If you want to use Virtual Server 2005 Migration Toolkit (VSMT) to migrate a computer running Windows Server 2003 SP1 to a virtual machine, you'll need to copy some system files from your installation of Windows Server 2003 SP1 to the computer running VSMT. Normally VSMT automatically swaps out certain system files in your installation for others that are compatible with virtual machine emulated hardware, but VSMT doesn't have the necessary files for Windows Server 2003 SP1. This is because VSMT was released before Windows Server 2003 SP1.

1. Copy the following files from your installation of Windows Server 2003 SP1 to %ProgramFiles%\Microsoft VSMT\Patches\Source\5.2.3790\sp1\.

a. From %SystemDrive%\WINNT\system32\drivers, copy the following files:

atapi.sys
intelide.sys
pciide.sys
pciidex.sys

b. From %SystemDrive%\WINNT\Driver Cache\i386\driver.cab, copy the following file:

aic78xx.sys

c. From %SystemDrive%\WINNT\Driver Cache\i386\sp1.cab, copy the following files:

hal.dll
halacpi.dll
ntkrnlpa.exe
ntoskrnl.exe

2. Copy the following XML files from %ProgramFiles%\Microsoft VSMT\Patches\Source\5.2.3790\ to %ProgramFiles%\Microsoft VSMT\Patches\Source\5.2.3790\sp1\:

finish.xml
hal.xml
hal_nacpi.xml
start.xml
storage.xml
storageSCSI.xml
UNIPROC.xml

For more information how VSMT swaps out system files and the reasons why it's important, see the "Step 6: Load system files" topic in the VSMT User's Guide (%ProgramFiles%\Microsoft VSMT\Help\vsmt.chm). To download VSMT, go to http://www.microsoft.com/windowsserversystem/virtualserver/evaluation/vsmt.mspx.

Important notes:

• You should either run Windows Server 2003 SP1 under Virtual Server 2005 SP1 (now in beta), or at least install the Virtual Machine Additions that ship with Virtual Server 2005 SP1. Otherwise, you may be unhappy with your virtual machine's performance. For more information about the beta, see http://blogs.technet.com/megand/archive/2005/04/20/403950.aspx.
• ADS 1.0 doesn't work with Windows Server 2003 SP1. If you installed ADS 1.0 and pointed it to Server2003-SP1 SlipStream binaries, you'll get an error (Error Code: 81070303). To fix the problem, you'll need to uninstall ADS, then reinstall it. During setup when it asks for location of windows files, point it to Server2003 RTM binaries.

Jeff Woolsey has written this article to help you optimize the performance of your virtual machines - http://blogs.technet.com/megand/articles/406145.aspx. Thanks Jeff!

PS: I'm back from my vacation (which was grand!).

I learned how to do this at TechEd 2004 in a lab led by Robert Larson, one of our resident Virtual Server gurus.

You can create a “base” virtual machine with the operating system and applications you want, and then copy its .vhd file to use for other virtual machines. When you do this, it’s important to run a tool called Sysprep on the base virtual machine. That way, when you start a virtual machine that uses a copy of the base virtual machine’s .vhd file, the guest operating system will be assigned a new SID, GUID, MAC address, and so forth when it starts up. This way you won’t end up with network conflicts between different virtual machines that use the same copied .vhd file.

Important Notes:

• Do not perform this procedure on the host computer!! Perform it only within the guest operating system of the virtual machine you want to clone.
• Microsoft does not support using a tool other than Sysprep for cloning virtual machines. For more information, see this Knowledge Base article: http://support.microsoft.com/Default.aspx?id=162001.

Step 1: Install the Setup Manager files in your guest operating system

1. Set up a base virtual machine by installing the operating system, service pack, patches, applications, and so forth that you want to clone.
2. Start the guest operating system and log on as a local administrator.
3. From the guest operating system, go to the Microsoft Web site and download the appropriate Sysprep version. Extract the files to a folder such as C:\Tools on the guest hard disk. You can obtain the SysPrep files from the following locations:
   Windows 2000:  http://www.microsoft.com/windows2000/downloads/tools/sysprep/default.asp
   Windows XP:  http://www.microsoft.com/downloads/details.aspx?FamilyID=7a83123d-507b-4095-9d9d-0a195f7b5f69&DisplayLang=en
   Windows XP SP2 and Windows Server 2003:  http://www.microsoft.com/downloads/details.aspx?FamilyID=3e90dc91-ac56-4665-949b-beda3080e0f6&displaylang=en&Hash=RWRPDM9

Step 2: Create an answer file

Note: This procedure applies to the Sysprep version for Windows Server 2003. You’ll need to modify the steps for other versions of Sysprep. The files that you extracted from the Microsoft Web site include a help file named Deploy.chm that has specific information for your version. It's a good idea to read the help file and become familiar with this tool and figure out how to customize the following steps for your own environment and purposes.

1. In the Tools folder on the local disk of the guest operating system, double click Setupmgr.exe to start the Setup Manager wizard.
2. Click "Next."
3. Select "Create New" and click "Next."
4. Select "Sysprep Setup" and click "Next."
5. Select the type of guest operating system and click "Next."
6. Select "Yes – Fully automate the installation" and click "Next."
7. Type a name and organization, click "Next."
8. Accept the default display settings by clicking "Next."
9. Select your home time zone and click "Next."
10. In Product Key type the product key and click "Next."
11. In licensing, select the type of license for the guest operating system, and click "Next."
12. Type a computer name for the guest operating system and click "Next."
13. Set the administrator password and click "Next."
14. To ensure that the password will be set, the machine’s password must be blank.  Press Right-ALT + DEL and click "Change Password." Type the old password and leave the new password blank. Click "OK."
15. Select "Typical Settings" and click "Next."
16. Leave the machine in a workgroup and click "Next."
17. Customize the next few screens of additional settings as necessary. If you don't know what they're for, accept the defaults.
18. In "Identification String" type the computer name and click "Finish."
19. Specify C:\Tools\Sysprep\sysprep.inf for the location for the .inf file.
20. Click "Cancel" to close the Setup Manager wizard.
21. You now have a C:\sysprep folder with your sysprep file and copy stored at C:\tools\sysprep\sysprep.inf.  
    Copy Sysprep.exe and Setupcl.exe from C:\Tools\Sysprep to C:\Sysprep.

Step 3 – Sysprep the guest operating system

1. Close all windows in the guest operating system.
2. Click "Start" and then "Run."
3. Type C:\sysprep\sysprep.exe and press Enter. 
4. This starts the Sysprep process. Click "OK" to clear the warning dialog.
5. Select "Do not reset grace period for activation."
6. Make sure that the shutdown mode is "Shutdown."
7. Click "Reseal."
8. When prompted about regenerating SIDS, click "OK." The guest operating system will be Sysprepd and will automatically shut down.
9. Remove the base .vhd file from the virtual machine, and in the file system, make the base.vhd file read-only. You need to do this because you do not want to start a virtual machine by using this base .vhd file. If you do, it will undo the whole process that you just went through.

You can now make copies of this .vhd file and attach them to different virtual machines. After you copy the .vhd file, you need to remove the copy’s read-only attribute. When you start a virtual machine with a copied .vhd file, it will receive a unique SID and other identifiers. You can also use the base .vhd file as the parent drive image for several differencing drives. The unique identifiers for each guest operating system built in this way will thus be written into the differencing drives, and not the parent.

Note: The fourth time you run Sysprep on the same media, you receive the message, "Your grace period limit has been reached and will not be reset." For more information, see http://support.microsoft.com/default.aspx?scid=299840.

Here's a tidbit I learned about from Dave Kowalsky. Thanks Dave!

http://www.informationweek.com/story/showArticle.jhtml?articleID=164300985

Summary:

At its annual conference in SanJose, the PCI Special Interest Group detailed updates and extensions to the PCI Express specification that could drive annual silicon updates through 2007. The SIG outlined six new directions for Express, taking the serial technology into areas such as security and virtualization.

The SIG announced plans to extend the Express spec for virtualized I/O. The extension will allow multiple operating systems to access the same physical I/O resources either simultaneously or in serial fashion. The spec will define supersets for accessing I/O in a single or in a multihost environment.

Software virtualization is seen as a key technique for making best use of the multicore, multithreaded processors beginning to proliferate in the PC market. Advanced Micro Devices and Intel are rolling out separate techniques for virtualizing their multicore processors. With the new spec, the SIG will extend those capabilities to Express-based I/O devices. Designers think virtualization ultimately will be applied to all PC systems — even multitasking home computers. But its first target is server blades that are evolving towards stateless collections of compute boards in a single chassis linked on an Express mezzanine bus. The virtual I/O spec will allow those compute cards to share Express, Ethernet and storage I/O resources in and outside their chassis.

The spec is still in an early stage, with the 19-company working group about to put a requirements document out for review. A completed spec is not expected until late in 2006 or early in 2007. It will also require hardware changes for chip makers who want to support its features.

Q: Rod has this question: "I recently made the switch over to Virtual Server 2005 from VMware.  I love the web based interface but am having troubles with enabling SSL. Can I use SelfSSL from the IIS6 Reskit?  Could I set up a CA in a virtual machine to create the website and VMRC SSL certificates? Any tips on securing the Admin website and VMRC?

A: Here's a response from Ed Reed, a developer on the Virtual Machine team, and our resident VM security expert:

For the Administration Website, there are no special requirements for an SSL certificate. As long as the certificate supports Server Authentication, it really doesn't matter where the certificate comes from. The choice of certificate, however, determines the level of security that SSL encryption can provide. Here are some links to relevant information:

• Designing a Public Key Infrastructure:
  http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/b1ee9920-d7ef-4ce5-b63c-3661c72e0f0b.mspx
• Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
• Windows Server 2003 PKI Operations Guide: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws03pkog.mspx
• How to implement SSL with a stand-alone certificate server in Virtual Server 2005: http://support.microsoft.com/default.aspx?scid=kb;en-us;887490

The requirements are different, however, for VMRC. Because Virtual Server runs as NetworkService, you need to create the VMRC SSL certificate using the IVMVirtualServer::VMRCCreateEncryptionCertificateRequest COM interface. You can also create this certificate from the Administration Website on the Virtual Machine Remote Control (VMRC) Server Properties page. This request makes a temporary certificate that can be used to perform SSL encryption, however, it doesn't have the full security of a certificate signed by a third-party CA. If you use MAKECERT or some other tool, the private key is stored such that it is inaccessible to NetworkService. Such a certificate will not work for VMRC.