Unified physical and virtual IT management for midsized businesses
So, you got your copy of System Center Essentials 2010 installed, you’ve run through your initial configuration, and now want to try out this virtualization thing.
This post will guide you through creating and configuring your first virtual machine, and is designed for someone not at all familiar with virtualization. Upcoming entries will target customers more experienced with the technologies, and will demonstrate the value SCE2010 provides for those customers.
But first…
So what is this virtualization thing, anyway, and why should I care?
At its simplest, virtualization is running a software-based computer inside a hardware-based one. The software emulates the hardware. That’s it, really. A virtual machine (VM) allows you to split your hardware into self-contained silos, and easily manage the number and performance characteristics of these silos. The net result is higher resource utilization of your hardware, as well as ancillary benefits like ease of backup, snapshotting, etc.
There’s a lot of literature on the benefits of virtualization on the net, for example http://www.itworld.com/nls_windowsserver050411. But this post is not about explaining why virtualize. It’s meant to be address the how, utilizing SCE2010.
Ok, I’m convinced. Let’s get a VM going!
The first thing you want to do to get a VM running is to provision a host. A host is the hardware box that’s going to be running your software VM, and provisioning means installing the virtualization software on that box.
Note that although you can certainly provision the SCE Server itself as a host, it’s not recommended. Typically in order to provide predictable performance a VM host should be a dedicated, and a fairly beefy, machine. (The machine must run one of the Windows Server OSes – Win2k3 or Win2k8. Naturally you will have access to more features, e.g. live migration, on a Win2k8 box) For the purpose of this paper we’ll assume that you have one available.
So, the first thing you want to do is get SCE to manage that beefy machine. To do this you want to add it to SCE’s list of managed machines, through the “Add New Computers And Devices wizard.” (Tasks->Computer Groups->Add New Computers And Devices in the Computers area of the SCE console.)
A few minutes after you add the machine you should see the following view. (in this example “eugenepo-smx3 is the SCE server, and eugenepo-smx1 is our host-to-be.)
Don’t worry too much about the Status fields – those take a little longer to populate correctly. Notice though that the machine must appear in the “All Windows Servers” group before you can go on to the next step. (and this might take 10-15 minutes.)
Great, we’ve got our machine added. Now we have to designate it as a host. To do this run the Tasks->Computer Group->Designate a Host wizard. Most of the wizard should be fairly straightforward… until you get to Virtual Networks.
There are three reasons why you may encounter the “Configure Virtual Network” screen:
1. Your new host is connected to the network through a static IP address, and does not have a network location set.
2. Your new host has more than one NIC card.
3. Your new host is part of a cluster. (advanced topic)
For this entry we will focus on the first and second scenario.
This screen lists the NIC cards found on the designated host (and yes, at this point the machine is already designated as a host… if you were to cancel out of the wizard at this point you’d have a host with no virtual networks configured), and asks you to provide a network location for each NIC.
Simply put, what you want is to enter the networks that your physical machine is connected to. The entries you make here will later be shown when you choose what network to connect your virtual machine to. So let’s say that my second NIC is also connected to contoso.com, but through a static IP. In this case I would simply enter “contoso.com”, or pick it from the dropdown.
Note also the “Do not configure” option in the dropdown. This option would keep that NIC card from ever being used by a virtual machine. You may want to do this if you want to keep a clear communications channel to your host machine. (Clear as in not congested with VM-based traffic.)
This option also has meaning for advanced users. Say you have been using this machine as a host already, through Hyper-V, and have configured a virtual network for this NIC. Selecting “Do Not Configure” would leave that virtual network intact. Note, however, that if that virtual network is bound to a NIC using a static IP address, and thus had no intrinsic network location set, this network would not be available in SCE during VM creation. If you were, however, to type in a location, all that would happen is SCE would update the VN’s location property (not a Hyper-V property, by the way – this property is only exposed through VMM), allowing this network to be used inside SCE.
Note that the wizard will not let you proceed until you fill out network location names or hit “Do not configure” for all NICs on this screen.
Wohoo, now we’ve got us a host. All that’s left now is to create a Virtual Machine to run on it!
Go ahead and launch the “New Virtual Machine” wizard at Tasks->Computer Group->New Virtual Machine.
Here’s where the beauty of virtualization really shows through. On this screen you are meant to assign what resources your new machine will be using – how many processors, how much RAM, etc. To that end SCE provides you with three common-scenario templates (accessible via the Templates combo box), or you can edit these values manually by hitting the “Change Properties” dialog.
Note the network locations dropdown. This is populated, as I mentioned above, directly based on choices made during the “Designate Host” wizard’s “Network Configuration” dialog. (Or, if you had just one NIC card that used a dynamic IP, SCE got the virtual network name for you automatically there.)
Note that SCE uses dynamically expanding virtual hard disks, and the disk size you specify here is the maximum size these disks can grow to. So the .vhd files that represent these virtual hard disks will only take up as much space as there’s actual data on the virtual hard disk.
Ok, so back to the New VM wizard. Assuming you’ve made your selections in the Properties dialog, the next screen allows you to choose how you’re going to get an OS on this new virtual machine. Remember, when a VM is first created it’s just like a brand new box – empty disk drives. SCE presents three options of getting an OS installed: a PXE boot (booting from network), a DVD boot (by inserting an OS DVD into your host machine), or ISO image boot, which starts out grayed out because in your brand new SCE installation you do not yet have any ISOs.
This might be a good time to briefly discuss the SCE VMM library. When SCE is installed it creates a folder <install drive>:\SCE\Virtual Machine Library that contains all of the common .iso files, and .vhd template files in your SCE installation. So if you had a, say, Win2k8 ISO sitting around, all you have to do is drop that puppy into this folder and click on the “Refresh Library” button to have it be available during VM creation.
Short of VHD templates (which we will cover in subsequent posts), and assuming your network doesn’t have a PXE boot server, ISO boot is the easiest way of getting an OS onto your VM – you don’t need to sneaker-net the OS DVD onto the host box.
But for the sake of this walkthrough, let’s say you actually do pop that DVD into the host, and select “Install from DVD”. The next screen shows us the host we’ve designated, along with its compatibility rating.
But what’s this? “Not Compatible”?? Let’s look below for an explanation. Aha, the machine I’ve chosen for this walkthrough is actually not all that beefy (or is being utilized for other tasks), and the amount of RAM I’ve chosen for my new VM exceeds the amount of RAM available on the host. In general, when you see “Not Compatible” on a host, the text box below will give you enough information to take the action necessary to bring the host into compatibility. In this case I will simply go back to VM Properties dialog on the first screen, and adjust the VM RAM to 1GB.
And after that’s done, voila:
The next screen asks for a name for this new VM, and a description of what it’s for. This information is meant to be useful for you later on, when you have a couple dozen of these and need to remember what workloads they’re carrying. We recommend having the same VM name as the computer name you’re planning to use for that VM – that’ll make it easier to identify the VM.
The next screen is simply a summary and once I hit the Create button my new virtual machine is now created!
At this point a dialog pops up prompting us with steps required to get this machine up and running, and managed by SCE:
Note the Operating System Source – I had selected “network boot” instead of “DVD boot” by mistake… but that’s ok, we can still do a DVD boot – let me show you how.
First let’s go ahead and close this dialog. That’s ok, we can get it back later.
Let’s switch over to the “All Virtual Machines” node in the left-hand treeview. Your new virtual machine should be listed there, along with a red bang.
Notice the yellow band in the details pane. Clicking on that will bring up the Manage VM dialog. You can also get back to it through Tasks-><VM Name>->Configure Virtual Machine.
But for now, we want to set this VM to boot from DVD. Let’s go ahead and double-click on the VM in the grid. This should bring up a Properties dialog:
This dialog allows you to control the properties of the VM you specified during VM creation.
Let’s navigate over to the CD/DVD drives tab, and set the VM to use the host’s CD/DVD drive:
After clicking OK our VM is now ready to boot from DVD. Let’s bring up that Configure Virtual Machine dialog once again, and run through the steps.
Install Operating System should be taken care of, but you want to wait until the OS is finished installing, and you’ve logged into the machine, before trying the second and third steps. If you click on the “Install Operating System” link SCE will pop up a console connection to the virtual machine. This is certainly useful for doing any manually installation steps needed to get the OS installed. You can also get to this window from Tasks-><VM Name>->Connect to Virtual Machine.
Virtual Guest Services, the second step, installs a small client inside your virtual machine that allows it to better make use of host server hardware resources, effectively greatly speeding up the VM. It is also required for the VM to be managed by SCE.
The third step, “Add new virtual machine to management” simply launches the “Add New Computers And Devices” wizard we’ve already seen in the beginning of this walkthrough. You can then specify the VM computer name, and add it just as you did the physical host box earlier. Now that the VM is added to SCE, it can be managed right alongside your physical computers in the All Windows Computers view.
And that concludes our beginner walkthrough. At this point you have your first Virtual Machine. More advanced topics, such as snapshotting, migration, Pause/Save, etc, will be covered in later posts.
Update Management Maintenance is a new feature in System Center Essentials 2010. Together with Automatic Selection of the product categories, Update Management Maintenance feature provides IT generalists with a seamless low cost update management solution
(See below for the details on how it works better with Automatic Selection feature)
What is Update Management Maintenance?
With Update Management Maintenance in Essentials 2010 you can configure maintenance tasks to remove updates that are no longer needed from the Essentials management server. You can also schedule those maintenance tasks to run at a specific time.
Figure 1 - Update Management Maintenance Settings
The following maintenance tasks are available:
1. Scheduled maintenance—maintenance can be configured to run weekly, every 2 weeks, monthly, or every 3 months. The task can also be set to run at a specific time of day.
2. Database maintenance—re-indexing and defragmenting the updates database improves database performance.
Updates maintenance
3. Update cancelled or renewed subscriptions
a. Decline unneeded updates. This task does the following cleanups:
i. Delete expired updates that have not been approved for 30 days or more, and delete older update revisions that have not been approved for 30 days or more.
ii. Delete update files that are not needed by other updates.
iii. Decline updates that are not approved and have been expired by Microsoft.
iv. Decline updates that have not been approved for 30 days or more, are not currently needed by any clients, and are superseded by an approved update.
4. Update cancelled or renewed subscriptions
This task declines updates for inactive subscriptions. This is powerful if it is used together with Automatic Selection feature. See below for the details on how it works better with Automatic Selection feature
How do I open Update Management Maintenance Settings?
1. To open Update Management Maintenance settings from the Updates workspace, click the Updates button on the lower left corner of the Essentials 2010 console, and then click Configure Windows Server Update Services Maintenance in the Tasks list.
2. To open Update Management Maintenance settings from the Administration space, click the Administration button on the lower left corner of the Essentials 2010 console. Click Settings and then under Update Management, double-click Maintenance.
Figure 2 - Update Management Settings, Administration Pane
How can I take advantage of these features?
The maintenance tasks can be scheduled to run automatically or to run on demand.
To schedule tasks:
1. In the Update Management Settings - Maintenance window, select the Schedule maintenance check box.
2. In the Every box, select the maintenance frequency, and in the Start box, select a time for the maintenance tasks to start. 3:00 a.m. is selected by default.
3. To save your changes, click Apply or OK.
To run the tasks on demand:
Click the Re-index Now button to re-index the database immediately. Click the Decline Now button to immediately decline unneeded updates, and click the Update Now button to immediately update cancelled or renewed subscriptions. These buttons are not enabled if the Schedule maintenance check box is not selected.
How is Update Management Maintenance "better” together with automatically selected product updates?
Auto-Select is a new feature in Essentials 2010. For more information about Auto-Select, please read this article. (http://blogs.technet.com/systemcenteressentials/archive/2010/03/18/automatic-selection-of-product-categories-in-system-center-essentials-2010.aspx) Update Management Maintenance is designed to work closely with Auto-Select to provide you with a seamless Update Management experience.
For example, Chris, the IT administrator of an environment which currently consists of Windows XP and Windows Vista machines, has configured Essentials 2010 to receive updates for just these two operating systems.
Chris has just ordered new machines, which come with Windows 7 operating systems installed. After the machines have been discovered by Essentials, and assuming that Auto-Select is enabled, the Windows 7 product category is automatically selected and the Essentials server receives Windows 7 updates.
Three months later, Chris starts to retire all the old Windows XP machines. He removes the machines from the managed computer group. Auto-Select kicks in and determines that there are no longer any Windows XP machines in his environment and automatically clears the Windows XP category from the product selection
If the Update cancelled or renewed subscription maintenance task is scheduled, Essentials 2010 will go through all the updates that currently exist on the Essentials management server and decline all the updates that are marked as Windows XP-related. The physical files of the declined updates will be deleted by the Decline unneeded updates maintenance task.
At the Dynamics Convergence 2010 conference I mentioned to several people that it is possible to create a dynamic group based on whether a piece of software is installed or not but I never went into the details of how to do it. This posting describes how to create a group for a particular piece of installed software (Microsoft Office 2003 Web Component for the purpose of illustrating the process).
Creating a group based on if software is installed is helpful for approving new versions of software for installation (e.g. you want to upgrade from version 2 to version 3),
There is a three step process to create a dynamic group based on if a software application is installed:
The first step is to create an attribute that we can use to evaluate whether a computer has a piece of software installed or not. This can be based on either a registry key or WMI query. If you have a choice between using a registry key or a WMI query, opt for a registry key – the lookup process is more efficient.
You can use any registry key or WMI query. For this blog, since I am looking for a 32bit application installed on a 64bit computer, I’m going to use a registry entry under
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
If I was searching for a 32bit application on 32bit computer (or a 64bit application on a 64bit computer) then I could look in:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
I’m using the above registry key location since it tends to be a reliable way to determine which software is installed. In the above registry locations will be any currently installed software that has an uninstall program or feature.
To create an attribute:
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A4-0409-0000-0000000FF1CE}\
We have now created an attribute, whose value will be collected every 12 hours from each Windows Computer managed by Essentials.
Now that we have an attribute, we can use the attribute to define a group whose membership will change based on whether the value of the attribute is true (i.e. Office 2003 Web Components are installed).
To create the Managed Group:
We have now created a group whose membership is controlled by the value of the attribute defined earlier. In our case, we now have a group for all computers with the Microsoft Office 2003 Web Component installed.
Managed groups do not show in the Computers workspace by default. Our final step is to add the group we created in the previous step into the Computers workspace, where it will then be available for approving software and updates.
You now have a computer group whose membership will change depending on the software installed on the computers managed by Essentials.
By saving the attributes and group definitions in their own management pack you can export and share your software groups with other people. You can also export the management pack and manually edit it (its XML) if you want to create multiple groups without stepping through the wizards.
Before you create lots and lots of groups, it is important to know that we’ve tested Essentials 2010 to be able to handle up to 100 computer groups. While the process above will also work with Essentials 2007, we are aware of scale issues that can cause group synchronization to stop working in Essentials 2007 when there are around 30 groups (for some people the number is higher, for others it is lower).