Second post on this subject. This time I will deal with the technical steps involved to build my environment.
Machines setup
Server Core configuration
I will not describe all the steps involved but I will give the commands I used on my Server Core servers to set the general settings of a server when it enters in production.
Add or install drivers
Add to the Driver Store :
| PNPUTIL -a %homedrive%\<driver folder>\<driver>.inf |
Add to the driver store and install :
| PNPUTIL -i -a %homedrive%\<driver folder>\<driver>.inf |
Rename a computer
| NETDOM RENAMECOMPUTER %COMPUTERNAME% /NEWNAME:TOTO |
netdom command syntax
Configure network connections and TCP/IP
Rename a network connection :
| NETSH INT SET INT NAME="Local Area Connection" NEWNAME="CorpNet" |
Set an IP v4 address, mask and gateway :
| NETSH INT IPV4 SET ADDR NAME="CorpNet" STATIC 192.168.2.3 255.255.255.0 192.168.2.1 |
Add another IP v4 address, mask and gateway :
| NETSH INT IPV4 SET ADDR NAME="CorpNet" STATIC 192.168.14.3 255.255.255.0 192.168.14.1 |
Specify DNS servers :
| NETSH INT IPV4 SET DNSSERVER NAME="CorpNet" STATIC 192.168.14.60 BOTH |
Netsh Commands for Wired Local Area Network (LAN)
Netsh Commands for Wireless Local Area Network (WLAN)
Join a domain
| NETDOM JOIN %COMPUTERNAME% /DOMAIN:dom.local /userD:DOM\User /passwordD:* |
Add a domain user/group to a local group
| NETDOM LOCALGROUP Administrators DOM\User /add |
Enable Remote Desktop for administration
| CSCRIPT %WINDIR%\System32\scregedit.wsf /ar 0 |
Enable Windows Updates
| CSCRIPT %WINDIR%\System32\scregedit.wsf /AU 4 |
Install Roles and Features
List roles and features :
Install a role :
| START /W OCSETUP FailoverCluster-Core /QUIET /NORESTART |
Uninstall a role :
| START /W OCSETUP /UNINSTALL FailoverCluster-Core /QUIET /NORESTART |
Enable remote administration
| NETSH ADVFIREWALL SET ALLPROFILES SETTINGS REMOTEMANAGEMENT ENABLE |
iSCSI Initiators configuration
As my cluster runs on Server Core servers, I had to use the CLI provided by the iSCSI components.
Configure the iSCSI service to start automatically :
| SC CONFIG MSISCSI START= AUTO |
Start the iSCSI service :
Add a iSCSI target portal :
| ISCSICLI QADDTARGETPORTAL 192.168.2.2 |
List targets available :
You should have something like this as a result :
| Microsoft iSCSI Initiator Version 6.0 Build 6000 Targets List:
iqn.1991-05.com.microsoft:iscsiserver-s-iscsiclient-target
The operation completed successfully. |
Login to the target available :
| ISCSICLI QLOGINTARGET iqn.1991-05.com.microsoft:iscsiserver-s-iscsiclient-target |
Set the previous login persistent while restarting the computer :
| ISCSICLI PERSISTENTLOGINTARGET iqn.1991-05.com.microsoft:iscsiserver-s-iscsiclient-target T * * * * * * * * * * * * * * * 0 |
Microsoft iSCSI Software Initiator Version 2.07
Cluster preparation
Continuing the configuration of the physical cluster under a command prompt I have to use cluster.exe.
First, I had to prepare the quorum disk (which is my disk 1, disk 0 being my system disk) :
| C:\diskpart.exe DISKPART> SELECT DISK1 DISKPART> ONLINE DISK DISKPART> ATTRIB DISK CLEAR READONLY DISKPART> CREATE PART PRI DISKPART> ASSIGNE LETTER Q: DISKPART> FORMAT FS=NTFS LABEL=Quorum QUICK DISKPART> AUTOMOUNT DISKPART> DETAIL DISK Note the DISK ID (if MBR then Disk Signature, if GPT then Disk GUID) DISKPART> EXIT |
I created my cluster :
| C:\CLUSTER CLUSTER-FC /CREATE C:\CLUSTER /CLUSTER:CLUSTER-FC RES "Quorum Disk" /CREATE /GROUP:"Cluster Group" /TYPE:"Physical Disk" C:\CLUSTER /CLUSTER:CLUSTER-FC RES "Quorum Disk" /PRIV DiskSignature=0xA81F6D69 I used the DISK ID I identified in the previous step C:\CLUSTER /CLUSTER:CLUSTER-FC RES "Quorum Disk" /ON C:\CLUSTER /CLUSTER:CLUSTER-FC /QUORUM:"Quorum Disk" |
I added the second node of my cluster :
| C:\CLUSTER /CLUSTER:CLUSTER-FC /ADDNODE /NODE:NODE2 |
To create other resources in my cluster I used the Failover Clustering MMC from my laptop. It was quite easier !
cluster command syntax
Hyper-V installation
On my Hyper-V server, I first downloaded the Hyper-V Update for Windows Server 2008 x64 Edition (KB950050) and I ran the following command on my Hyper-V server (which is a Server Core) :
| C:\WUSA C:\SRC\KB950050.MSU /QUIET |
Then I installed the role :
| C:\START /W OCSETUP Microsoft-Hyper-V |
On my laptop, I downloaded the Hyper-V Remote Management Update for Windows Vista for x64-based Systems (KB952627) and installed it locally.
I was then able to manage my Hyper-V server remotely.
Virtual Server 2005 R2 SP1 installation
I first installed all IIS requirements :
- Web Server
- Common HTTP features
- Static Content
- Default Document
- Directory Browsing
- HTTP Errors
- Application Development
- Health and Diagnostics
- HTTP Logging
- Request Monitor
- Security
- Basic Authentication
- Windows Authentication
- Digest Authentication
- Request Filtering
- Performance
- Static Content Compression
- Management Tools
- IIS Management Console
- IIS 6 Management Compatibility
- IIS 6 Metabase Compatibility
- IIS 6 WMI Compatibility
- IIS 6 Scriping Tools
- IIS 6 Management Console
On my Virtual Server server I downloaded the following components and installed them as any other applications :
Note : installing the update requires an elevated Command Prompt
Release Notes for Virtual Server 2005 R2 SP1
DPM 2007 installation
Some hints I used to install DPM 2007 on a Windows Server 2008 :
Manually Install Required Windows Components
Manually Install SQL Server 2005
Installing Protection Agents behind a Firewall
SCVMM 2008 installation
Well... I cannot explain how I did... the product is not released yet :-)
How did I set up my network ?
In my configuration I use two different physical networks. One is the Corporate Network on which I have no power at all and the second one is dedicated to private communication for my own stuff which consists of iSCSI and virtual machines traffic.
I have to use a separate network because we have strong security policies internally enforced to Windows Firewall and IPSec so I cannot run all scenarios I want on this side. All NICs connected on non-MS network do not suffer from that security and thus allowed me to set up my cluster with iSCSI without any trouble.
Additionally, I want to have two separated subnets on my private network two have an environment with a bit more complexity than a single IP range on a physical network.
Physical subnetting
I have nothing to say about the Corporate Network side. All my physical machines are connected to it and receive IPv4 and IPv6 addresses from the corporate DHCP server.
From the private network side, totally disconnected from the Corporate Network, here are the subnets used :
- 1 IP subnet for virtual machines hosted on the Hyper-V server
- Private Network #1 : 192.168.14.0/24
- 1 IP subnet for virtual machines hosted on the Virtual Server server
- Private Network #2 : 192.168.15.0/24
- 1 IP subnet for my physical iSCSI network
- iSCSI Network #1 : 192.168.12.0/24
In fact IP subnets of Private Network #1 and Private Network #2 are totally logical as they rely on the same network switch. These subnets exist because virtual machines on the Hyper-V server are configured with a 192.168.14.x address and virtual machines on the Virtual Server server are configured with a 192.168.15.x address.
In addition, my HP xw6200 has two IP addresses on the private NIC which are 192.168.14.1 and 192.168.15.1. As I installed the Routing and Remote Access Services role traffic between these two subnets is routed.
Virtual subnetting
I have several subnets configured :
- 1 IP subnet for a primary backbone (on the Hyper-V server)
- Backbone #1 : 192.168.14.0/24
- 1 IP subnet for a secondary backbone(on the Virtual Server server)
- Backbone #2 : 192.168.15.0/24
- 1 IP subnet for iSCSI traffic (on the Virtual Server server and on the Hyper-V Server)
- Virtual iSCSI #1 : 192.168.11.0/24
- 1 IP subnet for iSCSI traffic (on the Hyper-V server)
- Virtual iSCSI #2 : 192.168.12.0/24
- 1 IP subnet for clusters' traffic (on the Hyper-V server)
- Cluster #1 : 192.168.13.0/24
- 1 IP subnet for clusters' traffic (on the Virtual Server server)
- Cluster #2 : 192.168.13.0/24
All subnets still be logical as they rely on virtual network which reside on only one NIC on each virtualization server.
My HP xw6200 routes traffic as well between 192.168.14.1 and 192.168.15.1 subnets.
A schema to better understand
Routing
To allow routing between my two "backbones", I had to set up RRAS on my HP xw6200.
Routing and Remote Access Service configuration
- From Start | Programs | Administrative Tools | Routing and Remote Access
- Select the server you want to configure
- Menu Action | Configure and Enable Routing and Remote Access
- Click on Next
- Select Custom configuration and click on Next
- Select LAN Routing and click on Next
- Click on Finish
- Click on Start service
Routing configuration
- Select <Servername> | IPv4 | Static routes
- Menu Action | New static route…
- Interface : select the physical adapter to configure (ex : Private Network)
- Destination : IP address of the target network to route to (ex : 192.168.5.0)
- Network Mask : second IP subnet mask (ex : 255.255.255.0)
- Gateway : IP address of the first IP subnet's gateway (ex : 192.168.6.1)
- Click on OK
Apply the same steps for the second IP subnet, you should obtain this configuration :
If I had two physical interfaces for my private network, while configuring routing for the second subnet, I should select the second physical interface and repeat the steps.
DHCP Relay configuration
If I had two physical interfaces for my private network I should have to allow PXE broadcast over my two IP subnets to allow PXE traffic. Currently I don't need as broadcasts are on the same physical network.
In the case you have to enable it :
- Select <Servername> | IPv4 | General
- Menu Action | New Routing Protocol…
- Select DHCP Relay Agent and click on OK
- Select <Servername> | IPv4 | DHCP Relay Agent
- Menu Action | New Interface…
- Select the physical adapter which represent the subnet on which reside PXE clients and click twice on OK
- Menu Action | New Interface…
- Select the physical adapter which represent the subnet where the DHCP and/or WDS servers are located and click twice on OK
- Menu Action | Properties
- Add IP addresses of the DHCP and/or WDS servers and click on OK
Virtual networks configuration ?
I have then to configure some virtual networks on my Hyper-V and Virtual Server servers to make all my virtual machines communicate together.
Hyper-V virtual networks
You should know that Hyper-V provides three types of virtual networks :
- External which is bound to a physical network adapter and allow communication of virtual machines on a physical network
- Internal which is a private network between virtual machines and their host
- Private which is a truly virtual network on which only virtual machines can be bound
I adopted a basic taxonomy for my virtual networks to be able to quickly identify which access a virtual network provides :
- For External networks : E-[Description]
- For Internal networks : I-[Description] [IP subnet definition)]
- For Private networks : P-[Description] [IP subnet definition)]
In my configuration I have this :
- E-CorpNet LAN configuration :
- Used to attach virtual machines to the Corporate Network
- E-Private LAN configuration :
- Used to provide communication over my private network to my virtual machines between my Hyper-V and Virtual Server servers
There is no specific configuration for the remaining virtual networks as they are Private networks and only used for virtual machines communications :
- P-Cluster : bound to Windows clusters to assume the private network between nodes
- P-iSCSI : bound to Windows clusters and some stand-alone servers for the virtual iSCSI network
- P-LAN : bound to any virtual machines not requiring access to other resources
TechNet library - Hyper-V
Virtual Server virtual networks
The configuration on the Virtual Server is more simple as you can choose only between a virtual network bound to a physical network adapter or a virtual network allowing only guests communication.
- The following virtual network is bound to the private NIC on the Virtual Server server and is intended to be used for iSCSI traffic to the HP xw6200 which services the iSCSI Software Target Initiator :
- The following virtual network is also bound to the private NIC on the Virtual Server server and used as a backbone for virtual machines :
- The following virtual network is not bound to any physical NIC on the Virtual Server server and is used as the private network for virtual machines running in a cluster :
Well, quite a long post. I hope I covered the main points but if I missed some stuff or if you ask for more : let me know !
Next time I'll describe my virtual machines and how I used some technologies to set up virtual machines quickly.
To be continued...
~ Guillaume
In order to troubleshoot an issue with Windows Desktop Search today, I received a virtual machine built under Windows XP SP3 on an Italian host, and so with an Italian keyboard.
While trying to log on to this machine I had some trouble typing the correct password with special characters.
The following web site helped me a lot as it provides interactive keyboard of most of the countries :
Windows Keyboard Layouts
This site (Global Dev) is quite useful when troubleshooting localized issues.
Hope that helps sometime...
~ Guillaume
As products evolve, I want to use as much as possible the new technologies I have to support. To reach this goal I decided to build an environment respecting Microsoft security policies but enough flexible to host quickly and easily all kind of products and most of all : provide tools to troubleshoot customer issues !
From now, I have 4 more drafts in hand dealing with this subject (i.e. "My working environment") but I will begin by the beginning : describing what I installed and what I daily use in my job.
This first post will deal with an overview of the hardware involved and how I defined the job for each of the machines I have (hope nobody will ask me why I have so much machines :-) and how they work together.
Machines
I have some of those machines since my first(s) day(s) at Microsoft, I grabbed the old Dell OptiPlex when we had our last machines' upgrade and the GX620 from a team mate which has virtualized all his machines.
And a very old Dell OptiPlex I use to present SCSI disks to my HP xw6200.
Network
All my machines are connected to a Gb switch which is connected to the Corporate Network through my IP Phone. This one is limited to 100Mb but as most of my traffic is between my computers it's not a real issue.
I also have a private network (also on a Gb switch) to allow communication between my Hyper-V server and my Virtual Server 2005 server. I can then have more virtual machines (well... not so much !) in the same environment and have some routing capabilities which is useful to test stretched clusters or running some repro scenarios when dealing with customer issues.
This private network is also used for my physical iSCSI network (where the Initiator Software Target is my HP xw6200) used to present shared disks to my physical cluster and to some virtual machines.
Here is a schema to understand how it is configured physically :
Machines roles
So here are the roles I assigned to the machines :
- Cluster Windows Server 2008
- Clustered File Server
- Clustered Print Server
- Machines involved
- Dell Precision 690
- Dell OptiPlex GX620
- iSCSI network
- Used to share disks in my cluster
- Machines involved
- HP xw6200 : ISCSI Software Target Initiator
- Dell Precision 690 : iSCSI Target
- Dell OptiPlex GX620 : iSCSI Target
- Hyper-V
- Virtual Server 2005 R2 SP1
- System Center Virtual Machine Manager 2008
- Used to manage my Hyper-V and Virtual Server servers
- Machine involved
- System Center Data Protection Manager 2007
- Used to backup some data on my servers
- Used to backup my laptop
- Machine involved
When I'm at the office, my laptop is the master commander of all of this. Through RSAT (Remote Server Administration Tools), the diverse MMC consoles, Windows Remote Shell and of course Remote Desktop I have a large set of tools to manage the servers. But I'll speak about this in another post.
My next post regarding this theme will describe all the configuration steps I followed to set up this small infrastructure.
To be continued...
~ Guillaume
I use Microsoft Office Visio for years now and I find it quite usefull when drawing network schemas or servers' architecture representations.
There's now a dedicated web site providing news, training and a centralized location for add-ins and templates.
Here it is : Microsoft Visio Toolbox
~ Guillaume
For those who are curious about the roadmap of Windows Server, you can find it here :
Product Roadmap
The next version should be a minor release named Windows Server 2008 R2 if we consider the post on the Windows Server Division blog : Windows Server '7' aka "Windows Server 2008 R2"
~ Guillaume
Microsoft has announced supportability status of Microsoft applications running in virtualized environments.
You can find the official statement here :
KB957006 - Microsoft server software and supported virtualization environments
- Microsoft Exchange
- Microsoft SQL Server
You can find additional information on the Server Virtualization Validation Program (SVVP) page to find participant vendors.
KB944987 - Support partners for non-Microsoft hardware virtualization software
And last, an updated version of the next KB article :
KB897615 - Support policy for Microsoft software running in non-Microsoft hardware virtualization software
~ Guillaume
Attractive title, isn't it ?
Well in fact, this is to announce the creation of a new blog that will deal with the Windows 7 project : Engineering Windows 7.
This blog will be managed by Jon DeVaan and Steven Sinofsky and members of the engineering team, so there will certainly be interesting stuff in it.
Keep you up to date with http://blogs.msdn.com/e7
La version française : http://blogs.msdn.com/e7fr
~ Guillaume
You can find this guide here : Performance Tuning Guidelines for Windows Server 2008
There's a lot of tuning aspects in this document, including Hyper-V.
~ Guillaume
As Internet Explore 8 is coming (the Beta 2 should be released soon), you may want to know what could impact your browsing experience while visiting your web site.
There's a KB article dealing with some potential impacts and their resolution :
Your Web site may not display correctly in Internet Explorer 8 Beta 1
Additionally, check the IE Blog : http://blogs.msdn.com/ie
~ Guillaume
I was just browsing the web at home as I'm use to some evenings of the week, and I stopped at this blog : http://blogs.technet.com/steriley.
This guy speaks about security in a way I could not stop reading his posts !
Really check out this blog, it's really interesting (and I'm not kind in security at all).
Additionally, you can find one of his TechEd intervention dealing with Virtualization and Security :
Slides : http://microsofttech.fr.edgesuite.net/msexp/download/spotlight/991/991_pres.zip
Video : http://microsofttech.fr.edgesuite.net/msexp/download/spotlight/991/991_high.zip
~ Guillaume
Here is the first release of the deployment guide for Hyper-V :
Hyper-V Planning and Deployment Guide
In my opinion this document gives a good overview of the requirements and limits of Hyper-V and some useful information on some of the main components of this platform.
But I still wait a deployment guide for clustered Hyper-V as there is many options to set up a highly available virtualized environment with this hypervisor.
~ Guillaume
Désormais, pour un grand nombre d'entre eux, vous pourrez télécharger les correctifs qui n'étaient pas disponibles publiquement par vous même au lieu de contacter le support Microsoft.
Par exemple, pour cet article technique KB951308, vous verrez cet encart en haut de la fiche :
C'est la nouveauté de la plupart des articles techniques liés à un correctif qui indique leur disponibilité à travers le programme Hotfix Online Submission.
Après avoir rempli les champs requis, sélectionner la version du correctif et entrer un code permettant d'éviter les robots dans le formulaire "Hotfix Request" et cliquer sur le boutton "Request hotfix" vous devriez voir ceci :
Il faudra juste attendre de recevoir un mail contenant le lien vers le correctif.
Ce projet vise à rendre plus fluide la délivrance des correctifs à nos clients alors que jusqu'à présent, il fallait passer un appel au support pour ouvrir un dossier (non décompté dans les contrats de support), être contacté par un ingénieur support qui identifiait la plateforme cible, la langue, etc... pour ensuite recevoir le correctif.
A noter cependant que cela ne doit pas vous empêcher pas d'être rigoureux dans l'identification des problèmes afin de ne pas appliquer un correctif qui n'est pas lié à la problématique rencontrée :-)
C'est là une des valeurs ajoutée du support Microsoft qui après l'envoi du correctif, s'assure que le problème est résolu...
~ Guillaume
A new update has been released to improve the behavior of Hyper-V while clustered.
Extract :
"This update incorporates changes in the way that the Windows Server 2008 Failover Cluster Management console functions for the Hyper-V role. These changes provide increased functionality and virtual machine controls that are consistent with the Hyper-V Manager console.
This update changes the Failover Cluster Management console (the Cluadmin.msc file) and the server components of the failover cluster. If this update is installed on one node, it should be installed on all nodes of a Windows Server 2008 failover cluster. It may be installed on one node at a time. However, we recommend having all the nodes updated in a reasonable time. You may experience errors on a Failover Cluster Manager that has not been updated to a failover cluster that has had this update applied. These errors occur because of differences between the non-updated Cluadmin.msc file and the updated failover cluster."
Be sure to review the following technical article to learn about the changes and get the update (there's a link at the top of the KB) :
http://support.microsoft.com/?id=951308
~ Guillaume
I was curious about that service for a long time but I didn't manage to access it until today.
My first impression is that's impressive.
I added my corporate laptop and my home desktop and shared a folder and after a few seconds, I was able to see it on both devices as well as in the Live Desktop on the web !
Well I don't sync any corporate files for now as I'm always a bit paranoid but that looks really great !
You can find a description of the authorization and encryption mechanism used here : Behind Live Mesh: Authorization and encryption.
I also tested the Remote Control and it works fine... a bit slow but it works the display rendering is really impressive.
I'm now waiting to be able to add my mobile device...
Visit the Live Mesh blog for more information.
~ Guillaume
J'ai profité de mon séjour à Seattle pour passer quelques certifications qui me permettent d'être désormais MCITP - Enterprise Administrator soit "Microsoft Certified IT Professional"...
Titre ronflant certes... mais ce qui m'a le plus marqué c'est que passer ces tests m'a permis de me rendre compte de l'évolution apportée à Windows depuis 1998 (date de mon dernier MCP sous Windows NT 4.0) !
La dimension que prend un système d'exploitation dans un environnement IT a bien changé. Nous sommes passé d'une boîte qui fonctionne dans un coin à un système qui s'intègre au système d'information et propose des services auxquels on ne faisait que rêver il y a quelques années !
Pour en revenir aux examens, je m'y suis présenté sans préparation particulière sinon mon petit bagage d'expérience(s) et dans l'absolu... je m'en suis bien sorti ! Il faut dire que malgré ma spécialisation actuelle autour du coeur Windows, dans ma vie passée j'ai manipulé Active Directory, SMS 2003, les techniques de déploiement, un peu de IIS (en amateur) et j'ai l'avantage de pouvoir bénéficier des compétences de mes collègues lors de discussions très intéressantes sur les technologies qu'ils représentent.
Voici le chemin de transition de MCSE vers la certification MCITP - Enterprise Adminitrator :
Dans le cas où vous n'êtes pas déjà MCSE, voici la liste des examens a passer :
- Exam 70-640 : Windows Server 2008 Active Directory Configuration
- Exam 70-642 : Windows Server 2008 Network Infrastructure Configuration
- Exam 70-643 : Windows Server 2008 Applications Infrastructure Configuration
- Exam 70-620 : Windows Vista Configuration
- Exam 70-624 : Business Desktop Deployment
- Exam 70-647 : PRO: Windows Server 2008, Enterprise Administrator
Le lien vers la page qui convient : MCITP: Enterprise Administrator
~ Guillaume
