in large virtual machines by allowing the guest operating system and applications
such as SQL Server to leverage their NUMA performance optimizations.
You can configure virtual NUMA topology at a virtual machine level. You can specify the maximum
amount of memory, maximum number of virtual processors, and the maximum number of virtual NUMA
nodes. By default, these values are set to align with the physical NUMA topology. If you change the
settings, you can restore the default virtual NUMA topology by clicking the Use Hardware Topology
button.
Hyper-V Virtual NUMA Overview
http://go.microsoft.com/fwlink/?LinkID=386666
Question: Can you modify your servers NUMA topology?

What Is Enhanced Session Mode?


Hyper-V uses the Virtual Machine Connection tool
to connect to virtual machines by using RDP. Prior
to Windows Server 2012 R2, the Virtual Machine
Connection tool provided only basic redirection
of the virtual machine screen, keyboard, and a
mouse, such as a Keyboard Video Mouse switch
over IP. The tool also provided limited Copy and
Paste functionality, which was limited to text and
did not support any other content such as
graphics or files.

With Windows Server 2012 R2, you still use the


same method to connect to virtual machines, but
Hyper-V also supports enhanced session mode. Enhanced session mode utilizes the Remote Desktop
Services component in virtual machines, and establishes full Remote Desktop sessions over VMBus. This
means that even if the virtual machine has no network connectivity (and there is network connectivity to
the Hyper-V host on which virtual machine is running), you can connect to the virtual machine by using
the Virtual Machine Connection tool using enhanced session mode. This means that you can redirect local
resources (such as smart cards, printers, drives, USB devices or any other supported Plug and Play devices)
to virtual machines. You also can use folder redirection, and use shared Clipboard for copying content
to virtual machines. In addition, you can copy files into virtual machines by dragging and dropping
them onto the virtual machine, even if the virtual machine does not have network connectivity. Enhanced
session mode and full Remote Desktop are available even when virtual machines are running on Hyper-V
on Server Core or Hyper-V Server 2012 R2.

You can configure enhanced session mode at following levels:

MCT USE ONLY. STUDENT USE PROHIBITED

2-24 Installing and Configuring the Hyper-V Role

Server settings - Enhanced Session Mode Policy. This setting affects all virtual machines that are
running on the Hyper-V host. If this setting is enabled, enhanced session mode connections to virtual
machines on this Hyper-V host will be allowed.

Note: The default setting for the Allow enhanced session mode is set to Disabled on
Hyper-V in Windows Server 2012 R2, and is set to Enabled on Windows 8.1.

User settings - Enhanced Session Mode. This setting determines if the Virtual Machine Connection
tool attempts to use enhanced session mode.

Guest operating system. Enhanced session mode is available only if you connect to virtual machines
that are running Windows Server 2012 R2 or Windows 8.1. Remote Desktop Service must be running
on the virtual machine, and the user account you will be using to sign in to the virtual machine must
be a member of the Remote Desktop Users local group.
Virtual Machine Connection - Enhanced Session Mode Overview
http://go.microsoft.com/fwlink/?LinkID=386665
Question: Can you use enhanced session mode to connect to a Windows Server 2012 R2
virtual machine that is running on a Hyper-V host on Windows Server 2012?

What Are Resource Pools?


Resource pools in Windows Server 2012 R2
provide a layer of abstraction between virtual
machines and the underlying physical hardware
on the Hyper-V host. You configure Hyper-V
resource pools by using Windows PowerShell.
You cannot create them in Hyper-V Manager.
Resource pools are especially useful when used
with virtual machine mobilityfor example with
Live Migration, when settings such as the location
for storing virtual machine files and virtual switch
names are different on different servers.

Resource pools provide a way to abstract those


configurations, because the only requirement is that the resource pool configurations are the same
on each Hyper-V host. For example, if you add virtual switches to a network pool named Pool1, virtual
machines will be able to connect to new virtual switches automatically if they are configured to use Pool1.
Resource pools allow administrators to configure the environment for virtual machine mobility. Resource
pools also enable administrators to group virtual machine resources and then collect metrics on the pool
for chargeback purposes. For example, the hosting company could configure resource pools for each
customer, and then collect resource usage data.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-25

You implement resource pools in Hyper-V by resource type. There are different resource pool types
such as Processor, Memory, Ethernet and virtual hard disk. By default, primordial pools are created
automatically for each resource type when you install the Hyper-V role. Using the Windows PowerShell
cmdlet Get-VMResourcePool, the default primordial pools display. You can also create new resource
pools, for example by running following cmdlet:
New-VMResourcePool -Name "Contoso Network" -ResourcePoolType Ethernet

Once you create the Network (Ethernet) and Storage (virtual hard disk) resource pools, the configuration
settings that are available for the virtual machine display in Hyper-V Manager.
Question: How can you configure a virtual machine to use a virtual hard drive from a
specific resource pool?

Lesson 4

Hyper-V Host Storage and Networking


You must properly configure storage and networking for a Hyper-V host, so that the virtualization
platform and the virtual machines that are running on that platform can use the available resources at
optimal performance. Features such as storage spaces, disk deduplication, and network teaming are
Windows Server features that Hyper-V can utilize when they are available. For example, Hyper-V can
store virtual machines on SMB 3.0 network shares, and disk deduplication in Windows Server 2012 R2
can minimize disk space used by running virtual machine in a VDI scenario.

Lesson Objectives
After completing this lesson, you will be able to:

Describe storage spaces.

Describe disk deduplication.

Describe Offloaded Data Transfer.

Describe SMB 3.0.

Explain how Hyper-V benefits from SMB 3.0.

Describe network teaming.

Overview of Storage Spaces


Storage Spaces is a storage virtualization
subsystem in Windows Server operating systems
and Windows client operating systems. Storage
Spaces is built on top of storage pools, which are
a collection of physical disks. Physical disks can
be of different sizes, and can be connected locally
by using different bus types such as SATA, Serial
Attached SCSI, external SCSI, SCSI, or USB. Remote
storage such as NAS or SANs cannot be part of
storage pools. Storage pools enables you to
aggregate storage, expand capacity flexibly, and
delegate administration.
Storage Spaces is represented as virtual disks built on top of storage pools. Storage Spaces can have
different levels of redundancy, can use all allocated space when created (fixed provisioning) or expand
dynamically (thin provisioning), and can have automatic or controlled allocation on heterogeneous
storage.

MCT USE ONLY. STUDENT USE PROHIBITED

2-26 Installing and Configuring the Hyper-V Role

You can use Storage Spaces to add physical disks of any type and size to a storage pool, and then create
highly available virtual disks from the storage pool. The primary advantage of Storage Spaces is that you
can manage multiple disks as one unit, instead of managing single disks.
Storage Spaces includes the following features:

Resilient storage. Storage Spaces support two resiliency modes: mirroring, and parity. You can
configure layout and resiliency for each storage pool independently. You can also configure per-pool
support for disks that are reserved for replacing failed disks (or hot spares).

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-27

Continuous availability. Storage Spaces is fully integrated with failover clustering, which provides
continuous availability. You can cluster pools across multiple nodes within a single cluster. Storage
Spaces can be created on individual nodes, and if failure occurs, the storage will fail over to a
different node. Storage Spaces supports integration with CSVs, which enables scale-out access to
data.

Optimal storage use. Storage Spaces supports thin provisioning to allocate space as needed. If data is
deleted inside a virtual machine, Hyper-V supports automatic storage reclamation for deleted files.

Storage Tiering: In Windows Server 2012 R2, you can enable storage tiers on virtual disk, which enable
automatic movement of the most frequently accessed files to faster SSD storage.

Multitenancy. Administration of storage pools is controlled through ACLs, and is delegated on a perpool basis. Each storage pool can be isolated, and access is integrated with AD DS.
Storage Spaces Overview
http://go.microsoft.com/fwlink/?LinkID=386672
Question: Can you include an iSCSI disk that is connected to your Hyper-V host, in Storage
Spaces?

Overview of Disk Deduplication

When you store files on a file server, many files


can contain blocks of the same data. This is also
the case for virtual hard disks, especially when
they have the same guest operating system
installed. Data deduplication is a process that runs
in the background after a file is saved. It analyzes
the files, and finds and removes duplicated blocks
without compromising file integrity. The goal of
data deduplication is to store more data in less
space by segmenting files into small variable-sized
chunks (32128 kilobytes (KB)), identifying
duplicate chunks, and maintaining a single copy
of each chunk. Duplicated copies of the chunks are then replaced by a reference to the single copy. The
chunks are compressed, and then organized into special container files in the System Volume Information
folder. Access to deduplicated files is the same as access to files that are not deduplicated.
You can enable data deduplication in Server Manager, or by using Windows PowerShell. You enable
data deduplication only for an entire volume. The volume must be formatted with NTFS file system, and
must not be a system or boot volume. You can use data deduplication on shared storage, and failover
clustering is fully supported. Windows Server 2012 R2 adds support for data deduplication on CSVs.
Data deduplication can be effective for optimizing storage and reducing the disk space used for storing
data. A virtualization library that stores virtual hard disks is a good example of how Data Deduplication
reduces disk space usage. By using data deduplication, you can reduce the virtualization library size by
80 percent or more. Windows Server 2012 can dedupicate only files that are not constantly open, and
because of this, virtual hard disks of running virtual machines cannot be deduplicated.

MCT USE ONLY. STUDENT USE PROHIBITED

2-28 Installing and Configuring the Hyper-V Role

Windows Server 2012 R2 improves deduplication performance and adds support for deduplication of
open files. As a result, Windows Server 2012 R2 can deduplicate the virtual hard disks of the running
virtual machines that you used for VDI, and that are stored on an SMB 3.0 network share. Deduplication of
running virtual machines that are not part of VDI or that are not stored on a network share may work, but
this scenario is not supported.
Data Deduplication Overview
http://go.microsoft.com/fwlink/?LinkID=386669
Question: You plan to enable data deduplication on a file server. How can you enable data
deduplication, and what must you install first?

What Is Offloaded Data Transfer?


When you use a traditional data copy model,
the data for copying must first be read from
the source storage (SAN), transferred over the
network, and then written into the server memory.
Next, the data must be transferred over the
network again to the destination storage (SAN),
and then written to the disk. This approach has
several drawbacks, such as high utilization of
server processor and memory, and transferring
data to a server and then back to storage, even if
data is copied inside the same SAN.

To avoid this inefficiency, Windows Server 2012


and newer versions support Windows Offloaded Data Transfer. Offloaded Data Transfer uses a tokenbased mechanism for reading and writing data within or between intelligent SANs. Instead of reading and
writing the data through the server, a token is copied between the source and destination storage. The
token serves as a point-in-time representation of the data, and the copy manager of the SAN performs
the data movement according to the token. For example, when you copy a file or a virtual hard disk
between storage locations on the same SAN or between the SANs, a token representing the virtual hard
disk file is copied. The server does not need to copy the underlying virtual hard disk, because the storage
(SAN) that supports Offloaded Data Transfer will copy the virtual hard disk file more effectively and
without utilizing the server.
You can use Offloaded Data Transfer to interact with the storage device to move large files or data
through the high-speed storage network. Offloaded Data Transfer reduces client-server network traffic
and CPU usage considerably during large data transfers, because all data movement is performed by the
storage. If you want to use Offloaded Data Transfer, source and destination SANs must:

Support Offloaded Data Transfer, must be connected by using iSCSI, Fibre Channel, Fibre Channel
over Ethernet, or Serial Attached SCSI.

Must be managed by the same storage manager.

Hyper-V supports Offloaded Data Transfer, and when Offloaded Data Transfer also is supported by a
storage array, performance improvements can be considerable. For example, if the creation of a 10-GB
fixed-size virtual hard disk takes almost three minutes, the same operation takes less than a second when
using Offloaded Data Transfer. In addition, when using Offloaded Data Transfer you can perform other
related Hyper-V operations much faster, such as expanding virtual hard disks, merging virtual hard disks,
or live storage migration.

Windows Offloaded Data Transfers Overview


http://go.microsoft.com/fwlink/?LinkID=386670
Question: Can you use Offloaded Data Transfer when you copy a 10-GB file between file
shares?

What Is SMB 3.0?


SMB is a network file sharing protocol that
Windows operating systems use on top of the
TCP/IP protocol for accessing files on network
shares. SMB has several backward-compatible
versions, and Windows Server 2012 adds support
for SMB 3.0. SMB 3.0 has several new and useful
features, including the following features:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-29

SMB Transparent Failover. This feature is


available in a failover cluster with at least two
nodes. It allows clients to access an SMB file
share without interruption even if the SMB file
server node to which the client is connected
fails. A failover cluster preserves information on the server side, and allows the client to reconnect
automatically to the same share on the remaining file server cluster node. This enables administrators
to perform hardware or software maintenance on file server cluster nodes by moving file shares
between nodes without client interruption.

SMB Scale Out. Administrators can use this feature to create file shares in failover clusters on CSVs
that provide simultaneous access to files, with direct I/O, through all nodes in a file server cluster.
This feature helps provide load-balancing of clients and better utilization of network bandwidth.

SMB Multichannel. This feature provides the ability to use multiple network interfaces for aggregation
of network bandwidth and network fault tolerance, if multiple paths exist between the client and the
server. Server applications can utilize aggregated network bandwidth, and are resilient in case of a
network failure.

SMB Direct. This feature provides the ability to use network adapters that have Remote Direct
Memory Access (RDMA) capability. Network adapters that have RDMA can function at full speed with
very low latency by using minimal CPU resources.

SMB Encryption. This feature enables file encryption while files are transferred over the network, and
without using public key infrastructure (PKI). You can configure SMB Encryption per share, or for the
entire server.

VSS for SMB file shares. Volume Shadow Copy Service (VSS) is a framework that enables volume
backups while applications continue to write to the volumes. The VSS provider for SMB file shares
enables VSSaware backup applications to perform application-consistent shadow copies of VSSaware server applications that are storing data on SMB 3.0 file shares. Prior to this feature, VSS only
supported performing shadow copies of data stored on local volumes.

Note: Windows Server Backup in Windows Server 2012 does not support VSS for SMB file
shares.

MCT USE ONLY. STUDENT USE PROHIBITED

2-30 Installing and Configuring the Hyper-V Role

SMB share management. If you prefer graphical tools, you can use Server Manager to create
and configure file shares by using a simple set of wizards. However, when you need to manage a
significant number of shares or automate the configuration, you should use Windows PowerShell.
Windows PowerShell can also be help you to understand better the inner workings of SMB 3.0. For
example, you can create a new file share by running the following Windows PowerShell cmdlet:
New-SmbShare

You then can add required permissions by running the following Windows PowerShell cmdlet:
Grant-SmbShareAccess

You can view other SMBrelated cmdlets by running the following Windows PowerShell cmdlet:
Get-Command -Module smbshare

Server Message Block overview


http://go.microsoft.com/fwlink/?LinkID=386673
Updated links on Windows Server 2012 File Server and SMB 3.0
http://go.microsoft.com/fwlink/?LinkID=386658
Question: Is SMB 3.0 used when you access and copy files from a Windows Server 2008 R2
file server to a Windows Server 2012 R2 server?

Hyper-V Over SMB


Prior to Windows Server 2012, Hyper-V could run
virtual machines only if virtual hard disks of the
virtual machine were stored locally or on a SAN.
Hyper-V in Windows Server 2012 provides added
support for storing virtual machine data files
(such as configuration, virtual hard disks, and
checkpoints), on network shares, which must be
accessible over SMB 3.0 protocol or newer. When
virtual machines are stored on an SMB share, the
file server that provides the SMB share must
not be the Hyper-V host that is storing virtual
machine data files on that share. In such a case,
you should configure the Hyper-V host to store virtual machine data files locally.

Because computer accounts are used for configuring file share permissions, the Hyper-V host and the file
server that hosts the SMB share must be members of the same AD DS domain. If data files of the running
virtual machine are stored on the SMB share, you can also configure data deduplication for the volume
that is hosting the SMB share. This requires Windows Server 2012 R2, and is only supported if the virtual
machine is part of a VDI implementation.

Storing virtual machine data files on an SMB 3.0 file share provides a similar level of reliability, availability,
manageability, and performance, as when virtual machine data files are stored on a SAN storage. This
means that you can also use an SMB share as shared storage for high availability scenarios. When
accessing an SMB 3.0 file share, you can use features such as SMB Transparent Failover, SMB Scale Out,
SMB Multichannel, SMB Direct, and SMB Encryption.

Some of the advantages of using file shares to store virtual machine data files include:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-31

Easier provisioning and management. Instead of managing SANs and LUNs, you can create and
configure file shares, with which all administrators are familiar.

Use existing infrastructure. You can use the existing file servers and networks. You do not have to add
specialized storage hardware such as SANs, or networking such as Fibre Channel.

Use existing knowledge. All administrators are familiar with creating and configuring file shares.
Deploy Hyper-V over SMB
http://go.microsoft.com/fwlink/?LinkID=386674
Question: Can you store and run virtual machines on an SMB 3.0 share on a Windows Server
2012 R2 file server that is not a domain member?

Overview of NIC Teaming

You can use Windows Server 2012 R2 to configure


multiple NICs in the same server into a team. This
feature is known as NIC Teaming. NIC Teaming
allows multiple network interfaces to work
together as a team, and prevents connectivity
loss if one of the network interfaces in a team fails.
It also provides bandwidth aggregation for the
network interfaces in a team. NIC Teaming is not
a feature specific to Hyper-V, but Hyper-V can
utilize NIC Teaming to provide faster and more
reliable network connections for both the Hyper-V
host and virtual machines. When you are using
NIC Teaming in Windows Server 2012 R2, you can put network adapters from different vendors and
supporting different network speeds in the same team. NIC Teaming in Windows Server 2012 is supported
by Microsoft.
When you put two or more physical network adapters into a NIC Team, this is then presented to the
operating system as one or more virtual adaptersknown also as team network adapters. Two basic sets
of algorithms that distribute inbound and outbound traffic between the physical network adapters in the
team are:

Switch-independent modes. Algorithms do not require the switch to participate in NIC Teaming.
Because the switch does not have the knowledge that the network adapter is part of a team, you can
connect the team network adapters to different switches. However, this configuration is not required.
These modes do not require any configuration of a switch, and they protect against switch failures.

Switch-dependent modes. Algorithms require the switch to participate in NIC Teaming. These
algorithms require that all network adapters in a team are connected to the same switch, and that the
switch is configured properly.

The NIC Teaming feature also works within a virtual machine. This allows a virtual machine to have virtual
network adapters that are connected to more than one Hyper-V switch, and still have connectivity even if
the network adapter under that switch becomes disconnected.
You manage NIC Teaming in Server Manager using the NIC Teaming interface, or by using
Windows PowerShell cmdlets. You can view the cmdlets for managing NIC Teaming by running
Get-Command -Module NetLbfo.

NIC Teaming Overview


http://go.microsoft.com/fwlink/?LinkID=386671
Question: Do you need to configure network switches if you want to use NIC Teaming in
Windows Server 2012 R2?

MCT USE ONLY. STUDENT USE PROHIBITED

2-32 Installing and Configuring the Hyper-V Role

Lab: Installing and Configuring the Hyper-V Role


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-33

Based on the analysis of the current server environment, A. Datum Corporation has identified several
servers that can be virtualized on Hyper-V. A. Datum is now ready to begin a pilot project to implement
virtualization in one of their branch offices.

The first step in the implementation project is to deploy the Hyper-V hosts in the branch office.
Technicians at the branch office have installed the hardware in the branch office, and have installed
Windows Server 2012 R2 on the servers. You have already configured LON-HOST1 and you now need to
install and configure Hyper-V on LON-HOST2.

Because all of the servers are located in a remote data center, you will use Windows 8.1 as an
administrative workstation. To become familiar with the different options for managing the Hyper-V
hosts, you will use both Server Manager and Windows PowerShell to manage the Hyper-V role remotely.

Objectives
After completing this lab, you will be able to:

Install the Hyper-V role.

Configure Hyper-V settings.

Access and manage Hyper-V remotely.

Lab Setup
Estimated Time: 60 minutes

Virtual Machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-CL1, and


20409B-LON-CL2
User name: Adatum\Administrator
Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1.

Sign in to the LON-HOSTx computer as Adatum\Administrator with the password of Pa$$w0rd.

2.

On LON-HOST1 start Hyper-V Manager.

3.

In Microsoft Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.

4.

In the Actions pane, click Connect. Wait until the virtual machine starts.

5.

Sign in by using the following credentials:


o

User name: Adatum\Administrator

Password: Pa$$w0rd

Note: Because you will be using the same virtual machines in the next lab, do not revert
the virtual machines at the end of this lab. However, you can shut down all virtual machines after
finishing this lab.
You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with
each other during this lab.

Exercise 1: Installing the Hyper-V Role


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

2-34 Installing and Configuring the Hyper-V Role

In this exercise, you will install the Hyper-V role. You can install Window Server roles in several different
ways, and in this exercise, you will install the Hyper-V role by using Server Manager and Windows
PowerShell. You will also verify changes on the server after you have installed the Hyper-V role.
The main tasks for this exercise are as follows:
1.

Write down your LON-HOST number.

2.

Verify that the LON-HOST2 computer does not have the Hyper-V role installed.

3.

Install the Hyper-V role by using Server Manager.

4.

Verify that the Hyper-V role was installed successfully.

Task 1: Write down your LON-HOST number


Note: One of the students in a pair will be working on LON-HOST1, and the other student
will be working on LON-HOST2.

Write down your LON-HOST number on a piece of paper. If your LON-HOST number is 1, your
partners number will be 2, and vice-versa.

Task 2: Verify that the LON-HOST2 computer does not have the Hyper-V role
installed
1.

On LON-HOST2, in Server Manager, confirm that the Hyper-V role is not installed.

2.

In Windows PowerShell, use the Get-WindowsFeature cmdlet to confirm that neither Hyper-V nor
Hyper-V Management Tools are installed.

3.

In Windows PowerShell, use the Get-Command Module Hyper-V cmdlet to verify that the Hyper-V
module is not installed.

4.

In Windows PowerShell, use bcdedit.exe to verify whether hypervisor is configured to start


automatically.

5.

Use Windows Search to confirm that no program that has the word hyper in the name is installed.

6.

Confirm that there is no Applications and Services Logs node that starts with word Hyper-V in
Event Viewer.

7.

In Performance Monitor, confirm that there is only one counter available that starts with the word
Hyper-V, Hyper-V Dynamic Memory Integration Service.

8.

Confirm that there are no inbound Windows Firewall rules that start with the word Hyper-V.

9.

Confirm that six services display that start with the word Hyper-V, but that Hyper-V Virtual
Machine Management service is not present among the services on LON-HOST2.

Task 3: Install the Hyper-V role by using Server Manager


1.

On LON-HOST2, use Server Manager to install the Hyper-V role with default options, and select the
option to restart the server automatically if required.

2.

Wait until LON-HOST2 restarts, and then sign in with the user name Adatum\Administrator and the
password Pa$$w0rd.

Task 4: Verify that the Hyper-V role was installed successfully

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-35

1.

On LON-HOST2, use Server Manager to confirm that the Hyper-V role is installed.

2.

In Windows PowerShell, use the Get-WindowsFeature cmdlet to confirm that both Hyper-V and
Hyper-V Management Tools are installed.

3.

In Windows PowerShell, use the Get-Command Module Hyper-V cmdlet to confirm that the
Hyper-V module has been installed.

4.

In Windows PowerShell, use the bcdedit.exe command to verify that hypervisor is configured to start
automatically.

5.

Confirm that the Hyper-V Manager and Hyper-V Virtual Machine Connection programs are
installed.

6.

In Event Viewer, confirm that multiple Applications and Services Logs nodes that start with the
word Hyper-V display.

7.

In Performance Monitor, confirm that multiple counters that start with the word Hyper-V are
available.

8.

In Performance Monitor, confirm that multiple inbound Windows Firewall rules that start with the
word Hyper-V display.

9.

In Performance Monitor, confirm that multiple services that start with the word Hyper-V display,
including a service named Hyper-V Virtual Machine Management, which has a status of Running.

10. On LON-HOST2, run the following script: C:\Labfiles\Mod02-LON-HOST2.ps1 to prepare the


environment.
Note: This script will import three virtual machines: 20409B-LON-PROD2, 20409B-LONTEST2, and 20409B-LON-CL2.
The script will ask for the drive letter on which the base images were extracted and the drive
letter on which the course images were extracted. Theses drive letters will depend on the physical
server configuration. If you are unsure about what are the drive letters, ask the instructor.

Results: After completing this exercise, you should have installed the Hyper-V role.

Exercise 2: Configuring Hyper-V Settings


Scenario

Before using the virtualization infrastructure, you should be familiar with and configure Hyper-V Settings.
In this exercise, you will use Hyper-V Manager and Windows PowerShell to review and configure some of
the settings, such as a default virtual hard disk location, NUMA spanning, and enhanced session mode
policy.
The main tasks for this exercise are as follows:
1.

Create a network share for storing virtual machines.

2.

Configure a virtual hard disk location.

3.

Configure Hyper-V settings by using Windows PowerShell and Hyper-V Manager.

Task 1: Create a network share for storing virtual machines


Note: Complete the following task on both LON-HOST1 and LON-HOST2.

MCT USE ONLY. STUDENT USE PROHIBITED

2-36 Installing and Configuring the Hyper-V Role

1.

On LON-HOSTx, use Server Manager to create a share by using the SMB Share Applications share
profile.

2.

Create a share on drive C. Name the share VHDs, and grant the Domain Users group Full Control
permissions to the share.

Task 2: Configure a virtual hard disk location


Note: Complete the following task on both LON-HOST1 and LON-HOST2.
1.

On LON-HOSTx, in Hyper-V Manager, start the New Virtual Hard Disk Wizard, and confirm the
default location for creating new virtual hard disks.

2.

In Hyper-V Manager, confirm that the same location is set as the Virtual Hard Disk location Hyper-V
Setting.

3.

In Hyper-V Manager, set the Virtual Hard Disk location Hyper-V Setting to C:\Users, and confirm
that this location is the default location when creating new virtual hard disks using the New Virtual
Hard Disk Wizard.

4.

In Windows PowerShell, use Set-VMHost cmdlet with the VirtualHardDiskPath parameter to set
virtual hard disk location to \\LON-HOSTy\VHDs, where y is number of your partners host. For
example, if you are using HOST1, then y represents 2, and if you are using HOST2, then y represents 1.

5.

Use Hyper-V Manager to confirm that the Virtual Hard Disk location Hyper-V Setting is successfully
set to \\LON-HOSTy\VHDs.

Task 3: Configure Hyper-V settings by using Windows PowerShell and Hyper-V


Manager
Note: Complete the following task on both LON-HOST1 and LON-HOST2.
1.

2.

On LON-HOSTx, in Hyper-V Manager, confirm the following Hyper-V Settings:


o

Virtual Machines: C:\ProgramData\Microsoft\Windows\Hyper-V

NUMA Spanning: Enabled

Storage Migration: 2

Enhanced Session Mode Policy: Disabled

In Windows PowerShell, use the Set-VMHost cmdlet with appropriate parameters to configure
following settings:
o

Virtual Machines: \\LON-HOSTy\VHDs (where y is number of your partners host)

NUMA Spanning: Disabled

Storage Migrations: 4

Enhanced Session Mode Policy: Enabled

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-37

3.

In Hyper-V Manager, confirm that all settings that you set by using Windows PowerShell are present.

4.

In Hyper-V Manager, modify the following Hyper-V Settings:


o

NUMA Spanning: Enabled

Enhanced Session Mode Policy: Disabled

Results: After completing this exercise, you should have configured Hyper-V settings.

Exercise 3: Accessing and Managing Hyper-V Remotely


Scenario

Administrators typically administer Hyper-V remotely. In this exercise, you will enable Hyper-V Manager
and Hyper-V Module for Windows PowerShell on a Windows 8.1 workstation, and then manage the
Hyper-V host remotely.
The main tasks for this exercise are as follows:
1.

Turn on the Hyper-V Management Tools feature.

2.

Connect to the Hyper-V host and manage it remotely.

Task 1: Turn on the Hyper-V Management Tools feature


Note: Complete the following task on both LON-HOST1 and LON-HOST2.
1.

On LON-HOSTx, use Hyper-V Manager to start and connect to 20409B-LON-CLx.

2.

Sign in to LON-CLx with the user name Adatum\Administrator and the password Pa$$w0rd.

3.

Use Search to confirm that no program with the word hyper in the name is installed on LON-CLx.

4.

In Windows PowerShell, use the cmdlet Get-Command with the Module parameter to confirm that
the Hyper-V module is not installed.

5.

Use the Turn Windows Features on or off program to turn on the Hyper-V Management Tools
feature.

6.

In Windows PowerShell, use the cmdlet Get-Command with the Module parameter to confirm that
the Hyper-V module is now installed.

7.

Confirm that two programs containing word hyper are now installed: Hyper-V Manager, and
Hyper-V Virtual Machine Connection.

Task 2: Connect to the Hyper-V host and manage it remotely


Note: Complete the following task on both LON-HOST1 and LON-HOST2.
1.

On LON-CLx, start Hyper-V Manager, and connect it to LON-HOSTx.

2.

Review Hyper-V Settings for LON-HOSTx, and verify that the settings are configured as you
configured them in the previous exercise:
o

Virtual Hard Disks: HOSTy\VHDs

Virtual Machines: HOSTy\VHDs

NUMA Spanning: Enabled

Storage Migrations: 4

Enhanced Session Mode Policy: Disabled

3.

Open Windows PowerShell and review the Hyper-V configuration of LON-HOSTx by using the
Get-VMHost cmdlet.

4.

Use the Get-VMHost cmdlet to set the Storage Migrations setting on LON-HOSTx to 3.

5.

Confirm the setting in Hyper-V Manager.

Note: Do not forget to Refresh the settings to view the updated settings in Hyper-V
Manager.

Results: After completing this exercise, you should have accessed and managed Hyper-V remotely.

MCT USE ONLY. STUDENT USE PROHIBITED

2-38 Installing and Configuring the Hyper-V Role

Module Review and Takeaways


Review Questions
Question: You need to manage Hyper-V in Windows Server 2012 from a Windows 7 client
computer. Will you be able to administer all Hyper-V features?
Question: Can you virtualize a file server that is using a Fibre Channel SAN for storing shared
folders?
Question: You have a Windows 8.1 virtual machine that must be highly available. Can you use
virtual machine-based failover clustering to make it highly available?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

2-39

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


3-1

Module 3

Creating and Managing Virtual Hard Disks, Virtual Machines,


and Checkpoints
Contents:
Module Overview

3-1

Lesson 1: Creating and Configuring Virtual Hard Disks

3-3

Lesson 2: Creating and Configuring Virtual Machines

3-14

Lab A: Creating and Managing Virtual Hard Disks and Virtual Machines

3-24

Lesson 3: Installing and Importing Virtual Machines

3-30

Lesson 4: Managing Virtual Machine Checkpoints

3-37

Lesson 5: Monitoring Hyper-V

3-46

Lesson 6: Designing Virtual Machines for Server Roles and Services

3-53

Lab B: Creating and Managing Checkpoints and Monitoring Hyper-V

3-60

Module Review and Takeaways

3-66

Module Overview

After installing the Hyper-V role and configuring the server properties, you are ready to begin creating
virtual machines and virtual hard disks. In this module, you will learn that Hyper-V in Windows Server
2012 supports two virtual disk file formats (.vhdx and .vhd) and three disk types (fixed-size, dynamically
expanding, and differencing). You will learn about the differences between the various disk formats and
disk types. You will also learn how to create these disks and configure a virtual machine to use disks that
are directly attached.

You are probably familiar with the virtual machines that Windows Server 2012 R2 Hyper-V refers to
as Generation 1 virtual machines. In Windows Server 2012 R2, you can also create Generation 2 virtual
machines, which can have fewer types of virtual hardware, but conversely, provide advanced features such
as Unified Extensible Firmware Interface (UEFI), Secure Boot, and boot from the small computer system
interface (SCSI) device.
Virtual Machine Connection is a Hyper-V management tool. In Windows Server 2012 R2, this tool has
enhanced session mode, which provides a rich Remote Desktop experience when connecting to virtual
machines that support it. You can also use this tool to copy and paste data between virtual machines,
and to redirect devices such as those connected to it, including physical USB ports, to virtual machines.

In Windows Server 2012 R2, snapshotsa popular feature of previous releaseshave been renamed
checkpoints. A major improvement in Windows Server 2012 Hyper-V is that virtual machines can detect
when a checkpoint was applied by using the Generation ID value. You should still use checkpoints
carefully in a production environment unless they are supported explicitly. In this module, you will
also learn about monitoring the Hyper-V environment by using performance monitoring and resource
metering.

Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2 Virtual Machine Manager are referred to as VMM.

Objectives
After completing this module, you will be able to:

Create and configure virtual hard disks.

Create and configure virtual machines.

Install and import virtual machines.

Manage virtual machine checkpoints.

Monitor Hyper-V.

Design and manage virtual machines for server roles and services.

MCT USE ONLY. STUDENT USE PROHIBITED

3-2 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

Lesson 1

Creating and Configuring Virtual Hard Disks

3-3

Just as physical computers store data on physical hard disks, virtual machines store data on virtual
hard disks, which actually are files that reside on physical hard disks. There are different types of virtual
hard disks available, and this lesson explains the differences between them. In the past, fixed-size disks
provided considerably better performance than dynamically expanding disks. In Windows Server 2012, the
performance difference between them is minimal. You also can configure virtual machines to use directly
attached disks, but such disks do not support snapshots and are less suitable for migration because they
are not encapsulated in a single file. Virtual hard disks can be in one of two formats: .vhd (legacy), and
.vhdx (modern). Although virtual hard disks are just that, the modern Windows operating system also can
access their content from physical computers.

Lesson Objectives
After completing this lesson, you will be able to:

Describe storage options for virtual machines.

Describe the Hyper-V virtual hard disk formats.

Explain the difference between fixed-size and dynamically expanding virtual hard disks.

Describe differencing virtual hard disks.

Create a virtual hard disk.

Describe directly attached disks.

Explain virtual hard disk sharing.

Explain Quality of Service (QoS) management.

Describe Hyper-V considerations for virtual hard disk storage.

Manage virtual hard disks.

What Are the Storage Options for Virtual Machines?

Virtual machines have different options for storing


their data. Just as virtual machines are isolated
when running on a Hyper-V host, you can also
isolate their hard disks and encapsulate their
content in a single virtual hard disk file with the
.vhd or .vhdx extension. From inside the virtual
machine, virtual hard disks are seen as physical
disks, and virtual machines use them as if they
were physical disks. You also can configure virtual
machines to connect directly to a physical volume
by configuring a directly attached disk. Directly
attached disks are seen as offline by the Hyper-V
host and are managed directly by the operating system within the virtual machine. Directly attached disks
either can be a physical disk in the host, or a logical unit number (LUN) on a storage area network (SAN)
device over Internet SCSI (iSCSI) or Fibre Channel.

MCT USE ONLY. STUDENT USE PROHIBITED

3-4 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

You can connect virtual machines to storage by using two different storage controller typesSCSI,
and integrated device electronics (IDE). A virtual machine can access a disk either as a virtual Advanced
Technology Attachment (ATA) device on a virtual IDE controller or as a virtual SCSI disk device on a virtual
SCSI controller. Virtual storage controllers have the following characteristics:

IDE controllers are available only in Generation 1 virtual machines. Each virtual machine has two IDE
controllers and can have up to two devices (hard drives or DVD drives) attached to each controller.

An IDE controller is first emulated, which means that it is available when the virtual machine starts
and later it is synthetic, which provides better performance.

While the virtual machine is running, you cannot add devices to or remove devices from an IDE
controller.

A Generation 1 virtual machine can start only from an IDE controller.

SCSI controllers are available in all virtual machines. Generation 1 virtual machines can use a SCSI
controller only as a data disk, whereas Generation 2 virtual machines start from the SCSI controller
attached disks or DVD drives.

A SCSI controller is synthetic, and you can add disks to or remove disks from a SCSI controller while
a virtual machine is running. A virtual machine can have up to four SCSI controllers, and each SCSI
controller supports up to 64 devices, which means that each virtual machine can have as many as 256
virtual SCSI disks.

SCSI controllers include support for Windows Offloaded Data Transfers, which is not available for
disks that are attached to an IDE controller.

You can use different hard disk types, such as fixed-size, dynamically expanding, differencing, and
attached physical disks, with both controller types.

A virtual machine uses storage controllers for accessing storage. The type of storage controller that
the virtual machine uses does not have to be the same type that Hyper-V is using. For example, a
Hyper-V host can have only physical SCSI storage, but you can configure virtual machines with IDE
controllers, and use IDE-attached virtual hard disks, which are stored on the SCSI storage of the
Hyper-V host.

Note: Although physical SCSI and IDE hard disk I/O performance can be significantly
different, this is not the case for virtual SCSI and IDE hard disks. They both offer equally fast I/O
performance.

You can store virtual machine virtual hard disks locally on Hyper-V host, on Server Message Block (SMB)
3.0 file shares, or on a SAN LUN. You can configure virtual machines to use directly attached disks over
iSCSI or Fibre Channel protocol. Such directly attached disks are accessed directly and are not contained
in a virtual hard disk file. In addition, you cannot use them for starting virtual machines. However, directly
attached disks are important when configuring guest failover clustering because you can use them as a
shared storage.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

The following table describes the various storage configuration options that are available to virtual
machines.
Locally stored IDE
virtual hard disk

Locally stored SCSI


virtual hard disk

Directly attached disk

3-5

Storage type

Direct-attached
storage (DAS)

DAS

DAS local
SAN, Fibre Channel/iSCSI
remote

Exposed to a Hyper-V
host as

Virtual hard disk


on NTFS file
system

Virtual hard disk on


NTFS file system

Physical disk directly


attached to a virtual
machine

Maximum supported disk


size

64 terabytes (TB)

64 TB

No size limit

Virtual hard disk


checkpoints supported

Yes

Yes

No

Dynamically expanding
virtual hard disk

Yes

Yes

No

Differencing virtual hard


disk

Yes

Yes

No

Add or remove storage


while virtual machine is
running

No

Yes

No

Question: Is there any difference between connecting a virtual hard disk to a virtual machine
by using an IDE virtual controller or a SCSI virtual controller?

Overview of the Hyper-V Virtual Hard Disk Formats


Virtual machines can access physical hard disks
directly (directly attached disks), can use virtual
hard disk files, or can use both. A virtual hard disk
can be either a single file or a hierarchy of files.
Both present to the virtual machine as a whole
hard drive. This means that from inside the virtual
machine, you can partition virtual hard disks and
format them with various file systems, such as
NTFS, FAT, or Resilient File System. In addition,
you can copy files or install an entire operating
system on a virtual hard disk. Although a virtual
hard disk is visible as a single file to the Hyper-V
host, it encapsulates the content of an entire virtual machine hard disk.

MCT USE ONLY. STUDENT USE PROHIBITED

3-6 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

The virtual hard disk format specification is available publicly. Developers can use the specification to
develop solutions to access virtual hard disk data and content, and they can use it to extend the virtual
hard disk. The virtual hard disk format has evolved over time, and Hyper-V in Windows Server 2012 R2
supports two virtual hard disk formats:

.vhd. This format supports virtual hard disks up to 2,040 gigabytes (GB) in size. This format has been
available since Microsoft Virtual Server 2005 was released, which means that you can use the .vhd
format with older Hyper-V hosts and with legacy Microsoft virtualization products.

.vhdx. This format supports virtual hard disks up to 64 TB in size. This format has been available since
Windows Server 2012, and it is not compatible with older Hyper-V hosts. Experience with the .vhd
format guided the .vhdx format improvements. The .vhdx format provides better data corruption
protection and optimizes structural alignments on large sector physical disks.

When you compare the .vhd and .vhdx formats, the .vhdx format provides the following benefits:

Support for larger virtual hard disk sizes, up to 64 TB.

Protection against data corruption by logging updates to the .vhdx metadata structures, which can be
especially important during power failures.

The ability to store custom metadata about a file, such as which operating system is installed in .vhdx,
or which patches are applied to it.

Improved alignment of the virtual hard disk format to work better with large sector disks.

Larger block sizes for dynamic and differential disks, which improves their performance.

4 kilobytes (KB) logical sector virtual disk, which increases performance when used by applications
that are designed for 4 KB sectors.

Efficiency in data representation, which results in smaller file size so that underlying physical storage
device can reclaim unused space (trim operation).

Note: You can convert .vhd files to the .vhdx format when you upgrade to Windows Server
2012 or Windows Server 2012 R2 because of the improvements of the .vhdx format. The only
reason why you should not convert the files is when you still need to move a virtual disk to an
older version of Hyper-V that does not support the .vhdx format.

When you create a new virtual hard disk on Windows Server 2012 R2, it selects the .vhdx format by
default. Hyper-V also provides the capability to convert .vhd files to .vhdx, and .vhdx files to .vhd, as long
as they are not larger than 2,040 GB. You can create new virtual hard disks from Windows PowerShell by
using the New-VHD cmdlet. You can also convert virtual hard disks between .vhd and .vhdx formats by
using the Convert-VHD cmdlet.
Note: Virtual hard disks are not only usable with virtual machines. You can also access,
mount, and use virtual hard disk content from physical host computers. You can use them even
without Hyper-V virtualization. From Windows Server 2012 R2 or Windows 8.1, you can rightclick the virtual hard disk file, mount it, and then perform operations on it just like any other hard
drive. In older Windows versions, you cannot mount virtual hard disk files by using Windows
Explorer (File Explorer in Windows 8 and Windows 8.1), but you can use Disk Management or
Diskpart tools instead. You can also use native boot from a virtual hard disk, where a physical
computer starts from a .vhd or .vhdx file.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

Additional information about virtual hard disk formats


http://go.microsoft.com/fwlink/?LinkID=386686
Virtual hard disk architecture
http://go.microsoft.com/fwlink/?LinkID=386678
Question: On a Windows 8 computer, how can you view and access the content of a virtual
hard disk that is in .vhdx format?

Fixed-Size and Dynamically Expanding Virtual Hard Disks


You can create three types of virtual hard
disks: fixed-size, dynamically expanding, and
differencing. After you create a virtual hard disk,
you can edit it and change its format. Some of
the features of the fixed-size and dynamically
expanding virtual hard disk formats are as follows:

3-7

Fixed size. When you create a fixed-size


virtual hard disk, Hyper-V allocates space for
the entire virtual hard disk. For example, if
you create a 100-GB fixed-size virtual hard
disk, Hyper-V will create a 100-GB file even
when it does not include any data. Creating
large fixed-size virtual hard disks can take significant time when physical storage does not support
Windows Offloaded Data Transfers because Hyper-V has to create the file to the entire specified
size and fill its content with zero values. Because Hyper-V allocates all of the storage space when
it creates the virtual hard disk, the size of a fixed-size virtual hard disk does not change. This
minimizes fragmentation and space on a fixed-size disk, which is as contiguous as possible when it
is created. You cannot create fixed-size virtual hard disks that require more space than is available
on the physical storageyou cannot overcommit your physical storage. Fixed-size virtual hard disks
are larger than dynamically expanding virtual hard disks, and as such, moving them can be more
time-consuming. Traditionally, fixed-size virtual hard disks offered better performance than
dynamically expanding virtual hard disks (and are almost identical to directly attached disk).
However, since Windows Server 2012, this performance difference is minimal.

Dynamically expanding. When you create a dynamically expanding virtual hard disk, Hyper-V creates
a small file on the Hyper-V host. That file then grows as you write data to the virtual hard disk until it
reaches its fully allocated size. The size of the dynamically expanding disk only grows. It does not
shrink even if you delete data. For example, if you create a 100-GB dynamically expanding virtual
hard disk, Hyper-V will create a file that will be only a few megabytes (MB) in size. When you write
into that virtual hard disk file, it will grow; however, when you delete information from the virtual
hard disk it will not shrink. When you start using the dynamically expanding virtual hard disk, for
example, by formatting partitions and installing an operating system onto it, it will start growing until
it reaches its maximum size of 100 GB. Hyper-V creates the dynamically expanding virtual hard disk
much faster because it does not allocate all the space at once. However, when you add data to the
virtual hard disk, it might fragment in the same way that any file would on your volume. You can
create dynamically expanding virtual hard disks that would require more space on the storage
subsystem than is currently availableyou can overcommit storage. Dynamically expanding virtual
hard disks are smaller than other virtual hard disk types until reaching their maximum size.

MCT USE ONLY. STUDENT USE PROHIBITED

3-8 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Historically, dynamically expanding virtual hard disks had inferior performance as compared with
fixed-size disks. However, in Windows Server 2012, this performance difference is minimal. Companies
typically use dynamically expanding virtual hard disks in test and development environments.
However, with live storage migration, the smaller size of dynamically expanding disks also is
attractive.
When you create a new .vhd virtual hard disk in Windows Server 2012 R2, the New Virtual Hard Disk
Wizard selects fixed-size by default. If you create a .vhdx virtual hard disk, the New Virtual Hard Disk
Wizard selects the dynamically expanding type by default. After Hyper-V creates a dynamically expanding
virtual hard disk, you can convert it to fixed-size, and vice versa.
Note: The fixed-size type virtual disk is a better choice when you are using the .vhd format
because it offers better resiliency and performance compared with the other virtual hard disk
types. When using the .vhdx format, it is beneficial to use the dynamically expanding type. In
addition to space savings, it offers resiliency. The fixed-size type is also a good choice for both
virtual disk formats when the storage on the Hyper-V host is not actively monitored.
Performance Tuning Guidelines for Windows Server 2012
http://go.microsoft.com/fwlink/?LinkID=386680
Question: Do you benefit from Windows Offloaded Data Transfers when you are creating a
dynamically expanding virtual hard disk?

Differencing Virtual Hard Disks


A differencing virtual hard disk always links
to another virtual hard disk in a parent/child
relationship. It cannot exist on its own. The parent
virtual hard disk can be fixed-size or dynamically
expanding, but as soon as it becomes a base disk
for a differencing disk, it cannot be written to, so
it will neither grow not contract. The differencing
virtual hard disk is always dynamically expanding.
You can also chain differencing virtual hard disks,
as long as all base disks are not written to. In this
scenario, one differencing virtual hard disk is using
another differencing virtual hard disk as a base
(parent) disk.

The differencing virtual hard disk stores changes for the parent disk and provides a way to isolate changes
without altering the parent disk. When you use a differencing virtual hard disk, you can access all the data
from the parent disk, and changes you make are written only to the differencing virtual hard disk, not to
the parent disk. In other words, reads for modified data are served from the differencing virtual hard disk,
and reads of all other data are served from the parent virtual hard disk. Metadata is used in both cases to
determine from where data should be read, which results in differencing virtual hard disks having slower
performance than fixed-size or dynamically expanding virtual hard disks. Differencing virtual hard disks
must use the same format as the parent diskseither .vhd or .vhdx.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

Note: While differencing virtual hard disks do have their place in production environments,
especially with Virtual Desktop Infrastructure (VDI) pooled desktops, they should be used
sparingly and only after careful planning in other scenarios.

3-9

The differencing virtual hard disk expands dynamically because data that is intended for the parent disk is
written to the differencing virtual hard disk. The base/differencing relationship is based on the integrity of
the base disk. Therefore, you should not write to the parent disk because any change made to the parent
disk will invalidate all differencing virtual hard disks that are linked to that parent.
Note: A differencing disk references a parent disk and stores the changes. Therefore, you
should avoid making any changes to a parent disk. As a best practice, you should configure a
parent disk as read-only. Be aware that a Merge operation changes the parent disk and
invalidates any other differencing disks that use that parent disk.

You cannot specify a size for a differencing virtual hard disk. Differencing virtual hard disks can grow as
large as the parents disk size limit. However, unlike dynamically expanding disks, you cannot compact
differencing virtual hard disks directly. You can compact a differencing virtual hard disk only after it
merges with its parent disk.

Differencing virtual hard disks can be beneficial in some scenarios. For example, you could use a virtual
hard disk that has a clean installation of the Windows Server 2012 R2 operating system as a parent, and
then use a new differencing virtual hard disk as the virtual machine hard disk. You could even create
multiple differencing virtual hard disks for multiple virtual machines that would use the same Windows
Server 2012 R2 virtual disk as their parent disk.
Note: Differencing virtual hard disks can be useful in a testing or training environment.
Question: Can Hyper-V allocate more storage space to a differencing virtual hard disk than
to the parent disk to which it links?

Demonstration: Creating a Virtual Hard Disk


In this demonstration, you will see how to create a virtual hard disk.

Demonstration Steps
1.

2.

Use Hyper-V Manager to create a new virtual hard disk with following settings:
o

Format: VHDX

Type: Dynamically expanding

Name: Dynamic.vhdx

Size: 100 GB

Use Hyper-V Manager to create a new virtual hard disk with following settings:
o

Format: VHD

Type: Differencing

Name: Differencing.vhd

Parent: E:\Program Files\Microsoft Learning\base\Base14A-WS12R2.vhd

3.

4.

In Windows PowerShell, use the cmdlet New-VHD to create a new virtual hard disk with the
following settings:
o

Path: C:\Shares\VHDs\Fixed.vhdx

Size: 1 GB

Type: Fixed size

MCT USE ONLY. STUDENT USE PROHIBITED

3-10 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

On LON-HOST1, in File Explorer, browse to C:\Shares\VHDx, and then confirm that Fixed.vhdx
allocates 1 GB disk space, while both Dynamic.vhdx and Differencing.vhd are allocated less disk space.

Directly Attached Disks

Virtual machines can use virtual hard disk files


or physical disks that are directly attached to a
virtual machine as their hard drives. Directly
attached physical disks enable virtual machines
to bypass the Hyper-V host and access storage
directly, without first configuring the volume on
the Hyper-V host. The directly attached disk can
be an internal Hyper-V host physical disk. It can
also be a SAN LUN that is mapped to the Hyper-V
host or is mapped directly by the operating
system that is running on the virtual machine. The
virtual machine must have exclusive access to the
directly attached disk, which means that the disk must be set in an offline state. The directly attached disk
is not limited in size, and it can be larger than the virtual hard disk size limit.
Note: LUN is a logical reference to a portion of a SAN.

Features of Directly Attached Disks


Some of the main features of directly attached disks are:

When a virtual machine is using a directly attached disk, there is no associated virtual hard disk
involved because the virtual machine is accessing a physical disk.

Directly attached disks provide superior performance, similar to physical disks, because there is no
overhead involved. On Windows Server 2012 and newer versions, fixed-size virtual hard disks provide
similar performance. Dynamically expanding virtual hard disks have only slightly lower performance.

If a virtual machine will access a directly attached disk on a SAN, you do not need to mount the LUN
on a Hyper-V host by using iSCSI or Fibre Channel.

Accessing directly attached disks requires lower CPU utilization because it does not involve any
overhead on the Hyper-V host.

Directly attached disks have no size limitation, and they can be larger than 64 TB.

You cannot use differencing virtual hard disks with directly attached disks.

Checkpoints are not available on directly attached disks.

The physical disk must be set to offline state on the Hyper-V host before you can configure it as a
directly attached disk for a virtual machine.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-11

You cannot expand directly attached disks dynamically unless such functionality is provided in
the SAN.

The Hyper-V Volume Shadow Copy Service (VSS) writer cannot back up directly attached disks, and
you cannot use Windows Server Backup in the parent partition to back up such disks. In such a case,
you should use the backup program that is installed on the virtual machine.

Note: You cannot use Live Migration to move virtual machines between Hyper-V hosts that
are not in the same failover cluster if the virtual machines are using directly attached disks.

If you want to configure a virtual machine to use an internal Hyper-V host physical disk or a LUN that
is connected to a Hyper-V host as a directly attached disk, you can access it over a virtual IDE or SCSI
controller. You can do so by modifying the virtual machine hard disk settings to use a physical disk
instead of a virtual hard disk. If you want to use a SAN directly from inside a virtual machine, you should
either configure an iSCSI initiator in the virtual machine or add a virtual Fibre Channel adapter to the
virtual machine, depending on how you will access the SAN.
Virtual Hard Disk Performance
http://go.microsoft.com/fwlink/?LinkID=386681
Question: Can you view a directly attached disk that a virtual machine is using from the Disk
Management tool that is running on the Hyper-V host on which the virtual machine is
running?

Virtual Hard Disk Sharing


Prior to Hyper-V in Windows Server 2012 R2,
virtual machines used virtual hard disks
exclusively. This means that while one virtual
machine was using a virtual hard disk, no other
virtual machine could use the same virtual disk.
With Windows Server 2012 R2, you can share
virtual hard disks between multiple virtual
machines. This can be especially useful when
configuring failover clustering in virtual machines.
Prior to Windows Server 2012 R2, you could use
only iSCSI or Fibre Channel SAN for shared
storage. In Hyper-V in Windows Server 2012 R2,
you can use shared virtual hard disks for the same purpose.

You can enable virtual hard disk sharing only for .vhdx files that are connected to a virtual SCSI controller.
You cannot use virtual hard disk sharing for .vhd files that are connected to a virtual IDE controller. You
can store the shared .vhdx file only on a failover cluster. This can be a Cluster Shared Volume (CSV) on
block storage, which includes clustered storage spaces, or a scale-out file server with SMB 3.0 on filebased storage. You cannot enable virtual hard disk sharing if these prerequisites are not met. For example,
if the .vhdx file is connected to a virtual SCSI controller but is stored locally or on a SMB 3.0 share.
Virtual Hard Disk Sharing Overview
http://go.microsoft.com/fwlink/?LinkID=386688
Question: When would you use shared virtual hard disks?

Quality of Service Management


In older versions of Hyper-V, it was not possible to
limit I/O operations per second (IOPS) per virtual
machine. If a virtual machine had an application
that was storage-intensive with a large number
of read and write operations to the storage, the
virtual machine could monopolize the Hyper-V
host, and other virtual machines could have
slower access to storage. In Windows Server 2012
R2, Hyper-V includes an option to configure QoS
parameters when virtual machines are accessing
the storage, so that you can provide enough IOPS
to each virtual machine.

MCT USE ONLY. STUDENT USE PROHIBITED

3-12 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

You can configure storage QoS for each virtual hard disk. By specifying the maximum IOPS value on the
advanced features of the virtual hard disk, you can balance and throttle the storage I/O between virtual
machines and prevent a virtual machine from consuming excessive storage I/O operations, which could
affect other virtual machines. You can also configure the minimum IOPS value and receive a notification
when the IOPS for that virtual hard disk is below the configured value. In addition, the virtual machine
metrics infrastructure is updated with storage-related parameters so that you can monitor the
performance and chargeback for used resources.
Note: Virtual disk maximum IOPS settings are specified in terms of normalized IOPS. IOPS
are measured in 8 KB increments.
Note: Storage QoS is not available if you are using shared virtual hard disks.
Storage Quality of Service for Hyper-V
http://go.microsoft.com/fwlink/?LinkID=386689

Hyper-V Considerations for Virtual Hard Disk Storage


When working with virtual machines, virtual
hard disks require by far the largest amount of
storage space. In addition, virtual hard disks
should have the highest possible access speed
and throughput, and you should store them on
redundant, highly available storage. The main
Hyper-V considerations for virtual hard disks are
as follows:

Virtual hard disks encapsulate the content of


the entire virtual machine hard disk. They can
be very large, and their size increases through
time if they are dynamically expanding or
differencing. You should ensure that there is enough space for the virtual hard disks on the storage
and implement monitoring to increase available space when needed.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-13

Virtual machines that are running on the same Hyper-V host are in competition for disk I/O. To
improve performance, you should have as many of the fastest physical disks as possible.

Windows Server 2012 includes storage spaces so that you can create redundant storage for virtual
hard disks.

If available, you should use solid-state drives (SSDs) for best possible performance. They do not have
moving parts, and they provide fast access speed and high throughput.

Windows Server 2012 R2 introduces tiered storage, which you can use to combine classical spindle
base disks and SSDs in the same storage. Tiered storage significantly increases access speed and
throughput.

You can store the virtual hard disks of running virtual machines on an SMB 3.0 share. Windows Server
2012 introduced this capability, and it provides a similar level of availability and performance as
storing virtual hard disks on a SAN. When accessing an SMB 3.0 file share, you can use features such
as SMB transparent failover, SMB scale-out, SMB multichannel, and SMB direct.

You can use SAN for storing virtual hard disks. SAN provides several benefits, such as high
performance and high availability, and the possibility to expand LUNs dynamically if you need
additional storage.

Antivirus software should exclude Hyper-V-specific files, including virtual hard disks (.vhd and .vhdx).
Question: For storing virtual machines, what are the benefits of SAN compared to local
storage?

Demonstration: Managing Virtual Hard Disks


In this demonstration, you will see how to manage virtual hard disks.

Demonstration Steps
1.

On LON-HOST1, use the Edit Virtual Hard Disk Wizard to expand Fixed.vhdx to 2 GB.

2.

Use the Edit Virtual Hard Disk Wizard to expand Dynamic.vhdx to 200 GB.

3.

On LON-CL1, use Disk Management to confirm that Disk 1 and Disk 2 have expanded, and now have
2 GB and 200 GB of unallocated space.

Lesson 2

Creating and Configuring Virtual Machines

MCT USE ONLY. STUDENT USE PROHIBITED

3-14 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Hyper-V is the infrastructure that you use for running virtual machines. You can create virtual machines
in several different ways. This lesson explains how you can create virtual machines by using Hyper-V
Manager and Windows PowerShell. This lesson also explores hardware components of the virtual
machine and explains the differences between Generation 1 and Generation 2 virtual machines. You will
also learn about Integration Services, which provides support for synthetic devices, in addition to any
communication required between the parent and the guest operating system, such as heartbeat and time
sync. A SCSI controller and a virtual Fibre Channel adapter are examples of synthetic devices. Virtual
machines use synthetic devices to access storage directly on Fibre Channel SANs.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the components of a Generation 1 virtual machine.

Describe Generation 2 virtual machines.

Create virtual machines.

Describe the configuration of virtual machine settings.

Describe dynamic memory.

Describe smart paging.

Describe Integration Services.

Configure Integration Services.

Describe the use of virtual Fibre Channel adapters.

What Are the Components of a Generation 1 Virtual Machine?


A virtual machine represents a physical computer
in a virtualization environment. Virtual computers
have components that are similar to physical
computers. However, virtual computers can
only use components that are part of Hyper-V
virtualization. A virtual machine cannot use
components that you can attach to the physical
Hyper-V host unless they are properly configured
to do so. Virtual hardware is either emulated,
synthetic, or in rare cases, such as with single-root
I/O virtualization (SR-IOV) network adapters,
directly mapped to virtual machines. Hyper-V can
present devices to a virtual machine in the following two ways:

Hyper-V presents an emulated device to the virtual machine as if it is actual hardware, although such
a physical component does not exist in the Hyper-V host. Emulated devices present standard and
well-known functionalities that are universal to all devices of that type. This means that almost any
operating system supports them. Emulated devices are available when the virtual machine starts, and

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-15

the virtual machine can start from them. These emulated devices include IDE controllers or legacy
network devices. However, because these devices are emulated, they do not perform as well and
present additional overhead for the Hyper-V host.

Hyper-V does not present synthetic components to the virtual machine as actual hardware. It presents
them to the operating system on the virtual machine as a functionality that the device driver can use.
When an operating system has support for that functionality, it can pass the communication with it
through virtual machine bus (VMBus). Operating systems must support VMBus, and device drivers for
that functionality must be loaded for the virtual machine to be able to use synthetic components. This
is why synthetic components are not available during startup, and why you cannot start a Generation
1 virtual machine from a SCSI controller.

Until Windows Server 2012 R2, you could create only one type of virtual machineGeneration 1. A
Generation 1 virtual machine contains the components in the following table.
Component

Description

BIOS

Specifies startup order of the boot devices.

Memory

Configures the amount of memory assigned to the virtual machine, the dynamic
range of memory that can be used, and memory weight. When the virtual
machine is running, that memory allocates exclusively and cannot be used by
other virtual machines or by the Hyper-V host.

Processor

Configures the number of processors that are available to the virtual machine,
the resource control, the processor compatibility settings, and the non-uniform
memory access (NUMA) settings.

IDE controller

Connects IDE virtual disks and DVD to the virtual machine. Generation 1 virtual
machines have two IDE controllers. Devices that connect to IDE controllers can be
used to start the virtual machine.

SCSI controller

Connects SCSI virtual disks to the virtual machine. SCSI controllers are synthetic,
which means that a Generation 1 virtual machine cannot start from a virtual disk
that is connected to it.

Network adapter

Connects a virtual machine with the virtual switch. A network adapter is synthetic,
which means that Generation 1 virtual machines cannot use it for Pre-Boot
Execution Environment (PXE) startup.

Legacy network
adapter

Connects the virtual machine with the virtual switch. A legacy network adapter
is emulated, which means that it is available during startup, and Generation 1
virtual machines can use it for PXE.

Fibre Channel
adapter

Accesses Fibre Channelbased storage directly from the virtual machine. This is a
synthetic device, which means that it is not available during startup.

RemoteFX 3D
video adapter

Enables a rich graphic experience in virtual machines.

COM port

Configures the virtual COM port to communicate with the physical server
through a named pipe.

Diskette drive

Connects virtual floppy disks to the virtual machine.

In addition to virtual hardware components, you can also configure virtual machine management
components such as Integration Services, checkpoint file location, smart paging file location, automatic
start action, and automatic stop action.

Overview of Generation 2 Virtual Machines


Virtual machines work the same way that physical
computers do. Most operating systems and
applications that run in virtual machines will
not be aware that they are virtualized. By using
emulated hardware, operating systems that are
not virtualization-aware can still run in virtual
machines. In machines that are run enlightened
operating systems, Integration Services allow the
virtual machines to access synthetic devices, and
thus, perform better. With the broad adoption of
virtualization, many modern operating systems
now include Integration Services.

MCT USE ONLY. STUDENT USE PROHIBITED

3-16 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Windows Server 2012 R2 changes all of this. It still fully supports the existing type of virtual machines
by naming them Generation 1 virtual machines, but it also provides support for the new type of virtual
machines, called Generation 2 virtual machines. Generation 2 is built on the assumption that operating
systems are virtualization-aware. Generation 2 removes all the legacy and emulated virtual hardware
devices and uses only synthetic devices. BIOS-based firmware is replaced by advanced UEFI firmware,
which supports Secure Boot. Virtual machines start from a SCSI controller or by using PXE from a network
adapter. All the legacy and emulated devices are removed from Generation 2 virtual machines, and the
remaining virtual devices use VMBus to communicate with parent partitions.

Generation 1 and Generation 2 virtual machines have similar performance, except during startup and
when installing operating system. In these instances, Generation 2 is considerably faster. You can run
Generation 1 and Generation 2 virtual machines side-by-side on the same Hyper-V host. You select virtual
machine generation when you create a new virtual machine and you cannot change it later. Generation 1
virtual machines will still be in use for a long time because you can install almost any operating system on
such virtual machines. Generation 2 virtual machines currently support only Windows Server 2012,
Windows 8 (64-bit), and newer 64-bit Windows operating systems.
Generation 2 Virtual Machine Overview
http://go.microsoft.com/fwlink/?LinkID=386690
Question: Can you convert a Generation 1 Windows Server 2012 R2 virtual machine to a
Generation 2 virtual machine?

Demonstration: Creating Virtual Machines


In this demonstration, you will see how to create a virtual machine.

Demonstration Steps
1.

On LON-HOST1, use Hyper-V Manager to create a new virtual machine with the following settings:
o

Name: LON-VM2

Generation: Generation 2

Startup Memory: 1024 MB

Use Dynamic Memory: Enabled

2.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-17

Use the Windows PowerShell cmdlet New-VM to create a new virtual machine with the following
settings:
o

Name: LON-VM1

Generation: Generation 1

Startup Memory: 1 GB

Boot Device: IDE

3.

Use the cmdlet Add-VMHardDiskDrive to add the C:\Shares\VHDs\Differencing.vhd disk to the


IDE Controller of LON-VM1.

4.

On LON-HOST1, use Hyper-V Manager to confirm that there are three types of hardware listed in the
Add Hardware section in the details pane for LON-VM2. Confirm also that no BIOS, IDE Controllers,
COM ports or Diskette Drive are listed, but that Firmware is listed.

5.

Use Hyper-V Manager to confirm that you can add five hardware types to LON-VM1. Confirm also
that BIOS, IDE Controllers, COM ports and a Diskette Drive display, but no Firmware displays.

Configuring Virtual Machine Settings

When you create a virtual machine by using the


New Virtual Machine Wizard or the Windows
PowerShell New-VM cmdlet, you can configure
only a limited number of options. For example,
you cannot adjust dynamic memory settings, add
more than one virtual hard disk to the virtual
machine, or configure the virtual machine with a
directly attached or differencing disk. However,
after you create the virtual machine, you have
many more options that you can configure. You
can configure most of the virtual machine settings
and modifications to hardware configuration only
when the virtual machine is turned off (not paused or in saved state). However, you can configure options
such as the virtual switch to which network adapter is connected, or add a virtual hard disk to the SCSI
controller while the virtual machine is running. Configuration options also depend slightly on the virtual
machine generation because some virtual hardware is available only for Generation 1 virtual machines.
You can enable safe boot for Generation 2 virtual machines, whereas Generation 1 does not have such an
option.
You can configure virtual machine settings in Hyper-V Manager or by using Windows PowerShell.
In Hyper-V Manager, you right-click the virtual machine, click Settings, and then modify properties
of the hardware component that you want to configure. In Windows PowerShell, you can use
several different cmdlets to configure a virtual machine, depending on whether you want to
configure virtual machine settings (Set-VM), add virtual hardware components (Add-VMHardDiskDrive,
Add-VMNetworkAdapter) or modify existing hardware component settings (Set-VMHardDiskDrive,
Set-VMNetworkAdapter).

MCT USE ONLY. STUDENT USE PROHIBITED

3-18 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

As part of the virtual machine settings, you can also configure management settings. In the Management
section, you can configure the components that are listed in the following table.
Component

Description

Name

Specify the name of the virtual machine and add comments about it.

Integration Services

Enable services that the Hyper-V host will offer to the virtual machine. To
use any of the services, Integration Services must be installed and supported
on the virtual machine operating system.

Checkpoint File
Location

Specify the folder in which checkpoint files for the virtual machine will be
stored. You can modify this location until the first checkpoint is created.

Smart Paging File


Location

Specify the folder in which the Smart Paging file for the virtual machine will
be created, if necessary.

Automatic Start
Action

Specify whether to start the virtual machine automatically after the Hyper-V
host restarts, and how long after Hyper-V is running to start them.

Automatic Stop
Action

Specify the state in which to place the virtual machine once the Hyper-V
host shuts down.

Question: Can you modify virtual machine memory settings while the virtual machine is
running?

What Is Dynamic Memory?

Physical computers have a static amount of


memory, which does not change until you shut
down the computer and add additional physical
RAM. The experience with virtual machines is
the same when you do not configure them to
use dynamic memory. Virtual machines are
assigned the same amount of memory while
they are running. However, with Hyper-V, you
can configure virtual machines to use dynamic
memory, which enables more efficient use of the
available physical memory. If you enable dynamic
memory, the memory is treated as a shared
resource, which can be reallocated automatically between running virtual machines. Dynamic memory
adjusts the amount of memory that is available to a virtual machine based on memory demand, available
memory on the Hyper-V host, and the virtual machine memory configuration. This can make it possible
to run more virtual machines simultaneously on the Hyper-V host. This can be especially beneficial in
environments that have many idle or low-load virtual machines, such as pooled VDI environments.

You can configure virtual machine memory usage on the Memory Settings page for each virtual machine.
On this page, you can configure the following settings:

Startup RAM. Use this setting to configure the amount of memory that will be available to the virtual
machine at startup time. If dynamic memory is not enabled, the virtual machine will use this memory
all the time while it is running (static memory).

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-19

Enable Dynamic Memory. Use this setting to configure the virtual machine to use dynamic memory
by enabling this option. If you enable this setting, the following three options become available:
o

Minimum RAM. Use this option to set the minimum amount of memory that the virtual machine
can use while it is running. The virtual machine cannot use less than this amount. You can
decrease this value while the virtual machine is running.

Maximum RAM. Use this option to set the maximum amount of memory that a virtual machine
can use while it is running. The virtual machine cannot use more than this amount of memory.
You can increase this value while the virtual machine is running.

Memory buffer. Use this option to specify the percentage of memory that Hyper-V should
reserve as a buffer. Hyper-V uses the percentage and the current memory demand to determine
an amount of memory for the buffer.

Memory weight. Use this option to specify how to prioritize the memory availability for the virtual
machine compared to other virtual machines that are running on the same Hyper-V host.

As with most other virtual machine settings, you cannot modify virtual machine memory settings while
the virtual machine is running. If you enable dynamic memory, however, you can decrease virtual machine
minimum RAM settings and increase maximum RAM while the virtual machine is running.

When enabled, dynamic memory results in more efficient use of the physical memory and enables more
virtual machines to run simultaneously. For example, consider a Hyper-V host with 8 GB of available
physical RAM, and four virtual machines created for the Finance, Engineering, Sales, and Services
departments. Each virtual machine has dynamic memory enabled and is configured with 1 GB of startup
RAM, 512 MB of minimal RAM, and 4 GB maximum RAM. In this scenario, when you start three virtual
machines, they will each be allocated 1 GB of RAM, which presents 37.5 percent utilization of the Hyper-V
hosts physical RAM. After a few minutes, the operating systems on all virtual machines will be running. In
the Finance and Engineering departments, running virtual machine applications require more RAM, and
memory utilization will increase to 3 GB and 2 GB, and the Sales virtual machine will still use 1 GB of
memory. All three virtual machines will be using 6 GB of memory total, which is 75 percent of the Hyper-V
hosts physical RAM. After another 15 minutes, the Finance virtual machine load lessens and no longer
needs as much memory. Dynamic memory will automatically decrease the memory that is assigned to
the Finance virtual machine to 2 GB. The Sales virtual machine, which is inactive for a long time, has a
decrease to 512 MB RAM. The Engineering virtual machine, which becomes even more active, has more
dynamic memory assigned to it. It now uses 4 GB of RAM, which is the maximum amount of configured
RAM allowed. Now that you have enough available resources, you can also start the fourth virtual
machine for the Services department. This results in Hyper-V using 7.5 GB of RAM, which is near its limit,
and is 94 percent RAM utilization of the Hyper-V host.
Hyper-V Dynamic Memory Overview
http://go.microsoft.com/fwlink/?LinkID=386694
Question: How does dynamic memory enable you to run more virtual machines on the same
amount of physical RAM?

What Is Smart Paging?

MCT USE ONLY. STUDENT USE PROHIBITED

3-20 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

When you enable dynamic memory for a virtual


machine, minimum RAM setting can be less than
the startup RAM assigned to a virtual machine.
This is because operating systems typically need
more memory during startup than when they are
running with high idle. Startup and minimum
RAM settings allow the Hyper-V host to reclaim
memory that the virtual machine no longer needs.
However, if the Hyper-V host is low on memory,
it can also result in insufficient available memory
(startup RAM), when the virtual machine is
restarted. In such a case, Hyper-V needs additional
memory to restart the virtual machine. It uses smart paging to bridge the memory gap between minimum
and startup memory.

Smart Paging

Smart paging is a memory management technique. It pages memory to the physical disk as additional,
temporary memory when more memory is required to restart a virtual machine. This approach provides
a reliable way to keep virtual machines running when there is not enough available physical memory.
However, it degrades virtual machine performance because disk access is much slower than memory
access. The default location for the smart paging file is configurable per virtual machine.

To minimize the performance impact of smart paging, Hyper-V uses it only when it is absolutely needed,
and if all of the following three conditions are met:

The virtual machine is restarted.

There is not enough available physical memory on the Hyper-V host.

Memory cannot be reclaimed from other virtual machines on the Hyper-V host.

Smart paging is not used in any other situation, including the following three situations:

The virtual machine is being started from an Off state.

You want to configure the virtual machine with more memory than is physically available.

The virtual machine is moved over or failed over from another Hyper-V cluster node.

Guest Paging

Hyper-V relies on guest paging (operating system paging inside the virtual machine) because it is more
effective than smart paging. With guest paging, the memory manager performs the paging operation
inside virtual machines. The memory manager has more information about memory usage within a virtual
machine than does the Hyper-V host. This means that the memory manager can provide Hyper-V with
better information to use when it is choosing the memory to be paged. Because of this, internal guest
paging incurs less overhead to the system compared with smart paging.
To reduce the impact of smart paging further, Hyper-V removes memory from the virtual machine after
it completes the restart process. It accomplishes this by coordinating with dynamic memory components
inside the virtual machine so that the virtual machine stops using smart paging. This process is also called
ballooning. The use of smart paging is temporary and is not longer than 10 minutes.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-21

To continue the example from the previous topic, if you assume that the Finance and Engineering virtual
machines use all 8 GB of available physical memory on the Hyper-V host, you can restart the other two
virtual machines only when using smart paging. However, you can only restart them if they are already
running. If they are off already, and if there are not enough resources to start them, you will get an error
when you try to start the virtual machines.
Question: Does Hyper-V use smart paging if a virtual machine is configured with the same
amount of startup and minimum RAM?

Overview of Integration Services


When an operating system is not
virtualization-aware, it behaves the same on a
virtual machine as it does on a physical computer
that does not have proper device drivers for some
hardware. It can still use emulated virtual devices,
but not synthetic virtual devices. It also is unable
to use features that are available only on virtual
machines, such as time synchronization with the
Hyper-V host, or releasing the mouse when the
cursor reaches the edge of the virtual machine
window.

By default, newer operating systems that are


virtualization-aware already include support for synthetic devices, VMBus, and other virtualization-specific
features. If the operating system is supported by Hyper-V but it does not include virtualization support,
then you should install Hyper-V Integration Services on the virtual machine with that operating system.
If the operating system includes Integration Services, but Hyper-V provides newer version of Integration
Services, you should install them into operating system on the virtual machine. Integration Services
provide better interoperability with the Hyper-V environment and support for VMBus, synthetic devices,
and other virtualization-specific features.
Hyper-V Integration Services that are available in virtual machines are:

Hyper-V Guest Shutdown Service. If you want to shut down a virtual machine without interacting
directly with the operating system on the virtual machine, the Hyper-V Guest Shutdown Service
provides a virtual machine shutdown function. Hyper-V initiates the shutdown request by using a
Windows Management Instrumentation call.

Hyper-V Time Synchronization Service. This service synchronizes the time on the virtual machine with
the time on the Hyper-V host.

Hyper-V Data Exchange Service. This service provides a method to set, delete, enumerate, and
exchange specific registry key values between the virtual machine and the Hyper-V host.

Hyper-V Heartbeat Service. The Hyper-V host uses this service to verify if an operating system that is
running on a virtual machine is responding to requests.

Hyper-V Volume Shadow Copy Requestor. When operating systems on virtual machines support
VSS, the Hyper-V Volume Shadow Copy Requestor service allows the Hyper-V host to request the
synchronization and backup of a running virtual machine.

Hyper-V Remote Desktop Virtualization Service. This service enables the Remote Desktop
Virtualization Host to communicate with and manage virtual machines that are part of a VDI
collection.

MCT USE ONLY. STUDENT USE PROHIBITED

3-22 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Hyper-V Guest Service Interface. This is a new integration service in Hyper-V in Windows
Server 2012 R2. It enables enhanced session mode communication with virtual machines, including
device redirection, shared Clipboard, and drag-and-drop functionality between the Hyper-V host and
virtual machines.

In virtual machine settings, on the Integration Services page, you can control which Integration Services
will be offered to a virtual machine. To use Integration Services, you must install it and ensure that the
operating system that is running on the virtual machine supports it. When you have installed Integration
Services on the virtual machine, you can see the services among other services on the virtual machine. By
default, all Integration Services except Hyper-V Guest Service Interface are enabled for the virtual
machines that you create in Hyper-V in Windows Server 2012 R2.
You can find out which version of Integration Services is installed on a virtual machine by running the
following cmdlet:
Get-VM | Get-VMIntegrationService | ft VMName,PrimaryStatusDescription,OperationStatus

Note: Integration Services are available for Windows operating systems and supported
Linux operating systems. The current release of Integration Services for Linux adds support for
dynamic memory and for backing up a Linux virtual machine while it is running, in the same
manner as Windows-based virtual machines.
Question: Do you need to install Integration Services on a virtual machine if the operating
system on the virtual machine already includes it and is aware that it is running in a
virtualized environment?

Demonstration: Configuring Integration Services


In this demonstration, you will see how to configure Integration Services.

Demonstration Steps
1.

On LON-CL1, use a command prompt to make note of the local time, and then reset it to 11:00.

2.

On LON-CL1, verify the local time again, and then confirm that it was set back automatically to its
previous value.

3.

On LON-HOST1, use Hyper-V Manager, to disable Time synchronization Integration Service for
20409B-LON-CL1.

4.

On LON-CL1, use a command prompt to set the local time to 11:00.

5.

Confirm that the local time is now a few second after 11:00, as the time in virtual machine is no
longer synchronizing with the Hyper-V host.

6.

Use Device Manager to confirm that virtual machine is using the Microsoft Hyper-V Video adapter
and several System devices with Hyper-V in their name, including Microsoft Hyper-V Dynamic
Memory. All those of these virtual devices are provided as part of Integration Services.

Using a Virtual Fibre Channel Adapter


The virtual Fibre Channel adapter in Hyper-V
provides an operating system on a virtual machine
with direct access to a Fibre Channel SAN by using
a standard World Wide Name (WWN), which is
associated with each adapter. This enables you to
virtualize servers that require access to the Fibre
Channel SAN, for example, as shared storage in
guest failover cluster scenarios.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-23

Before using a virtual Fibre Channel adapter, you


must create virtual SANs on the Hyper-V host.
You can connect a Hyper-V host to multiple Fibre
Channel SANs through multiple Fibre Channel
ports. A virtual SAN defines a named group of physical Fibre Channel ports that are connected to the
same physical SAN. For example, a Hyper-V host can connect through two physical Fibre Channel ports to
a production SAN and a test SAN. You could configure two virtual SANs: one named Production SAN with
two physical Fibre Channel ports connected to the production SAN, and one named Test SAN, which has
two physical Fibre Channel ports connected to the test SAN. You can then use the same approach to
name two separate paths to a single storage target.
Virtual machines can have up to four virtual Fibre Channel adapters, and you can associate each with
a different virtual SAN. Each virtual Fibre Channel adapter connects with one or two WWN addresses.
Two WWN addresses are required for highly available virtual machines, and to maintain Fibre Channel
connectivity during live migration. You can set a WWN address automatically or manually.
If you want to use a virtual Fibre Channel adapter, your environment must meet the following
requirements:

The Hyper-V host must have one or more physical Fibre Channel host bus adapters (HBAs), which
support N_Port ID Virtualization.

Virtual machines must have Windows Server 2008 or a newer Windows Server operating system
installed to be able to use a virtual Fibre Channel adapter. Windows client operating systems do not
support the virtual Fibre Channel adapter.

A virtual Fibre Channel adapter is a synthetic adapter. Virtual machines can use a Fibre Channel SAN
for storing data, but storage that is accessed through a virtual Fibre Channel adapter cannot be used
as boot media.

When a virtual machine has virtual Fibre Channel adapters, consider the following limitations:

You cannot create checkpoints of the volumes that are stored on a Fibre Channel SAN.

Backups that are created on the Hyper-V host-by using the Hyper-V VSS provider do not include SAN
data. If you want to create a backup of the data on a Fibre Channel SAN, you should use a backup
program or a backup agent that is on the virtual machine.

Hyper-V cannot perform live migration of data that is stored on a Fibre Channel SAN.
Hyper-V Virtual Fibre Channel Overview
http://go.microsoft.com/fwlink/?LinkID=386691
Question: You have a Hyper-V host that has a Fibre Channel host bus adapter (HBA) and
access to a Fibre Channel SAN. Can you add a virtual Fibre Channel adapter to a virtual
machine that has Windows 8.1 installed and is on that Hyper-V host?

Lab A: Creating and Managing Virtual Hard Disks and


Virtual Machines
Scenario
A. Datum Corporation is continuing with its pilot virtualization project. You have deployed the
virtualization hosts by installing Hyper-V on Windows Server 2012 R2 in one of the subsidiaries. The
next step is to deploy virtual machines on these hosts.
Because the virtualization platform is new to A. Datum, you need to spend some time familiarizing
yourself with the Hyper-V features and components. To do this, you decide to deploy and evaluate
different hard disk types and virtual machine configurations.

Objectives
After completing this lab, you will be able to:

Create and manage virtual hard disks.

Create and manage virtual machines.

Lab Setup
Estimated Time: 70 minutes
Virtual machines: 20409B-LON-HOSTx, 20409B-LON-CLx, 20409B-LON-DC1, 20409B-LON-SS1
User name: Adatum\Administrator
Password: Pa$$w0rd

MCT USE ONLY. STUDENT USE PROHIBITED

3-24 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1.

Sign in to the LON-HOSTx computer as Adatum\Administrator with the password of Pa$$w0rd.

2.

On LON-HOST1, start Hyper-V Manager.

3.

In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.

4.

In the Actions pane, click Connect. Wait until the virtual machine starts.

5.

Sign in by using the following credentials:


o

User name: Adatum\Administrator

Password: Pa$$w0rd

6.

Repeat steps 3 and 4 for 20409B-LON-SS1.

7.

Repeat steps 3 through 5 for 20409B-LON-CLx. The letter x is 1 for the first student in the team,
and 2 for the second student in the team.

Note: Because you will be using the same virtual machines in the next lab, do not revert
the virtual machines. You will be working in pairs. Communicate clearly with your lab partner,
and cooperate fully with each other during this lab.

Exercise 1: Creating and Managing Virtual Hard Disks


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-25

In this exercise, you will create different types of virtual hard disks. You will use Hyper-V Manager
and Windows PowerShell to create the virtual hard disks and to explore the differences between them.
You will confirm that differencing virtual hard disks can already have some content when created, while
a fixed-size disk allocates its full size on the storage when created. You will also confirm that the
differencing virtual hard disk expands when you add data to it. You will add virtual disks to the virtual
machine and expand them while the virtual machine is running. You will also see how you can add a
directly attached disk to the virtual machine.
The main tasks for this exercise are as follows:
1.

Create virtual hard disks.

2.

Explore different virtual hard disk types.

3.

Manage virtual hard disks.

4.

Add a directly attached disk.

Task 1: Create virtual hard disks


1.

On LON-HOSTx, use the Set-VMHost cmdlet to set the virtual hard disk path to C:\Shares\VHDs,
and to set the virtual machine path to C:\Shares.

2.

Use the New Virtual Hard Disk Wizard in Hyper-V Manager to confirm that the default disk type for
VHD hard disk is Fixed size, and that the maximum size is 2,040 GB.

3.

Use Hyper-V Manager to create a new virtual hard disk with the following settings:

4.

Format: VHDX

Type: Dynamically expanding

Name: Dynamic.vhdx

Size: 100 GB

Use Hyper-V Manager to create a new virtual hard disk with the following settings:
o

Format: VHD

Type: Differencing

Name: Differencing.vhd

Parent: E:\Program Files\Microsoft Learning\base\Base14A-WS12R2.vhd

Note: The actual drive letter on which base images are stored can be different and, it
depends on the physical server configuration. Drive E is used in the instructions, but you should
use the drive on which base images are stored in your environment.
5.

In Windows PowerShell, use the New-VHD cmdlet to create a new virtual hard disk with the
following settings:
o

Path: C:\Shares\VHDs\Fixed.vhdx

Size: 1 GB

Type: Fixed size

Task 2: Explore different virtual hard disk types

MCT USE ONLY. STUDENT USE PROHIBITED

3-26 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

1.

On LON-HOSTx, in File Explorer, browse to C:\Shares\VHDx, and then confirm that Fixed.vhdx
allocates 1 GB disk space, while Dynamic.vhdx and Differencing.vhd allocates much less disk space.

2.

Use Hyper-V Manager to add Fixed.vhdx as a SCSI disk to LON-CLx.

3.

Use the Windows PowerShell Add-VMHardDiskDrive cmdlet twice to add both Dynamic.vhdx and
Differencing.vhd as SCSI disks to 20409B-LON-CLx.

4.

On LON-CLx, use Disk Management to confirm the following:


o

The computer now has multiple disks.

The last three disks have 1023 MB (1 GB), 100 GB, and 127 GB.

The last disk has two partitions, which are assigned letters E: and F:.

The first two disks have only unallocated space.

Note: Those are fixed, dynamically expanding, and differencing virtual hard disks that you
added in this task.
5.

Create a Simple Volume with default values on Disk 1.

6.

Create a Simple Volume with default values on Disk 2.

7.

Use File Explorer to confirm that there are multiple folders on volume F:.

8.

Copy folder C:\Windows\Inf to volumes F:, G:, and H:.

9.

On LON-HOSTx, in File Explorer, browse to C:\Shares\VHDx, and then confirm that Fixed.vhdx still
allocates 1 GB of disk space, while the size of Dynamic.vhdx and Differencing.vhd has increased. This
is because you copied content to them, but they are still allocating less space than Fixed.vhdx.

Task 3: Manage virtual hard disks


1.

On LON-HOSTx, use the Edit Virtual Hard Disk Wizard to expand Fixed.vhdx to 2 GB.

2.

Use the Edit Virtual Hard Disk Wizard to expand Dynamic.vhdx to 200 GB.

3.

On LON-CLx, use Disk Management to confirm that Disk 1 and Disk 2 have expanded and now have 1
GB and 100 GB of unallocated space. Note that Hyper-V expanded the virtual hard disks while the
virtual machine was running.

4.

On LON-HOSTx, use the Windows PowerShell cmdlet Remove-VMHardDiskDrive twice to remove


SCSI disks on locations 0 and 1 from 20409B-LON-CLx.

5.

Use the Edit Virtual Hard Disk Wizard to convert Dynamic.vhdx to VHD format, and then save it as
C:\Shares\VHDs\Converted.vhd.

6.

On LON-HOSTx, use File Explorer to confirm that Converted.vhd is created, and that that size of
Fixed.vhdx is now 2 GB.

Task 4: Add a directly attached disk


1.

On LON-HOSTx, use the iSCSI Initiator to connect to the target with Lab3 in the name, on the iSCSI
target with IP address 172.16.0.14.

2.

Use Disk Management to confirm that the disk is added to LON-HOSTx, and that it has a status of
Offline. Make note of its size.

Note: Two disks are added on LON-HOST1. One disk is added on LON-HOST2.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-27

3.

In the Settings for LON-CLx virtual machine, modify the settings of the SCSI Hard Disk to use
Physical hard disk.

4.

On LON-CLx, use Disk Management to confirm that Disk 1 displays that it has the same size as the
disk that was added to LON-HOSTx, and that it is not initialized. This is directly attached disk that was
added to LON-CLx.

5.

Create Simple Volume with default values on Disk 1.

6.

On LON-HOSTx, use the Windows PowerShell cmdlet Remove-VMHardDiskDrive to remove the


SCSI virtual hard disks from 20409B-LON-CLx.

7.

On LON-CLx, use Disk Management to confirm that Disk 1 no longer displays.

8.

On LON-HOSTx, use the iSCSI Initiator to disconnect the existing iSCSI target.

Results: After completing this exercise, you should have created and managed virtual hard disks.

Exercise 2: Creating and Managing Virtual Machines


Scenario

You were asked to create and demonstrate the differences between Generation 1 and Generation 2 virtual
machines. You first will create the virtual machines by using different administrative tools, and then you
will review this configuration and modify it. You will also explore how to enable dynamic memory and
how virtual machines use it. You will also see how to configure storage for QoS. In the last task, you will
configure Integration Services for virtual machines and explore how the time synchronization service
works.
The main tasks for this exercise are as follows:
1.

Create virtual machines.

2.

Manage virtual machines.

3.

Work with dynamic memory.

4.

Work with storage Quality of Service management.

5.

Configure Integration Services.

Task 1: Create virtual machines


1.

On LON-HOSTx, use Hyper-V Manager to create a new virtual machine with the following settings:
o

Name: LON-VM2

Generation: Generation 2

Startup Memory: 1024 MB

Use Dynamic Memory: Enabled

2.

3.

Use the Windows PowerShell cmdlet New-VM to create a new virtual machine with the following
settings:
o

Name: LON-VM1

Generation: Generation 1

Startup Memory: 1 GB

Boot Device: IDE

Use the Windows PowerShell cmdlet Add-VMHardDiskDrive to add the


C:\Shares\VHDs\Differencing.vhd disk to the IDE Controller of LON-VM1.

Task 2: Manage virtual machines

MCT USE ONLY. STUDENT USE PROHIBITED

3-28 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

1.

On LON-HOSTx, use Hyper-V Manager to confirm that three types of hardware display in the Add
Hardware section in the details pane for LON-VM2. Confirm also that no BIOS, IDE Controllers,
COM ports and Diskette Drive display, but Firmware does displays.

2.

Set Hard Drive as the first boot device for LON-VM2.

3.

For LON-VM1, use Hyper-V Manager to confirm that you can add five hardware types to LON-VM1.
Confirm also that BIOS, IDE Controllers, COM ports, and Diskette Drive display, but Firmware
does not display.

4.

Confirm that you can change Startup order, but you cannot set Secure Boot for LON-VM1. Also,
confirm that LON-VM1 is not configured to use Dynamic Memory, and it has a single Network
Adapter.

5.

Use the Windows PowerShell cmdlet Set-VM to enable dynamic memory for LON-VM1.

6.

Use the Windows PowerShell cmdlet Add-VMNetworkAdapter to add a network adapter to


LON-VM1.

7.

Use Hyper-V Manager to confirm that LON-VM1 is using Dynamic Memory, and that LON-VM1 has
two Network Adapters.

Task 3: Work with dynamic memory


1.

Use Hyper-V Manager to confirm that LON-CLx is configured to use Dynamic Memory.

2.

In Hyper-V Manager, make note of the currently Assigned Memory for the LON-CLx virtual machine.

3.

On LON-CLx, run the following two commands:


C:\LabFiles\Mod03
.\TestLimit64.exe d 400 c 1

4.

On LON-HOSTx, use Hyper-V Manager to confirm that LON-CLx is using more memory.

5.

Wait a few minutes, and then verify that the Assigned Memory for LON-CLx has decreased.

Task 4: Work with storage Quality of Service management


1.

On LON-CLx, run the following command:


C:\LabFiles\Mod03\sqlio.exe

2.

After the test completes, make note of the IOs/sec result.

3.

On LON-HOSTx, use Hyper-V Manager to select Enable Quality of Service management, type 100
as Minimum and 200 as Maximum for Hard Drive under IDE Controller 0.

4.

On LON-CLx, run the following command again:


C:\LabFiles\Mod03\sqlio.exe

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-29

5.

After the test completes, verify the IOs/sec result, and then confirm that it is close to 200, which is the
limit you set and that it is considerably lower than the first result.

6.

On LON-HOSTx, in Windows PowerShell, use the cmdlet Set-VMHardDiskDrive to disable Quality of


Service management for IDE Hard Disk on 20409B-LON-CLx.

Task 5: Configure Integration Services


1.

On LON-CLx, open the Services console, and then confirm that Hyper-V Time Synchronization Service
is running.

2.

On LON-CLx, verify the local time, and set it to 11:00.

3.

On LON-CLx, verify the local time again, and then confirm that it was set back automatically to its
previous value, as Integration Services automatically synchronizes the time on LON-CLx with the time
on LON-HOSTx.

4.

On LON-HOSTx, use Hyper-V Manager to disable the Time synchronization Integration Service for
LON-CLx.

5.

On LON-CLx, confirm that Hyper-V Time Synchronization Service is not running.

6.

On LON-CLx, set the local time to 11:00. Confirm that the local time is now a few seconds after
11:00, as time on the virtual machine is no longer synchronizing with the Hyper-V host.

7.

Use Device Manager to confirm that the virtual machine is using the Microsoft Hyper-V Video
adapter, and several System devices with Hyper-V in their name, including Microsoft Hyper-V
Dynamic Memory. All of these virtual devices are provided as part of Integration Services.

8.

On LON-HOSTx, use the Windows PowerShell cmdlet Enable-VMIntegrationService to enable time


synchronization for 20409B-LON-CLx.

9.

On LON-CLx, confirm that the time on the virtual machine is synchronized once again with the time
on LON-HOSTx.

Results: After completing this exercise, you should have created and managed virtual machines.

Lesson 3

Installing and Importing Virtual Machines

MCT USE ONLY. STUDENT USE PROHIBITED

3-30 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

When you need to install an operating system on a virtual machine, you have more options than when
you install an operating system on a physical computer. In both cases, you can use network installation
or installation media such as a CD, DVD, or .iso image. However, with virtual machines, you also have the
options of importing a virtual machine by using a differencing virtual hard disk and then pointing it to a
virtual hard disk with a preinstalled operating system, or by migrating an existing physical computer.
In this lesson, you will learn about the different methods of installing an operating system on a virtual
machine. You will learn about Virtual Machine Connection and how to customize it. This lesson also
describes enhanced session mode and explains its benefits.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the various methods of installing a virtual machine.

Describe the process of importing virtual machines.

Import a virtual machine.

Describe the process of virtualizing a physical computer.

Describe the Virtual Machine Connection application.

Describe enhanced session mode.

Use enhanced session mode.

Virtual Machine Installation Methods


After you create and configure a virtual machine,
you can install an operating system on it. On a
Generation 1 virtual machine, you can install any
operating system that does not have specific
hardware requirements, including non-Microsoft
operating systems. The operating system might
not be virtualization-aware. However, on a
Generation 2 virtual machine, you can only install
Windows Server 2012, 64-bit Windows 8, and
newer 64-bit Windows operating systems.

Installing an operating system on a virtual


machine is not much different from installing an
operating system on a physical computer. However, you can benefit from some virtualization features
that are not available with physical computers, such as differencing virtual hard disks. When installing an
operating system on a virtual machine, you have the following options:

Install an operating system from a bootable CD or DVD. A virtual machine can start from physical
CD or DVD media that is attached to the Hyper-V host. You should be aware that only one virtual
machine can use the physical drive at a time on the Hyper-V host. To use this option, insert the
installation media in the Hyper-V host drive, and then start the virtual machine. If you have already

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-31

created the virtual machine, you first will need to capture the physical CD/DVD drive. The virtual
machine will start from the physical media, and installation will progress as it would on a physical
computer.

Install an operating system from an .iso file. Installing a virtual machine from an .iso file is very similar
to the previous method, the only difference being that it uses an .iso image instead of physical media.
The benefit of this method is that multiple virtual machines can use the same .iso image
simultaneously.

Install an operating system from a network-based installation server. If you have Windows
Deployment Services (DS) on the network, you can use this option to install the operating system on
the virtual machines. A Generation 1 virtual machine can start from the network by using PXE only if
you configured it with a legacy network adapter, whereas a Generation 2 virtual machine has no such
limitations. When the virtual machine starts from the network adapter, the installation procedure is
the same as on a physical computer, where you typically have to press the F12 key to connect to
Windows DS.

Copy a virtual hard disk file. If you have a virtual machine that already has an operating system, you
can copy its virtual hard disk file, and then use the copied disk file for the new virtual machine. This
process is similar to cloning physical computers, and you should generalize the virtual hard disk
before copying it by running the Sysprep command to avoid duplicate name and security identifier
(SID).

Use differencing virtual hard disks. If you have a virtual hard disk with an installed operating system,
you can use it as a parent for a differencing virtual hard disk, and then configure the virtual machine
to use the differencing virtual hard disk. You should first generalize the parent disk. Keep in mind that
you should not modify a parent virtual hard disk after you have connected child differencing virtual
hard disks to it.
Question: Can you install an operating system on a virtual machine by using a USB flash
drive?

Importing Virtual Machines


Prior to Hyper-V in Windows Server 2012, if
you wanted to move a virtual machine between
Hyper-V hosts, you first had to export the virtual
machine, copy the exported files to the target
Hyper-V host, and then import the virtual
machine. If the Hyper-V hosts were configured
differently, for example, if they were not
configured with the virtual switch with the
same name, then the imported virtual machine
potentially would not start, or it would not have
network connectivity.

In Hyper-V in Windows Server 2012, the same


export and import process still works, but the import process has been enhanced considerably, and the
export process is no longer required. You can simply copy virtual machine data files between Hyper-V
hosts and then run the Import Virtual Machine Wizard at the destination Hyper-V host to import virtual
machines. The Import Virtual Machine Wizard detects and fixes more than 40 types of incompatibilities
between Hyper-V hosts. It prompts you to provide missing information, such as the location of a parent
virtual hard disk or virtual switch to which the virtual machine should be connected, when the appropriate

virtual switch is not available at the destination Hyper-V host. When importing a virtual machine, the
Import Virtual Machine Wizard performs the following steps:

MCT USE ONLY. STUDENT USE PROHIBITED

3-32 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

1.

Creates a copy of the virtual machine configuration file as a precaution for an unexpected reboot, for
example, because of a power outage.

2.

Validates hardware and compares the information in the virtual machine configuration file with the
physical hardware on the target Hyper-V host. For example, consider a scenario in which the source
Hyper-V host has 16 processors, and the virtual machine is configured to use all of them. However,
the destination Hyper-V host has only eight processors. The wizard will detect such issues.

3.

Compiles a list of incompatibilities. The list identifies which virtual machine settings you should
reconfigure to import the virtual machine successfully. For example, if a virtual machine is using a
virtual switch that is not available on the target Hyper-V host, you should connect the virtual machine
to a different virtual switch. The incompatibilities determine which pages appear next in the wizard.

4.

Displays the relevant pages, one category at a time. The wizard identifies incompatibilities and asks
you for the new configuration so that virtual machine settings are compatible with the target Hyper-V
host.

5.

Removes the copy of the configuration file. After the wizard finishes running, the virtual machine is
imported, and you can start it.

When you are importing virtual machines from previous Hyper-V versions, you should consider the
following limitations:

You cannot start an imported virtual machine from a saved state if it was created on Hyper-V prior to
Windows Server 2012 or on a different CPU architecture.

You cannot start an imported virtual machine from a checkpoint if it was created while the virtual
machine was running on Hyper-V prior to Windows Server 2012 or on a different CPU architecture.

After the virtual machine import completes, you should update Integration Services on the virtual
machine.
Simplified Import Overview
http://go.microsoft.com/fwlink/?LinkID=386692
Question: Can you import a virtual machine that is configured with 16 processors to a
Hyper-V host that has two quad core CPUs?

Demonstration: Importing a Virtual Machine


In this demonstration, you will see how to import a virtual machine.

Demonstration Steps
1.

2.

On LON-HOST1, use Hyper-V Manager to import a virtual machine by using the following settings:
o

Virtual Machine in Folder: C:\VirtualMachines\LON-EXPORT\

Number of virtual processors: 1

Connect to Network: External Network

You will receive an error message because the parent virtual hard disk was not found.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-33

3.

In Hyper-V Manager, use the Edit Virtual Hard Disk Wizard to link the C:\VirtualMachines
\LON-EXPORT\Virtual Hard Disks\LON-EXPORT.vhd virtual hard disk to the following parent disk:
E:\Program Files\Microsoft Learning\Base\Base14A-WS12R2.vhd. Note that this path might
differ based on the host machine.

4.

Use Hyper-V Manager to import the LON-EXPORT virtual machine again.

Virtualizing a Physical Computer


When you create a new virtual machine in
Hyper-V Manager, it contains an empty virtual
hard disk by default. However, sometimes you
need to create a virtual machine that already has
an installed operating system, or you need to
convert a physical computer to a virtual machine.
To create a new virtual machine with an installed
operating system, you can use one of the
following options:

Create a virtual machine and perform the


operating system installation.

Create a virtual machine that uses an existing


virtual hard disk with a preinstalled operating system.

Create a differencing virtual hard disk that uses a virtual hard disk with a generalized operating
system as its parent, and configure a virtual machine to use that differencing virtual hard disk.

Virtualize the content of the existing physical computer.

Remember that Hyper-V does not include virtual-to-physical functionality. Products such as Microsoft
System Center 2012 - VMM include real physical-to-virtual machine conversion (P2V conversion)
solutions. However, you can still use Hyper-V to move the content of physical disks into the virtual hard
disks.

When you create a new virtual hard disk, you can use Hyper-V to duplicate the contents of a physical disk
into a new virtual hard disk. Before you use the New Virtual Hard Disk Wizard method of migrating data
from a physical disk to a virtual hard disk, you should consider several factors. One of these factors is that
the wizard is limited to copying the entire physical disk only, not a volume or a partition. In addition,
the wizard should be used only with data disks because migrating physical disks that contain operating
systems (boot and system disks) is not supported. Depending on the size of the physical disk, this process
can take a considerable amount of time. Once you create the virtual hard disk, you then can add it to the
virtual machine and access data on it.
Note: You can also create a new virtual hard disk by using the Disk Management or
Diskpart tool, attaching a virtual hard disk as a new disk on a Hyper-V host, and then copying the
content to the disk.

Disk2vhd

When you want to create a virtual hard disk from the content of a physical disk, including system and
boot partitions, you can use the Disk2vhd tool. The Disk2vhd tool is available on the Microsoft website as
a free download. When you run Disk2vhd on a physical computer, it will show you the available volumes

that you can convert. The tool uses VSS, which is part of the Windows operating system, to create
consistent, point-in-time snapshots and write them into virtual hard disks while the physical computer
is running.
Disk2vhd v2.0
http://go.microsoft.com/fwlink/?LinkID=386697

MCT USE ONLY. STUDENT USE PROHIBITED

3-34 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

After Disk2vhd creates a virtual hard disk, you can attach it to a virtual machine. If a virtual hard disk
contains only data files, you can add it to any virtual storage controller. If you used Disk2vhd to convert
a system partition and you want the virtual machine to be able to start from that virtual hard disk, you
should add it to the virtual IDE controller of a Generation 1 virtual machine or the virtual SCSI controller
of a Generation 2 virtual machine.
When you start the virtual machine that is using the virtual hard disk for the first time, the Windows
operating system will detect different hardware and will install appropriate drivers automatically. You
should not forget to install or update Integration Services on the virtual machine.
Note: Remember that the virtual machine has the same identity as the original system; you
should not connect it to the same network as the physical computer.
Question: Do you need to shut down a physical computer during the P2V conversion
process?

The Virtual Machine Connection Application


Virtual Machine Connection is a Hyper-V feature
that you can use to connect to and manage virtual
machines that run on a local or remote Hyper-V
host. This tool is installed as part of the Hyper-V
role or the Remote Server Administration Tools
(RSAT) feature. There are several ways to connect
to virtual machines by using Virtual Machine
Connection. You can double-click the virtual
machine in Hyper-V Manager, or right-click the
virtual machine and then click Connect, or run
Vmconnect.exe.

Regardless of how you connect, each virtual


machine opens in a separate Virtual Connection Manager window, with the name of the virtual machine
appearing in the title bar along with the Hyper-V host the virtual machine is running. In this way, you can
distinguish between connections.

By default, Virtual Machine Connection connects remotely by using TCP port 2179, which you can modify
in the registry at HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization. Virtual
Machine Connection uses the Remote Desktop Protocol (RDP) to connect to the Virtual Machine
Management service on the Hyper-V host, which listens for incoming connection requests on TCP port
2179. Although Virtual Machine Connection uses RDP to connect to virtual machines, the operating
system on the virtual machine does not have to support Remote Desktop connections to connect to the
virtual machine. Virtual Machine Connection simply is a shell and uses the same ActiveX control that the
Remote Desktop Connection client uses to connect to virtual machines.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-35

You can use Virtual Machine Connection to establish only a single connection to the virtual machine. If
a connection is already established and the second user establishes a connection to the same virtual
machine, the first user will disconnect and the second user will take over the session. This can cause
privacy and security issues because the second user will be able to view the first user's desktop,
documents, and applications.

Any user with Console Read or Console Read/Write operations permissions in the authorization policy
can connect to the virtual machine. This includes members of Hyper-V Administrators and Administrators
groups on the Hyper-V host. You can use the Windows PowerShell Grant-VMConnectAccess and
Revoke-VMConnectAccess cmdlets to grant and revoke permissions to a virtual machine. For example,
if you want to grant permissions to a user named User1 in the Contoso domain for connecting to a virtual
machine named VM1, you could run the following cmdlet:
Grant-VMConnectAccess -VMName VM1 -UserName "Contoso\user1"

Question: Do you have to use Virtual Machine Connection if you want to connect to a
virtual machine?

Overview of Enhanced Session Mode


Hyper-V uses the Virtual Machine Connection
application to connect to virtual machines by
using RDP. Until Windows Server 2012 R2,
Virtual Machine Connection provided only
basic redirection of the virtual machine screen,
keyboard, and a mouse, similar to how a KVM
(Keyboard Video Mouse) switch over IP does.
Virtual Machine Connection also historically
provided limited copy and paste functionality,
which only supported text and not any other
content, such as graphics or files. To work around
this, you could configure and use Remote Desktop
on a virtual machine for a richer experience, but this requires the virtual machine to have network
connectivity and uses one of the available Remote Desktop connections on the virtual machine. In
addition, the Windows client operating system supports only one Remote Desktop connection.

Virtual Machine Connection in Windows Server 2012 R2 is improved and includes support for enhanced
session mode. This functionality has specific requirements. For example, the Hyper-V host policy must
allow it, and an enhanced session can be used only with virtual machines that are running supported
operating systems. When using enhanced session mode, you get a considerably better experience and
the same features as Remote Desktop Services (RDS), but without requiring the virtual machine to have
network connectivity or using the Remote Desktop functionality of the guest operating system. With
enhanced session mode, you can redirect local drives, printers, USB, and other devices to the virtual
machine, and you can use a shared Clipboard, redirected folders, rich copy and paste for copying files
or graphics, and redirected sound from virtual machines.

Enhanced session mode depends on RDS in the virtual machine, which is why it is available only when
the virtual machine is running a supported operating system. Currently supported operating systems are
Windows 8.1 and Windows Server 2012 R2.

Enhanced session mode establishes a Remote Desktop session over VMBus, which is available even when
the virtual machine is not connected to the virtual switch, and when connecting to virtual machines that
are running on a local or remote Hyper-V host. When you use enhanced session mode for connecting to

MCT USE ONLY. STUDENT USE PROHIBITED

3-36 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

virtual machines, you have access to the entire Remote Desktop experience. This includes configuring
the parameters of a session that you can save for future connections to the same virtual machine. You
can also sign in to the virtual machine. When you use simple mode, you connect to the virtual machine
without having to sign in. You can use enhanced session mode to connect only to virtual machines that
are already running. If the virtual machine is turned off, you can connect to it only by using simple mode.
You configure enhanced session mode at three different levels. On the Hyper-V host level, you configure
Enhanced Session Mode Policy, which controls if the Hyper-V host will allow enhanced session mode
connections to virtual machines that are running on this server. At the user settings level, you configure
enhanced session mode, which controls whether Virtual Machine Connection will attempt to use
enhanced session mode when establishing connections with virtual machines. On the virtual machine
level, you can control whether Guest services Integration Service is enabled (in other words, if the virtual
machine offers enhanced session mode.) In addition, the operating system in a virtual machine must
support enhanced session mode, which means that it must be either Windows 8.1 or Windows Server
2012 R2.
Virtual Machine Connection - Enhanced Session Mode Overview
http://go.microsoft.com/fwlink/?LinkID=386665
Question: Can you use enhanced session mode to start a virtual machine from a USB device?

Demonstration: Using Enhanced Session Mode


In this demonstration, you will see how to use enhanced session mode.

Demonstration Steps
1.

On LON-HOST1, confirm that when Virtual Machine Connection with LON-CL1 opens, your previous
session displays.

2.

On LON-HOST1, use Hyper-V Manager to configure Allow enhanced session mode.

3.

Use Hyper-V Manager to connect to 20409B-LON-CL1. Confirm that local drives are redirected.

4.

Confirm that you are not signed in automatically to LON-CL1, and then sign in as
ADATUM\administrator, with Pa$$w0rd as the password.

5.

On LON-HOST1, use File Explorer to browse to C:\Windows, and then copy Write.exe.

6.

On LON-CL1, paste Write.exe on the desktop.

7.

On LON-CL1, use File Explorer to confirm that drives from LON-HOST1 are mapped to a virtual
machine.

8.

On LON-CL1, confirm that Remote Desktop is disabled.

Lesson 4

Managing Virtual Machine Checkpoints

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-37

A Checkpoint is a Hyper-V feature that you can use to create a point-in-time snapshot of a virtual
machine, and then revert to it if needed. In previous versions of Hyper-V, this feature was called a
snapshot, and you can still see references to it. The primary benefit of checkpoints in Hyper-V is that you
can use them to create hierarchies of changes quickly and easily, and then revert to them at any time.
Checkpoints can be quite useful in some scenarios, such as when testing Windows operating system
updates. However, you must use checkpoints carefully to avoid issues, especially when reverting virtual
machines in distributed environments such as Active Directory Domain Services (AD DS). This lesson
describes how to create and work with virtual machine checkpoints.

Lesson Objectives
After completing this lesson, you will be able to:

Describe virtual machine checkpoints.

Explain how Hyper-V implements checkpoints.

Describe checkpoints at file level.

Describe how to export virtual machines and checkpoints.

Work with checkpoints.

Describe issues with checkpoints in distributed environments.

Describe checkpoints and virtual machine Generation ID.

What Are Virtual Machine Checkpoints?

When a virtual machine is running, changes are


written to both its memory and virtual hard disk.
Checkpoints are a Hyper-V feature that you can
use to create a point-in-time snapshot of a virtual
machine, including its configuration, memory,
and disk state. You can create checkpoints when
a virtual machine is running, turned off, or in a
saved state, but not when it is in a paused state.
You can create multiple checkpoints of a virtual
machine and revert it to any of the previous
states for which checkpoints exist by applying a
checkpoint to the virtual machine. Checkpoints do
not affect the running state of a virtual machine, but they can affect virtual machine performance, as they
are implemented by using differencing virtual hard disks.
Note: Do not edit or modify a virtual hard disk file when it is used by a virtual machine that
has checkpoints.

Checkpoints can be useful when you need to revert virtual machines to an earlier state. You can undo
all the changes that took place after the specified state, such as those that occurred during testing,
development, or in a training environment. Conversely, checkpoints in production environments can
cause serious issues, such as losing user data. When running on a virtual machine, Windows Server 2012

works much better at detecting if the virtual machine was reverted, and if so, to avoid issues that this
might cause. Some functionality, such as Hyper-V Replica or pooled desktops in VDI deployments,
depends on the use of checkpoints.

Creating Checkpoints

MCT USE ONLY. STUDENT USE PROHIBITED

3-38 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

When you create a checkpoint, the result is always the same, irrespective of the method you choose.
After you create a checkpoint, you should not modify its files directly on the disk because this could cause
problems with the checkpoint or even with the running virtual machine. You can create checkpoints in
one of the following ways:

In Hyper-V Manager, you can highlight a virtual machine, right-click it, and then click Checkpoint, or
in the Action pane, click Checkpoint.

You can use Virtual Machine Connection by clicking Checkpoint in the Action menu, or by using the
Windows PowerShell cmdlet Checkpoint-VM.

Factors to Consider
When you are considering checkpoints, you should be aware of the following factors:

When you create a checkpoint of a virtual machine, the virtual machine is configured with a
differencing virtual hard disk even if it was using a fixed-size virtual hard disk before. Differencing
virtual hard disks might perform slower than normal disks because the two files (base and
differencing) need to be read from.

If a virtual machine is using directly attached disks, you cannot create checkpoints of those disks
because they do not support differencing virtual hard disks.

Checkpoints require additional storage space. If you create a checkpoint of a running virtual machine,
it also contains a virtual machine memory snapshot, and taking multiple checkpoints can use up a
large amount of storage space.

Although you can use checkpoints to revert a virtual machine to an earlier point in time, you should
not consider them backups. Even if you use checkpoints, you should still make regular backups.

If you no longer need a checkpoint, you should delete it immediately. However, this can cause
merging of differencing virtual hard disks. Prior to Windows Server 2012, merging of the differencing
virtual hard disks happened only after you turned off the virtual machine. In Windows Server 2012
and newer, the merging process happens asynchronously in the background while the virtual
machine is running.

A virtual machine is limited to 50 checkpoints. The actual number of checkpoints might be lower,
depending on the available storage.
Hyper-V Virtual Machine Snapshots: FAQ
http://go.microsoft.com/fwlink/?LinkID=386687
Question: Which checkpoint requires more space: a checkpoint of a running virtual machine,
or a checkpoint of a virtual machine that is turned off?

Implementing Hyper-V Checkpoints


Checkpoints consist of several files that represent
the complete state of a virtual machine at a
certain moment in the past. Because you cannot
modify a previous state, checkpoints are readonly, and you cannot modify one after you create
it. You can only view a checkpoint, change its
name, or delete it. You use checkpoints to revert
virtual machines back to the state they were in
when you created the checkpoints.

Creating Checkpoints
When you create a checkpoint, Hyper-V performs
the following steps in the background:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-39

1.

Pauses the virtual machine.

2.

For each virtual hard disk that the virtual machine is using, Hyper-V creates a differencing virtual hard
disk, configures it to use the virtual machine's virtual hard disk as a parent, and then updates virtual
machine settings to use the created differencing virtual hard disk.

3.

Creates a copy of the virtual machine configuration file.

4.

Resumes the running of the virtual machine.

5.

Saves the content of the virtual machine memory to disk.

Because the virtual machine is paused before the checkpoint is created, you cannot create a checkpoint
of a virtual machine that is in a paused state. As the virtual machine resumes, while the memory is saving
to the disk, Hyper-V intercepts memory changes that have not yet been written to the disk, writes the
memory pages to the disk, and then modifies the virtual machine memory. Creating a checkpoint can take
considerable time, depending on virtual machine memory, Hyper-V host utilization, storage speed, and
what is running on the virtual machine. However, the process is transparent, and users who are connected
to the virtual machine do not experience any outage.

Virtual Machine Checkpoint Files


A virtual machine checkpoint can consist of the following files:

Virtual machine configuration file (*.xml)

Virtual machine saved state file (*.vsv)

Virtual machine memory content (*.bin)

Checkpoint differencing virtual hard disks (*.avhd)

Hyper-V creates the virtual machine saved state file and the virtual machine memory content file only if a
checkpoint is created while the virtual machine is running, and not if the virtual machine is turned off.

The location of virtual machine checkpoint files is configured for each virtual machine, and by default, it is
the same location where the virtual machine configuration is stored. When you create the first checkpoint,
Hyper-V creates a Snapshots subfolder and stores checkpoint files there. You can modify the location of
the checkpoint files only until the first checkpoint is created. After this, the checkpoint file location setting
is read-only. You can modify this setting only after deleting all checkpoints or by using live storage
migration in Hyper-V Manager (the Move Virtual Machine Wizard).

Using Checkpoints
When you select a checkpoint, the following options are available in the Actions pane:

MCT USE ONLY. STUDENT USE PROHIBITED

3-40 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Settings. Opens the virtual machine settings that were effective at the moment the checkpoint was
created. All of the settings are read-only because you cannot change the configuration that was used
in the past. The only settings that you can modify are the checkpoint name and the notes that are
associated with the checkpoint.

Apply. Applies a checkpoint to a virtual machine, which means that you want to return the virtual
machine to the exact historical state it was in. When you apply a checkpoint, any change in the virtual
machine since the last checkpoint was made is lost. Before applying a checkpoint, Hyper-V prompts
you to create a new checkpoint to avoid possible data loss.

Export. Exports a virtual machine checkpoint, which will create an exact copy of the virtual machine as
it existed at the moment you created the checkpoint.

Rename. Renames the checkpoint to provide better information about the state of the virtual
machine when you created the checkpoint. The checkpoint name is independent of the checkpoint
content, and by default, it contains the date and time of checkpoint creation.

Delete Checkpoint. Deletes a checkpoint if you no longer want to be able to revert a virtual machine
to the state it was in when you created the checkpoint.

Delete Checkpoint Subtree. Deletes the selected checkpoint and any checkpoints that originate from
it. Checkpoints that originate from it are listed below it in the Checkpoint pane.

When you right-click a virtual machine with at least one checkpoint, you can also click the Revert option.
This returns a virtual machine to the last checkpoint.
Question: Can you modify the configuration of a virtual machine checkpoint if you created
that checkpoint when the virtual machine was turned off?

Overview of Checkpoints at File Level

When you create a checkpoint of a running virtual


machine, Hyper-V creates several files. Some of
these files, such as virtual machine configuration,
are quite small. Others, such as virtual machine
memory content, can be considerably larger, and
their sizes depend on the size of the memory that
the virtual machine is configured to use. However,
the largest in size and the greatest impact on
virtual machine performance are the differencing
virtual hard disks that checkpoints create. A
differencing virtual hard disk is small when you
create it, but its size increases through time
because it stores all the changes that the virtual machine writes to its virtual hard disk. Of all the disk
types that a virtual machine can use, differencing virtual hard disks have the worst performance, and its
performance can become even worse when you use multiple levels of differencing virtual hard disks in a
hierarchy, such as when you create multiple checkpoints for a virtual machine.

Each time you create a checkpoint, a new differencing virtual hard disk is created and configured to use
the previous virtual machine disk as a parent. For example, consider a virtual machine that is configured
with a fixed-size virtual hard disk named Disk1.vhd. When you create a checkpoint, a differencing virtual
hard disk is created, and it is configured to use Disk1.vhd as a parent. The virtual machine settings are

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-41

updated to use the differencing virtual hard disk as its virtual hard disk. The same sequence repeats when
you create a second checkpoint. The only difference is that it uses the previous differencing virtual hard
disk as its parent, and the virtual machine now has three virtual hard disks in a hierarchy. All changes that
the virtual machine makes are written into the last (differencing) virtual hard disk.
If you decide to apply the last checkpoint to the virtual machine, which effectively reverts it to the
moment when the last checkpoint was created, the last differencing virtual hard disk will be deleted.
All changes that were performed in the virtual machine since the last checkpoint will be lost, and a new
differencing virtual hard disk will be created with the same parent as the previous one.

When you no longer need the ability to revert a virtual machine to a first checkpoint, you can delete
it. This will delete the virtual machine configuration and virtual memory content from that checkpoint.
However, you cannot delete the differencing virtual hard disk that was created at that timeyou still need
it because the current disk content depends on it. When you delete the first checkpoint, the differencing
virtual hard disk will merge dynamically with the fixed parent virtual disk while the virtual machine is
running.
Note: Prior to Windows Server 2012, Hyper-V would merge virtual hard disks only after the
virtual machine was turned off.

If you want to apply the first checkpoint and create a branch, Hyper-V will delete the content of the
differencing virtual hard disk that was created during the last checkpoint. You will have the option to
create a new checkpoint prior to this. Hyper-V will create a new differencing virtual hard disk that will
use a fixed-size virtual hard disk as its parent. You can use checkpoint branches to have multiple different
states of the same virtual machine, where each state is independent from the others.
When you no longer need the last checkpoint and decide to delete it, you are effectively telling Hyper-V
that you no longer need to return to that moment in time. Because no other checkpoint depends on it, if
you want to delete the last checkpoint in a hierarchy, Hyper-V can in this case delete all checkpoint files,
including the differencing virtual hard disk.
Question: If a virtual machine is running and you delete a checkpoint, when will the parent
disk merge with the differencing virtual hard disk?
Question: How are multiple branches created in a checkpoint tree?

Exporting Virtual Machines and Checkpoints


In Hyper-V in Windows Server 2012 and newer,
you no longer need to export a virtual machine to
be able to import it later. You can simply copy a
virtual machine and its files to the new Hyper-V
host and then use the Import Virtual Machine
Wizard to specify the location of the virtual
machine and update its settings, if required. This
registers the virtual machine at the target Hyper-V
host and makes it available for use. You can also
transfer the virtual machine to removable media,
and recover virtual machines if the system disk
fails, but the data disk that stores the virtual
machines is still working.

MCT USE ONLY. STUDENT USE PROHIBITED

3-42 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

In Windows Server 2012 R2, you can perform a live export of a virtual machine or checkpoint. You can
export them while the virtual machine is running. In Hyper-V on Windows Server 2012, you first have
to save the state or shut down the virtual machine prior to performing the export. When you want to
perform an export, you need to specify a location to export the files. Export creates a subfolder and
consolidates virtual machine files there. If, for example, a virtual machine uses virtual disks from different
locations, after the export, all the virtual disks will be stored in the same folder. If a virtual machine is
using differencing virtual hard disks, Hyper-V exports all the parent disks. If multiple virtual machines are
exported and they all use the same parent disk, the parent disk is exported for each machine. This can
increase the total size of export considerably when you compare it to the size of virtual machines prior
to export. When you export a virtual machine, Hyper-V also exports all the checkpoints of that virtual
machine.
Exporting checkpoint exports only a single point-in-time snapshot of the virtual machine. The exported
virtual machine is the exact copy of the virtual machine at the moment you created the checkpoint. If
there are additional checkpoints in a hierarchy before the one you are exporting, which means that the
virtual machine is using the hierarchy of differencing virtual hard disks, all those differencing virtual hard
disks will be merged for the exported virtual machine.

After you import an exported virtual machine (when you export a checkpoint, the virtual machine is
exported without a checkpoint), you should update Integration Services on the virtual machine, especially
if the target Hyper-V host is running a newer version of Hyper-V. You should also be aware that if the
imported virtual machine contains a saved state or a checkpoint that was created when the virtual
machine was running, you will have to discard its memory content, if the saved state or checkpoint was
created on the Hyper-V host prior to Windows Server 2012, or if the Hyper-V host was running on a
different hardware architecture, such as Intel or AMD.
You can export a virtual machine or a checkpoint in the Hyper-V Manager console by right-clicking
it and then clicking Export. You can also use the Windows PowerShell cmdlets Export-VM and
Export-VMSnapshot to export a virtual machine or a checkpoint.
Question: Can you export a virtual machine checkpoint on a Hyper-V host that is running on
a physical server with Intel processors, and then import it to a Hyper-V host that has AMD
processors?

Demonstration: Working with Checkpoints


In this demonstration, you will see how to work with checkpoints.

Demonstration Steps
1.

Confirm that LON-VM1 is using the Differencing.vhd virtual hard disk.

2.

Create a checkpoint for LON-VM1.

3.

Start LON-VM1.

4.

Complete the setup by clicking Next, and then clicking I accept.

5.

On the Settings page, provide the password Pa$$w0rd.

6.

Sign in as Administrator by using the password Pa$$w0rd.

7.

Confirm that LON-VM1 is now using a virtual hard disk with a GUID in its name.

8.

On LON-VM1, create a folder named Folder1 on the desktop.

9.

Create a checkpoint for LON-VM1, and name it Folder1.

10. On LON-VM1, create a folder named Folder2 on the desktop.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-43

11. On LON-HOST1, use the Windows PowerShell cmdlet Checkpoint-VM to create a checkpoint for
LON-VM1, and name it Folder2.
12. Use the cmdlet Get-VMSnapshot to view existing checkpoints for LON-VM1.
13. Use Hyper-V Manager to confirm that LON-VM1 has three checkpoints. Apply the Folder1
checkpoint.
14. On LON-VM1, confirm that there is only one folder named Folder1 on the desktop.
15. On LON-VM1, on the desktop, create a folder named Folder1.1.
16. Use Hyper-V Manager to create a checkpoint for LON-VM1, and then rename it Folder1.1.

17. On LON-HOST1, use File Explorer to browse to C:\Shares\Snapshots, and then confirm that there
are four .xml files and four subfolders.

18. Confirm that the size of the oldest folder in the details pane is 0. This is because the first checkpoint
was created when LON-VM1 was turned off.
19. Confirm that each of other folders have larger sizes, as the other checkpoints were created while
LON-VM1 was running.

Issues with Checkpoints in Distributed Environments


Checkpoints are point-in-time snapshots of a
virtual machine. When you apply a checkpoint,
you effectively revert the virtual machine back to
the moment when you created the checkpoint.
Depending on the virtual machines role and
the applications that are installed on it, taking
a virtual machine back to a previous checkpoint
can have disastrous implications and might result
in data corruption. The following two types of
applications can be negatively affected when you
take a virtual machine back in time:

Cryptographic applications. Windows


provides API functions that generate random values with a high level of entropy. The checkpoint
captures the logic for creating these random values when you create a checkpoint, and this can
severely reduce the entropy of the random data. For example, consider the generation of GUIDs.
When the GUID value generates, it should be unique and never repeated. However, if you request a
GUID immediately after applying a checkpoint, there is a high probability that a duplicate GUID value
will generate each time the checkpoint is applied.

Applications that use vector-clock synchronization. Applying a checkpoint to a virtual machine can
corrupt applications that use vector-clock synchronization. Examples of such applications are AD DS,
Distributed File System (DFS) Replication, and Microsoft SQL Server replication. For these applications
to work, each member of a replica set must maintain a monotonically increasing logical clock. When
you apply a checkpoint, it reverts back the logical clock on the virtual machine, causing clock values
to associate to different transactions. As a result, members of the replica set will not converge to the
same state, thereby causing data corruption.

A checkpoint contains an exact snapshot of a virtual machine. Applications that run on a virtual machine
have no knowledge of checkpoints and have no way of detecting when you create or apply a checkpoint

MCT USE ONLY. STUDENT USE PROHIBITED

3-44 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

to a virtual machine. When you apply the checkpoint, you also undo all the changes in a virtual machine
that you made after creating the checkpoint. This can result in data loss and reversal of passwords to their
previous values.
Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100)
http://go.microsoft.com/fwlink/?LinkID=386693
Question: Can you prevent checkpoint creation from inside a virtual machine?

Checkpoints and Virtual Machine Generation ID


To address situations in which virtual machines are
reverted back to a previous checkpoint, Hyper-V
in Windows Server 2012 uses the virtual machine
Generation ID feature. Generation ID is a 64-bit
integer value that is associated with an instance
of a virtual machine configuration file. Every
checkpoint has its own configuration file, which
also means that it has a different Generation ID
value.
The Generation ID value is accessible to the
operating system through the virtual machine
BIOS, and it is unique across all virtual machine
configurations. An application in a virtual machine can read the Generation ID value when the virtual
machine starts or resumes and then compare it with the last value of which the application is aware.
If both values are the same, the state of the virtual machine did not change. For example, the virtual
machine was not cloned and a checkpoint was not applied, so the application can continue to run
normally.

If the previous and current Generation ID values are different, this means that the virtual machine identity
is not the same. This can be the result of different actions, such as creating a new virtual machine and
attaching it to a virtual hard disk with an installed operating system, restoring a system backup to a
different virtual machine, or applying the checkpoint to the existing virtual machine. When the application
detects a change in Generation ID, it should consider that it is running in a different virtual machine and
act accordingly. For example, when AD DS detects a change in Generation ID value, it updates its
InvocationID value and effectively modifies the identity of the domain controller.
To use the virtual machine Generation ID from inside a virtual machine, the following prerequisites apply:

The virtual machine must be running on a hypervisor that implements support for virtual machine
Generation ID. Several virtualization platforms meet this requirement, including Windows 8, Windows
Server 2012, and newer Windows operating systems, and VMware vSphere 5.0 update 2 and newer.

The virtual machine must be running an operating system that is aware of and is using Generation ID.
Windows 8, Windows Server 2012, and newer Windows operating systems meet this requirement:
o

If a virtual machine has Integration Services installed from Windows 8 or Windows Server 2012,
applications on other operating systems such as Windows Server 2008 Service Pack 2 or Windows
7 Service Pack 1 can also read the Generation ID value. These older operating systems are not
Generation IDaware, but applications that are running on the virtual machine can still read the
Generation ID value.

Note: The Generation ID value is projected into a virtual machine through an emulated
BIOS device, and Integration Services presents it as a Hyper-V Generation Counter. Because of
this, operating systems on a virtual machine can access the Generation ID value only if it has
Integration Services installed from Windows 8, Windows Server 2012, or newer.
Actions that will cause the Generation ID to change include:

The virtual machine starts from a checkpoint.

The same checkpoint is applied multiple times.

The virtual machine is restored from a backup.

The virtual machine is migrated by using System Center 2012 - VMM (Export and Import).

The virtual machine is imported.

Actions that will not cause the Generation ID to change include:

The virtual machine is live-migrated.

The virtual machine is paused or resumed.

The virtual machine is restarted.

The Hyper-V host is restarted.


Note: Virtualized domain controller cloning takes advantage of the Generation ID feature.

For more information, refer to the Virtual Machine Generation ID paper from the following website:
Microsoft Download Center
http://go.microsoft.com/fwlink/?LinkId=260709
Virtual machine generation identifier
http://go.microsoft.com/fwlink/?LinkID=386685
Question: Can you use Generation ID in a Windows Server 2008 R2 virtual machine?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-45

Lesson 5

Monitoring Hyper-V

MCT USE ONLY. STUDENT USE PROHIBITED

3-46 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Monitoring your virtualization environment is important. You are most likely already familiar with the
monitoring tools included with Windows Server 2012 R2, but you should remember that not all of them
are virtualization-aware. Only Performance Monitor can provide you with real performance data, and
when you install the Hyper-V role, many additional performance counters are added to Performance
Monitor. If you are more interested in chargeback data, you should enable and use resource metering,
which is included with Hyper-V in Windows Server 2012 and newer Windows Server operating systems.

Lesson Objectives
After completing this lesson, you should be able to:

Describe performance monitoring.

Explain different aspects of monitoring a Hyper-V host.

Describe virtual machine monitoring.

Use Performance Monitor to monitor Hyper-V.

Describe Hyper-V resource metering.

Overview of Performance Monitoring


Every application that runs on a server, including
the operating system itself, uses system resources.
Performance monitoring is the process of
capturing and analyzing data on how resources,
including memory, processors, disks, and
networks, are used. Regular performance
monitoring ensures that you have up-to-date
information on how your server is operating.
Performance data helps you recognize trends,
detect performance issues, and optimize system
resource usage. When you are troubleshooting
system problems, performance data provides an
insight into the behavior of system resources at the time the problem occurs. It also helps you decide
when to upgrade the server, and then determine whether the upgrade improved the servers
performance.
Windows Server 2012 R2 includes the following tools for monitoring system performance:

Task Manager. Task Manager displays real-time monitoring data for a local server. You can view
information related to running processes, performance data, resource use by connected users, and
detailed information on running processes and Windows Server services. You can customize Task
Manager, for example, to configure update speed or view additional details of running processes.
You can also start new tasks, disconnect users, and end tasks from the Task Manager.

Task Manager is often the first tool to use when performance-related problems occur. For example,
you might examine the running processes in Task Manager to determine if a particular program is
using excessive CPU resources. However, Task Manager only shows real-time utilization for the local
server. You cannot use it to monitor remote servers or to store performance data.

Note: The Performance tab in Task Manager shows overall CPU utilization. If you want to
view individual processor utilization on a multiprocessor server, you must change the graph to
the Logical Processor view.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-47

Resource Monitor. Resource Monitor provides an in-depth look at real-time performance for a
local server. You can use it to monitor the use and performance of CPU, disk, network, and memory.
By using Resource Monitor, you can identify and resolve resource conflicts and bottlenecks. By
expanding the monitored elements, you can identify which processes are using which resources.
Resource Monitor shows only real-time utilization for a local server.

Event Viewer. You can use Event Viewer to work with Windows events. Events are collected in
event logs and can occur locally, or they can be collected from remote computers. Events include
information, warnings, and errors on Windows components and installed applications. Events also
include performance events, such as a disk is almost full. You can filter events, create custom views,
and attach tasks to the events.

Reliability Monitor. Reliability Monitor provides an historical view of server reliability and problem
history. It assesses server stability on a scale from 1 to 10 and can show you hardware and software
problems that impacted the server during a specific period. If you want Reliability Monitor to start
collecting data, you first must enable the RACTask scheduled task.

Performance Monitor. This is the most robust and complete monitoring tool in Windows operating
systems. You can use it to view real-time performance for local and remote servers and to store
and view historical data, which is gathered by using data collector sets. In Performance Monitor,
you can also create performance counter alerts, which generate alerts and start tasks when the
performance counter is either less than or more than the specified value. You can monitor operating
system performance through performance objects and counters in the objects. When you install an
additional role, for example, Hyper-V, additional performance objects are added in Performance
Monitor.

Each server role uses processor, memory, disks, and networks, but it uses them differently.
Performance counters that are relevant for monitoring servers are different, based on the server roles.
For example, you should monitor different performance counters on a file server than on a Hyper-V
host or a domain controller.
Note: Microsoft System Center 2012 R2 - Operations Manager provides infrastructure
monitoring, alerts, and reporting for an enterprise environment.

For more information, refer to the Performance Tuning Guidelines for Windows Server 2012 paper from
the following website:
Microsoft Download Center
http://go.microsoft.com/fwlink/?LinkID=285313
Question: Which of the monitoring tools in Windows Server 2012 R2 must you first enable
to provide you with data after at least a few hours?

Monitoring a Hyper-V Host


Although Windows Server 2012 R2 includes
several tools for monitoring system performance,
not all of them are appropriate for monitoring
Hyper-V host performance. Tools such as
Task Manager and Resource Monitor are not
virtualization-aware. As such, they only display
utilization of the resources that are available
inside the virtual environment in which they run,
either the virtual machine or parent partition. For
example, a Hyper-V host can have the processor
at 60 percent utilization, but the Task Manager in
the parent partition is aware of and displays only
10 percent utilization because virtual machines use most of the processor resources.

MCT USE ONLY. STUDENT USE PROHIBITED

3-48 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

You should use Performance Monitor to monitor Hyper-V host performance. You can monitor memory,
disk, and network performance on the Hyper-V host in the same way, and by using the same performance
counters as on any other server. For example, you can monitor:

Disk latency by using the \Logical Disk(*)\Avg. sec/Read and \Logical Disk(*)\Avg. sec/Write
Performance Monitor counters. These performance counters measure the time that read and write
operations take to respond to the operating system. Requests from virtual machines and the parent
partition affect this counter. If one virtual machine accesses the disk heavily, this will increase disk
latency.

Available memory by monitoring the \Memory\Available MBytes Performance Monitor counter


on the Hyper-V host. This counter reports the amount of available physical memory in the parent
partition. When a virtual machine starts, its memory is no longer available for the parent partition
and is subtracted from this counter value. You can use the following two counters to provide you with
better insight into available memory to the Hyper-V host:

\Memory\Available Mbytes. This counter measures the amount of available physical memory to
processes that are running in the parent partition, expressed as a percentage of total physical
memory.

\Memory\Pages/sec. This counter measures the rate at which pages are read and written to
disk to resolve hard page faults. To resolve hard page faults, the Hyper-V host must swap the
contents of memory to disk. A high value for this counter in correlation with low available
physical memory might indicate insufficient physical memory on the Hyper-V host.

Network utilization on the Hyper-V host by using \Network Interface(*)\Bytes Total/sec and \Network
Interface(*)\Output Queue Length Performance Monitor counters.

Processor utilization on a Hyper-V host is measured differently than on a physical server. On a physical
server, you would monitor processor utilization by using the \Processor(*)\% Processor Time Performance
Monitor counter. However, on the Hyper-V host, this counter is not appropriate, because the parent
partition is treated as another virtual machine. Therefore, this counter monitors utilization of available
processor resources for the parent partition, not the entire physical Hyper-V host. To monitor total
processor utilization on the Hyper-V host, which includes parent partition and virtual machines, you
should use the \Hyper-V Hypervisor Logical Processor(_Total)\% Total Run Time Performance Monitor
counter. This counter measures the total percentage of time spent by the processor for running the
Hyper-V host and all the virtual machines on the Hyper-V host.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-49

You can use the following Performance Monitor counters to monitor processor usage on a Hyper-V host:

Hyper-V Hypervisor\Partitions. Monitors the number of virtual machines.

Hyper-V Hypervisor\Logical Processors. Monitors the number of logical processors.

Hyper-V Hypervisor\Virtual Processors. Monitors the number of virtual processors.

Hyper-V Hypervisor Logical Processor\% Total Run Time. Monitors the total non-idle time of the
logical processors.

Hyper-V Hypervisor Logical Processor\% Hypervisor Run Time. Monitors the non-idle time of the
logical processors for the Hyper-V host only.

Hyper-V Hypervisor Root Virtual Processor. Monitors processor utilization for the host (Hyper-V host)
operating system only.
Question: Can you use Performance Monitor in virtual machines to monitor Hyper-V host
performance?

Monitoring Virtual Machines

If you want to monitor virtual machine


performance, you should be aware that Hyper-V
counters are not available in Performance
Monitor, which is running on the virtual machine.
The monitoring tools on a virtual machine are
not aware that they are running inside of a virtual
environment. Although the virtual machine is
allocated only part of the Hyper-V host resources,
monitoring tools that are running on the virtual
machine see them as complete resources because
they would be running on a physical server. Task
Manager on the virtual machine, otherwise known
as the \Processor(*)\% Processor Time Performance Monitor counter, reports processor utilization relative
to the number of processors allocated to the virtual machine. If you add more processors to the virtual
machine, the value reported for the \Processor (*)\% Processor Time Performance Monitor counter will be
lower, even if processor utilization of the Hyper-V host is an issue. This happens because virtual processors
use the physical processors in a round robin fashion, and each virtual processor is allocated a share of the
overall system processor resources. In a physical four-processor system with virtual machines that utilize
four virtual processors, each virtual processor will be able to use 25 percent of the physical processor
resources. If eight virtual processors are used on the same Hyper-V host, for example, if there are four
virtual machines with two processors each, the combined virtual processors will attempt to use 200
percent of the physical processor capacity. In such an environment, each virtual processor will report low
\Processor(*)\% Processor Time utilization because utilization is low for the level it expects. Excessive
context switching between virtual processors will result in poor performance for each virtual machine.
On a Hyper-V host, you have Hyper-V hypervisor performance counters to monitor the performance of
both logical and virtual processors. A logical processor correlates directly to the number of processors on
the physical server. For example, single quad core processors correlate to four logical processors. Virtual
machines use virtual processors to execute the code. The virtual processors perform all the execution in
the parent partition and the virtual machines.

MCT USE ONLY. STUDENT USE PROHIBITED

3-50 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

You can use processor settings for the virtual machine to configure resource control and limit the
processor resources that the virtual machine can use. In the Resource control section, you can configure
the following settings:

Virtual machine reserve (percentage). Use this setting to reserve a certain portion of the Hyper-V host
processor resources for the virtual machine. By configuring this setting, you can ensure that the
virtual machine will always have at least that part of processor resources available to it. By default,
the virtual machine reserve is set to 0, which means that no processor resources are reserved.

Virtual machine limit (percentage). This setting limits processor resources that are available to the
virtual machine and prevents it from consuming an excessive amount of processor resources.

Percent of total system resources. This setting is read-only, and its value is set based on the virtual
machine limit, number of virtual processors, and the number of physical processors in the Hyper-V
host. For example, consider a virtual machine that is allowed to use 100 percent of the processor,
has a single virtual processor, and four physical processors in the Hyper-V host. In this case, the
percentage of total system resources is set to 25, because 100 percent utilization of one processor is
equal to 25 percent utilization of total Hyper-V processor resources.

Relative weight. Virtual machines with higher relative weights receive more processor time, and virtual
machines with lower relative weights receive less processor time. By default, all virtual machines are
assigned a relative weight of 100.
Question: How can you limit processor resources that a virtual machine can use?

Demonstration: Using Performance Monitor to Monitor Hyper-V


In this demonstration, you will see how to use Performance Monitor to monitor Hyper-V.

Demonstration Steps
1.

On LON-HOST1, start Performance Monitor, and then add the following counters:
o

Hyper-V Hypervisor Virtual Processor\% Guest Run Time for LON-CL1 instance

Hyper-V Virtual Storage Device\Read Operations/sec for the instance that refers to
20409B-LON-CLx

LogicalDisk\Disk Reads/sec for the C: instance

2.

Set Scale Selected Counters for Disk Reads/sec and Read Operations/Sec.

3.

On LON-CL1, run C:\LabFiles\Mod03\sqlio.exe in Windows PowerShell.

4.

On LON-HOST1, use Performance Monitor to follow how disk access increased in virtual machine and
on the Hyper-V host while sqlio.exe is running on the virtual machine.

5.

On LON-CL1, run C:\LabFiles\Mod03\Cpustres.exe in Windows PowerShell.

6.

In CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread Priority to
Highest and Activity to Busy.

7.

On LON-HOST1, use Performance Monitor to follow how processor utilization in a virtual machine
and on Hyper-V increases.

8.

On LON-HOST1, use Hyper-V Manager to view CPU Usage for the LON-CL1 virtual machine.

9.

Set Virtual machine limit (percentage) for LON-CL1 to 10.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-51

10. Use Hyper-V Manager to confirm that CPU Usage for the LON-CL1 virtual machine is considerably
lower.
11. On LON-CL1, close CPU Stress and Task Manager.

Resource Metering in Hyper-V

In a virtualized environment, you often need data


on resources that are used by virtual machines in
a given period. For example, you might need
resource data so that you can charge back the
business units that are using them. When you
create a virtual machine, you configure it with
processors, memory, disks, and network adapters.
It would be misleading to provide chargeback
data based only on virtual machine configuration
because resources that are used by virtual
machines change through time. For example,
virtual machine memory utilization is between the
minimum and maximum RAM configured when dynamic memory is used, processor utilization varies
depending on load, and the size of dynamically expanding disks increases until it reaches its configured
maximum size. Performance Monitor can provide real-time information on resources that virtual machines
use, but the tool is not practical for providing chargeback data.
Hyper-V in Windows Server 2012 includes resource metering, a feature that you can use to monitor
resource consumption over time, per virtual machine or resource pool. Resource pools are logical
containers that collect resources of the virtual machines that one business unit uses. When you use
resource pools, you can enable resource metering and query on resource use in the same way as for a
single virtual machine. Resource metering works with all Hyper-V operations. The movement of virtual
machines between Hyper-V hosts, for example, by using live migration, does not affect the data collection
process.
The following cmdlets are used for resource metering:

Enable-VMResourceMetering. Enables resource metering for a virtual machine.

Disable-VMResourceMetering. Disables resource metering for a virtual machine.

Reset-VMResourceMetering. Resets resource metering counters for a virtual machine.

Measure-VM. Displays resource metering data for a virtual machine.

Measure-VMResourcePool. Displays resource metering data for a resource pool.

For example, you can enable resource metering and view all of the resource metering data for the
LON-DC virtual machine by running the following cmdlets:
Get-VM -Name LON-DC | Enable-VMResourceMetering
Get-VM Name LON-DC | Measure-VM

Resource metering in Hyper-V collects and reports on the following resource use data:

Average CPU use. The average CPU, in megahertz (MHz), that a virtual machine uses over a period.

Average memory use. The average physical memory, in MB, that a virtual machine uses over a period.

MCT USE ONLY. STUDENT USE PROHIBITED

3-52 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Minimum memory use. The lowest amount of physical memory, in MB, assigned to a virtual machine
over a period.

Maximum memory use. The highest amount of physical memory, in MB, assigned to a virtual machine
over a period.

Maximum disk allocation. The highest amount of disk space capacity, in MB, allocated to a virtual
machine over a period.

Incoming network traffic. The total incoming network traffic, in MB, for a virtual network adapter over
a period.

Outgoing network traffic. The total outgoing network traffic, in MB, for a virtual network adapter over
a period.

Before you can obtain data on resources that are used by virtual machines, you first must enable
resource metering. You can use Windows PowerShell to enable resource metering and retrieve collected
data. Windows Server 2012 R2 does not include a graphical reporting tool on virtual machine resource
utilization, but you can use one of the non-Microsoft tools, or develop your own tool.

Lesson 6

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-53

Designing Virtual Machines for Server Roles and Services

You can use Hyper-V Manager to manage multiple Hyper-V hosts, but it is not the optimal tool when you
have to manage an enterprise environment. The Hyper-V module for Windows PowerShell is a better tool
when you need to automate operations or perform repetitive tasks on multiple servers. However, not all
administrators like to work with a command shell. For environments with multiple Hyper-V hosts, System
Center 2012 - VMM is the recommended tool, although, you must obtain it separately.

Hyper-V does not support the concept of templates, but copying a virtual hard disk that has an installed
operating system or the use of differencing virtual hard disks can achieve similar results. By using that
approach, companies can create libraries of virtual disks with different operating systems and applications
and then use them as templates. In this lesson, you will learn about recommendations for running domain
controllers, Microsoft SQL Server, and Microsoft Exchange Server on virtual machines.

Lesson Objectives
After completing this lesson, you will be able to:

Plan Hyper-V host management.

Plan virtual machine management.

Design virtual machines for a domain controller.

Design virtual machines for SQL Server.

Design virtual machines for Exchange Server.

Planning Hyper-V Host Management


Hyper-V hosts are the infrastructure for running
virtual machines. It is important that you carefully
plan and deploy a standard server configuration,
configure high availability, implement remote
management, and regularly monitor the
infrastructure. Consider the following best
practices for configuring and administering
Hyper-V hosts:

Simplify and standardize the platform on


which you will deploy server virtualization.
Use a standard configuration for the
operating system and Hyper-V to make it
easier to deploy and manage the environment. Automate the deployment and use the latest version
of Windows Server 2012 because it provides new and improved features.

Use a Server Core installation (or better yet, Microsoft Hyper-V Server 2012 R2) for Hyper-V hosts. A
Server Core installation has fewer components than the full server installation, which means that there
are fewer components to update and less overhead. A Server Core installation also provides the same
virtualization features and remote management as a GUI installation of Windows Server 2012 and
Windows Server 2012 R2.

MCT USE ONLY. STUDENT USE PROHIBITED

3-54 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Servers that you will use for virtualization should have only the Hyper-V role installed to minimize
overhead and the potential attack surface. If you plan to implement a highly available environment,
you should also consider installing failover clustering and multipath I/O features.

Test and apply updates to Hyper-V hosts. This includes hardware updates (for example, firmware
updates), and Microsoft updates. Always test updates before deploying them in a production
environment.

Implement shared storage and high availability. Shared storage is required for high availability,
and you can use SAN or SMB 3.0 file shares for shared storage. A highly available virtualization
infrastructure is critical, for which you should implement Hyper-V failover clusters.

Monitor performance to optimize and manage server utilization. Server workloads change over time,
and you must ensure that the Hyper-V host is not overused.

Automate and standardize administration of the Hyper-V host environment. Large organizations
might have hundreds of Hyper-V hosts, and the only way to manage them efficiently is to standardize
deployment and then automate management tasks. To do so, you can:
o

Standardize the Hyper-V configuration. For example, consider using the same path for storing
virtual machines, and create virtual switches with the same name on all Hyper-V hosts.

Join Hyper-V hosts to the domain unless your security policy states differently. Domain
membership makes it possible to centralize the management of policies for identity, security,
and auditing. Hyper-V hosts must be domain members if you want to create a Hyper-V failover
cluster.

Implement remote management. Administering servers locally is not practical, for example, when
they are running a Server Core installation or Hyper-V Server, or you do not have physical access
to them. You can use remote management to centralize administration and automate
procedures.

Use Windows PowerShell whenever possible. You can use Windows PowerShell cmdlets and
scripts to manage Hyper-V hosts. Windows PowerShell is installed by default, and you can use
it to automate and standardize administration.

Consider implementing VMM, which provides tools for simplifying administrative tasks to
manage a large virtualization environment. For example, a company can use VMM to store
templates and to automate virtual machine deployment.

Windows Server 2012 Hyper-V Best Practices (In Easy Checklist Form)
http://go.microsoft.com/fwlink/?LinkID=386657
Question: How can you standardize Hyper-V host management?

Planning Virtual Machine Management


By now, you should be aware that when working
with virtual machines, you can perform complete
administration by using Hyper-V Manager and
Windows PowerShell. However, when you have
more than a few Hyper-V hosts and several
virtual machines to manage, you should try to
standardize and automate administration as much
as possible. This implies that you should use
standard configurations, scripting, and enterprise
management tools such as VMM, if possible.
However, even without standardization, and by
using only tools that are part of Windows Server
2012 R2, it is possible to achieve a level of automation.

Virtual Machine Templates

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-55

Virtual machine templates are beneficial when you want to standardize virtual machine configurations
and make their deployment as fast as possible. Unfortunately, Hyper-V does not understand the concept
of templates. However, you can mimic virtual machine templates by storing virtual hard disks with a
generalized installation of an operating system in a library, which can be a shared folder. You can then
copy the appropriate virtual disk for each new virtual machine that you create. In test environments, you
can even create differencing virtual hard disks and point them to use the same parent disk. By doing so,
you will reduce storage space by many gigabytes, but the downside will be inferior performance.

Windows PowerShell

When you create new virtual machines, you should provide them with appropriate virtual hardware, which
can be based on the recommendations for the physical servers. Multiple virtual machines run on the same
Hyper-V infrastructure, but you should be careful not to oversubscribe processor resources because it can
result in poor performance. Some applications, such as Exchange Server or SQL Server, are only supported
if the P2V conversion processor ratio is 1:2 or lower. To avoid creating virtual machines with the same
configuration manually, and if VMM is not an option, you should use Windows PowerShell for virtual
machine creation and for other administrative tasks.

Operating System

If possible, use the latest Windows Server operating system when building virtual machines because it
provides new and improved features such as Generation ID for detecting when a checkpoint was applied.
Newer Windows operating systems (Windows Server 2008 R2 and newer versions, and Windows 7 and
newer versions) also include Integration Services, and virtual machines should always run the latest version
of integration services.

Monitoring

It is important that your virtualization infrastructure is not overused and that virtual machines have
enough available resources. In smaller environments, you should implement monitoring by using
Performance Monitor. In enterprise environments, you should also use Operations Manager. Remember
that if you are using both products, Operations Manager can integrate with VMM, and System Center
components must be implemented in your environment.
Question: How can you use Hyper-V Manager to create a virtual machine with four
processors, two virtual hard disks, and two network adapters?

Designing Virtual Machines for a Domain Controller


When planning virtual machines for a
domain controller, you should follow the same
recommendations as for other virtual machines.
However, several recommendations and best
practices are specific to virtualized domain
controllers. The following list includes some of
these best practices:

MCT USE ONLY. STUDENT USE PROHIBITED

3-56 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Avoid a single point of failure. You should


always have at least two domain controllers
for a domain, and when virtualized, they
should be running on different physical
servers.

A Hyper-V host should be just as secure as a domain controller. A Hyper-V administrator has full
permissions in a virtualization infrastructure and could potentially perform an elevation-of-privilege
attack. Such an attack could compromise all virtual machines, domains, and forests that Hyper-V is
hosting:
o

If a Hyper-V host is a domain member in a domain for which it hosts virtual domain controllers,
then domain administrators have administrative permissions on the Hyper-V host.

Consider applying different Group Policy Objects to your Hyper-V hosts and to your domain
controllers to secure them both.

The virtual hard disk of a virtualized domain controller is equivalent to the physical hard drive of a
physical domain controller. It stores important identity data, and you should protect it just as you
protect the disks of physical domain controllers.

Avoid using differencing virtual hard disks for a domain controller. They have more overhead than
other disk types, and they provide slower performance.

Avoid using checkpoints for domain controllers. If a domain controller is running an operating system
prior to Windows Server 2012, you should not use checkpoints at all, because they can cause an
update sequence number (USN) rollback. Domain controllers that run Windows Server 2012 or newer
detect that a checkpoint was applied by monitoring the Generation ID and resolve the USN rollback
situation.

Disable time synchronization of a virtual domain controller with a Hyper-V host. Windows Time
Service has its own algorithm for time synchronization within a domain. You should only disable the
time synchronization service, but still use other Integration Services.

Store AD DS files on a different virtual hard disk than the operating system, and connect that virtual
hard disk to the virtual SCSI controller. Virtual hard disks that are attached to a virtual SCSI controller
provide better performance than virtual hard disks that are attached to a virtual IDE controller. They
also support additional functions such as forced unit access. Forced unit access ensures that the
operating system writes and reads data directly from the disk and bypasses all caching mechanisms.

Windows Server 2012 includes virtualization-safe capabilities and enables faster deployment of virtual
domain controllers by using cloning.
Running Domain Controllers in Hyper-V
http://go.microsoft.com/fwlink/?LinkID=386696

Introduction to Active Directory Domain Services (AD DS) Virtualization (Level 100)
http://go.microsoft.com/fwlink/?LinkID=386693

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-57

Active Directory Virtualization Safeguards and Domain Controller Cloning with Windows
Server 2012
http://go.microsoft.com/fwlink/?LinkID=386679
Question: How can you disable virtual domain controller time synchronization in a Hyper-V
virtual machine?

Designing Virtual Machines for SQL Server


Virtual machines for SQL Server should follow
similar best practices as virtual machines for
any other server load. For example, you should
always install the latest version of Integration
Services because it improves I/O throughput and
decreases CPU usage of virtual machines. You
should also avoid using emulated devices because
they can cause significant CPU overhead.
When configuring a virtual machine for
SQL Server, you should also consider the following
recommendations:

SQL Server should have sufficient resources.


Memory and processors are the most critical resources. Allocate SQL Server enough memory so that
it can handle the expected loads. Do not overcommit processors. Minimize background activities and
services, and do not install any additional applications on the SQL Server virtual machine.

Hyper-V on Windows Server 2012 provides considerably better scalability than older versions, and
SQL Server can better take advantage of that scalability.

Use fixed-size virtual hard disks or directly attached disks for SQL Server. Do not use dynamically
expanding or differencing virtual hard disks.

Do not use checkpoints on a SQL Server virtual machine. Checkpoints can cause significant issues,
including slower performance and data loss.

Ensure high availability for SQL Server. You can use different features to ensure high availability for
SQL Server, such as Hyper-V failover clustering, guest clustering, and AlwaysOn Availability Groups.

Attach the SQL Server virtual hard disks to the Virtual SCSI controller for more flexibility.

If you use virtual Fibre Channel, use Multipath I/O (MPIO) inside the virtual machine to ensure
resilient connections from the virtual machine to storage.

Monitor performance of the Hyper-V host on which the SQL Server virtual machine is running, in
addition to the performance of the virtual machine.

Consider using SQL optimization for better performance. The database administrator will most likely
perform this tuning, which includes the following:
o

Configure SQL Server to use large page allocations (/T834 startup flag) to reduce memory
overhead.

MCT USE ONLY. STUDENT USE PROHIBITED

3-58 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

Set Max Worker Threads to the number of maximum concurrent user connections.

Consider dynamic memory to reduce I/O overhead.

Grant user rights for Lock pages in memory to the SQL Server service account. This helps
when dynamic memory is trying to reduce the virtual machine memory because it will prevent
Windows Server from paging out a large amount of buffer pool memory.

Set the SQL Server processor affinity mask to isolate system resources for the SQL Server instance
from other SQL Server instances, or other applications that are running on the same virtual
machine.

Set a fixed amount of memory for the SQL Server process to use. About three percent of the
total available memory is used for the system, and another one percent is used for memory
management structures. Use the following equation to calculate the total memory to be used by
SQL Server:
Memory (1%memory * (NUMA_nodes)) 3%memory 1GB

SQL Server 2012 supports cloning by using the System Preparation Tool (Sysprep). You can use Sysprep
to install SQL Server on a virtual machine, generalize the operating system, and use it as a template when
creating new virtual machines. By using this approach, you can create a new virtual machine that has SQL
Server installed, which is considerably faster than if you installed it again.
Best Practices for Virtualizing and Managing SQL Server
http://go.microsoft.com/fwlink/?LinkID=386683
Install SQL Server 2012 Using SysPrep
http://go.microsoft.com/fwlink/?LinkID=386684
Question: Can you only use virtual hard disks attached to a virtual SCSI controller for a SQL
Server virtual machine?

Designing Virtual Machines for Exchange Server


When designing virtual machines, you should be
aware that with Exchange Server 2013, all of the
Exchange Server roles, including the Unified
Messaging server role, are supported in the virtual
environment. This enables you to virtualize the
entire Exchange Server infrastructure. When
virtualizing Exchange Servers, you should consider
the following guidelines:

The Hyper-V host should not have any other


role and should not run any other application,
such as SQL Server, AD DS, or Exchange
Server. You should install only management
software, such as antivirus software, backup agents, or virtual machine management software on the
Hyper-V host.

Hyper-V in Windows Server 2012 R2 does not enforce a limit on the virtual processor-to-logical
processor ratio. You can have as many virtual processors used by virtual machines as the physical
hardware allows. Exchange supports a physical-to-logical processor ratio no greater than 2:1,

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-59

although the recommended ratio is 1:1. For example, a dual processor system that uses quad core
processors contains 8 logical processors in the host system. On a system with this configuration, do
not allocate more than 16 virtual processors to all the guest virtual machines. Oversubscribing the
processor on the Hyper-V host decreases performance, depending on how much CPU is
oversubscribed.

Exchange 2013 is not NUMA-aware, but it can benefit from NUMA in the same way as any other
application that is not NUMA-aware, by taking advantage of the Windows scheduler algorithms that
keep threads isolated to particular NUMA nodes.

Dynamic memory is not supported for virtual machines that run any of the Exchange Server 2013
roles. Exchange Server 2013 uses in-memory data caching to provide better performance and faster
I/O operations. For this, Exchange Server 2013 needs sufficient memory at all times and full control
over the memory. If Exchange Server 2013 does not have full control of the memory that is allocated
to the virtual machine, system performance is considerably lower. Because of this, dynamic memory is
not supported for Exchange Server 2013.

Differencing and dynamically expanding virtual hard disks are not supported in Exchange Server 2013
virtual machines. Thin provisioned dynamically expanding disks can overcommit the available storage,
and as they are growing, the underlying storage could run out of space if not monitored closely.
When you create fixed-size virtual hard disks, they are allocated their full size on the physical storage,
which ensures that storage will not later run out of space.

Virtual machine checkpoints are not supported. When you create a checkpoint, Hyper-V creates
a new differencing virtual hard disk for the virtual machine. Changes are written only on the
differencing virtual hard disk, and data is read from both disks, which increases overhead and reduces
performance. You can also use checkpoints to revert a virtual machine back to any of the previous
states. Exchange Server 2013 is not checkpoint-aware, and applying checkpoints can have unintended
consequences for applications such as Exchange Server, which maintains state data.

Exchange Server virtual machines, including Exchange Mailbox virtual machines that are part of
database availability group (DAG), might be protected by Hyper-V failover clustering and migration
technology. When failover happens, it must result in a system restart when the virtual machine is
started on a different node.

Hyper-V Replica is not supported for Exchange Server. Replica makes sense for applications that do
not include disaster recovery capability. You should use DAG with Exchange Server 2013.
Exchange 2013 Virtualization
http://go.microsoft.com/fwlink/?LinkID=386695
Best Practices for Virtualizing and Managing Exchange 2013
http://go.microsoft.com/fwlink/?LinkID=386682
Exchange 2013 Server Role Requirements Calculator
http://go.microsoft.com/fwlink/?LinkID=386677
Question: How many virtual processors at most can you assign to Exchange Server virtual
machines that are running on a test Hyper-V host with two double-core CPUs?

Lab B: Creating and Managing Checkpoints and


Monitoring Hyper-V
Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

3-60 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

A. Datum is continuing with its pilot virtualization project. You have deployed the virtualization hosts by
installing Windows Server 2012 R2 Hyper-V in one of the subsidiaries. The next step is to deploy virtual
machines on these hosts.

Because the virtualization platform is new to A. Datum, you need to spend some time becoming familiar
with Hyper-V features and components, including checkpoints. As the pilot project continues, you will
need to be able to monitor server performance to ensure that virtual machines are configured properly.
For now, you will familiarize yourself with the monitoring tools that are available in Windows Server 2012
R2 and Hyper-V.

Objectives
After completing this lab, you will be able to:

Import virtual machines and work with checkpoints.

Monitor Hyper-V.

Lab Setup
Estimated Time: 60 minutes
Virtual machines: 20409B-LON-HOSTx, 20409B-LON-CLx, 20409B-LON-DC1
User name: Adatum\Administrator
Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1.

Sign in to LON-HOSTx as Adatum\Administrator with the password of Pa$$w0rd.

2.

On LON-HOST1, start Hyper-V Manager.

3.

In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.

4.

In the Actions pane, click Connect. Wait until the virtual machine starts.

5.

Sign in by using the following credentials:

6.

User name: Adatum\Administrator

Password: Pa$$w0rd

Repeat steps 3 through 5 for 20409B-LON-CLx. The letter x is 1 for the first student in the team,
and 2 for the second student in the team.

Note: Because you will be using the same virtual machines in the next lab, do not revert
the virtual machines. However, you can shut down all virtual machines after finishing this lab.
You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with
each other during this lab.

Exercise 1: Importing Virtual Machines and Working with Checkpoints


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-61

Your colleague has heard about the enhanced session mode when connecting to a virtual machine, but
he has never seen it. You want to demonstrate to your colleague how to configure it, use it, and show the
benefits of the enhanced session mode.
You are aware that you should avoid using checkpoints in the production environment, but you want to
test them for use in training and explore how to implement checkpoints at the file level. You would also
like to see how a virtual machine can detect whether a checkpoint was applied.
The main tasks for this exercise are as follows:
1.

Import a virtual machine.

2.

Use enhanced session mode.

3.

Create checkpoints.

4.

Manage checkpoints.

5.

Explore Generation ID.

Task 1: Import a virtual machine


1.

On LON-HOSTx, use Hyper-V Manager to import a virtual machine by using the following data:
o

Virtual Machine in Folder: C:\VirtualMachines\LON-EXPORT\

Number of virtual processors: 1

Connect to Network: External Network

2.

You will get an error message because the parent virtual hard disk was not found.

3.

In Hyper-V Manager, use the Edit Disk feature to link the C:\VirtualMachines\LON-EXPORT
\Virtual Hard Disks\LON-EXPORT.vhd virtual hard disk to the parent disk E:\Program Files
\Microsoft Learning\Base\Base14A-WS12R2.vhd. Note that this path might differ on your host
machine.

4.

Use Hyper-V Manager to import the LON-EXPORT virtual machine again from
C:\VirtualMachines\LON-EXPORT\.

5.

Use Hyper-V Manager to confirm that LON-EXPORT is imported, that it is configured with a single
virtual processor, and that it is connected to a virtual switch named External Network.

Task 2: Use enhanced session mode


1.

On LON-HOSTx, copy a few line of text from the C:\Windows\Win.ini file.

2.

On LON-CLx, confirm that the Paste option in Notepad is disabled.

3.

In Virtual Machine Connection to LON-CLx, from the Clipboard menu, click Type clipboard text.
Confirm that the text that you copied from the Win.ini file displays. Close the LON-CLx window.

4.

On LON-HOSTx, use Hyper-V Manager to configure Allow enhanced session mode.

5.

Use Hyper-V Manager to connect to LON-CLx. Configure the option to redirect the local drives.

6.

Confirm that you are not signed in automatically to LON-CLx, and then sign in as
ADATUM\administrator, with Pa$$w0rd as the password.

7.

In Notepad, paste the copied text from Win.ini.

8.

On LON-HOSTx, use File Explorer to copy the C:\Windows\Write.exe file.

9.

On LON-CLx, paste Write.exe to the desktop.

10. On LON-CLx, use File Explorer to confirm that drives from LON-HOSTx are mapped to the virtual
machine.
11. On LON-CLx, confirm that Remote Desktop is disabled.
12. Turn Off 20409B-LON-CLx.
13. On LON-HOSTx, start the LON-CLx virtual machine, and then connect to it.
14. Confirm that after LON-CLx is started and the sign-in screen displays, the Connect to LON-CLx
window opens.
Note: Because Integration Services are not available during system start, enhanced session
mode is available only after the operating system is fully started.
15. On LON-HOSTx, use Hyper-V Manager to disable enhanced session mode.

Task 3: Create checkpoints


1.

On LON-HOSTx, confirm that LON-VM1 is using the Differencing.vhd virtual hard disk.

2.

Create a checkpoint for LON-VM1.

3.

Start LON-VM1.

4.

Confirm that LON-VM1 is now using a virtual hard disk with a GUID in its name.

5.

Complete the setup by clicking Next, and then clicking I accept.

6.

On the Settings page, provide the password of Pa$$w0rd.

7.

Sign in as Administrator by using the password Pa$$w0rd.

8.

On LON-VM1, on the desktop, create a folder named Folder1.

9.

Create a checkpoint for LON-VM1, and name it Folder1.

10. On LON-VM1, on the desktop, create a folder named Folder2.


11. Create a checkpoint for LON-VM1, and name it Folder2.
12. On LON-VM1, on the desktop, create a folder named Folder3.
13. On LON-HOSTx, use the Windows PowerShell cmdlet Checkpoint-VM to create checkpoint for
LON-VM1, and then name it Folder3.
14. Use the cmdlet Get-VMSnapshot to view existing checkpoints for LON-VM1.
15. Use Hyper-V Manager to confirm that LON-VM1 has four checkpoints.
16. Apply the Folder1 checkpoint.
17. Confirm that on the LON-VM1 desktop, there is only one folder named Folder1.
18. On LON-VM1, on the desktop, create a folder named Folder1.1.
19. Use Hyper-V Manager to create a checkpoint for LON-VM1, and then rename it Folder1.1.

MCT USE ONLY. STUDENT USE PROHIBITED

3-62 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

20. On LON-HOSTx, use File Explorer to browse to C:\Shares\Snapshots, and then confirm that there are
five .xml files and five subfolders.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-63

21. Confirm that Size of the oldest folder in the details pane is 0, as the first checkpoint that you created
was when LON-VM1 was turned off.
22. Confirm that each of other folders has larger sizes, as the other checkpoints were created while
LON-VM1 was running.

Task 4: Manage checkpoints


1.

On LON-HOSTx, use the Windows PowerShell cmdlet Get-VMSnapshot to view checkpoints for
LON-VM1, and then view how they relate to each other.

2.

Use the Windows PowerShell cmdlet Export-VMSnapshot to export the Folder2 checkpoint of
LON-VM1 to the C:\Exported folder.

3.

On LON-HOSTx, use File Explorer to confirm that in C:\Exported\LON-VM1 there is no Snapshots


subfolder. Double-click the Virtual Hard Disks folder, and then confirm that it contains multiple
virtual hard disks, the Differencing.vhd virtual hard disk, and all of its parent disks.

4.

Rename folder LON-VM1 to Folder2.

5.

Use the Windows PowerShell cmdlet Export-VM to export LON-VM1 to the C:\Exported folder.

6.

Use File Explorer to confirm that there is a Snapshots subfolder in C:\Exported\LON-VM1.

7.

Double-click the Virtual Hard Disks folder, and then confirm that it contains the Differencing.vhd
virtual hard disk, its parent disk, and all of the differencing virtual hard disks that the checkpoints
created.

8.

Use the Windows PowerShell cmdlet Restore-VMSnapshot to apply the Folder3 checkpoint to
LON-VM1.

9.

On LON-VM1, confirm that on the desktop, there are three folders named Folder1, Folder2, and
Folder3.

10. Use Hyper-V Manager to confirm that you cannot modify Folder2 checkpoint settings, except for the
Name and Description.
11. Use Hyper-V Manager to delete the Folder1 checkpoint and its subtree.

12. Use Hyper-V Manager to confirm that all checkpoints for LON-VM1 except the first checkpoint are
deleted instantly.
13. On LON-HOSTx, use File Explorer to confirm that there is single .xml file, and one subfolder in the
C:\Shares\Snapshots folder.

Task 5: Explore Generation ID


1.

On LON-HOSTx, on LON-VM1, use Device Manager to confirm that the Microsoft Hyper-V
Generation Counter system device is present. This is how virtual machine presents Generation ID to
the operating system.

2.

Turn off LON-VM1.

Results: After completing this exercise, you should have imported virtual machines and worked with
checkpoints.

Exercise 2: Monitoring Hyper-V


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

3-64 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

One of your colleagues is sure that you can monitor Hyper-V host utilization by using Task Manager. You
want to show your colleague that this is incorrect. You also want to demonstrate the proper way to
monitor the Hyper-V host and virtual machines and how to retrieve chargeback information for the
running virtual machines.
The main tasks for this exercise are as follows:
1.

Use Task Manager.

2.

Use Performance Monitor to monitor Hyper-V performance.

3.

Use Resource Metering.

Task 1: Use Task Manager


1.

On LON-HOSTx, open Task Manager, and then click the Performance tab.

2.

On LON-CLx, sign in as Adatum\Administrator with the password Pa$$w0rd. Open Task Manager,
and then click the Performance tab.

3.

On LON-CLx, use Windows PowerShell to run the C:\LabFiles\Mod03\Cpustres.exe command.

4.

In CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread Priority to
Highest, and set Activity to Busy.

5.

Confirm that the LON-CLx Task Manager shows high utilization, while the LON-HOSTx Task Manager
shows low utilization.

Note: As each Task Manager is reporting utilization of its own virtual environment, the
utilization shown is very different.
6.

In CPU Stress, in the Thread 1 section, set Thread Priority to Idle, and set Activity to Low.

7.

On LON-HOSTx, in Task Manager, click Open Resource Monitor. The Resource Monitor opens.

8.

On LON-CLx, run the Windows PowerShell command C:\LabFiles\Mod03\sqlio.exe.

9.

Confirm that on LON-CLx, Task Manager reports almost 100 percent Disk 0 utilization. Resource
Monitor on LON-HOSTx reports only a slight increase in disk activity.

Task 2: Use Performance Monitor to monitor Hyper-V performance


1.

On LON-HOSTx, start Performance Monitor, and then add the following counters:
o

Hyper-V Hypervisor Virtual Processor\% Guest Run Time for the 20409B-LON-CLx instance

Hyper-V Virtual Storage Device\Read Operations/sec for the instance that refers to
20409B-LON-CLx

LogicalDisk\Disk Reads/sec for the C: instance

2.

Set Scale Selected Counters for Disk Reads/sec and Read Operations/Sec.

3.

On LON-CLx, run the Windows PowerShell command C:\LabFiles\Mod03\sqlio.exe.

4.

On LON-HOSTx, use Performance Monitor to follow how disk access increases in the virtual machine
and on the Hyper-V host while sqlio.exe is running on the virtual machine.

5.

On LON-CLx, in CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread
Priority to Highest and Activity to Busy.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

3-65

6.

On LON-HOSTx, use Performance Monitor to follow how processor utilization on the virtual machine
and on Hyper-V increases.

7.

On LON-HOSTx, use Hyper-V Manager to view CPU Usage for the LON-CLx virtual machine.

8.

Set Virtual machine limit (percentage) for 20409B-LON-CLx to 10.

9.

Use Hyper-V Manager to confirm that CPU Usage for the LON-CLx virtual machine is considerably
lower.

10. On LON-CLx, close both CPU Stress and Task Manager.


11. On LON-HOSTx, close Performance Monitor, Resource Monitor, and Task Manager.
12. In Hyper-V Manager, set Virtual machine limit (percentage) for LON-CLx to 100.

Task 3: Use Resource Metering


1.

On LON-HOSTx, use the Windows PowerShell cmdlet Get-VM to view whether resource metering is
enabled for 20409B-LON-CLx.

2.

Use the Windows PowerShell cmdlet Enable-VMResourceMetering to enable resource metering for
20409B-LON-CLx.

3.

Use the Windows PowerShell cmdlet Measure-VM to view resource metering data for
20409B-LON-CLx.

4.

On LON-CLx, run the Windows PowerShell command C:\LabFiles\Mod03\Cpustres.exe.

5.

In CPU Stress, set Process Priority Class to High. In the Thread 1 section, set Thread Priority to
Highest, and then set Activity to Busy.

6.

Run the Windows PowerShell command C:\LabFiles\Mod03\TestLimit64.exe d 400 c 5.

7.

On LON-HOSTx, use the Windows PowerShell cmdlet Measure-VM to view resource metering data
for 20409B-LON-CLx. Compare the data with previous results, and then notice the increase in use of
AvgRAM(M) and AvgCPU(MHz).

8.

On LON-CLx, close CPU Stress.

9.

On LON-HOSTx, use the Windows PowerShell cmdlet Disable-VMResourceMetering to disable


resource metering for LON-CLx.

Results: After completing this exercise, you should have monitored Hyper-V.

Module Review and Takeaways


Review Questions
Question: Are synthetic devices available in all operating systems that you install on a virtual
machine?
Question: Can you use shared virtual hard disks with two virtual machines that have Windows
8.1 installed?
Question: Can you use virtual machine settings to discover whether it is Generation 1 or
Generation 2?
Question: Can you use enhanced session mode to connect to a Windows Server 2012 R2 virtual
machine that is running on Windows Server 2012 Hyper-V host?
Question: Which monitoring tool can you use to monitor multiple servers simultaneously and to
provide you with alerts when the performance of servers is different than normal?

MCT USE ONLY. STUDENT USE PROHIBITED

3-66 Creating and Managing Virtual Hard Disks, Virtual Machines, and Checkpoints

MCT USE ONLY. STUDENT USE PROHIBITED


4-1

Module 4
Creating and Configuring Virtual Machine Networks
Contents:
Module Overview

4-1

Lesson 1: Creating and Using Hyper-V Virtual Switches

4-2

Lab A: Creating and Using Hyper-V Virtual Switches

4-9

Lesson 2: Advanced Hyper-V Networking Features

4-13

Lab B: Creating and Using Advanced Virtual Switch Features

4-23

Lesson 3: Configuring and Using Hyper-V Network Virtualization

4-26

Lab C: Configuring and Testing Hyper-V Network Virtualization

4-34

Module Review and Takeaways

4-38

Module Overview

Virtual machines are isolated, even when they are running on the same Hyper-V host and are
communicating only over the network. Hyper-V in Windows Server 2012 and Windows Server 2012 R2
includes an entirely redesigned and extensible virtual switch, which enables basic network packet
forwarding and more advanced features such as support for network virtualization. You can connect a
virtual switch to different networks, and based on this connection, you can create a private, internal, or
external virtual switch. If supported by server hardware, you can also use features such as single root I/O
virtualization (SR-IOV) and Dynamic Virtual Machine Queue, which enable higher network throughput
and lower CPU utilization.

On the Hyper-V host, the host operating system (for example Windows Server 2012 R2) is also running
in the virtual machine (parent partition), which means that its traffic can be controlled by a virtual switch.
One of the new features of the Hyper-V virtual switch is support for network virtualization, which you can
use to create multiple isolated tenant networks on the same physical network.
Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2
Virtual Machine Manager are referred to as VMM.

Objectives
After completing this module, you will be able to:

Create and use Hyper-V virtual switches.

Describe advanced Hyper-V networking features.

Configure and use Hyper-V network virtualization.

Lesson 1

Creating and Using Hyper-V Virtual Switches

MCT USE ONLY. STUDENT USE PROHIBITED

4-2 Creating and Configuring Virtual Machine Networks

Virtual machines are rarely disconnected from a network. Most users typically will want virtual machines
to communicate with other computers. To provide virtual machines with network connectivity, you must
first connect them to a virtual switch. The virtual switch in Windows Server 2012 and Windows Server
2012 R2 is fully extensible, and provides advanced features such as port access control lists (ACLs),
network traffic monitoring, packet inspection, and network virtualization. The virtual switch also enables
basic features such creating different virtual switch types, and using virtual local area network (VLAN)
tagging. In this module, you will learn about basic Hyper-V virtual switch management, the different types
of virtual switches, and how to configure virtual switches by using Virtual Switch Manager and Windows
PowerShell.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the Hyper-V virtual switch.

Describe the different types of virtual switches.

Describe VLAN tagging.

Use Virtual Switch Manager.

Explain the use of dynamic switch ports.

Configure and use VLANs.

Overview of the Hyper-V Virtual Switch


When you have multiple physical computers
that you want to connect inside the same
network segment, you typically connect them
by using network switches. Switches operate at
Layer 2 (data-link layer) of the Open Systems
Interconnection (OSI) model. Switches act as
network hubs, except with an intelligent layer
added to them. Network switches can inspect
data packets, determine the source and
destination of each data packet, and then forward
the data packets appropriately. By delivering
packets only to the intended connected device,
network switches conserve network bandwidth and offer better performance than network hubs.

The Hyper-V virtual switch offers similar functionalities as hardware network switches. The Hyper-V virtual
switch is a software-implemented Layer 2 network switch that is available as part of the Hyper-V role. You
can use the Hyper-V virtual switch to connect virtual machines to virtual networks and physical networks.
On the Hyper-V host, the host operating system, for example Windows Server 2012 R2, is also running in
the virtual machine (parent partition). This means that the Hyper-V virtual switch can be used when the
parent partition connects to the network.
Prior to Windows Server 2012, Hyper-V included a simple network switch that was not extensible and
provided only basic networking features. The Hyper-V Virtual Switch in Windows Server 2012 and
Windows Server 2012 R2 is fully extensible. It provides advanced features such as policy enforcement,

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-3

tenant isolation, traffic shaping, and protection against malicious virtual machines. You can also extend it
with non-Microsoft extensions.

The Hyper-V virtual switch provides ways to extend the virtual switch without replacing the entire switch;
for example, to add monitoring, filtering, or forwarding functionality. You implement extensions by using
network device interface specification (NDIS) filter drivers and Windows Filtering Platform (WFP) callout
drivers. NDIS and WPF are two public platforms for extending the Windows networking functionality. If
you extend the virtual switch, the virtual switch extensions are listed in the Virtual Switch Manager feature
of Hyper-V Manager.
You can manage Hyper-V virtual switches by using the Virtual Switch Manager, or by using Windows
PowerShell cmdlets. For example, the following cmdlet lists all of the Hyper-V virtual switches on a
Hyper-V host:
Get-VMSwitch

VMNetworkAdapter is the primary noun that you can use to manage various security features, Quality
of Service (QoS), port mirroring, and other features. You can get more information on these features by
running the following cmdlet:
Get-Help Set-VMNetworkAdapter

The host operating system on Hyper-V host is also running inside a virtual machine (parent partition),
which means that you can add and manage virtual network adapters to it in a similar manner as to
other virtual machines. Each virtual network adapter can be connected to a separate Hyper-V virtual
switch, or to the same Hyper-V virtual switch as other adapters. You can create multiple parent virtual
network adapters that you then use for different purposes such as live migration, accessing the storage
area network (SAN), and parent operating system management. You can also limit bandwidth for each
virtual network adapter by assigning the QoS policy to the adapter. If you want to create a virtual network
adapter in the parent partition, run the following Windows PowerShell cmdlets:
Add-VMNetworkAdapter ManagementOS Name Management
Add-VMNetworkAdapter ManagementOS Name Storage
Add-VMNetworkAdapter ManagementOS Name Live Migration

Question: Do you need to create a virtual switch on a Hyper-V host?

Types of Virtual Switches


Hyper-V Manager includes the Virtual Switch
Manager, which you can use to create and
manage virtual switches. If you want virtual
machines to be able to communicate on a
network, you must first create at least one
virtual switch, and then connect virtual machine
network adapter(s) to the virtual switch. The
parent partition is an exception to the rule. It
can communicate on the network even if a
network switch is not created.
Note: The parent partition is a virtual
machine in which you can manage and monitor Hyper-V, and in which device drivers for
accessing Hyper-V physical hardware are installed.

MCT USE ONLY. STUDENT USE PROHIBITED

4-4 Creating and Configuring Virtual Machine Networks

You can connect only one virtual switch to a specific physical network adapter, wireless adapter, or
network interface card (NIC) team. Once you connect a Hyper-V virtual switch to a network adapter, all
other protocols are automatically unbound from that network adapter and reassigned to the virtual
network adapter.

Hyper-V supports three types of virtual switches: external, internal, and private. There is no limit on how
many virtual switches you can create on a Hyper-V host, or how many virtual machines you can connect
to a virtual switch. However, you cannot have more external virtual switches than the number of network
adapters on the Hyper-V host.
Virtual switches can connect to three types of networks:

Private network. A virtual switch that you connect to a private network provides connectivity only
between virtual machines on the same Hyper-V host, and that connect to the same virtual switch.
Virtual machines cannot communicate with virtual machines that are connected on a different virtual
switch, Hyper-V host, or external physical network. You can use a private switch if you need to isolate
virtual machines for security reasons, or if you are using them for testing and you do not want them
to access the company network inadvertently. When you create a private switch, there is no new
network connection added in the parent partition.

Internal network. A virtual switch that you connect to an internal network provides connectivity
between virtual machines on the same Hyper-V host, and with the Hyper-V host itself. Virtual
machines that connect to an internal switch cannot communicate with any physical network, unless
the Hyper-V host provides network address translation (NAT) functionality. You use an internal virtual
switch when virtual machines must have network connectivity to a Hyper-V host, but not to external
resources. When you create an internal virtual switch, an additional virtual network connection is
added in the parent partition, and it is connected to the virtual switch.

External network. A virtual switch is connected to a physical network adapter, wireless adapter, or
NIC team on the Hyper-V host, and it enables virtual machine connectivity to a physical network. You
use an external switch to provide virtual machines with access to external resources, or to the Internet.
When you create a new external virtual switch, Hyper-V creates a virtual network adapter in the
parent partition, unless you clear the option to Allow management operating system to share this
network adapter.

Note: If you create an external virtual switch and clear the Allow management operating
system to share this network adapter option, the physical network adapter will be available only
to virtual machines, and will not be accessible by the Hyper-V host. This is recommended,
because you should separate the production network from the network used to manage Hyper-V
host.

After you create a virtual switch, you can view and manage virtual switch extensions. By default, Hyper-V
includes two virtual switch extensions: Microsoft NDIS Capture, and Microsoft Windows Filtering Platform.
The Microsoft NDIS Capture extension enables the capture of network packets traversing the virtual
switch, which is the same functionality as is included in the Microsoft Network Monitor packet capturing
utility. The Microsoft NDIS Capture extension is not enabled by default. The Microsoft Windows Filtering
Platform processes network traffic as it traverses the virtual switch, and it is enabled by default for each
virtual switch that you create in Hyper-V.

You can create virtual switches by using the New Virtual Switch Wizard, which is part of Hyper-V Manager.
Alternatively, you also can use the new Windows PowerShell cmdlet New-VMSwitch. The cmdlet syntax is
determined by the type of virtual switch that you want to create.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-5

The external virtual switch type is associated with a physical network adapter that is present in the
Hyper-V host. When you create an external virtual switch, the Hyper-V Extensible Virtual Switch protocol
is bound to a physical adapter. All other bindings are moved to the virtual adapter that is created, and
display in the Network Connections interface. When you create an internal virtual switch, an additional
virtual adapter is created, which allows the host to connect to the virtual machines. If you create a private
virtual switch, no virtual adapter is created on the host.
Question: Can a virtual machine access the Internet if it is connected to an internal virtual
switch?
Question: What will happen in the parent partition when you create a new internal virtual
switch? Will it be the same as when you create a new private virtual switch?

Demonstration: Using Virtual Switch Manager

In this demonstration, you will see how to use Virtual Switch Manager for configuring virtual switches. You
will also see how to connect virtual machines to virtual switches, and how virtual machines do not have
connectivity when they are connected to different virtual switches.

Demonstration Steps
1.

On LON-HOST1, in Hyper-V Manager, confirm that there is one virtual switch present named
External Network.

2.

On LON-HOST1, in Hyper-V Manager, create a private virtual switch named Private Switch.

3.

On LON-HOST1, connect the 20409B-LON-PROD1 and 20409B-LON-TEST1 virtual machines to the


Private Switch virtual switch.

4.

On LON-PROD1, attempt to ping IP address 10.0.0.16.

5.

Confirm that four replies are received, and that LON-TEST1 has an IP address of 10.0.0.16.

6.

On LON-HOSTx, connect the 20409B-LON-PROD1 virtual machine to the External Network virtual
switch.

7.

On LON-PROD1, try to ping IP address 10.0.0.16, and confirm that it does not have connectivity with
LON-TEST1.

8.

On LON-PRODx, in Windows PowerShell, use the cmdlet Set-NetIPInterface to enable dynamic


TCP/IP configuration for Ethernet network connection.

9.

In Windows PowerShell, use ipconfig to confirm that LON-PRODx obtained the IP address from the
Dynamic Host Configuration Protocol (DHCP) server that is running on LON-DC.

What Is VLAN Tagging?


When you want to isolate and partition logical
networks that are using the same networking
infrastructure, you can use VLAN tagging to
separate the networks. By using VLAN tagging,
you can create multiple distinct broadcast
domains that are mutually isolated, and
networking traffic can only pass between them
if a router is used.

MCT USE ONLY. STUDENT USE PROHIBITED

4-6 Creating and Configuring Virtual Machine Networks

VLANs are the method that most organizations


use currently to provide address space reuse and
tenant isolation. VLAN uses explicit tagging in the
Ethernet frames, and it relies on the switches to
enforce isolation and restrict traffic to network adapters that are configured with the same tag. You
can specify VLAN tags for the virtual machine network adapter, and for the internal and external virtual
switches. If you specify the VLAN tag for the internal and external virtual switches, the VLAN tag is applied
to the virtual network adapter in the parent partition.
Note: The word virtual in the VLAN definition has nothing to do with server virtualization,
although server virtualization supports it. VLANs have been in use for more than thirty years.

VLAN cannot span multiple logical subnets. This limits the number of computers within a single VLAN,
and restricts the placement of virtual machines based on physical location. Even though VLANs can be
stretched across physical sites, the stretched VLAN must be all on the same subnet. A VLAN ID is 12 bits
long, which limits the value of VLAN IDs to 4,094. When you need to move a virtual machine that is
configured with a VLAN ID, you must ensure that you have reconfigured the underlying networking
infrastructure properly.

To enable VLAN Identification (VLAN ID) for management operating systems, you must enable the VLAN
ID for an external or internal virtual switch, and specify an ID. You can specify the VLAN ID in Hyper-V
Manager, on the Virtual Switch Manager page, under Switch Properties.
Note: The VLAN ID that you configure for the virtual switch specifies the VLAN that the
management operating system is using for all network communications through this network
adapter. This setting does not affect virtual machine networking.
To enable VLAN ID for a virtual machine, open Virtual Machine Settings, select the virtual network
adapter, select the Enable virtual LAN identification check box and then specify an ID that you want
the virtual machine connection to use. A virtual machine may have multiple network adapters, and the
adapters may use either the same or different VLAN IDs. You must perform this configuration on each
network adapter.

Hyper-V on Windows Server 2012 and Hyper-V on Windows Server 2012 R2 supports enhanced
functionality and simple VLAN tagging, which includes private VLAN and trunk mode to a virtual machine.
Question: Why can you create only a maximum of 4,094 VLAN networks?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

Demonstration: Configuring and Using VLANs


In this demonstration, you will see how to configure and use VLANs on the Hyper-V virtualization
platform.

Demonstration Steps

4-7

1.

On LON-HOSTx, connect the 20409B-LON-TESTx virtual machine to the External virtual switch.

2.

On LON-PROD1, try to ping IP address 10.0.0.16 and verify that four replies are received. This
confirms that LON-PROD1 and LON-TEST1 have network connectivity.

3.

On LON-HOST1, in Hyper-V Manager, configure the network adapter for the 20409B-LON-PROD1
virtual machine with a virtual LAN identification value of 2.

4.

On LON-PROD1, try to ping IP address 10.0.0.16. Confirm that destination host is now not reachable.
This is because LON-PROD1 is connected to different VLAN as LON-TEST1.

5.

On LON-HOST1, in Hyper-V Manager, configure the network adapter for the LON-TEST1 virtual
machine with a virtual LAN identification value of 2.

6.

On LON-PROD1, try to ping IP address 10.0.0.16. Confirm that four replies are returned. LON-PROD1
and LON-TEST1 have network connectivity because now they are connected to the same VLAN.

Ethernet Resource Pool


The Hyper-V virtual switch is designed to
provide multiple data streams to and from virtual
machines using the physical network adapters
in the Hyper-V host. You create a virtual switch
and connect the virtual machine network adapter
to the virtual switch to gain network connectivity.
The virtual switch type defines the scope of
network connectivity available to a virtual
machine. For example, access to a company
network over a physical Hyper-V network adapter
requires an external virtual switch.

The virtual switch type and other configurations


such as VLAN settings, bandwidth requirements, and security parameters are not included as part of the
virtual machine configuration, but are stored as part of the virtual switch configuration on the Hyper-V
host. You can move a virtual machine to a different Hyper-V host by using live migration, or by using the
Import Virtual Machine Wizard. When you move the virtual machine, you could encounter a problem if
the destination Hyper-V host does not have a virtual switch with the same name, and is not configured
identically.
When using Ethernet resource pools, virtual machines do not connect to precreated and preconfigured
ports in a virtual switch. The virtual machine is configured to connect to one or more virtual switches in a
pool of virtual switches. By default, every virtual switch is placed in the default primordial pool
automatically until other pools of type Ethernet are created.

MCT USE ONLY. STUDENT USE PROHIBITED

4-8 Creating and Configuring Virtual Machine Networks

You can create resource pools by using the New-VMResourcePool Windows PowerShell cmdlet. You
cannot use Hyper-V Manager to create resource pools. However, if resource pools already exist, you
can use Hyper-V Manager to configure virtual machines to use a virtual switch from the resource pool.
When configured properly, you can move virtual machines between Hyper-V hosts with compatible
pool configurations without having to do any reconfiguration. When you configure a virtual machine to
connect to an Ethernet resource pool, the Hyper-V management layer configures the connections when a
virtual machine is started. Ports of the virtual switches in a pool are reclaimed automatically when they are
no longer in use. The virtual machine switch port configuration becomes an integral part of a virtual
machine overall configuration, and it is migrated automatically in all mobility scenarios.
Note: You can also use resource pools to collect resource pool usage information for
chargeback purposes.
Question: Is there any default Ethernet resource pool in Hyper-V?
Question: Can you configure a virtual network adapter to connect to a virtual switch in the
Ethernet resource pool by using Hyper-V Manager?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

Lab A: Creating and Using Hyper-V Virtual Switches


Scenario

4-9

A. Datum Corporation has implemented the Hyper-V virtualization platform in one of their subsidiaries.
You have created several test virtual machines and familiarized yourself with many of the configuration
options. The next step is to implement and test network connectivity for the virtual machines. You have
been asked to verify current Hyper-V networking, and explore the differences between various Hyper-V
virtual switch types.

Objectives
After completing this lab, you will be able to:

Create and use Hyper-V virtual switches.

Lab Setup
Estimated Time: 20 minutes

Virtual machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-PROD1,


20409B-LON-PROD2, 20409B-LON-TEST1, and 20409B-LON-TEST2
User name: Adatum\Administrator
Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1.

Sign in to the LON-HOSTx computer as Adatum\Administrator with the password of Pa$$w0rd.

2.

On LON-HOST1 start Hyper-V Manager.

3.

In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.

4.

In the Actions pane, click Connect. Wait until the virtual machine starts.

5.

Sign in by using the following credentials:


o

User name: Adatum\Administrator

Password: Pa$$w0rd

6.

Repeat steps 2 and 3 for 20409B-LON-TESTx and 20409B-LON-PRODx. The letter x is 1 for the first
student in the team, and 2 for the second student in the team.

7.

For 20409B-LON-TESTx and 20409B-LON-PRODx, sign in as Administrator. For both accounts, use
the password Pa$$w0rd.

LON-HOST1 and LON-HOST2 are sometimes referenced as LON-HOSTx, which indicates that each
student performs the lab tasks on his or her computer.
Note: You will be working in pairs. Communicate clearly with your lab partner, and
cooperate fully with each other during this lab.

Exercise 1: Creating and Using Windows Server 2012 R2 Hyper-V Virtual


Switches
Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

4-10 Creating and Configuring Virtual Machine Networks

The Hyper-V virtualization platform is now installed, and you need to demonstrate to junior
administrators the different networking options that you can configure in Hyper-V. You will first show
them the current Hyper-V host networking configuration. After that, you will create new virtual network
adapters in a parent partition, and then show them as new network connections. You will also create
different types of Hyper-V virtual switches, and explore with junior administrators the connectivity options
when using each of them.
The main tasks for this exercise are as follows:
1.

Verify current Hyper-V network configuration.

2.

Create virtual network adapters in a parent partition.

3.

Create virtual switches.

4.

Use Hyper-V virtual switches.

Task 1: Verify current Hyper-V network configuration


1.

On LON-HOSTx, in Hyper-V Manager, confirm that External Network is the only virtual switch
present.

2.

Confirm that LON-HOSTx has two network connections: Ethernet 2 and vEthernet (External
Network).

3.

View the properties of the Ethernet 2 network connection, and confirm that it is using only the
Hyper-V Extensible Virtual Switch, and that the check boxes for all other items are not selected.

4.

View the properties of the vEthernet (External Network) network connection, and confirm that it is
using most items, but is not using the Hyper-V Extensible Virtual Switch, which is the only item for
which the check box is not selected.

Task 2: Create virtual network adapters in a parent partition


1.

On LON-HOSTx, in Windows PowerShell, use the cmdlet Get-VMNetworkAdapter with the All
parameter to confirm that one network adapter named External Network, is present on the system.

2.

Use the Windows PowerShell cmdlet Add-VMNetworkAdapter with the ManagementOS


parameter to add the following three virtual network adapters to the parent partition:

3.

Management

Storage

Live Migration

Use the Network Connections window to confirm that three network connections have been added
to LON-HOSTx, and that they are named:
o

vEthernet (Management)

vEthernet (Storage)

vEthernet (Live Migration)

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-11

4.

View the properties of the vEthernet (Management) network connection, and confirm that the
network connection is using most items, including Internet Protocol Version 4 (TCP/IPv4), but it is
not using the Hyper-V Extensible Virtual Switch.

5.

In Windows PowerShell, use the cmdlet Get-VMNetworkAdapter with the All parameter to confirm
that the network adapters that you added by using Windows PowerShell are present on the system.

Task 3: Create virtual switches


1.

On LON-HOSTx, in Hyper-V Manager, try to create an external virtual switch.

Note: You should get an error, because the physical network adapter is already bound to
the external switch.
2.

In Hyper-V Manager, create an internal virtual switch and name it Internal Switch.

3.

Use the Network Connections window to confirm that a network connection is added and that it is
named vEthernet (Internal Switch).

4.

View the properties of vEthernet (Internal Switch), and confirm that the network connection is using
most items, including Internet Protocol Version 4 (TCP/IPv4), but that it is not using Hyper-V
Extensible Virtual Switch.

5.

Use the Windows PowerShell cmdlet Get-VMNetworkAdapter with the All parameter to confirm
that there is a network adapter named Internal Switch present on the system.

6.

On LON-HOSTx, in Hyper-V Manager, create a private virtual switch, and name it Private Switch.

7.

Use the Network Connections window to confirm that no network connection was added when you
created the private virtual switch.

8.

In Windows PowerShell, use the Get-VMNetworkAdapter cmdlet with the All parameter to confirm
that no network connection was added when you created the private virtual switch.

9.

Use Hyper-V Manager to confirm that External Network, Internal Switch and Private Switch have
the same two extensions available: Microsoft NDIS Capture, which is not enabled, and Microsoft
Windows Filtering Platform, which is enabled.

Task 4: Use Hyper-V virtual switches


1.

On LON-HOSTx, connect both the LON-PRODx and LON-TESTx virtual machines to the Private
Switch virtual switch.

2.

Confirm that LON-PRODx has an IPv4 address of 10.0.0.x5 (where x is 1 if you are using LON-HOST1,
and x is 2 if you are using LON-HOST2).

3.

Open Windows PowerShell in Administrator mode, and to try to ping IP address 10.0.0.x6.

4.

Confirm that four replies are received


Note: LON-TESTx has an IP address of 10.0.0.x6.

5.

On LON-HOSTx, connect the LON-PRODx virtual machine to an Internal Switch.

6.

On LON-PRODx, try to ping the IP address 10.0.0.x6, and confirm that it does not have connectivity
with LON-TESTx.

7.

On LON-HOSTx, try to ping IP address 10.0.0.x5.

Note: Confirm that the destination host is unreachable. This is because the virtual network
adapter in LON-HOSTx that is connected to the Internal switch does not have IP address from the
same subnet as LON-PRODx.
8.

9.

MCT USE ONLY. STUDENT USE PROHIBITED

4-12 Creating and Configuring Virtual Machine Networks

On LON-HOSTx, configure the vEthernet (Internal Switch) network connection with the following
settings:
o

IP address: 10.0.0.100

Subnet mask: 255.255.255.0

On LON-HOSTx, try to ping IP address 10.0.0.x5. Confirm that four replies are returned, which
confirms that LON-HOSTx and LON-PRODx now have network connectivity.

10. On LON-HOSTx, connect the LON-PRODx virtual machine to the External Network virtual switch.

11. On LON-PRODx, use the Windows PowerShell cmdlet Set-NetIPInterface to enable dynamic TCP/IP
configuration for the Ethernet network connection. To do this, you will need to run Windows
PowerShell in Administrator mode.
12. In Windows PowerShell, use ipconfig to confirm that LON-PRODx obtained the IP address from the
DHCP server. Write down the LON-PRODx IPv4 address.

13. On LON-HOSTx, try to ping the IP address of LON-PRODx, and confirm that four replies are returned.
14. On LON-DC1, try to ping the IP address of LON-PRODx, and confirm that four replies are returned.
Note: Leave the virtual machines running, as you will use them in the next lab.

Results: After completing this exercise, you should have created and used Hyper-V virtual switches.

Lesson 2

Advanced Hyper-V Networking Features

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-13

The Hyper-V virtual switch provides many other features in addition to the basic packed forwarding
functionality It supports the following features, if they are supported by the physical network adapters in
the Hyper-V host hardware:

Virtual local area networks (LANs)

Private VLANs

Port ACLs

Network traffic monitoring

Basic packet inspection

Capabilities such as SR-IOV and Dynamic Virtual Machine Queue

The Hyper-V virtual switch is fully extensible, which means that you can extend or replace existing switch
functionalities. You can configure some of the advanced virtual switch functionalities by using a GUI, and
at virtual switch levels and at virtual network adapter levels. However, by using Windows PowerShell you
can configure many more functionalities.

Lesson Objectives
After completing this lesson, you will be able to:

Explain virtual switch expanded functionality.

Explain virtual switch extensibility.

Describe SR-IOV.

Describe Dynamic Virtual Machine Queue.

Describe the network adapter advanced features.

Describe the Network Adapter Teaming (NIC Teaming) feature in virtual machines.

Configure network adapter advanced features.

Virtual Switch Expanded Functionality


The Hyper-V virtual switch is a
software-implemented Layer 2 networking switch
that provides network connectivity between
virtual machines, the Hyper-V host, and physical
networks. The Hyper-V virtual switch provides
more functionality than simply forwarding data
packets between computers that are connected to
virtual switch ports. It also provides the following
functions:

Inspect network packets.

Limit bandwidth.

Allow connectivity only between certain virtual switch ports.

Block suspicious network activity.

Perform network virtualization.

MCT USE ONLY. STUDENT USE PROHIBITED

4-14 Creating and Configuring Virtual Machine Networks

You can use Hyper-V Manager to configure some of the Hyper-V virtual switch functionality and
expanded features, such as configuring virtual machine networking adapter settings. However, you must
use Windows PowerShell to configure some of the other features. The Hyper-V virtual switch expanded
functionality includes the following features:

ARP/ Neighbor Discovery Poisoning (spoofing) protection. This feature provides protection against
malicious virtual machines that try to use Address Resolution Protocol (ARP) spoofing to associate
their media access control (MAC) addresses with the IP addresses of another virtual machine. By
doing this, they effectively steal IP addresses and intercept network traffic that is being sent to other
virtual machines. This feature also provides protection against attackers who use IPv6 Neighbor
Discovery spoofing.

You can enable this feature in the Advanced Features settings for the virtual machine network
adapter by selecting the Enable router advertisement guard option. You can also enable it by using
the Windows PowerShell cmdlet Set-VMNetworkAdapter. For example, if you want to enable this
feature on a network adapter in a virtual machine named VM1, you would run the following cmdlets:
$vmNIC = Get-VMNetworkAdapter -VMName VM1
Set-VMNetworkAdapter -VMNetworkAdapter $vmNIC -RouterGuard On

DHCP guard protection. This feature protects against a malicious virtual machine that is running a
rogue DHCP server that can be used for man-in-the-middle attacks. If you enable the DHCP guard
protection option, the virtual switch drops DHCP acknowledgement packets that the virtual machine
sends. This effectively prevents other computers from obtaining TCP/IP configuration from the DHCP
server that is running in the malicious virtual machine.
You can enable this feature in the Advanced Features settings for the virtual machine network
adapter, by selecting the Enable DHCP guard option. You also can enable this feature by using the
Windows PowerShell cmdlet Set-VMNetworkAdapter. For example, if you want to enable this
feature on a network adapter in virtual machine named VM1, you can run the following cmdlets:
$vmNIC = Get-VMNetworkAdapter -VMName VM1
Set-VMNetworkAdapter -VMNetworkAdapter $vmNIC -DHCPGuard On

Port ACLs. The virtual switch performs traffic filtering based on MAC or IP addresses and ranges.
With this feature, you can set up virtual network isolation by creating two lists: a list of computers
with which a virtual switch port can communicate (white list), and a list of computers with which a
virtual switch port cannot communicate (black list). A network port ACL has several entries, which
include a network address and an associated permit, deny, or meter action. When a network packet
matches one of the entries, the virtual switch takes the appropriate action.

Port ACLs can be based on MAC address, IPv4 address, or IPv6 address. You can configure this
feature only by using Windows PowerShell, by running the Add-VMNetworkAdapterAcl cmdlet.
For example, if you want to allow network traffic in both directions between a virtual machine named
VM1 and computers on the 10.0.0.0/8 subnet, you can run the following cmdlet:
Add-VMNetworkAdapterAcl -VMName VM1 -RemoteIPAddress 10.0.0.0/8 -Direction Both
-Action Allow

Trunk mode to a VM. A VLAN logically isolates computers that are connected to the same local
network, irrespective of their actual physical location. By using VLANs, you can assign computers
on different switches to the same Layer 2 broadcast domain. This enables network communication
between the computers while they are isolated from the other computers that are either assigned to

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-15

a different broadcast domain or have a different VLAN ID. A VLAN trunk enables traffic from multiple
VLANs to be visible and accessible on the same network adapter, as defined in the IEEE 802.1Q
standard.

Prior to Windows Server 2012 Hyper-V, the virtual switch did not have the ability to set a switch
port to trunk mode, and you could not have multiple VLANs assigned to the same virtual NIC.
Hyper-V in Windows Server 2012 supports the IEEE 802.1Q standard, and can forward traffic from
multiple different VLANs to the same network adapter. You can configure this feature only by using
Windows PowerShell, by running the cmdlet Set-VMNetworkAdapterVlan. For example, if you want
to enable trunk mode to a virtual machine named VM1, you would run the following cmdlets:
$vmNIC = Get-VMNetworkAdapter -VMName VM1
Set-VMNetworkAdapterVlan $vmNIC -Trunk -AllowedVlanIdList 1-100 -NativeVlanId 10

Network traffic monitoring. You can use this feature to monitor and review all incoming or outgoing
network traffic that the network switch is forwarding to a specific virtual machine network adapter.
When you configure this feature, network traffic is copied and you can view it inside a virtual machine
by using a packet capture tool such as Network Monitor.
You can enable this feature in the Advanced Features settings for the virtual machine network
adapter by configuring the port mirroring mode. You can also configure it by using the Windows
PowerShell cmdlet Set-VMNetworkAdapter. For example, if you want to configure network traffic
monitoring for a virtual machine named VM1, you would run the following cmdlets:
$vmNIC = Get-VMNetworkAdapter -VMName VM1
Set-VMNetworkAdapter $vmNIC -PortMirroring Source

Isolated VLAN or private VLAN. Private VLANs were introduced to help with VLAN scalability issues.
A private VLAN consists of a primary VLAN, which has secondary VLANs. The secondary VLAN IDs
differentiate the various private VLANs, and all secondary VLANs share the same primary VLAN ID.
Private VLANs are designed to reduce the number of IP subnets and VLANs for some types of
network configurations. The virtual switch supports private VLANs to restrict communication between
computers on the same VLAN or network segment.
Private VLANs support an isolated mode in which virtual machines can share the same VLAN ID, but
can only communicate externally. You can configure this feature only by using Windows PowerShell,
by running the cmdlet Set-VMNetworkAdapterVlan. For example, if you want to configure private
VLAN for a virtual machine named VM1 and configure it with primary VLAN ID 10 and secondary
VLAN ID 200, you would run the following cmdlet:
$vmNIC = Get-VMNetworkAdapter -VMName VM1
Set-VMNetworkAdapter $vmNIC -Isolated -PrimaryVlanId 10 -SecondaryVlanId 200

Bandwidth limits and burst support. By setting a minimum bandwidth, you can guarantees at least
that amount of bandwidth for the virtual machine network adapter. The maximum bandwidth setting
specifies the maximum amount of bandwidth that a virtual machine network adapter can consume.
You can enable and configure this feature only for network adapters, and not for legacy network
adapters.

You can enable and configure this feature on the virtual machine network adapter settings, or by
using the Windows PowerShell cmdlet Set-VMNetworkAdapter. For example, for a network adapter
in a virtual machine named M1, if you want to specify a minimum bandwidth of 10 megabytes (MB)
and maximum bandwidth of 1 gigabyte (GB), you can run following cmdlets:
$vmNIC = Get-VMNetworkAdapter -VMName VM1
Set-VMNetworkAdapter $vmNIC -MinimumBandwidthAbsolute 10MB -MaximumBandwidth 1GB

Question: Do you need to enable DHCP guard protection on each virtual machine that you
want to protect from obtaining TCP/IP configuration from the rogue DHCP server?

Virtual Switch Extensibility


Prior to Windows Server 2012, Hyper-V included
a simple virtual switch that was built on a closed
architecture. It provided only basic networking
functionality and was not extensible in any way.
Windows Server 2012 Hyper-V uses a completely
redesigned virtual switch, which is built on an
open framework, is extensible, and allows
developers to extend existing features and add
new features into the virtual switch. For example,
other companies can add their own monitoring,
filtering, and forwarding features without having
to replace all of the Hyper-V virtual switch
functionality.

MCT USE ONLY. STUDENT USE PROHIBITED

4-16 Creating and Configuring Virtual Machine Networks

You can also implement extensions by using NDIS filter drivers or Windows Filtering Platform (WFP)
callout drivers, which are two public Windows platforms used for extending the Windows networking
functionality. Both platforms are available in Windows Server 2008 and newer Windows Server platforms,
and you can use them to extend a virtual switch in different ways.
NDIS filter drivers or WFP callout drivers have the following characteristics:

NDIS filter driver. The NDIS filter driver is a filtering service that monitors and modifies network
packets in Windows operating systems. For example, you can use the NDIS filter driver to perform
packet inspection, to modify packets when transiting a virtual switch, or to perform packet forwarding
based on their content. NDIS filters were introduced with the NDIS 6.0 specification, which was first
implemented in Windows Server 2008 and Windows Vista.

WFP callout drivers. Developers can use WFP callout drivers to filter and modify TCP/IP packets,
and to monitor or authorize connections, filter Internet Protocol security (IPsec)protected traffic,
and filter remote procedure calls (RPCs). Filtering and modifying TCP/IP packets provides unlimited
access to the TCP/IP traffic that passes through the virtual switch. WFP callout divers can examine
and modify outgoing and incoming packets before additional processing occurs. By using WFP
callout drivers, developers can create firewalls, antivirus software, diagnostic software, intrusion
detection software, and other types of applications and services. WFP callout drivers were first
implemented in Windows Server 2008 and Windows Vista.

Non-Microsoft Extension Support

Non-Microsoft extensions can extend three aspects of the switching process: inbound (ingress) filtering,
destination look-up and forwarding, and outbound (egress) filtering. Monitoring extensions also can
gather statistical data by monitoring traffic at different layers of the virtual switch. You can add multiple
monitoring and filtering extensions to a virtual switch. However, you can only use one instance of the
forwarding extension per switch instance, and if you use a non-Microsoft forwarding extension, it will
override the default forwarding of the virtual switch.

After you install virtual switch extensions, you can control them on the Extensions settings for the virtual
switch, or by using Windows PowerShell. By default, there are two virtual switch extensions included with
Hyper-V. These virtual switch extensions are the Microsoft NDIS Capture monitoring extension, which is
disabled by default, and the Microsoft Windows Filtering Platform filtering extension, which is enabled by
default.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-17

The following table lists some of the virtual switch extensions, functionalities they provide, and which
platform you can use to provide such functionality.
Extension

Purpose

Extensibility component

Network packet
inspection

Inspects network packets that are exchanged


between virtual machines and passed through a
virtual switch. Network packets cannot be
modified.

NDIS filter driver

Network packet
filter

Creates, filters, and modifies network packets that


are entering or leaving the virtual switch.

NDIS filter driver

Network
forwarding

Provides network packets with a forwarding logic


extension. This extension replaces the default
forwarding extension, because the virtual switch
can have only one forwarding extension.

NDIS filter driver

Intrusion detection
or firewall

Filters and modifies network packets, monitors or


authorizes connections, and filters traffic based on
different criteria (for example, if the network
packets are protected by IPsec).

WFP callout driver

Getting Started Writing a Hyper-V Extensible Switch Extension


http://go.microsoft.com/fwlink/?LinkID=386699
Question: Can you write Hyper-V virtual switch extensions in Windows PowerShell?

What Is SR-IOV?
SR-IOV is a standard that specifies how a
hardware device can make its functionality
available for direct use by virtual machines.
These functionalities are called virtual functions,
and are associated with physical functions.
Physical functions are what the parent partition
uses in Hyper-V.

SR-IOV in Hyper-V uses remapping of interrupts


and direct memory access (DMA), and allows
SR-IOVcapable devices to be assigned directly
to a virtual machine. Hyper-V enables support for
SR-IOVcapable network devices, and allows an
SR-IOV Virtual Function of a physical network adapter to be assigned directly to a virtual machine. By
doing this, the network adapter bypasses the virtual switch, and as a result network throughput increases,
and the network latency and CPU overhead on the Hyper-V host decrease.
If you want to use SR-IOV, both the Hyper-V host hardware and the network device and its device driver
must support it. Because SR-IOV requires compliant hardware, it can be only associated with an external
virtual switch that maps to an SR-IOVcapable network adapter in the Hyper-V host. You can only
configure SR-IOV at the time that you create the virtual switch. You cannot convert an external virtual
switch with SR-IOV enabled, to an internal or private switch. You can enable SR-IOV on virtual machine
network adapters.

MCT USE ONLY. STUDENT USE PROHIBITED

4-18 Creating and Configuring Virtual Machine Networks

In Windows Server 2012 and newer Windows Server operating systems, you can use live migration to
move running virtual machines without noticeable downtime, even when virtual machines are configured
to use SR-IOV. During live migration, Hyper-V can check whether the destination server has SR-IOV
capabilities, and if so, move the virtual machine to that server. You also can configure live migration to
refuse migrations of SR-IOVdependent virtual machines to a Hyper-V host that does not have SR-IOV
capabilities.

You also can use live migration to move virtual machines that are configured to use SR-IOV between
Hyper-V hosts even if Hyper-V hosts have different SR-IOVenabled network adapters. When you move a
virtual machine, you will notice that it is using a different network adapter, but the configuration and
network connectivity will be preserved.

SR-IOV Requirements
When you want to enable and use SR-IOV, the Hyper-V host must meet the following requirements:

Server hardware must support SR-IOV, which includes chipset support for interrupt, and DMA
remapping and firmware support to enable and make the hardware system SR-IOV capabilities
available to the Windows Server operating system.

An SR-IOVcapable network adapter and network adapter device driver must be present on the
Hyper-V host (in the parent partition). The network adapter device driver also must be present in
each virtual machine, where an SR-IOVcapable network adapter (its virtual function) is assigned.

Note: When using SR-IOV, virtual machine traffic bypasses the Hyper-V virtual switch. If
any switch port policies are set, SR-IOV functionality is disabled for that virtual machine.
Everything you wanted to know about SR-IOV in Hyper-V. Part 1
http://go.microsoft.com/fwlink/?LinkID=386698
Question: Can you configure a Hyper-V virtual switch to use SR-IOV after you have
created it?

What Is Dynamic Virtual Machine Queue?


The Virtual Machine Queue (VMQ) was first
supported in Hyper-V on Windows Server 2008
R2. VMQ provides support for virtual machines
similar to how Receive Side Scaling provides
support for multicore systems. Receive Side
Scaling enables network adapters to distribute
the network processing load across multiple
processors in multicore computers, which makes
it possible to support higher network bandwidth
than a single CPU core can process.

Hyper-V host supports the multiple unicast


MAC addresses per network adapter feature. If a
network adapter also supports this feature, it can receive network packets with a destination MAC address
that matches any of the unicast MAC addresses that are set on the adapter, without being in promiscuous
mode. Such an adapter can allocate a receive queue for each MAC address, and then route incoming

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-19

traffic to the corresponding queue. For VMQ support, you must have both the multiple unicast MAC
addresses per network adapter feature, and the ability to create queues in the memory address space that
is assigned to the virtual machines.
VMQ uses network adapter queues to:

Classify received packets.

Group received packets.

Apply VLAN filtering.

Provide concurrent processing on the network traffic for multiple virtual machines.

Distribute interrupts to multiple cores for multiple virtual machines.

Avoid copying receive buffers to virtual machine address spaces.

VMQ allows the efficient transfer of the incoming network traffic to a virtual machine. A VMQ-capable
network adapter can use DMA to transfer incoming packets to the appropriate virtual machine. This
reduces CPU overhead when transferring packets to the virtual machines, which can be beneficial when
virtual machines are receiving large amounts of traffic when performing tasks such as file backup,
database replication, or data mirroring.

Hyper-V in Windows Server 2008 R2 associated the VMQ queue with virtual machine statically. In
Windows Server 2012 and newer versions, Hyper-V provides automatic configuration and tuning for VMQ
queues. This is accomplished by allowing VMQ to be associated with a processor dynamically, based on
processor networking and CPU load. The number of processors that network processing uses can increase
or decrease automatically, based on the network load. This allows the Hyper-V host to process more
networking traffic and support higher network bandwidth. The ability to dynamically adjust number of
processor cores that are used for processing VMQ queues is called Dynamic Virtual Machine Queue.
Dynamic Virtual Machine Queue is enabled automatically in the virtual switch whenever an administrator
enables VMQ on the virtual network adapter that is connected to the switch. The only ways to disable the
VMQ feature either is to disable VMQ in the virtual network adapter Hardware Acceleration settings, or to
use the Windows PowerShell cmdlet Set-VMNetworkAdapter.
Note: VMQ requires a physical network adapter that supports this feature. If the VMQ
feature is enabled on a virtual network adapter, but the Hyper-V host does not have a physical
adapter that supports VMQ, this feature cannot be used.
Question: Is VMQ beneficial when a virtual machine has to perform complex calculations
and database searches?

Network Adapter Advanced Features


The Hyper-V virtual switch provides expanded
switch functionality, which developers can also
extend. You also can replace the Hyper-V virtual
switch entirely, with a non-Microsoft virtual switch
implementation. Hyper-V is built on an open and
extensible framework.

MCT USE ONLY. STUDENT USE PROHIBITED

4-20 Creating and Configuring Virtual Machine Networks

You can manage some of the more advanced


Hyper-V virtual switch features, but only by using
Windows PowerShell. However, you can configure
other features by using graphical tools such as
Hyper-V Manager. Some virtual switch settings
such as virtual switch type, VLAN ID, SR-IOV or
virtual switch extension used are configured for virtual switch by using Virtual Switch Manager. You can
configure other settings that also rely on Hyper-V virtual switch functionality, as properties of the virtual
network adapter. You can configure the following network adapter advanced features:

MAC Addresses. By using this setting, you can configure a virtual machine either to use a dynamic
MAC address assignment (which is the default configuration), or to specify a static MAC address that
the virtual machine will use. As with most other settings, you can configure this setting only if the
virtual machine is not running. In this setting, you can also enable MAC Address spoofing, which
allows virtual machines to change the source MAC addresses in outgoing packets to one that is not
assigned to them. This can be beneficial when the virtual machine is a node in the Network Load
Balancing (NLB) cluster, in which nodes should be using the same MAC address for outgoing traffic.
If a virtual machine has NIC Teaming configured, MAC address spoofing must be enabled.

DHCP guard. This is a security feature that can prevent a rogue DHCP server that is running in a
virtual machine from providing TCP/IP settings on the network. This option is disabled by default,
which means that the virtual switch is forwarding DHCP Acknowledge packets from the virtual
machine. If you enable this option, the DHCP server that is running in the virtual machine will not
be able to offer TCP/IP settings over the virtual network adapter that has this feature enabled.

Router guard. This is also a security feature that can prevent virtual machines from sending router
advertisements and redirection messages, and prevent man-in-the-middle type attacks. This option is
disabled by default. If you enable it, the virtual switch will drop router advertisements and redirection
messages, which are sent from the virtual machine over a virtual network adapter that has this feature
enabled.

Protected network. This option is enabled by default, and enables network health detection and
recovery. If a virtual machine is running on a Hyper-V host cluster and a network is disconnected on
a protected virtual network, the failover cluster will use live migration to move the affected virtual
machine to a Hyper-V node on which that external virtual network is available.

Port mirroring. This feature enables monitoring of the incoming and outgoing traffic for a virtual
machine. You can configure port mirroring as either the source or as the destination, and the virtual
switch will copy all traffic from the source virtual network adapter to the destination adapter. In a
virtual machine that has the virtual network adapter configured as a destination, you should typically
be running a network monitoring application.

NIC Teaming. By using this setting, you can add multiple network adapters that are configured in a
virtual machine to a network team. This aggregates their bandwidth and provides redundancy, even if
NIC Teaming is not configured on the Hyper-V host itself.

Note: You can configure the same network adapter advanced features for network
adapters, legacy network adapters, and network adapters that are used in Generation 2 virtual
machines.
Question: How can you monitor network traffic when you enable port mirroring for a
network adapter?

NIC Teaming in Virtual Machines


NIC Teaming is one of the features in Windows
Server 2012 R2 that you can use to consolidate
up to 32 physical network adapters, and then use
them as a single interface. This strategy provides
both higher network throughput and redundancy.
NIC Teaming is not a Hyper-Vspecific feature.
Because of this, all applications that are running at
the system level on Windows Server 2012 R2 can
benefit from it, including Hyper-V.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-21

NIC Teaming is also available to guest operating


systems that are running inside virtual machines,
regardless of whether NIC Teaming is used at the
system level or not. This enables virtual machines with multiple virtual network adapters to team the
adapters and still have connectivity, even when one of the adapters is disconnected or one of the virtual
switches (physical network adapter that is connected to the virtual switch) fails. This is especially important
when using SR-IOV, because SR-IOV traffic bypasses the virtual switch and cannot benefit from NIC
Teaming at the system level, whereas the Hyper-V virtual switch can use it.

Using NIC Teaming

To benefit from virtual machine NIC Teaming, you should create at least two external virtual switches,
and then connect virtual machine network adapters to them. Physical network adapters that connect
to virtual switches can be configured to use SR-IOV, although this is not mandatory. If virtual machine
network adapters are connected to SR-IOVenabled virtual switches, the virtual machine will install virtual
functions for them and will be able to use them in an NIC team. If one of the physical network adapters
is disconnected or fails, the virtual machine will continue to use the virtual functions of the remaining
SR-IOVenabled network adapters, and will still have network connectivity.

If virtual switches are connected to physical network adapters that are not SR-IOVenabled, the end result
will be the same. However, physical network adapters will not be directly mapped to the virtual machine
by using virtual function, but will map instead by using the Hyper-V virtual network adapter. Another
option is to use a combination of adapters that are SR-IOVenabled, and those which are not in the same
virtual machine NIC team.
You can enable virtual machine NIC Teaming either from the Advanced Properties settings page of the
virtual network adapter, or by using the Windows PowerShell cmdlet Set-VmNetworkAdapter. Virtual
machine NIC Teaming is not enabled by default. If you do not enable it, and if one of the physical
network adapters stops working, the NIC team that is created in the guest operating system in the virtual
machine will lose connectivity.

Note: Because failover between network adapters in a virtual machine results in


traffic being sent with the MAC address of the other network adapter, each virtual network
adapter that is using NIC Teaming must be set to allow MAC address spoofing, or must
have the AllowTeaming=On parameter set by using the Windows PowerShell cmdlet
Set-VmNetworkAdapter.

MCT USE ONLY. STUDENT USE PROHIBITED

4-22 Creating and Configuring Virtual Machine Networks

At the Hyper-V host level, NIC Teaming is not supported when physical network adapters are using SRIOV or Remote Direct Memory Access (RDMA). This is because network traffic is delivered directly to the
adapter, thereby bypassing the network stack, and not allowing path redirection. When you configure NIC
Teaming at the virtual machine level, physical network adapters that are connected to virtual switches can
be using SR-IOV.
Question: Are there any special hardware requirements if you want to use NIC Teaming in
virtual machines?

Demonstration: Configuring Network Adapter Advanced Features


In this demonstration, you will see how to configure advanced Hyper-V virtual switch features, such as
bandwidth management and DHCP guard.

Demonstration Steps
1.

On LON-PROD1, in File Explorer, copy the C:\Windows\Inf folder and paste it to the network share
\\10.0.0.16\share. Be aware of the copy speed and how long the process takes.

2.

After the copy finishes, delete the copied Inf folder.

3.

On LON-HOST1, in Hyper-V Manager, enable bandwidth management for the network adapter in the
LON-PROD1 virtual machine. Type 10 as both the Minimum bandwidth and Maximum bandwidth.

4.

On LON-PROD1, in File Explorer, copy the C:\Windows\Inf folder, and paste it again to the network
share \\10.0.0.16\share. Notice that copy process takes noticeably longer to complete.

5.

On LON-PROD1, in Windows PowerShell, use the ipconfig command to release and renew TCP/IP
settings.

6.

On LON-HOST1, in Hyper-V Manager, enable DHCP guard on the network adapter of the
20409B-LON-DC1 virtual computer.

7.

On LON-PROD1, in Windows PowerShell, use the ipconfig command to release renew TCP/IP
settings. Notice that this time the process takes considerably longer, and LON-PROD1 is not able to
obtain TCP/IP settings.

Lab B: Creating and Using Advanced Virtual Switch


Features
Scenario
IT management has identified several cases of client computers obtaining network settings from
unauthorized DHCP servers. You have been asked to demonstrate how Hyper-V can prevent rogue
DHCP servers from providing network settings. You also need to demonstrate some of the advanced
virtual switch settings, and demonstrate how to limit bandwidth that virtual machines can use.

Objectives
After completing this lab, you will be able to:

Configure and use advanced virtual switch features.

Lab Setup
Estimated Time: 20 minutes

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-23

Virtual machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-PROD1,


20409B-LON-PROD2, 20409B-LON-TEST1, and 20409B-LON-TEST2
User name: Adatum\Administrator
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment.
Note: You will be working in pairs. Communicate clearly with your lab partner, and
cooperate fully with each other during this lab.

Exercise 1: Configuring and Using Advanced Virtual Switch Features


Scenario

One of your managers would like to see how the Hyper-V virtual switch can protect network clients from
rogue DHCP servers. You plan to demonstrate how to configure DHCP guard, and at the same time,
demonstrate how to configure VLANs and bandwidth management.
The main tasks for this exercise are as follows:
1.

Configure and use DHCP guard.

2.

Configure and use VLANs.

3.

Configure and use bandwidth management.

Task 1: Configure and use DHCP guard


Note: In this exercise you will see how you can prevent rogue DHCP servers on your
network. Because your partner is also using the same DHCP server, you should synchronize this
task with him or her.
1.

On LON-PRODx, use ipconfig to release and renew TCP/IP settings.

2.

On LON-HOSTx, in Hyper-V Manager, on the network adapter of the 20409B-LON-PRODx virtual


computer, enable DHCP guard.

3.

On LON-PRODx, use ipconfig to release and renew TCP/IP settings.

Note: This step confirms that the DHCP guard setting on the virtual network adapter has
no effect on whether or not the virtual machine can obtain TCP/IP settings over that adapter or
not.
Note: The following lab steps will also affect your lab partner, so let him or her know that
you will perform the change on the LON-DC virtual machine. Your partner should wait until you
finish this change, and then proceed.
4.

On LON-HOST1, in Hyper-V Manager, enable the DHCP guard on the network adapter of the
20409B-LON-DC1 virtual computer.

5.

On LON-PRODx, use ipconfig to release and renew TCP/IP settings.

Note: Notice that this time it takes considerably longer, and that LON-PRODx is not able to
obtain TCP/IP settings.
6.

On LON-HOST1, use the Windows PowerShell Set-VMNetworkAdapter cmdlet to disable DHCP


guard on the LON-DC1 virtual computer.
Note: The DHCP server in LON-DC1 can once again offer TCP/IP settings.

Note: In step 6 you disabled DHCP guard on LON-DC1, so now your partner can now
perform steps 4 through 6.

Task 2: Configure and use VLANs


1.

On LON-HOSTx, connect the virtual machine 20409B-LON-TESTx to the External Network virtual
switch.

2.

On LON-PRODx, configure the Ethernet network connection with the following settings:
o

IP address: 10.0.0.x5

Subnet mask: 255.255.255.0

MCT USE ONLY. STUDENT USE PROHIBITED

4-24 Creating and Configuring Virtual Machine Networks

3.

On LON-PRODx, try to ping IP address 10.0.0.x6, and verify that four replies are received, which
confirms that LON-PRODx and LON-TESTx have network connectivity.

4.

On LON-HOSTx, in Hyper-V Manager, configure the LON-PRODx virtual machine network adapter
with the virtual LAN identification value of 2.

5.

On LON-PRODx, try to ping IP address 10.0.0.x6. Confirm that the destination host is no longer
reachable. This is because LON-PRODx is connected to a VLAN different from LON-TESTx.

6.

On LON-HOSTx, in Hyper-V Manager, disable virtual LAN identification for the network adapter in
the LON-PRODx virtual machine.

Task 3: Configure and use bandwidth management

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-25

1.

On LON-PRODx, in File Explorer, copy the C:\Windows\Inf folder, and then paste it to the
\\10.0.0.x6\share network share. Make note of the copy speed and how long the process takes.

2.

After the copy completes, delete the copied Inf folder.

3.

On LON-HOSTx, in Hyper-V Manager, enable bandwidth management for the network adapter in the
20409B-LON-PRODx virtual machine. For the values of both the Minimum bandwidth and the
Maximum bandwidth, type 10.

4.

On LON-PRODx, in File Explorer, copy the C:\Windows\Inf folder, and paste it to the
\\10.0.0.x6\share network share. Notice that the copy process takes noticeably longer to complete.

5.

On LON-HOSTx, in Hyper-V Manager, disable Bandwidth management for the network adapter in the
20409B-LON-PRODx virtual machine.
Note: Leave the virtual machines running, as you will use them in the next lab.

Results: After completing this exercise, you should have configured and used advanced virtual switch
features.

Lesson 3

Configuring and Using Hyper-V Network Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

4-26 Creating and Configuring Virtual Machine Networks

Network virtualization, which was introduced with Hyper-V in Windows Server 2012, provides similar
functionality to network traffic as does server virtualization to the server load. With network virtualization,
network traffic between different computers is isolated, even when it is on the same physical network.
You can isolate network traffic by using different features such as VLANs, private VLANs, and Port ACLs.
However, all of these features have limitations. Therefore, for Hyper-V network virtualization (which is
an implementation of Software Defined Networking, you use Network Virtualization Generic Routing
Encapsulation. You can configure network virtualization by using Windows PowerShell, but this process
is much easier when you use tools such as VMM.

Lesson Objectives
After completing this lesson, you will be able to:

Describe solutions to provide network isolation in a multi-tenant environment.

Describe network virtualization.

Explain the benefits of network virtualization.

Describe Network Virtualization Generic Routing Encapsulation.

Describe network virtualization policies.

Configure network virtualization.

Providing Multitenant Network Isolation

Virtualization provides many benefits, including


consolidation, better hardware utilization, and
virtual machine separation from the physical
server hardware. As a result, many companies
are virtualizing most of their server load. With
virtualization and the ability to host virtual
machines from different departments or even
from multiple companies in the same data
center, it is important to be able to separate and
isolate those virtual machines. One of the basic
requirements is to isolate virtual machines that
are running on the same physical hardware. Until
recently, there was no easy, inexpensive, and scalable solution to separate or isolate the network traffic
generated on the same network infrastructure by different tenants. Tenants are the virtual machines that
belong to different departments or organizations, or for which you need to isolate network traffic for any
other reason. You could always use physical network separation, but this option is neither scalable nor
inexpensive.

The different solutions that you can use to provide network isolation in a multiple tenant environment are:

VLANs. This is the solution that most organizations use today to support address space reuse and
multiple tenant isolation. A VLAN uses an additional header that contains a VLAN ID. It relies on
switches to enforce isolation of network traffic between computers that are connected on the same
network but use different VLAN IDs. One of the drawbacks of VLAN is that it provides limited
scalability. Because VLAN ID only uses 12 bits, you can theoretically have a maximum of 4,094

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-27

different VLANs on the same infrastructure. However, many switches can support much less than
4,094 VLANs. The second drawback is that VLANs cannot span multiple logical subnets. This limits
the number of computers in a single VLAN, and restricts the placement of virtual machines based on
physical location.

Although you can enhance or stretch VLANs across physical locations, a stretched VLAN must be on
the same subnet. You should also be aware that switches and routers should be configured to support
VLANs and you need to reconfigure them whenever virtual machines or isolation boundaries move
in the dynamic data center. This can be automated to a certain extent, but it increases risk of an
inadvertent network outage due to incorrectly performed reconfiguration.

Private VLANs. You can use private VLANs to avoid some of the VLAN scalability limitations. You
implement private VLANs in a similar way as you implement VLANs, but you can use private VLANs
to divide a VLAN into a number of separate and isolated subnetworks, which you can then assign to
tenants. Private VLANs consist of a primary and secondary VLAN pair, and share the IP subnet that is
assigned to the parent VLAN. Although computers that are connected to different private VLANs still
belong to the same IP subnet, they require a router to communicate with each other, and with
resources on any other network.

When you use private VLANs, you can assign a large number of tenants to the same primary VLAN
and have isolated secondary VLAN IDs. For example, if you have 4,000 tenants and you could not use
private VLANs, you would need 4,000 VLANs to provide isolation. However, if you use private VLANs,
you can use only one primary VLAN, and assign each tenant a different secondary VLAN. When using
such a configuration, you would need only a single VLAN ID, instead of 4,000.

Port ACLs. You can use port ACLs to configure network traffic filtering based on MAC or IP addresses
or IP ranges. By using port ACLs, you can configure virtual network isolation by creating two lists:
one list contains addresses of computers with which a virtual switch port can communicate, and the
second list contains addresses of computers with which a virtual switch port cannot communicate or
share data.

When you add a new virtual machine or move an existing virtual machine, you must manage and
update these two lists, which can be challenging and error-prone. Technically, it is possible to provide
multiple tenancy isolation by using only port ACLs. However, you typically do not use the port ACLs
feature for this purpose. Instead, you typically use port ACLs to ensure that virtual machines do not
pretend to have different IP or MAC addresses than what they are assigned.
All three solutionsVLANs, PVLANs and port ACLsare also supported and can be implemented by
using the Hyper-V virtual switch. However, the virtual switch also supports network virtualization, and this
is the best solution for providing multitenant networking.
Question: Can two virtual machines always communicate if they are connected to an
external virtual switch?

What Is Network Virtualization?


Network virtualization provides similar
functionality to network traffic as server
virtualization provides to virtual machines. You
can use server virtualization to run multiple virtual
machines on the same physical server. Each virtual
machine is isolated from other virtual machines.
From each virtual machine, it seems as though
that virtual machine is the only one running on
the physical server, even when multiple virtual
machines are running on the same physical server
simultaneously.

MCT USE ONLY. STUDENT USE PROHIBITED

4-28 Creating and Configuring Virtual Machine Networks

The same is true for network virtualization, which


separates the network configuration from the physical network infrastructure. You can have multiple
virtual networks that are logically isolated, and potentially each virtual network is using overlapping IP
address space on the same physical network infrastructure. From each virtual network, it seems as if only
that virtual network is using the physical network infrastructure, even though multiple virtual networks
could be using the same physical infrastructure at the same time. This enables scenarios in which you
want to isolate multiple networks on the same physical network infrastructure, such as when a company
is using the same physical network for testing and production environments. Network virtualization also
simplifies virtual machine movement, because you do not need to change the virtual machine networking
configuration when you move it to a different data center.
Network virtualization is an implementation of Software Defined Networking. It provides a layer of
abstraction between the physical network and network traffic. To achieve this abstraction, the
virtualization platform has to support it.

The Hyper-V virtual switch in Windows Server 2012 and newer Windows Server versions supports this
virtualization by using two IP addresses for each virtual machine. By using two IP addresses, network
virtualization enables you to keep the logical network topology (which is virtualized), and kept separate
from the actual underlying physical network topology and addresses that are used on the physical
network. This enables you to run virtual machines and provide them with the same network access
without any modification on any Hyper-V host, assuming that the Hyper-V hosts are configured to map
between both IP addresses.
Question: Can you use network virtualization to allow virtual machines that are running on
multiple segments to communicate, while isolating that traffic from other network traffic?

Benefits of Network Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-29

Network virtualization provides a layer of


abstraction between a physical network and
network traffic. Virtual machines can run on
physical servers, while being unaware that
they are virtualized. Similarly, networks can be
virtualized and can use their own IP address space,
regardless of the IP address space used on the
physical network. You can implement network
isolation by using different solutions such as
VLANs, private VLANs, and port ACLs. However,
network virtualization avoids their limitations
related to scalability and complex configuration,
and provides a scalable, standard-based, and inexpensive solution for providing multitenant network
isolation.
Network virtualization provides the following benefits:

Flexible virtual machine placement. Network virtualization provides abstraction and separates virtual
machine IP addresses (customer address) from the physical network IP addresses (provider address).
This way, you can place virtual machine on any Hyper-V host in the data center, and placement is no
longer restricted by the IP address assignment or VLAN isolation restrictions of the physical network.

Multitenant network isolation without VLANs. You can define and enforce network traffic isolation
without using VLANs or reconfiguring physical network switches. You are also not limited to 4,094
VLAN IDs. In addition, with network virtualization, when you move existing virtual machines or create
new ones, you do not need to manually reconfigure the physical hardware.

IP address reuse. Virtual machines in different virtual networks can use the same or overlapping IP
address space, even when they are deployed on the same physical network. Virtual networks are
isolated, and they can use the same address space without any conflict or issue.

Live migration across subnets. Previously, virtual machine live migration was limited to the same
IP subnet or VLAN, because when a virtual machine was moved to different subnets, it should have
changed its IP address. With network virtualization, you can use live migration to move a virtual
machine between two Hyper-V hosts in different subnets, without needing to change the virtual
machine IP address. With network virtualization, the virtual machine location change is updated
and synchronized among computers that have ongoing communication with the migrated virtual
machine.

Compatibility with the existing network infrastructure. Network virtualization is compatible with
existing network infrastructure, and you can deploy it in an existing data center.

Transparent moving virtual machines to a shared infrastructure as a service (IaaS) cloud. When
you use network virtualization, IP addresses, IP policies, and virtual machine configurations remain
unchanged, regardless of on which Hyper-V host the virtual machine is running. As a result, you
can move virtual machines between Hyper-V hosts in your data center, between Hyper-V hosts in
different data centers, and between Hyper-V hosts in your data center and shared IaaS cloud.

Configuration by Windows PowerShell. Network virtualization supports Windows PowerShell for


configuring the network virtualization and isolation policies. The Hyper-V module includes cmdlets
that you can use to configure, monitor, and troubleshoot network virtualization. You should use tools
such as VMM to configure and manage network virtualization.
Question: Do you need to modify a network virtualization configuration when you migrate
virtual machines between Hyper-V hosts?

What Is Network Virtualization Generic Routing Encapsulation?


Windows Server 2012 Hyper-V and newer
versions use Network Virtualization Generic
Routing Encapsulation to implement network
virtualization. When using network virtualization,
each virtual network adapter is associated with
two IP addresses:

MCT USE ONLY. STUDENT USE PROHIBITED

4-30 Creating and Configuring Virtual Machine Networks

Customer Address. This is the IP address


that the virtual machine configures and uses.
You configure this address in the properties
of the virtual network adapter, by the guest
operating system that is running on the
virtual machine, irrespective of whether
network virtualization is used. Virtual machines use customer addresses when communicating
with other systems, and if you migrate a virtual machine to a different Hyper-V host, the customer
addresses can remain the same.

Provider Address. This is the IP address that the virtualization platform (Hyper-V) assigns, and
is dependent on the physical network infrastructure where Hyper-V host is connected. When
network virtualization is being used and the virtual machine sends network traffic, the Hyper-V host
encapsulates the packets and includes the provider address as the source address from where packets
were sent. The provider address is visible on the physical network, but not to the virtual machine. If
you migrate a virtual machine to a different Hyper-V host, the provider address changes.

Using Network Virtualization Generic Routing Encapsulation

When a virtual machine has to communicate over a network, Network Virtualization Generic Routing
Encapsulation encapsulates its packets. For example, assume that one virtual machine is configured with
the IP address 10.1.1.11 (customer address 1), and is running on a Hyper-V host that uses IP address
192.168.2.22 (provider address 1). The second virtual machine is configured with IP address 10.1.1.12
(customer address 2) and is running on a Hyper-V host with IP address 192.168.5.55 (provider address 2).
If those two virtual machines need to communicate, they must communicate over the network, as they are
running on two different Hyper-V hosts.
However, if you use network virtualization, the first Hyper-V host will use Network Virtualization Generic
Routing Encapsulation to encapsulate virtual machine packets. These packets contain the source IP
address (customer address 1) and destination IP address (customer address 2), which are encapsulated
into an envelope that uses its own IP address (provider address 1) as a source and IP address of the
Hyper-V host on which second virtual machine is running (provider address 2) as the destination.
Encapsulated packages will be sent on the physical network, and it will appear as network traffic between
two Hyper-V hosts. The destination Hyper-V host (provider address 2) will separate the envelope from the
encapsulated packet, and then pass it on to the destination virtual machine (customer address 2), which is
running on that Hyper-V host.

You can configure several virtual machines with the same IP addresses, but when they are on the different
virtual networks, Network Virtualization Generic Routing Encapsulation can isolate their traffic. In the GRE
envelope header, aside from the new source and destination addresses (provider address 1 and provider
address 2), there is also a file named Key, which represent the virtual subnet ID. The virtual subnet ID is
used to separate and isolate traffic from different virtual networks, and enables the Hyper-V host to pass
the traffic only to virtual machines on the same virtual network. When multiple virtual machines (customer
address) on the same Hyper-V host (provider address) have the same IP address (customer address), the
Hyper-V host can still differentiate between them, based on which virtual network the virtual machine is
connected.

Question: How many customer addresses does a virtual machine have?


Question: Does a virtual machine customer address change when you move the virtual
machine between Hyper-V hosts?

What Are Network Virtualization Policies?


If you configure network virtualization, and if
two virtual machines have to communicate, the
Hyper-V host on which the first virtual machine is
running must be aware on which Hyper-V host
the second virtual machine is running before
it can encapsulate network packets into GRE
envelopes. If both virtual machines are running on
the same Hyper-V host, Hyper-V already has this
knowledge. In reality, virtual machines are usually
running on different Hyper-V hosts, and you must
configure network virtualization.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-31

You can configure network virtualization by


deploying network virtualization policies. These policies define mappings between the IP address spaces
that the virtual machines use (customer address space), and the IP addresses of Hyper-V hosts on which
those virtual machines are running (provider address space). Before sending traffic on the physical
network, the Hyper-V host consults network virtualization policies, discovers on which Hyper-V host the
target virtual machine is running, and encapsulates the traffic with a GRE envelope. Only after that is the
encapsulated traffic sent on the physical network.
For example, assume that you are hosting two companies, Blue Yonder Airlines and Woodgrove Bank,
with the following configuration:

Blue Yonder Airlines is running Microsoft SQL Server in a virtual machine with the IP address 10.1.1.1,
and a web server in a virtual machine with the IP address 10.1.1.2. The web server is using SQL Server
as a database for storing transactions.

Woodgrove Bank is running SQL Server in a virtual machine with the same IP address 10.1.1.1, and a
web server in a virtual machine with the IP address 10.1.1.2. The web server is using SQL Server as a
database for storing transactions.

SQL servers for both companies are running on Hyper-V Host 1, which has the IP address 192.168.1.10.
Web servers for both companies are running on Hyper-V Host 2, which has the IP address 192.168.1.12.
Therefore, the virtual machines have the following customer addresses:
Company Name

SQL

Web

Blue Yonder Airlines

10.1.1.1

10.1.1.2

Woodgrove Bank

10.1.1.1

10.1.1.2

MCT USE ONLY. STUDENT USE PROHIBITED

4-32 Creating and Configuring Virtual Machine Networks

Based on which Hyper-V host the virtual machines are running on, the virtual machines are also assigned
the following provider addresses:
Company Name

SQL

Web

Blue Yonder Airlines

192.168.1.10

192.168.1.12

Woodgrove Bank

192.168.1.10

192.168.1.12

When you configure virtual networks, Blue Yonder Airlines is assigned virtual subnet ID of 5001, and
Woodgrove Bank is assigned virtual subnet ID of 6001. You also need to create network virtualization
policies for both companies, and then apply policies to Hyper-V Host 1 and Hyper-V Host 2.

When the Blue Yonder Airlines web virtual machine on Hyper-V Host 2 queries its SQL Server at 10.1.1.11,
the following happens:
1.

2.

Hyper-V Host 2, based on its policy settings, translates the addresses in the packet:
a.

From source: 10.1.1.2 (the customer address of Blue Yonder Airlines web)

b.

To destination: 10.1.1.1 (the customer address of Blue Yonder Airlines SQL Server)

Into the encapsulated packet, that contains:


a.

GRE header with virtual subnet ID: 5001

b.

Source: 192.168.2.12 (the provider address for Blue Yonder Airlines web)

c.

Destination: 192.168.1.10 (the provider address for Blue Yonder Airlines SQL Server)

Note: The encapsulated packet also contains the original packet.


When Hyper-V Host 1 receives the packet, based on its policy settings, it unencapsulates the Network
Virtualization Generic Routing Encapsulation packet, sees that it is for the Blue Yonder Airlines virtual
network (virtual subnet ID 5001), and then passes it on to the virtual machine with IP address 10.1.1.1,
as specified in the original (encapsulated) packet.
Note: You can configure network virtualization policies by using Windows PowerShell, but
this can be a daunting and error-prone task. Instead, this configuration is easier to perform with
tools such as VMM.

You can use network virtualization and network virtualization policies to move virtual machines between
Hyper-V hosts while preserving their network configuration. When you move a virtual machine, you only
need to update the network virtualization policies to reflect the new Hyper-V host on which the virtual
machine is running. The virtual machine network configuration stays the same, and it is still connected to
the same virtual network.
If you are using network virtualization between virtual machines, you do not need any additional
infrastructure. However, when you need to provide connectivity between the Hyper-V network
virtualization environment and resources that are not part of the same Hyper-V network virtualization
environment, you will need a network virtualization gateway. Windows Server Gateway is an example of
such a gateway, which is a virtual machine-based router that is built on Windows Server 2012 R2.
Windows Server Gateway
http://go.microsoft.com/fwlink/?LinkID=386700

Question: Why do you need network virtualization policies needed using network
virtualization?

Demonstration: Configuring Network Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-33

In this demonstration, you will see that network virtualization is not configured at first. Because all
computers (LON-PROD1, LON-PROD2, LON-TEST1, and LON-TEST2) are connected to an external
virtual switch, each computer can ping the other three. Next, you will see how to configure network
virtualization and virtualization policies for LON-PRODx computers by defining on which Hyper-V host
they are running. Finally, you will see that after network virtualization is enabled, the LON-PRODx
computers can ping each other, but they cannot ping LON-TESTx computers, which are not on the
same virtual network.

Demonstration Steps
1.

On LON-PROD1, ping the following IP addresses:


o

LON-TEST1: 10.0.0.16

LON-PROD2: 10.0.0.25

LON-TEST2: 10.0.0.26

2.

Confirm that LON-PROD1 has connectivity with the other three virtual machines.

3.

On LON-HOST1, use the Windows PowerShell cmdlet Get-VMNetworkAdapter to confirm that


LON-PROD1 has a VirtualSubnetId property value of 0, which means that virtual subnets are not
being used.

4.

Use the Get-NetAdapter cmdlet to determine the Ethernet index number for the network adapters
on LON-HOST1 and LON-HOST2. Write these numbers down.

5.

On LON-HOST1, open the file C:\LabFiles\Mod04\ConfigureNWx.ps1 in Windows PowerShell ISE.

6.

Review the Windows PowerShell script to see how network virtualization is being configured. Review
the variables as well, which are defined at the start.

7.

In Windows PowerShell ISE, on the toolbar, click Run Script. (Alternatively, you can also press the F5
key).

8.

When prompted, enter the index numbers of LON-HOST1 network adapter and the-HOST2 network
adapter that you recorded in step 4.

9.

On LON-HOST1, use the cmdlet Get-VMNetworkAdapter to confirm that LON-PROD1 has the
VirtualSubnetId property with a value 5001, which you configured with the Windows PowerShell
script.

10. On LON-PROD1, ping the following IP addresses:


o

LON-TEST1: 10.0.0.16

LON-PROD2: 10.0.0.25

LON-TEST2: 10.0.0.26

11. Verify that four replies are returned, but only from IP address 10.0.0.25.
Note: This confirms that LON-PROD1 has connectivity with LON-PROD2, but it does not
have connectivity with LON-TEST1 or LON-TEST2.

Lab C: Configuring and Testing Hyper-V Network


Virtualization
Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

4-34 Creating and Configuring Virtual Machine Networks

You have been asked to demonstrate how you can use network virtualization to separate test and
preproduction environments that are using the same network infrastructure. IT management would like to
ensure that the servers in both environments can use the same IP addresses, and can communicate with
other servers that are part of the same environment.

Objectives
After completing this lab, you will be able to:

Configure Hyper-V network virtualization.

Lab Setup
Estimated Time: 20 minutes
Virtual machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-PROD1,
20409B-LON-PROD2, 20409B-LON-TEST1, and 20409B-LON-TEST2
User name: Adatum\Administrator
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment.
Note: Because you will be using the same virtual machines in the next lab, do not revert
the virtual machines. However, you can shut down all virtual machines after finishing this lab.
You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with
each other during this lab.

Exercise 1: Configuring Hyper-V Network Virtualization


Scenario

Your company is using VLANs to isolate network traffic between test and production environments. While
this solution is sufficient, reconfiguring network equipment while removing servers and adding new virtual
machines is challenging. As a result, you have been asked to demonstrate how network virtualization can
achieve the same goal. To do this, you need to set up a proof of concept environment with four virtual
machines. You then will use these virtual machines to demonstrate how to configure Hyper-V network
virtualization.
The main tasks for this exercise are as follows:
1.

Verify that network virtualization is not configured on LON-HOST1.

2.

Verify that network virtualization is not configured on LON-HOST2.

3.

Configure Hyper-V network virtualization.

4.

Test Hyper-V network virtualization.

5.

Remove Hyper-V network virtualization.

Task 1: Verify that network virtualization is not configured on LON-HOST1


Note: Only the student who is using LON-HOST1 performs this task.
1.

On LON-PROD1, ping the IP addresses of the following virtual machines:


o

LON-TEST1: 10.0.0.16

LON-PROD2: 10.0.0.25

LON-TEST2: 10.0.0.26

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-35

2.

Confirm that LON-PROD1 has connectivity with all three virtual machines.

3.

On LON-HOST1, in Windows PowerShell, use the Get-VMNetworkAdapter cmdlet to confirm that


20409B-LON-PROD1 has a VirtualSubnetId property value of 0, which means that virtual subnets are
not in use.

4.

On LON-HOST1, use the Get-NetVirtualizationLookupRecord cmdlet to verify that no virtualization


lookup records are defined.

5.

On LON-HOST1, use the Get-NetVirtualizationCustomerRoute cmdlet to verify that no


virtualization customer routes are defined.

6.

In Windows PowerShell, run the Get-NetAdapter cmdlet.

7.

For the physical network adapter, under the ifIndex column, write down the Index number.

Task 2: Verify that network virtualization is not configured on LON-HOST2


Note: Only the student who is using LON-HOST2 performs this task.
1.

On LON-TEST2, ping IP addresses of the following virtual machines:


o

LON-PROD1: 10.0.0.15

LON-TEST1 10.0.0.16

LON-PROD2: 10.0.0.25

2.

Confirm that LON-TEST2 has connectivity with the three virtual machines.

3.

On LON-HOST2, use the Get-VMNetworkAdapter cmdlet to confirm that 20409B-LON-TEST2 has a


VirtualSubnetId property value of 0, which means that virtual subnets are not in use.

4.

On LON-HOST2, use the Get-NetVirtualizationLookupRecord cmdlet to verify that virtualization


lookup records are not yet defined.

5.

On LON-HOST2, use the Get-NetVirtualizationCustomerRoute cmdlet to verify that virtualization


customer routes have yet to be defined.

6.

In Windows PowerShell, run the Get-NetAdapter cmdlet.

7.

For the physical network adapter, under the ifIndex column, write down the Index number.

Task 3: Configure Hyper-V network virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

4-36 Creating and Configuring Virtual Machine Networks

1.

On LON-HOSTx, open the file C:\LabFiles\Mod04\ConfigureNWx.ps1 in Windows PowerShell ISE.

2.

Review the Windows PowerShell script to see how network virtualization is configured. Review also
the variables that are defined at the start.

3.

In Windows PowerShell ISE, on the toolbar, press Run Script, or press F5. If you run the script on
LON-HOST1, enter the index number of your physical server network adapter and the index number
of your partner physical server network adapter that were recorded earlier.

Task 4: Test Hyper-V network virtualization


1.

On LON-HOSTx, in Windows PowerShell ISE, use the Get-NetVirtualizationLookupRecord cmdlet to


confirm that virtualization records are created for the IP addresses of LON-PRODx and LON-TESTx
virtual machines.

2.

Use the Get-NetVirtualizationCustomerRoute cmdlet to confirm that one virtualization route is


defined.
Note: Only the student who is using LON-HOST1 will perform steps 3 and 4.

3.

On LON-HOST1, use the Get-VMNetworkAdapter cmdlet to confirm that 20409B-LON-PROD1 has


a VirtualSubnetId property with the value 5001, which you configured with the Windows PowerShell
script.

4.

On LON-PROD1, ping the following IP addresses:

5.

LON-TEST1: 10.0.0.16

LON-PROD2: 10.0.0.25

LON-TEST2: 10.0.0.26

Verify that four replies are returned, but only from IP 10.0.0.25, which confirms that LON-PROD1 has
connectivity with LON-PROD2, but it does not have connectivity with LON-TEST1 and LON-TEST2.
Note: Only the student who is using LON-HOST2 will perform steps 6 and 7.

6.

On LON-HOST2, use the Get-VMNetworkAdapter cmdlet to confirm that 20409B-LON-TEST2 has a


VirtualSubnetId property with the value 6001, which you configured with the Windows PowerShell
script.

7.

On LON-TEST2, ping the following IP addresses:

8.

LON-TEST1: 10.0.0.16

LON-PROD1: 10.0.0.15

LON-PROD2: 10.0.0.25

Verify that four replies are returned, but only from IP 10.0.0.16, which confirms that LON-TEST2 has
connectivity with LON-TEST1, but it does not have connectivity with LON-PROD1 and LON-PROD2.

Task 5: Remove Hyper-V network virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

4-37

1.

On LON-HOSTx, open the file C:\LabFiles\Mod04\RemoveNWx.ps1 in Windows PowerShell ISE.

2.

Review the script to see how network virtualization configuration is removed.

3.

In Windows PowerShell ISE, on the toolbar, press Run Script, or press F5. If you run the script on
LON-HOST1, enter the index number of your physical server network adapter and the index number
of your partners physical server network adapter that you recorded earlier.

4.

After network virtualization is removed, confirm network connectivity by performing the following
steps:
a.

b.

If you are using LON-HOST1, on LON-PROD1, ping the IP addresses of the following virtual
machines:

LON-TEST1: 10.0.0.16

LON-PROD2: 10.0.0.25

LON-TEST2: 10.0.0.26

If you are using LON-HOST2, on LON-TEST2, ping the IP addresses of the following virtual
machines:

LON-PROD1: 10.0.0.15

LON-TEST1: 10.0.0.16

LON-PROD2: 10.0.0.25

Results: After completing this exercise, you should have configured Hyper-V network virtualization.

Module Review and Takeaways


Review Questions
Question: Where can you configure extended virtual switch functionalities, such as traffic
monitoring and DHCP guard protection?
Question: Is there a limit on how many virtual switches you can create on a Hyper-V host?
Question: Why is it that you can configure VLAN IDs for external and internal virtual switches,
but you cannot configure VLAN ID for a private virtual switch?

MCT USE ONLY. STUDENT USE PROHIBITED

4-38 Creating and Configuring Virtual Machine Networks

MCT USE ONLY. STUDENT USE PROHIBITED


5-1

Module 5
Virtual Machine Movement and Hyper-V Replica
Contents:
Module Overview

5-1

Lesson 1: Providing High Availability and Redundancy for Virtualization

5-2

Lesson 2: Implementing Virtual Machine Movement

5-8

Lab A: Moving Virtual Machine and Configuring Constrained Delegation

5-14

Lesson 3: Implementing and Managing Hyper-V Replica

5-18

Lab B: Configuring and Using Hyper-V Replica

5-29

Module Review and Takeaways

5-33

Module Overview

Using virtualization to host server loads provides you with multiple benefits, such as the ability to make
virtual machines highly available, and the ability to move them around within the same failover cluster.
With Windows Server 2012, you can move running virtual machines and their storage between two
Hyper-V hosts, even when they are not part of a failover cluster. This feature is called live migration, and in
this module, you will learn how to implement the Live Migration feature, and how to utilize live migration.
Throughout this module, you will see how to move virtual hard disks while a virtual machine is running,
and you will test this feature in the lab. You will also learn how to use Hyper-V Replica (a feature of
Windows Server 2012 Hyper-V) to protect virtual machines on one site by replicating them to another
site.

Objectives
After completing this module, you will be able to:

Explain the importance of providing high availability and redundancy for virtualization.

Implement virtual machine movement.

Implement and manage Hyper-V Replica.

Lesson 1

Providing High Availability and Redundancy for


Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

5-2 Virtual Machine Movement and Hyper-V Replica

When providing redundancy and high availability for virtual machines, you can choose from a variety, or
even a combination of methods. Some of these, such as failover clustering, Network Load Balancing (NLB),
and Network Adapter Teaming (NIC Teaming) are part of the operating system. Other applications, such
as Microsoft Exchange Server 2013 and Microsoft SQL Server 2012, also include their own high availability
features. In this lesson, you will learn about high availability features, their requirements, and the
situations in which you can benefit from high availability.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the importance of high availability.

Explain redundancy in Windows Server 2012 R2 and Hyper-V.

Describe the use of NLB to achieve high availability at the operating-system level.

Describe the use of clustering to achieve high availability at the operating-system level.

Describe high availability at the application level.

Why Is High Availability Important?


In an ideal computer environment, servers would
always be available and free of failure. Bandwidth
and other resources would be infinite, and you
would not need to worry about high availability.
In reality, server downtime is unavoidable, and
you need to consider this when you are planning
to provide uninterrupted services that must be
constantly available. Such uninterruptable services
include virtual machines, because some virtual
machines will host critical systems, such as email,
databases, or file servers.

What Is High Availability?

High availability means that systems and services are up and running, regardless of what happens.
The goal of high availability is to make systems and services as constantly available as possible, and to
eliminate as many potential single points of failure. Availability is often expressed numerically, as the
percentage of time that a service is available. For example, a requirement for 99.9 percent availability
allows 8.75 hours of downtime per year, or approximately 40 minutes of downtime every four weeks.
However, with 99.999 percent up time, the allowed service downtime reduces to only five minutes per
year. If your service or virtual machine is running on a single system, these high availability rates are
virtually unachievable, because a single restart will most likely use up those five minutes. In addition, many
actions such as upgrading hardware or applying updates require system restart. No matter how reliable
the hardware is, components fail from time to time. Although rare, power outages or natural disasters
such as earthquakes or hurricanes are always a possibility as well.
To make a virtual machine highly available, you must first ensure that the hardware on which it is running
is as reliable as possible. You should store virtual machine data files on shared storage, so they are still

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-3

available even if the physical host fails. You should then provide redundancy of all components, including
power and networking, by using redundant power supplies and physical network paths to virtual
machines. There is no benefit if the virtual machine is running, but clients cannot access it because of
network failure.
Question: Can you ensure high availability by simply copying the virtual machine that is
providing a critical service, and making both the original virtual machine and the copy
available on the network?

Redundancy in Windows Server 2012 R2 and Hyper-V


To make a virtual machine highly available, you
must deploy it in an environment that provides
redundancy for all components, and makes it
available even when failure occurs. The most
basic high availability strategy is to ensure
that hardware is as robust as possible, thereby
minimizing failures in the first place. Windows
Server 2012 R2 provides high availability features
such as NIC Teaming, NLB, and failover clustering.
Hyper-V builds on top of the Windows Server
2012 R2 high availability features by introducing
its own virtualization-specific features, such as live
migration, live storage migration, and Hyper-V Replica.

Hyper-V builds on and includes the following features to mitigate failures and provide high availability at
different levels:

Hardware failure. Hyper-V benefits from Windows Server 2012 R2 availability and serviceability,
in addition to Windows Hardware Error Architecture, which provides a common infrastructure for
managing hardware errors on Windows platforms. With Hyper-V, if a memory error is detected at a
memory location that Hyper-V does not use, it will be marked as bad and in the future, the operating
system will not use it. If the memory error is in the physical random access memory (RAM) that the
virtual machine is using, only that virtual machine will be affected. The entire host and all virtual
machines will fail only if the memory error is in the physical RAM that the Hyper-V host kernel is
using.

Physical server failure. Hyper-V uses the failover clustering feature to provide redundancy if the entire
physical server fails. The failover clustering feature is part of all Windows Server 2012 R2 editions,
in addition to Hyper-V Server 2012 R2. If the server is a node in a failover cluster, virtual machines
that were running on it will fail over automatically to other cluster nodes, and will be available after
minimum downtime as a result of the virtual machine reboot. Hyper-V also includes live migration,
which enables you to move virtual machines between Hyper-V hosts without downtime. An example
is if you need to upgrade hardware or install updates to a Hyper-V host, or if you simply want to
rebalance your virtualization workload.

Input/output (I/O) redundancy. Windows Server 2012 R2 includes several features such as server
message block (SMB) 3.0 multichannel, storage Multipath I/O (MPIO), NIC Teaming, and NLB, which
can provide high availability and benefit from network path redundancy. If a network adapter or
other network infrastructure fails, Hyper-V uses these features to preserve network connectivity. If
there are multiple network paths between the source and the destination, and if network equipment
of one of those paths fails, Hyper-V uses these features to maintain connectivity to the virtual
machine.

MCT USE ONLY. STUDENT USE PROHIBITED

5-4 Virtual Machine Movement and Hyper-V Replica

Application or service failover. If a service or application inside a virtual machine fails or loses network
connectivity, Hyper-V host can detect it and try to recover the application by moving the virtual
machine to another node. You also can configure failover clustering inside virtual machines, either by
using Internet small computer system interface (iSCSI) or Fibre Channel shared storage, an SMB 3.0
file share, or by using virtual hard disk sharing. In the same way that you can benefit from teaming
physical network adapters on a Hyper-V host, you can also use team network adapters in virtual
machines, which can be especially beneficial when using single-root I/O virtualization (SR-IOV).

Disaster Recovery. Windows Server 2012 R2 includes Cluster Shared Volume (CSV) integration with
storage arrays for synchronous replication. This can provide protection against disaster at a single
location, because Hyper-V hosts are also at the alternate location and accessing replicated storage.
However, Hyper-V also includes Hyper-V Replica, a feature that provides asynchronous replication of
the running virtual machines to an alternate location with configurable intervals. Hyper-V Replica
failover requires virtual machine downtime during failover.
Question: Can you configure virtual machine guest clustering only if iSCSI or Fibre Channel
storage area network (SAN) is available as a shared storage?

Using NLB to Provide High Availability at the Operating System Level

NLB is an effective and scalable way to achieve


high availability for stateless services such as a
web server. The term stateless refers to workloads
that respond to each request independently from
previous requests, and without keeping client
state. For example, when a client requests a
webpage, the web server gathers all of the
necessary information from the request, and then
returns the generated webpage to the client.
When the client requests the next webpage, it
may request the webpage from the same web
server, or from any other identically configured
web server in the NLB farm. This is because all the information that the web server needs is in the request.
Using NLB to achieve high availability provides the following benefits:

NLB enhances the availability and scalability of other Internet server applications such as file transfer
protocol (FTP), firewall, proxy, virtual private network (VPN), and other mission-critical servers.

All of the Windows Server 2012 R2 editions include the NLB feature. You can include up to 32 servers
in an NLB farm, and you can add or remove a server dynamically from the NLB farm. For a loadbalanced service, the load is redistributed automatically among the servers that are still operating
when a server fails or goes offline. If the failure is unexpected, only active connections to the failed
server are lost. When you repair the server, it can rejoin the NLB farm transparently and regain its
share of the requests.

Hyper-V can use NLB for load-balancing requests for virtual machines on the same Hyper-V host, or
for virtual machines across multiple Hyper-V hosts. When you use NLB in unicast mode to distribute
load among virtual machines, you must enable MAC Spoofing for the virtual machine network
adapter. This is because the network adapter does not use its own media access control (MAC)
address, but the MAC address of the unicast NLB.
Question: If multiple virtual machines will be part of the same NLB farm, should you
configure them with the same IP address or with different IP addresses?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

Using Clustering to Achieve High Availability at the Operating System


Level
Failover clustering is an operating system
feature that is included in all editions of Windows
Server 2012 R2. Failover clustering provides
high availability at the operating system level,
but it does not provide scalability. If you add an
additional server to the failover cluster, you will
not be able to respond to more requests than
before.

5-5

You often use failover clustering to provide


high availability for mission-critical, stateful
applications such as databases, virtualization
infrastructure, or business applications. You can
implement failover clustering at the Hyper-V host level or at the virtual machine guest operating system
level.

A failover cluster can include up to 64 servers (called nodes), and all servers must be running the same
version of the Windows Server operating system. The servers should have access to shared storage that
contains the application configuration and data. If a server hosting a highly available application fails,
the failover cluster detects the failure by using heartbeats. The hosting server immediately moves the
application to another failover cluster node, and then starts it there without administrative intervention.
During the failover, the application (or virtual machine in the case of Hyper-V failover cluster) is restarted,
which causes some downtime.
The clients detect the failover in the same way as they would an application running on a single
server that you turn off and then turn on again. It would take some time for that server to restart,
for the application to initialize and verify its consistency, and for the database to perform rollback
of uncommitted transactions. However, in the end, the application would become available again
automatically.

Because clients connect to the application by using the cluster name and not the name of the node
where the application was running, the clients are reconnected to the node to where the application was
moved. If Hyper-V is running on a failover cluster, Hyper-V can monitor the state of a virtual machine, the
services running inside the virtual machine, and whether the virtual network adapter has connectivity. If
connectivity is lost but the virtual machine is still running, then the virtual machine can be moved to a
different node. The same is true if a monitored service within the virtual machine stops.
Understanding Microsofts High-Availability Solutions
http://go.microsoft.com/fwlink/?LinkID=386709
Question: Does a virtual machine operating system have to support the failover feature if
you want to make the virtual machine highly available by using failover clustering?

High Availability at the Application Level


You can provide high availability at varying levels.
Reliable and redundant hardware helps keep
servers and networking infrastructure highly
available. Failover clustering and NLB help provide
high availability at the operating system level, and
applications and services can benefit from them.
However, some applications such as SQL Server or
Exchange Server extend those highly available
features or provide their own. This topic covers
some of those applications and their high
availability features.

MCT USE ONLY. STUDENT USE PROHIBITED

5-6 Virtual Machine Movement and Hyper-V Replica

SQL Server is one of the critical applications, so it


is mandatory that you make it highly available. SQL Server 2012 extends the failover clustering
functionality that Windows Server 2012 R2 provides. SQL Server 2012 provides multiple high availability
features, which you can use to achieve different goals and make an entire database server or single
databases available even in the case of a failure. High availability features that SQL Server 2012 provides
are:

AlwaysOn failover cluster instances. This feature builds on top of the failover clustering feature
in Windows Server 2012. It provides high availability at the SQL Server instance level through
redundancy, which is called failover cluster instance. Failover cluster instance is an instance of SQL
Server that provides failover between nodes if the current node becomes unavailable. Failover cluster
instance is added to a failover cluster and is visible to clients as a SQL Server instance running on a
single server. Only one failover cluster instance node owns the failover clustering resource group at
any time. If failure happens, resource group ownership moves to another failover clustering node. The
process is transparent to the clients, and this minimizes the downtime that clients experience during a
failure.

AlwaysOn Availability Groups. This is a new feature in SQL Server 2012, and it maximizes the
availability for one or more user databases (called availability databases). The databases in an
availability group are treated as a unit, and all the databases in the same availability group fail over
together. An availability group supports a set of read-write primary databases and up to four sets of
corresponding secondary databases. Each instance of an availability group is called an availability
replica, and secondary databases can be configured for read-only access or used for backup. Failover
clustering provides high availability for listeners. Availability replica is stored locally and SQL Server
provides synchronization between databases in the availability group by either asynchronous-commit
or synchronous-commit mode.

Note: Each availability replica must reside on a different node of a single Windows Server
failover cluster.

Database mirroring. This feature increases SQL Server database availability. SQL Server implements
mirroring at the database level, which works only if the database is using a full recovery model. With
mirroring, two copies of a database are maintained, and each copy is on separate servers that are
running SQL Server, typically in different locations. Clients access one server running SQL Server, and
the other server acts as a hot or warm standby server, depending on configuration. When the servers
that are running SQL Server synchronize, database mirroring provides a hot standby server that
supports rapid failover without a loss of data from committed transactions.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

Note: Database mirroring will be removed in a future version of SQL Server. Therefore, you
should not include it in your applications, and you should plan to modify applications that are
using this feature. Instead, you should use AlwaysOn Availability Groups.

5-7

Log shipping. This feature operates at the database level and automatically sends transaction log
backups from a production (or primary) database to one or more standby secondary databases on
a separate server that is running SQL Server. The transaction log backups are applied to each of the
secondary databases individually. You can also configure an optional third server or monitor server,
which records the status of backup and restore operations, and can raise alerts if these operations fail
to occur as scheduled.

With Exchange Server 2013, you can simply install two or more Exchange Server 2013 mailbox servers
as stand-alone servers, and then when needed, configure these servers and mailbox databases for high
availability and site resilience. Exchange Server provides high availability for the mailboxes by configuring
database availability groups (DAGs). A DAG is a collection of up to 16 servers that provides the
infrastructure for replicating and activating database copies. Any server in a DAG can host a copy of a
mailbox database from any other server in the DAG. The DAG uses continuous replication to each of the
passive database copies within the DAG.

DAG requires the Windows Server failover clustering feature, although all installation and configuration
is performed by Exchange Server. Failover clustering does not manage database failover. Instead, Active
Manager performs this task. Active Manager will recover from the failure automatically by failing over to a
database copy on another mailbox server in the DAG. Windows Server failover clustering is also useful for
some failure-detection scenarios, such as a server failure.
If you need to provide high availability for client access in Exchange Server 2013, you can add multiple
Client Access servers to the Exchange deployment and use NLB or round-robin Domain Name System
(DNS) to distribute clients among the Client Access servers in an NLB farm.
High Availability Solutions (SQL Server)
http://go.microsoft.com/fwlink/?LinkID=386708
High Availability and Site Resilience
http://go.microsoft.com/fwlink/?LinkID=386704
Question: Can you implement application high availability features such as AlwaysOn
Availability Groups in SQL Server 2012 without operating system support?

Lesson 2

Implementing Virtual Machine Movement

MCT USE ONLY. STUDENT USE PROHIBITED

5-8 Virtual Machine Movement and Hyper-V Replica

One benefit of virtualization is that you can move virtual machines between Hyper-V hosts. In the past,
you could move virtual machines without downtime (referred to as live migration), but only between
nodes in the same failover cluster. In Windows Server 2012, the Live Migration feature is improved, so
that you now can move virtual machines between any two Hyper-V hosts, providing there is network
connectivity between them. You can also move virtual hard disks, checkpoints, and other virtual machine
items while a virtual machine is running.
In this lesson, you will learn how to implement storage migration and live migration, and you will learn
how you can perform these types of migrations using Hyper-V Manager and Windows PowerShell.

Lesson Objectives
After completing this lesson, you will be able to:

Describe virtual machine moving options.

Explain how storage migration works.

Describe the Move Wizard.

Move virtual machine storage.

Describe live migration of non-clustered virtual machines.

Move a running virtual machine.

Virtual Machine Moving Options


A virtual machine is always running on a Hyper-V
host. However, sometimes you need to move a
virtual machine or its components from one
volume to another, or between Hyper-V hosts,
even if they are not cluster nodes. For example,
you might want to move a virtual machine from
local storage to an SMB 3.0 share, between logical
unit numbers (LUNs), or between Hyper-V nodes
in different failover clusters.
Hyper-V in Windows Server 2012 R2 has
several options that you can use to move a
virtual machine and its data files. Based on the
environment and requirements, you can select one of the following methods:

Virtual machine and storage migration. With this method, you can move an entire virtual machine
or only its data files from one location to another or between Hyper-V hosts, while the virtual
machine is running, and without noticeable downtime. Virtual machine and storage migration do
not require failover clustering or any other high availability solution to work. They only require
network connectivity between the source and destination. When you are moving a virtual machine
and storage from Windows Server 2012 Hyper-V, a destination server can be either Windows Server
2012 or Windows Server 2012 R2 (cross-version migration).

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-9

Quick migration. Windows Server 2008 introduced the quick migration method, which you can use
to move virtual machines only between Hyper-V hosts within the same failover cluster. The virtual
machine is unavailable for the short time during the move operation.

Live Migration. Windows Server 2008 R2 introduced the Live Migration feature, which is an
improvement over quick migration functionality. When first introduced, you could use the Live
Migration feature only to move virtual machines between Hyper-V hosts in the same failover
cluster. The benefit of live migration functionality is that there is no noticeable virtual machine
downtime. In Windows Server 2012, live migration functionality is improved. Failover clustering is
no longer a requirement, and you can move multiple virtual machines from the same Hyper-V host
simultaneously. Windows Server 2012 R2 provides further improved live migration performance,
because you can use compression, SMB Direct, and SMB Multichannel during live migration.

Hyper-V Replica. Windows Server 2012 introduced the Hyper-V Replica feature, which you can use to
replicate a virtual machine asynchronously over IP networks, typically to a remote disaster recovery
site. With Hyper-V Replica, the virtual machine is replicating while it is running, and its changes are
synchronized with the replica. In Windows Server 2012 R2, you can configure replication frequency
and extended replication. Extended replication forwards the virtual machine changes to a third
Hyper-V host.

Exporting and importing virtual machines. In Windows Server 2012 R2, you can export a virtual
machine while it is running. You can also copy virtual machine data files, because in Windows Server
2012 and newer versions, you can import a virtual machine and then configure necessary settings
during the import operation even if you did not first export the virtual machine. This can be a very
time-consuming operation however, because you need to copy virtual machine data files between
Hyper-V hosts, and the virtual machine is typically turned off during that time.
Question: What is the main difference between quick migration and live migration?

How Storage Migration Works


Using storage migration, you can move virtual
hard disks and data files that the virtual machine
is using to a different physical storage, while the
virtual machine is running. You can perform
storage migration by using the Move Wizard
in Hyper-V Manager, or by using the MoveVMStorage cmdlet in Windows PowerShell.

Windows Server 2012 introduced the storage


migration feature, which you use to move
virtual machine data files without downtime. For
example, you can use storage migration when you
need to upgrade physical storage, or when you
need to move virtual machine storage from locally attached disks to an SMB 3.0 share or SAN. You
can also use storage migration to move various virtual machine items (such as virtual hard disks,
configuration, checkpoints, and smart paging), to different locations while the virtual machine is running.
For example, after you create the first checkpoint for a virtual machine, you cannot modify the checkpoint
file location setting unless you delete all virtual machine checkpoints or use storage migration.
Storage migration is performed in the following steps:
1.

Before the migration starts, all virtual machine Read and Write operations are performed at the
source virtual hard disk.

MCT USE ONLY. STUDENT USE PROHIBITED

5-10 Virtual Machine Movement and Hyper-V Replica

2.

When storage migration starts, virtual hard disk content is copied over the network to the destination,
while all the Read and Write operations are still performed on the source virtual hard disk.

3.

After the initial copy is complete, Write operations for the virtual hard disks are mirrored to both the
source and destination virtual hard disks.

4.

After the source and destination virtual hard disks are synchronized, the virtual machine switches over
and starts using the destination virtual hard disk.

5.

The source virtual hard disk is deleted.

Storage migration is only supported for virtual hard disks, current virtual machine configuration,
checkpoints, and smart paging file. If you try to perform storage migration on any other storage type,
such as directly-attached (pass-through) disks or data on a Fibre Channel SAN (not the virtual Fibre
Channel adapter itself), the storage migration attempt will result in an error.
Note: You cannot move virtual machine storage if the virtual machine is using directlyattached physical disks.

When you are migrating virtual machine storage, you can move all the data files to the same location, or
to different locations. During this storage migration process, the virtual machine continues to run on the
same Hyper-V host, and access to it is uninterrupted.
Note: Use the Storage Migration Hyper-V settings to specify how many storage migrations
can be performed simultaneously. By default, two simultaneous storage migrations are
configured, but you can increase this number.
Virtual Machine Storage Migration Overview
http://go.microsoft.com/fwlink/?LinkID=386706
Question: Can you use storage migration to move only virtual hard disks?

Overview of the Move Wizard


You can use either the Move Wizard in Hyper-V
Manager, or Windows PowerShell cmdlets to
move an entire virtual machine (or just its data)
while the virtual machine is running. Before you
can start moving a virtual machine, you must first
enable Live Migration in both hosts, because this
feature is disabled by default. If you want to move
virtual machine data only, you do not need to
enable Live Migration. Hyper-V allows for two
simultaneous storage migrations by default.

To access and use the Move Wizard, click the


virtual machine in Hyper-V Manager, and then
click Move. After you become familiar with the Move Wizard, you need to select if you want to move the
entire virtual machine, or just the virtual machine storage.

Alternatively, you can also use Windows PowerShell to move a virtual machine. If you want to move
an entire virtual machine, use the Windows PowerShell cmdlet Move-VM. If you want to move just
the virtual machine data, you use the Windows PowerShell cmdlet Move-VMStorage.

Moving Virtual Machines

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-11

To move a virtual machine, you must specify the target Hyper-V host, which you must also configure to
allow live migrations. You must specify if you want to move only the virtual machine, or if you want to
include its data files in the move process. If you want to include the data files, you must specify where
to put them on the target Hyper-V host, or on the SMB 3.0 share. You typically select to move only the
virtual machine when its data is already on the SMB 3.0 share.

You can then complete the Move Wizard and perform the move. This process can occur quickly if you use
a fast network, if the virtual machine is turned off, and if its storage is small. Conversely, the process can
take considerable time for large virtual machines. However, at the end of the move process, the virtual
machine is running on the target Hyper-V host, and is no longer present at the source Hyper-V host.

Moving Virtual Machine Storage

To move virtual machine storage, you have an option to move all of the virtual machine data to a single
location, to move the virtual machine data to different locations, or to move only the virtual machine
virtual hard disks. If you select to move the virtual machine data to different locations, you can specify
a new location for each of the virtual machine data items, which includes virtual hard disks, current
configuration, checkpoints, and smart paging file. You can move virtual machine storage to other folders
on the same Hyper-V host, or to an SMB 3.0 share. You can then complete the Move Wizard, and perform
the move. For example, you can use the Move Wizard to modify checkpoint file location when the virtual
machine already has checkpoints.
Question: Do you need to be local administrator to use the Move Wizard?

Demonstration: Moving Virtual Machine Storage


In this demonstration, you will see how you use the Move Wizard and the Windows PowerShell
Move-VMStorage cmdlet to move virtual machine storage, while the virtual machine is running.

Demonstration Steps
1.

On LON-HOST1, use Hyper-V Manager to confirm that LON-MOVE1 is running and is configured
with a locally stored VHD.

2.

Use the Move Wizard to move the LON-MOVE1 virtual machine VHD to \\LON-HOST2\VHDs
\LON-MOVE1. Because the VHD is dynamically expanding and is small, notice that the move
completes quickly.

3.

Use Hyper-V Manager to confirm that the LON-MOVE1 virtual machine VHD is now stored on a
network share. Notice that the VHD was moved while virtual machine was running.

4.

On LON-HOST1, use Hyper-V Manager to confirm that LON-MOVE2 is running, is configured with a
locally stored VHD, and that its checkpoints are stored locally.

5.

Use the Windows PowerShell cmdlet Move-VMStorage with the DestinationStoragePath


parameter to move LON-MOVE2 storage to the \\LON-HOSTy\VHDs\LON-MOVE2 folder.

6.

Use the Windows PowerShell cmdlet Get-VM to view the LON-MOVE2 virtual machine Path and
SnapshotFileLocation.

7.

Use Hyper-V Manager to confirm that the LON-MOVE2 VHD and checkpoints are now stored on the
network share, and that they were moved while the virtual machine was running.

Live Migration of Non-Clustered Virtual Machines


With Windows Server 2008 R2, you can perform
live migration only when a virtual machine is
running on a failover cluster node and only if
its data is stored on the shared storage. You can
still perform live migration of clustered virtual
machines in Windows Server 2012, but a failover
cluster is no longer a requirement. You also
can use Windows Server 2012 to perform live
migration in two other ways without a failover
cluster:

MCT USE ONLY. STUDENT USE PROHIBITED

5-12 Virtual Machine Movement and Hyper-V Replica

When virtual machine storage is on an


SMB 3.0 share.

When virtual machine storage is local, and on a Hyper-V host. This is sometimes referred to as shared
nothing live migration.

Note: If you are managing a Hyper-V host remotely and you want to move a virtual
machine, you must first allow Kerberos protocol delegation for the computer account of the
Hyper-V host. You can review the detailed steps for configuring Kerberos delegation in the
hands-on lab at the end of this module.

When virtual hard disks of a virtual machine are stored on an SMB 3.0 share, only the virtual machine is
moved during live migration, and the virtual machine storage remains on the SMB 3.0 share. If virtual
hard disks are on local Hyper-V storage, then the virtual machine storage is copied to the destination
server over the network by using storage migration. After the source and destination storage are
synchronized, the virtual machine live migration starts. The steps are in the following order:
1.

The virtual machine configuration is copied to the destination Hyper-V host, which is a blank virtual
machine with the same configuration but without any data created. Memory is allocated to the
destination virtual machine.

2.

The virtual machine memory is copied over the network to the destination Hyper-V host. This
memory is called the working set of the migrating virtual machine, and consists of memory pages that
are each 4 kilobytes (KB) in size. The Hyper-V host monitors the memory, and as the source virtual
machine modifies the memory pages, it tracks and marks the pages as modified.

3.

After all the memory pages are copied, Hyper-V also copies the modified pages. Hyper-V iterates
the memory copy process several times, and each iteration requires copying a smaller number of
modified pages.

4.

After all of the modified memory pages are copied to the destination Hyper-V host, the working set
for the virtual machine is in the same exact state as on the source Hyper-V host.

5.

In the final stage of a live migration, a network package is sent to the network switch, which causes
it to obtain a new MAC addresses for the moved virtual machine. This enables network traffic for the
moved virtual machine to use the correct switch port. The final stage of the live migration completes
in less time than the Transmission Control Protocol (TCP) time-out interval.

Live migration speed is affected by the following variables:

The number of modified memory pages in the source virtual machine

The available network bandwidth between the source and destination Hyper-V hosts

The hardware configuration and utilization of the source and destination Hyper-V hosts

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-13

After the live migration completes and the virtual machine is running on the destination Hyper-V host,
virtual machine data is deleted on the source Hyper-V host, but virtual machine storage is not deleted
from the SMB 3.0 share.
Note: In Windows Server 2012 R2, you can configure use of compression or SMB
Multichannel and SMB Direct when performing live migration.
Virtual Machine Live Migration Overview
http://go.microsoft.com/fwlink/?LinkID=386705
Question: How does the virtual machine memory size affect live migration time?
Question: Does live migration use compression when migrating virtual machines?

Demonstration: Moving a Running Virtual Machine


In this demonstration, you will see how to move a running virtual machine.

Demonstration Steps
1.

On LON-HOST1, use Hyper-V Manager to confirm that LON-PROD1 is running, is configured with a
locally stored VHD, and that its checkpoints are stored locally.

2.

On LON-PROD1, use the Windows PowerShell ping command with the t parameter to send network
packets to IPv4 address 10.0.0.25. This will ping the LON-PROD2 computer, which is running on your
partners Hyper-V host.

3.

Use the Move Wizard to move the LON-PROD1 virtual machine to LON-HOST2, and to move all
data to the C:\Moved\LON-PROD1 folder on the target host.

4.

Use Hyper-V Manager to monitor the progress of live migration, and to verify that LON-PROD1 is
able to ping LON-PROD2 throughout the live migration.

5.

After live migration completes, confirm that LON-PROD1 is no longer running on LON-HOST1.

6.

In Hyper-V Manager, confirm that the LON-PROD1 VHD is now in the C:\Moved\LON-PRODx
\Virtual Hard Disks folder.

Lab A: Moving Virtual Machine and Configuring


Constrained Delegation
Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

5-14 Virtual Machine Movement and Hyper-V Replica

A. Datum Corporation has implemented the Hyper-V virtualization platform in one of their subsidiaries.
Some of the physical servers have been virtualized, and additional virtual machines have been created.
Several key servers have been virtualized, including servers that need to be available at all times.

IT management has approved the purchase of several additional Hyper-V hosts. You now need to balance
the number of virtual machines running on both the existing hosts and the new hosts. You need to ensure
that you can move virtual machines to the new hosts in such a way that the virtual machines are available
during the move operation.

Objectives
After completing this lab, you will be able to:

Move Hyper-V storage and virtual machines.

Lab Setup
Estimated Time: 45 minutes

Virtual machines: 20409B-LON-HOSTx, 20409B-LON-DC1, 20409B-LON-TESTx, and 20409B-LON-PRODx


User name: Adatum\Administrator
Password: Pa$$w0rd
Note: You will be working in pairs. Communicate clearly with your lab partner, and
cooperate fully with each other during this lab.

Exercise 1: Moving Hyper-V Storage and Virtual Machines


Scenario

To balance the number of virtual machines running on both the existing hosts and the new hosts, you
need to move a virtual machine between Hyper-V hosts as it is running, and without downtime. First, you
will configure a destination Hyper-V host to allow live migration. Next, you will move virtual machine
storage, its virtual hard disk, and its checkpoints, to the Hyper-V host of your partner, first by using the
Move Wizard, and then by using Windows PowerShell cmdlets. You will also move the running Windows
8.1 virtual machine LON-PRODx, and confirm that it has network connectivity the entire time during the
move operation. When you initiate the move operation remotely, you must allow the Hyper-V host to act
on your behalf on the destination Hyper-V host, so you will also configure constrained delegation. After
that, you will use the Move-VM cmdlet to move the virtual machine from the Hyper-V host that your
partner is using.
The main tasks for this exercise are as follows:
1.

Move virtual machine storage by using the Move Wizard.

2.

Move virtual machine storage by using Windows PowerShell.

3.

Configure Hyper-V host for live migration.

4.

Move a virtual machine by using Live Migration.

5.

Configure constrained delegation.

6.

Run live migration from Windows PowerShell.

Task 1: Move virtual machine storage by using the Move Wizard


Note: Before starting with this lab, run the C:\Labfiles\Mod05\Mod05setup.ps1 script to
prepare environment for the lab.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-15

1.

On LON-HOSTx, use Hyper-V Manager to confirm that LON-MOVE1 is running and configured with a
locally stored VHD.

2.

Use the Move Wizard to move the LON-MOVE1 virtual machine VHD to \\LON-HOSTy\VHDs
\LON-MOVE1.
Note: Because the VHD is dynamically expanding and is small, it moves quickly.

3.

Use Hyper-V Manager to confirm that the LON-MOVE1 virtual machine VHD is now stored on a
network share.
Note: The VHD was moved while the virtual machine is running.

4.

Confirm that the LON-MOVE1 checkpoints are stored locally, and that you cannot change the
location.

5.

Use the Move Wizard to move the LON-MOVE1 virtual machine checkpoints to \\LON-HOSTy
\VHDs\LON-MOVE1.

6.

Confirm that LON-MOVE1 checkpoints are now stored on the network share, and that they were
moved while the virtual machine was running.

Task 2: Move virtual machine storage by using Windows PowerShell


1.

On LON-HOSTx, use Hyper-V Manager to confirm that LON-MOVE2 is running and is configured
with a locally stored VHD, and that its checkpoints are stored locally.

2.

Use the Windows PowerShell cmdlet Move-VMStorage with the DestinationStoragePath


parameter to move LON-MOVE2 storage to the \\LON-HOSTy\VHDs\LON-MOVE2 folder.

3.

Use the Windows PowerShell cmdlet Get-VM to view the Path and SnapshotFileLocation of the
LON-MOVE2 virtual machine.

4.

Use Hyper-V Manager to confirm that the LON-MOVE2 VHD and checkpoints are stored on the
network share, and that they were moved while the virtual machine was running.

Task 3: Configure Hyper-V host for live migration


1.

Use the Move Wizard on LON-HOSTx to try to move the 20409B-LON-PRODx virtual machine to
LON-HOSTy.
Note: You will get an error, as the computer is not configured for live migration.

2.

Enable live migration on LON-HOSTx. Confirm that incoming live migration can Use any available
network for live migration, that Kerberos is used as Authentication Protocol, and that
Compression is used.

3.

In Hyper-V Manager, add a connection to LON-HOSTy.

Note: Live migration must be enabled on both LON-HOSTx machines before you can
continue with the lab. Make sure that your partner has finished this task before you continue.

Task 4: Move a virtual machine by using Live Migration

MCT USE ONLY. STUDENT USE PROHIBITED

5-16 Virtual Machine Movement and Hyper-V Replica

1.

On LON-HOSTx, use Hyper-V Manager to confirm that 20409B-LON-PRODx is running, is


configured with a locally stored VHD, and that its checkpoints are stored locally.

2.

On LON-PRODx, open Windows PowerShell, and use the ping command with the t parameter to
send network packets to the IPv4 address 10.0.0.y5. This will ping the LON-PRODy computer, which
is running on your partners Hyper-V host.

3.

Use the Move Wizard to move the 20409B-LON-PRODx virtual machine to LON-HOSTy, and move
all data to the C:\Moved\LON-PRODx folder on the target host.

4.

Monitor the progress of migration, and notice that LON-PRODx is able to ping LON-PRODy
throughout the live migration.

5.

After live migration completes, confirm that LON-PRODx is no longer running on LON-HOSTx.

6.

Use Hyper-V Manager to confirm that the 20409B-LON-PRODx VHD is in the C:\Moved\LONPRODx\Virtual Hard Disks folder, and that the checkpoint files location is C:\Moved\LON-PRODx.

7.

Use the Move Wizard again to move the LON-PRODx virtual machine back to LON-HOSTx, and to
move its data to the C:\Moved\LON-PRODx folder.

8.

Confirm that this time, a Move Wizard error dialog box opens, and reports that there was an error
during the move operation. The error occurs because you are managing a remote Hyper-V host,
which is not allowed to delegate your permissions.

Task 5: Configure constrained delegation


1.

On LON-HOSTx, use the Windows PowerShell cmdlet Install-WindowsFeature to install Active


Directory administrative tools on LON-HOSTx.

2.

Use Active Directory Users and Computers to configure delegation on the Delegation tab of the
LON-HOSTy computer object. Select to use Kerberos only, and add cifs and Microsoft Virtual
System Migration Services service types on LON-HOSTx.

3.

Close Active Directory Users and Computers.

4.

Use winrs command to remotely purge cached Kerberos tickets on LON-HOSTy by running
following command:
Winrs r:LON-HOSTy klist -lh 0 -li 0x3e7 purge

Task 6: Run live migration from Windows PowerShell


1.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-17

Use the Windows PowerShell cmdlet Move-VM to move the 20409B-LON-PRODx virtual machine
to LON-HOSTx by using following parameters:
o

Name: LON-PRODx

DestinationHost: LON-HOSTx

ComputerName: LON-HOSTy

DestinationStoragePath: C:\Moved\LON-PRODx

2.

View the Status column in Hyper-V Manager to monitor migration progress.

3.

After migration completes, confirm that 20409B-LON-PRODx is no longer running on LON-HOSTy.

4.

Use Hyper-V Manager to confirm that the LON-PRODx VHD is located in the C:\Moved\LONPRODx\ Virtual Hard Disks folder, and that checkpoints are located in the C:\Moved\LON-PRODx
folder.
Note: Leave the virtual machines running for the next lab.

Results: After completing this exercise, you should have moved Hyper-V storage and virtual machines.

Lesson 3

Implementing and Managing Hyper-V Replica

MCT USE ONLY. STUDENT USE PROHIBITED

5-18 Virtual Machine Movement and Hyper-V Replica

Hyper-V Replica is a disaster recovery feature that is built into Hyper-V. You can use it to replicate a
running virtual machine to a secondary location, and in Windows Server 2012 R2, you can extend the
replication to a third location. While the primary virtual machine is running, Hyper-V Replica is turned
off. Hyper-V Replica is updated regularly, and when needed, you can perform failover from primary
virtual machine to a replica virtual machine. You perform failovers manually, and they can be planned
or unplanned. Planned failovers are without data loss, whereas unplanned failovers can cause loss of last
changes, up to five minutes by default. In this lesson, you will learn how to implement and manage
Hyper-V Replica, and how to perform both a test failover and a planned failover.

Lesson Objectives
After completing this lesson, you will be able to:

Explain the prerequisites for Hyper-V Replica.

Describe Hyper-V Replica.

Explain the process of enabling a virtual machine for replication.

Enable virtual machine replication.

Explain the concept of Hyper-V Replication Health.

Describe test failover, planned failover, and failover.

Describe Hyper-V Replica synchronization.

Perform a planned Hyper-V failover.

Prerequisites for Hyper-V Replica


In situations where you have concerns about
virtual machine availability, you can implement
a Hyper-V failover cluster and make virtual
machines highly available. However, failover
clusters are often limited to a single location,
because multi-site clusters require specialized
hardware, and are expensive to implement. If a
natural disaster such as an earthquake or a flood
affects occurs, all server infrastructure at that
location may be lost.

Windows Server 2012 introduced Hyper-V Replica,


which you can use to implement an affordable
business continuity and disaster recovery solution for the virtual environment. Providing you have
network connectivity, you are not limited to a single site, and you can use Hyper-V Replica to replicate
virtual machines to a Hyper-V host in a secondary location across a wide area network (WAN) link. If you
have a single location, you can still use Hyper-V Replica to replicate virtual machines to your partner
company in another state or hosting provider. This is because Hyper-V hosts that participate in replication
do not have to be in the same Active Directory Domain Services (AD DS) forest, or have the same
configuration. In addition, you can encrypt network traffic between them.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-19

You also can use Hyper-V Replica to have two instances of a single virtual machine residing on different
Hyper-V hosts. One of the instances will be the primary, running virtual machine, and the other instance
will be a replica, offline copy. Hyper-V synchronizes these instances, and you can perform manual failover
at any time. If a failure occurs at a primary site, you can use Hyper-V Replica to execute a failover of the
virtual machines to replica servers at a secondary location, thereby minimizing downtime.
Before you implement Hyper-V Replica, ensure that the virtualization infrastructure meets the following
prerequisites:

Windows Server 2012 or a newer Windows Server version with the Hyper-V role installed at both
locations. Server hardware should have sufficient capacity to run all of the virtual machinesits local
virtual machines, as well as replicated virtual machines. Replicated virtual machines are in a turned-off
state, and they will be started only if you perform a failover.

Sufficient storage is available on both the primary and replica Hyper-V hosts. This is necessary to store
both local and replicated virtual machine data.

Network connectivity is available between the locations that are hosting the primary and replica
Hyper-V hosts. Connectivity can be through either a WAN or local area network (LAN) link.

Firewall rules to allow replication between the primary and replica sites are in place. When you install
the Hyper-V role, the Hyper-V Replica HTTP Listener (TCP-In) and Hyper-V Replica HTTPS Listener
(TCP-In) rules are added to the Windows Firewall. Before you can use Hyper-V Replica, you need to
enable one or both of these rules on the replica Hyper-V host.

If you want to use certificate-based authentication, ensure that an X.509v3 certificate from the trusted
certification authority (CA) exists to support mutual authentication at both Hyper-V hosts.

If you use Kerberos authentication, both Hyper-V hosts must be joined to the same AD DS forest.

Note: You can configure Hyper-V replica regardless of whether the Hyper-V host is a node
in the failover cluster.
Hyper-V Replica Overview
http://go.microsoft.com/fwlink/?LinkID=386707
Question: Can you use Hyper-V Replica to replicate only virtual machines that have
integration services installed?

Overview of Hyper-V Replica


Hyper-V Replica provides a virtual machine-level
replication, which efficiently and securely
replicates virtual machine data and changes over
a LAN or WAN link to a remote location, and does
not require any additional software or hardware.

Hyper-V Replica High-Level Architecture


When you configure a virtual machine for
replication, initial replication is performed, and
a copy of the virtual machine is created on the
recovery host. However, the replicated virtual
machine remains turned off until you initiate the

MCT USE ONLY. STUDENT USE PROHIBITED

5-20 Virtual Machine Movement and Hyper-V Replica

failover, while primary virtual machine is running. When you enable replication, changes in the primary
virtual machine are written in the log file, which is periodically replicated and applied to the replica.
Hyper-V Replica has several components:

Replication engine. This component manages the replication configuration details and initial
replication, replication of delta changes, and failover and test failover operations. It also tracks virtual
machine and storage mobility events, and takes appropriate actions when necessary. For example, the
replication engine pauses replication when you start moving a virtual machine, and then resumes
replication where it was paused, after the move operation is complete.

Change tracking module. This component tracks changes that occur to the virtual machine on the
source Hyper-V host. The change tracking module tracks the Write operations to the virtual hard
disks, regardless of where the virtual hard disks are storedlocally, on the SAN, on SMB 3.0 share,
or on a CSV.

Network module. This component provides a secure and efficient way to transfer virtual machine data
between Hyper-V hosts in the primary site and replica site. It minimizes the traffic by compressing
data by default. The network module can also encrypt data when https and certification-based
authentication are used.

Hyper-V Replica Broker. This component is used only when a Hyper-V failover cluster is the source
or destination for Hyper-V Replica traffic. This role enables you to use Hyper-V Replica with highly
available virtual machines, which can move between cluster nodes. The Hyper-V Replica Broker role
queries the cluster database, and then redirects all requests to the cluster node where the virtual
machine is currently running.

Management tools. These tools enable you to configure and manage Hyper-V Replica. Aside from
Hyper-V Manager and Windows PowerShell, you can also use Failover Cluster Manager, which you
should use for all virtual machine management and Hyper-V Replica configurations when the source
or replica Hyper-V hosts are part of a Hyper-V failover cluster.
Understand and Troubleshoot Hyper-V Replica in Windows Server "8" Beta
http://go.microsoft.com/fwlink/p/?LinkId=237258

Security Considerations

You can establish Hyper-V Replica with a Hyper-V host regardless of its location and domain membership,
as long as you have network connectivity with it. There is no requirement for Hyper-V hosts to be part of
the same AD DS domain. You can also implement Hyper-V Replica when Hyper-V hosts are members of
untrusted domains or workgroups, because you can configure certificate-based authentication. Hyper-V
Replica implements security at the following different levels:

On each server, Hyper-V creates a local security group called Hyper-V Administrators. Members of
this group, in addition to local administrators, can configure and manage Hyper-V Replica.

You can configure a replica server to allow replication from any authenticated server, or to limit
replication to specific servers. In that case, you need to specify a fully qualified domain name (FQDN)
for the primary server (for example hv1.contoso.com), or use a wildcard with a domain suffix, for
example *.contoso.com. Use of IP addresses is not allowed. If the replica server is in a failover cluster,
replication is allowed at the cluster level.
When you are limiting replication to specific servers, you also need to specify a trust group, which
is used to identify the servers within which a virtual machine can move. For example, if you provide
disaster recovery service to partner companies, the trust group prevents one company from gaining
access to another company's replica machines.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-21

Replica Hyper-V host can authenticate primary Hyper-V host by using Kerberos authentication and
certificates. Kerberos authentication requires both Hyper-V hosts to be in the same AD DS forest,
whereas you can use certificate authentication in any environment. Kerberos authentication is used
with http traffic and is not encrypted, whereas certificate-based authentication is used with https
traffic and is encrypted.

You can establish Hyper-V Replica only if network connectivity exists between the Hyper-V hosts.
You should configure Windows Firewall to allow either HTTP or HTTPS Hyper-V Replica traffic.
Question: You want to replicate your virtual machines to a hosting provider. How must the
replica Hyper-V host that is running at the hosting provider be configured so that it can
authenticate your primary Hyper-V host?
Question: How can you limit primary Hyper-V hosts to be able to access only virtual
machines that originate from the same company?

Enabling a Virtual Machine for Replication


After you configure a Hyper-V replica server to
allow incoming replication, you then need to
enable replication on the virtual machines on
the primary Hyper-V host. You must configure
replication for each virtual machine individually,
either by using the Enable Replication Wizard
in Hyper-V Manager, or by using the Windows
PowerShell cmdlet Enable-VMReplication. When
you use the Enable Replication Wizard, you can
configure the following replication settings:

Replica Server. Specify the computer name or


the FQDN of the replica server (an IP address
is not allowed). If the Hyper-V host that you specify is not yet configured to allow replication traffic,
you can configure it here. If the replica server is a node in a failover cluster, you should enter the
name or FQDN of the connection point for the Hyper-V Replica Broker.

Connection Parameters. If the replica server is accessible, the Enable Replication Wizard populates
the authentication type and replication port fields automatically with the appropriate values. If the
replica server is inaccessible, you can configure these fields manually. However, you should be aware
that you will not be able to enable replication if you cannot establish a connection to the replica
server. On the Connection Parameters page, you can also configure Hyper-V to compress the
replication data before transmitting it over the network.

Replication virtual hard disks. By default, all virtual hard disks are replicated. If some of the virtual
hard disks are not required at the replica Hyper-V host, you can exclude them from replication. An
example would be a virtual hard disk that is dedicated for storing page files. You should not exclude
virtual hard disks that include operating systems or applications, because this can result in that
particular virtual machine being unusable at the replica server.

Replication Frequency. Prior to Windows Server 2012 R2, replication frequency was always five
minutes, and was not configurable. In Windows Server 2012 R2, you can set replication frequency to
30 seconds, 5 minutes, or 15 minutes, based on the network link to the replica server and acceptable
state delay between primary and replica virtual machines.

Additional recovery points. You can configure the number and types of recovery points to be sent to
the replica server. By default, the option to Maintain only latest point for recovery is selected, which

MCT USE ONLY. STUDENT USE PROHIBITED

5-22 Virtual Machine Movement and Hyper-V Replica

means that only the parent virtual hard disk is replicated and all the changes are merged into that
virtual hard disk. However, you can select to create additional hourly recovery points, and then set
the number of additional recovery points (up to 24). You can also configure the Volume Shadow
Copy Service (VSS) snapshot frequency, which is used to save application-consistent replicas for the
virtual machine, and not just the changes in the primary virtual machine.

Initial replication method and schedule. The default selection is to send an initial copy immediately
over the network. Because virtual machines can have large virtual disks, initial replication can take a
long time and can cause a large amount of network traffic. If you do not want immediate replication,
you can schedule it to start at a specific time. If you want an initial replication but want to avoid
network traffic, you can select to send the initial copy to external media, or to use an existing virtual
machine on the replica server. You would use the last option if you already restored a copy of the
virtual machine at the replica server, and you want to use it as the initial copy.

After the replication relationship is established, the Status column in Hyper-V Manager shows replication
progress as a percentage of the total replication for the configured virtual machine. Virtual machine
replica is in the turned off state, and you cannot start it until the failover is performed.

When replication is enabled, virtual machine network adapters get additional settings that were previously
unavailable. These new settings pages are Failover TCP/IP and Test Failover. Failover TCP/IP is available
only for network adapters, and not for legacy network adapters. The settings on this page are useful when
a virtual machine has a static IP address assigned, and the replica site is using different IP settings than
the primary site. You can configure TCP/IP settings that a network adapter will use after the failover is
performed. If static IP addresses are used, you should configure failover TCP/IP on the primary and replica
virtual machines. Virtual machines must also have integration services installed to be able to apply failover
TCP/IP settings.
Virtual machines for which you enable replication have an additional management setting called
Replication. You use this setting to review and modify replication parameters.
Note: In Windows Server 2012 R2, you can extend Hyper-V Replica from the replica virtual
machine to a third Hyper-V host (the Extended Replica Server). This enables you to use Hyper-V
Replica to create two virtual machine replicas.
Question: Are failover TCP/IP settings useful if a virtual machine is using Dynamic Host
Configuration Protocol (DHCP) for obtaining an IP address?

Demonstration: Enabling Virtual Machine Replication


In this demonstration, you will see how to enable a virtual machine for replication.

Demonstration Steps
1.

Use Hyper-V Manager to confirm that in the 20409B-LON-TEST1 virtual machine settings, under
Network Adapter, two nodes display: Hardware Acceleration, and Advanced Features.

2.

Confirm that there are six settings in the Management section for the 20409B-LON-TEST1 virtual
machine, and that Replication is not one of them.

3.

Use Hyper-V Manager to enable replication for the 20409B-LON-TEST1 virtual machine, and provide
the following settings:
o

Replica Server: LON-HOST2

Connection Parameters: Kerberos authentication (HTTP)

Replication VHDs: LON-TEST1

Replication Frequency: 30 seconds

Initial Replication Method: Immediately send initial copy over the network

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-23

4.

Use Hyper-V Manager to confirm that 20409B-LON-TEST1 is one of the virtual machines on
LON-HOST2, and that it is in the Off state.

5.

View Replication Health for 20409B-LON-TEST1. As initial replication is probably not yet completed,
Replication Health should be in the Warning state.

6.

Use Hyper-V Manager to confirm that there are two new nodes under Network Adapter for the
20409B-LON-TEST1 virtual machine, which were not present before: Failover TCP/IP, and Test
Failover.

7.

Confirm that there are seven settings in the Management section for 20409B-LON-TEST1, including
Replication, which was not present before.

8.

Use the Windows PowerShell cmdlets Get-VMReplication and Measure-VMReplication to review


replication settings and status for 20409B-LON-TEST1.

9.

In Hyper-V Manager, view Replication Health for 20409B-LON-TEST1. If initial replication has
finished, Replication Health will be Normal.

Hyper-V Replication Health


When you enable replication for a virtual machine,
changes in the primary virtual machine are written
to a log file, which is periodically transferred to
the replica Hyper-V host and then applied to a
virtual hard disk of a replica virtual machine.
Replication Health monitors the replication
process and shows important events, as well as
the replication and synchronization state of the
Hyper-V host. Replication Health includes the
following data:

Replication State. Indicates whether


replication is enabled for the virtual machine.

Replication Type. Indicates whether you are monitoring Replication Health on the primary virtual
machine or on the replica virtual machine.

Primary and Replica server names. Indicates on which Hyper-V host the primary virtual machine is
running, and which Hyper-V host is the replica.

Replication Health. Indicates replication status. Replication Health can have one of three possible
values: Normal, Warning, or Critical.

Replication statistics. Displays replication statistics since virtual machine replication started, or since
you reset the statistics. Statistics include data such as maximum and average size of the replication,
average replication latency, number of errors encountered, and number of successful replication
cycles.

Pending replication. Displays information about the size of data that still needs to be replicated, and
when the replica was last synchronized with the primary virtual machine.

MCT USE ONLY. STUDENT USE PROHIBITED

5-24 Virtual Machine Movement and Hyper-V Replica

Replication Health can have one of three possible values, based on how well the replication is performing:

Normal
o

Less than 20 percent replication cycles are missed.

Last synchronization point was less than an hour ago.

Average replication latency is less than the configured limit.

Warning
o

More than 20 percent of replication cycles have been missed.

Last replication data was sent more than an hour ago.

Initial Replication has not been completed.

Failover was initiated, but reverse replication has not been configured.

Replication is paused in the primary virtual machine.

Critical
o

Replication is paused on the replica virtual machine.

Primary server is unable to send the replica data.

You can monitor Replication Health in Hyper-V Manager, where you can add a Replication Health column
to the virtual machines pane. You can also right-click the virtual machine that has replication enabled, and
then click View Replication Health. From Windows PowerShell, you can also view Replication Health by
using the cmdlets Get-VMReplication and Measure-VMReplication. You can also monitor Replication
Health by using Performance Monitor and Event Viewer.
For Replication Health to be in Normal state, the Hyper-V Replica replication engine must regularly
replicate changes in the primary virtual machine, and then apply those changes to the virtual hard disk of
the replica based on the replication frequency. If more than 20 percent of the replication cycles have not
been applied, Replication Health automatically changes to the Warning state. The following tables show
the number of replications based on replication frequency, and the number of successful replications
required for Normal Replication Health.
Replication frequency

1 hour

12 hours

24 hours

1 week

30 seconds

120

1,440

2,880

20,160

5 minutes

12

144

288

2,016

15 minutes

48

96

672

Replication cycles

Successful

Failed

% Success

Health state

12

10

80%

Normal

144

116

28

80%

Normal

288

231

57

80%

Normal

2,016

1613

403

80%

Normal

You can save a Replication Health report as a .csv file.

Interpreting Replication Health Part 1


http://go.microsoft.com/fwlink/?LinkID=386702
Question: How can you monitor virtual machine replication health from Windows
PowerShell?

Test Failover, Planned Failover, and Failover


You can perform three types of failover actions:
test failover, planned failover, and failover. These
three options offer different benefits, and are
useful in different scenarios.

Test Failover

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-25

After you configure Hyper-V Replica and after the


virtual machines start replicating, you can perform
a test failover. A test failover is a nondisruptive
task that enables you to test a virtual machine
on the replica server while the primary virtual
machine is running, and without interrupting the
replication. You can initiate a test failover on the
replica virtual machine, which will create a new checkpoint and allow you to select a recovery point from
which the new test virtual machine is created. The test virtual machine has the same name as the replica,
but with - Test appended to the end. The test virtual machine is not started, and is disconnected by
default to avoid potential conflicts with the running primary virtual machine.

When you finish testing, you can stop test failover. This option is available only if test failover is running.
When you stop test failover, it stops the test virtual machine and deletes it from the replica Hyper-V host.
If you run a test failover on a failover cluster, you will have to remove the Test-Failover role from the
failover cluster manually.

Planned Failover

You can initiate a planned failover to move the primary virtual machine to a replica site, for example,
before site maintenance or before a disaster. Because this is a planned event, there is no data loss, but the
virtual machine will be unavailable for some time during its startup. A planned failover confirms that the
primary virtual machine is turned off prior to executing the failover. During the failover, it sends all the
data that has not yet been replicated, to the replica server. It then fails over the virtual machine to the
replica server, and starts it there. After the planned failover, the virtual machine is running on the replica
server, and its changes are not replicated. If you want to establish replication again, you should reverse
the replication. You will have to configure similar settings to when you enabled replication, and the
existing virtual machine will be used as an initial copy.

Failover

A failover is an unplanned event that can result in data loss, because changes at the primary virtual
machine might not have replicated before the disaster happened. (Replication frequency setting controls
how often changes are replicated). In the event that an occurrence disrupts the primary site, you can
perform a failover. You initiate a failover at the replica virtual machine only if primary virtual machine
is either unavailable or turned off. Similar to planned failover, during a failover the virtual machine is
running on a replica server. If you need to start failover from a different recovery point and discard all
changes, you can cancel the failover. After you recover the primary site, you can use reverse replication
to reestablish replication. This will also remove the option to cancel failover.

Other Hyper-V replication-related actions include the following:

MCT USE ONLY. STUDENT USE PROHIBITED

5-26 Virtual Machine Movement and Hyper-V Replica

Pause Replication. This action pauses replication for the selected virtual machine.

Resume Replication. This action resumes replication for the selected virtual machine. It is available
only if replication for the virtual machine is paused.

View Replication Health. This action provides data about the replication events for a virtual machine.

Extend Replication. This action is available on replica virtual machines. It is available only on Windows
Server 2012 R2, and it extends virtual machine replication from the replica server to a third server (the
Extended Replica Server).

Remove Recovery Points. This action is available only during a failover. If you select it, all recovery
points (checkpoints) for a replica virtual machine are deleted, and their differencing virtual hard disks
are merged.

Remove Replication. This action stops replication for the virtual machine.

Note: If you have implemented Microsoft System Center 2012 R2 and you are interested in
using Hyper-V Replica for disaster recovery, you should consider using the Windows Azure
Hyper-V Recovery Manager. The Hyper-V Recovery Manager helps to orchestrate the recovery of
private cloud services across multiple locations in the event of an outage at the primary site.
Question: Which of the three failover actions can you perform while the primary virtual
machine is running: test failover, planned failover, or failover?

Hyper-V Replica Resynchronization


After you configure virtual machine replication
and perform the initial replication, the replica
is regularly updated with the changes from the
primary virtual machine. One of the configuration
steps is configuring the replication frequency
setting. This setting controls the longest time
interval until changes from the primary virtual
machine are applied to the replica.

In a real-world environment, there can be


many reasons why changes from the primary
virtual machine are not applied to the replica
for extended periods of time. This may be, for
example, because network connectivity is lost, or because you paused the replication. This will be reflected
on the Replication Health, but when replication is established again, all changes will be applied to the
replica.
There are also more serious reasons that can affect synchronization, such as:

Issues on the primary server with change tracking. The replication engine tracks changes in the virtual
machine only while the virtual machine is running. If you turn off the virtual machine and then modify
the virtual hard disk, (for example, to perform offline patching), these modifications will not be
replicated to the replica when you start the primary virtual machine.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-27

Replication issues with tracking logs. Changes in a virtual machine are first written into a tracking log,
and are then transferred to the replica. If network connectivity with the replica is lost, the tracking log
can increase in size and can be larger than 50 percent of the virtual hard disk size.

Problems linking the virtual hard disk with the parent. This problem can occur if a virtual machine is
using a differencing virtual hard disk, and a replica Hyper-V host is not able to link the replicated
differencing virtual hard disk with its parent.

Virtual machine is restored from the backup. If you restore the primary or replica virtual machines
from a backup, their state changes and is no longer synchronized.

Reverse replication after failover. If you perform a planned failover and you reverse replication, the
virtual machine will already exist on the target Hyper-V host, but it will not be up-to-date.

In all the above cases, the primary and replica virtual machine are not synchronized, and there is
no tracking log that could simply be applied to synchronize them. However, in all cases, virtual
machines already exist on both sides, and it would be inefficient to perform full initial replication. The
resynchronization process is optimized for virtual hard disks with size up to 500 GB. It tries to find and
replicate only the differences between virtual machines, not the entire virtual hard disk. The virtual hard
disk of the primary virtual machine and the replica are split into chunks of 2 megabytes (MB). The, CRC64
checksum of each chunk is generated, and then compared to determine which chunks from the primary
virtual machine need to be applied to the replica. The resync process also has logic built into it, which
decides if the process would take longer than six hours. If so, you should perform a full initial replication.

The resynchronization process is processor-intensive, storage-intensive, and network-intensive. You can


trigger the resynchronization process manually, but you also can schedule it to perform resynchronization
automatically when needed. You configure these settings on the Replication settings of the primary virtual
machine.
Resynchronization of virtual machines in Hyper-V Replica
http://go.microsoft.com/fwlink/?LinkID=386703
Question: Is resynchronization between primary and replica virtual machines always
required?

Demonstration: Performing a Planned Hyper-V Failover


In this demonstration, you will see how to perform a planned Hyper-V failover.

Demonstration Steps
1.

Connect to the LON-TEST1 computer that is running on the LON-HOST1 Hyper-V host. On the
desktop, create a folder named Current State.

2.

Use Hyper-V Manager to start a planned failover for 20409B-LON-TEST1.

3.

Confirm that the Planned Failover error displays, as the virtual machine is not prepared for a planned
failover.

4.

Shut down LON-TEST1.

5.

Use Hyper-V Manager to perform a planned failover for 20409B-LON-TEST1.

6.

Confirm that 20409B-LON-TEST1 is in a Running state on the LON-HOST2 Hyper-V host.

MCT USE ONLY. STUDENT USE PROHIBITED

5-28 Virtual Machine Movement and Hyper-V Replica

7.

On LON-TEST1, confirm that a folder named Current State is on the desktop. With planned failover,
all changes from the primary virtual machine are replicated.

8.

Create a folder named Planned Failover on the LON-TEST1 desktop.

9.

Use Hyper-V Manager to start reverse replication for 20409B-LON-TEST1, and accept all default
values.

10. Shut down LON-TEST1 and perform its Planned Failover.


11. Start and connect to LON-TEST1 on LON-HOST2.
12. Confirm that on the LON-TEST1 desktop, the two folders named Current State, and Planned
Failover display.

Lab B: Configuring and Using Hyper-V Replica


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-29

You have successfully moved the Hyper-V storage and virtual machines. Because many of the virtualized
servers host business-critical applications or data, A. Datum is also planning to provide a disaster recovery
solution for the virtual machines. Virtualization hosts currently are backed up daily, but a much faster
recovery solution is required for some of the virtual machines. To provide this solution, you need to
configure and test the Hyper-V Replica feature.

Objectives
After completing this lab, you will be able to:

Configure and manage Hyper-V Replica.

Lab Setup
Estimated Time: 45 minutes

Virtual machines: 20409B-LON-HOSTx, 20409B-LON-DC1, 20409B-LON-TESTx, and 20409B-LON-PRODx


User name: Adatum\Administrator
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment.
Note: Because you will be using the same virtual machines in the next lab, do not revert
the virtual machines. However, you can shut down all virtual machines after finishing this lab.
You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with
each other during this lab.

Exercise 1: Configuring and Managing Hyper-V Replica


Scenario

Your company has set up a disaster recovery location, and you need to configure virtualization
infrastructure to replicate virtual machines to that location. To perform this task, you will use Hyper-V
Replica in this exercise. You will first configure a remote Hyper-V host to allow incoming replication.
Then you will configure replication of the LON-TESTx virtual machine, explore new settings that you can
configure, and test the effect of those settings. You will also perform test failover and planned failover, to
ensure that test failover does not interrupt the replication process, and that during planned failover no
modifications in virtual machine are lost. As one of the steps, you will also monitor Replication Health.
The main tasks for this exercise are as follows:
1.

Configure Hyper-V host for incoming replication.

2.

Enable virtual machine replication.

3.

Test Hyper-V Replica failover.

4.

Perform a planned failover.

Task 1: Configure Hyper-V host for incoming replication


1.

2.

MCT USE ONLY. STUDENT USE PROHIBITED

5-30 Virtual Machine Movement and Hyper-V Replica

Use Hyper-V Manager on LON-HOSTx to enable LON-HOSTy as a replica server with the following
configuration:
o

Authentication: Kerberos (HTTP)

Default location to store Replica files: C:\shares\replicated

Add the Windows Firewall with Advanced Security snap-in to MMC, connect to the LON-HOSTy
computer, and enable the Hyper-V Replica HTTP Listener (TCP In) rule.

Task 2: Enable virtual machine replication


1.

Use Hyper-V Manager to confirm that in the 20409B-LON-TESTx virtual machine settings, under
Network Adapter, two nodes display: Hardware Acceleration, and Advanced Features.

2.

Confirm that for the 20409B-LON-TESTx virtual machine, in the Management section, six settings
display, and Replication is not one of them.

3.

Confirm that the LON-TESTx computer has an IPv4 address of 10.0.0.x6.

4.

Use Hyper-V Manager to enable replication for the 20409B-LON-TESTx virtual machine using the
following settings:
o

Replica Server: LON-HOSTy

Connection Parameters: Kerberos authentication (HTTP)

Replication VHDs: LON-TESTx VHD

Replication Frequency: 30 seconds

Additional Recovery Points: Create 10 additional hourly recovery points

Initial Replication Method: Immediately send initial copy over the network

5.

Use Hyper-V Manager to confirm that 20409B-LON-TESTx is one of the virtual machines on
LON-HOSTy, and that it is in the Off state.

6.

View Replication Health for 20409B-LON-TESTx.

Note: Because initial replication is most likely not yet completed, Replication Health is in a
Warning state.
7.

Use Hyper-V Manager to confirm that two new nodes display under Network Adapter for
20409B-LON-TESTx: Failover TCP/IP, and Test Failover.

8.

Confirm that there are now seven settings in the Management section for 20409B-LON-TESTx,
including Replication, which was not present before.

9.

Use the Windows PowerShell Get-VMReplication and Measure-VMReplication cmdlets to review


replication settings and status for 20409B-LON-TESTx.

10. In Hyper-V Manager, view Replication Health for 20409B-LON-TESTx. If initial replication has finished,
Replication Health will be Normal.

Task 3: Test Hyper-V Replica failover


1.

2.

Use Hyper-V Manager to configure Failover TCP/IP for 20409B-LON-TESTx with the following
settings:
o

IPv4 Address: 192.168.10.15

Subnet Mask: 255.255.255.0

Default gateway: 192.168.10.1

Preferred DNS server: 192.168.10.100

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-31

Use Hyper-V Manager to configure Test Failover for 20409B-LON-TESTx to connect to the Private
Switch.
Note: If initial replication of 20409B-LON-TESTx has not yet finished, wait until it finishes.

3.

Use Hyper-V Manager to start Test Failover for 20409B-LON-TESTx. Confirm that the checkpoint for
20409B-LON-TESTx is created, and a new virtual machine named 20409B-LON-TESTx Test is
created.

4.

Confirm that the 20409B-LON-TESTx Test virtual machine is connected to Private Switch.

5.

Start the 20409B-LON-TESTx virtual machine, and sign in as Administrator with the password
Pa$$w0rd.

6.

Confirm that it has the same IP configuration as you configured in Failover TCP/IP for
20409B-LON-TESTx.

7.

Stop the test failover for 20409B-LON-TESTx. Confirm that the 20409B-LON-TESTx Test virtual
machine has been deleted, in addition to the 20409B-LON-TESTx virtual machine checkpoint.

Task 4: Perform a planned failover


1.

Connect to the 20409B-LON-TESTx computer running on the LON-HOSTx Hyper-V host, and on the
desktop create a folder named Current State.

2.

Use Hyper-V Manager to start Planned Failover for 20409B-LON-TESTx.

3.

Confirm that a Planned Failover error displays.


Note: This is because the virtual machine is not prepared for planned failover.

4.

Shut down LON-TESTx.

5.

Use Hyper-V Manager to perform a Planned Failover for the 20409B-LON-TESTx virtual machine.

6.

Confirm that 20409B-LON-TESTx is in the Running state on the LON-HOSTy Hyper-V host.

7.

On LON-TESTx, confirm that a folder named Current State displays on the desktop.
Note: With planned failover, all changes from the primary virtual machine are replicated.

8.

Create a folder named Planned Failover on the LON-TESTx desktop.

9.

Use Hyper-V Manager to start Reverse Replication for 20409B-LON-TESTx, and accept all default
values.

10. Shut down LON-TESTx, and then perform its Planned Failover.
11. Start and connect to 20409B-LON-TESTx on LON-HOSTx.

MCT USE ONLY. STUDENT USE PROHIBITED

5-32 Virtual Machine Movement and Hyper-V Replica

12. Confirm that two folders display on the LON-TESTx desktop: Current State, and Planned Failover.
13. On LON-HOSTx, remove replication for 20409B-LON-TESTx.
14. On LON-HOSTy, delete 20409B-LON-TESTx.

Results: After completing this exercise, you should have configured and managed Hyper-V Replica.

Module Review and Takeaways


Review Questions
Question: What would be the most probable reason that Replication Health is not in the Normal
state after you enable replication for a virtual machine?
Question: Can you use self-signed certificates for authentication with Hyper-V Replica?
Question: Can you perform live migration of a virtual machine from a Windows Server 2012
Hyper-V host to a Windows Server 2012 R2 Hyper-V host?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

5-33

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


6-1

Module 6
Implementing Failover Clustering with Hyper-V
Contents:
Module Overview

6-1

Lesson 1: Overview of Failover Clustering

6-2

Lesson 2: Configuring and Using Shared Storage

6-12

Lesson 3: Implementing and Managing Failover Clustering with Hyper-V

6-22

Lab: Implementing Failover Clustering with Hyper-V

6-31

Module Review and Takeaways

6-38

Module Overview

Failover clustering is a Windows Server 2012 feature that provides high availability. Hyper-V in Windows
Server 2012 uses failover clustering to provide highly available virtual machines. It is crucial for critical
virtual machines to be highly available, which means that if the node on which a virtual machine is
running fails, then the failover cluster will start the virtual machine automatically on a different node.

The first lesson in this module provides a general overview of failover clustering. You will learn about the
components of failover clusters, how failover clusters provide high availability, and why shared storage is
important. You will also learn about the different quorum modes, and understand how you can provide
encryption for Cluster Shared Volumes (CSVs).
The second lesson in this module details shared storage. You will see how you can use Server Message
Block (SMB) 3.0 file shares for Hyper-V. You will also learn how to configure Internet small computer
system interface (iSCSI) shared storage by using an iSCSI target server, which is part of Windows Server
2012. If you are considering failover clustering in virtual machines, you will learn more about Windows
Server 2012 R2, in which you can use virtual hard disk sharing to present shared storage to virtual
machines.

The third lesson explains how you can implement failover clustering. You will also learn about the settings
that you can configure for highly available virtual machines, and how you can configure monitoring for
services that run inside a virtual machine.
Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2
Virtual Machine Manager are referred to as VMM.

Objectives
After completing this module, you will be able to:

Describe failover clustering.

Configure and use shared storage.

Implement and manage failover clustering with Hyper-V.

Lesson 1

Overview of Failover Clustering

MCT USE ONLY. STUDENT USE PROHIBITED

6-2 Implementing Failover Clustering with Hyper-V

Hyper-V uses failover clustering to provide highly available virtual machines. Before you can create highly
available virtual machines, you need to understand the basics of failover clustering. In this lesson, you will
learn about failover clustering components, the importance of shared storage, and how you can provide
network redundancy. By default, failover clustering uses CSVs as the default storage type. This lesson
explains the requirements for CSVs, and their advantages over logical unit numbers (LUNs). You will
also learn about quorums, the different quorum modes that failover clustering supports, and what the
differences are between the quorum modes. Because some highly available data can be sensitive, you will
also learn about how you can use BitLocker Drive Encryption to encrypt CSVs.

Lesson Objectives
After completing this lesson, you will be able to:

Describe a failover cluster.

Describe failover and failback.

Describe the different networks that failover clusters use.

Explain the importance of failover cluster storage.

Describe CSVs.

Describe quorum and different quorum models.

Describe encrypted cluster volumes.

What Is a Failover Cluster?


A failover cluster is a pair or group of Windows
servers that work together to make applications
and services highly available. The servers in a
failover cluster are called nodes. If a node in a
cluster fails or becomes unavailable, another node
in the same failover cluster starts providing the
services that the failed node was offering. This
process is called failover and it results in minimal
(or in certain cases, no) service disruptions for
clients that are accessing the service. Failover
clusters also provide CSV functionality, which
provides a common namespace that you can use
to access shared storage from all nodes.
Failover clustering has several components, including the following:

Nodes. Nodes are Windows Server computers that are members of a failover cluster. These computers
have the failover clustering feature installed, and they run highly available services, applications, and
other resources that are associated with a cluster. A failover cluster in Windows Server 2012 R2 can
have up to 64 nodes, which can run up to 8,000 virtual machines. A single node can run up to 1,024
virtual machines.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-3

Networks. Networks enable communication between nodes that are still available and responsive, and
also between nodes and client computers. Because clusters use external storage such as iSCSI or Fibre
Channel Storage Area Network (SAN), nodes also use networks for accessing the shared storage.

Clustered role. A clustered role is a highly available role or service that is running on the cluster node
and to which clients connect. If such a service becomes unavailable on one node, the failover cluster
fails it over automatically to another node and redirects client requests for the service to the new
node.

Resources. Resources are physical or logical elements such as a shared folder, disk, or IP address,
which the failover cluster manages. Resources may provide service to clients or may be integral parts
of highly available applications. Resources are the most basic and smallest configurable units. A
resource can run only on a single node at any given time.

Cluster Storage. Each node has local storage (where the Windows operating system is installed), in
addition to server roles and highly available applications. Cluster storage is a shared storage, where
application configuration and data is stored. When a node fails, other nodes can access data on the
cluster storage, and can start applications from that point. For example, the highly available virtual
machine stores configuration data and virtual hard disks of the highly available virtual machine are
stored on the cluster storage.

Clients. These are computers that access highly available services and applications that are running in
the failover cluster. There should be multiple network paths between clients and the cluster. Clients
should also try to reconnect to the service automatically if a cluster node fails.

In a failover cluster, each node in the cluster:

Has full connectivity and communication with other failover cluster nodes.

Is aware of configuration changes to the failover cluster, such as when an additional node joins or
leaves the cluster. Each node is also aware of other node failures, and has the ability to run services
that the failed node hosted. You can configure which services to run on which nodes.

Connects to a network through which client computers can access the node.

Connects to other nodes, and regularly checks their availability and responsiveness.

Connects to shared storage, where configuration and data of highly available applications is stored.

Has awareness of the services and applications that are running locally, and resources that are
running on other failover cluster nodes.
Failover Clustering Overview
http://go.microsoft.com/fwlink/?LinkID=386723
Question: Will clients still be able to connect to a cluster role if the failover cluster has only
two nodes and the internode network fails?

What Are Failover and Failback?

MCT USE ONLY. STUDENT USE PROHIBITED

6-4 Implementing Failover Clustering with Hyper-V

Failover is a process in which a highly available


role, together with all its resources (such as IP
address and disk) moves between nodes in a
failover cluster. Failover can happen automatically.
For example, the node on which the highly
available virtual machine was running might fail,
or one of the resources that the highly available
application depends upon may become
unavailable. Other possible reasons are that a
monitored service in a highly available virtual
machine may stop, or the network adapter may
lose network connectivity. Failover can also be
manual. For example, administrators can start a maintenance procedure, during which they move highly
available virtual machines to a different node before updating and restarting the current node.
When failover is initiated, the following steps occur:
1.

The cluster service takes all of the resources of the highly available role offline in an order that is
determined by the instances dependency hierarchy. First, the cluster service takes the clustered role
offline, and then it takes offline the resources on which it the cluster role depends. For example, if a
role depends on a disk resource, the cluster service takes the role offline first, which allows the role to
write uncommitted changes to the disk, before taking the disk offline.

2.

When all resources are offline, the cluster service attempts to move the role to the node that is next
on the list of preferred owners for that role. If the preferred owner is not available, then the cluster
service contacts the next server on the list.

3.

If the cluster service moves the role successfully to a different node, it attempts to bring all role
resources back online. This time, it takes the resources online in reverse order, from the bottom of the
dependency hierarchy. Failover is complete when all of the resources are online on the new node.

In most cases, failover results in some downtime and data loss. If a node on which a highly available role is
running fails, everything that was not saved on the shared storage (such as in-memory state of the open
client connections), are lost. Failover restarts the role based on the configuration and state of the shared
storage. Clients experience this as if you turn off and then turn on a single server on which the role runs.
For some highly available roles such as scale-out file server, failover is transparent and without downtime.
The cluster service can fail back a highly available role that was originally running on the failed node, after
you repair or recover the failed node and it is available once again. When the cluster service fails back the
highly available role, it uses the same steps that it performed during failover. The cluster service takes all
the resources offline, moves the role, and then brings all the resources back online. You can configure in
the properties of the highly available role how many times the cluster service will attempt to fail over and
then fail back the role. You can also configure the list of preferred owners for the role.
Question: Does failback always follow failover when the failed node is back online?

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

Failover Cluster Networks

6-5

Networks and network adapters are important


parts of each failover cluster implementation.
You cannot configure a failover cluster without
configuring the networks that the cluster will use.
Because you are using a failover cluster to provide
high availability, you should always have multiple
network paths. We recommend that each node
have multiple fast network adapters, so that you
can avoid single network adapter failure and
provide higher throughput. You can add adapters
to the team and create multiple virtual network
adapters for different purposes, such as
management, internode communication, and live migration. You can also use Quality of Service (QoS) to
limit the bandwidth made available to the network adapter.
You can classify networks in failover clustering based on their use. You can configure the following three
settings:

Do not allow cluster network communication on this network. The nodes in the failover cluster cannot
use this network for internode communication or for communication with the clients. You would
typically use such a network for accessing shared storage, for example iSCSI SAN.

Allow cluster network communication on this network. The nodes in the failover cluster can use this
network for intranetwork communication. For example, nodes can use this network for updating the
cluster database, monitoring the health of other nodes, or for live migration data.

Allow clients to connect through this network. Clients can access the failover cluster nodes over this
network, for example, to access a highly available database. (The term client refers not only to client
computers accessing clustered applications, but also to remote computers that you use to administer
the cluster.) You can allow clients to connect through this network only if it can be used for cluster
communication as well.

Technically, it is possible to have a failover cluster node with a single network adapter that is used for all
network traffic, including internode communication, client communication, and access to shared storage.
However, we do not recommend having a single network adapter for all network traffic, and validation
will generate a warning to alert you of a potential single point of failure.
When you install the failover clustering feature, it adds the Failover Cluster Virtual Adapter to the node.
This is a hidden and completely self-configuring network adapter, which provides the failover node with
a fault-tolerant connection across all available network adapters. The Failover Cluster Virtual Adapter is
similar to NIC Teaming for clustering, and it hides all underlying network complexity from the failover
cluster; for example, when other nodes are on remote networks, or when a node obtains an IP address
from a Dynamic Host Configuration Protocol (DHCP) server. You can view the Failover Cluster Virtual
Adapter in Device Manager as a hidden device.
The networking features in failover clustering include the following:

The node transmits and receives a heartbeat, which is used to monitor the health status of network
interfaces, and is sent over all cluster-enabled networks. The heartbeat is sent by using unicast User
Datagram Protocol (UDP) traffic over port 3343.

Failover cluster nodes can be on different segments, providing there is network connectivity between
them.

The Failover Cluster Virtual Adapter hidden network adapter is added to each node. This adapter is
assigned a media access control (MAC) address based on the first physical adapter, and it is used to

build redundant and fault-tolerant routes to other nodes. You can also clone Windows Server
computers when they have the failover clustering role installed.

MCT USE ONLY. STUDENT USE PROHIBITED

6-6 Implementing Failover Clustering with Hyper-V

Failover clusters fully support IPv6 for both internode and client communication.

Cluster nodes can use static or dynamic IP addresses. If some nodes in a failover cluster use static IP
addresses, and if others are configured with dynamic IP settings, validation will report an error.
Failover Cluster Networking Essentials
http://go.microsoft.com/fwlink/?LinkID=386716
Question: Do you need to manually put network adapters in a failover clustering node in a
NIC team?

Failover Cluster Storage


Failover cluster deployments require shared
storage to provide consistent data and
configuration for the highly available applications.
When data is stored on a shared storage, this
data is still available, even when the node on
which the cluster role is running fails. This means
that another node can access the same data and
restart the cluster role from where the first node
wrote data on the shared storage.
There are different options for shared storage in
Windows Server:

Serial Attached SCSI. You can use Serial


Attached SCSI storage to connect shared storage to two failover nodes that are located close to
the Serial Attached SCSI storage. If the failover cluster will have multiple nodes, or if distance to the
storage will be more than 10 meters (30 feet), you should consider a different option for shared
storage.

iSCSI. Servers access iSCSI SANs by sending SCSI commands over an IP network. Performance is
acceptable over fast 10 gigabits per second (Gbps) or slower 1 Gbps networks. iSCSI is not limited
by the length or the number of servers that access the storage. The physical medium for data
transmission is Ethernet, and no special hardware is required. You can build an iSCSI SAN by using
the iSCSI target feature, which is part of Windows Server 2012 R2.

Fibre Channel. Fibre Channel SANs require special network infrastructure for accessing the storage.
They often have better performance than iSCSI storage, but they are considerably more expensive to
implement.

Fibre Channel over Ethernet. This network technology encapsulates Fibre Channel traffic over
Ethernet networks. This enables Fibre Channel to use high-speed Ethernet networks, while preserving
the Fibre Channel protocol.

You can also use SMB 3.0 file shares as shared storage for servers that are running Hyper-V, regardless of
whether they are part of failover cluster nodes. Servers can access storage on a SAN as a LUN, or as a CSV.
When you are considering shared storage for the failover cluster, you should consider using it as a CSV.
This is because it provides many benefits, such as simultaneous access from multiple failover cluster nodes,
and more efficient use of the storage space.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

When you choose the storage type, you should consider the following storage requirements:

6-7

A failover cluster does not support dynamic disks for a shared storage. You should therefore use basic
disks for the shared storage, and not dynamic.

As a best practice, use NTFS file system on all failover node volumes. If the volume is on shared
storage and you will use it as CSVs, you must format it by using NTFS file system.

If you will use disk witness for your quorum, you can format the volume with either NTFS file system
or Resilient File System (ReFS).

You can use either master boot record (MBR) or GUID partition table (GPT) partition style for the disks
in a failover cluster node.

Storage must support the SCSI-3 standard. Failover clusters require that storage supports persistent
reservations commands so that storage spaces can be properly managed as clustered disks, and those
commands are part of the SCSI-3 standard.

Confirm storage compatibility. You should verify that that the storage, drivers, firmware, and software
used for the storage are compatible with failover clusters in Windows Server 2012.

Isolate storage devices, one cluster per device. You should not allow nodes from different failover
clusters to access the same storage. You can achieve this by using LUN masking or zoning. This
prevents LUNs that you use on one failover cluster from being accessible from another failover
cluster.

Use Multipath I/O (MPIO) and teamed network adapters. This will provide the highest level of
redundancy and availability for accessing the storage.

Consider using storage spaces. Storage spaces virtualize access to the storage and provide resilient
and highly available shared storage.
Failover Clustering Hardware Requirements and Storage Options
http://go.microsoft.com/fwlink/?LinkID=386727
Question: Can you use a network-attached storage (NAS) device as a shared storage for a
failover cluster?

What Is CSV?
In a classic failover cluster deployment, only a
single failover cluster node can access and use
LUN on the shared storage at any given time. This
means that other failover cluster nodes cannot
access the same LUN, and that multiple LUNs are
used for different highly available applications on
different nodes. A LUN is also the smallest unit of
failover. If multiple virtual machines are stored on
the same LUN, they all fail over to another node,
and it is not possible to fail over just one of them.

CSV is a technology that enables multiple nodes


to access a single LUN concurrently. CSV provides
a distributed file access solution, which enables multiple nodes to access the same NTFS file system
simultaneously. CSV has multiple files. All failover cluster nodes can access CSV at the same time, but

MCT USE ONLY. STUDENT USE PROHIBITED

6-8 Implementing Failover Clustering with Hyper-V

each node can only access a different file on the CSV. Nodes cannot access the same file at the same time,
even when it is stored on CSV.
In Windows Server 2008 R2, CSV was supported only for storing virtual machine files. This way, you
could have multiple virtual machines on the same storage, with each virtual machine running on a
different node. CSV also enables individual virtual machines to fail over between failover cluster nodes.
This provides better use of storage space, because you no longer have to maintain multiple LUNs, one per
each virtual machine.

CSVs in Windows Server 2012

Windows Server 2012 offers improvements to CSV. It now supports roles other than just Hyper- V, such
as file server, or Microsoft SQL Server 2014. Windows Server 2012 also adds support for CSV cache, which
allows allocation of system memory as a write-through cache. Other improvements in CSVs are:

CSV file system. CSV volumes appear as if they are using a CSV file system. This is not a new file
system, the underlying technology is still NTFS, and CSV volumes are formatted with NTFS. However,
based on the file system, applications can discover that they are running on CSV.

Simplified CSV setup. CSV is integrated into the Failover Cluster Manager Storage view, and you do
not need to enable it explicitly. Instead, you can simply right-click a disk, and then add it to CSV.

Support for BitLocker. You can use BitLocker to encrypt a shared CSV volume, and protect data. Each
node performs decryption by using the computer account for the cluster server.

Integration with SMB Multichannel and SMB Direct. This enables CSV traffic to stream across multiple
networks in the cluster, and to utilize network adapters that support Remote Direct Memory Access
(RDMA).

Integration with the Storage Spaces feature in Windows Server 2012. This enables failover cluster to
use virtualized storage on clusters of inexpensive disks.

Ability to scan and repair volumes. CSVs can scan and repair volumes without moving storage offline.
Understanding Cluster Shared Volumes in a Failover Cluster
http://go.microsoft.com/fwlink/?LinkID=386719
Question: Can you format a CSV by using a CSV file system?

What Is a Quorum?
A failover cluster can have up to 64 failover cluster
nodes. A quorum is the consensus that enough
nodes are online and that the cluster can continue
running. Each node has one vote. If there is an
even number of nodes, then votes from the
witness element, which can be either a file
share witness or a disk witness, is also counted.
Quorum mode defines who will have a vote, and
until Windows Server 2012, that configuration was
static. Each voting element contains a copy of the
cluster configuration, and the cluster service keeps
all copies synchronized at all times.

A failover cluster stops providing failover protection if the quorum does not have more than half of the
votes. This means that most of the nodes have failed, or they are not able to vote because of some other

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-9

problem such as a network connectivity issue. Without a quorum, each set of nodes could continue to
operate as a failover cluster, even if it would have half of the nodes or less, which could result in creation
of two cluster instances from a single failover cluster. A quorum prevents such a splitting of a failover
cluster into two parts, where each part would continue to operate as a failover cluster concurrently.

If the available nodes do not achieve majority, then the vote of the witness becomes crucial. Quorum
mode, which is configured at the failover cluster level, defines which elements can vote. If the number of
votes drops below the majority, the cluster stops running and does not provide failover protection if there
is a node failure. Nodes continue to listen for the presence of other nodes, in case another node appears
again on the network. However, nodes will not function until a majority consensus or quorum is achieved.
Note: Failover cluster functionality depends not only on a quorum, but also on the
resources available to cluster nodes and their ability to run cluster services that fail over to
that node. For example, a cluster with five nodes will still have a quorum even if two nodes
fail. However, each remaining cluster node will continue serving clients only if it has enough
resources to run cluster roles that failed over to the remaining three nodes. These resources
include storage space, processing power, network bandwidth, and memory. You can configure
priority, preferred hosts, and anti-affinity to decide the nodes on which the cluster role can run.

Quorum Modes in Windows Server 2012


Windows Server 2012 R2 supports the following quorum modes:

Node Majority. Each failover cluster node that is online and has network connectivity can vote. Only
failover cluster nodes have a vote, and the cluster provides its services only when the quorum has
majority, with more than half the votes. This is the default quorum mode when the cluster has an odd
number of nodes and a witness is not necessary, such as when all nodes are located in the same site.

Node and Disk, or Node and File Share Majority. Each failover cluster node and a witness, which is
either a disk or file share, can vote when they are online and have network connectivity. The cluster
provides its services only when quorum has majority of the votes. This quorum model is appropriate
when the failover cluster has an even number of nodes.

No Majority: Disk Only. The cluster has a quorum if at least one node is available and it has
connectivity with a specific disk in the failover cluster storage. Only nodes that can communicate
with that disk can join the cluster.

Note: If the disk in the No Majority: Disk Only quorum model is not available, the cluster
will stop functioning, even if all nodes are still available. In this mode, a quorum-shared disk is a
single point of failure. Therefore, use of this mode is not recommended.

Except for the No Majority: Disk Only quorum mode, all quorum modes are based on a simple majority
vote model. As long as a quorum has majority of the votes, the cluster continues to accept client requests.
For example, if there are five votes in the cluster, the cluster continues to accept requests as long as the
quorum has at least three votes, and the source of the votes is not relevant. A quorum can get a vote
from a failover cluster node, a disk witness, or a file-share witness. The failover cluster stops answering
requests if the quorum does not receive the majority of the votes. In the No Majority: Disk Only mode, the
quorum-shared disk can veto all other possible votes. In this mode, the cluster will continue to function as
long as the quorum-shared disk and at least one node are available.

Cluster Node Weights and Dynamic Quorum

MCT USE ONLY. STUDENT USE PROHIBITED

6-10 Implementing Failover Clustering with Hyper-V

Failover clustering in Windows Server 2012 introduces two new concepts regarding quorum: cluster node
weights, and dynamic quorum. The concept of cluster node weight is used primarily in environments
where failover nodes are located in multiple physical locations. In such environments, you might want the
failover cluster running at the primary location even if the failover cluster nodes at the recovery location
are not available. To accomplish this, you can assign node weights of 0 for the failover cluster nodes at the
recovery location, which effectively revokes their default ability to participate in the quorum voting. For
example, if you have a four-node failover cluster and you assign node numbers 3 and 4 a weight of 0,
they would not participate in the calculation of a quorum, and only nodes 1 and 2 would participate. If
both nodes 3 and 4 were to fail, the failover cluster would continue to work, even if only nodes 1 and 2
are available.
Dynamic quorum provides higher availability within a failover cluster by continuously monitoring and
adjusting the quorum model based on the available cluster nodes. Cluster quorum calculation is adjusted
each time the number of nodes changes, so that even if a failover cluster has less than 50 percent of the
original number of nodes, the failover cluster continues to work and cluster roles are still available. With
dynamic quorum enabled, a failover cluster can survive with only one node up and running. The only
limiting factor is the availability of enough resources such as memory and processor to support the
workload. The dynamic quorum model is enabled by default.
Windows Server 2012 R2 includes several quorum enhancements, including:

Dynamic witness. If a failover cluster is configured to use dynamic quorum, which is the default
configuration, the witness vote is also dynamically adjusted based on the number of voting nodes in
the failover cluster. If the failover cluster has an odd number of votes, the quorum witness does not
have a vote. If the failover cluster has an even number of votes, the quorum witness has a vote. The
quorum witness vote is also dynamically adjusted based on the state of the witness resource. If the
witness resource is offline or has failed, then the witness does not have a vote.

Tie breaker for 50 percent node split. Failover cluster can dynamically adjust a node's vote to keep the
total number of votes at an odd number. To maintain an odd number of votes, the failover cluster will
first adjust the quorum witness vote through dynamic witness. If a quorum witness is not available,
then the failover cluster can adjust a node's vote. There is also a new failover cluster property that you
can use to determine which site survives if there is a 50 percent node split and neither site has
quorum.

Quorum user interface improvements. Failover Cluster Manager shows the assigned quorum vote and
the current quorum vote for each failover cluster node.
Configure and Manage the Quorum in a Windows Server 2012 Failover Cluster
http://go.microsoft.com/fwlink/?LinkID=386728
Question: Can a failover cluster that originally had six nodes still run cluster roles if three
nodes fail and only three nodes remain online?

What Is Encrypted Cluster Volume?


Failover clusters can store sensitive data on
shared storage. With Windows Server 2012,
you can protect the data on shared storage by
using BitLocker-encrypted volumes. BitLocker
encryption adds an additional layer of protection
for sensitive, highly available data, and you can
use it to encrypt both physical disks and CSVs.
You can protect data volumes by using BitLocker
prior to adding them to the failover cluster, or
after they are already in use in the failover cluster.
Using BitLocker encryption helps to provides
physical security for deployments outside secure
data centers, and meets compliance requirements for volume-level encryption.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-11

You can use BitLocker encryption with physical disk resources such as a LUN on a SAN, NAS, or with a
CSV. You can turn on BitLocker prior to adding the disk to the storage pool within a cluster. Otherwise,
you will need to put the resource into maintenance mode before you can perform BitLocker encryption.

When you use BitLocker on a stand-alone server, the BitLocker protector is stored locally. However,
when you use BitLocker encryption in a failover cluster, multiple cluster nodes must be able to access the
encrypted volume, and because of this, an Active Directory-based protector is used. You must add the
failover cluster Active Directory Domain Services (AD DS) identity as a BitLocker protector to the target
disk volumes.

You can manage BitLocker on a failover cluster by either using Windows PowerShell, or by using the
Manage-bde.exe command. BitLocker encryption introduces minimal (less than one percent) performance
overhead.
Before you can use BitLocker in a failover cluster, the following prerequisites must be met:

Windows Server 2012 or a newer Windows Server operating system with the Failover Clustering
feature must be installed and configured on each failover cluster node.

Domain controller running Windows Server 2012 or a newer Windows Server operating system must
be reachable from all failover cluster nodes.

BitLocker must be installed on all failover cluster nodes.

Manage-BDE.exe or the BitLocker module for Windows PowerShell must be available to configure
BitLocker-encrypted volumes in failover cluster.
How to Configure BitLocker Encrypted Clustered Disks in Windows Server 2012
http://go.microsoft.com/fwlink/?LinkID=386710
Question: Can you protect data on shared storage by using an encrypted cluster volume if
the failover cluster is a member of an AD DS domain with a Windows Server 2008 R2
domain-functional level?

Lesson 2

Configuring and Using Shared Storage

MCT USE ONLY. STUDENT USE PROHIBITED

6-12 Implementing Failover Clustering with Hyper-V

Each node in a failover cluster has local storage on which the operating system and applications are
installed. Each node should have access to shared storage, where it can store application configuration
information and data. Shared storage is useful in enabling a failover cluster node to continue the cluster
service from the point at which it was before the originating node failed.

In this lesson, you will learn how you can use an SMB 3.0 file share as a shared storage for virtual
machines, and how you can install and configure an iSCSI target for use by a failover cluster. You will also
learn about virtual hard disk sharing, which enables virtual machines to use a virtual hard disk on a highly
available location as a shared storage.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the requirements and process of storing virtual machines on an SMB 3.0 file share.

Explain the benefits and use of scale-out file servers.

Describe iSCSI.

Describe the iSCSI target server.

Use an iSCSI target server.

Describe the considerations for implementing iSCSI storage.

Explain how to use virtual hard disk sharing as shared storage.

Storing a Virtual Machine on an SMB 3.0 Shared Folder


In the past, if you wanted to run a virtual
machine, its data files should have been stored
either locally, or on the block storage on the SAN.
However, in Windows Server 2012 and newer
versions, you can use also SMB 3.0 file shares
for storing data files of running virtual machines,
which include configuration data, virtual hard
disks, checkpoints, and smart paging. Using of
SMB 3.0 has many advantages, because you can
use the existing knowledge, networking, and
server infrastructure, in addition to benefitting
from SMB 3.0 features such as SMB transparent
failover, SMB scale-out, and SMB multichannel.

Considerations for Use of SMB 3.0

SMB 3.0 file shares can have similar performance and reliability as SANs. Before using them, you should be
aware of the following considerations:

AD DS forest infrastructure is required if you want to use SMB 3.0 file shares. You need to grant
permissions for the SMB 3.0 file share to the Hyper-V host computer account, which is created only in
a domain environment.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-13

The file server must support SMB 3.0 protocol, which means that it must have Windows Server 2012
or a newer Windows Server operating system installed. You can use also non-Microsoft file servers, if
they support the SMB 3.0 protocol. Hyper-V does not block older versions of SMB, but Hyper-V Best
Practice Analyzer raises an alert when it detects an older version of SMB.

Loopback configurations are not supported. These are configurations in which the Hyper-V host is
used as the file server, and is configured to use local SMB 3.0 file shares for storing virtual machines.

When Hyper-V is running in a failover cluster, it must not store virtual machines on the file server in
the same failover cluster. Instead, it must use a file server in another failover cluster or stand-alone file
server. This is because when a failover node fails, it could potentially result in the Hyper-V and file
server roles running on the same failover cluster node.

We recommend that the Hyper-V host stores virtual machines on a continuously available file share
on a file server in the failover cluster, and not on a stand-alone file server.

Configuration Steps

The two most important steps when configuring an SMB 3.0 file share for storing virtual machines are:

Select the SMB Share - Applications profile for the shared folder. You can configure this profile when
creating the shared folder by using Server Manager. You will notice that you cannot enable accessbased enumeration or allow caching, because those features are not supported with this share profile.

Configure the appropriate NTFS file system and share permissions. The necessary permissions include
allowing Full Control for the Hyper-V host and Hyper-V Administrators. If Hyper-V is running in a
failover cluster, the computer account for the failover cluster must also have Full Control permissions
on the SMB 3.0 file share.

You can also create a shared folder and grant the permissions by using Windows PowerShell. You can
create a shared folder for C:\VMs, and grant Full Permissions for the LON-HOST1 account and local
Hyper-V Administrators group by running the following Windows PowerShell cmdlets:
New-SmbShare -Name VMs -Path C:\VMs -FullAccess Adatum\LON-HOST1$, "Hyper-V
administrators"
(Get-SmbShare VMs).PresetPathAcl | Set-Acl

Deploy Hyper-V over SMB


http://go.microsoft.com/fwlink/?LinkID=386725
Question: Can you store a virtual machine on a shared folder on a Windows Server 2008 R2
file server?

Using a Scale-Out File Server


Scale-out file server is one of the failover cluster
server roles. Unlike other roles whose behavior in
the cluster is the same as on stand-alone server,
a scale-out file server features several important
improvements. When you add a file server as a
cluster role, you can configure it as a file server
for general use, or as a scale-out file server for
application data. A file server for general use
enables you to configure highly available shared
folders, which are accessible on one cluster node
at the time. If that node fails, another node takes
ownership and clients can access the shared folder
through that node. Although shared folders are highly available, clients always access them through a
single node.

Benefits of Scale-Out File Servers

MCT USE ONLY. STUDENT USE PROHIBITED

6-14 Implementing Failover Clustering with Hyper-V

A scale-out file server has a different approach. Multiple failover nodes can host this role simultaneously,
and they all provide access to the data on the same CSV. One node coordinates write operations, and
any node on the failover cluster can read the data files on the CSV. This means that if you add a node to
a scale-out file server, you increase the total bandwidth that is available for accessing the shared folders.
This cluster role is sometimes referred to as an active-active file server, because shared folders can be
accessed through multiple nodes.
A scale-out file server provides the following benefits:

Ability to scale capacity dynamically. Because clients can access shared folders through multiple
nodes, if the number of clients increases, you can add an additional node to the scale-out file server.
You can build a scale-out file server with only two nodes, and you can expand it with additional
nodes as needed.

Higher Utilization. All failover cluster nodes can accept and serve client requests for all scale-out
shared folders. When you combine their bandwidth and processor power, you can achieve higher
utilization rates than with any single node. A single failover cluster node is no longer a potential
bottleneck, because a scale-out file server can support as many clients as the shared storage can
manage.

Non-disruptive maintenance and updates. When you need to check the disk, perform maintenance,
update, or restart a failover cluster node, the scale-out file server is available without an interruption.
This is also true for file server for general use.

CSV cache. You can use this feature to allocate system memory as a write-through cache. The CSV
cache provides caching of read-only data, which can improve performance for applications such as
Hyper-V, when accessing virtual hard disks. CSV cache performs caching at the block level, and not at
the file level.

Automatic rebalancing of the clients. SMB client connections are tracked per shared folder, instead of
per server as it was before Windows Server 2012 R2. Clients are redirected to the failover cluster node
with the best access to the volume used by the shared folder. This improves efficiency by reducing
redirection traffic between file server nodes.

Support for multiple SMB instances. A default SMB instance manages incoming SMB client traffic,
while an additional SMB instance is created on each failover cluster node to manage only internode
CSV traffic. This feature improves scalability and reliability of traffic between CSV nodes.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-15

Simpler management. You can view and manage file server, storage, and networking by using Server
Manager. You can also manage the scale-out file server by using Windows PowerShell.

Note: Clients must support the SMB 3.0 protocol to utilize all the benefits of the scale-out
file server. Older clients such as the Windows 7 operating system or Windows Server 2008 R2,
which support SMB 2.x, are able to connect to scale-out shared folders. However, they cannot
benefit from the SMB transparent failover functionality.
Scale-Out File Server for Application Data Overview
http://go.microsoft.com/fwlink/?LinkID=386722
Storage and Availability Improvements in Windows Server 2012 R2
http://go.microsoft.com/fwlink/?LinkID=386715
Question: Does a file server cluster for general use support more clients than a stand-alone
file server?

What Is iSCSI?
iSCSI is a client-server protocol that enables
access to remote, small computer system interface
(SCSI)based devices over a TCP/IP network. You
can use iSCSI for encapsulating and sending
standard SCSI commands over IP networks to any
target device that supports SCSI commands. You
can use iSCSI to transmit data over local area
networks (LANs), wide area networks (WANs), or
even over the Internet. The Windows operating
system has implemented iSCSI only for accessing
block storage devices, and uses the iSCSI initiator
to access storage on iSCSI SANs, but not other
remote SCSI devices.

iSCSI relies on standard Ethernet networking and does not require any special hardware. It uses the TCP/IP
protocol and TCP port 3260 by default to send SCSI commands and transfer data. This means that iSCSI
enables two hosts that are communicating over the network to negotiate the session and connection
parameters, and then exchange SCSI commands and data as they would were they locally connected.
iSCSI emulates a local storage subsystem over LANs and WANs, and provides access to the SAN as if it
were a locally attached disk. Unlike Fibre Channel, iSCSI does not require a separate network, and you can
run it over the existing IP network infrastructure. Although not required, as a best practice you should use
a dedicated and highly available network for iSCSI traffic.
An iSCSI deployment includes the following:

TCP/IP network. You can use standard network infrastructure for connecting servers to iSCSI storage
devices. To provide expected performance, the network should be fast, at least 1 Gbps. Understand
that with iSCSI, all storage access, read, and write operations happen over the network and not
locally. You should also consider having multiple paths between the server and iSCSI storage for
redundancy.

MCT USE ONLY. STUDENT USE PROHIBITED

6-16 Implementing Failover Clustering with Hyper-V

iSCSI target. iSCSI targets present and advertise local storage as a network block device, as an
iSCSI SAN. Many storage vendors implement hardware-level iSCSI targets as part of their storage
appliances. Windows Server 2012 includes iSCSI target server as a role service. Because it is critical for
storage to be available constantly, you should implement an iSCSI target server as a failover cluster
role to make it highly available. To provide network redundancy, you should also configure the MPIO
feature to use multiple paths between the server and iSCSI target.

iSCSI initiator. The iSCSI initiator is an iSCSI client that connects to the remote iSCSI target and
presents it as a locally attached disk. Windows client and Windows Server operating systems include
iSCSI initiator, and can connect to iSCSI targets. To use an iSCSI initiator, the iSCSI service must be
running. Because this service is not running by default, you should start it before you start using an
iSCSI initiator.

iSCSI qualified name. iSCSI qualified names are globally unique identifiers that address initiators and
targets on an iSCSI network. When you configure an iSCSI target, you must configure it with an iSCSI
qualified name.
Understanding Microsoft iSCSI Initiator Features and Components
http://go.microsoft.com/fwlink/?LinkID=386721
Question: What must you enable and configure in Windows Server 2012 R2 to be able to
use storage on an iSCSI SAN?

What Is an iSCSI Target Server?


When you install and configure the iSCSI target
server role service, Windows Server 2012 R2 can
present locally attached storage as an iSCSI block
storage device to the clients. By using an iSCSI
target server, you can create virtual disks that are
similar to LUNs on physical SANs, and expose
them as SCSI Logical Units (LUs) to iSCSI initiators.
Virtual disks created by using an iSCSI target
server have similar names as the virtual hard
disks used by Hyper-V, because they use the
same .vhdx format, and they share the same
characteristics and 64 terabyte (TB) size limits as
virtual hard disks. They also can be of the same types as virtual hard disks: fixed size, dynamically
expanding, or differencing.

When you create a fixed-size virtual disk, you can clear it on allocation. This means that its entire content
is filled with zero values, which removes any fragments of data that might remain on the underlying
storage.

After you create a virtual disk, you can assign it to the iSCSI target to make it available to the iSCSI
initiators over the network. You can identify the initiators that can access the logical unit by providing
their iSCSI qualified name, Domain Name System (DNS) name, IP address or MAC address, or by querying
the initiator computer for ID, which is supported only for Windows Server 2012, or for Windows 8 or
newer computers that are members of the same AD DS forest. You can also enable the Challenge
Handshake Authentication Protocol (CHAP) to authenticate initial connection and iSCSI target.
After the client iSCSI initiator connects to the logical unit, it can start using it as a locally attached disk,
which means initializing the disk, creating volumes, formatting them, and storing data. If the client is

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-17

running out of space on the logical unit, you can provide it with additional space by extending the virtual
disk. Conversely, if the logical unit has too much space for client needs, you can shrink the virtual disk.
You can perform both operations online, while the client is connected to the iSCSI target.
The iSCSI target server also enables backup applications that are connected to an iSCSI target and are
using Volume Shadow Copy Service (VSS) to complete the application-consistent snapshot, while the
application is accessing the logical unit. The iSCSI target VSS hardware provider communicates with the
iSCSI target server during the VSS snapshot process, and ensures that the snapshot is
application-consistent.

The iSCSI target server includes a Storage Management Initiative Specification provider, which is an
industry standard for discovery and management of heterogeneous storage systems. For example, VMM
can use functionality to perform the following actions on iSCSI target server:

Discover and list iSCSI targets and their properties.

Discover and list iSCSI logical units and their properties.

Create new and delete existing iSCSI logical units.

Add storage capacity to a Hyper-V failover cluster.

List, create, and delete logical unit snapshots.

Mask and unmask logical units on an iSCSI target.

You can manage the iSCSI target server by using Server Manager, or by using Windows PowerShell
cmdlets. For example, you can create a new virtual disk by running the following Windows PowerShell
cmdlet:
New-IscsiVirtualDisk

You can create a new iSCSI target by running the following cmdlet:
New-IscsiServerTarget

You can add a virtual disk to an iSCSI target by running the following cmdlet:
Add-IscsiVirtualDiskTargetMapping

Introduction of iSCSI Target in Windows Server 2012


http://go.microsoft.com/fwlink/?LinkID=386711
iSCSI Target Server in Windows Server 2012 R2
http://go.microsoft.com/fwlink/?LinkID=386712
Question: Can you use an iSCSI target server on Windows Server 2012 R2 to provide storage
to a server that is running a non-Microsoft operating system?

Demonstration: Using an iSCSI Target Server


In this demonstration, you will see how to use an iSCSI target server.

Demonstration Steps
1.

On LON-HOST1, add LON-SS1 to All Servers.

2.

Use Server Manager to add an iSCSI Virtual disk with following data:

3.

4.

5.

Location: E:\

iSCSI virtual disk name: Disk11

iSCSI virtual disk size: 15 GB

iSCSI virtual disk type: Dynamically expanding

Connect the iSCSI virtual disk to the New iSCSI target with following data:
o

Target name: Lab6-Host1

Access servers: LON-HOST1 and LON-HOST2

MCT USE ONLY. STUDENT USE PROHIBITED

6-18 Implementing Failover Clustering with Hyper-V

Use the Windows PowerShell New-IscsiVirtualDisk cmdlet to create new virtual disk with following
parameters:
o

Path: C:\iSCSIVirtualDisks\Disk12.vhdx

Size: 15 GB

ComputerName: LON-SS1

Use the Windows PowerShell Add-IscsiVirtualDiskTargetMapping cmdlet to add a virtual disk to an


iSCSI target with the following parameters:
o

TargetName: Lab6-Host1

Path: C:\iSCSIVirtualDisks\Disk12.vhdx

ComputerName: LON-SS1

6.

Refresh Server Manager, and confirm that virtual disk Disk12.vhdx now displays and it is mapped to
the Lab6-Host1 target.

7.

On LON-HOST1, open iSCSI Initiator and connect to the Lab6-Host1 target on the LON-SS1 iSCSI
target server. Disconnect any previously connected targets.

8.

Use Disk Management to confirm that two disks are now added, that they have a size of 15 GB, and
they are all Offline. Note that these are the virtual disks that you just added on the iSCSI target.

Considerations for Implementing iSCSI Storage


iSCSI storage is presented as a locally attached
disk, although all communication with the storage
is over the network. Therefore, it is critical that
storage is accessible at all times. When you are
planning the iSCSI implementation, you should be
aware of the following best practices:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-19

Use a fast network for iSCSI communication.


This network will be used for sending SCSI
commands and transferring data to and from
storage, similar to a local bus for the locally
attached storage. You should use at least a 1
Gbps dedicated network for iSCSI. If you use a
shared physical network, then you should use QoS policies to ensure that iSCSI is allocated adequate
bandwidth. In addition, configure network cards to use jumbo frames on the iSCSI network.

Data for the mission-critical workload will be stored on the shared iSCSI storage. Therefore,
redundancy is very important. iSCSI SAN appliances have redundancy built into them, but when you
use iSCSI target software, you should add the iSCSI target as a cluster role in a failover cluster. You
should also ensure that multiple network paths exist between the servers and the storage, and you
should install and configure the MPIO feature in Windows Server 2012. Be sure to also consider
network equipment such as switches and routers, and ensure that they have redundancy as well.

In enterprise environments, you should consider implementing a Microsoft Internet Storage Name
Service (iSNS) server, which is used for discovering storage devices on an Ethernet network. iSNS
provides automated discovery, management, and configuration of iSCSI devices on a TCP/IP network.

Implement security for iSCSI devices. This includes configuring iSCSI targets to allow only connections
from approved initiators, configuring authentication for iSCSI traffic, and encrypting iSCSI traffic if
required. Be aware that encryption requires additional overhead, and you should offload it to network
equipment.

Read the vendor-specific best practices for implementing iSCSI storage, and for using it with your
applications, such as Hyper-V.
Question: How can you control which iSCSI initiators can connect and use an iSCSI target?

Using Virtual Hard Disk Sharing as Shared Storage


You can implement failover clustering either
at the Hyper-V host level or at the virtual
machine level, or you can combine them.
Failover clustering at the host level provides
high availability for virtual machines. If a virtual
machine stops responding or loses network
connectivity, it fails over automatically to a
different node. Failover clustering at the virtual
machine level ensures that cluster roles inside
a virtual machine (such as scale-out file server,
DHCP server, or generic application), are
highly available. If the cluster role is no longer
responsive, it fails over automatically to a different virtual machine that is configured as a failover

MCT USE ONLY. STUDENT USE PROHIBITED

6-20 Implementing Failover Clustering with Hyper-V

clustering node. This virtual machine must be running either on the same Hyper-V host, or on a different
one. When you use failover clustering at both levels, you realize many benefits. However, you also realize
the downside of increased complexity. Virtual machines and the cluster roles are highly available.
To provide failover clustering functionality, you need shared storage for the quorum, for cluster roles
configuration, and for data storage. You can use iSCSI or Fibre Channel SAN as a shared storage with
Hyper-V failover clustering, in addition to an SMB 3.0 file share. You can also use both SAN types with
virtual machine clustering.

Windows Server 2012 R2 introduces a third optionyou can use virtual hard disk sharing and use that
disk as shared storage. Virtual hard disk sharing presents a disk as a Serial Attached SCSI disk, and failover
clustering can then use it as a shared storage.

The following table shows a comparison between iSCSI, Fibre Channel, and virtual hard disk sharing when
used for virtual machine shared storage:
Capability

Shared .vhdx

Virtual Fibre
Channel

ISCSI in a virtual
machine

Supported storage

Storage Spaces, Serial


Attached SCSI, Fibre
Channel, iSCSI, SMB

Fibre Channel
SAN

iSCSI SAN

How is storage presented in


virtual machine

Virtual Serial Attached


SCSI

Virtual Fibre
Channel LUN

iSCSI LUN

Data flows through the HyperV switch

No

No

Yes

Storage is configured at the


Hyper-V host level

Yes

Yes

No

Provides low latency and low


CPU use

Yes (RDMA or Fibre


Channel)

Yes (Fibre
Channel)

No

Requires specific hardware

No

Yes

No

Switch must be reconfigured


when virtual machine is
migrated

No

Yes

No

Exposes storage architecture

No

Yes

Yes

Before you can use a shared virtual hard disk as a shared storage, you must first meet the following
requirements:

The virtual hard disk must use .vhdx format. You can enable virtual hard disk sharing only on .vhdx
disks, and not on virtual hard disks that use the .vhd format.

The virtual hard disk must be connected to a SCSI virtual controller. You cannot enable virtual hard
disk sharing for disks that are connected to a virtual IDE adapter.

A shared virtual hard disk can only store data, and you cannot start a virtual machine from it. This is
also true for Generation 2 virtual machines, which can start from the virtual SCSI controller.

A shared virtual hard disk must be stored on a highly available location, either on scale-out file server
share, or on CSV. If a virtual hard disk is stored locally or on the SMB 3.0 file share, you cannot enable
virtual hard disk sharing.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-21

You can enable virtual hard disk sharing only if the virtual machine is turned off. Although you can
add or remove virtual hard disks to a virtual SCSI adapter while the virtual machine is running, you
can enable or disable virtual hard disk sharing only when the virtual machine is turned off.

To be able to use virtual hard disk sharing, the virtual machine must be running a supported
Windows Server operating system, and it must have the latest version of integration services installed.
Supported operating systems are currently Windows Server 2012 and Windows Server 2012 R2. You
cannot use shared virtual hard disks from client operating systems or older Windows Server operating
systems.

You can enable virtual hard disk sharing from the advanced settings of the virtual hard disk in Hyper-V
Manager, or by using the Windows PowerShell Add-VMHardDiskDrive cmdlet with the ShareVirtualDisk
parameter. For example, if you want to add shared virtual hard disk named disk1.vhd, which is located on
the highly available share \\LON-HOST1\files, to a virtual machine named VM1, you would run the
following cmdlet:
Add-VMHardDiskDrive -VMName VM1 -Path \\LON-HOST1\files\Disk1.vhdx -ShareVirtualDisk

Deploy a Guest Cluster Using a Shared Virtual Hard Disk


http://go.microsoft.com/fwlink/?LinkID=386720
Question: Do you need to install anything into the virtual machine to enable virtual hard
disk sharing?

Lesson 3

Implementing and Managing Failover Clustering with


Hyper-V

MCT USE ONLY. STUDENT USE PROHIBITED

6-22 Implementing Failover Clustering with Hyper-V

Failover clustering provides high availability for virtual machines. Making virtual machines highly available
is similar to making any other role highly available. You should first install servers, configure the shared
storage, install the Hyper-V role on all the servers that will run virtualization load, validate and create
cluster, and then create highly available virtual machines. You should ensure that all virtual machine data
files are on shared storage, otherwise the virtual machine will not be highly available.
When configuring the virtual machine cluster role, you will notice that many configuration settings such
as priority, failover, and failback, are the same as for the other cluster roles. However, some other settings
such as monitoring virtual machine heartbeat and applications, or network connectivity are specific to
virtual machines. For running virtual machines in a failover cluster, you do not need any additional cluster
roles, but when you want to replicate a virtual machine to a failover cluster node, you should first add the
Hyper-V Replica Broker cluster role to a failover cluster.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the steps for failover cluster implementation.

Describe Hyper-V validation tests.

Create a failover cluster.

Describe the configuration of highly available virtual machines.

Describe virtual machine monitoring.

Create and manage a virtual machine clustered role.

Describe the Hyper-V Replica Broker role.

Describe cluster-aware updating.

Implementing a Failover Cluster


Before you can implement a failover cluster, you
must have all required infrastructure available,
such as AD DS domain and server hardware. To
implement a failover cluster, you must complete
the following high-level steps:
1.

Install and configure servers that will become


failover cluster nodes. You should verify that
servers use the same hardware, including
processors and network adapters. You should
also ensure that you install the same Windows
Server operating system version on all servers.
Ensure also that you install the Failover
Cluster feature on all servers.

2.

Configure shared storage. This includes configuring the storage, for example creating LUNs or iSCSI
targets, configuring MPIO, connecting servers to the storage, and creating volumes.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-23

3.

Install roles on the servers that you want to make highly available. For example, you can install
Hyper-V if you plan to create highly available virtual machines, and install file and storage services if
you plan to create a scale-out file server. You need to install roles only on servers that will host the
cluster role. For example, if you plan to have an eight-node failover cluster, but virtual machines will
run on only five nodes, you should install the Hyper-V role on only five servers.

4.

Validate the configuration and create a failover cluster. The failover cluster includes the Validate
a Configuration Wizard, which validates all of the prerequisites for creating a failover cluster and
provides warnings or errors if any component does not meet the requirements. Before you create a
failover cluster, you should resolve any issues that the wizard reports. You can create a failover cluster
by using the Failover Cluster Manager, or by using Windows PowerShell.

5.

Create cluster roles. These are the highly available roles that run in a failover cluster. The High
Availability Wizard has several often-used cluster roles, such as file server or virtual machine. After you
create the cluster role, you can test the failover by moving the role between failover cluster nodes.
Deploy a Hyper-V Cluster
http://go.microsoft.com/fwlink/?LinkID=386729
Question: Can you implement a failover cluster by using the Windows Server 2012 R2
Standard operating system?

Hyper-V Validation Tests


The failover clustering feature includes a
collection of tests, which you should perform
on the failover cluster. You can run the validation
process at any time before, during, or after
creating a failover cluster. You should run the
initial validation before creating the failover
cluster, and prior to making any change to the
failover cluster configuration.

To obtain Microsoft support for the failover


cluster (if needed), you must have successfully
validated the failover cluster. The validation
process includes a series of tests to validate
configuration of the nodes, including connectivity between the nodes, and connectivity and functionality
of the shared storage. You require at least two nodes to run all the tests. This is because if you run the
validation with a single node, several important storage tests will not be performed. You can validate a
cluster as part of the cluster creating process, or you can run it later from the Failover Cluster Manager or
by using the Windows PowerShell cmdlet Test-Cluster.
Note: Some validation tests do not run until you create a cluster or install server roles.
For example, the Cluster Configuration tests will not run until after you create the cluster, and
Hyper-V tests will not run if you have not yet installed the Hyper-V role on the cluster nodes.

You can also use the cluster validation process as a troubleshooting tool on a configured cluster. When
running the validation process, you can select a subset of the validation tests to help you troubleshoot.
The validation process will warn you if storage tests are selected, but they will not run on a failover cluster
that already has allocated storage online.

MCT USE ONLY. STUDENT USE PROHIBITED

6-24 Implementing Failover Clustering with Hyper-V

Validation is not mandatory, but we strongly recommend it as a best practice. Furthermore, validation is
required if you want to have a supported failover clustering configuration. You should perform validation
after each change in configuration, including the following:

Run validation tests on the failover cluster. To have a supported configuration and to rule out
configuration problems, you are required to run validation tests on the failover cluster successfully.
The report shows any errors and warnings for your configuration, and what you should do to avoid
them. For example, the report will warn you if there is no network redundancy or if servers are not
running the same edition of the Windows Server or Windows client operating systems.

Before adding a node to a failover cluster. You should run a validation test to confirm that the server
is configured properly and that it has connectivity to shared storage.

When adding new shared storage. When you add new shared storage to the cluster, you should run
validation to confirm that new storage will function correctly (for example, that it supports SCSI-3
persistent reservation). To minimize the impact on availability, you should run the validation after you
attach the storage, but before you begin using the new LUNs.

When updating firmware and drivers. You should run validation to confirm that the new combination
of hardware, firmware, drivers, and software supports your failover cluster functionality.

After restoring a node from backup. Run the validation to confirm that the restored node can
function properly as part of the failover cluster.

As part of the cluster role validation, the following tests are performed if the Hyper-V role is installed on
failover cluster nodes:

List Hyper-V Virtual Machine Information. This test lists virtual machine information for each virtual
machine in the failover cluster. Test information includes the virtual machine name, the node that is
hosting the virtual machine, heartbeat connectivity to the virtual machine, and the version of the
installed integration services.

List Information About Servers Running Hyper-V. This test lists Hyper-V host-related information on
each specified node, for example, if they are Virtual Machine Queue (VMQ)capable and single root
I/O virtualization (SR-IOV)capable.

Validate Compatibility of virtual Fibre Channel SANs for Hyper-V. This test validates that each node in
the failover cluster is configured with the same set of virtual Fibre Channel SANs.

Validate Hyper-V Integration Services Version. This test validates that all virtual machines are running
the up-to-date version of the Hyper-V integration services.

Validate Hyper-V Memory Resource Pool Capability. This test validates that memory resource pools
with the same names are present on all specified nodes.

Validate Hyper-V Network Resource Pool and Virtual Switch Compatibility. This test validates that all
nodes in the failover cluster have the same set of network resource pools and virtual switches with the
same names.

Validate Hyper-V Processor Resource Pool Compatibility. This test validates that all nodes in the
failover cluster have the same set of processor resource pools.

Validate Hyper-V Role Installed. This test validates that all nodes in the failover cluster have the
Hyper-V role installed.

Validate Hyper-V Storage Resource Pool Compatibility. This test validates that all nodes in the failover
cluster have storage resource pools that share the same name.

Validate Hyper-V Virtual Machine Network Configuration. This test validates that all virtual machines
on the failover cluster nodes are configured with cluster-compatible network settings; for example,
virtual machines are configured with correct network resource pool.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-25

Validate Hyper-V Virtual Machine Storage Configuration. This test validates that all virtual machines
are configured with cluster-compatible storage settings; for example, virtual machine data files are on
cluster storage. If virtual Fibre Channel adapters are used, it verifies if the virtual machine is
configured with at least two virtual Fibre Channel adapters.

Validate Machine Processor Manufacturers. This test validates that all failover cluster nodes use
processors from the same manufacturer.
Validate Hardware for a Failover Cluster
http://go.microsoft.com/fwlink/?LinkID=386726
Question: Why is it important that all failover cluster nodes have processors from the same
manufacturer?

Demonstration: Creating a Failover Cluster


In this demonstration, you will see how to create a failover cluster.

Demonstration Steps
Note: This task should be performed only on LON-HOST1.
1.

On LON-HOST1, use the Failover Cluster Manager to create a new cluster with the following data
(accept default values on all other wizard pages):
o

Servers in cluster: LON-HOST1, and LON-HOST2

Cluster Name: LON-CLUST.

Address: 172.16.10.105

2.

Use Active Directory Users and Computers to confirm that in the Computers container, there are
computer accounts for LON-HOST1, LON-HOST2, and LON-CLUST (which was added when you
created the failover cluster).

3.

On LON-HOST1, use File Explorer to confirm that the C:\ClusterStorage folder is empty.

4.

Use the Failover Cluster Manager to add Cluster Disk 2 to Cluster Shared Volumes.

5.

Use File Explorer to confirm that the C:\ClusterStorage folder now contains a mounted volume for
Volume1.

Configuring Highly Available Virtual Machines


A single Windows Server 2012 failover cluster
can run up to 8,000 virtual machines, and each
failover cluster node can run up to 1,024 virtual
machines, providing it has enough resources. A
highly available virtual machine must store all of
its data on shared storage, which can be either a
continuously available SMB 3.0 file share on scaleout file server, or a CSV.

MCT USE ONLY. STUDENT USE PROHIBITED

6-26 Implementing Failover Clustering with Hyper-V

You can create highly available virtual machines as


a cluster role, either by using Windows PowerShell
or by using the Failover Cluster Manager. You
can also configure an existing virtual machine as
highly available by using the High Availability Wizard. If the virtual machine data files are not stored on
shared storage, you will receive a warning, and the virtual machine will not be highly available until you
move its data to shared storage.
You can configure basic properties for the highly available virtual machine on the role Properties page,
The Priority setting is one of these properties, and it controls which virtual machines (or cluster roles in
general) have priority over others. This is important when a failover cluster starts and when virtual
machines fail over to a different node.

For example, when failover cluster starts, resources are allocated first to virtual machines with high
priority, and as a result, they are started first. Only after that will virtual machines with medium priority
be started. The failover cluster will continue to start virtual machines until they are all started or there are
no more nodes in the failover cluster with resources available. The Priority setting is set to Medium by
default, and you can change it to Low, High, and No Auto Start.
When a failover cluster is placing virtual machines on the failover nodes, it uses the following rules:

Start a virtual machine on the same node it was running on previously.

Move a virtual machine to a node that is on the virtual machines Preferred Owners list.

If the node on which a virtual machine was running previously is not available, the failover cluster will
place the virtual machine on another node, based on available resources (primarily memory).

If a virtual machine cannot be started, the failover cluster continues to contact all the nodes every five
minutes to find out if any node has enough resources available. When enough resources become
available, the virtual machine is started.

You can configure the virtual machines Preferred Owners list on the role Properties page. The failover
cluster will try to start the virtual machine on the Hyper-V host that is highest on the virtual machines
Preferred Owners list. If it is not able to start the virtual machine on any of the preferred owners, it will try
to start it on one of the possible owners, which you can configure on the Advanced Policies tab for the
virtual machines resource properties. If the virtual machine cannot be started on any possible owners,
then the failover cluster will move it to any other failover cluster node, but will not start it there.
On the Failover tab of the role properties page, you can also configure failover and failback settings. You
can specify the number of times that the failover cluster will attempt to restart or fail over the cluster role
in the specified period, and whether the cluster role will fail back automatically to the most preferred
owner when it is available again.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-27

On the Settings tab of the virtual machines resource properties page, you can configure two settings
regarding virtual machine health monitoring, both of which are enabled by default:

Enable heartbeat monitoring for the virtual machine. This setting enables the failover cluster to
periodically check the Heartbeat integration service in the virtual machine. If the heartbeat stops,
it can restart and fail over the virtual machine.

Enable automatic recovery for application health monitoring. This setting enables you to configure
application health monitoring for applications and services that are running inside the virtual
machine.

When you want to prevent virtual machines from running on the same Hyper-V host, you can use
anti-affinity. Some examples include when virtual machines use a significant amount of resources, or
because a company policy requires that they never run on the same physical host. The failover cluster
will move virtual machines that have the same AntiAffinityClassNames property to different failover
cluster nodes. You can configure this property by using Windows PowerShell, or by using VMM, in which
AntiAffinityClassNames is called availability sets. You cannot configure it by using Failover Cluster
Manager.
Clustered Role and Resource Properties
http://go.microsoft.com/fwlink/?LinkID=386718
AntiAffinityClassNames
http://go.microsoft.com/fwlink/?LinkID=386717
Question: Will a virtual machine ever fail over to a node that is not on either its preferred
owners list or its possible owners list?

Virtual Machine Monitoring


Failover clusters provide high availability for the
roles that are configured in that cluster. Failover
clusters also monitor the roles, and take action
when there is an issue with role availability. A
virtual machine is one of the cluster roles and
when a virtual machine does not respond to a
heartbeat, the failover cluster can restart or fail
over the virtual machine to a different cluster
node.

Prior to Windows Server 2012, a failover cluster


was not able to monitor applications that were
running inside a virtual machine. For example, if
you used a virtual machine as a print server, the failover cluster was not able to detect if the Print Spooler
service in the virtual machine had stopped. As a result, the failover cluster would not take any action, even
though the print server did not work, because the virtual machine was still responding to a heartbeat.
Failover clustering in Windows Server 2012 has the ability to monitor and detect application health
for applications and services that run inside a virtual machine. If a service in a virtual machine stops
responding, or if an event is added to the System, Application, or Security logs, the failover cluster can
take actions such as restarting the virtual machine or failing it over to a different node to restore the

MCT USE ONLY. STUDENT USE PROHIBITED

6-28 Implementing Failover Clustering with Hyper-V

service. The only requirement is that the failover cluster node and virtual machine must be running
Windows Server 2012 or newer Windows Server operating system, and have integration services installed.
You can configure virtual machine monitoring by using either the Failover Cluster Manager or Windows
PowerShell. By default, a failover cluster is configured to monitor virtual machine health, in addition to
applications and services within that virtual machine. Heartbeat monitoring requires that integration
services is installed on the virtual machine, and that you can verify the monitoring configuration on the
Settings tab of the virtual machine resource Properties dialog box.

To add monitoring of the specific services that are running in the virtual machine, right-click the virtual
machine cluster role, click More actions, and then click Configure Monitoring. From there you can select
services to monitor inside the virtual machine. The failover cluster will take action only if a service stops
responding, and in the Services Control Manager if the service is configured with Take No Actions
recovery setting.

Windows Server 2012 R2 can also monitor failure of virtual machine storage and loss of network
connectivity. Storage failure detection can detect the failure of a virtual machine boot disk or any other
virtual hard disk that the virtual machine is using. If failure happens, the failover cluster moves the virtual
machine and then restarts it on a different node. You can also configure a virtual network adapter to
connect to a protected network. If network connectivity to such network is lost because of reasons such as
physical switch failure or disconnected network cable, the failover cluster will move the virtual machine to
a different node to restore network connectivity.
Guest Clustering and VM Monitoring in Windows Server 2012
http://go.microsoft.com/fwlink/?LinkID=386714
Question: How can you monitor an application that is installed in a Windows Server 2012 R2
virtual machine, but is not running as a service?
Question: How should you configure a service in a highly available virtual machine by using
Service Control Manager, if you plan to monitor it by failover cluster?

Demonstration: Creating and Managing the Virtual Machine Clustered


Role
In this demonstration, you will see how to create and manage a virtual machine clustered role.

Demonstration Steps
1.

On LON-HOST1, use the Failover Cluster Manager to create a new virtual machine with following
data:
o

Host to create virtual machine on: LON-HOST1

Name: LON-HA1

Location: C:\ClusterStorage\Volume1\

Memory: Use Dynamic Memory

2.

On LON-HOST1, use the Failover Cluster Manager to set LON-HA1 startup priority to Low.

3.

Use the Failover Cluster Manager to configure LON-HOST1 as the preferred owner for the
LON-HA1 role.

4.

5.

Configure LON-HA1 with the following values:


o

Maximum failures in the specified period: 2

Period in which this can happen: 3

Configure the Virtual Machine LON-HA1 resource with the following value:
o

Period for restart (mm:ss): 10:00 minutes

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-29

6.

Confirm that LON-HOST1 and LON-HOST2 are set as Possible Owners.

7.

On LON-HOST1, use the Windows PowerShell Add-ClusterVirtualMachineRole cmdlet to add the


20409B-LON-PROD1 virtual machine as a clustered role.

8.

On LON-HOST1, use the Failover Cluster Manager to confirm that in the 20409B-LON-PROD1
clustered role, no services are monitored currently.

9.

Use Failover Clustering Manager to configure monitoring for LON-PROD1, and then click Print
Spooler as service to be monitored.

10. Use Failover Cluster Manager to confirm that Print Spooler is listed under Monitored Services.

What Is the Hyper-V Replica Broker Role?


Hyper-V Replica is a feature that provides a
business continuity solution for virtual machines.
It allows virtual machines that are running on a
Hyper-V host or a Hyper-V failover cluster at a
primary site to be replicated to a replica Hyper-V
host at a secondary site, (usually across a WAN
link). Primary and replica Hyper-V hosts can be
part of a failover cluster, and virtual machines that
are configured for replication can move between
cluster nodes. For replication to continue without
interruption, it is important to know at all times
on which failover cluster node the virtual machine
is running.

The Hyper-V Replica Broker cluster role provides the virtual machine to the replica Hyper-V cluster node
mapping. It also redirects incoming replication traffic for a virtual machine to the appropriate node in
the failover cluster on which the virtual machine is running. When the replica virtual machine is moved,
it sends a notification packet to the primary server with the new Hyper-V node to which the replica has
been moved. The primary Hyper-V host then connects to the replica Hyper-V host, which is a node in the
failover cluster, and then continues the replication.

For example, consider a primary virtual machine that is running on ServerA in Failover cluster 1, and a
replica virtual machine that is running on Server1 in Failover cluster 2. If Server1 fails, the replica fails over
to Server2 in the same failover cluster. The Hyper-V Replica Broker sends a notification message to the
primary Hyper-V host, which then establishes a replication connection with Server2 as a replica. If ServerA
fails, the primary virtual machine fails over to ServerC in Failover cluster 1. ServerC queries the Hyper-V
Replica Broker, and then establishes a replication connection with Server2.
Question: When do you need a Hyper-V Replica Broker?

What Is Cluster-Aware Updating?


Installing operating system updates is often a
manual and time-consuming process, especially
with a failover cluster that has many nodes.
Cluster-Aware Updating (CAU) is a feature that
updates failover cluster nodes automatically,
without user interaction and with minimal or no
downtime. For many cluster roles, CAU triggers a
planned failover, which can cause a short service
interruption for connected clients. For roles such
as scale-out file server and Hyper-V, which have
continuous availability and live migration, CAU
updates the failover cluster without interrupting
service availability.
CAU orchestrates and automates the update process by performing the following actions:
1.

Puts a failover cluster node into maintenance mode.

2.

Moves the cluster roles to a different failover cluster node.

3.

Installs the updates and any dependent updates.

4.

Restarts the failover cluster node, if necessary.

5.

Brings the node out of maintenance mode.

6.

Fails back cluster roles that were moved from this node.

7.

Continues the update on the next failover cluster node.

CAU can coordinate the complete cluster updating operation in two modes:

MCT USE ONLY. STUDENT USE PROHIBITED

6-30 Implementing Failover Clustering with Hyper-V

Remote-updating mode. In this mode, updating is coordinated by a computer, which is not the
failover cluster node. This computer is called the orchestrator, and it must have failover clustering
administrative tools installed. You can trigger on-demand updating from the orchestrator by using a
default or custom Updating Run profile. Remote-updating mode is useful for monitoring real-time
progress during the Updating Run, or for updating failover cluster nodes that do not have a GUI.

Self-updating mode. In this mode, CAU is configured as a cluster role in the failover cluster, and an
associated update schedule is defined. In this mode, CAU does not have a dedicated orchestrator
computer, but the cluster updates itself at scheduled times by using a default or custom Updating
Run profile. During the Updating Run, the CAU orchestrator process starts on the failover cluster node
that currently owns the CAU cluster role, and the process updates cluster nodes one after another. In
the self-updating mode, CAU can update the failover cluster by using a fully automated updating
process. You can also trigger updates on demand if so desired. You can view information about an
Updating Run by running the Windows PowerShell cmdlets Get-CauRun and Get-CauReport.
Cluster-Aware Updating Overview
http://go.microsoft.com/fwlink/?LinkID=386724

Update Management in Windows Server 2012: Revealing Cluster-Aware Updating and the
New Generation of WSUS
http://go.microsoft.com/fwlink/?LinkID=386713
Question: Is there any downtime when you update nodes in a failover cluster by using CAU?

Lab: Implementing Failover Clustering with Hyper-V


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-31

A. Datum Corporation has implemented the Hyper-V virtualization platform in one of their subsidiaries.
Most of the host servers in the subsidiary have been converted to Hyper-V hosts, including several servers
that run critical business applications. These critical applications need to be available at all times, and the
availability should not be affected by the failure of a single host machine. A. Datum has identified failover
clustering as the best option for implementing this level of availability.
You need to implement a high availability solution for these virtual machines by deploying failover
clustering for the virtual machines. You also need to configure highly available virtual machines and
virtual machine monitoring.

Objectives
After completing this lab, you will be able to:

Create a Hyper-V failover cluster.

Manage a Hyper-V failover cluster.

Lab Setup
Estimated Time: 90 minutes
Virtual machines: 20409B-LON-HOSTx, 20409B-LON-CLx, 20409B-LON-DC1, and 20409B-LON-SS1
User name: Adatum\Administrator
Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1.

Sign in to the LON-HOSTx computer as Adatum\Administrator with the password of Pa$$w0rd.

2.

On LON-HOST1 start Hyper-V Manager.

3.

In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.

4.

In the Actions pane, click Connect. Wait until the virtual machine starts.

5.

Sign in by using the following credentials:

6.

User name: Adatum\Administrator

Password: Pa$$w0rd

Repeat steps 3-5 for 20409B-LON-SS1 and 20409B-LON-CLx.

LON-HOST1 and LON-HOST2 are sometimes referenced as LON-HOSTx, which indicates that each
student can perform the lab tasks on his or her computer.
Note: Because you will be using the same virtual machines in the next lab, do not revert
the virtual machines. However, you can shut down all virtual machines after finishing this lab.
You will be working in pairs. Communicate clearly with your lab partner, and cooperate fully with
each other during this lab.

Exercise 1: Creating a Hyper-V Failover Cluster


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

6-32 Implementing Failover Clustering with Hyper-V

A. Datum has decided that they will use iSCSI shared storage for failover clusters. For this purpose, you
need to create a proof-of-concept deployment, where you can also demonstrate how to extend iSCSI
logical units online. To perform this task, you decide to use one of the existing file servers and configure
the iSCSI target server on it. You also need to add the shared storage to the servers, verify that it is
configured properly, and create a failover cluster.
The main tasks for this exercise are as follows:
1.

Create an Internet small computer system interface (iSCSI) target.

2.

Connect to an iSCSI target and create volumes.

3.

Extend iSCSI logical units online.

4.

Install the Failover Clustering feature.

5.

Create a failover cluster.

6.

Add a Cluster Shared Volume (CSV).

Task 1: Create an Internet small computer system interface (iSCSI) target


1.

On LON-HOSTx, add LON-SS1 to All Servers.

2.

Use Server Manager to add an iSCSI Virtual disk with the following settings:

3.

4.

5.

6.

Location: E:\

Name: Diskx1

iSCSI virtual disk size: 10 GB

iSCSI virtual disk type: Dynamically expanding

Connect the iSCSI virtual disk to the New iSCSI target with following data:
o

Target name: Lab6-Hostx

Access servers: LON-HOST1 and LON-HOST2

Use the Windows PowerShell New-IscsiVirtualDisk cmdlet to create a new virtual disk with following
parameters:
o

Path: E:\iSCSIVirtualDisks\Diskx2.vhdx

Size: 10GB

ComputerName: LON-SS1

Use the Windows PowerShell New-IscsiVirtualDisk cmdlet to create a new virtual disk with the
following parameters:
o

Path: E:\iSCSIVirtualDisks\Diskx3.vhdx

Size: 15GB

ComputerName: LON-SS1

Use the Windows PowerShell Add-IscsiVirtualDiskTargetMapping cmdlet to add the virtual disk to
the iSCSI target with the following parameters:
o

TargetName: Lab6-Hostx

Path: E:\iSCSIVirtualDisks\Diskx2.vhdx

ComputerName: LON-SS1

7.

8.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-33

Use the Windows PowerShell Add-IscsiVirtualDiskTargetMapping cmdlet to add a virtual disk to


the iSCSI target with the following parameters:
o

TargetName: Lab6-Hostx

Path: E:\iSCSIVirtualDisks\Diskx3.vhdx

ComputerName: LON-SS1

Refresh Server Manager, and confirm that virtual disks Diskx2.vhdx and Diskx3.vhdx now display,
and that they are mapped to target Lab6-Hostx.

Note: Although both students created an iSCSI target, only the Lab6-Host1 iSCSI target
will be used for creating the failover cluster.

Task 2: Connect to an iSCSI target and create volumes


1.

On LON-HOSTx, use iSCSI Initiator to connect to the target with Lab6-Host1 in the name, on the
iSCSI target server named LON-SS1. Disconnect any pre-existing targets.

2.

Use Disk Management to confirm that three disks are added, that they have size of 10GB, 10GB, and
15GB, and that they are all Offline. These are the virtual disks that you just added on the iSCSI target.

3.

On LON-HOST1, use Computer Management to bring Disk 3, Disk 4, and Disk 5 online, and to
initialize all three disks.

4.

Create and format simple volumes on Disk 3, Disk 4, and Disk 5 with default values.
Note: Perform step 5 only on LON-HOST2.

5.

Use Computer Management to bring the three new disks online.

Task 3: Extend iSCSI logical units online


1.

On LON-HOST1, use Server Manager to extend the E:\iSCSIVirtualDisks\Diskx1.vhdx virtual disk to


15 GB.

2.

Refresh Disk Management, and confirm that disk in the details pane is extended with 5 GB of
unallocated space.

3.

Use the Extend Volume Wizard to extend the volume on the disk to allocate all available disk space.

4.

Confirm that the partition is now expanded to 15 GB. You expanded it while it was online, while it was
in use.

Task 4: Install the Failover Clustering feature

On LON-HOSTx, use Server Manager to install the Failover Clustering feature.


Note: Both students should finish with this task before you continue.

Task 5: Create a failover cluster


Note: Perform this task only on LON-HOST1.
1.

2.

MCT USE ONLY. STUDENT USE PROHIBITED

6-34 Implementing Failover Clustering with Hyper-V

On LON-HOST1, use the Failover Cluster Manager to create a new cluster with following data (accept
default values on all other wizard pages):
o

Servers in cluster: LON-HOST1 and LON-HOST2

Cluster Name: LON-CLUST

Use Active Directory Users and Computers to confirm that in the Computers container there are
computer accounts for LON-HOST1, LON-HOST2, and LON-CLUST (which was added when you
created the failover cluster).

Task 6: Add a Cluster Shared Volume (CSV)


1.

On LON-HOSTx, use File Explorer to confirm that the C:\ClusterStorage folder is empty.

2.

Use the Failover Cluster Manager to add the first Cluster Disk with Available Storage status to
Cluster Shared Volumes if you are on LON-HOST1, or the second Cluster Disk with Available
Storage status to Cluster Shared Volumes if you are on LON-HOST2.

3.

Use File Explorer to confirm that the C:\ClusterStorage folder contains mounted volumes for
Volume1 and Volume2, which were added when you and your partner added disks to the CSV.

4.

Create a new text document with your name in the C:\ClusterStorage\Volumex folder.

5.

Confirm that the C:\ClusterStorage\Volumey folder contains a file with your partners name. Notice
that now, all cluster nodes have access to the CSV.

Note: If file with your partners name is not in the C:\ClusterStorage\Volumey folder, wait
until your partner creates a file.

Results: After completing this exercise, you should have created a Hyper-V failover cluster.

Exercise 2: Managing a Hyper-V Failover Cluster


Scenario

As part of the proof-on concept deployment, you need to configure virtual hard disk sharing, which you
will use later as shared storage for virtual machine clustering. You also need to create highly available
virtual machines and configure their settings. Because several virtual machines will be used as print
servers, you need to configure monitoring that will notify you if the print spooler service in those virtual
machines stops.
The main tasks for this exercise are as follows:
1.

Configure virtual hard disk sharing.

2.

Create a highly available virtual machine.

3.

Configure a highly available virtual machine.

4.

Configure virtual machine monitoring.

5.

Move a virtual machine between failover cluster nodes.

6.

Destroy a failover cluster.

Task 1: Configure virtual hard disk sharing


1.

2.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-35

On LON-HOSTx, use the Windows PowerShell New-VHD cmdlet to create virtual hard disks on local
storage by using following parameters:
o

Path: C:\Shares\HDD1x.vhdx

SizeBytes: 10 GB

Type: Dynamically Expanding

Use the Windows PowerShell New-VHD cmdlet to create virtual hard disks on CSV by using following
parameters:
o

Path: C:\ClusterStorage\Volumex\HDD2x.vhdx

SizeBytes: 10 GB

Type: Dynamically Expanding

3.

Use the Windows PowerShell Add-VMHardDiskDrive cmdlet to add both of the virtual hard disks
that you created to the SCSI virtual adapter of the 20409B-LON-PRODx virtual machine.

4.

If the 20409B-LON-PRODx virtual machine is running, then turn it off.

Note: You cannot modify a virtual hard disks sharing setting while the virtual machine is
running.
5.

Use Hyper-V Manager to confirm that 20409B-LON-PRODx has two hard disks listed under SCSI
Controller: HDD1x.vhdx, and HDD2x.vhdx.

6.

Try to Enable virtual hard disk sharing for the HDD1x.vhdx virtual hard disk.

Note: The Error applying Hard Disk Drive changes message displays, because local
storage where HDD1x.vhdx is located does not support virtual hard disk sharing.
7.

Try to Enable virtual hard disk sharing for HDD2x.vhdx.


Note: This time you do not get any error, because the virtual hard disk is stored on a CSV.

8.

Verify that that 20409B-LON-TESTx is turned off.

9.

Use the Windows PowerShell Add-VMHardDiskDrive cmdlet to add the C:\ClusterStorage


\Volumex\HDD2x.vhdx virtual hard disk to the SCSI virtual controller of the LON-TESTx virtual
machine.

10. Start the 20409B-LON-PRODx virtual machine.


11. Start the 20409B-LON-TESTx virtual machine.
Note: Notice that an error message displays, because HDD2x.vhdx is already in use by a
virtual machine.

12. Use Hyper-V Manager to Enable virtual hard disk sharing for the HDD2x.vhdx virtual hard disk of the
20409B-LON-TESTx virtual machine.

13. Start the 20409B-LON-TESTx virtual machine.


Note: Notice that this time LON-TESTx starts without an error, as it is now configured with
virtual hard disk sharing.
14. Sign in to both the LON-TESTx and LON-PRODx computers.

MCT USE ONLY. STUDENT USE PROHIBITED

6-36 Implementing Failover Clustering with Hyper-V

15. Open Disk Management, and confirm that the shared virtual hard disk is available as shared storage
to both computers.
16. Remove HDD1x.vhdx and HDD2x.vhdx virtual hard disks from 20409B-LON-PRODx.
17. Remove HDD2x.vhdx virtual hard disk from 20409B-LON-TESTx.

Task 2: Create a highly available virtual machine


1.

2.

On LON-HOSTx, use the Failover Cluster Manager to create a new virtual machine with the following
settings:
o

Host to create virtual machine on: LON-HOSTx

Name: LON-HAx

Location: C:\ClusterStorage\Volumex\

Memory: Use Dynamic Memory

On LON-HOSTx, use the Windows PowerShell Add-ClusterVirtualMachineRole cmdlet to add a


highly available virtual machine with following parameters:
o

3.

VMName: 20409B-LON-CLx

Use the Failover Cluster Manager to confirm that LON-HAx and 20409B-LON-CLx are listed as
clustered Roles.

Task 3: Configure a highly available virtual machine


1.

On LON-HOSTx, use the Failover Cluster Manager to set LON-HAx startup priority to Low.

2.

Use Failover Cluster Manager to configure LON-HOSTx as the preferred owner for the LON-HAx role.

3.

Use Failover Cluster Manager to configure LON-HAx with the following settings:
o

Maximum failures in the specified period: 2

Period: 3

4.

Use the Failover Cluster Manager to configure Virtual Machine LON-HAx on the Resources tab with
Period for restarts (mm:ss) set to 10:00 minutes.

5.

Confirm that both LON-HOST1 and LON-HOST2 are set as Possible Owners, and that heartbeat
monitoring is enabled for LON-HAx.

Task 4: Configure virtual machine monitoring


1.

On LON-HOSTx, use the Windows PowerShell Add-ClusterVirtualMachineRole cmdlet to add the


20409B-LON-PRODx virtual machine as a clustered role.

2.

On LON-PRODx, configure the Print Spooler service with Take No Action if Second failure occurs.

3.

On LON-HOSTx, use the Summary tab in the Failover Cluster Manager to confirm that currently no
services are monitored in the LON-PRODx clustered role.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

6-37

4.

In the Failover Cluster Manager, in details pane, right-click 20409B-LON-PRODx, click More
Actions, and then configure monitoring for the Print Spooler service that is running on LON-PRODx.

5.

Use the Summary tab in the Failover Cluster Manager to confirm that Print Spooler is now listed
under Monitored Services.

6.

Use the Failover Cluster Manager to review Settings for 20409B-LON-PRODx clustered virtual
machine, and confirm that Protected Network is enabled for Network Adapter.

Task 5: Move a virtual machine between failover cluster nodes


1.

On LON-HOSTx, use the Failover Cluster Manager to confirm that the LON-HAx virtual machine is
running on the LON-HOSTx node.

2.

Use the Failover Cluster Manager to start live migration of LON-HAx to the LON-HOSTy node.

3.

Use the Failover Cluster Manager to confirm that Live Migration is moving LON-HAx, and that after
the move, the virtual machine is running on the LON-HOSTy node.

4.

On LON-HOSTx, use the Windows PowerShell Move-ClusterVirtualMachineRole cmdlet to move


the LON-HAx clustered role back to the LON-HOSTx node by using live migration.

Task 6: Destroy a failover cluster


Note: Perform this task only on LON-HOST1.
1.

On LON-HOST1, remove all clustered roles for the CLUST.Adatum.com failover cluster.

2.

Use the Failover Cluster Manager and click Destroy Cluster to remove the LON-CLUST.Adatum.com
failover cluster.

3.

On LON-HOST1 and LON-HOST2, delete the LON-HAx virtual machine.

Results: After completing this exercise, you should have managed a Hyper-V failover cluster.

Module Review and Takeaways


Review Questions
Question: What must you do if you want support from Microsoft for a Windows Server 2012 R2
failover cluster?
Question: How can you configure anti-affinity for virtual machines that are running in a failover
cluster?

MCT USE ONLY. STUDENT USE PROHIBITED

6-38 Implementing Failover Clustering with Hyper-V

MCT USE ONLY. STUDENT USE PROHIBITED


7-1

Module 7

Installing and Configuring Microsoft System Center 2012 R2


Virtual Machine Manager
Contents:
Module Overview

7-1

Lesson 1: Integrating System Center and Server Virtualization

7-2

Lesson 2: Overview of VMM

7-13

Lesson 3: Installing VMM

7-19

Lesson 4: Adding Hosts and Managing Host Groups

7-28

Lab: Installing and Configuring System Center 2012 R2 Virtual


Machine Manager

7-41

Module Review and Takeaways

7-47

Module Overview

Microsoft provides several built-in tools, such as Hyper-V Manager, that you can use for virtual platform
management. Alternatively, you can use specialized software such as Microsoft System Center 2012 R2
Virtual Machine Manager. Using Virtual Machine Manager (VMM) provides many benefits over built-in
utilities, particularly in enterprise environments with many virtual host servers.
This module explains how to integrate VMM into an existing virtual environment, and how to manage
that virtual environment. System Center 2012 R2 VMM is the successor to System Center 2012 Virtual
Machine Manager, which is a management solution for virtual data centers. By using VMM, you can
consolidate physical servers, provision new virtual machines rapidly, and perform unified management
of virtual infrastructure through one console.
Note: For the purpose of this course, we are referring to all instances of Microsoft System
Center 2012 R2 Virtual Machine Manager as VMM.

Objectives
After completing this module, you will be able to:

Explain how to use different System Center 2012 components for managing a virtual environment.

Describe the key features of VMM.

Explain how to install VMM.

Add virtualization hosts to VMM, and manage virtualization hosts and host groups.

Lesson 1

Integrating System Center and Server Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

7-2 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

In addition to integrating Hyper-V with Windows Server 2012, Microsoft provides hypervisor integration
into several System Center 2012 products, specifically with VMM. Understanding how the System Center
2012 products integrate is an important part of running a highly virtualized data center. In this lesson, you
will learn how VMM and other System Center products work together with the hypervisor.

Lesson Objectives
After completing this lesson, you will be able to:

Provision server virtualization with VMM.

Manage server virtualization by using System Center 2012 R2 App Controller.

Monitor server virtualization by using System Center 2012 R2 Operations Manager.

Integrate System Center 2012 R2 Service Manager.

Automate tasks with System Center 2012 R2 Orchestrator.

Use System Center 2012 R2 Data Protection Manager to help protect a virtualized server deployment.

Use the Windows Azure Pack to provide self-servicing.

Provisioning Server Virtualization with VMM


VMM is a management solution for creating and
managing a virtualized data center. It enables you
to configure and manage your virtualization host,
networking, and storage resources to create and
deploy virtual machines and services to private
clouds.
VMM provides the following features:

Multihost and multivendor virtual machine


management support. You can host your
virtual machines on several hypervisors, such
as Hyper-V on Windows Server 2012, Citrix
XenServer, and VMware ESX servers. All
hardware that these hypervisors support is also supported for VMM virtual machine placement.

Intelligent placement. You can use VMM resources to determine the best available host for a new
virtual machine.

Dynamic optimization. Dynamic optimization enables you to react to alerts sent by Operations
Manager so that you can move virtual machines to other hosts to maintain performance continuity.

Physical-to-virtual machine (P2V) conversion. You can use VMM to convert a physical machine to a
virtual machine.

Microsoft Application Virtualization (App-V) support. You can use this feature to virtualize server
applications.

Live migration. In VMM, you can move virtual machines to different host machines without affecting
users or workloads.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-3

Delegated administration. You can delegate administrative tasks to users, and allow them to create
and manage virtual machines on their own.

Cloud, infrastructure, and services management. You can manage your cloud environment and
services from a single console.

Power optimization. VMM can optimize hosts by moving virtual machines from underused hosts, and
then powering off the host machine.

Microsoft has introduced several new enhancements to VMM in the System Center 2012 R2 release. The
following are available enhanced categories and improvements:

Networking features include:


o

Site-to-site network connections using private IP addresses

Cisco Network Virtualization using Generic Routing Encapsulation

IP Address Management (IPAM) integration, top-of-rack switch integration

Forwarding extensions for HyperV extensible switch work with HyperV network virtualization

Virtual machines and cloud features include:


o

Differencing disks

Live cloning of virtual machines

Online .vhdx resizing

Enhanced support for Windows Server 2012 dynamic memory features

Grant permissions to users for individual clouds

Support for file-based virtual machine customization processes

Leverage of the new HyperV file transfer application programming interface (API) in Windows
Server 2012 R2 to transfer files to guest operating systems

Ability to create Windows-based and Linux-based virtual machines and multiple virtual machine
services, from a template gallery

Faster live migration and support for migration of Windows Server 2012 R2 operating systems

Storage features include:


o

Virtual Fibre Channel support

Management of zones

Support for Windows Offloaded Data Transfers (ODX)

Shared .vhdx support

Provision scale-out file server clusters from bare-metal deployments

Integration of storage with differencing disks optimization and storage spaces files

Services features include:


o

Services on Citrix XenServers

Allowing the script that runs on the first deployed virtual machine to differ from the script that
runs on the other virtual machines in the tier

Infrastructure features include:

MCT USE ONLY. STUDENT USE PROHIBITED

7-4 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

Ability for automatic tasks to resume after virtual machine failover

Expanded computer scope for VMM update management

Management packs updated with new metrics for chargeback purposes based on allocation and
utilization

Additional enhancements include:


o

Support for Windows Server 2012 R2 and Windows 8.1 operating systems

Enhancements to replication and recovery

Addition of direct links to missing prerequisites in setup


Note: By design, P2V conversion is no longer available in System Center 2012 R2 VMM.

Managing Server Virtualization by Using App Controller


You can use App Controller to manage private
clouds that you create with VMM, and public
clouds that are running on the Windows Azure
platform.

App Controller provides role-based views that


administrators can customize for an application
owner. This allows the application owner to
manage services that are deployed into the
private and public clouds. A service is an
instance of an application along with its
associated configuration and virtual infrastructure
that is deployed to the cloud. For example, the
application owner can deploy a service to the private cloud, and can scale the service in or out, depending
on the owners requirements. Additionally, the owner can connect directly to virtual machines in the
private cloud from the App Controller portal.

Benefits of App Controller


System Center 2012 App Controller provides application owners with a self-service experience across
VMM, and gives them a unified view that lets them manage applications and services across private
clouds and Windows Azure. App Controller provides users with the ability to manage application
components in the context of a holistic service.
App Controller provides the self-service component of a solution by enabling application owners to:

Configure, deploy, and manage services through a service-centric interface, while using a library of
standard templates.

Provide self-service application management, visibility, and control across both the Microsoft cloud
services and the various public cloud services (such as Windows Azure).

Create, manage, and move services using a web-based interface that presents a customized view of
resources based on the application owners role in the organization, and enables them to manage
services rather than servers.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-5

View virtual machines, and both private and public cloud services. Control components at each layer,
track jobs, and maintain a detailed history of changes.

App Controller also enables data center administrators to delegate authority to application owners.
Predefined templates ensure compliance with company IT standards and policies. Using App Controller,
data center administrators can create a customized, role-based view of private and public cloud services,
and a consumed and available resources view for application owners. In addition, application owners can
customize all service components, including virtual machines, network resources, and load balancing.

You can also use App Controller to move applications and components within public and private cloud
environments. You can copy Windows Azure configuration, package files, and .vhd files among Windows
Azure subscriptions, and you can copy service templates and resources from one VMM server to another.

Managing Private Clouds

After you connect the App Controller portal to the VMM environment, the business unit clouds, virtual
machines, and libraries become available through the App Controller portal. Private cloud administrators
can create services and service templates from within VMM, and then deploy them to the private cloud.
Business unit IT administrators can then manage and deploy these services and service templates through
the App Controller portal.

App Controller also helps users manage the individual virtual machines that are running within a service.
All of the typical VMM management capabilitiessuch as stopping, starting, mounting an ISO image, and
opening a remote desktop connectionare available to the user. Because the App Controller functionality
is delivered under the context of the service, the user only has access to the resources within it.

Managing Public Clouds

When connecting App Controller to a Windows Azure subscription, you can delegate subscription access
to users through their Active Directory Domain Services (AD DS) credentials. This provides a common
access model across the management of private and public clouds, including the services that are running
in them.
For example, you can manage the development of a service that is running in the Windows Azure
environment while managing a production implementation of a service that is running in your private
cloud environment.
You can also use App Controller to move applications between private and public clouds, and copy
resources such as service templates between VMM servers.

You install App Controller as a separate component. You can choose to host this service on a separate
server, or you can host it together with an existing service such as VMM. In both cases, you should first
ensure that your server meets the system requirements for App Controller. For better performance, you
should install the App Controller server on a separate computer from the VMM management server.

MCT USE ONLY. STUDENT USE PROHIBITED

7-6 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

The following table displays some limits for App Controller. You should be aware of these limits when you
plan App Controller deployment.

App Controller Limits


Measure

Value

Maximum number of objects in a Windows Azure storage directory

900

Maximum number of VMM management servers

Maximum number of Windows Azure subscriptions per user

20

Maximum number of concurrent users

75

Maximum number of jobs that can be run in a 24-hour interval

10,000

Note: App Controller can connect only to System Center 2012 R2 VMM.
The new enhancements introduced with App Controller in System Center 2012 R2 are:

Support for System Center 2012 R2 VMM.

Service Provider Foundation in System Center 2012 R2.

Monitoring Server Virtualization by Using System Center Operations


Manager
You can use Operations Manager to monitor
services, devices, and operations for many
computers from a single console. Administrators
can use Operations Manager to gain immediate
insight into the state of the IT environment and
the IT services that are running across different
systems and workloads. Numerous views show
state, health, performance information, and alerts
generated for availability, performance,
configuration, and security situations.

IT departments today are responsible for ensuring


the performance and availability of critical services
and applications. Therefore, IT departments need to know when there is a problem, identify where the
problem is, and determine what is causing the problem. Ideally, IT does all this before the users of the
applications encounter problems. The more computers and devices in the business, the more challenging
this task becomes. You can use Operations Manager to monitor applications in both the private cloud and
the public cloud. Additionally, you can simultaneously monitor Microsoft platforms and non-Microsoft
platforms such as UNIX, Linux, and VMware.
Operations Manager displays monitored objects that are not healthy. Operations Manager also sends
alerts (such as a short text message or an email) when problems are identified, and provides information
to help you identify the cause of a problem and possible solutions. You can also use Operations Manager
to create reports or dashboards from collected data.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-7

The components for Operations Manager are organized into a management group. Most organizations
have a single management group, although you can have multiple management groups. If you have
multiple management groups, the alerts from one management group can roll up to another
management group. This enables you to centralize monitoring for multiple management groups.

Operations Manager Agents

The most common way to monitor Windows computers or UNIX and Linux computers is by installing
the Operations Manager agent. You install the Operations Manager agent on a computer to facilitate
communication with the management server. After installation, the Operations Manager agent obtains
its configuration from the management server. Only data that is defined by the configuration from the
management server is forwarded to the management server.

Agentless Monitoring

You also can monitor Windows-based computers without installing an agent. This is referred to as
agentless monitoring. The information that you collect by using agentless monitoring may be limited
because some management packs do not work with agentless monitoring. Agentless monitoring also
creates a high load on the management server and is not very scalable. For these reasons, agentless
monitoring is generally not recommended.

Queries for agentless monitoring perform with remote procedure calls (RPCs) that are difficult to
perform through firewalls. When no firewall exists between the management server and the monitored
system, a management server can query the monitored system directly. If there is a firewall between the
management server and the monitored system, then you must configure an agent-managed computer
as a proxy agent. The proxy agent queries the monitored system, and then transfers the data to the
management server.
Microsoft has introduced several new enhancements to Operations Manager in the System Center 2012
R2 release. These enhancements include:

Fabric monitoring. Fabric monitoring is the System Center cloud hybrid monitoring of physical
and virtual layers for hybrid cloud environments. Other enhancements include the Fabric Health
Dashboard, which generates a detailed overview of your private clouds and the fabric that services
those clouds. In each cloud, the Fabric Health Dashboard displays the following information:
o

Host state

Storage pools state, file share, and logical unit number (LUN) state

Network node state

Active alerts

Number of virtual machines

Fabric monitoring also includes the Fabric Monitoring Diagram view, which displays the health states
of the cloud environment and the on-premises environments.

The Microsoft Monitoring Agent. This tool now includes full functionality for the IntelliTrace Collector
tool in Microsoft Visual Studio. You can also use it as a stand-alone tool for collecting application
traces locally.

Integrating Operations Manager with the development processes. There are new alert fields in Team
Foundation Server (TFS) work item IDs, and TFS work item owners.

Conversion of application performance monitoring (APM) for performance events to the


IntelliTrace format. You can open the APM for performance events from the Visual Studio integrated
development environment (IDE), if the performance event was captured during an IntelliTrace
Collector historical debugging session. APM is also integrated tightly with the TFS work item
synchronization management.

MCT USE ONLY. STUDENT USE PROHIBITED

7-8 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

Support for IPv6. You can now accept IPv6 addresses as input for network discovery in the Operations
console.

Java application performance monitoring. You can monitor Java application performance and
exception events using the Operations Manager Application Advisor console.

System Center Advisor. You can use this online service to analyze installations of Windows Server
software.

Integrating Service Manager


Service Manager is a comprehensive IT service
management solution that you can use to add
process-driven automation and self-service
infrastructure provisioning to your private cloud
infrastructure.
To help organizations manage help desks,
Service Manager automates help desk functions
such as ticketing and change request processes.
Service Manager integrates with AD DS, and
with products such as System Center 2012
Configuration Manager, Operations Manager,
and VMM to build a single, reconciled inventory
of an organizations assets.
Service Manager provides several key benefits to organizations, including increased productivity,
reduced costs, swifter problem resolution, and built-in compliance management. Built-in processes in
Service Manager are based on industry best practices such as those found in Information Technology
Infrastructure Library (ITIL) and the Microsoft Operation Framework.

Service Manager comes enabled with process management packs for incident and problem resolution,
service request provisioning, change and release control, and configuration and knowledge management.
Through its integration with other System Center components and key infrastructure services such as
AD DS, Service Manager provides accurate configuration management database population and private
cloud process integration.
By using Service Manager, you can:

Reduce the mean time to resolve issues through user self-service.

Improve private cloud efficiency through centralized management of incident, problem, and change
processes.

Provide self-service deployment of private cloud resources through integration with other System
Center 2012 components.

Implement compliance controls for the management of private cloud infrastructure components.

In Service Manager, you define various types of templates and workflows so that you can automate many
administrative processes. As part of your initial Service Manager configuration, you must configure
settings and workflows for change and activity management.

Change requests are generated typically when the IT infrastructure requires a configuration change to
achieve a desired result. Change requests are also generated to support new technologies, processes, or
applications. Service Manager allows you to collect and process change requests automatically by defining

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-9

workflows and activities that you should perform during the change management process. End users and
administrators can create change requests.
In Service Manager, you use workflows to close completed change requests automatically, and to send
notifications to users when activities require approval. To maintain change requests, you create change
request templates. You can use a workflow to apply these templates automatically. You generally use
change request templates when users submit new change requests. The templates are particularly useful
when you create a change request for a recurring type of issue.
Change request templates allow you to:

Set an issue category, then define a standard priority, effect, and risk level for it in the template.

Create additional templates for other types of recurring change requests.

Include a number of activities in one template. However, any activities that you want to include in a
change request template you must have created previously as activity templates.

Additionally, by using change request templates, users spend less time submitting new change requests.
This is because the request templates store commonly used settings, and then the templates apply these
settings to new change requests. For example, you can create a change request template to modify the
Microsoft Exchange Server infrastructure. You also can create change templates that include an activity
that automatically changes a standard change priority request to Low.
Note: When you create a change request template, do not create links to configuration
items or work items, and do not enter any user information. If you create a template with these
objects, you cannot remove them and you will have to re-create the template.

Manual activity templates help ensure that all manual activities are assigned to the person who is
designated as the activity implementer. After you create the manual activity template, you need to create
a workflow that applies to the template.

Service Manager 2012 R2 fully supports the Windows Server 2012 R2 and Windows 8.1 operating systems.

Automating Tasks with Orchestrator


Orchestrator (formally known as Opalis), is an IT
process automation solution for the private cloud.
You use Orchestrator to automate the creation,
monitoring, and deployment of key resources in
your private cloud environment.

Private cloud administrators perform many critical


daily tasks to ensure that their infrastructure is
highly available and reliable. They also require
the ability to reduce the time it takes to provision
new infrastructure, while providing self-service
capabilities to end users. Additionally, the
administrators must maintain quality standards
and system efficiency. Orchestrator can combine disparate tasks and procedures together by using the
Runbook Designer (formerly known as Opalis Client) to create reliable, flexible, and efficient end-to-end
solutions in the private cloud environment.

By using Orchestrator, you can:

Automate processes in your private cloud, regardless of hardware or platform.

Automate your private cloud operations, and standardize best practices to improve operational
efficiency.

Connect different systems from different vendors without using scripting and programming
languages.

As part of the enhancements in System Center 2012 R2 Orchestrator, you can now install the Service
Management Automation Web service with up to three runbook workers from the Orchestrator setup
program. You can then use these runbooks as part of the Windows Azure Pack for Windows Server, or
you can use the runbooks and conduct other automation tasks using Windows PowerShell cmdlets.

MCT USE ONLY. STUDENT USE PROHIBITED

7-10 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

There are also new and updated integration packs available for System Center 2012 R2 Orchestrator.
System Center Integration Pack for Microsoft SharePoint Server is the new integration pack, while the
updated packs are Windows Azure Integration Pack for Orchestrator, and System Center Integration Pack
for System Center 2012 Virtual Machine Manager.

Using Data Protection Manager to Protect a Server Virtualization


Deployment
Data Protection Manager (DPM) provides diskbased and tape-based data protection and
recovery for servers such as Microsoft SQL Server,
Microsoft Exchange Server, Microsoft SharePoint
Server, virtual servers, file servers, and support for
Windows client operating systems. DPM can also
centrally manage system state and bare-metal
recovery.
By using DPM, you can:

Recover bare-metal servers and desktops


running Windows operating systems. This
allows you to recover servers and desktops
quickly without first installing the operating system.

Back up and recover from disk or tape. Depending on the backup storage type that is available, you
can decide whether you want to store it on disk or in a tape library.

Centrally manage the DPM servers with the DPM Administrator Console. In larger environments,
managing all DPM servers from a central console is particularly beneficial.

Use role-based access permissions to distribute backup and restore management. You can assign
permissions to users that allow them to restore the systems for which they are responsible. The
benefit is that you do not grant them full permissions, so they will not be able to access data that
they do not own.

Perform quick item-level recovery for virtual machines. To recover a specific item (such as a file), you
do not need to recover the entire virtual machine. Instead, you can just recover the particular file.

The following new features and enhancements are available in System Center 2012 R2 DPM:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-11

Windows Azure Backup. You can use this Windows Azure service to back up DPM data in System
Center 2012 R2 to Windows Azure Backup.

SQL Server cluster support. You can use clustered SQL Server nodes in DPM. In System Center 2012
R2, DPM no longer has the limitation that existed in System Center 2012 - DPM and System Center
2012 SP1 DPM. This provides greater reliability, scalability, and consistency. You can also install the
DPM server on the same stand-alone or clustered SQL Server that hosts the DPM database.

Virtualized deployment. With System Center 2012 R2, you can now deploy DPM on a virtual machine,
and you can configure storage using .vhd storage pool disks that are shared in the Virtual Machine
Manager library.

Linux virtual machine backup. DPM now allows for greater protection of Linux virtual machines
beyond previous versions support. DPM also provides for backup of the Linux virtual machines.
However, only file-consistent snapshots are supported for Linux backups. Windows Azure Backup
does not support protection of Linux virtual machines.

Using the Windows Azure Pack for Self-Service Capabilities

Windows Azure customers can now download


and run the Windows Azure Pack for Windows
Server. The Windows Azure Pack is free for
Windows Azure customers. The Windows Azure
Pack increases your private cloud and data
center capabilities with enhanced selfservice,
multitenant features that integrate with the public
Windows Azure cloud. This means that you can
use resources provided by Windows Azure (such
as applications, virtual machines, and SQL Server
databases), along with your private cloud
resources and data centers. For example, you can
replicate SQL Server databases between your data center and Windows Azure backup. This capability can
add to the reliability and survivability of your data. The Windows Azure Pack lets you more easily manage
this type of integration with data centers and private cloud resources.
Windows Azure Pack includes the following capabilities:

Windows Azure Management Portal. The Management Portal is a selfservice portal that lets you
provision, monitor, and manage services. You can customize the portal for tenants.

Service management application programming interface (API). This API uses a Representational state
transfer (REST API that helps a range of integration scenarios from custom portals through billing
systems.

Websites. Windows Azure Pack helps provide high density, scalable, shared web hosting platforms for
Microsoft ASP.NET, PHP: Hypertext Preprocessor (PHP), and Node.js web applications. The Windows
Azure Pack also has a customizable web application gallery of open source web applications, and
integration for source control systems for custom developed applications and for websites.

Virtual machines. The Windows Azure Pack includes a virtual machine service that provides
Infrastructure-as-a-Service (IaaS) capabilities for virtual machines running both Windows operating
systems and Linux operating systems. This service contains a virtual machine template gallery, scaling
options, and virtual networking capabilities.

Service Bus. The Service Bus service delivers reliable messaging services between distributed
applications. This includes queued and topic-based publishing and subscription resources.

Automation and extensibility. The Windows Azure Pack allows you to automate and integrate
additional custom services into the services framework. Custom services include a runbook editor,
and an execution environment.

MCT USE ONLY. STUDENT USE PROHIBITED

7-12 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

You can install the Express option or use a distributed deployment of Windows Azure Pack. Several
components make up the Windows Azure Pack for Windows Server. If you are using the Express version,
all the components can go on one computer. Otherwise, you can distribute the components to up to
seven separate machines. Windows Azure Pack includes the following components:

Management portals and the service management API. The available portals include the portal for
administrators and the portal for tenants.

Website roles:
o

Web Sites Controller

Web Sites REST API

Web Workers

Front End

Publisher

File Server

SQL/MySQL. These are the database services that are included in the Windows Azure Pack.

Virtual machines. Two components are available for tenants to control their virtual machines: VMM,
and the Service Provider Foundation.

Lesson 2

Overview of VMM

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-13

Before you begin a VMM installation, you should carefully plan the integration and deployment in an
existing virtual and physical infrastructure. VMM provides several benefits for business environments and
enhancements for built-in management tools. VMM consists of several components that provide various
features and functionalities, and you need to plan the deployment and integration of each of these
features with the current environment.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the features and functionalities of VMM.

Describe the purpose of fabric management.

Describe the features and benefits of using cloud services.

Describe the service life cycle management.

Describe the VMM architecture.

Introducing VMM
VMM includes several enhancements to the
previous VMM iterations, including enterprise
class performance enhancements. The latest
version of VMM includes simplified provisioning
and migration abilities, support for cloud services
and cloud infrastructure, and enhanced ability
for business units to manage their resources
individually with multitenant cloud infrastructure
improvements. Additionally, System Center 2012
R2 has been extended to allow further
provisioning of on-premises virtual machines
and resources into the Windows Azure cloud
infrastructure.

Enterprise-Class Performance
System Center 2012 R2 supports enterprise-class scale and performance for Windows Server-based
environments. The System Center 2012 R2 version of VMM is key to enabling the virtualization and
management scale. In this version of VMM, a VMM server can support up to 1,000 hosts and 25,000
virtual machines.

Another important VMM enhancement is the Dynamic VHDX resize feature, which enables you to grow a
SCSI virtual disk without any downtime. VMM support for an automated Hyper-V cluster upgrades virtual
machines without downtime, and reduces the time, effort, cost, and downtime required to upgrade from
Windows Server 2012 to Windows Server 2012 R2. You can upgrade Hyper-V clusters automatically using
the Live Migration feature with VMM.

VMM also has many new and enhanced private cloud management capabilities. VMM enables
dynamically allocated memory changes in addition to snapshots of running virtual machines without
downtime. Additionally, VMM includes enhanced support for deploying VMM services to Citrix XenServer

MCT USE ONLY. STUDENT USE PROHIBITED

7-14 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

and VMware ESX hosts. This allows for consistent management of Hyper-V, Citrix XenServer, and ESXbased virtual machines through the VMM console. You can treat ESX and XenServer hosts the same as any
other VMM host.

Simplified Provisioning and Migration

Windows Server 2012 includes improved File and Storage Services, including Storage Spaces. This means
that you can use industry-standard storage that you can manage entirely with server software. You can
also use industry-standard servers as opposed to specialty hardware technologies for your more expensive
infrastructure, for storage, and for disaster recovery. Industry-standard server technologies have advanced
to the same level as specialty hardware technologies, and offers similar performance and capabilities at
a reduced price. Using System Center 2012 R2 VMM, you can support large, company-wide storage
technology infrastructure such as a bare-metal provisioning of scaled out Windows file server clusters,
physical disk discovery, and virtualized storage pools creation.
Another new VMM feature is simplification of cross-data center disaster recovery for virtual machinebased infrastructure services. This is achieved by providing the private cloud abstraction layer in the
source and destination data centers.

Multitenant Cloud Infrastructure

Many organizations want to enhance their data center infrastructure to include increased efficiency, and
have the ability to scale resources quickly. Additionally, organizations want the ability to provide multitenancy with increased IP flexibility, chargeback, and infrastructure standardization. VMM provides greater
support for multitenant environments through support for virtual networks.
Using VMM, you also now have the ability to combine multiple instances of VMM infrastructures with
the sender policy framework (SPF) API. Additionally, the latest VMM version strengthens Microsoft
software-defined network solutions by allowing you to add multitenant edge gateways to bridge your
organizations physical and virtual data centers. This enables you to combine private cloud elements with
certain elements in the public cloud, resulting in better hybrid cloud integration while enhancing mobility
and delivering flexible workloads. VMM also provides for multitenant enhanced chargeback with greater
granular infrastructure metering, and the ability to analyze various business and operational metrics.

Provisioning Windows Azure Infrastructure

VMM is well integrated into the other System Center 2012 R2 products. Combined with those products,
VMM offers a unified set of tools to help you provision and manage virtual machines both on-premises
and in Windows Azure environments. This includes workload portability without requiring format
conversion. By using App Controller, you can migrate on-premises VMM virtual machines into Windows
Azure virtual machines, and then manage those virtual machines from within the App Controller console.

Fabric Management
In VMM 2012 R2, fabric is the infrastructure and
services that you use to manage and deploy hosts,
and that you use to create and deploy virtual
machines and services to both the data center
and the private cloud. This includes:

Host groups

Networking

Storage elements

Pre-Boot Execution Environment (PXE)

Windows Server Update Services (WSUS)


servers

Virtual Machine Manager libraries

VMware ESX and Citrix XenServer servers

The main benefits of using the fabric are:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-15

Aggregate private cloud resources. The goal of the fabric is to aggregate private cloud resources
in meaningful ways that enable you to deploy these resources more easily and comprehensively.
The fabric is a logical manifestation of the networks, storage, and services that will be available as
resources in your cloud environment.

Abstract your networking resources. The fabric combines logical networks with Hyper V virtual
networks to define IP address assignments and route traffic, and set up static addresses for host
servers. The VMM fabric can supply IP addresses by using combinations of IP ranges, media access
control (MAC) address pools, and virtual IP templates. The VMM fabric also provides IP load balancer
support.

Storage. VMM uses the Microsoft Storage Management Service extensively to create this storage
aspect of the fabric. You can automate storage assignments across your public or private cloud,
providing the storage device is supported through the Storage Management Initiative Specification
(SMI-S). Additionally, if you are using Windows Server 2012 R2 with the File Server role and the
Internet small computer system interface (iSCSI) Target Server role enabled, you can attach storage,
create storage pools, create discs and volumes, and create iSCSI disks and targets, which you can then
add into your fabric storage.

Management. The VMM console has a workspace devoted to the fabric that lets you manage the
overall fabric that makes up all of these resources mentioned in this list. In System Center 2012 R2
VMM, the fabric workspace has an additional element entitled Infrastructure. Your VMM
management servers, PXE servers, VMware servers, and library servers are now located in this
Infrastructure.

What Is Cloud Computing?


Cloud computing is the latest technological
evolution in virtual computing technology. Cloud
computing extends virtualization concepts to
make them even more elastic. Cloud computing
increases the accessibility of public and private
clouds to business unit IT teams, and increases
their accountability through features such as the
cost center-based chargeback model for billing.

MCT USE ONLY. STUDENT USE PROHIBITED

7-16 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

The National Institute of Standards and


Technology (NIST) defines cloud computing as a
model for enabling highly available, convenient,
on-demand network access to a shared pool of
configurable computing resources. Using cloud computing, you can rapidly provision and release
computing resources, with minimal management effort or service provider interaction. Cloud computing
resources can include networks, servers, storage, applications, and services.
Cloud computing makes maximum use of the resources that are available in a data center. For example,
an application owner can deploy a developed application to the private cloud infrastructure and the
infrastructure will dynamically adjust resources for the application, scale the application, and enable the
application to migrate across servers based on best resource match.
The benefits of cloud computing include:

Virtualized data center. Cloud computing provides methods to access computing services that are
independent of both your physical location, and the hardware that you use to access it. With cloud
computing, you no longer need to store data or applications on your local computer. The data center
remains a key element when adopting cloud computing; however, cloud computing emphasizes
virtualization technologies that focus on delivering applications rather than supporting the data
center infrastructure.

Reduced operational costs. Cloud computing helps mitigate issues such as low system use,
inconsistent availability, and high operational costs by providing pooled resources, elasticity, and
virtualization technology.

Server consolidation. Cloud computing allows you to host multiple virtual machines on a
virtualization host, which enables you to consolidate servers across a data center.

Improved resilience and agility. With products such as System Center 2012, cloud computing can
reduce costs and improve efficiency.

There are two main types of clouds: the public cloud, and the private cloud:

Public cloud. A public cloud is cloud services infrastructure that is made available to the public or a
large industry group, and is owned by an organization (or service provider) that sells cloud services.
The company that purchases the space on the public cloud, known as the tenant, shares cloud
resources with other organizations. The public cloud exists only off-premises.

Private cloud. A private cloud infrastructure is dedicated to one organization only. The cloud
infrastructure that an organization uses can exist either on-premises or off-premises. A private
cloud may be managed by the organization itself, or by an outside company.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-17

The key difference between a public cloud and a private cloud is the workloads that are running on the
infrastructure:

With public cloud services, the tenant organization has less management overhead than
organizations that use private clouds. This also means, however, that control of the infrastructure and
services is reduced greatly, because the service provider manages the infrastructure and services for
the tenant organization. In addition, the public cloud hosts the infrastructure and services for multiple
organizations (multitenant), which introduces security implications that you need to review.

Private clouds are owned by their respective organizations. The cloud infrastructure is managed and
maintained in the organizations data center. One of the key benefits of this is that the organization
has complete control over the cloud infrastructure and services that it provides. However, the
organization also has the management overhead and costs that are associated with this model.

A hybrid cloud is a cloud infrastructure that combines certain elements from both a public cloud and a
private cloud. For example, you could use Windows Azure virtual machines in your private cloud.

Service Life-Cycle Management


When planning your private cloud infrastructure,
you must know which services are suitable for
cloud computing, and how you will manage
them. For example, some of your business-critical
applications might not be suitable for the private
cloud because of security or budget constraints.
A service can be an application, process, function,
or it can be data. When you implement service
management process automation for your
organization, you should have a standardized and
well-defined process for requesting and managing
private cloud services. Many elements make up a
successful private cloud service, including:

Groups of machines that work together

Machine definitions as well as applications

Supported application types such as:


o

Web Apps (MSDeploy)

Virtual apps (App-V)

Database Apps (SQL DAC)

Implementing and integrating the various private cloud service elements is a complicated process. System
Center 2012 provides you with the necessary tools and services to help you with this process.
To implement your custom-designed service management processes, you can automate the specific
System Center 2012 components to interact with each other. For example, you can configure Service
Manager so that it initiates a workflow that starts an Orchestrator runbook that interacts with VMM
automatically.

You can combine your services into VMM service templates. This allows you to add virtual machine
templates, network configurations, applications, and storage into a single element. For example, suppose
you want to deploy a new virtual machine based on characteristics of an existing virtual machine. While
could clone the existing virtual machine, the cloning process can take several minutes before you can

MCT USE ONLY. STUDENT USE PROHIBITED

7-18 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

deploy it, and a sysprep process typically takes up more time. Instead, you can create a service template
that has that type of virtual machine with its various resources already assigned, and then deploy the
service template to create quickly a virtual machine based on the template.

Typically, providing for service management is a recurring cycle, which is known as service life cycle
management. You can begin service life cycle management by creating the appropriate service template.
You can then use the template to customize a particular virtual machine or application deployment,
and then deploy that service template. If you need to update that service, you can create a new service
template that incorporates those updates. When you create a new service template with the updates, you
will have completed one full life cycle for the initial template. After this point, you would then customize
the deployment, and then deploy the service.

VMM Architecture
VMM is a System Center 2012 component that
offers a management solution for a virtualized
data center. You can use VMM to create and
deploy virtual machines and services to private
clouds by configuring and managing your
virtualization host, networking, and storage
resources. By using VMM, you can discover,
capture, and aggregate information about the
virtualization infrastructure and enable automatic
management of policies and processes. In the
private cloud infrastructure, VMM helps transition
enterprise IT from an infrastructure-focused
deployment model into a service-oriented, user-centric environment.
VMM architecture consists of several different, interrelated components, including:

VMM management server. The VMM management server is the computer on which the VMM service
runs. The VMM management server processes commands and controls communications with the
database, the library server, and the virtual machine hosts. The VMM management server is the hub
of a VMM deployment through which all other VMM components interact and communicate. The
VMM management server also connects to a SQL Server database that stores all VMM configuration
information.

Database. VMM uses a SQL Server database to store the information that you view in the VMM
management console. This information includes managed virtual machines, virtual machine hosts,
virtual machine libraries, jobs, and other virtual machine-related data.

Management console. The management console is a program that you use to connect to a VMM
management server. Through the management console, you can view and manage physical and
virtual resources, including virtual machine hosts, virtual machines, services, and library resources.

Library. A library is a catalog of resources such as virtual hard disks, templates, and profiles, which are
used to deploy virtual machines and services. A library server also hosts shared folders that store filebased resources. The VMM management server is always the default library server, but you can add
additional library servers later.

Command shell. Windows PowerShell is the command-line interface in which you use cmdlets to
perform all available VMM functions. The VMM console is built by using Windows PowerShell. You
can use VMMspecific cmdlets to manage all the actions in a VMM environment.

Lesson 3

Installing VMM
Installing the VMM server and VMM console is a key process in establishing the VMM infrastructure.
You should perform installation procedures for these components based on prior planning.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-19

Before starting to install the VMM server and VMM console, consider the potential issues and
requirements. After completing installation, you will need to perform several post-installation tasks,
such as adding physical hosts, creating and deploying host groups, and ensuring that the configuration
is set appropriately for your organizations goals.

Lesson Objectives
After completing this lesson, you will be able to:

Determine the required topology for a VMM deployment.

Identify the system requirements for installing VMM.

Describe the considerations for implementing a highly available VMM management server.

Describe the requirements for installing VMM.

Explain how to install a VMM management server and a VMM console.

Determining Topology for a VMM Deployment


VMM deployment topology varies according
to each customers needs. Major design factors
include defining administrative boundaries, and
placing the components in a network segment,
site, or geographical zone with sufficient
bandwidth.
When you plan a VMM deployment, you should
consider the following factors:

Number of hosts

Number of branch sites with hosts

Security, administrative groups, and selfservice options that you require

Availability and recovery time that each of the components require

The number of hosts determines the physical or virtual resources that each component server in the
VMM deployment requires. In System Center 2012 SP1 VMM, the scale of a VMM management server
has the capacity to manage 1,000 hosts and 25,000 virtual machines. However, the demand on a single
management server would suggest that you should use multiple VMM instances. You can use App
Controller with five VMM instances. Therefore, in theory, you could manage resources of over 125,000
virtual machines. If your deployment has thousands of hosts, you should consider contacting your
regional Microsoft office for guidance on a personalized deployment to fit your environment.
The number of branch sites with hosts and the wide area network (WAN) links capabilities between the
branches and the VMM management server determines if you should have a single VMM deployment
with multiple Virtual Machine Manager library servers or individual VMM deployments at each branch.

MCT USE ONLY. STUDENT USE PROHIBITED

7-20 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

VMM offers delegated administration and self-service. You can use App Controller, Service Manager,
or your own customized portals to provide self-service to your users. When you determine what type of
VMM deployment is appropriate for your environment, you can then plan a self-service deployment that
is appropriate for the design. For example, App Controller can span five VMM deployments. However,
your security requirements may require you to have an App Controller deployment for each VMM
deployment.

The availability and recovery time for VMM components is also important when determining the
topology for your VMM deployment. VMM is a cluster-aware application that you can configure to be
highly available. SQL Server is cluster-aware, and you can install the Virtual Machine Manager library
server on a Microsoft file server cluster, but not on the same cluster that hosts a clustered VMM instance.
DPM can back up your VMM components and if required, you can locate DPM at a remote site and use it
to restore one or more offsite components.

For the latest information on deployment scenarios, and for the individual component hardware and
software prerequisites for the most current service pack, review the information provided on the Microsoft
TechNet website.
If you are deploying VMM, you should consider that:

The VMM database no longer supports SQL Express. Therefore, you must move your database to a
supported version of SQL Server.

A Windows Deployment Services (Windows DS) server is required for bare-metal deployment of
Hyper-V hosts. A bare-metal deployment refers to deploying a host on a computer that does not have
an operating system.

At least one library server is necessary, but you should consider at least one library for each site that
you will separate with a low-speed WAN link.

You should use WSUS or Configuration Manager for update management.

App Controller has replaced the self-service portal. There is no longer an upgrade path from existing
self-service portals to App Controller.

Operations Manager is required to use VMM reporting, and to leverage Performance and Resource
Optimization (PRO) tips.

Managing VMware ESX and VMware ESXi hosts requires that you integrate VMware vSphere. If you
need more than the maximum number of hosts for business or network reasons, you must have
multiple VMM servers. You can use App Controller to view resources for up to five VMM servers.

Consider which VMM services you will use in your topology and review the associated ports that VMM
uses to communicate between its components. Ensure that firewalls are not blocking ports, and determine
whether the component coexists with another application that these ports review. If you need to amend a
default port, make sure that you update the associated firewall rules.

The following table lists some default ports that you can change during the VMM installation.
Port

Description

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-21

8100

Provides communication with the VMM console

5985

Provides communication with agents on hosts and on library servers

443

Enables file transfers to agents on hosts and on library servers

8102

Provides communication with Windows DS

8101

Provides communication with Windows Preinstallation Environment (Windows PE) agents

8103

Provides communication with the Windows PE agent for time synchronization

VMM System Requirements


Before you can deploy a System Center 2012
VMM solution, you need to ensure that your
system meets a number of prerequisites. Although
Microsoft provides both the minimum and
recommended requirements for VMM, the
requirements that work best for you might vary
depending on your organizations operations,
budget, schedule, time requirements, and other
factors. In addition, remember that System Center
2012 R2 VMM has additional requirements, which
will be covered in a later topic.

System Requirements for a VMM Management Server


The following table describes the hardware requirements for managing up to 150 hosts on a VMM
Management server.
Hardware component

Minimum

Recommended

Processor

Pentium 4, 2 gigahertz
(GHz) (x64)

Dual-processor, 2.8 GHz (x64)


or greater

Random access memory (RAM)

2 gigabyte (GB)

4 GB

Hard disk space (without a local VMM


database)

2 GB

40 GB

Hard disk space (with a local, full version


of SQL Server)

80 GB

150 GB

The following table describes hardware requirements for managing more than 150 hosts.
Hardware component

Minimum

Recommended

MCT USE ONLY. STUDENT USE PROHIBITED

7-22 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

Processor

Pentium 4, 2 GHz (x64)

Dual-processor, 3.6 GHz (x64) or greater

RAM

4 GB

8 GB

Hard disk space

10 GB

50 GB

If you are managing more than 150 hosts, you can enhance performance by separating the VMM
components. For example, rather than using the default library share on the same server as the VMM
server, you can deploy a separate library server. Conversely, you can use a VMM database on a dedicated
computer that is running SQL Server.
The following table describes the software requirements for installing the VMM management server.
Software requirement

Notes

A supported
operating system

Windows Server 2012 Standard or Windows Server 2012 Datacenter


operating system (full installation)

Windows Remote
Management service

Windows Remote Management is included in Windows Server 2012. By


default, Windows Remote Management (formerly known as WSManagement) is set to start automatically.
If the Windows Remote Management is not yet started, setup will display an
error during the prerequisites check. You must start the service before setup
can continue.

Microsoft .NET
Framework 4 or newer

System Center 2012 SP1 requires .NET Framework 4 or newer, which


Windows Server 2012 includes.

Windows Assessment
and Deployment Kit
(Windows ADK) for
Windows 8

Windows ADK is available from the Microsoft Download Center.

Windows Assessment and Deployment Kit (ADK) for Windows 8


http://go.microsoft.com/fwlink/?LinkID=386730
When you install the Windows ADK, select the Deployment Tools and the
Windows Preinstallation Environment features.

System Requirements for VMM Consoles


The following table describes the hardware requirements for managing up to 150 hosts.
Hardware component

Minimum

Recommended

Processor

Pentium 4, 550 megahertz (MHz)

Pentium 4, 1 GHz or greater

RAM

512 megabytes (MB)

1 GB

Hard disk space

512 MB

2 GB

The following table describes the hardware requirements for managing more than 150 hosts.
Hardware component

Minimum

Recommended

Processor

Pentium 4, 1 GHz

Pentium 4, 2 GHz or greater

RAM

1 GB

2 GB

Hard disk space

512 MB

4 GB

The following table describes the software requirements for installing the VMM console.
Software requirement

Notes

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-23

A supported operating
system

See the approved operating systems in the next table

Windows PowerShell 2.0 or


Windows PowerShell 3.0

Windows PowerShell 2.0 is included in Windows Server 2008 R2 and


Windows 7. Windows PowerShell 3.0 is included in Windows Server
2012.

At least .NET Framework 4

On a computer that is running Windows 7, .NET Framework 3.5 with


SP1 is installed by default.
On a computer that is running Windows Server 2008 R2, .NET
Framework 3.5 with SP1 is not installed by default. However, you can
use the VMM Setup Wizard to install the feature.
On a computer that is running Windows 8 or Windows Server 2012,
.NET Framework 4 is included.
.NET Framework 4.5 is available at the Microsoft Visual Studio 2012
download page at http://go.microsoft.com/fwlink/p/?linkId=285269.

The following table lists the supported operating systems on which you can install the Virtual Machine
Manager console.
Operating system

Edition

System architecture

Windows Server 2008 R2 SP1 (full


installation)

Standard, Enterprise, and


Datacenter

x64

Windows 7 SP1

Professional, Enterprise, and


Ultimate

x86 and x64

Windows Server 2012 and Windows


Server 2012 R2

Standard and Datacenter

x64

Windows 8 and 8.1 Client

Standard, Pro, and Enterprise

x86 and x64

You can deploy the VMM console on the same server as the VMM management server, or on another
server or workstation that is running a supported operating system.
To enable integration with App Controller and Operations Manager, you must first install the VMM
console on the other servers that are running System Center 2012. You can integrate VMM with
Orchestrator, and you optionally can install the console on the same server as the Runbook Designer.

Virtual Machine Manager Self-Service Portal


System Center 2012 SP1 and System Center 2012 R2 do not include the optional Virtual Machine
Manager Self-Service Portal. App Controller is now the web component for self-service. (In Module 12,
you will learn more about App Controller planning and deployment.)
Note: It is not possible to upgrade the Virtual Machine Manager Self-Service Portal to App
Controller.

VMM and SQL Server Database

MCT USE ONLY. STUDENT USE PROHIBITED

7-24 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

Prior to System Center 2012 VMM, the SQL Server Express edition was an option during the installation.
However, currently only full versions of SQL Server are supported with VMM.
Note: If you are upgrading from an earlier version of VMM and you use an unsupported
version of SQL Server, first you will need to move the database. To move the VMM database, you
must back up the VMM database, copy it to the computer that is running a supported version of
SQL Server, and then restore the database.
When you are planning the design and placement of your VMM database, you should consider
availability. If you need to install the VMM server as a highly available clustered application, you also
should plan availability for the SQL Server that is hosting the database.

The VMM database can reside on a SQL Server along with other application databases. For example, in
smaller deployments, you could consider hosting the App Controller database and the VMM database on
the same SQL Server. When planning to host multiple application databases, review the prerequisites for
each application.
The VMM database either must be in the same domain as the VMM server, or a two-way trust must be in
place. The SQL Server database server name may not be longer than 15 characters, and must not be case
sensitive.

VMM Database Requirements


The following table lists the SQL Server versions that are supported for use with VMM 2012 SP1.
SQL Server edition

Service pack

Editions

SQL Server 2008 R2 (64-bit)

SP1 or Service Pack 2 (SP2)

Standard, Enterprise, and


Datacenter

SQL Server 2012 Enterprise,


SQL Server 2012 Standard (64-bit)

SP1

All

Considerations for a Highly Available VMM Management Server


The VMM management server runs the VMM
service, which processes all commands and
manages all communication between the VMM
database, the library servers, and the virtual
machine hosts. The VMM server is cluster-aware,
and you can deploy it as highly available if your
virtualization environment is large.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-25

When you are deploying a highly available


VMM management server, ensure that you have
created a domain account for the VMM service.
This account has to have local administrator rights
on every computer where you install the VMM
management server, console, or agent. For security purposes, it is important to use only the VMM
service account for its specifically designated purpose. For example, if you remove the VMM service
accounts from the VMM management server, the VMM service account is also removed from the local
administrators group. You should also be aware that after you install the VMM management server you
cannot change the identity of the VMM service account or move it from a local system account to a
domain account. To move it or change its identity, you would have to uninstall VMM, and then reinstall it.
You can however, retain the VMM database and reattach it upon the reinstallation.
When communicating to multiple VMM components in a highly available environment, you must use
distributed key management to store encryption keys in AD DS so that you do not encounter encryption
errors. Encrypted data is stored locally in the VMM database using the Windows Data Protection API by
default. If you need to move your VMM management server, this encrypted data will not be copied over.
However, if you use distributed key management and store the keys in AD DS, this encryption data will be
accessible even if you move the VMM management server.
Note that before you install VMM, you must prepare AD DS to store encryption keys. You must create
a container in AD DS with a Lightweight Directory Access Protocol (LDAP) distinguished name. The user
account installing VMM must have Full Control access to this container, to the This object container, and
all descended objects of the container.
Whenever possible, try to use a highly available installation of SQL Server that is installed on a separate
failover cluster from the failover cluster on which you are installing the VMM management server.

When you are planning a VMM deployment, keep in mind that App Controller can connect to multiple
VMM management servers. This can be useful when you deploy multiple management servers, as it
enables you to reduce traffic between branch office hosts and a centralized management server.
Note: If you deploy a highly available (clustered) management server, keep in mind that
you cannot install the Virtual Machine Manager library share as a clustered share on the same
server on which the management servers reside.
Note: When you are naming the VMM management server, the computer name cannot
contain the character string SCVMM. For example, you cannot name the server ADATUMSCVMM-01, but you can name it ADATUMSCVMMM01.

Requirements for Installing System Center 2012 R2 VMM


The additional requirements for installing System
Center 2012 R2 VMM focus on the operating
systems on which the various server components
can run, and what SQL Server version can store
the database. The following table lists the
operating system requirements for VMM.

System Center
2012 R2 serverside component

Windows
Server 2008
R2

Windows
Server 2008
R2 with SP1

VMM
management
server

Windows
Server 2012
Standard,
Windows
Server 2012
Datacenter

Windows Server 2012


Datacenter, Windows Server
2012 R2 Preview, and
Windows Server 2012 R2
Standard

VMM PXE server

VMM update
server

Virtual Machine
Manager library

VMM virtual
machine hosts

The following table lists the SQL Server requirements for VMM.
System Center
2012 R2
component
VMM database
server

SQL Server
2008 R2 SP1
Standard, SQL
Server 2008
Datacenter

SQL Server 2008


R2 SP2 Standard,
Datacenter

SQL Server 2012


Enterprise,
Standard (64-bit)

MCT USE ONLY. STUDENT USE PROHIBITED

7-26 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

SQL Server 2012 SP1


Enterprise, Standard
(64-bit)

Some System Center 2012 R2 components such as the DPM management server, the Operations Manager
management server, the Service Manager management server, and the Service Manager data warehouse
management server do not work correctly if they are combined on the same server. Other components
including App Controller, Orchestrator, and VMM can run together on the same computer without issues.
Keep this in mind when deploying VMM and other System Center 2012 R2 components.

Demonstration: Installing the VMM Management Server and VMM


Console

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-27

In this demonstration, you will see how to install the VMM management server and the VMM console.

Demonstration Steps
1.

Sign in to LON-VMM1 as Adatum\administrator with a password of Pa$$w0rd.

2.

Check the VMM management server prerequisites by examining the Local Server page in Server
Manager on LON-VMM1. Review the locations to get this information.

3.

Sign in to the SQL Server Management Studio and review where to find SQL Server version
information.

4.

Navigate to the CD ROM drive, and then run the setup.exe file, which will open the Microsoft System
Center 2012 R2 Installation splash screen.

5.

In the Microsoft System Center 2012 Virtual Machine Setup Wizard, install VMM, and configure the
options as follows:
o

Select features to install:

VMM management server

VMM console

Product registration information page:

Name: Administrator

Organization: A. Datum, Inc.

Product key: Leave blank

On the Customer Experience Improvement Program (CEIP) page, click No, I am not willing
to participate.

On the Microsoft Update page, click Off.

On the Installation location page, accept the default settings.

On the Database configuration page, use the following settings:

Server name: accept default

Instance name: MSSQLSERVER

Database name: VirtualManagerDB

On the Configure service account and distributed key management page, use the following
settings:

User name and domain: ADATUM\SCService

Password: Pa$$w0rd

On the Port configuration page, accept the default settings.

On the Library configuration page, set the shared folder location to C:\ProgramData
\Virtual Machine Manager Library Files, and set the Share name to MSSCVMMLibrary.

6.

After the installation finishes, close the splash screen and launch the VMM console.

7.

On the Connect to page, accept the default settings.

8.

Close the VMM console, and sign out of LON-VMM1.

Lesson 4

Adding Hosts and Managing Host Groups

MCT USE ONLY. STUDENT USE PROHIBITED

7-28 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

Using a Hyper-V server to manage multiple virtual machines offers several advantages. The Hyper-V
Manager console becomes the single, central location to conduct all virtual machine configuration and
management. You can then add the Hyper-V host to VMM along with other hosts, and create host groups
to further centralize your administrative and management oversight. You can then add selected hosts to
these groups. When you need to manage several hosts (but not all) in a particular manner, you can set
distinct properties for host groups, which simultaneously configures all the hosts belonging to that host
group.

Lesson Objectives
After completing this lesson, you will be able to:

Describe the VMM console.

Describe the considerations for adding Hyper-V virtualization resources.

Explain how to add Citrix XenServer and VMware vSphere virtualization resources.

Explain how to add a Hyper-V virtualization host to VMM.

Describe the purpose and functionality of host groups.

Explain how to manage host groups.

Deploy Hyper-V hosts to bare-metal computers.

Demonstration: Using the VMM Console


In this demonstration, you will see how to use the VMM console.

Demonstration Steps
1.

Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.

2.

On the desktop, open the Connect to Server page, and review the parameters on the page. Note the
example of testing out User Role assignments.

3.

On the desktop, connect to the Virtual Machine Manager console.

4.

The Virtual Machine Manager console opens. Note that the Virtual Machine Manager console always
comes up at node it was in when you last closed it. The main areas of the console are as follows:

5.

Lower left, Workspace. There are five main workspaces: VMs and Services, Fabric, Library, Jobs,
and Settings. Review each main workspace.

Named workspace Console tree: Review the various named console trees,

Details panes: Review the details panes, and what is included in them, depending on the
workspace item selected.

Ribbon. Note that System Center 2012 products all have a ribbon at the top of their respective
consoles. Note how the tabs and items on the ribbon change depending on what workspace item
has been selected.

In the Library workspace, on the ribbon, click the Create Service Template item on the ribbon.
This lets you create a new service template. Note the View Script button, and see how it brings up
Notepad with Windows PowerShell cmdlets that can be used to create the same item that the user

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-29

interface can create. These cmdlets can be saved as a Windows PowerShell script and is a very useful
tool. Notice that the Create items in the Virtual Machine Manager console will have a View Script
button.
6.

In the Settings workspace, select the Run As Accounts item.

7.

Close the Virtual Machine Manager console, and sign of off LON-VMM1.

Considerations for Adding Hyper-V Virtualization Resources


For VMM to manage a Hyper-V virtualization
host, you must deploy the VMM software to
the host by using the Add hosts function in the
VMM console. In the case of a host in a perimeter
network, you deploy the agent software manually,
and then add the host in the VMM console.
To deploy a Hyper-V host in a trusted domain:
1.

Open the Virtual Machine Manager console,


click the VMs and Services workspace, from
the ribbon click Add Resources, and then
click Hyper-V Hosts and Clusters.

2.

On the Resource location page, click Windows Server computers in a trusted Active Directory
domain, and then click Next.

3.

On the Credentials page, choose to either use a Run As account (an account already configured with
domain privileges) or manually enter credentials of an account with privileges to install the agent on
the host server, and then click Next.

4.

On the Discovery Scope page, you can either specify computer names by entering them on separate
lines in the Computer name text box, or you can click Specify an Active Directory query to search
for Windows Server computers, type a query, and then click Next.

5.

On the Target resources page, you can click each host or click Select all, and then click Next. A
dialog box will prompt you that you are about to enable the Hyper-V role on any servers as part of
the process. If you choose to enable the role, the servers will reboot during the process. You can click
OK to close the dialog box.

6.

On the Host settings page, you can assign the host or hosts to a Host group. A later section of
this module details host groups. Additionally, if you have multiple VMM servers, and another VMM
environment currently is managing your host, you can reassociate the host with this environment by
clicking Reassociate. You also can assign default placement paths, which is the location in which the
Windows operating system will store new or migrated Hyper-V virtual machine files. Additionally, you
can assign these paths after you add the host, and then click Next.

7.

On the Summary page, confirm the settings, and then click OK.

8.

In the Jobs window, you can review the progress of the agent deployments.

When you add a host in a perimeter network, you install the agent from the VMM installation media,
which will prompt you to generate an encryption key file and assign a password. You must remember
the password, and as a best practice, you should copy the generated file to somewhere secure on the
VMM server so that you can access it. When adding a host, on the Target resources page, you enter the
password in the Encryption key text box, and then provide the location of the encryption key file.

Note: By default, the VMM management server uses port 5986 for agent communication
with hosts in a perimeter network, and port 443 for file transfers.

MCT USE ONLY. STUDENT USE PROHIBITED

7-30 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

The DHCPv4 Server Switch Extension is a new feature in System Center 2012 R2 VMM. You can use this
extension to assign custom addresses through Dynamic Host Configuration Protocol (DHCP) or you can
continue to use static IP addresses as was previously required. When you create IP address pools for a
virtual machine subnet, the pool is enabled automatically to provide IP addresses by either mechanism.
For DHCP to work correctly, the new DHCPv4 server switch extension is required on all Windows Server
2012 Hyper-V hosts.
For Hyper-V hosts running Windows 2012 or Windows Server 2012 R2, VMM offers support for online
resizing of .vhdx disks while the disks are in use. This supports the Hyper-V online resizing feature.

Adding Citrix XenServer and VMware vSphere Virtualization Resources


You also can use VMM to manage VMware ESX
and VMware ESXi hosts, and to manage Citrix
XenServer hosts. The steps for adding other
vendor hosts are similar to the steps for Hyper-V
hosts provided your environment meets the
prerequisites for adding each type. Before you
can add a VMware host to VMM, you must have
a VMware vCenter server, and configure VMM
to connect to it. Before you can add a Citrix
XenServer host, you need to add the Citrix
XenServer - Microsoft System Center Integration
Pack to the host.
When VMM manages Citrix XenServer hosts, the features in the following table are supported.
Feature

Details

Adding Citrix XenServer


hosts and pools

You can add stand-alone Citrix XenServer hosts and clusters or pools
to the VMM management server. You must install and configure Citrix
XenServer before you add the hosts. You must create and configure
the Citrix XenServer pools in Citrix XenCenter.

Conversion

Use the P2V conversion process to convert a Citrix XenServerbased


virtual machine to a Hyper-V virtual machine. The Citrix Tools for
Virtual Machines can remain on the virtual machine. However, VMM
2012 only supports Citrix XenServer virtual machines that are running
Windows guest operating systems.

Dynamic optimization and


power optimization

The Dynamic Optimization feature is available for Citrix XenServer


hosts in VMM. You can use the Live Migration feature to load-balance
virtual machines on Citrix XenServer host clusters. You can turn Citrix
XenServer hosts on and off with the Power Optimization feature.

Library

You can use VMM to organize and store Citrix XenServer virtual
machines, templates, and virtual hard disk files in the Virtual Machine
Manager library. When storing Citrix XenServer .vhd and .vhdx files in
the Virtual Machine Manager library, open the files properties, and on
the General page, change the Virtualization platform to Citrix
XenServer server.

Feature

Details

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-31

Maintenance mode

You can move Citrix XenServer hosts in and out of maintenance mode from
the Virtual Machine Manager console.

Migration

VMM 2012 supports the following VMware transfer types:


o Live migration between hosts in a managed pool using Citrix
XenMotion.
o

LAN Migration between a Citrix XenServer host in the library using


Background Intelligent Transfer Service (BITS).

Use TransferVM for each virtual hard disk.


Networking

The new VMM network management features are supported on Citrix


XenServer hosts. Use Citrix XenServer XenCenter to create external virtual
networks. VMM will recognize and use any existing external networks from
Citrix XenServer. You should be aware that: a single virtual switch represents
all Citrix XenServer switches with different virtual local area network (VLAN)
IDs bound to a single physical network adapter.

PRO

You can monitor and provide alerts for Citrix XenServer hosts by integrating
Operations Manager with PRO.

Placement

When you create Citrix XenServer virtual machines, VMM uses virtual machine
placement on host ratings in the same manner as it does for Hyper-V virtual
machines.

Private clouds

Citrix XenServer host resources can be used by private clouds simply by


creating a private cloud from host groups wherever Citrix XenServer hosts
reside. You can configure quotas, and apply self-service user roles to these
clouds without distinction between the different host types.

Services

You can deploy VMM services to Citrix XenServer hosts.

Storage

VMM 2012 supports several Citrix XenServer storage repositories, as follows:


o Software iSCSI, network file system (NFS) virtual hard disks, hardwarebased host bus adapters, and Citrix StorageLink technology
o

ISO repositories on an NFS where Windows File Sharing/Common


Internet File System (CIFS) share with these conditions:

ISO images deployed from the Virtual Machine Manager library to


the Citrix XenServer host must have their permissions set on the
ISO repository to Read /Write.
ISO images can only be attached from the Virtual Machine
Manager library.
o

Shared and local storage

Note: New VMM storage automation features are not supported for
Citrix XenServer hosts.

Feature
Virtual machine
management

Details
Paravirtual and hardware-assisted virtualization virtual machines are
supported in VMM with the following conditions:
o Hardware-assisted virtualization virtual machines can only run
Windows-based operating systems.

MCT USE ONLY. STUDENT USE PROHIBITED

7-32 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

Creating new virtual machines with the VMM console only creates
hardware-assisted virtualization virtual machines.

To create virtual machines with paravirtual properties, you first must


clone a virtual machine with paravirtual properties to the library, and
then you can deploy the virtual machine. You cannot create virtual
machines with paravirtual properties by using the New Virtual
Machine Wizard from any existing hard disk.

Similar to any other virtual machine, you can start, stop, save state, pause,
and shut down Citrix XenServer host-based virtual machines from the VMM
console.
VMM templates

You can create Citrix XenServer templates with the following restrictions:
o Generalization and customization can occur on Windows-based
virtual machines only.
o

You must install Citrix Tools for Virtual Machines manually.

VMM virtual machine templates created from Citrix XenServer virtual


machines cannot have any associated disk images modified. You can
modify all other properties.

XenServer templates

VMM does not use Citrix XenServer templates. However, you can, use Citrix
XenCenter to create a virtual machine, and then make a VMM template
from that virtual machine.

VMM command shell

The VMM command shell features work across all hypervisors.

The following features are supported when VMM manages VMware ESX hosts through vCenter Server.
Feature

Details

Conversion

This describes the virtualto-virtual (V2V) machine conversion process to


convert a VMware-based virtual machine to a Hyper-V virtual machine. You
cannot perform a V2V conversion if the virtual hard disk is on an IDE bus.

Dynamic
Optimization &
Power Optimization

The Dynamic Optimization feature is available for VMware ESX hosts in VMM
2012. You can use the Live Migration feature to load-balance virtual machines
on VMware ESX host clusters. You can turn VMware ESX hosts on and off with
Power Optimization.

Library

You can use VMM to organize and store VMware virtual machines, VMware
templates, and .vmdk hard disk files in the Virtual Machine Manager library.
You should be aware that VMM does not support older .vmdk file types. The
only types that are supported are those .vmdk files that are stored as VMwares
Virtual Machine File System, and monolithicFlat.

Maintenance mode

VMware ESX hosts can be put in and out of maintenance mode from the VMM
console.

Feature
Migration

Details
VMM 2012 supports the following VMware transfer types:
o Live migration between hosts in a cluster using VMware vSphere
vMotion
o

Live Storage Migration using Storage VMware vSphere vMotion

Supported VMM transfer types:


o Network migration to and from the library
o
Networking

Network migration between hosts

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-33

VMM supports VMware standard vSwitches, VMware distributed vSwitches,


and port groups. You must make all vSwitches and port group configurations
through the VMware vCenter server. In addition, VMware ESX hosts support
the new VMM network management features.
Note: Port groups are not created automatically. Use VMware vCenter
server to configure port groups with the necessary VLANs that correspond to
VMM logical network sites.

PRO

You can monitor and provide alerts for VMware ESX hosts by integrating
Operations Manager with PRO.

Placement

When you create VMware virtual machines, VMM uses virtual machine
placement on host ratings in the same manner as it does for Hyper-V virtual
machines.

Private clouds

VMware ESX host resources can be used by private clouds simply by creating a
private cloud from host groups wherever VMware ESX hosts reside, or by using
a VMware resource pool. You can configure quotas and apply self-service user
roles to these clouds without distinction between the different host types.
However, you should be aware that VMM does not integrate with VMware
vCloud.

Services

You can deploy VMM 2012 services to VMware ESX hosts. However, you
cannot use VMM to deploy VMware vApps.

Storage

VMM 2012 supports the following VMware storage technologies:


o VMware Paravirtual SCSI storage adapters
o

VMware thin-provision virtual hard disks using the dynamic disk type
with the following conditions:
Creating and deploying virtual machines with a dynamic disk to
VMware ESX hosts actually creates the disk as a thin-provisioned
disk.

A virtual machine with a thin provisioned disk created out of band


has that disk displayed as a dynamic disk in the VMM console.
Thin-provisioned disks that are saved to the Virtual Machine
Manager library are converted to a fixed-thick disk.
o

Hot add and hot removal of VMware virtual machines virtual hard disks

VMM storage automation features are not supported for ESX hosts.

Feature

Details

MCT USE ONLY. STUDENT USE PROHIBITED

7-34 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

Templates

You can create templates using .vmdk files that are stored in the library, and
you can import templates stored on VMware ESX hosts. Importing templates
from the VMware vCenter server only imports template metadata, and not the
.vmdk file itself.

VMM command
shell

The VMM command shell works across all hypervisors.

Consider security requirements before you add other vendor hosts to your network. For example, you
must decide how to implement certificates for virtualization hosts, and you may want to determine how
to use a Run As account.
System Requirements: VMware ESX Hosts
http://go.microsoft.com/fwlink/p/?linkId=285337
System Requirements: Citrix XenServer Hosts
http://go.microsoft.com/fwlink/p/?linkId=285261

Demonstration: Adding a Hyper-V Virtualization Host to VMM


In this demonstration, you will see how to add a Hyper-V host to a VMM installation.

Demonstration Steps
1.

Sign in to LON-DC1 as adatum\administrator with a password of Pa$$w0rd.

2.

In the Group Policy Management Editor, open the Default Domain Policy. Apply the following
settings to the domain policy located at: Computer Configuration, Administrative Templates
\Network\Network Connections\Windows Firewall\Domain Profile.
a.

In the Windows Firewall: Allow inbound file and printer sharing exception dialog box, click
Enabled, in the Options text box, type an asterisk (*), which indicates all IP addresses.

b.

In the Windows Firewall: Allow ICMP exceptions dialog box, click Enabled, and then in the
Options area, select the Allow inbound echo request check box.

c.

In the Windows Firewall: Define inbound port exceptions dialog box, click Enabled, in the
Options section, click Show, and under Value, type 5985.

3.

In the Group Policy Management Editor, navigate to Administrative Templates\Windows


Components\Windows Remote Management (WinRM)\WinRM Service.

4.

In the Allow remote server management through WinRM section, click Enabled. In Options, in
both the IPv4 and IPv6 text boxes, type an asterisk (*).

5.

Close the Group Policy Management Editor.

6.

On both the LON-HOST1 and LON-HOST2 physical machines, update group policy with the
gpupdate.exe /force cmdlets.

7.

Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.

8.

Open the Virtual Machine Manager console, and add LON-HOST1 as a Hyper-V server to the All
Hosts node in VMs and Services, using the following parameters:
a.

Resource Location page: Windows Server computers in a trusted Active Directory

b.

c.

Credentials page: Manually enter the credentials.

User name: ADATUM\Administrator

Password Pa$$w0rd

Discovery Scope page: Specify Windows Server computers by names.

9.

Computer names: lon-host1.adatum.com

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-35

d.

Target resources page: Discovered computers: check lon-host1.adatum.com

e.

Host Settings page: All Hosts

f.

Summary page: View Script, save script in the documents library as AddHost.ps1 (ensure the
All Files (*.*) type is selected).

Observe that LON-HOST1 now displays in the VMs and Services console tree. Select it and review the
details pane showing all the virtual machines from the host that now display. Review all the different
management tasks that you can run on the virtual machines.

10. In Windows PowerShell, navigate to the documents folder and then use Notepad to open
AddHost.ps1.

11. In Notepad, examine the script by reviewing all of the different cmdlets and text. Note the two
variables that are created and the cmdlets they are based on. Note the Add-SCVMHost cmdlets and
the various parameters that it calls. Check if there is anything on this line that needs to be changed.
The answer should be just the -ComputerName parameter to identify lon-host2 rather than
lon-host1 as is written. Go ahead and make this change, and save the file.
12. Close Notepad.
13. Run the Windows PowerShell script that you just saved, by typing ./addhost.ps1. Use the
ADATUM\administrator credentials.
14. Wait for Windows PowerShell to display parameters and values in columnar form.
15. Close Windows PowerShell.

16. In the Virtual Machine Manager console, in the VMs and Services console tree, under All Hosts,
notice that LON-HOST2 now displays. Click Lon-host2, and note that no virtual machines have been
assigned to this host. This verifies that the Windows PowerShell script worked. Remember that the
Virtual Machine Manager console is built on Windows PowerShell, and therefore things you do in the
console are run in Windows PowerShell at the lower level.
17. With LON-HOST2 still selected, on the ribbon, click the Folder tab, and then click Properties.

18. Take a few moments to review each of the pages in the lon-host2.adatum.com Properties dialog
box.
19. Close the Properties dialog box, close all open windows, and sign off of LON-VMM1.

What Are Host Groups?


You can use host groups to organize and
manage your servers, which makes it easier to
apply management settings at a group level. All
servers reside in the default host group called All
Hosts, unless you specify another location.
Host groups may be nested. Therefore, unless you
clear the inherited parent host group settings, the
parent groups settings will apply to the hosted
group. You can make this change in the Properties
page of the selected child object.

MCT USE ONLY. STUDENT USE PROHIBITED

7-36 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

You can create host groups by clicking the VMs


and Services workspace, then right-clicking in the
Navigation pane, and then clicking Create Host Group. The default host group is called All Hosts. To edit
host group properties, right-click a host group, and then click Properties. From the Host group Properties,
General page, you can edit the following settings:

Name of the group

Location of (move) the group

Provide a group description

Allow unencrypted files transfers to the group

Placement Rules

By default, a host group uses the placement setting from the parent host group. If you opt to configure
custom placement rules at the individual group level, you can block inheritance by modifying the parent
host-group setting.

On the Placement Rules page of the host group properties, you can assign custom placement rules. For
example, you can assign custom values to hosts and virtual machines that will determine placement based
upon criteria, including one of the following criteria:

The virtual machine must match the host

The virtual machine should match the host

The virtual machine must not match the host

The virtual machine should not match the host

Host Reserves

Host reserves are placement settings that enable the host system to retain resources for its own use. This
is useful when a Hyper-V host has additional services running, such as in a branch office where you have
configured a Virtual Machine Manager library.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-37

The following table details how you can set or override the following host reserves at the individual host
level.
Resource

Notes

CPU

You can set CPU as a percentage. The default percentage value is 10. However, 10
percent of one dual-core processor that is running at 2 GHz is not the same as 10
percent of four six-core processors that are running at 2.8 GHz.

Memory

The default is memory value is 256 MB, but you can change this or set this as a
percentage.

Disk I/O

The default value is 0, but you can set this as a percentage. You may wish to ensure
a minimal amount of disk I/O is reserved if you are using a host as a Virtual
Machine Manager library.

Disk space

You can set disk space as a numeric value or percentage.

Network I/O

The default value is 0, but you can set this as a percentage. You may wish to ensure
a minimal amount of network I/O is reserved if you are using a host as a Virtual
Machine Manager library.

Dynamic Optimization

Dynamic Optimization enables VMM to balance the virtual machine loads automatically within a host
cluster. By defining minimum resource thresholds for hosts, VMM migrates the virtual machine to
alternative hosts if available resources fall below those assigned thresholds.
The following table lists the thresholds that you can set.
Resource

Notes

CPU

Default is 30 percent

Memory

Default is 512 MB

Disk I/O

Default is 0

Disk space

Set as a numeric value or percentage

Network I/O

Default is 0

Note that these settings will impact all hosts within the host group.

In addition to workload balancing, VMM also can invoke power optimization. You can enable power
optimization by selecting Settings under the Power Optimization section of the Dynamic Optimization
page.

Power Optimization Prerequisites

To enable power management, you must have a baseboard management controller that support one of
the following out-of-band management protocols:

Intelligent Platform Management Interface versions 1.5 or 2.0

Data Center Manageability Interface version 1.0

Systems Management Architecture for Server Hardware version 1.0 over Web Services for
Management (WS-Management)

Network
The network page defaults to inheriting network logical resources from the parent host group. You
can clear these settings and assign different resource types including IP pools, load balancers, logical
networks, and MAC pools.

Storage

MCT USE ONLY. STUDENT USE PROHIBITED

7-38 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

Storage capacity for the host group includes storage allocated to the parent host groups. Here you can
allocate storage pools and logical units, if they exist.

Custom Properties
You can assign and manage custom properties here. The Manage Custom Properties button lets you
select various object types, and the Create button allows you to create custom properties.

Demonstration: Managing Host Groups


In this demonstration, you will see how to manage host groups.

Demonstration Steps
1.

Sign in to LON-VMM1 as adatum\administrator with a password of Pa$$w0rd.

2.

In the Virtual Machine Manager console, in the VMs and Services console tree, create a new host
group, and name it LocalGroup.

3.

Using the ribbon, move LON-HOST1 into the group.

4.

Using the context menu, move LON-HOST2 into the group.

5.

Review the LocalGroup Properties dialog box, and note all the various options on each page. Click
Cancel when done.

6.

Close the Virtual Machine Manager console, and sign off from LON-VMM1.

Deploying Hyper-V Hosts to Bare-Metal Computers


When an organization acquires a new physical
server, typically you perform a series of tasks to
configure and prepare the server prior to using it.
For example, you would install a server operating
system, configure that servers storage and
networking, configure roles and features, and
provide security hardening. You would then test
everything to make sure it all worked correctly,
and if it did, only then would you start using it.

Usually, administrators must complete these tasks


manually. However, you can now avoid this by
deploying a Hyper-V host with virtual machines,
and by using the various VMM technologies to configure bare-metal computers. (For this course, a baremetal computer refers to a server, usually new, with no operating system installed.) Therefore, instead of
having to perform manually all the steps described earlier, you can now deploy the Windows Server 2012
R2 operating system with the Hyper-V role installed, and add it automatically as a physical host to VMM.

To do this, your infrastructure must meet a number of prerequisites:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-39

The physical computers must be configured correctly and be able to run the Hyper-V role (such as
64-bit processors, and virtualization technologies). In addition, a PXE server must exist and you must
add it to VMM management. You can do this by deploying the Windows DS role on any supported
operating system, which is most any Windows Server 2008 R2 or newer domain member server. Your
Windows DS server can continue to deploy various operating systems as always, because VMM will
only respond to requests from computers that you designate as new virtual machine hosts in VMM.

You must set the bare-metal computers BIOS or Extensible Firmware Interface (EFI) boot order to
boot first from a PXE-enabled network adapter.

Baseboard management controllers (BMCs) must have logon credentials and an IP address assigned,
either statically or through DHCP, and the BMC's network segment must be accessible to the VMM
management server. This will allow the outofband management to discover the physical
computers.

You must create a host profile, and any needed driver files must be in the Virtual Machine Manager
library.

If you are assigning static IP addresses to the hosts, then you must obtain the network adapter MAC
address of those hosts that you will use for management. This adapter will be used to communicate
with the VMM management server. If the hosts have multiple network adapters and locally attached
storage, you should collect this information, such as the MAC addresses of the adapters and the sizes
of the disks, before you begin the deployment. However, if you are running System Center 2012 SP1
VMM or System Center 2012 R2 VMM, you can use the process for discovering physical computers to
create as physical hosts known as deep discovery to view this information during the deployment.

If you wish to use a Run As account to launch the deployment process, the account must have
permissions to access the BMCs.

If you have multiple Domain Name System (DNS) servers that take time to replicate information, you
can create DNS host records for the computer names that will be assigned to the hosts, and allow this
information to replicate to all the DNS servers.

You start the process to deploy the Hyper-V host to bare-metal computers in the Fabric workspace on the
Virtual Machine Manager console, using the following procedures:
1.

In the Fabric console tree, click Servers.

2.

On the home tab of the ribbon, click the Add Resources drop-down list box, and then click Hyper-V
Hosts and Clusters.

3.

In the Add Resource Wizard, on the Resource location page, select the radio button for Physical
computers to be provisioned as virtual machine hosts.
Note: This step will fail if you do not have any host profiles.

4.

On the Credentials and protocol page, if you have created a Run As account, you can click the
Browse button, and find it here. There is also the option to Create Run As Account. In the Protocol
area, you can select the out-of-band management protocol: you can use either the Intelligent
Platform Management interface (which includes the Data Center Management interface), or you
can use the Systems Management Architecture for Server Hardware (SMASH).

MCT USE ONLY. STUDENT USE PROHIBITED

7-40 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

5.

On the Discovery scope page, type the IP address scope that includes the BMCs IP addresses.
You can also specify a single IP address. If you use the subnet or range of IP addresses, the Target
resources page will display all the discovered computers for those addresses. Each computer has a
check box next to it; select the check boxes of the computers that you wish to convert to a Hyper-V
host.

6.

On the Provisioning options page, you can select the host group to which to assign the Hyper-V
host, regardless of whether the Hyper-V hosts will use DHCP or static addresses. You do this by using
the appropriate host profile. If you are running System Center 2012 SP1 VMM or System Center 2012
R2 VMM, when you select the check box next to a computer name, the system runs deep discovery.
You must allow time for this process to occur.

7.

On the Deployment customization page, the options will vary based on the host profile you
previously selected.

8.

On the Summary page, click Finish to deploy the bare metal computers as Hyper-V hosts. This will
also place them as physical hosts that are controlled by the VMM management server.

Lab: Installing and Configuring System Center 2012 R2


Virtual Machine Manager
Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-41

The first phase of the virtualization project was very successful, and A. Datum Corporation is starting
to implement a Hyper-V virtualization platform in the remaining three subsidiaries and in the main
data center. As part of the second phase of the project, A. Datum also wants to implement a better
management solution that will enable administrators to manage the entire virtualization environment
from a single management interface. Administrators in the main office require a management tool to
manage the entire infrastructure, whereas administrators in each of the subsidiaries only need to manage
the servers and other components located within their data center.
A. Datum has decided to implement System Center 2012 R2 VMM to manage their virtualization
infrastructure. You need to deploy the VMM server components and add the existing Hyper-V hosts
to the environment. You also need to ensure that you configure the environment in such a way that
administrators in each subsidiary can manage the virtualization hosts at their location.

Objectives
After completing this lab, you will be able to:

Install and configure VMM, including managing VMM from a remote host.

Configure and manage hosts and host groups in System Center VMM.

Lab Setup
Estimated Time: 45 Minutes

Virtual machines: 20409B-LON-HOST1, 20409B-LON-HOST2, 20409B-LON-DC1, 20409B-LON-VMM1, and


20409B-LON-CL1
User name: Adatum\Administrator
Password: Pa$$w0rd

For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1.

Start both 20409B-LON-HOST1 and 20409B-LON-HOST2.

2.

Sign in to the LON-HOST1 and LON-HOST2 computers as Adatum\Administrator with the password
of Pa$$w0rd.

3.

On LON-HOST1 and LON-HOST2, start Hyper-V Manager.

4.

In Hyper-V Manager, click 20409B-LON-DC1, and in the Actions pane, click Start.

5.

In the Actions pane, click Connect. Wait until the virtual machine starts.

6.

Sign in by using the following credentials:


o

User name: Adatum\Administrator

Password: Pa$$w0rd

7.

Repeat steps 4-6 for 20409B-LON-VMM1 and 20409B-LON-CL1.

8.

In the 20409B-LON-VMM1 on LON-HOST1 Virtual Machine Connection, click the Media dropdown list box, click DVD Drive, and then click Insert Disk.

9.

In the Open pop-up window, navigate to D:\Program Files\Microsoft Learning\20409\Drives,


select the SC2012R2.iso file, and then click Open. Note that the drive letter for the Microsoft
Learning folder may differ based on the initial setup of the course files.

MCT USE ONLY. STUDENT USE PROHIBITED

7-42 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

In addition, for the rest of the labs, the tasks need be done only once in each lab partnership. There will
not be some steps done by the LON-HOST1 student and others by the LON-HOST2 student. The lab
partners can decide and even switch between themselves as to who does what for each task. This applies
to this lab through the lab in Module 13.
Note: Because you will be using the same virtual machines in the next lab, at the
conclusion of this lab do not revert the virtual machines. However, you can shut down all virtual
machines after finishing this lab.

Exercise 1: Installing and Configuring System Center 2012 R2 VMM


Scenario

In this exercise, you will install System Center 2012 R2 VMM and its prerequisites into a Windows Server
2012 R2 virtual machine. They will also install a VMM console in a client virtual machine that will be used
for managing VMM.
The main tasks for this exercise are as follows:
1.

Review the email from Ed Meadows, CIO, A. Datum, Inc.

2.

Check for VMM prerequisites, and install VMM.

3.

Install the VMM management server and Virtual Machine Manager console on LON-VMM1.

4.

Install the Virtual Machine Manager console on LON-CL1.

Task 1: Review the email from Ed Meadows, CIO, A. Datum, Inc.

Email
From: Ed Meadows, CIO, A. Datum Corp.
To: IT department
Subject: Ready to add System Center 2012 R2 Virtual Machine Manager!
I really appreciate the way you have set up our Hyper-V environment! Everything looks great. Now
that we have our virtualization infrastructure in place, I would like you create a test implementation of
System Center 2012 R2 Virtual Machine Manager. To do this, we need to:
1.

Load the software on one of our servers in the London Site. We need at least two physical hosts,
but have plenty of virtual machines on them. Do you recommend putting this on a virtual
machine or physical computer? Please let me know what computers youll be using. Remember
that the test data that you gather will be used to further deploy a much more robust solution
that we will use to build our private clouds.

2.

Make sure that all the prerequisites Microsoft has recommended are met. If there are any
shortfalls, let me know as soon as possible. Create a list of the prerequisites that you will need to
verify.

3.

After you have created the VMM management server and installed a Virtual Machine Manager
console on a desktop client in the Developer department, finish testing the console and ensure
everything works.

4.

Finally, create the local host group and assign at least two physical hosts.

Ed

To create the test implementation, answer the following questions:


1.

How many VMM servers do you need to deploy in the Adatum environment?

2.

What are the VMM prerequisites that need to be met?

3.

Will you deploy VMM on a single server, or will you separate components onto dedicated
servers?

4.

Will you install the VMM server inside a virtual machine or on a physical machine?

5.

What computers will you use, and what will be their roles?

Task 2: Check for VMM prerequisites, and install VMM

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-43

1.

On LON-VMM1, verify the VMM management server prerequisites by examining the Local Server
page in Server Manager on LON-VMM1.

2.

Verify that LON-VMM1 is in the Adatum.com domain.

3.

Verify that the Operating system version is either the Standard or Datacenter version of Windows
Server 2012 R2.

4.

Confirm that the operating system has at least a 2 GHz Pentium processor, 4 GB of RAM, and 80 GB
of disk space available.

5.

From the Start screen, open and then sign in to SQL Server Management Studio.

6.

Verify that the version of SQL Server supports System Center 2012 R2 VMM.

7.

Open the Registry Editor. In the Registry Editor window, click the HKEY_LOCAL_MACHINE subkey.
Navigate to SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\.

8.

In the Version item, note the value in the Data column. It should be 4.5.51641 or higher.

9.

Close the Registry Editor window.

10. Open the Services console, and verify that the Windows Remote Management (WSManagement)
service is running and is set to Automatic.
11. On the taskbar, click the File Explorer icon.
12. In the This PC window, double-click the DVD Drive icon.
13. In the VMM folder, verify that installation files are visible.

Task 3: Install the VMM management server and Virtual Machine Manager console
on LON-VMM1
1.

In File Explorer, in the VMM window, double-click the setup.exe file, which will open the Microsoft
System Center 2012 R2 Installation splash screen.

2.

Use the Microsoft System Center 2012 Virtual Machine Setup Wizard to install VMM, and set the
options on each page, as follows:
a.

Select features to install page: VMM management server and VMM console.

b.

Product registration information page:

c.

Name: Administrator

Organization: A. Datum, Inc.

Product key: blank

Customer Experience Improvement Program (CEIP) page: No, I am not willing to


participate

d.

Microsoft Update page: Off

e.

Installation location page: Accept default

f.

Database configuration page:

g.

Server name: accept default

Instance name: MSSQLSERVER

Database name: VirtualManagerDB

Configure service account and distributed key management page:

User name and domain: ADATUM\SCService

Password: Pa$$w0rd

h.

Port configuration page: Accept defaults

i.

Library configuration page:

Shared folder location: C:\ProgramData\Virtual Machine Manager Library Files

Share name: MSSCVMMLibrary

3.

After the installation finishes, clear the Check for the latest Virtual Machine Manager updates
check box, and then click Close.

4.

On the Connect to Server page, click Connect.

5.

Close both the Virtual Machine Manager console and the Microsoft System Center 2012 R2 splash
screen.

Task 4: Install the Virtual Machine Manager console on LON-CL1


Note: Perform these steps from LON-HOST2. In Hyper-V Manager on LON-HOST2, rightclick Hyper-V Manager in the console tree and select Connect to server, select Another
computer, and type LON-HOST1 and then click OK. Select and connect to LON-CL1.

MCT USE ONLY. STUDENT USE PROHIBITED

7-44 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

1.

On LON-CL1, click to the desktop.

2.

Open File Explorer, and then navigate to \\lon-vmm1.adatum.com\c$\Program Files


\Microsoft System Center 2012 R2\Virtual Machine Manager\setup\msi\Client.

3.

Run the AdminConsole.msi file. The MSI file will open a pop-up window stating that it is installing
and displaying a progress bar. If it does not encounter an error, then after installing the Virtual
Machine Manager console successfully, the window will close itself.

4.

Open the Apps by name start screen, and then pin the Virtual Machine Manager Console NEW
tile to the desktop taskbar.

5.

Launch the Virtual Machine Manager Console NEW program from the taskbar.

6.

On the Connect to Server page, change the Server name to LON-VMM1.adatum.com:8100.

7.

Navigate around the console, and observe that is the same Virtual Machine Manager console as is
installed on LON-VMM1.

8.

Close the Virtual Machine Manager console, and sign off of LON-CL1.

Results: After completing this exercise, you should have installed System Center 2012 R2 VMM.

Exercise 2: Managing Hosts and Host Groups


Scenario

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-45

In this exercise, you will create host groups, add physical servers and configure host group properties.
The main tasks for this exercise are as follows:
1.

Set the default domain group policy to allow domain members to become hosts.

2.

Add LON-HOST1 and LON-HOST2 to VMM.

3.

Create a LocalGroup host group, and then add LON-HOST1 and LON-HOST2 to the LocalGroup host
group.

4.

Configure LocalGroup properties.

Task 1: Set the default domain group policy to allow domain members to become
hosts
1.

On LON-DC1, in Server Manager, open the Group Policy Management Editor, and then edit the
Default Domain Policy.

2.

Navigate to Computer Configuration\Profiles\Administrative Templates\Network


\Network Connections\Windows Firewall\Domain Profile, and then apply the following settings:
a.

In Windows Firewall: Allow inbound file and printer sharing exception, click Enabled, in
Options, type an asterisk (*) (which indicates all IP addresses).

b.

In Windows Firewall: Allow ICMP exceptions, click Enabled, in Options, click Allow inbound
echo request.

c.

In Windows Firewall: Define inbound port exceptions, select Enabled, in Options: Define
port exceptions, click Show, and under Value, type 5985.

3.

In the Group Policy Management Editor, navigate to Computer Configuration\Profiles


\Administrative Templates\Windows Components\Windows Remote Management (WinRM)
\WinRM Service.

4.

In the Allow remote server management through WinRM window, select Enabled, in Options, for
both IPv4 and IPv6, type an asterisk (*).

5.

Close the Group Policy Management Editor.

6.

On both LON-HOST1 and LON-HOST2 physical machines, use Windows PowerShell to update the
group policy with gpupdate.exe /force.

Task 2: Add LON-HOST1 and LON-HOST2 to VMM


1.

On LON-VMM1, open the VMM console, and add LON-HOST1 as a Hyper-V server to the All Hosts
node in VMs and Services, using the following parameters:
a.

Resource Location page:

b.

c.

Windows Server computers in a trusted Active Directory

Credentials page: Manually enter the credentials.

User name: ADATUM\Administrator

Password: Pa$$w0rd

Discovery Scope page: Specify Windows Server computers by names.

Computer names: lon-host1.adatum.com

d.

Target resources page:

Discovered computers: lon-host1.adatum.com

MCT USE ONLY. STUDENT USE PROHIBITED

7-46 Installing and Configuring Microsoft System Center 2012 R2 Virtual Machine Manager

e.

Host Settings page: All Hosts.

f.

Summary page: View Script, save script in the documents library as AddHost.ps1 (ensure the
All Files (*.*) type is selected).

2.

Observe that LON-HOST1 now displays in the VMs and Services console tree.

3.

Open Windows PowerShell, navigate to the documents folder, and then use Notepad to open
AddHost.ps1.

4.

In Notepad, in Add-SCVMHost, change the -ComputerName parameter to identify LON-HOST2


rather than LON-HOST1.

5.

Save the file, and close Notepad.

6.

Run the Windows PowerShell script that you just saved by typing ./addhost.ps1.

7.

When prompted, use the ADATUM\administrator credentials.

8.

When Windows PowerShell displays a number of parameters and values in columnar form, review this
data.

9.

Close Windows PowerShell.

10. In the Virtual Machine Manager console, in the VMs and Services console tree, under All Hosts, verify
that LON-HOST2 now displays.

Task 3: Create a LocalGroup host group, and then add LON-HOST1 and LON-HOST2
to the LocalGroup host group
1.

On LON-VMM1, if the Virtual Machine Manager console is not already open, then open it.

2.

In the Virtual Machine Manager console, in the VMs and Services console tree, create a new host
group named LocalGroup.

3.

Use the tools on the ribbon to move LON-HOST1 into the group.

4.

Use the context menu to move LON-HOST2 into the group.

Task 4: Configure LocalGroup properties


1.

Right-click LocalGroup and then click Properties.

2.

In the LocalGroup Properties dialog box, in the Properties pages, configure the following:
a.

On the General page, add the description, The local group of virtualization hosts the
A. Datum IT department is using.

b.

On the Host Reserves page, clear the Use the host reserves settings from the parent host
group check box. In the Disk space, amount text box, change the values from 1% to 2%.

3.

On the LocalGroup Properties page, click OK.

1.

Close the VMM Console, and sign out of LON-VMM1.

Results: After completing this exercise, you should have created and configured hosts and host groups.

Module Review and Takeaways


Review Questions
Question: In which scenarios will it be beneficial to deploy System Center 2012 R2 App
Controller?
Question: In which scenarios is it beneficial for you to use Windows PowerShell rather than a
GUI such as the VMM console?

Common Issues and Troubleshooting Tips


Common Issue

Troubleshooting Tip

You cannot add the physical computer as


a host.

You cannot perform a V2V conversion of a


VMware ESXhosted virtual machine.

Tools
Tool

Use for

Where to find it

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

7-47

SQL Server
Management Studio

Manage all aspects of a SQL Server


installation.

SQL Server installation DVD

Disk2vhd

Tool that creates virtual hard disks of


physical disks for use on Hyper-V hosts as
virtual machines. You can convert the
operating system disk and the data disks
on a physical computer.

Windows Sysinternals download


page:
http://go.microsoft.com/fwlink
/?LinkID=386697

Windows ADK

A collection of tools that you can use to


customize, assess, and deploy Windows
operating systems to new computers.

Microsoft Download Center:


http://go.microsoft.com/fwlink
/?LinkID=386730

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED


8-1

Module 8

Managing the Network and Storage Infrastructure in


Microsoft System Center 2012 R2 Virtual Machine Manager
Contents:
Module Overview

8-1

Lesson 1: Managing Networking Infrastructure

8-2

Lab A: Network Infrastructure Management

8-18

Lesson 2: Managing Storage Infrastructure

8-22

Lab B: Managing Infrastructure Storage

8-32

Lesson 3: Managing Infrastructure Updates

8-36

Lab C: Infrastructure Updates Management

8-42

Module Review and Takeaways

8-45

Module Overview

Microsoft System Center 2012 R2 includes components that you can deploy and manage through the
System Center 2012 R2 Virtual Machine Manager (VMM) console. The Fabric workspace in the VMM
console simplifies working with a variety of storage and network technologies. Using these components,
you can build and connect your virtualization network and storage infrastructure, thereby creating the
underlying framework for deploying virtual machines, services, and clouds.
Note: For the purpose of this course, all instances of Microsoft System Center 2012 R2
Virtual Machine Manager are referred to as VMM.

Objectives
After completing this module, you will be able to:

Manage the networking infrastructure in VMM.

Manage the storage infrastructure in VMM.

Manage infrastructure updates by creating update baselines, and by scanning and remediating noncompliant servers.

Lesson 1

Managing Networking Infrastructure


Managing physical network infrastructure in dynamic and complex data center environments can
be challenging. You might require multiple applications, consoles, and command-line interfaces to
administer the infrastructure. VMM provides a single console from which you can perform most of
the administrative tasks, and thus simplifies working with logical and virtual networking components.

MCT USE ONLY. STUDENT USE PROHIBITED

8-2 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

This lesson introduces you to the VMM networking fundamentals and provides high-level overviews of
advanced concepts. This lesson also explains the VMM networking components and integration options
with other vendor networking tools. Finally, this lesson describes how to design and implement the
various virtualization options.

Lesson Objectives
After completing this lesson, you will be able to:

Describe VMM logical networks.

Describe the components and features of the networking infrastructure.

Describe the configuration options for virtual networks.

Explain how to configure logical networking in VMM.

Explain how to configure ports and logical switches in VMM.

Configure virtual network components in VMM.

Describe how to use virtual machine networks to isolate networking.

Explain how to manage network virtualization in VMM.

Configure network virtualization.

Describe Windows Server Gateway

VMM Logical Networks


A VMM logical network is a collection of VMM
network sites, IP subnet information, and virtual
local area network (VLAN) information. You can
associate IP address pools with IP subnets that are
part of a logical network.
You can use logical networks in VMM to
describe networks with different purposes and
then associate those networks with adapters. For
example, you can create one logical network for
traffic isolation (such as a network used for cluster
node communication), and then associate the
network adapters reserved for this communication
with this VMM logical network.

At least one logical network must exist before you can deploy virtual machines and services. By default,
when you add a Hyper-V host to VMM, if a physical network adapter on the host does not have an
associated logical network, VMM automatically creates and associates a logical network that matches
the first Domain Name System (DNS) suffix label of the connection-specific DNS suffix.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

For example, if the DNS suffix for the host network adapter is adatum1.adatum.com, VMM creates a
logical network with the name adatum1.

8-3

When you create a logical network, you can create one or more associated network sites. A network site is
a collection of one or more subnets, VLANs, and subnet-VLAN pairs. You can control which host groups
connect to a network site. For example, if you have a Seattle host group and a New York host group, and
if you want to make the BACKEND logical network available to each, you can create two network sites for
the BACKEND logical network. You then can scope one network site to the Seattle host group (and any
desired child host groups), and the other network site to the New York host group (and any desired child
host groups).
When you associate one or more IP subnets with a network site, you can create an IP address pool. An IP
address pool is a range of IP addresses within an IP subnet. For example, the range 10.0.0.2 to 10.0.0.150
would be an address pool within the 10.0.0.0/24 subnet. A static IP address pool enables VMM to
assign static IP addresses to hosts and allows you to manage IP addresses for the virtual environment.
Configuring static IP address pools is optional and you can assign addresses automatically through
Dynamic Host Configuration Protocol (DHCP), if it is available on the network.
For more information on Logical Networks, consult the following TechNet article:
Configuring VM Networks in VMM Illustrated Overview
http://go.microsoft.com/fwlink/?LinkID=386735

What Is the VMM Networking Infrastructure?


In VMM, the networking infrastructure is a group
of configurable network resources that you can
use to create, model, organize, and manage
your virtualized server network connectivity.
The following sections describe the configurable
components and their subcomponents.

Logical Networks

Logical networks are a set of logical network


objects that you can use to model your network
environment. You can create multiple logical
networks, and then associate them with one or
more host groups. For example, you can create a
perimeter logical network, a development logical network, and a production logical network. When
administrators or application administrators deploy virtual machines and services, they will be able to
select a logical network without the need to understand the underlying networking infrastructure.

Network Sites

You can create network sites to associate subnets and VLANs with a location or department. You associate
sites with the logical network, and then assign the host group that can use the network site.

MAC Address Pools

VMM can assign static media access control (MAC) addresses automatically to new virtual network devices
on Windows-based virtual machines that are running on any managed Windows Server 2012 Hyper-V,
VMware ESX, or Citrix XenServer host. VMM has two default static MAC address pools: the default MAC
address pool for Hyper-V and Citrix XenServer, and the default VMware MAC address pool for VMware
ESX hosts. You should use the default static MAC address pools only if you set the MAC address type for a
virtual machine to Static. If you set the virtual machine setting to Dynamic, the hypervisor will assign the

MAC address. You can use the default MAC address pools, or you can configure custom MAC address
pools that you scope to specific host groups.

Virtual IP Templates

MCT USE ONLY. STUDENT USE PROHIBITED

8-4 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

A virtual IP template contains a load balancer and related configuration settings for a specific type of
network traffic. For example, you could create a template that specifies the load balancing behavior for
HTTPS traffic on a specific load balancer manufacturer and model. These templates represent the best
practices from a load balancer configuration standpoint. After you create a virtual IP template, users
(including self-service users), can specify the virtual IP template to use when they create a service. When
users model a service, they can choose an available template that best matches the needs of their load
balancers and type of application.

Load Balancer Integration

By adding a load balancer to VMM, you can load balance requests to the service tiers virtual machines.
You can use Network Load Balancing (NLB), or you can add supported hardware load balancers through
the VMM console. VMM includes NLB as an available load balancer, and it uses the round-robin method
for load balancing. To add supported hardware load balancers, you must install a configuration provider
that is available from the load balancer manufacturer. The configuration provider is a plug-in to VMM
that translates Windows PowerShell commands to application programming interface (API) calls, which
are specific to a load balancer manufacturer and model. Supported hardware load balancer devices are F5
BIG-IP, Brocade ServerIron, and Citrix Netscaler. You must obtain the load-balancer provider from the
load-balancer vendor, and then install it on the VMM management server.

Logical Switches

You can use logical switches to apply a single configuration to multiple hosts. You configure logical-toHyper-V port profiles and uplink profiles, port classification, and virtual-switch extensions. By using logical
switches, you can enforce compliance among the host servers and reduce the time required to deploy and
administer hosts.

Port Profiles
You can create and use two Hyper-V port profiles in VMM:

Virtual network adapter port profiles. You create this type of profile for use by virtual machines and
hosts. These profiles have configurable offload, security, and bandwidth settings.

Uplink port profiles. You configure this type of profile to use with uplink ports. You can configure the
load-balancing algorithm and teaming mode.

Port Classifications

You can create port classifications, and then use them across multiple logical switches to help identify and
group sets of features.

Network Service

A network service in VMM includes components such as gateways, virtual switch extensions, top-of-rack
switches, and network managers. To add a network service, you must first install the associated provider,
and then restart the System Center Virtual Machine Manager service. You can configure each of the
following components by using the Add Network Service Wizard:

Gateway. In VMM, you can configure a gateway to allow network traffic in and out of a virtual
machine network that is using network virtualization. You can configure this for local network
routing which routes traffic between the virtual machine network and the physical network.
Alternatively, you can configure it for remote network routing, which first creates a virtual private
network (VPN) connection with another endpoint of a site-to-site VPN, and then routes in and out
of the virtual machine network through the VPN tunnel.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

8-5

Virtual switch extensions. Virtual switch extensions provide non-Microsoft vendors the ability to add
monitoring, filtering, and forwarding extensions. For example, Cisco has created the Cisco Nexus
1000V for Hyper-V. This forwarding extension allows Cisco administrators to configure networking in
VMM by using familiar Cisco commands. An example of a monitoring extension is Host sFlow, which
exports performance metrics using the sFlow protocol.

Network managers. Network managers enable you to use a non-Microsoft network management
console to configure forwarding extensions. With network managers, you can manage settings such
as logical networks, sites, and virtual machine networks.

TOR switches. By using VMM to manage TOR switches, you can control physical switch ports. For
example, you can create the corresponding VLAN and apply it to the physical port, thus keeping both
physical and virtual switch settings synchronized.

Configuration Options for Virtual Networks


You can create Hyper-V virtual switches in the
VMM console just as you can create them in
the Virtual Switch Manager in the Hyper-V
console. In the VMM console, you can apply the
same options as in the Virtual Switch Manager,
although you cannot control switch extensions
within this area.
You can create three types of virtual switches on
your Hyper-V host servers:

External. You can create a virtual network


switch that you bind to a physical network
adapter in the host server. After you have
created this virtual switch, you can then connect one or more virtual machine network adapters,
thereby permitting virtual machines access to a physical network. You can create only one external
virtual switch for each physical network adapter. However, you can optionally allow the host to share
the network adapter with the virtual switch.

Internal. Creating an internal switch enables virtual machines to communicate with each other and
with the Hyper-V host. However, internal switches do not allow any communication with the physical
network.

Private. The private virtual switch allows virtual machines to communicate with each other. You can
create multiple private virtual switches on a single Hyper-V host to isolate different groups of virtual
machines.

You can use VLAN settings and external virtual switches to share the network adapter with the virtual
guest machines. If you do this, you can then set VLAN IDs for the host server. However, this does not
control virtual machine VLAN configuration.
You can add a virtual switch in the VMM console by performing the following steps:
1.

In the VMM console, click the Fabric icon.

2.

In the Fabric workspace, click Servers, or if required, navigate to the host group containing the server
to which you wish to add the virtual switch.

3.

In the central workspace, right-click the server you want to add the switch to, and then click
Properties.

4.

MCT USE ONLY. STUDENT USE PROHIBITED

8-6 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

In the Properties dialog box, on the left side, click Virtual Switches, click New Virtual Switch, and
then click New Standard Switch.

Note: You also have the option of creating a new logical switch. However, you can only
create a new logical switch after creating at least one logical switch elsewhere in VMM. You will
learn more about logical switches later in this module.
5.

Provide a name and optional description for the switch, and then click the required switch type
(External, Internal, or Private). Define whether the host should share the adapter using VLAN 0 or
anther VLAN, and then click OK.

6.

When a warning that the host may temporarily lose network connectivity displays, click OK.

You can monitor the progress in the Jobs workspace.

Configuring Logical Networking in VMM


The first step in building logical networks is to
define and determine your network requirements.
Considering the answers to the following
questions:

How many logical networks do you require?

How many network sites do you require?

Is isolation required?

Will you need to route isolated traffic


between hosts or sites?

What IP subnets will you use?

What VLAN ID will you use?

When creating the logical network, you will be able to choose a single, routable network that includes the
option to allow virtualized virtual machine networks, to use VLAN-based independent networks, or to use
Private VLAN (PVLAN) networks.
To create the logical network, use the following steps:
1.

Launch the VMM console, click the Fabric workspace, on the ribbon, click Create, and then click
Logical Network.

2.

On the Name page, in the Name text box, type the required network name such as INTRANET,
and in the Description text box, type a description. Click the required network option, VLAN, PVLAN,
or leave the default option selected (One connected network). If required, click Allow new VM
networks created on this logical network to use network virtualization, and then click Next.

3.

On the Network Site page, click Add, and then in the Host groups that can use this network site
section, select the host groups that will use this network site, for example, All Hosts.

4.

In the Associated VLANs and IP subnets area, click Insert row, and then in the VLAN text box, type
a VLAN number, for example, 2.

5.

In the IP subnet text box, type an IP subnet, for example 172.20.0.0/16.

6.

Click Next, and then click Finish.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

Configuring Ports and Logical Switches in VMM


Logical Switches
You can use logical switches to apply a single
configuration to multiple hosts, and you configure
them to use uplink profiles, port classification, and
virtual-switch extensions. The supported switch
extensions types are:

8-7

Monitoring. Use monitoring extensions


to monitor and report network traffic, but
you cannot use them to modify packets.

Capturing. Use capturing extensions to


inspect and sample traffic but you cannot use them to change packets.

Filtering. Use filtering extensions to block, modify, or defragment packets, and to block ports.

Forwarding. Use forwarding extensions to direct traffic by defining destinations, and to capture and
filter traffic. To avoid conflicts online, only one forwarding extension can be active on a logical switch.

Virtual switch extension manager. Use virtual switch extension manager to allow use of a vendor
network-management console and VMM together. To do this, you need to install the vendors
provider software on the VMM server.

Uplink Profiles

You can use native uplink profiles to configure uplink adapters. Uplink adapters must be available on
the physical network adapters to which a switch connects. You can assign uplink profiles to host groups,
and then enable them to support network virtualization in Windows operating systems. You also can use
uplink profiles to configure virtual adapters for enabling offload settings, such as Virtual Machine Queue
(VMQ), Internet Protocol security (IPsec) task offloading, and single-root I/O virtualization (SR-IOV).
Virtual network adapter port profiles allow you to reuse the same settings across multiple switches, which
simplify your virtual environment deployments.

Additionally, you can specify minimum and maximum bandwidth settings and relative bandwidth weights.
These settings define how much bandwidth a virtual network adapter can use in relation to other virtual
network adapters that connect to the same switch. The following default uplink profiles have already been
created in VMM:

SR-IOV profile

Network load balancer (NLB) network interface card (NIC) profile

Low, medium, and high bandwidth adapters

Host management

Live migration

Cluster

Guest dynamic IP

Internet small computer system interface (iSCSI)

Default

Each of these profiles comes already configured with varying offload, security, and bandwidth settings.

Port Classifications

MCT USE ONLY. STUDENT USE PROHIBITED

8-8 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

You can create port classifications, and then use them across multiple logical switches to help identify and
group sets of features. The following default port classifications have already been created in VMM:

SR-IOV

Network load balancing (NLB)

Live migration workload

Host cluster workload

Low, medium and high bandwidth

Guest dynamic IP

iSCSI workload

Demonstration: Configuring Virtual Network Components in VMM

In this demonstration, you will see how you can use VMM to create and configure the following network
components:

Logical networks

IP pools

Logical switches

Native port profiles

Port classifications

You also will see how to assign logical switches to Hyper-V hosts.

Demonstration Steps
1.

On LON-VMM1, launch the Virtual Machine Manager console.

2.

Create a logical network named Adatum UK that permits the use of network virtualization.

3.

Create two network Sites that use the All Hosts host group using the following details:
a.

Network site name: Docklands

b.

VLAN: 0

c.

IP Subnet: 192.168.1.0/24

d.

Network site name: Gatwick

e.

VLAN: 0

f.

IP Subnet: 192.168.2.0/24

4.

When setup is complete, close the Jobs window.

5.

From the Fabric workspace, create a new IP Pool named Adatum UK IP Pool. Use the Adatum UK
logical network.

6.

Using the Docklands network site and the 192.168.3.0/24 IP subnet, complete the wizard accepting
the defaults, and then close the Jobs window.

7.

Create another IP pool named Gatwick IP Pool. Use the Adatum UK logical network, and the Gatwick
network site.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

8-9

8.

From the Fabric workspace, create a Hyper-V Port Profile named Adatum UK Uplink. Use the
Hyper-V port load balancing algorithm.

9.

On the Network configuration page, select the Docklands and Gatwick network sites, and enable
Hyper-V Network-Virtualization.

10. When setup is complete, close the Jobs window.


11. From the Fabric workspace, create a Logical Switch named Adatum UK. Enter the description
Adatum production hosts logical switch. Use the default extensions, and use the Adatum UK
uplink.

12. Add a Virtual Port using the Medium Bandwidth port classification and the Medium Bandwidth
virtual network adapter port profile.
13. When setup is complete, close the Jobs window.

14. From the Fabric workspace, open the properties page for lon-host1.adatum.com, click Hardware,
then click the logical network associated with your network card, (this will be connected to External
Network).
15. Click the Adatum UK logical network, read the warning about VLANs, click OK, and then click OK
again.
16. In the Fabric workspace, click LON-HOST1, click Properties, click Virtual Switches, click New
Virtual Switch, and then click New Logical Switch.

17. Notice the error message that displays stating that VMM cannot create a virtual switch without any
physical network adapters. At this point, if you have another network card, you can assign the logical
switch to a physical adapter. In the error message pop-up window that displays, click OK.

18. In the Properties dialog box, click Hardware, and then scroll down and expand Network adapters.
Click your physical network adapter, and note that you can select or clear the adapter for virtual
machine placement and management use. Click the Logical network, and on the right under Logical
network connectivity, note that you can assign the logical networks and IP subnets.
19. Click Cancel, and then click Yes to close the warning.

Using Virtual Machine Networks for Isolating Networking


You can use virtual machine networks to create
isolation, which separates network traffic for
different customers. The network isolation types
are described in the following sections.

Network Virtualization
You can use network virtualization to isolate
virtual machines from different organizations,
even if they share the same Hyper-V host. When
you configure network-virtualization, each guest
virtual machine has two IP addresses, which
include:

Customer IP address. The customer assigns this IP address to the virtual machine. You can configure
this IP address so that communication with the customer's internal network can occur even if the
virtual machine is hosted on a Hyper-V server that connects to a separate public IP network. Using
the ipconfig command on the virtual machine will return the customer IP address.

Provider IP address. The hosting provider assigns this IP address, which is visible to the hosting
provider and to other hosts on the physical network. This IP address is not visible from within the
virtual machine.

Note: You can create virtual machine networks after you create a logical network, because
they are associated with a logical network. You can have many isolated virtual machine networks
using one logical network, but for each logical network you can only have one virtual machine
network that does not use isolation.

VLAN Isolation

MCT USE ONLY. STUDENT USE PROHIBITED

8-10 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

VLANs are layer 2 broadcast domains that are created by tagging packets. These tags tell the switches
and routers where the packets can travel. VLANs are widely used due to their reliability. However, they do
have some limitations that can make running a larger virtualization environment more difficult and costly,
and can result in high management overheads.

PVLAN Isolation

PVLANs enable you to separate a VLAN into multiple isolated sub-networks, which are then allocated to
different tenants. The PVLAN will share the IP subnet it that the parent VLAN allocates to it. The PVLAN
requires a router to communicate with hosts on other PVLANs and with other networks.

Which Isolation for Logical Networks Is Best?


The following table is a guide to when you may want to use the different logical network types.
Logical network type

When to use

Infrastructure network

VLAN or no isolation

Load balancer, back-end and Internet-facing

PVLAN

Tenant networks

Network virtualization

The table above is a rough guide, because each company differs. In networking, having many options
helps to facilitate the best design for a given scenario, application, or customer. For example, you may
have a network team who will be configuring most of the virtual networks using their preferred network
tools and switch extensions.
Note: For an example that requires both network virtualization and VLANs, review the
scenario following the end of this topic.
To create logical networks with VLAN or PVLAN:
1.

Launch the VMM console, click the Fabric workspace, on the ribbon, click Create, and then click
Logical Network.

2.

On the Name page, in the Name text box, type the required network name (such as INTRANET). In
the Description text box, type a description, click the required network optionVLAN, PVLAN, or
leave the default option (One connected network) selected. Then, if required, click Allow new VM
networks created on this logical network to use network virtualization, and then click Next.

3.

On the Network Site page, click Add, and then in the Host groups that can use this network site
section, select the host groups that will use this network site, for example All Hosts.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

8-11

4.

In the Associated VLANs and IP subnets area, click Insert row, and then in the VLAN text box, type
a VLAN number, for example 2.

5.

In the IP subnet field, type an IP subnet, for example 172.20.0.0/16, click Next, and then click
Finish.

A routable logical network in the VMM console is called One connected network. These logical networks
and any network sites can be routed to one another.
Configuring VM Networks in VMM Illustrated Overview
http://go.microsoft.com/fwlink/?LinkID=386735
Networking in VMM 2012 SP1 Logical Networks (Part I)
http://go.microsoft.com/fwlink/?LinkID=386731

Real-world Issues and Scenarios

A. Datum Corporation (UK) is based in London and has 10 physical sites that mostly consume resources
from two small data centers. The infrastructure has been assembled over many years and by many
different providers. The chief executive officer and chief information officer have given authorization to
set up the two data centers to run Hyper-V with System Center 2012 R2.
As part of their long-term vision, the organization wants one or more highly available private clouds
that have the ability to run from either data center. Extensive changes and building new sites are not
an option. A multi-year virtualization projected has started, and all new systems are required to be
virtualized. Those built using Windows 2008 R2 and newer are being virtualized using physical-to-virtual
(P2V) migrations. Many servers have the same IP addresses, and to ensure that the customized
applications on those can be accessed, Hyper-V network virtualization will be used.

A. Datum uses multiple backup technologies, and the System Center 2012 R2 Operations Manager has a
backup VLAN that isolates backup traffic. You discussed virtualizing some file servers, and will want to
make sure that these, and possible other servers can access the VLAN to be backed up.

Managing Network Virtualization in VMM


In larger VMM environments, you will need to
administer a higher number of logical networks,
virtual machine networks, and virtual network
components. If you have multiple administrators,
the potential for error or complexity also
increases.
Best Practice:
In most sections of the VMM console, you can
filter the view by entering text in the search field.
Keep this feature in mind and apply a good
naming convention to all your virtual network
components. This will help you and other administrators when you are working with and or
troubleshooting virtual networking. This also applies to everything you can label in VMM.

MCT USE ONLY. STUDENT USE PROHIBITED

8-12 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

There are a few considerations that you should be aware of before you start working with virtual
machine networks in VMM. As a first step, you should plan your network and document the proposed
configurations. You will need to determine if you should implement isolation. You then need to create the
underlying logical network components.
After you have created your prerequisite logical network, perform the following steps to create a virtual
machine network in the VMM console:
1.

Open the VMM console, click the VMs and Services workspace, and then on the ribbon, click Create
VM Network.

2.

On the Name page, type the name and description for your VM network, click the drop-down list
box, select the logical network, and then click Next.

3.

On the Isolation page, select either Isolate using Hyper-V network-virtualization or No isolation,
choose between IPv4 and IPv6 for your VM network and logical network, and then click Next.

4.

On the VM Subnets page, click Add, and in the Name text box, type the name for your VM subnet.
In the Subnet text box, type the IP address and mask for your subnet. If necessary, add and remove
further subnets, and then click Next.

5.

On the Connectivity page, choose the setting for connecting directly to an additional logical
network, and specify whether that connection will use network address translation (NAT). If you
have not added a gateway, no option will be available. Review the message, and then click Next.

6.

On the Summary page, review the summary, and then click Finish.

7.

Close the Jobs window.

In a large host or environment, you may want to quickly discover which virtual machines connect to which
networks. Rather than investigate each virtual machine individually, you can investigate using the built-in
VMM network diagrams.
You can review hosts and virtual machine network topology by performing the following steps:
1.

Open the VMM console, and then click the Fabric workspace.

2.

In the Fabric navigation pane, click to expand the host group containing your hosts. In the main
section of the console, right-click the host that you want review, and then click View Networking.

3.

On the left, you can select the hosts, host groups, and clouds that you want to include in the diagram.
On the ribbon, you can choose to view the following diagrams:
o

VM Networks

Host Networks

Host/VM Networks

Network Topology

To delegate access to virtual machine networks, you assign an owner for a virtual machine network, and
delegate access to other administrators and self-service users. You can configure access by performing the
following steps:
1.

Open the VMM console, click the VMs and Services workspace, and then on the ribbon, click
Properties.

2.

On the left, click Access. You can now select an owner and delegate access to the virtual machine
network.

If you want to delete a virtual machine network, you must first confirm that there are no dependent
resources. You can review dependent resources using these steps:

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

8-13

1.

Open the VMM console, and then click the VMs and Services workspace.

2.

In the VMs and Services navigation pane, click VM Networks on the right, click to highlight a virtual
machine network, and then on the ribbon, click View Dependent Resources.

3.

Review the Names and Type of resources. Make a note of them, and then click OK.

4.

To delete other VMM resources that may have dependent resources, you can right-click them. If they
have dependent resources, the dependent resource option will display, and clicking on it will display
those dependencies.

Adding a Gateway

When you deploy network virtualization, you most likely will want virtual machines to communicate with
other virtual machines on other Hyper-V hosts, or with physical machines outside of the virtualization
environment. To facilitate this, you must provision a network gateway, which in VMM is configured in the
Network Service section of the Fabric workspace. The gateway connects to remote networks using a VPN
tunnel.
To add a gateway, you must first install its provider software. You can review the list of installed providers
by using the following procedure:
1.

Open the VMM console.

2.

Click the Settings workspace, and then in the Settings pane, click Configuration Providers. The lists
of providers displays along with information such as Type, Version, Publisher, Manufacturer and
Model.
The default providers in VMM are:
o

Microsoft IP Address Management Provider

Microsoft Network Load Balancing (NLB)

Microsoft Standards-Based Network Switch Provider

Microsoft Windows Server Gateway Provider

The default installation directory for providers is C:\Programs Files\Microsoft System Center 2012 R2
\Virtual Machine Manager\Bin\Configuration Providers.
3.

Confirm that the necessary provider software for the gateway device has been installed and is listed.

For more information about gateway prerequisites and to review the setup steps, refer to:
Configuring VM Networks and Gateways in VMM
http://go.microsoft.com/fwlink/?LinkID=386734
How to Add a Gateway in VMM in System Center 2012 R2
http://go.microsoft.com/fwlink/?LinkID=386732

Demonstration: Configuring Network Virtualization

MCT USE ONLY. STUDENT USE PROHIBITED

8-14 Managing the Network and Storage Infrastructure in Microsoft System Center 2012 R2 Virtual Machine Manager

In this demonstration, you will see how to configure network virtualization in Windows Server 2012 R2 by
using VMM.

Demonstration Steps
1.

In the Virtual Machine Manager console, from the VMs and Services workspace, create a virtual
machine network named Adatum North.

2.

Ensure that Adatum UK is selected as the Logical network, and enable Hyper-V network
virtualization.

3.

Add the following VM Subnets:


o

Subnet name: Adatum Finance

Subnet address: 192.168.4.0/24

Subnet name: Adatum Engineering

Subnet address: 192.168.5.0/24

4.

When setup is complete, close the Jobs window.

5.

In the Virtual Machine Manager console, from the VMs and Services workspace, create a virtual
machine network named Adatum South. Ensure that Adatum UK is selected as the Logical network,
and enable Hyper-V network virtualization.

6.

Add the following VM Subnets:


o

Subnet name: Adatum Warehouse

Subnet address: 192.168.4.0/24

Subnet name: Adatum Logistics

Subnet address: 192.168.5.0/24

7.

When setup is complete, close the Jobs window.

8.

From the VMs and Services workspace, create a virtual machine network IP pool for the Adatum
Finance VM Network. Name this pool Adatum Finance VM Network IP Pool.

9.

Ensure the VM subnet is set to Adatum Finance (192.168.4.0/24), and accept the default settings.

10. When setup is complete, close the Jobs window.


11. From the VMs and Services workspace, create a virtual machine network IP pool for the Adatum
Finance VM Network. Name this pool Adatum Logistics VM Network IP Pool.

12. Ensure the VM subnet is set to Adatum Logistics (192.168.5.0/24), and accept the default settings.
13. When setup is complete, close the Jobs window.

Windows Server Gateway


When you use the Hyper-V virtual switch to
implement network virtualization, the switch
operates as a router between different Hyper-V
hosts in the same infrastructure. Network
virtualization policies define how packets are
routed from one host to another.

MCT USE ONLY. STUDENT USE PROHIBITED

Server Virtualization with Windows Server Hyper-V and System Center

8-15

Ho