August 2008 - Posts
The following features are new to Configuration Manager 2007 R2:
- Application Virtualization Management. For more information about managing virtual applications created using the Microsoft Application Virtualization platform, see About Virtual Application Packages.
- Forefront Client Security Integration. For more information, see About Forefront Client Security Integration with Configuration Manager 2007 R2.
- SQL Reporting Services Reporting. Allows you to report on Configuration Manager activity using SQL Reporting Services.
- Client Status Reporting. Provides a set of tools and Configuration Manager 2007 reports to assess the status of client computers, sometimes referred to as "client health." Clients that show a change in activity patterns might need administrative intervention.
- Operating System Deployment Enhancements. The following enhancements are included in Configuration Manager 2007 R2:
- Unknown computer support—In Configuration Manager 2007 R2, you can deploy operating systems to computers using a PXE service point without first adding the computer to the Configuration Manager database. For more information, see About Unknown Computer Support for Operating System Deployment.
- Multicast deployment—Previously, all operating system deployments used unicast. Multicast can make more efficient use of network bandwidth when deploying large images to several computers at the same time. For more information, see About Multicast for Operating System Deployment.
- Running command lines in task sequences with credentials other than the local system account.
SCVMM 2008 provides a seamless experience for creating and managing HA VMs. Here are some of the highlights:
- SCVMM 2008 is Windows 2008 Cluster "aware".
- When you add a host that belongs to a windows cluster, it will automatically bring in the rest of the nodes in the cluster.
- Many SCVMM cmdlets have cluster specific parameters or switch, so that you can define how SCVMM should take actions according to the HA attribute of the target VM/host.
- When the HA VM moves, VMM keep track of the VM's and their hosting physical cluster node.
- SCVMM 2008 supports both Windows Cluster Quick Migration as well as the VMotion from VMware.
- When you decide to move a HA VM, the intelligent placement takes HA hosts into consideration and will recommend clustered hosts by default.
- SCVMM 2008 provides VERY SIMPLE, single-checkbox process to create a HA VM:
- If you have tried the white paper for configuring a HA VM on Windows 2003 cluster, you know the 37 page long manual steps you have to go through to make it work.
- Now in SCVMM 2008, all you need to do is to check a single checkbox, if you need a HA VM.
- SCVMM 2008 offers "Promotion" feature, where you can "Promote" a non-HA VM to a clustered host and make it a HA VM; and it also offers "Demotion" feature, where you can "Demote" a HA VM to a non-clustered host and make it a non-HA VM.
- SCVMM 2008 introduces the new PRO feature that allows auto-migration option when user-defined threshold is reached. This is particularly useful for HA VMs.
Hyper-V have an option to use CIFS/SMB file server share as your option for Failover Clustering storage.
This solution can enable you to use Quick Migration and but only be truly highly available if you file share is also highly available.
Important performance issue - Windows Server 2008 file server does increased performance for this type of workload. However, this is no way near FC\iSCSI configurations and should be used only after throughout utilization tests.
Before and After Diagrams
Lets describe the scenario using two diagrams. First, here is a diagram describing the scenario before a failure:
Now, here’s a diagram describing the scenario after a failure in SPTNODE1:
As you can see, we use a file server (called SPTSERVER1) for storing the Hyper-V files. The idea is to store the configuration files, the VHD itself and the VHD snapshots in the \\SPTSERVER1\VMSHARE\VM1 folder. As we do when using a SAN for shared storage, the surviving node will take over and start the VM in case of a failure. We can also use the very same scenario for Quick Migration, making the VM move orderly from one node to another by saving the state to the file share and instructing to other node to take over and restore the VM.
Pre-requisites
Before you move forward, you want to make sure you have at least two physical computers running Hyper-V. In our scenario, STPNODE1 and STPNODE2 are running Windows Server 2008 Enterprise (Full or Core installs work fine).
Add the Hyper-V role to STPNODE1 and STPNODE2.
Add the Failover Clustering feature to STPNODE1 and STPNODE2.
You will need to use a general purpose server to act as a file server or a NAS box compatible with CIFS/SMB. You probably want to run Windows Server 2008 for improved performance (new TCP/IP stack and SMBv2 protocol). In our scenario, STPSERVER1 is the file server running Windows Server 2008 Enterprise Edition (Full or Core installs work fine).
Grant the required permissions for \\SPTSERVER1\VMSHARE\ to the computer accounts for STPNODE1 and STPNODE2, as described at http://blogs.technet.com/josebda/archive/2008/06/24/storing-windows-server-2008-hyper-v-files-on-an-cifs-smb-file-share.aspx.
You might also want to have a management client which could be your desktop (running Windows Vista SP1) or another server (running a Full install of Windows Server 2008). In our scenario, SPTCLIENT1 is the management client.
Install the Windows Server Hyper-V RTM patch.
You will need to have a domain infrastructure (Windows Server Failover Clustering requires a domain). The domain controller is not shown in the diagrams.
Steps
You start the process by creating a cluster with the two Hyper-V nodes. To do this, you will use the Failover Cluster Management MMC from either node. In that tool, you will:
- Validate the configuration
- Create the cluster
- Adjust the quorum configuration
- Create the virtual machine in one of the nodes
- Make the VM highly available
Running Validation
Here’s the initial screen of the Failover Cluster Management MMC, when first loaded.
Before you create the cluster, you must Validate your Configuration. Be sure to run *all* Validation tests, since solutions are only supported if you do so.
Since we are not using shared storage, the storage tests will generate a warning. Completing validation with a warning is acceptable.
If you run into any errors during Validation, you must fix those before you proceed.
Creating the Cluster
After you run validation, click the option to “Create a Cluster”. First, you must specify the nodes. In this case we’re using SPTNODE1 and SPTNODE2.
Second, you specify the name of the cluster.
After confirming the data entered, the cluster is created, as shown below:
Note that we end up with a warning (yellow triangle). If you click the “View Report” button, you find what the issue is:
No appropriate disk could be found for the quorum disk.
This is expected. With only two nodes with no shared storage, you don’t have a valid quorum configuration and a single node failure will cause the cluster to fail.
You can see that in the cluster information below:
Typically, in a shared storage configuration, you would get that third vote from a shared witness disk (also know as a quorum disk).
We will overcome that in the next step.
Configuring the Cluster Quorum Settings
To get our third vote for the cluster without using shared storage, we will use the new option in Windows Server 2008 Failover Clustering to use a file server witness.
First, you need to add permission for the cluster computer account to the file share. The cluster computer account was created when we created the cluster.
As you did when granting permissions to SPTNODE1 and SPTNODE2, add full control permissions for the SPTDEMO\SPTCLUSTER$ account in the share and in the file system at SPTSERVER1.
Next, use the Failover Cluster Management tool to change the Quorum Configuration.
You will find this option by right-clicking the cluster name, then selecting “More Actions”, as shown below:
The wizard will guide you through the process. You will select the option for “Node and File Share Majority”, as shown below:
In the next screen, you will specify the actual shared folder path for the file share witness resource. We will use \\SPTSERVER1\VMSHARE\WITNESS. See below:
After you confirm the operation, you will see the update in the quorum configuration, now showing no warning signs.
I would recommend that you also check the status of the storage in the cluster.
You do this by clicking on the “Storage” node under the cluster name in the Failover Cluster Management tool. Here’s what you should see at this point:
As you can see, this is one of the cases where you have a healthy cluster with no shared storage. Exchange Server 2007 CCR clusters also do that.
Creating a regular Virtual Machine on a cluster node
At this point, if you check the Hyper-V Manager tool, you will see no virtual machines:
Now we will use the Hyper-V Manager to create a new VM in SPTNODE1 using only a file share for storage. If you’re doing this from SPTNODE1, you should have no issues. If you’re doing this from any other computer (like the management client SPTCLIENT1), be sure to check this post on how to configure Constrained Delegation to allow remote management of Hyper-V when using file shares: http://blogs.technet.com/josebda/archive/2008/06/27/using-constrained-delegation-to-remotely-manage-a-server-running-hyper-v-that-uses-cifs-smb-file-shares.aspx
Again, this is done through a wizard. This is a regular VM creation, except for the fact that we’re using UNC paths (file share paths) for the storage, instead of regular folders on a local disk. In my specific case, we’re storing this new VM at \\SPTSERVER1\VMSHARE\VM1.
Here you see the virtual machine configuration folder:
Then the location of the new VHD file for the VM:
And even the ISO file we’re mounting will also come from that file server:
Once all is confirmed, we have a new VM, which you should keep in an “off” state for now:
Making the Virtual Machine Highly Available
Now we go back to the Failover Cluster Management tool to make the newly created VM highly available.
Click on the “Services and Applications” node under the cluster name and select the option to “Configure a Service or Application”. Again, it’s a wizard:
After selecting “Virtual Machine” as the type of service, you will select from a list of existing VMs. In our case, there’s only VM1:
After confirming your settings, the VM is made highly available, with a warning:
Again, if you click on the “View Report” button, you find the issues
The path '\\SPTSERVER1\VMSHARE\VM1' where the virtual machine configuration is stored is not on a failover cluster and might not be highly available. To achieve the highest availability, store the virtual machine configuration on a clustered file server (configured within a failover cluster).
The path '\\SPTSERVER1\VMSHARE\VM1' where the virtual machine snapshots are stored is not on a failover cluster and might not be highly available. To achieve the highest availability, store the virtual machine snapshots on a clustered file server (configured within a failover cluster).
The path '\\SPTSERVER1\VMSHARE\VM1\VM1.vhd' where the virtual hard disk is stored is not on a failover cluster and might not be highly available. To achieve the highest availability, store the virtual hard disk on a clustered file server (configured within a failover cluster).
The path '\\SPTSERVER1\VMSHARE\ISO\WindowsServer2008-amd64.iso' where the virtual hard disk is stored is not on a failover cluster and might not be highly available. To achieve the highest availability, store the virtual hard disk on a clustered file server (configured within a failover cluster).
As it usually does, the Failover Cluster Management tool is being very careful, pointing out that the file server share you are using is a potential single point of failure.
In order to have true high availability, you need to make sure that file share is also highly available. To achieve that, you need to place that file share in Failover Cluster as well.
The wizard has no way to detect if the file share is also clustered, so you will always get these warnings.
Now, you can go back and check the properties of the new highly available VM and bring it online.
One interesting thing you will notice is that you will not have any storage associated with that service, as you can see below:
In the summary page, you also confirm that, since you do not have the typical clustered disk listed in the summary for the virtual machine:
Moving the VM to another node
The last step is to prove that you can fail or move the VM to another node.
To do this, I use the option to “Move this service or application to another node”, which you can find when you right-click the virtual machine. See below:
When you do this, you will see that the VM will be taken offline in the source node (the state is saved first), as you can see below:
Then the VM will be brought online on the destination node (by restoring the state). Check below:
This process takes only a moment, and will depend only on how much memory you VM has and how long it takes to save the state to the file server share (from SPTNODE1) and then to restore the state from that same file share (from SPTNODE2).
You can see the final state, after the move to SPTNODE2 is completed, below:
More information can be found at source.
After a couple of complex deployments, I would like to share some of our findings and recommendations.
Quick Migrations & Clustering:
- Make sure you install this hotfix if you plan on using Failover Clusters.
- SCVMM does not support managing virtual machines if there is more than one virtual machine in a cluster group.
- Physical disk resource for the pass-through disk should be moved to the failover cluster node that hosts the virtual machine before it is added to the configuration of that virtual machine.
- Parent and child VHDs must be on disks that are in the same Services or Applications group as the virtual machine resource.
- To enable independent migration and failover of virtual machines with Microsoft Hyper-V, one storage LUN must be dedicated to each virtual machine.
Storage:
- If you need to expose the LUNs directly to a VM, your shared storage must be an iSCSI SAN (no Virtual HBA is supported in Hyper-V)
- Disk GUIDs can overcome the drive letter shortage but are terrible to use.
- Hyper-V IDE and SCSI storage devices both offer equally fast high I/O performance when integration services are installed in the guest operating system.
- Virtual machine must use a virtual IDE device as the startup disk to start the guest operating system but you have many options to choose from when selecting the physical device that will provide the storage for the virtual IDE device.
- To use the native disk support included in Failover Clustering, use basic disks, not dynamic disks.
Network:
- Vendor NIC Teaming like the HP Network Configuration Utility is currently not working correctly with Hyper-V as a result of the different way the Hyper-V management partition communicates with the network drivers. I was told that Microsoft is well aware of this and is looking into it. It takes two to tango in this case which might complicate things working towards a quick fix.
- Legacy network adapter is required if a virtual machine needs to boot from a network.
- Hyper-V does not support wireless networks.
- Network adapters must be dedicated to either network communication or iSCSI, not both. Moreover, You cannot use teamed network adapters, because they are not supported with iSCSI.
Some notes for more complex scenarios:
- Check out Sanbolic Kayo FS. It can be used to enable shared access to a SAN volume from multiple physical host servers (or in other words - VMFS-like functionality for Microsoft Hyper-V)
- For GeoClustering, check out Double-Take and their new offerings for Hyper-V.
In order to boot a Hyper-V child partition (guest) from an iSCSI LUN you need to expose that LUN to the parent partition (host), make sure the LUN is set as an offline disk in the host and then use the Passthrough option to expose the disk to the guest as IDE (ATA).
With that, you can successfully boot a Hyper-V guest from an iSCSI LUN. In fact, that works just the same for a fibre-channel LUN or SAS disks.
Here’s what the configuration of that virtual disk would look like:
There are also third-party solutions that will that will allow a Hyper-V guest to boot from an iSCSI LUN exposed directly to the guest. You can check a product from EmBoot that does exactly that at http://www.emboot.com.
How about a picture?
In the picture you see the different ways to expose a disk to a Hyper-V parent partition (host) and child partition (guest):
- C: = Using a VHD file on a directly attached disk (X:) on the host
- D: = Using passthrough to a directly attached disk on the host
- E: = Using a VHD file on a SAN LUN mounted as a volume (Y:) on the host
- F: = Using passthrough to a SAN LUN exposed to the host
- G: = Using an iSCSI LUN exposed directly to the guest
Note that, for the first four options, the disk can be exposed to the guest as either SCSI or IDE (ATA), regardless of the physical disk interface used on the host. Also note that the last option is only available for iSCSI SANs, not fibre-channel.
For all the details of what you can and cannot do in each scenario, check this post:
http://blogs.microsoft.co.il/blogs/dario/archive/2008/08/26/windows-server-2008-hyper-v-storage.aspx
Virtualization terminology
Before we start, I wanted to define some terms commonly used in virtualization. We refer to the physical computer running the Hyper-V software as the parent partition or host, as opposed to the child partition or guest, which is the term used for virtual machine. You can, say, for instance, that the host must support hardware-assisted virtualization or that you can now run a 64-bit OS in the guest.
The other term used with Hyper-V is Integration Components. This is the additional software you run on the guest to better support Hyper-V. Windows Server 2008 already ships with Hyper-V Integration Components, but older operating systems will need to install them separately. In Virtual Server or Virtual PC, these were called “additions”.
Exposing storage to the host
A Hyper-V host is a server running Windows Server 2008 and it will support the many different storage options of that OS. This includes directly-attached storage (SATA, SAS) or SAN storage (FC, iSCSI). Once you expose the disks to the host, you can expose it to the guest in many different ways.
VHD or Passthrough disk on the host
As with Virtual Server and Virtual PC, you can create a VHD file in one of the host’s volume and expose that as a virtual hard disk to the guest. This VHD functions simply as a set of blocks, stored as a regular file using the host OS file system (typically NTFS). There are a few different types of VHD, like fixed size or dynamically expanding. This hasn’t changed from previous versions. The maximum size of a VHD continues to be 2040 GB (8 GB short of 2 TB).
You can now expose a host disk to the guest without even putting a volume on it using a Passthrough disk. Hyper-V will let you “bypass” the host’s file system and access a disk directly. This raw disk, which is not limited to 2040 GB in size, can be a physical HD on the host or a logical unit on a SAN. To make sure the host and the guest are not trying to use the disk at the same time, Hyper-V requires the disk to be in the offline state on the host. This is referred to as LUN Passthrough, if the disk being exposed to the guest is a LUN on a SAN from the host perspective. With Passthrough disks you will lose some nice, VHD-related features, like VHD snapshots, dynamically expanding VHDs and differencing VHDs.
IDE or SCSI on the guest
When you configure the guest’s virtual machine settings, you need to choose how to show the host disk (be it VHD file or Passthrough disk) to the guest. The guest can see that disk either as a virtual ATA device on a virtual IDE controller or as a virtual SCSI disk device on a virtual SCSI controller. Note that you do not have to expose the device to the guest in the same way it is exposed to the host. For instance, a VHD file on a physical IDE disk on the host can be exposed as a virtual SCSI disk on the guest. A physical SAS disk on the host can be exposed as a virtual IDE disk on the guest.
The main decision criteria here should be the capabilities you are looking for on the guest. You can only have up to 4 virtual IDE disks on the guest (2 controllers with 2 disks each), but they are the only types of disk that the virtualized BIOS will boot from. You can have up to 256 virtual SCSI disks on the guest (4 controllers with 64 disks each), but you cannot boot from them and you will need an OS with Integration Components. Virtual IDE disks will perform at the same level of the virtual SCSI disks after you load the Integration Components in the OS, since they leverage the same optimizations.
You must use SCSI if you need to expose more than 4 virtual disks to your guest. You must use IDE if your guest needs to boot to that virtual disk or if there are no Integration Components in the guest OS. You can also use both IDE and SCSI with the same guest.
iSCSI directly to guests
One additional option is to expose disks directly to the guest OS (without ever exposing it to the host) by using iSCSI. All you need to do is load an iSCSI initiator in the guest OS (Windows Server 2008 already includes one) and configure your target correctly. Hyper-V’s virtual BIOS support booting to iSCSI directly. For more details, check this post - http://blogs.microsoft.co.il/blogs/dario/archive/2008/08/26/booting-an-hyper-v-guest-from-an-iscsi-lun.aspx
Moving disks between hosts
Another common usage scenario in virtualization is moving a virtual machine from one host to another. You will typically shut down the guest (or pause it), move the storage resources and then bring the VM up in the new host (or resume it).
The “move the storage” part is easier to imagine if you are using VHD files for guest disks. You simply copy the files from host to host. If you’re using physical disks (let’s say, SAS drives that are Passthrough disks exposed as IDE disks to the guest), you can physically move the disk to another host. If this is a LUN on a SAN, you would need to reconfigure the SAN to mask the LUN to the old host and unmask it to the new host. You might want to use a technology called NPIV to use “virtual” WWNs for a set of LUNs, so you can move them between hosts without the need to reconfigure the SAN itself. This would be the equivalent of using multiple iSCSI targets for the same Hyper-V host and reconfiguring the targets to show up on the other host. If you use iSCSI directly exposed to the guest, those iSCSI data LUNs will just move with the guest, assuming the guest continues to have a network path to the iSCSI target and that you used one of the other methods to move the VM configuration and boot disk (if it's not also on the iSCSI target).
Windows Server 2008 is also a lot smarter about using LUNs on a SAN, so you might consider exposing LUNs to multiple Hyper-V hosts and onlining the LUNs as required, as long as you don't access them simultaneously from multiple hosts.
Keep in mind that, although I am talking about doing this manually, you will typically automate the process. Windows Server Failover Clustering and System Center Virtual Machine Manager (VMM) can make some of those things happens automatically. In some scenarios, the whole move can happen in just seconds (assuming you are pausing/resuming the VM and the disks are in a SAN).
A few tables
Since there are lots of different choices and options, I put together a few tables describing the scenarios. They will help you verify the many options you have and what features are available in each scenario.
Table 1
Table 2
Table 3
(a) Works as legacy IDE but will perform better if Integration Components are present.
(b) Works as legacy network but will perform better if Integration Components are present.
(c) Hyper-V maximum VHD size is 2040 GB (8 GB short of 2 TB).
(d) Not limited by Hyper-V. NTFS maximum volume size is 256 TB.
(e) Microsoft iSCSI Software Target maximum VHD size is 16 TB.
(f) Requires SAN reconfiguration or NPIV support, unless using a Failover Cluster.
(g) Can be used for data/boot/system disks.
(h) Requires SAN reconfiguration or NPIV support, unless using a Failover cluster. All VHDs on the same LUN must be moved together.
(i) Requires third-party product like WinBoot/i from EmBoot.
(j) Not limited by Hyper-V.
References
http://blogs.msdn.com/tvoellm/archive/2008/01/02/hyper-v-scsi-vs-ide-do-you-really-need-an-ide-and-scsi-drive-for-best-performance.aspx
http://blogs.technet.com/jhoward/archive/2007/10/04/boot-from-scsi-in-virtual-server-vs-boot-from-ide-in-windows-server-virtualization.aspx
Screenshots
Screenshot of settings for scenario 2 in table 3 (VHD exposed as SCSI):
Screenshot of settings for scenario 8 in table 3 (iSCSI LUN Passthrough exposed as IDE, which your guest can boot from):
More information (partly outdated) can be found at source.
To mutually authenticate the non-domain joined agent, both the non-domain joined agent and the server both require a personal computer certificate and a root CA certificate. This can be accomplished through two basic steps:
1. Request and acquire the certs from a Certification Authority (CA).
Your company may already have an Enterprise CA set up if using PKI, but if not, you can install a CA (just add it as a role, like you do any other role in Win2K3 and up) and request certificates from there.
2. Install the certificates onto the local machine certificate store of the agent and server computer. Run MOMCertImport.exe tool.
This step is required to, in a sense, "register" your certificates to your computer. The MOMCertImport tool will alert OpsMgr of which certificates you would like to use.
How "Certificate Generation Wizard" can simplify the process
CertGenWizard.exe is a wizard tool which will take your CA information as input (it isn't required if you are running the wizard on the box with the CA), take in the computer names (has to be FQDNs), and send out a request for the certificates you need. Now, you no longer have to fill out the Certificate Request form or enter parameters or connect to the web enrollment service. Once the certificates are approved, there is a Retrieve button in the CertGenWizard which will allow you to retrieve the certificates that you have requested. On top of the personal certificates, the wizard will retrieve the root CA certificate.
The biggest benefit to this tool is the added ability to request multiple certificates at once. If you have 100 non-domain joined agents that you need to set up cert auth for, you can simply request all 100 machine certificates at once, retrieve them all, and manually bring them over to your other machines.
Once you have brought them to your other machines, CertInstaller.exe is a second tool that will install the certificates into the local machine store of your computer and run MOMCertImport.exe for you. Note: Install OpsMgr Agent FIRST and then run the tool!
Below are the steps to using the tool:
Pre-requisites:
-.NET Framework 3.0
-A Certification Authority (Win2K3/Win2K8 Enterprise/Stand-alone CA)
-If it is an Enterprise CA (an OpsMgr certificate template must be created)
-make sure createReqFile.bat is in the same directory as the CertGenWizard.exe
-MOMCertImport.exe must be in the same directory as CertInstaller.exe.
Using CertGenWizard.exe:
Installing the wizard:
- Download the .zip file and unzip it on to a computer with a CA or that has access to a CA.
- Run CertGenWizard.exe.
Requesting certificates:
-
Discover your CA page - Supply your CA information to find a particular CA to use. If you don't have a CA installed, you'll have to install one yourself. Note: The wizard won't continue if it doesn't detect a CA.
-
Certificate Request page - Enter the FQDNs of the computers you need certificates for (all the agents and servers), a save directory. Note: If you have an Enterprise CA, a drop down box will appear and you must select a certificate template. This must be created beforehand by your CA admin. The instructions to create an OpsMgr cert template are included in the OpsMgr Security Guide.
-
Hit Create.
Notes:
A processing page will pop up showing the status of each certificate request.
The root CA certificate will also be downloaded at this level and saved as RootCertificate.cer.
Retrieving certificates:
-
If auto-approve is on, your certificates will be retrieved automatically. You're done.
-
Otherwise, the pending certificates will be displayed in the next screen.
-
Ask your CA admin to approve the requests. At this point you can close the wizard and come back to it. If you are the CA Admin, log on to your CA machine, run cmd --> certsrv.msc to open your CA console. Go to Pending Requests, and find the request ID of the certificates you have requested and issue them. Close the console once you're done.
-
Open your wizard if it's closed, view your pending Certificate Requests and hit Retrieve.
Status:
The final page will alert you of your status. It will alert you to say which certificates have been denied, which have been approved, and which still are pending.
Using the Certificate Installer:
Note: Install the OpsMgr agents BEFORE running the Installer.
What you need on the agent machine:
-
Load the machine certificate.
-
Load the root certificate.
-
Click install.
Download "Certificate Generation Wizard" from here -
For more details, check out source.
In my previous post, I've described the VMM 2008 PRO feature.
The following steps discuss the best way to get through the configuration and ensure a successful configuration.
First I want to be clear on two assumptions that are made by the following instructions:
- These instructions will not work with VMM beta, they are written assuming that you are using a post beta build of VMM 2008
- These instructions assume that you have already installed OpsMgr 2007 sp1. In order to try and keep these instructions clear, let's call the root management server opsmgr-01
1. Install Virtual Machine Manager 2008 Server (Let's assume this machine is names VMM-01)
Note: If the VMM server and the OpsMgr Server are installed on the same machine then skip step 2 and continue with step 3.
2. Install the VMM 2008 console on VMM-01
3. Install the OpsMgr 2007 sp1 console on VMM-01
4. Log into your root management server (opsmgr-01 ) with an account which has been granted Operations Manager Administrators access.
5. Uninstall any version of the VMM 2008 console that may have been previously installed. If the OpsMgr Server is the VMM server then uninstall the VMM console (don't worry it will be reinstalled as part of step 8).
6. Open the Operations Manager console and import the following MPs if they are not already imported:
- a. SQL Server MP (Download here)
- Microsoft.SQLServer.Library
- Microsoft.SQLServer.2005.Monitoring
- Microsoft.SQLServer.2005.Discovery
- b. IIS 2003 MP (Download here)
- Microsoft.Windows.InternetInformationServices.CommonLibrary
- Microsoft.Windows.InternetInformationServices.2003
7. If you have older versions of the VMM MPs imported then remove all of them.
8. On your root management server, run the setup from the VMM 2008 CD and select Configure Operations Manager and on each of your management servers just run the VMM Administrator Console installer.
Note: You must run one of the two setup wizards on each of the OpsMgr servers in your management group.
Note: This setup wizard will do the following:
- Import the VMM management packs, including all MPs required for PRO.
- Grant the run as account of your VMM server the necessary access to your OpsMgr Server.
- Install the VMM console.
9. Log into the VMM console and connect to your VMM server (in this case VMM-01)
10. Open the Administration tab and select User Roles.
11. Open the properties of the Administrators user role and add the Default Action Account for each of the management servers in the management group.
12. Open the Administration tab and select System Center from the tree view in the upper left of the console.
13. Open the Operations Manager Server item and enter the name of your OpsMgr root management server (in this case opsmgr-01)
At this point VMM and OpsMgr are integrated, and you can see all of the data from your VMM installation discovered into your OpsMgr installation by opening your OpsMgr Console and navigating to the Monitoring tab. From there you will find a newly created folder called Virtual Machine Manager 2008 Views. Inside that folder there should be a new view with the name of your VMM server. If that view does not exist, then you should check the Operations Manager event log on the OpsMgr Server (opsmgr-01). If there were any errors during discovery they will show up here.
More information can be found here.
VMM2008 includes a very nice new feature that rely on OpsMgr 2007 in order to provide automatic self-healing and minimize downtime.
What is PRO?
PRO stands for Performance & Resource Optimization, which:
- Is a powerful and valuable feature as the result of integration between SCOM (OpsMgr) and SCVMM;
- Is a software package that leverages the System Center Operations Manager framework, which enables Microsoft partners (software and hardware vendors) to deliver value-added service and solution to our mutual customers;
- Contains a connector piece that accelerates the communications between OpsMgr and SCVMM, and management packs with specific policies that VMM is called to take actions on;
- Provides values of minimizing downtime, accelerating time to resolution, and, for advanced users with carefully designed policies, achieving self-healing / auto-recovery / hands-free management experience;
How does it work?
To explain how PRO works, let me use a simulated scenario to describe the system behaviors and the user experience.
From the slide below, you can see how VMM PRO reacts to the event that is monitored and reported by OpsMgr:
-
Assume that we have a three-node cluster with some HA VMs running on each, and the cluster is managed by a VMM server integrated with OpsMgr.
-
When the resources of a VM peak out on host #1 below on the very left, OpsMgr detects the defined threshold is reached and immediately notifies SCVMM.
-
A PRO tip pops up on the SCVMM admin console.
-
Depending on your setting, either manual or auto approval of the action recommended (in this case, Move-VM) would move the VM to the highest rated host (per our intelligent placement), in this case, the host server in the middle with the least load.
Once the migration is completed, all the physical and virtual system states go back to normal, and the alerting state is also cleared for the VM that is now migrated to a new host. Business continues as usual...
More information can be found here.
An interesting doc titled "System Center Configuration Manager 2007: Sample Configurations and Common Performance Related Questions" was recently published. It's designed to provide an overview of sample hardware configurations used in stress and scale testing for different size environments. Additionally, it answers common questions about planning and configuring for optimal performance.
Download from here.
Installing ConfigManager 2007 onto a Windows Server 2008 based server can be a challenge. Having recently been through the process for my own lab environment I thought I’d share the process in the hope that it will save you some time when you need to create this configuration. Before you begin you will need to gather the following components:
- Windows Server 2008 RTM (x86) and Licence Key
- SQL Server 2005 and Licence Key
- System Center Configuration Manager 2007 and Licence Key
You will also need to download the following components:
Step 1 – Install Windows Server 2008
Install Windows Server 2008 (x86) on a machine with the following minimum specification:
- Memory: 2GB
- Hard Disk 2 x 70GB disks
This could be a physical machine or a virtual machine based on Virtual PC, Virtual Server or Hyper-V
Step 2 – Configure Windows Server 2008
Once the Windows Server 2008 installation has completed, log in as Administrator and carry out the following initial tasks:
- Set a static IP address for the server
- Unbind IPv6 from the network card (this is not a full fix for removing IPv6 - look out for a future post on this subject)
Step 3 – Add Additional Windows Server 2008 Roles and Features
Additional Windows Server 2008 roles and features (through Control Panel > Programs and Features) are required to support the ConfigMgr 2007 installation:
1. Add the Windows Deployment Services (WDS) role with default settings (do not configure WDS as ConfigMgr will do that later)
2. Add the IIS role with the following settings:
a. Add ASP.Net Role. Accept defaults.
b. Add ASP (required for ConfigManager Reporting Point to function)
c. Add Windows Authentication
d. Add Static Content
e. Add IIS 6 Management Compatibility and all of the sub-components of it.
3. Add the Remote Differential Compression feature
4. Add the BITS Server Extensions feature
5. Install the Microsoft WebDAV Extension for IIS 7.0 (x86) (location for download listed at the beginning of this article)
a. Use the instructions at http://technet.microsoft.com/en-us/library/cc431377(TechNet.10).aspx to configure WebDav.
You will need to follow Steps 4 and 5 in this document under the section “Install and Configure WebDAV”
Step 4 – Add Additional Non Windows Server 2008 Components
Now that Windows Server 2008 is configured to install ConfigManager 2007 we now have to add some additional software services for use by ConfigManager 2007
1. Install Windows Software Update Services 3.0 SP1 32bit (location for download listed at the beginning of this article)
2. Install SQL 2005
3. Install SQL 2005 SP2 (location for download listed at the beginning of this article)
a. Stop the SQLServer service in preparation for SP2 installation. This is to avoid a system restart.
b. As suggested by SQL SP2 setup wizard, launch sqlprov
c. Run services.msc and re-start the SQL 2005 service.
d. Add a domain account to the SQL sysadmin role. (This is unique requirement in Server 2008 environment)
4. Install SQL Critical Update 934458 (location for download listed at the beginning of this article)
Step 5 – Install ConfigManager 2007
Now we are ready to install ConfigManager 2007 – this is a two stage process to first install ConfigManager 2007 RTM and then apply ConfigManager 2007 SP1 – if you have access to the SP1 slipstreamed version of ConfigManager 2007 then you can skip step 2 below.
1. Install ConfigManager 2007
a. Extend the schema by running the \smssetup\bin\i386\extadsch utility. Run this under Enterprise Administrator credentials and review c:\extadsch.log for results.
b. Either use an Internet connection (for auto-download) or a pre-staged folder for setup update files required by ConfigManager setup application.
2. Install ConfigManager 2007 SP1 (location for download listed at the beginning of this article)
a. Either use Internet connection (for auto-download) or a pre-staged folder for setup update files required by ConfigManager SP1 setup application.
3. After installation, add the PXE service point and Reporting Point site system roles.
For those of you who want to install SCCM 2007 SP1 in native mode and have trouble with the certificates in Windows Server 2008, check out these lines:
For more details, check out source.
This hotfix contains fixes for issues that can occur, either after installation of Operations Manager 2007 SP1 or Essentials 2007 SP1 on Windows Server 2008, or after the operating system in-place upgrade from Windows Server 2003 to Windows Server 2008.
This hotfix should be applied to the following Operations Manager 2007 SP1 roles:
- RMS
- Management Server
- Gateway Server
- Web Console Server
- SCE Server
- Manually installed Agent (This hotfix should be applied directly to manually installed agents. Automatically deployed agents will appear in the Pending Management view to be approved for upgrade after installing this hotfix on the RMS/Management Server/Gateway server roles)
The three issue areas found and fixed are:
- An issue has been identified with upgrading an Operations Manager managed agent Operating System from Windows Server 2003 to Windows Server 2008 (any supported SKU) due to which the health service fails to start on the upgraded Operations Manager managed agent machine. The issue is due to the fact that the OS upgrade removed the certificate store in which the Operations Manager Health Service places its certificate for secure storage data encryption. When the secure storage manager component of the HealthService initializes, if there is a certificate serial number set but the store doesn't exist, it fails. This hotfix resolves this issue.
- Several issues have been found due to User Access Control (UAC) changes within Windows Server 2008, where the Operations Manager Web Console fails to render pages correctly. Symptoms can include:
- Web Console fails to launch
- The My Workspace page fails to render
- Performance views fail to render
- An issue has been identified when upgrading an Operations Manager Management Server role Operating System from Windows Server 2003 to Windows Server 2008 (any supported SKU), where the Operations Manager performance counters are not registered after upgrade. Installation of this hotfix, applied after OS upgrade, corrects this issue.
Download from here - Microsoft System Center Operations Manager 2007 SP1 & System Center Essentials 2007 SP1 Windows Server 2008 Support Hotfix.
This important Capacity Planning tool has been updated to version 15.6.
The calculator uses all the recommendations outlined in the following articles, and thus it is recommended you read them before utilizing it:
The calculator is broken out into the following sections (worksheets):
- Input
- Storage Requirements
- LUN Requirements
- Backup Requirements
- Log Replication Requirements
- Storage Design
List of supported applications on Hyper-V:
http://support.microsoft.com/?kbid=957006
All, based on this press-pass published today. I think it will generate questions from our customers. In particular the section related to support:
Expanded Technical Support
Microsoft has updated its technical support policy for 31 server applications so that customers can receive technical support when deploying those applications on Windows Server 2008 Hyper-V, Microsoft Hyper-V Server or any other third-party validated virtualization platform. Now customers can get the same level of product support in a virtualized environment that they are accustomed to with non-virtual environments. More information is available at http://support.microsoft.com.
To enable this support policy, Microsoft launched the Server Virtualization Validation Program in June 2008. The program is open to any software vendor to test and validate its virtualization software to run Windows Server 2008 and previous versions of Windows Server. To date, Cisco Systems Inc., Citrix Systems Inc., Novell Inc., Sun Microsystems Inc. and Virtual Iron Software Inc. are participating in the program.
“Technical support of virtualized images is an industry-wide challenge,” said Roger Levy, senior vice president and general manager of open platform solutions at Novell. “Novell and Microsoft continue to collaborate to optimize bidirectional virtualization between Windows Server and SUSE Linux Enterprise with Xen. Microsoft’s Server Virtualization Validation Program provides customers with additional peace of mind when they run Windows as a guest in a validated environment such as SUSE Linux Enterprise.”
Here's a list of some of the key improvements in the RTM version (in comparison to the current Beta) of VMM 2008:
- Support for managing hosts in a Disjoint Namespace
- PRO (Performance & Resource Optimization)
- Support for enabling PRO on non-clustered hosts
- Automated loading of OpsMgr MPs via "Configure Operations Manager" option in Setup
- View Script Option – now you can preview the script that PRO will run to implement the PRO Tip
- Admin Console
- Network Diagram View graphically shows how your hosts and VMs are connected to networks in your environment (some screen shots to follow)
- New, more polished UI
- Self-Service
- Allow users to mount ISOs
- Completely overhauled UI
- VMware management
- Support for VMware HA along with HA VM creation on VMware clusters
- Enhanced security for VMware management
- Management of ESX 3i
- Global Static MAC Address
- Configure the range of MAC addresses VMM uses when creating new virtual network devices
- P2V improvements
- Support for offline conversion using static IP
- Storage and network driver detection for offline conversion
- P2V of domain controller
- VM Creation
- Creation of VMs without customization required (templates now have the option of “skipping” customization) so you can use non-Windows templates
- Product Key encryption by default in Guest OS profile
- VHD expansion
- Setup and Installation
- SQL 2008 Support
- VMM 2007 to VMM 2008 Migration
- Ability to install as a domain user in addition to local system
VMM 2008 is scheduled to be released on September 8th.
More Posts
Next page »