Ramblings from another nerd on the grid
Now that System Center Virtual Machine Manager (SCVMM) 2008 has released, I’m sure many of you are wanting to kick the tires. The good news is that we’ve made that relatively easy to accomplish on a laptop but there are some assumptions to make so let’s discuss a couple of them.
First and foremost you’ll need a machine capable of running the x64 version of Windows Server 2008. I’ll assume you are most interested in running Hyper-V. With that in mind, you’ll need a decent CPU, ample memory, and hard disk space.
File Systems and Boot Managers
In my case I like to separate church and state so I don’t dual or multi-boot operating systems. I purchase drives for Linux, Windows Vista, Windows Server 2008, Windows 7, etc. It’s getting to be a harder decision because you can get good 2.5” 320GB 7200rpm drives at or below $100. Higher capacity lower cost drives may change my workflow, but for now I’m still hard core about keeping things sandboxed. I don’t like to lose work nor worry about a file system or boot manager stepping on something, so I am much more comfortable swapping primary drives. Keep your production drive completely separate from your test partitions. You were warned.
Next, you need to make some decisions about your security model. Once again I deviate from the well trodden path of using the production corporate forest. Let me repeat that. My test machines NEVER touch the company Active Directory (AD) forest. I typically build up AD from scratch (with some batch files). This is important because SCVMM expects an AD implementation to be present.
You have some choices on how to implement Active Directory. I am not going to get super deep on this topic because it will become more apparent on some design points to follow.
In the world of computers there are physical and logical boundaries. Hyper-V is no exception so you need to take this into consideration when testing and modeling designs you might use for training or proof-of-concepts. In the case of Hyper-V, the partitioning nomenclature is commonly referred to as parent and child partitions. The Parent is created at Hyper-V installation, and child partitions are created later on the construction of “guest” virtual machines.
Communication between the partitions is controlled by you, and how you choose to implement the virtual networks. This absolutely comes into play when installing System Center Virtual Machine Manager (SCVMM) 2008 and the management agent.
Parent or Child Partition? Can you say, “Perimeter?”
Now that SCVMM 2008 has released, you can pick and choose your partitioning and security model. Prior to the RTM of SCVMM 2008, I was running it and Hyper-V in the parent partition. I have switched to a different design and I really like the flexibility of the new implementation I built out over the course of the past few days.
For starters I no longer have Active Directory in my Hyper-V parent partition. In fact, the only role installed on Windows Server 2008 Enterprise x64 for my laptop is the RTM version of Hyper-V. Everything else, including SCVMM 2008 is installed in various virtual machines.
How do I do that if SCVMM 2008 requires an Active Directory (AD) directory and security model? Well, when you start looking at the possible management scenarios for SCVMM, you’ll notice you can manage virtual servers on the “perimeter.” In my case, the Hyper-V server is a perimeter server or more accurately the vmmAgent is installed on a trusted server. This of course means you must have network communications between the VM running SCVMM 2008 and the Hyper-V parent partition. This is pretty easily accomplished through the virtual networking I alluded to earlier and provides a very flexible approach for building out a complete set of System Center management virtual machines.
Keep your parent partition clean. That’s the key takeaway of this article. By putting Active Directory (AD) at the lower levels and hiding that from the parent, you have a very flexible hypervisor environment in which to implement a wide variety of ideas. By using this approach, you can build a very complex yet flexible environment that is only constrained by disk space, available memory, and eventually CPU resources.
I plan to capture all of this in the form of screencasts around the first week of December, but in the meantime feel free to ask me any questions on my implementation and approach. Enjoy.
At the getVirtualnow roadshow, the microsoft guys made the point, of not installing "anything" on the parent partition, leave it clean. Security items like anti virus etc were ok on the parent partition
Hey Keith. You're actually making the point. I'm starting right now building these self-sustaining parent-child systems (eco'vms'). Thanks for giving us the heads-up. I love the SCs!