Set Virtual Network Adapter Identification from VMM TP3

When you create a virtual machine from VMM Technical Preview 3, you have a new setting in the network adapter configuration called Device Properties. You can set the adapter name as the VM Network name or you can specify your own adapter name. In the below example, I have set LAN as adapter name.

Once the VM is deployed, you can retrieve the custom adapter name by using Get-NetAdapterAdvancedProperty PowerShell cmdlet.

As you can see in the above screenshot, you can retrieve the custom adapter name in the Hyper-V Network Adapter Name property. So I make a filter on this property by using a pipe.

Then I display only the network adapter name and the custom adapter name. Now we have all the required information to use the Rename-NetAdapter cmdlet.

So I have written a PowerShell script to rename automatically the network adapter name by the Virtual Network Adapter Identification :

Foreach ($NetAdapter in Get-NetAdapter){
    $NetAdapterDisplayValue = (get-netAdapterAdvancedProperty |
                               ?{($_.DisplayName -eq "Hyper-V Network Adapter Name") `
                               -and ($_.Name -eq $NetAdapter.Name)}).DisplayValue

    Rename-NetAdapter -Name $NetAdapter.Name -NewName $NetAdapterDisplayValue 
}

When this script is executed, the network adapter name is well renamed.

Rename VM’s Network Adapters automatically during deployment

To rename the VM’s network adapter during deployment, I add the above script to the sysprep’d image. So first I mount the VHDX as below.

Then I create a folder called Scripts and I paste the script inside the folder. After that I unmount the VHDX.

Next I come back to VMM TP3 and I edit my VM template. In OS Configuration I add a GUIRunOnce command to run the RenameNetAdapter.ps1 script.

Next I deploy a new VM. I specify a custom adapter name as below.

Then I add a second network adapter called Cluster. I specify also a custom network adapter.

When the VM is deployed and when you are logged once, the RenameNetAdapter script is executed. So the network adapter should be renamed as below.

Thanks to the next version of Hyper-V and VMM, we can now automate the VM’s network adapters renaming easilyJ.

The post Rename VM’s Network Adapters automatically with Virtual Machine Manager 2016 appeared first on Tech-Coffee.

Create Gen 2 VM though VM Role

Since Update Rollup 6 of Windows Azure Pack, it is possible to deploy Gen2 virtual machines through VM Roles. So in the first place I set my VHDX syspreped from a Gen2 virtual machine. For that I run the below PowerShell script. This script set the Family Name, the tags, the release version, the product key and the Operating System on the VHDX located in the VMM library.

$LibraryServers = "library.home.net"
$VHDName = "Gen2-W2012R2"
$FamilyName = "Windows Server 2012 Datacenter"
$Release = "1.0.0.0"
$Tags = "WindowsServer2012"
$AVMAKey = "Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW"
$MyVHDX = Get-SCVirtualHardDisk | where {$_.Name –eq $VHDName}
$2K12DC = Get-SCOperatingSystem | where { $_.name –eq '64-bit edition of Windows Server 2012 Datacenter'}
Foreach ($Library in $LibraryServers){
    $MyVHDX = Get-SCVirtualHardDisk | where {($_.Name –eq $VHDName) -and ($_.LibraryServer -contains $Library)}
    $oTags = $myVHDX.Tag
    if ( $otags -cnotcontains $Tags ) { $otags += @($Tags) }
    Set-scvirtualharddisk –virtualharddisk $MyVHDX `
                          –OperatingSystem $2K12DC `
                          -FamilyName $FamilyName `
                          -Release $Release `
                          -Tag $oTags `
                          -ProductKey $AVMAKey
}

Then we have to configure a Custom “Cloud” Properties in order to enable the support of Gen2 VM though VM Role. So edit a Cloud from VMM console and select Custom Properties. Then click on Add. On the next window, select Cloud Object Type and click on create. Specify SupportedVMGenerationForVMRole as Name and specify a description. When you have clicked on ok, select your new property and click on Add.

To finish with the Cloud configuration, specify the value 2 on the SupportedVMGenerationForVmRole property.

Next, open the Windows Azure Pack tenant portal, and create a new VM Role. Now you should be able to select your Gen2 VHDX in Operating System Disk menu.

When the VM Role provisioning is finished, you should have a VM in Gen2 J.

The post Deploy Gen2 VM through VM Role in WAP UR6 appeared first on Tech-Coffee.

Architecture overview

The storage architecture is really simple. I have created a network called Storage (10.10.1.0/24) and it is not routable. I have isolated the network with VLAN tagging.

The NAS is a QNAP TS-853Pro:

• CPU quad core
• 2GB of RAM
• 4x NIC 1GB
• QTS 4.1.3
• 8x Hard Drive enclosure

Three NICs are dedicated to the storage on the NAS and on each Hyper-V. The iSCSI target service is bound only to these three NICs. The last NICs is dedicated to the other service (SMB, Video Station, Download Station and so on).

I have eight Hard Drives in the NAS installed this way:

• Bay 1 & 2: Western Digital RED 2TB for entertainment (RAID 1);
• Bay 3 & 4: SSD Crucial BX100 256GB for cache acceleration;
• Bay 5 to 8: Seagate Constellation ES3 1TB (RAID 10).

Storage Pool and Cache acceleration

QNAP provides a feature called Storage Pool that enables to aggregates physical hard drives into a storage space by leveraging RAID protection. To create a storage pool on the QNAP, connect to QTS and open the Storage Manager. Navigate to Storage Pool tab and select New Storage Pool.

Then select the Hard Drives that will be members of the Storage Pool and choose a RAID Type. On my side, I have chosen RAID 10 for best performance in read and write operation.

When you have clicked on Create, the Storage Pool is created and it should be in a Synchronizing state for a while.

Because four hard disks are not sufficient to have good performance, I use Cache Acceleration technology. This feature is usually called SSD cache. The operation is pretty simple: when a data is neither found in CPU or in RAM, the information is got from hard drives and copy to the SSD Cache. The next time this information will be asked, it will be got from the SSD cache. When the data is found in the SSD cache, it is called a Hit. So, more the hit rate is high, more the system will be fast.

In QNAP implementation, there are two cache algorithms:

• LRU (Least Recently Used): Higher HIT rate but requires more CPU resources;
• FIFO (First In First Out): Requires less CPU resources but lower HIT rate.

To implement the Cache Acceleration, open the Storage Manager and select Cache Acceleration. Then click on Create.

Next I select my two SSD and I select LRU cache algorithm.

When you have clicked on create, the SSD cache is ready to serveJ.

Network Card configuration

NAS Side

Below you can find my network configuration on the QNAP NAS:

I have enabled Jumbo Frame on each storage interface and the VLAN number is 20. To finish, only the iSCSI Service is bound to storage interface:

Hyper-V host side

On Hyper-V host side, I have dedicated three NICs on the storage network. The Jumbo Frame is also enabled and I have set the VLAN number to 20.

Only these items are enabled on Storage network interface. I have also disabled Netbios and DNS registration.

Implement SMI-S provider

Now it is time to implement SMI-S Provider. I have installed this provider on my both VMM servers. You can download the installer here. Before running the installation, I create a local account that I have called Storage and I have added it to local Administrators group.

Then I run the installation.

I have enabled the authentication by specifying the same account that I have created previously.

Once the installation is finished, you can open QNAP SMI-S Provider Manager. Then specify the IP address of your NAS, the port and click on Add.

Next specify admin credentials.

At the end you should have your NAS listed with OK status.

Because I have installed the SMI-S Provider on my both VMM servers, I have created a Round Robin DNS entry called SMIS-QNAP.home.net.

Add storage provider in Virtual Machine Manager

Now we can play with Virtual Machine Manager. Open a VMM console and navigate to the Fabric and right click on Provider. Then click on Add Storage Devices. Next select SAN and NAS devices discovered and managed by a SMI-S Provider.

Specify the SMI-S provider FQDN and select a RunAs account. The RunAs account must be the same as specified during SMI-S provider installation.

If you have selected SSL, you have to import the certificate as below.

Then select the storage device as below.

Next I specify a Classification and the Host Group.

Add iSCSI array to Hyper-V hosts

N.B: Before adding the iSCSI array, be sure that the iSCSI initiator is started and MPIO is installed and configured on your Hyper-V hosts.

Now I have to add the iSCSI Array to the Hyper-V hosts. For that, open the Hyper-V host properties and select Storage tab. Click on Add and select Add iSCSI Array.

Select the Array and click on Create.

To create additional session, you can click on Create session. Before creating session, be sure that MPIO is installed and configured.

Add storage to Hyper-V Cluster

Now we can create LUNs and convert them to CSV for the Hyper-V Cluster. So open the properties of the Cluster and navigate to Available Storage. Then click on Add.

Next click on Create Logical Unit. Specify a name and a size. I choose to create a fixed size storage LUN.

Once the LUN is created, I select the LUN, I give it a volume label and I click on OK.

Meanwhile, I connect to the QNAP console to edit the just created LUN. Next I select SSD Cache option.

Then you can open the iSCSI storage tab to see that two targets have been created with the LUN associated.

Next I come back to VMM and I re-open the cluster properties. Select the Available Storage tab and click on Convert to CSV.

And tadaa, the LUN is added to Cluster Storage J.

Performance

To test the performance, I have copied a big VHDX from the Hyper-V host to the LUN. And the result is amazing: I have 18,000 IOPS on average!

Below you can see that I copy files almost at 530 MB/s.

And the Cache Acceleration is well running J

Conclusion

Before buying a QNAP, I had a Synology DS412+. I have bought a QNAP because it can be connected to Virtual Machine Manager by SMI-S. Moreover QNAP supports Storage Pool that enables to create multiple LUNs on the same group of disk. When you have not enough bay in your NAS, just add some SSD to increase overall performance of the storage solution. So QNAP NAS is great to implement Cluster Share Volumes for Hyper-V Cluster storage.

The post Implement QNAP storage for Hyper-V cluster from VMM appeared first on Tech-Coffee.

VMM can be connected to an upstream or a downstream WSUS but not to a WSUS replica. Moreover, if you have System Center Configuration Manager (SCCM) already connected to a WSUS, you can use the same on VMM.

For example, in my lab, I have a server that hosts SCCM and the WSUS. This server is called VMCMG01. So I will connect my VMM to VMCMG01 to manage fabric servers updates from Virtual Machine Manager.

Add an Update server to VMM

First of all, add a RunAs account to the local Administrators group on the WSUS server:

Next, open the VMM console and navigate to the fabric. Right click on Update Server and select Add Update Server.

Specify the WSUS server hostname, the TCP port of WSUS (by default: HTTP: 8530, HTTPS: 8531) and the RunAs account. Don’t forget to tick the checkbox if you use SSL to communicate with WSUS.

Once you have clicked on Add, a job is launched to add the Update Server.

Once it is finished, you should have an Update Server in responding state.

Create and assign a baseline

Now that Virtual Machine Manager is connected to a WSUS, the update catalog should contain updates. To open the update catalog, navigate to the library and Update Catalog and Baselines.

By default, no baseline is assigned to fabric servers. So I will create a baseline that will contain only security updates. So I right click on Update Baselines and I select new baseline.

First specify a name and a description of the baseline.

In updates screen, click on Add to add updates to the baseline.

At the top of the window you can specify a filter to display only updates you want. So I type Security and I select all updates. Then I click on Add.

Once the updates are added to the baseline, you can click on next.

Next select on which fabric servers you want to apply the baseline. Because I have created this baseline for Hyper-V, I select all host groups.

To finish, click on … finish J.

At the end, my baseline is assigned to one host group (the top level host group) and contains 177 updates.

Check the compliance

Now open the fabric tab and navigate to your host groups. Right click on a Hyper-V host. You should see Scan, Remediate and Compliance Properties:

• Scan: enables to check the compliance status to verify if all updates are installed;
• Remediate: install the updates to be compliance with the baseline;
• Compliance Properties: open a view to verify the compliance status regarding baseline

Below the Compliance Properties window on the hyperv01 Hyper-V host. Because no compliance scan has been run on this Hyper-V host, the compliance status is unknown.

So I run a compliance scan on HyperV01 by clicking on Scan.

When the compliance scan is finished, I come back to the compliance properties and I can see that my HyperV01 is compliant.

You can have an overview on the compliance status of the fabric servers by selecting the Compliance view as below:

My HyperV02 is non compliant, so I decide to run a remediation. I right click on the Hyper-V host and I select Remediate. In the update remediation window I select my baseline and I just click on Remediate.

$managedComputer = Get-SCVMMManagedComputer -ComputerName "hyperv02.home.net"
$baseline = Get-SCBaseline -Name "HomeCloud Security Baseline"
Start-SCUpdateRemediation -VMMManagedComputer $managedComputer -Baseline $baseline –RunAsynchronously

And after some time, my HyperV02 is compliant J

The post Manage fabric servers updates from Virtual Machine Manager 2012R2 appeared first on Tech-Coffee.

The first feature of IPAM is the Address Space Management (ASM) that enables to gain visibility on the IP Address infrastructure. This feature detects DHCP scope, conflict or duplicate address space. It enables also to monitor and make reports of address utilization statistics and trend.

The second feature of IPAM is the Multi-Server Management (MSM) that enables to discover DNS and DHCP servers and to monitor the service availability. MSM is also able to perform updates simultaneously in the DNS and the DHCP scopes.

The third feature is the Virtual Address Space Management (VASM) that enables to gain visibility on virtual address spaces that are configured in Virtual Machine Manager. VASM provides the same features than ASM.

To finish IPAM provides Network Audit which is a centralized repository that contains each change performed on the DHCP server, IPAM server and IP issued on the network. That enables to view potential configuration problems on DHCP servers. Detailed IP address tracking data is also provided, including client IP addresses, client ID, host name, and user name. Advanced search capabilities enable you to selectively search for events and obtain results that associate user logons to specific devices and times.

IPAM Deployment

IPAM Installation

First I create a Virtual Machine called VMIPM01 based on Windows Server 2012 R2. I update the system and then I run the below PowerShell command:

install-WindowsFeature IPAM, IPAM-Client-Feature

Once the IPAM features are installed, you can navigate to IPAM from the Server Manager.

Provision the IPAM Server

Next I make the provisioning of the IPAM Server. In the below screenshot, you can see the process to follow to configure the IPAM.

Next I choose to use a Microsoft SQL Server to host the IPAM database. I specify an AlwaysOn Availability Group to ensure high availability.

To connect to the database, I use the IPAM server credentials. So I add Home\VMIPM01$ security login to SQL Server as Sysadmin. When the database will be created, I will remove the Sysadmin right to Home\VMIPM01$.

To allow IPAM access to the managed servers as DNS or DHCP, some parameters have to be set. This can be done manually or by GPO. I choose to use GPOs to automate the configuration of managed servers. I set the GPO prefix to IPAM.

Once the IPAM databases and parameters are set successfully it is necessary to create the GPOs in each IPAM managed domain.

To create the GPOs, I use the below script:

Invoke-IpamGpoProvisioning -Domain "Home.net" `
                           -GpoPrefixName "IPAM" `
                           -IPAMServerFQDN "VMIPM01.home.net"

This command create three GPOs:

Database configuration

Because I use AlwaysOn, I want to add the IPAM database to the Availability Group. So first I configure the recovery model of the database to Full:

USE master;
ALTER DATABASE IPAM SET RECOVERY FULL ;
Go

Next I make a backup of the database:

Use master
GO
Backup DATABASE IPAM TO DISK='E:\MSSQL\MSSQL11.SQLI01\MSSQL\Backup\IPAM.bck'
GO

Then I navigate to the Availability Group and I select Add Database.

I select the IPAM database and I click on next.

Once the database is added to the AlwaysOn Availability Group, I run the below script on the other SQL Server node to create the security login.

-- Login: HOME\VMIPM01$
CREATE LOGIN [HOME\VMIPM01$] FROM WINDOWS WITH DEFAULT_DATABASE = [master]

IPAM configuration

Next it is necessary to configure the server discovery.

So I select the domains and the server roles to discover. I don’t have a DHCP server in the infrastructure because I almost use only virtual machines and so I use Static IP Address Pool.

Next I start the server discovery to find the Domain Controllers and DNS servers.

Once the server discovering is finished, I click on Select or add servers to manage and verify IPAM access. So I right click on the server to edit it.

I change the Manageability status to Managed.

When you set the manageability status to Managed, the GPO security filtering is updated:

Then after that the GPO is applied on the server, the IPAM Access Status should be Unblocked.

Integrate IPAM to VMM

Now I can add the IPAM network service to Virtual Machine Manager. So I open the VMM console and I navigate to the Fabric. Then I add a new network service. I call it IPAM.

I choose Microsoft as Manufacturer and Microsoft Windows Server IP Address Management as Model.

Next I choose the Run As account.

Then I specify the FQDN of the IPAM server.

Next I run the validation to check if all is ok.

Once the network service is added, I gain the visibility of Virtual IP Address Space in the IPAM console.

Use IPAM

In the IPAM, it is easy to find information about Static IP Address distributed by VMM. In the below screenshot, I have information about IP Address distributed as the host name of the related server, the network site and so on.

The IP Address Ranges view shows us the state of the Static IP Address Pool.

If I select an IP Address Range, I have more information in the details view as the percentage utilized, the gateway addresses and so on.

It is also possible to gain the visibility of all Virtual IP Address Spaces and their percentage utilized. Thanks to this view, it is easy to make network capacity management.

In the details view, a utilization trend is available to view the percentage of free IP in the address space in function of time.

The post Implement IPAM with Virtual Machine Manager appeared first on Tech-Coffee.

The below schema shows the Windows Azure Pack deployment in high availability that I have made on my mockup.

The Cluster-THUB hosts the below tenant web services:

• Tenant public API (DNS alias: api.home.net);
• Tenant authentication site (DNS Alias: auth.home.net);
• Management portal for tenants (DNS alias: www.home.net).

The Cluster-AHUB hosts the below privileges web services:

• Admin API (DNS Alias: wapadminapi.home.net);
• Tenant API (DNS Alias: waptenantapi.home.net);
• Admin authentication site (DNS Alias: wapadminauth.home.net);
• Management portal for administrators (DNS Alias: wapadmin.home.net).

The SQL Server Availability Group AAGWAP01 hosts databases for Windows Azure Pack while AAGWAP02 hosts databases for SPF, SMA, and Websites. In this topic I don’t approach the installation and the configuration of SQL Server AlwaysOn. For more information about AlwaysOn topic, please read this article.

To implement load-balancing, I use the NLB feature included in Windows Server. For company that already have a load-balancing appliance such as F5, of course you can use it instead of NLB (and I recommend to use a dedicated load balancing appliance for intensive environment).

To deploy the infrastructure described above, first I have installed the SQL Always On. Then I have installed the Windows Azure Pack on servers.

Public services installation and configuration

Installation

To install the public services, please read the part “Public Services Installation” of this topic. Follow this procedure for each node that hosts public services. When you are on Database Server Setup screen, specify the same database information on each node. The database server name should be an AlwaysOn Availability Group (AAG) Listener. For me, the database server name is AAGWAP01.home.net.

NLB feature configuration

In the below screenshot you can see the Cluster-THUB. VMWAP01-THUB01 and VMWAP02-THUB02 are part of the cluster. These servers host public services of the Windows Azure Pack.

The Cluster-THUB is bound on the IP address 10.10.3.100.

I have configured the cluster operation mode to Multicast. Be careful, if you use unicast and Virtual Machine, don’t forget to enable the Mac Spoofing feature in your Virtual Machine configuration.

To finish with NLB, I have configured the port rules to load-balance equally across all members the traffic when it comes on port TCP 443.

DNS aliases

Next I have configured DNS aliases to the cluster cluster-thub.home.net. So I have just added entries in the DNS as below:

Certificates

Regarding certificates, one are needed per node which is a member of the load-balancing cluster. I have duplicated the Web Server certificate template in Active Directory Certificate Service. The issued to field contains the FQDN of the server. Next I have added each DNS alias in the Subject Alternative Name as below. In this way, the certificate can be used for all web services. For further information about certificate template, you can read this topic.

IIS binding configuration

Next, on each node I have reconfigured the site binding for tenant public API, tenant authentication site and management portal for tenants. As a reminder, below you can find the DNS aliases related the web services that I have set on my infrastructure:

• Tenant public API (DNS alias: api.home.net);
• Tenant authentication site (DNS Alias: auth.home.net);
• Management portal for tenants (DNS alias: www.home.net).

Repeat this procedure for each node with the same configuration except the SSL certificate.

Privileged services installation and configuration

Installation

To install the public services, please read the part “Privileged services Installation” of this topic. Follow this procedure for each node that hosts privileged services. When you are on Database Server Setup screen, specify the same database information on each node. The database server name should be an AlwaysOn Availability Group (AAG) Listener. For me, the database server name is AAGWAP01.home.net.

NLB feature configuration

In the below screenshot you can see the Cluster-AHUB. VMWAP03-AHUB01 and VMWAP04-AHUB02 are part of the cluster. These servers host privileged services of the Windows Azure Pack.

The Cluster-THUB is bound on the IP address 10.10.0.100.

I have configured the cluster operation mode to Multicast. Be careful, if you use unicast and Virtual Machine, don’t forget to enable the Mac Spoofing feature in your Virtual Machine configuration.

DNS Aliases

Next I have configured DNS aliases to the cluster cluster-ahub.home.net. So I have just added entries in the DNS as below:

Certificates

The Certificates for privileged services are similar to the certificates for public services. I have used the same certificate template than I have used to enroll certificates for public services. The issued to field contains the FQDN of the server. Next I have added each DNS alias in the Subject Alternative Name as below. In this way, the certificate can be used for all web services

IIS binding configuration

Next, on each node I have reconfigured the site binding for admin API, tenant API, admin authentication site and management portal for administrators. As a reminder, below you can find the DNS aliases related the web services that I have set on my infrastructure:

• Admin API (DNS Alias: wapadminapi.home.net);
• Tenant API (DNS Alias: waptenantapi.home.net);
• Admin authentication site (DNS Alias: wapadminauth.home.net);
• Management portal for administrators (DNS Alias: wapadmin.home.net).

Repeat this procedure for each node with the same configuration except the SSL certificate.

Windows Azure Pack Configuration

N.B: I used scripts described in this Hyper-v.nu topic for this part. You can find the documentation about these scripts from this TechNet topic.

Before that the configuration works, it is necessary to reconfigure the Windows Azure Pack. First WAP components have to be reconfigured to point to the load-balancers. Next we have to Re-Establish trust between the authentication sites and the management portals. To finish the FQDN of resource providers must be updated. These scripts must be run from a node that hosts privileged services.

Reconfigure WAP components to point to Load-Balancers

To reconfigure WAP components use the below script. You can change all the variables to make it match your environment. Firstly, the script updates the federation endpoints to the load-balancers. These federation endpoints are used by admin and tenant sites to know the location of their authentication sites and vice versa. Once federation endpoints are updated, the endpoints of each web service are updated in The Windows Azure Pack database.

Import-Module MgmtSvcAdmin
### VARIABLES
## Environment settings
# SQL Server AlwaysOn DNS Listener containing the Windows Azure Pack databases
$server="AAGWAP01.home.net"

## Define the desired FQDNs and Ports
# Admin Site
$AdminSiteLB = "wapadmin.home.net"
$AdminSitePort = "443"
# Admin Authentication Site
$WinAuthSiteLB = "wapadminauth.home.net"
$WinAuthSitePort = "443"
# Tenant Site
$TenantSiteLB ="www.home.net"
$TenantSitePort = "443"
# Tenant Auth Site
$TenantAuthSiteLB ="auth.home.net"
$TenantAuthSitePort = "443"
# Admin API
$AdminApiLB ="wapadminapi.home.net"
$AdminApiPort = "443"
# Tenant API
$TenantApiLB = "waptenantapi.home.net"
$TenantApiPort = "443"
# Tenant Public API
$TenantPublicApiLB = "api.home.net"
$TenantPublicApiPort = "443"

### MAIN CODE
# Define the federation endpoints
$TenantMetadataEndpoint="https://${TenantAuthSiteLB}:$AuthSitePort/federationMetaData/2007-06/FederationMetadata.xml"
$AdminMetadataEndpoint="https://${WinAuthSiteLB}:$WinAuthSitePort/federationMetaData/2007-06/FederationMetadata.xml"
$AdminSiteMetadataEndpoint="https://${AdminSiteLB}:$AdminSitePort/federationMetaData/2007-06/FederationMetadata.xml"
$TenantSiteMetadataEndpoint="https://${TenantSiteLB}:$TenantSitePort/federationMetaData/2007-06/FederationMetadata.xml"

$adminApiUri = "https://${AdminApiLB}:$AdminApiPort"
$windowsAuthSite = "https://${WinAuthSiteLB}:$WinAuthSitePort"

# Reconfigure Windows Azure Pack components to point to load balancers
Set-MgmtSvcFqdn -Namespace AdminSite -FQDN $AdminSiteLB -Server $server -Port $AdminSitePort
Set-MgmtSvcFqdn -Namespace AuthSite -FQDN $TenantAuthSiteLB -Port $TenantAuthSitePort -Server $server
Set-MgmtSvcFqdn -Namespace AdminAPI -FQDN $AdminApiLB -Port $AdminApiPort -Server $server
Set-MgmtSvcFqdn -Namespace TenantSite -FQDN $TenantSiteLB -Port $TenantSitePort -Server $server
Set-MgmtSvcFqdn -Namespace WindowsAuthSite -FQDN $WinAuthSiteLB -Port $WinAuthSitePort -Server $server
Set-MgmtSvcFqdn -Namespace TenantApi -FQDN $TenantApiLB -Port $TenantApiPort -Server $server
Set-MgmtSvcFqdn -Namespace TenantPublicApi -FQDN $TenantPublicApiLB -Port $TenantPublicApiPort -Server $server

Re-Establish trust between the authentication sites and the management portals

Once you have run the above script, you have to execute below command. This re-establish trust between authentication sites and the management portals.

Set-MgmtSvcRelyingPartySettings -Target Tenant –MetadataEndpoint $TenantMetadataEndpoint -DisableCertificateValidation -Server $server
Set-MgmtSvcRelyingPartySettings -Target Admin –MetadataEndpoint $AdminMetadataEndpoint -Server $server
Set-MgmtSvcIdentityProviderSettings -Target MemberShip –MetadataEndpoint $TenantSiteMetadataEndpoint -Server $server
Set-MgmtSvcIdentityProviderSettings -Target Windows –MetadataEndpoint $AdminSiteMetadataEndpoint -Server $server

Update FQDNs for resource providers

To finish, the FQDN for resource providers must be updated to the load-balancers. There are three resource providers to update: marketplace, monitoring and UsageService. For that you can use the below script:

Import-Module MgmtSvcAdmin

## Environment settings
# SQL Server AlwaysOn DNS Listener containing the Windows Azure Pack databases
$server="AAGWAP01.home.net"

# Admin Authentication Site
$WinAuthSiteLB = "wapadminauth.home.net"
$WinAuthSitePort = "443"
# Admin API
$AdminApiLB ="wapadminapi.home.net"
$AdminApiPort = "443"

$adminApiUri = "https://${AdminApiLB}:$AdminApiPort"
$windowsAuthSite = "https://${WinAuthSiteLB}:$WinAuthSitePort"

# credentials for performing actions
$password = ConvertTo-SecureString "password" -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ("home\rserre",$password)
$token = Get-MgmtSvcToken -Type Windows -AuthenticationSite $windowsAuthSite -ClientRealm "https://azureservices/AdminSite" -User $credential -DisableCertificateValidation

# Get a list of resource providers with the current configured endpoint values
$rp = Get-MgmtSvcResourceProvider -IncludeSystemResourceProviders -AdminUri $adminApiUri -Token $token -DisableCertificateValidation
$rp | Select Name, @{e={$_.AdminEndPoint.ForwardingAddress}}, @{e={$_.TenantEndpoint.ForwardingAddress}}

# new fqdn for resource provider marketplace
$resourceProviderName = "marketplace"
$adminEndpoint = "https://${AdminApiLB}:30018/"
$tenantEndpoint = "https://${AdminApiLB}:30018/subscriptions"
$usageEndpoint = $null
$healthCheckEndpoint = $null
$notificationEndpoint = $null

if ($rp.AdminEndpoint -and $adminEndpoint) {
    # update endpoint
    $rp.AdminEndpoint.ForwardingAddress = New-Object System.Uri($adminEndpoint)
}
if ($rp.TenantEndpoint -and $tenantEndpoint) {
    # update endpoint
    $rp.TenantEndpoint.ForwardingAddress = New-Object System.Uri($tenantEndpoint)
}
if ($rp.UsageEndpoint -and $usageEndpoint) {
    # update endpoint
    $rp.TenantEndpoint.ForwardingAddress = New-Object System.Uri($usageEndpoint)
}
if ($rp.HealthCheckEndpoint -and $healthCheckEndpoint) {
    # update endpoint
    $rp.TenantEndpoint.ForwardingAddress = New-Object System.Uri($healthCheckEndpoint)
}
if ($rp.NotificationEndpoint -and $notificationEndpoint) {
    # update endpoint
    $rp.TenantEndpoint.ForwardingAddress = New-Object System.Uri($notificationEndpoint)
}
Set-MgmtSvcResourceProvider -ResourceProvider $rp -AdminUri $adminApiUri -Token $token -DisableCertificateValidation –Force

Re-run the above script by changing below variables:

$resourceProviderName = "monitoring"
$adminEndpoint = "https://${AdminApiLB}:30020/"
$tenantEndpoint = "https://${AdminApiLB}:30020/"
$usageEndpoint = $null
$healthCheckEndpoint = $null
$notificationEndpoint = $null

And re-run once again the script by changing below variables:

$resourceProviderName = "usageservice"
$adminEndpoint = "https://${AdminApiLB}:30022/"
$tenantEndpoint = "https://${AdminApiLB}:30022/"
$usageEndpoint = $null
$healthCheckEndpoint = $null
$notificationEndpoint = $null

To verify that the configuration is updated run these PowerShell commands:

$rp = Get-MgmtSvcResourceProvider -IncludeSystemResourceProviders -AdminUri $adminApiUri -Token $token -DisableCertificateValidation
$rp | Select Name, @{e={$_.AdminEndPoint.ForwardingAddress}}, @{e={$_.TenantEndpoint.ForwardingAddress}}

SQL AlwaysOn configuration

I’m not a SQL server guy so I have followed the TechNet documentation regarding the AlwaysOn configuration. For each instance that hosts Windows Azure Pack database, you have to run the below script:

sp_configure contained database authentication, 1
RECONFIGURE
GO

Next you have to add the Windows Azure Pack to the Availability group. For that you have to:

• Check if the database transaction logs is set to full;
  
• Make a full backup of each Windows Azure Pack database;
  
• Add the WAP databases to the AAG.
  

If you want information from a guy that who knows what his is doing on SQL Server, you can read this series.

Once database are in the AAG, you have to copy each security login from the first instance to the second. For that you can use this topic.

VM Clouds in High Availability

Architecture overview

Now that the Windows Azure Pack is installed in high availability we can install the VM clouds part in the same way. For that we can use the the SQL Servers than WAP installation. We need also a Virtual Machine Manager deployed in high availability and two more servers to host Service Provider Foundation.

NLB configuration

As other load-balancing clusters, I have used NLB. VMWAP08-WEB01 and VMWAP08-WEB02 are in this cluster. These servers host Service Foundation Provider.

The Cluster-WEB is bound on the IP address 10.10.0.101. I have configured the cluster operation mode to Multicast. Be careful, if you use unicast and Virtual Machine, don’t forget to enable the Mac Spoofing feature in your Virtual Machine configuration.

DNS Aliases

Next I have created DNS aliases for each roles installed on the nodes of the cluster. So for example, I will use spf.home.net to connect to SPF from the Windows Azure Pack.

Certificates

Two certificates have been created from a duplicate of Web server certificate template. The issued to field contains the FQDN of the related server. Next I have added each DNS alias in the Subject Alternative Name as below. In this way, the certificate can be used for all web services

Service Provider Foundation installation

To install Service Provider Foundation, please read this topic. However, please be careful about below information:

• On each node, the SQL Server information provided in the SPF installation should be the same. For me the database server name is WAPAAG02.home.net;
• Select the server certificate related to the node;
• For security reason, use different services account on each node for Admin, Provider, VMM and Usage web service;
• Create the same local account (with the same password) on each node.

After SPF installation don’t forget to add the SPF database to the AAG and to copy security login to the other instance (C.F the above part called SQL
AlwaysOn configuration).

Connect to SPF from Windows Azure Pack

Open an administrative portal on the Windows Azure Pack and click on VM Clouds. Register the SPF as below:

Install Virtual Machine Manager in high availability

To install Virtual Machine Manager in High availability, please read this topic.

Connect to Virtual Machine Manager from Windows Azure Pack

Now you can add the cluster of VMM to the Windows Azure Pack as below:

The post Windows Azure Pack and VM Clouds in High Availability appeared first on Tech-Coffee.

But before it is important to understand what an IP Pool is. An IP Pool is like a DHCP server. There is an IP address range, and you can configure basic options as the gateway, the suffixes DNS and DNS itself or Wins server (who use that today ? J). An IP Pool is associated to a VM Subnet that belong to a VM network. For each VM Subnet it is possible to create one or more IP Pool while the IP addresses in the range belong to the VM subnet. For further information about the network components in Virtual Machine Manager you can view this topic. So IP Pool can only be used by Virtual Machines (VM) or virtual network card (vNIC) of hosts.

As you should know, on an IPv4 or an IPv6 network configuration you have two modes: dynamic or static configuration. When you use dynamic configuration, you must use a DHCP server that delivers network configuration (IP address, netmask, gateway and so on) instead of static configuration where you have to set manually (or by script). There are some disadvantages about using dynamic configuration. The first is that some applications don’t support dynamic IP (as Domain Controller, DHCP server itself and so on). So even if you use DHCP server, you have to set your IP configuration manually in some cases. The second disadvantage is that your IP can change (if you not manage reservation) and it is not good for a server. So most of the time on production network the IP configuration is set to static and managed manually.

And it is at this moment of the story that IP Pool is born. The difference with DHCP server is that when IP Pool delivers the IP configuration to a Guest OS, the network settings are static. This is why when you create a virtual machine in VMM you can specify if you want a dynamic IP or a static IP from IP Pool on network configuration as below.

There is no lease in the IP Pool instead of DHCP. When an IP is picked up in IP Pool, this last is allocated to a VM or a vNIC. So the network configuration on guest OS (or the vNIC) is the same until you change it manually. Unfortunately IP Pool can be selected at the VM creation only if you use a VM template. If you don’t use VM templates you have to set manually the IP configuration inside the Guest OS.

I will show you with some screenshot about how to create an IP Pool and the behavior of network configuration with IP Pool. To present that I will create an IP Pool with these settings:

• IP range: 192.168.1.150 – 192.168.1.160
• Netmask: 255.255.255.0
• Gateway: 192.168.1.254
• DNS: 192.168.1.100
• DNS Suffix: fabrikam.com
• WINS: No Way J

Two Virtual Machines will be created to show you the behavior of the Guest OS and the VMM network configuration:

• One VM called VMDYM01 will be created with dynamic option;
• One VM called VMIPP01 will be created from a VM template with IP Pool configuration.

Create and configure an IP Pool

First of all, I create an IP Pool called VM_Pool on my VM subnet 192.168.1.0/24 with above settings:

Now that my IP Pool is created, I can use it for my VMs.

From dynamic configuration to IP Pool (VMDYM01)

So my VMDYM01 has been created without VM template and so with dynamic IP configuration. As you can see below, the IP address of this VM doesn’t belong to my IP Pool.

Now I set manually the IP configuration inside the guest OS. I use an IP address belonging to the IP Pool:

After refreshing the VM in Virtual Machine Manager, I come back to connection details of the related virtual network interface:

Now it says that the IP address come from IP Pool “VM_Pool”. You can view which IP address from IP Pool is associated with VM (or vNIC) with the below PowerShell commands:

$IPPool = Get-SCStaticIPAddressPool –name "VM_Pool"
Get-SCIPAddress –StaticIPAddressPool $IPPool

Now what happens if I change the network configuration on the Guest OS?

So I refresh the VM and I check the connection details in VMM:

Now I re-run the PowerShell commands to view the behavior in IP Pool:

$IPPool = Get-SCStaticIPAddressPool –name "VM_Pool"
Get-SCIPAddress –StaticIPAddressPool $IPPool

So VMM has unallocated and released the unused IP address and has allocated the new one. Pretty impressive. I think to open a Facebook fan page about IP Pools.

About VM created from a template (VMIPP01)

For massive deployment, IP Pool can be used in VM template. In this way when the VM is created and ready, the IP configuration is already configured to static with IP Pool settings. So I have a VM template and as you can see below, I have set the virtual network card to static IP (from an IP Pool):

I deploy a VM from this template. When it is the Review the virtual machine settings screen you can specify an IP address belonging to the IP Pool or let it blank: in this case an IP available will be automatically allocated. I choose to let VMM manage this:

So when the VM is created, I go to verify the connection details:

Ok so IP Pool is used, this is a good start. Next I switch on the VM to verify the IP configuration on Guest OS:

The network configuration is set automatically at the VM creation. Pretty good no ?

I verify also the IP allocation in IP Pool:

$IPPool = Get-SCStaticIPAddressPool –name "VM_Pool"
Get-SCIPAddress –StaticIPAddressPool $IPPool

So all it’s good J.

IP Address Management (IPAM)

As you have seen previously I use PowerShell commands to obtain information about IP address delivered by IP Pool. When you have thousands of IP addresses it can be difficult to find information except for PowerShell guys. With IP Address Management you can manage graphically the IP Pool component. This feature is available since Windows Server 2012 R2. So I have installed an IPAM server and I have configured the IPAM connector from Virtual Machine Manager. I obtain this information:

For guys who don’t like the PowerShell command line, it can be an alternative to manage network component of VMM.

The post IP Pool in Virtual Machine Manager 2012R2 appeared first on Tech-Coffee.

To finish this series of articles about Bare-Metal Deployment Hyper-V host with VMM 2012R2, I present you the provisioning of a new server with the previous configuration. First it is necessary to configure the BMC interface to enable IPMI and IP Address. Next the provisioning can start.

Enable IPMI on host server

On my old Dell 1950 I have to enter in iDRAC utility and enable IPMI as above. Note that this configuration could be performed automatically with SCCM and Dell integration pack. HP provides the same thing. These integration packs enable to set the BIOS, the Raid Controller (building of RAID configuration) and the BMC interface.

I set the IP address of the BMC controller to 192.168.1.31/24.

Hyper-V host provisioning

So it’s time to validate all the configuration performed previously. Open VMs and Services tab, and right click on a host group to select Add Hyper-V hosts and Clusters.

Select Physical computers to be provisioned as virtual machine hosts to start Bare-Metal deployment.

Select a Run As account that have right on your BMC. Note that accounts should not be validated in Active Directory on creation because this account does not belong AD. I select IPMI protocol.

Specify a discovery scope to find your BMC. As I said previously, I have configured my BMC to 192.168.1.31 IP Address.

When the skip deep discovery checkbox is released (I recommend this parameter), the server that will be provisioned start (or restart if it is already power on). The power management is done via IPMI. Deep Discovery is performed when the WinPE image is loaded in memory by the system. Once deep discovery is performed, the system waits that provisioning begins.

Select the host group and the Physical Computer profile. Mine is called Hyper-V.

On Deployment Customization you can specify a computer name. Once deep discovery is completed successfully, Network Adapters should be discover even if CDN is not supported (like me).

Network adapter configuration is performed related to the Physical Computer profile. On below screenshot you can see that my Physical NIC have been set automatically thanks to deep discovery.

When you click on finish, the provisioning of Hyper-V host begin.

After some time the Operating System is ready and Hyper-V host server is ready to use.

Conclusion

Bare-Metal Deployment is a good technology for scalability in a virtualized environment. Thanks to BMR new Hyper-V server can be provisioned quickly and automatically that reduce human error. However the implementation in VMM is complex because the networking configuration in the fabric is not easy and needs some skills. Moreover, a baseline VHDX should be manage regularly to add Microsoft updates of last month for example. So in my opinion, when you have a small Hyper-V environment (less than 10 servers), I’m not sure that it’s worth it. But over 10 servers, I think the Bare-Metal deployment should be envisaged. Moreover, backup solution for Hyper-V host is no longer needed if you deploy new Hyper-V faster than backup restore it. This would save some storage space and reduce backup team workload.

The post Bare-Metal Deployment Hyper-V host with VMM 2012R2 Part4 – Hyper-V host provisioning appeared first on Tech-Coffee.