In this post I’ll talk you through how I have created a Hyper-V Failover Cluster on my single laptop.
To build a Failover Cluster you need a SAN. I use the Microsoft iSCSI target software that ships with Windows Storage Server. Being a Microsoft employee I have access to the bits, so I have installed it onto my laptop (so my physical laptop is going to be my iSCSI SAN. I have previously posted how to set all this up here. But I’ve re-posted it here to make your lives easier: Note that my offer of a time-bombed copy of the bits, for evaluation, is still valid.
Click to start, double click anywhere to play it in Full Screen and move your mouse over it to get the Player Controls to pop up.
On my demo laptop I have created two Windows Server 2008 Core virtual machines. Each VM is connected to the internal network switch that I created in Part 2 and is also connected to a Private Network Switch that I’m using for the Cluster Heartbeat. I’m using 192.168.0.x for my demo network and have uses 10.0.0.x on my heartbeat (I’ve also left IPv6 turned on).
I have added both Failover Clustering and Hyper-V using ocsetup to the Server Core VMs. I need to make sure you understand this bit – you cannot virtualise virtualisation. I can install the Hyper-V role into a VM but I can never start a virtual machine – if I do I will get a BSOD. Oh and install the RTM Hyper-V bits before you do this – the Release Candidate Hyper-V that shipped with the RTM of Windows Server 2008 do not let you do this (KB950050).
Once the two VMs are configured I create a cluster using the Failover Cluster Management tool (running from the Windows Server 2008 install on my laptop). Again, I have posted this before here. And I’ve re-posted the demos again to make your lives easier (these videos are old – still using RC code – but the process is fine).
Next I connect Hyper-V manager to one of the cluster nodes and configure a VM with the VHD and the configuration on the SAN drive. For my demos, I know I cannot ever start this machine, so I don’t bother installing anything onto it. Next I go into Failover Cluster Management and create a Highly Available Virtual Machine – which I can fail over from node to node (but don’t ever start it – BSOD on the cluster node). I have posted on this before here. And it’s here again (note that my comments about static MAC addresses have proved to be not true in the RTM of Hyper-V).
So now I can demo everything in Hyper-V. I have three Hyper-V machines to manage and I can show how to create highly available VMs.
In Part 4 I’ll explain how to get System Centre Virtual Machine Manager installed and working.
There’s been a “small” issue with licensing around Hyper-V for a while and because of all the complaints we’ve received we have actually changed our licensing.
The issue was this: I’m a Windows Server 2003 shop and want to virtualise onto Hyper-V. Because Hyper-V is a role of Windows Server 2008, I now have all my users & PCs accessing resources on 2008 servers. This means that I now have to go and buy new, 2008 CALs for everyone!
Here’s that again in “official speak”:
Under current licensing policy a physical server environment running Windows Server 2003 requires matching version CALs for all users (i.e. Windows Server 2003 CALs). However, if physical Windows Server 2003 Operating System Environments (OSE) run as virtual machines hosted by Windows Server 2008 Hyper-V, Windows Server 2008 CALs are required.
So the change we have made gets rid of this stupidity. And in “official speak”:
With the change, no Windows Server 2008 CALs are required if Windows Server 2008 is being used to:
• run hardware virtualization software
• provide hardware virtualization services
• run software to manage and service operating system environments on the licensed server
You’ll be able to read the official line later on today at http://www.microsoft.com/licensing/resources/volbrief.mspx when the US wakes up.
So, in a nutshell, if you think something is wrong – say so. It pays to complain!
***There's been a change to the timing of this event. It now runs from 9:30-13:00 with registration starting at 9:00***
Free training on Thursday 22nd January on SQL for Oracle DBAs!
It is a half day of training taking place in Dublin the afternoon of January 22nd. See here for details and how to register.
The objective of this training is to give an experienced Oracle DBA a basis for understanding SQL Server and an understanding of the key differences between SQL Server and Oracle together with a basic knowledge of how to administer an installation of SQL Server.
Please Note: Event starts at 1.30pm, Lunch will be provided from 1pm
See you next Thursday
So my demo environment needs to be self contained (everything on the one laptop), needs to be as quick as it can and be able to demo as much of the Microsoft virtualisation stuff as technically possible. My laptop itself will obviously be the Hyper-V host – which needs to be in a domain, if I’m going to manage it.
I had the option of making the laptop the domain controller for my demo domain (daves-demos.ie), but I’ve steered away from this, as it would mean that my demos were not as portable as I’d like. Instead I have created a Virtual Machine running Windows Server 2008 and configured it as the domain controller (it also runs DNS). I’ve configured it to always start and I have joined my laptop to the domain. From now on I always log onto the domain as a Domain Admin.
To let the VMs talk to the host, I have created an Internal Network switch within Hyper-V and to let all the VMs use my wireless network card, I have enabled Internet Connection Sharing on it to the internal Hyper-V switch. This puts a 192.168.0.1 address on the Hyper-V network interface, which just means that I am using 192.168.0.x for all my network addresses: 192.168.0.100 is my Domain Controller and DNS (192.168.0.1 is my gateway).
I can keep disk space down to a minimum and improve performance (of my demos) by using Differencing disks (not recommended in production). A differencing disk, is merely the differences between itself and a base image. My base images are read-only, sysprepped installations of the operating systems I’m using. To create these base images I build a VM, of the particular operating system (64-bit Windows Server 2008 for example), update it, then run sysprep. I have all my base images sitting on my D:\ drive - I have both 32 & 64-bit Windows Server 2008 (full install), a 64-bit core install, 32-bit Vista and 32-bit XP. This means that all operating system “activity” is running on my D:\ drive.
Then I create differencing drives for each of the VMs I’m going to create. Each differencing drive points to one of the base images. Then I create the Virtual Machines and have them boot from the newly created differencing drive. Because the base image was sysprepped, the new VM will run through a mini-setup and ask for stuff like computername. I configure its networking stack and join it to the domain. All reads for the base operating system come from the base image and all machine specific reads and all writes go to the differencing drive (which is physically located on one of my external drives) – this means that every VM has its disk IO going to two separate spindles, which just makes it quicker. Also, because I can have multiple VMs all pointing to the same base image, disk space is kept to a minimum (I only have one install of each OS, rather than one per VM).
Of my eleven VMs, I have five running off of each external USB drive and one from the internal D:\ drive – this one is the Domain Controller (I want this one to start whatever – with or without my external drives plugged in). It does mean that my poor old D:\ drive is doing all the IO for twelve Windows installations (11 VMs plus the physical installation) – did I mention that it was a Solid State disk (they’re great they are)!
It turns out that how I built my demo laptop is generating a bit of interest. These posts have become the “how to” pointers for creating a Proof of Concept for Microsoft Virtualisation and Management solutions.
So to start. My laptop is a dual core, 64-bit device with 8GB of memory. It came with 4GB, but a BIOS update from its manufacturer let me address 8. As an aside I got the 8GB of memory from www.memoryc.com for a mere €200 (plus VAT).
Its primary hard drive is a solid state device that I mentioned last year in this post.
I dual boot this laptop between my chosen client operating system (Windows 7 as of today) and Windows Server 2008. I have to have my client OS protected by Bitlocker, so I dual boot by having a second drive in my DVD bay (onto which I have installed Server).
If your interested the approach was to first install the client OS (which was Vista when I did this) and installed onto the entire drive. Next was to run the Bitlocker drive preparation tool (which uses Diskpart to create a 1.5GB boot partition) followed by enabling Bitlocker. Then with the second drive in the bay, I installed Server 2008 from within Vista and selected the second drive.
This gave me my dual boot environment with Bitlocker for my client OS. It meant that I didn’t have access to the 1st drive from within Server. I had two options: Bitlocker my server drive (to enable me to use auto unlock) or use manage-bde.wsf –unlock –rp XYZ when I need access (this is what I do – I have a single line command file that I run as administrator when I need access).
Now to get Hyper-V working well. On a laptop the issue is disk IO (laptop disks are slow). I’ve used my solid state drive for my client OS, which leaves me with a single drive. So I use an additional two USB drives when running all my VMs.
So Disk 1 has both my boot partition (S:) and My Windows 7 install (C:). Disk 0 is my Windows 2008 installation (D:). Disks 2 & 3 are my external USB drives and I use them for my VMs (more on this in my next post).
This post is an introduction to how I have configured my demo laptop. I can comfortably run eleven VMs on the one laptop, including a two node Hyper-V cluster, App-V and the four main System Center products (Virtual Machine Manager, Data Protection Manager, Operations Manager and Configuration Manager).
I have built this to enable me to demonstrate Microsoft's Virtualisation offerings: everything from Terminal Services and Application Virtualisation to self service provisioning of new Hyper-V virtual machines using System Center Virtual Machine Manager.
If you have ever seen me talk about Microsoft & Virtualisation, this is the laptop I use for my demos. It's nothing spectacular, just a small, dual core business laptop with 8GB of memory and a couple of extra disks.
In subsequent posts I intend to explain in detail what I went through to get this working, what was easy & hard, what I would do differently if I ever do it again.
I had an interesting question posed to me the other day: How would you know if your PC was affected by the IE7 flaw?
My first answer was: Hmm.. It is very possible that you won't know.
Then I did some digging.. The answers I found were:
But the best answer was the most obvious one: Have your AV signatures up to date there is a possibility it will catch this (depending on who your AV vendor is).
I hope this helps someone,
There are numerous posts and articles explaining how to enable a particular feature on Server Core and there are even more on how to configure Server Core so that it can be managed remotely. Well, this is the best method I have come across so far:
The minimum you need to do after a Server Core installation is rename the server and get it to join a domain (if you're not using DHCP then you'll also need to configure your IP stack).
To rename your server:
netdom renamecomputer %ComputerName% /NewName:<NewComputerName>
To join a domain:
netdom join %ComputerName% /domain:<DomainName> /userd:<UserName> /passwordd:*
To configure your IP stack (do this before trying to join a domain if not using DHCP):
netsh interface ipv4 show interfaces (you're looking for the ID of your corporately connected NIC) netsh interface ipv4 set address name="<ID>" source=static address=<StaticIP> mask=<SubnetMask> gateway=<DefaultGateway> netsh interface ipv4 add dnsserver name="<ID>" address=<DNSIP> index=1
That's it - everything else can now be done remotely (once you've done this bit):
The hardest/messiest part of configuring Server Core, is all the Firewall rules you need for each of the remote administration tasks you might want to perform. We can 'cheat'! Logon to a Full installation of Windows Server 2008. Open up Windows Firewall with Advanced Security. Right click on the Firewall and select Export Policy (save this somewhere - we'll use it later).
Open up Group Policy Management Console (gpmc.msc) and create a new Policy Object (I've called mine "Server Core Configuration Policy Object")
Disable the User Configuration Settings and set the Security Filtering to only apply to a particular group (I have a security group defined with all my Server Core machines as members).
Link this new Policy Object to your domain (now all Server Core machines in your domain will get the configuration settings we're about to apply).
Edit the Policy Object.
Navigate down to Computer Configuration, Policies, Windows Settings, Security Settings, System Services, and set the following to automatically start:
Now for the 'clever' bit. Navigate down to Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security. Right click and select Import Policy and select the Firewall Policy we just saved from a Full installation).
This policy includes pretty much every rule you'll ever need to set. Scroll down the Inbound Rules and enable all the rules you need/want (I've merely enabled anything that mentions Remote).
That's it. As soon as a Server Core machine joins your domain, add it to the Server Core security group (that we've filtered the Group Policy object on) and you'll now be able to perform every remote management task you like - including everything in Computer Manager (Device Manager, Disk Management, etc) as well as WINRM & WINRS (from which you can run all your OCSETUP tasks). The only gotcha is that for Volume management, you need the Firewall rules enabled on the device your performing the management from.
Please excuse the lack of posts (I have too many excuses to list here).
I'm now back on line and will be posting regularly again.
TechNet Deployment Event This technical level 300 event is well worth attending if you are considering deploying Windows Vista or Office 2007 in the near future. Attend this event and some of Microsoft Ireland's top consultants will walk you through a real life customer deployment project from beginning to end - what they did, when they did it, what tools were used along the way. The session will also update participants on the proven business, management and technical benefits provided by both technologies, will address the issue of application compatibility with Windows Vista, and demonstrate how best to deploy in organisations of all sizes. At the end of the event you will have a chance to ask questions and discuss your particular deployment project with a Microsoft expert. Where: Microsoft Auditorium, Building 2 (EPDC 2), South County Business Park, Leopardstown, Dublin 18 When: 23rd October - 09:00 Register: Click here. Agenda 09:00 Registration & Coffee 09:30 Sessions commence Session 1: Business, management and technical benefits of Vista and Office 2007 Session 2: Microsoft Deployment Experience - "How To Deploy" - Windows Vista and Office 2007 Clinics: Customer Deployment Clinics - Small groups can discuss their particular deployment project with a Microsoft expert. Lunch: Light Lunch will be served. 14:00 Event Close