hyper v deployment and best practices - thisnetwork · hyper-v deployment and best practices satyen...

Hyper-V Deployment and Best Practices

Satyen Pradhan

Premier Field Engineer

satyenp@microsoft.com

Microsoft (Malaysia)

Session Objectives

Hyper-V Benefits

Server consolidationServer consolidation

Business ContinuityBusiness Continuity FlexibilityFlexibility

UtilizationUtilization

Hyper-V: Production Ready

TAP, RDP & MSIT Hyper-V DeploymentsThousands of Hyper-V VMs in PRODUCTION

Windows Server 2003/2008 Roles:

File, Print, AD, RODC, IIS/Web, TS, Application Services, DHCP, DNS, WSS and

more…

Microsoft Server Products:

SQL, Exchange, HPC, ISA, Sharepoint, Project Server, VSTS, BizTalk,

Configuration Manager, Operations Manager & more…

Hyper-V Stats:Performance Blockers: ZERO

Deployment Blockers: ZERO

Application Compatibility Bugs: ZERO

Scalability Blockers: ZERO

Hyper-V: Production Scalability

Hyper-V Powering Microsoft Internet Properties

TechNet: 100% Hyper-V

http://technet.microsoft.com

~1 million hits a DAY

MSDN: 100% Hyper-V

http://msdn.microsoft.com

~3 million hits a DAY

Microsoft.com: ~50% Hyper-V and growing

http://www.microsoft.com

>1 billion hits a month

Windows Server

2008

VSPVSPWindows

Kernel

Applications Applications Applications

Non-

Hypervisor Aware OS

Windows Server

2003, 2008

Windows

Kernel VSC

VMBusVMBus EmulationEmulation

“Designed for Windows” Server Hardware

Windows hypervisor

Xen-Enabled

Linux Kernel

Linux

VSC

Hypercall Adapter

Parent

PartitionChild Partitions

VM ServiceVM Service

WMI ProviderWMI Provider

VM Worker

Processes

OS

ISV / IHV / OEM

Microsoft Hyper-V

Microsoft / XenSource

User

Mode

Kernel

Mode

Provided by:

Ring -1

IHV

Drivers

VMBusVMBus

VMBus

Applications

Virtualization Requirements

1.1. SchedulerScheduler

2.2. Memory Memory

ManagementManagement

3.3. VM State MachineVM State Machine

4.4. Virtualized DevicesVirtualized Devices

5.5. Storage StackStorage Stack

6.6. Network StackNetwork Stack

7.7. DriversDrivers

8.8. Management APIManagement API

Why not get rid of the parent?No defense in depth

Entire hypervisor running in the most privileged mode of the system

•Scheduler•Memory Management•Storage Stack•Network Stack•VM State Machine•Virtualized Devices•Drivers•Management API

Hardware

Ring -1

UserMode

KernelMode

UserMode

KernelMode

UserMode

KernelMode Ring 0

Ring 3

Virtual

Machine

Virtual

Machine

Virtual

Machine

Micro-kernelized Hypervisor

Defense in depth

Using hardware to protect

Hyper-V doesn’t use ring compression

SchedulerMemory Management

Hardware

VM State MachineVirtualized DevicesManagement API

Ring -1

Storage StackNetwork Stack

Drivers

UserMode

KernelMode

UserMode

KernelMode Ring 0

Ring 3

Parent PartitionVirtual

Machine

Virtual

Machine

HOW TO INSTALL HYPER-V?

SERVER CORE

Windows Server Core

Windows Server Core

ENABLING HYPER-V WITH

SERVER CORE

Step-by-step instructions…

Installing Hyper-V Role on CoreInstall Windows Server 2008, select a Server Core installation

option

Set Admin Password

net user administrator <new_password>

shutdown /r /t 0

Rename Computernetdom renamecomputer %computername% /newname:<new_computername>

shutdown /r /t 0

Join Domain

netdom join %computername% /domain:<domain> /userd:<username> /passwordd:*

enter password when prompted

shutdown /r /t 0

Add domain account to local admin group

net localgroup administrators /add <domain_account>

logoff

Add Hyper-V Roleocsetup Microsoft-Hyper-V

Restart when prompted

Enabling Remote DesktopOPTIONAL

cscript \windows\system32\scregedit.wsf /ar 0

cscript \windows\system32\scregedit.wsf /cs 0

HYPER-V NETWORKING

Hyper-V Networking

• Two physical network adapters at minimum

• One for management

• One (or more) for VM networking

• Dedicated NIC(s) for iSCSI

• Connect parent to back-end management network

• Only expose guests to internet traffic

Hyper-V Network Configurations

Example 1:Physical Server has 4 network adapters

NIC 1: Assigned to parent partition for management

NICs 2/3/4: Assigned to virtual switches for virtual machine networking

Storage is non-iSCSI such as:Direct attach

SAS or Fibre Channel

Hyper-V Setup & Networking 1

Hyper-V Setup & Networking 2

Hyper-V Setup & Networking 3

Hyper-V Network Configurations

Example 2:Server has 4 physical network adapters

NIC 1: Assigned to parent partition for management

NIC 2: Assigned to parent partition for iSCSI

NICs 3/4: Assigned to virtual switches for virtual machine networking

Hyper-V Setup, Networking & iSCSI

Networking: Parent Partition

Networking: Virtual Switches

HYPER-V & STORAGE…

Step by Step Instructions

Hyper-V Storage...Performance wise from fastest to slowest…

Fixed Disk VHDs/Pass Through DisksAbout the same in terms of performance

Dynamically Expanding VHDsGrow as needed

Pass Through DisksPro: VM writes directly to a disk/LUN without encapsulation in a VHD

Cons:

You can’t use VM snapshots

Pro/Con: Dedicating a disk to a vm

Use Fixed Disk VHDs or Pass Through Disks in Production!Use Fixed Disk VHDs or Pass Through Disks in Production!

VM Setting No Pass Through

Computer Management: Disk

Taking a disk offline

Disk is offline…

Pass Through Configured

BEST PRACTICES & TIPS AND

TRICKS

Deployment Considerations

Minimize risk to the Parent Partition

Use Server Core

Don’t run arbitrary apps, no web surfing

Run your apps and services in guests

Moving VMs from Virtual Server to Hyper-V

FIRST: Uninstall the VM Additions

Two physical network adapters at minimum

One for management (use a VLAN too)

One (or more) for vm networking

Dedicated NIC(s) for iSCSI

Only expose guests to internet traffic

Cluster Production Systems

Best Practices for Physical Servers

Avoid Overloading the Server

Ensure High Speed access to Storage

Avoid Mixing Virtual Machines that can and

cannot use Integration Services

Avoid Storing System Files on Drives used for

Hyper-V Storage

Monitor Performance to Optimize and Manage

Server Loading

Best Practices for Configuring Virtual Machines

Install Integration Services

Uninstall VMAdditions and Compact the VHDs

Set Display for Best Performance

To ensure the hardware acceleration is set to full

Configure Fixed-Size VHDs

The file system is less likely to fragment and better space management

Use SCSI Virtual Adapter for Data Drives

Allocate CPU Resources Based on Anticipated Usage

Consider using Pass-Through Disks

Configure Domain Controllers to Optimize Performance

Never save state or pause and do not take snapshots

Windows Server 2003 Cluster

Creation

Cluster Hyper-V Servers

Don't forget the ICs!Emulated vs. VSC

Anti-Virus & More…

Anti-VirusParent partition

• Run AV software and exclude .vhd

• Configure Anti-Virus to Bypass Hyper-V Processes and Directories

Child partitionsRun AV software within each VM

Use .isos

Great performance; Can be mounted and unmounted remotely

Physical DVD can’t be shared across multiple vms

Having them in SCVMM Library fast & convenient

Protects Data While a System is Offline

Entire Windows Volume is Encrypted (Hibernation and Page Files)

Delivers Umbrella Protection to Applications (On Encrypted Volume)

Ensures Boot Process Integrity

Automatically Locks System when Tampering Occurs

Simplifies Equipment Recycling

One Step Data Wipe – Deleting Access Keys Renders Disk Drive Useless

Mitigating Against External Threats…

Very Real Threat of Data Theft When a System is Stolen, Lost,or Otherwise Compromised (Hacker Tools Exist!)

Decommissioned Systems are not Guaranteed Clean

BitLocker Drive Encryption Support in Windows Server 2008

Addresses Leading External Threats by Combining Drive Level Encryptionwith Boot Process Integrity Validation

Leverages Trusted Platform Model (TPM) Technology (Hardware Module)

Integrates with Enterprise Ecosystem Maintaining Keys in Active Directory

BitLockerBitLocker--Persistent ProtectionPersistent Protection

Online Resources

Hyper-V WMI APIhttp://msdn2.microsoft.com/en-us/library/cc136992(VS.85).aspx

Virtual Hard Disk Specification OSP:http://www.microsoft.com/technet/virtualserver/downloads/vhdspec.mspx

MSDN & TechNet Powered by Hyper-Vhttp://blogs.technet.com/virtualization/archive/2008/05/20/msdn-and-technet-powered-by-hyper-v.aspx

Virtualization Solution Acceleratorshttp://technet.microsoft.com/en-us/solutionaccelerators/cc197910.aspx

How to install the Hyper-V rolehttp://www.microsoft.com/windowsserver2008/en/us/hyperv-install.aspx

Windows Server 2008 Hyper-V Performance Tuning Guidehttp://www.microsoft.com/whdc/system/sysperf/Perf_tun_srv.mspx

Using Hyper-V & BitLocker White Paperhttp://www.microsoft.com/downloads/details.aspx?FamilyID=2c3c0615-baf4-4a9c-b613-3fda14e84545&DisplayLang=en

Q & A

Have You Visited the Windows Client

TechCenter website?

www.technet.com/windows

Windows Client TechCenter provides IT professionals with the

right resources, at the right technical level, at the right point in

your technology adoption and management processes

Special Start.NET PromotionSpecial Start.NET Promotion

RM50 DISCOUNT + a FREE GIFTRM50 DISCOUNT + a FREE GIFT

for selected Start.NET Workshopsfor selected Start.NET Workshops

�� Windows Presentation FoundationWindows Presentation Foundation

�� Silverlight 2.0Silverlight 2.0

�� SQL Server 2008SQL Server 2008

�� SharePointSharePoint

•• Limited to the first 50 delegates who registeredLimited to the first 50 delegates who registered..

Register today!Register today!

Housekeeping AnnouncementHousekeeping Announcement

Please complete the evaluation form and return it to the Please complete the evaluation form and return it to the Registration Counter in return for a Windows 7 Beta DVD. Registration Counter in return for a Windows 7 Beta DVD. Here is where you can get the product key Here is where you can get the product key : : http://technet.microsoft.com/evalcenter/dd353205.aspxhttp://technet.microsoft.com/evalcenter/dd353205.aspx

Please complete the TechNet MSDN Quiz Sheet and return Please complete the TechNet MSDN Quiz Sheet and return it to the Redemption Counter in return for a mystery giftit to the Redemption Counter in return for a mystery gift

Print out the TechCenter Homepage and redeem your gift Print out the TechCenter Homepage and redeem your gift at the Redemption Counter at the Redemption Counter

Visit the Partners & MS Learning counters at the foyer for great promotional offers

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other

countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to

changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of

this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.