microsoft private cloud evaluation guide
TRANSCRIPT
Clouds
IT
Microsoft Private Cloud: Evaluation Guide
Table of ContentsCopyright Information ................................................................................................................................. 3 Introduction: The Microsoft Private Cloud ........................................................................................... 4 Part 1 Configure and Deploy Your Private Cloud Infrastructure ............................................... 7 Chapter 1: Explanation of Private Cloud Components ..................................................................... 8 Chapter 2: The Private Cloud Evaluation Guide Scenario & Architectural Overview ......... 13 Chapter 3: Installing the Private Cloud through the Unified Installer ...................................... 33 Chapter 4: Connecting the System Center Components ............................................................. 50 Chapter 5: Configuring Your Private Cloud Infrastructure ......................................................... 102 Chapter 6: Building Clouds .................................................................................................................... 128 Part 2 Application Performance Management and Service Delivery & Automation .... 144 (Note: Part 2 will be in this same document, added at a later date) ............................................. Appendix A .................................................................................................................................................. 146 Appendix B .................................................................................................................................................. 151 Appendix C .................................................................................................................................................. 156
01
2
Copyright Information 2012 Microsoft Corporation. All rights reserved. This document is provided "as-is." Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. You may modify this document for your internal, reference purposes.
3
Introduction: The Microsoft Private CloudOverviewThis Private Cloud Evaluation Guide is built to give you the necessary information to evaluate the private cloud. In this evaluation guide, you will go through an entire scenario that you can use to evaluate the private cloud on your own premises in a proof of concept environment. This guide is split into two parts. The first part will walk you through deploying and configuring the infrastructure for the private cloud. The second part will go through the service model and application performance management as well as how to gain operational benefits through service delivery and automation. The second part will be included in this document at a later date. Please refer back to the download link for updates to this guide. This guide is intentionally built so that you can run it on -lower-level hardware for the purpose of evaluation. It is also possible to follow this guide and change the scenario to your own environment and parameters. This introduction will walk you through the content of this guide as well as give you some background on the Microsoft private cloud and the components that help you build it. We advise you to read this section if you are not familiar with the concept of the Microsoft private cloud.
ChaptersThis evaluation guide consists of two parts: Part 1 Configure and Deploy Your Private Cloud Infrastructure Chapter 1: Explanation of the Private Cloud Components Chapter 2: The Private Cloud Evaluation Guide Scenario and Architectural Overview Chapter 3: Installing the Components of System Center 2012 through the Unified Installer. Chapter 4: Connecting the Components of System Center 2012 Chapter 5: Configuring Your Private Cloud Infrastructure Chapter 6: Building Clouds and Delegating Access Part 2 Application Performance Management and Service Delivery & Automation Note: Part 2 will be in this same document, added at a later date Chapter 7: Creating Services Chapter 8: Monitoring Your Newly Deployed Service Chapter 9: Automation as a Key Foundation of Your Private Cloud Chapter 10: Creating a Self-Service Catalog and Automate Offering to Your Customers or End-users Chapter 11: Hybrid Cloud Management Chapter 12: Protecting Your Data in the Private Cloud
A Private Cloud Todays Datacenter . . . OptimizedThe architecture and functionality of most modern datacenters reflect the growth of the parent organization it serves. Whether this has been by steady organic growth or by rapid expansion through mergers and acquisitions, the result is typically a very heterogeneous environment that includes some best-of-breed point solutions, levels of standardization and isolated environments tailored to fit the demands of specific business groups. This makes for an environment that can be both difficult to manage, and impairs the agility of its various business units. Each time a request is submitted for a new application or service, the centralized IT function needs to hand-craft and4
deliver that request in a made-to-order fashion. Applications are built to accommodate peak usage, dedicating infrastructure which often lies underutilized much of the time. IT is a challenging place to be; internal customers expect the ease and reliability of the sorts of consumer apps they use every day, such as Hotmail, Xbox Live, and so forth, but often they dont grasp the true scale at which these services run. Private cloud technologies allow any business a better ability to achieve the types of efficiencies in datacenter operation and application provisioning that has, to date, been the hallmark of much larger organizations. The concept of IT as a Service has been discussed in various forms for decades. For many businesses today, this opportunity for on demand IT manifests itself through the idea of a private cloud. Modeled around the success of public cloud offerings such as Microsoft Windows Azure and Amazon Web Services the private cloud is about automatically and efficiently delivering necessary services on request and dynamically scaling those services to meet demand. The private cloud computing model simplifies the ability of IT to deliver IT services. A private cloud shares many of the characteristics of public cloud computing such as resource pooling, self-service, elasticity and usage-based charge models but does so with dedicated physical resources that allow an organization to maintain complete control over their data and processes. A key to the success of private cloud deployments will be the tools and technologies that allow businesses to approach the levels of operational efficiency and high availability that are the hallmark of public cloud offerings; the set of private cloud enabling tools from Microsoft System Center 2012 help you to achieve just that.
The notion of pooled resources means that all compute, network, and storage assets are aggregated into a common grouping that can then be delegated within the organization. This is a shift from todays model in which an Application Owner will likely know (and probably fund) the exact hardware on which his application is physically deployed. In a cloud environment, this owner will only care that adequate capacity to run his application has been delegated to him. This, in turn, frees up the Datacenter Administrator to better optimize resource utilization; to move and shed loads as required and focus on activities that enable greater business value. There needs to be a true self-service interface to which services are published from central IT and consumed by the business units; even where explicit cross charge accounting is not put in place. Application Owners and customers need to be able to easily purchase and provision their resources when they want and at the level of service and cost they choose. This common understanding of available off the shelf service offerings is fundamental to the notion of cloud computing. It doesnt mean that custom requests arent possible; indeed a key benefit of the private cloud over public cloud is that it maintains a greater degree of flexibility, but commodity offerings vs. custom offerings may mean the difference between completing the task in 30 minutes vs. 2 weeks. The services deployed need to be elastic and scale up and down automatically based on demand. By designing this capability into the services that are deployed, central IT no longer needs to over-provision capacity to5
accommodate any potential spikes in load. Finally its important to deploy a usage based environment that allows the Datacenter Administrator and Application Owner to view resource utilization and, ideally set up the right economic incentives to efficiently run their applications and know cost and usage through appropriate chargeback models. A private cloud deployment captures all of these characteristics, but above and beyond the public cloud, it also allows organizations to maintain total control over their applications and data as well as offering an ability to customize deployed resources; both common blockers for businesses looking at public cloud solutions. Ultimately, most customers will find portions of their organization that live best in a private deployment and portions that live best in a public deployment. The world will exist in a hybrid state for the foreseeable future and its important for companies to evaluate their particular needs to determine the best combination for them. As a leader in both public and private cloud technology Microsoft is well positioned to help organizations realize this vision of cloud computing.
6
Part 1 Configure and Deploy Your Private Cloud Infrastructure
7
Chapter 1: Explanation of the Private Cloud ComponentsOverviewHighly virtualized computing gives you the benefits of increased utilization of your servers, power savings, and reduced server footprint. We are familiar with these as they are in datacenters today. However, this does not equal the private cloud. A private cloud provides all of those benefits plus highly integrated and automated management, scalable and elastic platforms, and self-service IT infrastructure. Through a highly automated infrastructure, an organization can reduce operational costs by automating many tasks that previously required manual intervention. Through the service catalog an organization can provide a self-service IT infrastructure to business units and departments with an SLA. This forces service-level discussion and removes the burden to procure, provision, and manage infrastructure on a per-application, ad-hoc basis. With a scalable and elastic infrastructure, an organization can enable faster delivery of capacity as resource needs change. By utilizing a Windows Server 2008 R2 SP1 infrastructure along with System Center 2012, the Microsoft private cloud allows you to deploy a flexible and responsive infrastructure, designed to simplify day-to-day tasks and enable management of applications at the service level, rather than that of individual servers. The following table highlights private cloud capabilities, aligned by industry and to Windows Server 2008 R2 and the components of System Center 2012 that we are going to discuss in this chapter.
Microsoft Windows Server 2008 R2 SP1Microsoft Windows Server 2008 R2 SP1 is the operating system that runs your private cloud. In this evaluation guide it will run as the host hypervisor, the OS for the different infrastructure components, and for the application that we will deploy, manage, and monitor.8
Windows Server 2008 R2 SP1 evaluation can be downloaded from http://technet.microsoft.com/enus/evalcenter/dd459137.aspx
Hyper-VHyper-V is the server virtualization technology within Windows Server 2008 R2 SP1. It allows you to run virtual machines on top of the host Operating System when your hardware is capable of running virtualized loads.
System Center OrchestratorSystem Center Orchestrator is a workflow engine that allows you to automate the creation, deployment and monitoring of resources in your private cloud. Better said, Orchestrator provides you with orchestration, integration and automation of IT processes. Orchestrator works in conjunction with all the System Center rd components and can also be used to automate components from 3 party applications like HP ILO and OA, VMware vSphere and many others (for a full list of Orchestrator 2012 integration packs see http://technet.microsoft.com/en-us/library/hh295851.aspx ). Orchestrator consists of the following: Components Management Server Runbook Server Description The management server is the communication layer between the Runbook Designer and the orchestration database A runbook server is where an instance of a runbook runs. A runbook is a collection of actions bundled together that Orchestrator will run performing various automated actions. Runbook servers communicate directly with the orchestration database. You can deploy multiple runbook servers per Orchestrator installation to increase capacity and redundancy. The database is a Microsoft SQL Server database that contains all of the deployed runbooks, the status of running runbooks, log files, and configuration data for Orchestrator. The Runbook Designer is the tool used to build, edit, and manage Orchestrator runbooks. One runbook or different runbooks together form your workflow(s). Runbook Tester is a run-time tool used to test runbooks developed in the Runbook Designer. This tool allows you to test your runbooks before taking them into production. The Orchestration console lets you start or stop runbooks and view real-time status on a web browser. This is a Silverlight-based web console. The Orchestrator web service is a Representational State Transfer (REST)based service that enables custom applications to connect to Orchestrator to start and stop runbooks, and retrieve information about operations by using custom applications or scripts. The Orchestration console uses this web service to interact with Orchestrator. Deployment Manager is a tool used to deploy integration packs (IPs), runbook servers, and Runbook Designers
Orchestration Database
Runbook Designer
Runbook Tester
Orchestration Console Orchestrator Web Service
Deployment Manager
9
integration pack (IP)
Orchestrator Integration Toolkit
An integration pack is a collection of custom activities specific to a product or technology. Microsoft and other companies provide integration packs with activities to interact with their product from an Orchestrator runbook. The Orchestrator Integration Toolkit lets you extend your library of activities beyond the collection of standard activities and integration packs. The Integration Toolkit has wizard-based tools to create new activities and integration packs for Orchestrator. Developers can also use the Integration Toolkit to create integration packs from custom activities that they build by using the Orchestrator SDK.
System Center App ControllerSystem Center App Controller is a Silverlight web-based interface that allows you to manage, build, configure and deploy services both on the private and the public cloud. With this interface, you will have a common self-service experience through your different clouds. This interface is mainly used to provide self-service capabilities for your application owners. The ability to control and manage applications and services within the private cloud is critical. A key requirement, as organizations begin using hybrid apps, will be the ability to connect with services in other clouds and to manage them through a single management experience.
Component Name App Controller Server
Database PowerShell Module
Description The App Controller Server runs the web-based Silverlight application to manage, build, configure and deploy services both on your private cloud and the public cloud. The database that contains the necessary information for the connection to your Azure subscriptions and your Virtual Machine Manager service(s). The App Controller PowerShell Module provides administrators with the ability to automate App Controller administration.
System Center Virtual Machine ManagerSystem Center Virtual Machine Manager is the component that provides you with virtual machine management AND service deployment. This component comes with support for multi-hypervisor environments and is the system that allows you to define, create and manage your private cloud environment(s).10
Component Name VMM Management Server
VMM Console VMM Self-Service Portal VMM Database VMM Library Server
Description The computer on which the Virtual Machine Manager service runs and which processes commands and controls communications with the VMM database, the library server, and virtual machine hosts. The Virtual Machine Manager Console is the graphical user interface to your VMM environment. A website used to deploy and request virtual machines. The VMM database stores all the Virtual Machine Manager configuration and information regarding the hosts and virtual guests. The VMM Library Server is a catalog of resources containing all the ISO files, virtual hard disks, templates and profiles used to deploy virtual machines and services.
System Center Operations ManagerSystem Center Operations Manager provides you with deep application diagnostics and infrastructure monitoring of your private cloud components. It can offer you a thorough overview of the performance and availability of applications deployed in your datacenter, private or public cloud. Component Name Management Server Description The Operations Manager Management Server is the focal point for administering the management group and communicating with the database. When you open the Operations console and connect to a management group, you connect to a management server for that management group. Depending on the size of your computing environment, a management group can contain a single management server or multiple management servers. The Operations Manager is the graphical user interface that will give you the single pane of glass monitoring of your private cloud. The OpsMgr database is where all the collected data like performance & event data, alerts etc. are stored. The OpsMgr data warehouse is used for long term reporting. The OpsMgr web console provides a browser-based alternative to the OpsMgr console. Browser-based console to provide deep insight in your .Net applications A gateway server is used to monitor untrusted environments like a DMZ ACS is used for collecting and auditing security events.
Operations Console Operations Manager Database Operations Manager Data Warehouse Operations Manager Web Console Operations Manager Advisor Gateway Server Audit Collection Server
System Center Service ManagerService Manager provides an integrated platform for automating and adapting your organizations IT service management best practices, such as those found in Microsoft Operations Framework (MOF) and Information Technology Infrastructure Library (ITIL). It provides built-in processes for incident and problem resolution, changecontrol, and release management.11
Component Name Management Server
Database
Data warehouse management server Data warehouse databases Service Manager console
Description Contains the main software part of a Service Manager installation. You can use the Service Manager management server to manage incidents, changes, users, and tasks. The database that contains Service Manager configuration items (CI) from the IT Enterprise; work items, such as incidents, change requests, and the configuration for the product itself. This is the Service Manager implementation of a Configuration Management Database (CMDB). The computer that hosts the server piece of the data warehouse. Databases that provide long-term storage of the business data that Service Manager generates. These databases are also used for reporting. The user interface (UI) piece that is used by both the help desk analyst and the help desk administrator to perform Service Manager functions, such as incidents, changes, and tasks. This part is installed automatically when you deploy a Service Manager management server. In addition, you can manually install the Service Manager console as a stand-alone part on a computer. A web-based interface into Service Manager.
Self-Service Portal
System Center Data Protection ManagerData Protection Manager (DPM) enables disk-based and tape-based data protection and recovery for servers such as SQL Server, Exchange Server, SharePoint, virtual servers, file servers, and support for Windows desktops and laptops. DPM can also centrally manage system state and Bare Metal Recovery (BMR) which will allow us to protect the servers that contain our virtualized infrastructure. Component Name DPM server Description The DPM server contains the program files of the Data Protection Manager installation. This server will be responsible for all the protection and recovery jobs The DPM database will contain all the information of your Data Protection Manager environment. All protection group information, agent information, recovery points and so on are stored here. Operations Management is used as the platform for the central console and is used to manage your SCDPM server (or multiple DPM servers) The Storage Pool contains your storage that will be used to take disk-to-disk backups
Database
Central Console Storage Pool
SummaryIn this first chapter, you reviewed the components that are needed to deploy a private cloud. Now you know all the building blocks to start with your evaluation of the private cloud. You can download Windows Server 2008 R2 SP1 from http://technet.microsoft.com/enus/evalcenter/dd459137.aspx and download the System Center components from http://technet.microsoft.com/en-us/evalcenter/hh505660.aspx?ocid=otc-f-corp-jtc-DPR&wt.mc_id=TEC_103_1_33 In the next chapter we will explain how to construct and design a new private cloud.12
Chapter 2: The Private Cloud Evaluation Guide Scenario & Architectural OverviewOverviewEvaluating a private cloud can be a time-consuming and difficult task. How do you start? What kind of hardware do you need? Which scenarios do you want to test? With this Private Cloud Evaluation Guide, you can test and try all the components of System Center 2012 in combination with Hyper-V. With this guide you will learn how to build a private cloud and explore how the combinations of the components of System Center 2012 allow you to manage your application from start to finish. After all, in this new era of cloud computing, its all about the app.
Our Scenario and End-GoalThroughout the evaluation guide, we will work with a specific scenario, users and a well-defined goal. To do this, we have designed the evaluation guide after a fictitious company, Contoso and their employees. At the end of each chapter, we will summarize the outcomes
Contoso.comHere is background information about the Contoso Ltd., including details about the nature of their business operations, size and location, etc. Contoso, Ltd. is a global manufacturing and shipping company, dealing primarily with building materials. Customers are large retail home improvement chains Contoso maintains 75 locations in 10 countries on 3 continents o 2,000 servers, 700 of which are physical servers and 1,250 which are virtual servers hosted with Windows 2008 R2 Hyper-V o 12,000 employees total, with an IT department of about 150 people. o Three data centers (Seattle, Tokyo and Brussels) o Separate management reporting structures exist on each continent
13
Jeff, the Datacenter AdminJeff is a datacenter administrator within Contoso. His major concerns are keeping the infrastructure up and running, and accommodating all the requests from his application owners. The major challenges that Jeff has are: Managing change is difficult due to lack of well-defined procedures provisioning and managing services and related infrastructure Service requests and incidents are currently managed in a third party ticketing system. However, problem correlation is difficult due to lack of a comprehensive CDMB to track IT assets Availability of key revenue-generating services is suffering due to recurring incidents that currently require manual intervention 2-4 week delays in service and resource provisioning have resulted in tension between IT and other business units Lack of visibility into virtual and physical datacenter resources has resulted in widespread performance problems in LOB applications
Emily, the Application OwnerEmily is an Application owner. She is responsible for her line of business application that needs to be deployed. Emilys biggest challenges are: Keeping the different versions up-to-date (production, test environment, acceptance) Being able to deploy the application rapidly Getting the needed resources from IT quickly Ensuring that engineering and IT work together well Get applications to market faster
Other PersonaJack: VP of Marketing Application (Lob) Owner The Board: CxOs (CEO or CIO) Contoso Engineering Group: Application Development Mike: Team Member of Emilys group
The End-Goal: Its All about the Application
14
The Board of Contoso has asked a consultancy firm to investigate the pain points of IT within the company and to provide advice on a possible solution. The consultancy company has investigated both the issues with the IT group as the users of IT. The key pain points are server sprawl and virtual server sprawl. Users are looking at purchasing IT services outside the IT department in the cloud and are convinced that they can get it cheaper elsewhere. The results showed that there are many concerns about compliance and security. The complexity of the infrastructure is also becoming extremely difficult to manage. Based on these results, the Board of Contoso has given the datacenter admin a challenge. Jeff needs to build a private cloud so that Emily has the ability to manage the applications she is responsible for. Emily and Jack should be able to deploy their application rapidly into production and scale whenever the need should arise. The application should also be monitored as a whole and should have the ability to upgrade to a new version without or with minimal interruption. Emily and Jack should also have self-service capabilities and a user interface where they can see their environments.
15
Figure 1: Management Components
In Figure 1: Management Components, you see an overview of what we are going to build with the components of System Center 2012. In the picture, you can see 3 main categories: Application Management is all about deploying and operating business applications. Service Delivery and Automation involves standardizing and automating service and resource provisioning, managing change and access controls, etc. Infrastructure Management is needed to be able to deploy and operate the entire underlying infrastructure on which our business applications and services run.
The ScenarioThroughout the different chapters of this Private Cloud Evaluation Guide we will work towards the specific demands of the business. After running through the different chapters, you will have a private cloud with an application in it that can be monitored, automated, deployed and managed as a service and self-service possibilities. In this first part of the Evaluation Guide, Jeff is going to get all the components installed and then prepare everything for the private cloud. In the last chapter, Jeff will deploy his first cloud. In the second part of the Evaluation Guide, which will be released on a later date, Jeff will continue his work and configure automation, backup and so on for the application so Emily can easily deploy the application and be confident Jeff can meet the agreed-upon SLA.
Architectural OverviewHere is the overview of what hardware we are going to use for our private cloud evaluation. This can be different from your environment but this is the minimum required to evaluate the private cloud.
16
Service Manager SQL Server 2008 R2
Service Manager Data Warehouse SQL Server 2008 R2
Data Protection Manager SQL Server 2008 R2
Domain Controller
ServiceMgr Orchestrator SQL Server 2008 R2
ServiceMgrDW Virtual Machine Manager SQL Server 2008 R2
DPM AppController SQL Server 2008 R2
AD Operations Manager SQL Server 2008 R2
Orchestrator
VMM
AppController
OpsMgr
Hyper-V HostVirtual - Virtual Network
Hyperv02Following servers are used: Name Hyperv02 Orchestrator Function Hyper-v host Orchestrator + Unified Installer server Virtual Machine manager server App Controller server Operations Manager Server CPU 4 2 vCPU Memory 24 GB 2 GB Disk 1 TB 40 GB IP 192.168.1.2 192.168.1.3
VMM AppController OpsMgr
2 vCPU 2 vCPU 2 vCPU
2 GB 2 GB 2 GB
80 GB 40 GB 40 GB
192.168.1.4 192.168.1.5 192.168.1.6
17
ServiceMgr ServiceMgrDW DPM AD
Service Manager server Service Manager Datawarehouse Data Protection Manager server Domain Controller
2 vCPU 2 vCPU 2 vCPU 1 vCPU
2 GB 2 GB 2 GB 512 MB
40 GB 40 GB 40 GB 40 GB
192.168.1.7 192.168.1.8 192.168.1.9 192.168.1.10
Table 1: Server Information
When you are going to deploy the infrastructure and work through the different exercises, you can use your own IP addresses and better hardware. If you work with different IP ranges, you need to take into account that for some of the exercises, you will also need to change the ranges. The two most important considerations for your private cloud management infrastructure regarding performance will be: Memory Disk IO If you want to change the specifications of the virtual machines, please read the Prerequisites in Chapter 3 to verify that you meet the necessary requirements in advance.
What you need in advanceIn this section we are going to discuss the environment required before you can continue with this evaluation guide.
Hyper-V Host(s)Depending on the architecture, you should have one or more Hyper-V hosts installed with Windows Server 2008 R2 SP1. You can download the evaluation version of Windows here: http://technet.microsoft.com/enus/evalcenter/dd459137 Your Active Directory should be prepared with a few users and groups (see below). For information on how to install Active Directory, visit http://technet.microsoft.com/en-us/library/cc755103(v=ws.10).aspx
The Virtual NetworkYou need to prepare your Virtual Network so that the virtual machines can communicate with the hosts and with the other virtual machines. In a production environment, you will be working with different vlans, but for this guide we worked with a single network adapter, configured with the following parameters: Parameter Name Notes Connection Type Allow management operating system to share this network adapter18
Value Virtual Virtual Network Microsoft Virtual Switch External (to your network adapter) Checked
Virtual ServersThe servers in Table 1: Server Information should already be deployed and joined to the domain. Follow this procedure to deploy a virtual machine on Hyper-V: Creating Virtual Server 1. Open Hyper-V Manager
19
2.
In the Actions pane, select New > Virtual Machine
3.
In the Before You Begin screen, select Next
4.
In the Specify Name and Location screen, fill in the Name of the virtual machine and the Location where you want to store the files. Then select Next
5.20
In the Assign Memory screen, fill in the amount of memory allocated for this Virtual Machine. Note that the amount should be at least 2048 MB for the unified installer requirements (see chapter 3), the
Domain Controller can be 512 MB and then select Next
6.
In the Configure Networking screen, select your virtual network that you have created and select Next
7.
In the Connect Virtual Hard Disk screen, fill in the size for your VHD, specify the location and name of your VHD and select Next
21
8.
In the Installation Options screen, select how you want to install the Operations System. In our case, since we downloaded the ISO from the evaluation center, we choose the ISO and then select Next
9.
In the Completing the New Virtual Machine Wizard screen review your settings and select Finish to create the machine
22
Installing and Configuring the OS You can find all the required steps to install the OS in Appendix.
Configure and Join Domain 1. In the Initial Configuration Tasks window, select Configure Networking
2.
In the Network Connections window, right-click on the Local Area Connection Network icon and select Properties
23
Select Internet Protocol Version 4 (TCP/IPv4) and find all the required steps to install the OS in Appendix. 3. Properties
4.
Fill in the appropriate network information. Note that this information can be different in your environment. Select OK
24
5. Select Close and Close the network connections window 6. On the Initial Configuration tasks window select Provide computer name and domain
7.
On the System Properties window, select Change
25
8.
Fill in the Computer name and Domain and select OK
9.
On the Windows Security window, fill in the name and password of the user that has permissions to join this server to the domain and select OK
10. Select OK when you get the Welcome message
26
11. Select OK when you get the restart notification
12. Select Close in the System Properties window 13. Select Restart now to finish the process and to restart the server
Repeat the procedures for all servers.
Group PoliciesTo make the evaluation easier, weve created a Group Policy on domain level to enable and disable a few settings. By default Jeff disabled all Windows Firewalls on the server machines and enabled remote desktop for easy access. It is not necessary to disable Windows Firewall and you can review the requirements for Windows Firewall on the different TechNet pages for the components. Jeff knows that he will need to configure the Windows Firewall in production, but since this is an evaluation, he wants to deploy the systems fast and get quickly results.
PasswordsAll passwords in this evaluation guide are the same. For every account, we are using the password: P@ssw0rd (with the 0 being zero)
UsersIn Active Directory, we are going to create a few users.27
1.
Open Active Directory Users and Computers
2.
Create an OU by right-clicking on Contoso.com (or the root of your domain) and choose New > Organizational Unit
3.
Name the OU PrivateCloudUsers or choose another name and select OK
28
4.
On the newly created OU right click and choose New > User
5.
Fill in the New Object window with the following parameters and then select Next Value Jeff Jeff Jeff
Parameter First name Full name User Logon name
6.
Fill in the Password and select Password never expires and select Next and Finish to create the user
29
7.
Repeat steps 4 to 6 for the following users with the following parameters Value Emily Emily Emily Value Mike Mike Mike Value Jack Jack Jack
Parameter First name Full name User Logon name Parameter First name Full name User Logon name Parameter First name Full name User Logon name 8. 9. User Jeff Emily Jeff
Right-click on the newly created user and select Properties Change the properties for the two users according to the following parameters Parameter Description Description Member off Value DataCenter Administrator Application Owner Add Domain Admins
30
Security GroupsWe also need some security groups for this evaluation. Build the following security groups: Parameter Name Type Members Value ProductionEmilyCloud Global Security Emily
31
Hardware and other possibilitiesIt is not necessary to run the private cloud evaluation on the same hardware or the same setup as described above. You can work with multiple Hyper-V hosts and/or split-off the domain controller role to another server. You can also separate the Orchestrator and Unified Installer role on different machines. With this evaluation guide we tried to deploy the private cloud with a minimum amount of hardware. Please note that the configuration found above is the absolute minimum to follow the scenario in this evaluation guide. The biggest blockers for evaluating the private cloud will be (in this order): Memory Disk IO We advise at least 24 GB but 32+ GB is preferable. Disk IO is the second biggest blocker for the evaluation. In total, you would need at least 500 600 GB of hard disk space. SSD Disk (or better hardware) is strongly recommended. Running the private cloud on lower Disk IO components may cause a lot of performance issues as previously discussed.
SummaryIn this chapter Jeff has prepared the infrastructure necessary to start with the evaluation of the private cloud by using the System Center Unified Installer (Chapter 3). In production environments, this will probably be done differently and you may have other deployed systems / procedures in place. Now that we have a base infrastructure in place, we can continue on to Chapter 3 and start the installation of the components.
32
Chapter 3: Installing the Private Cloud through the Unified InstallerOverviewTo help in getting started with a private cloud, Microsoft has created the System Center Unified Installer for evaluation and proof of concept purposes. The Unified Installer automates much of the installation process for the System Center 2012 components. The installation scripts deploy the System Center components and are designed for either a lab or proof of concept. In this chapter, we will use the Unified Installer to install our environment. In this chapter, Jeff is going to use the Unified Installer to install all of the components of System Center 2012, back-end database engines and prerequisites.
Before you BeginPlease take the time to read through the important notes and prerequisites before using the Unified Installer.
Important NotesThe documentation and workarounds for the known issues listed below can be found in the Unified Installer Release Notes: http://technet.microsoft.com/en-us/library/hh751278.aspx A "Logon Failure" Message is displayed when accessing SCUI.EXE using non-local domain credentials "This program might not have installed correctly" message might display when attempting to extract the Unified Installer on a local drive when using Windows 7 SP1 DPM installation might fail Preexisting installations of SQL Server might cause deployment to fail
PrerequisitesThe latest prerequisites information can be found here: http://technet.microsoft.com/en-us/library/hh751268.aspx Hardware (per target computer, Virtual or Physical): a. b. c. Software a. One of the following versions of Windows operating systems: 64-bit edition of Windows 7 Service Pack 1 (SP1) or Windows Server 2008 R2 with (SP1) b. Internet Information Services (IIS) c. Microsoft .NET Framework 3.51 d. Windows PowerShell 2.0 e. You must use the same OS locale on both the installer computer (the computer where you run the Unified Installer) and the target computer (the computer where you install a System Center33
CPU: Dual-core 2.1 gigahertz (GHz) RAM: 2 gigabytes (GB) minimum, 4 GB recommended Disk space: 10 GB of free space
2012 component) .NET Framework 4.0 (http://go.microsoft.com/fwlink/p/?LinkID=232304) Windows Automated Installation Kit 2.0 (http://go.microsoft.com/fwlink/p/?LinkID=224463) Report Viewer 2008 SP1 Redistributable (http://go.microsoft.com/fwlink/p/?LinkID=234896) Microsoft Report Viewer 2010 Redistributable Package (http://go.microsoft.com/fwlink/?LinkId=234118) Trial Version of SQL Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkId=239628) SP1 for SQL Server 2008 R2 (http://go.microsoft.com/fwlink/p/?LinkID=235126) Cumulative Update Package 4 for SQL Server 2008 R2 (http://go.microsoft.com/fwlink/?LinkId=238411) SQL Server 2008 R2 Native Client a. x86 package: (http://go.microsoft.com/fwlink/?LinkID=188400) b. x64 package: (http://go.microsoft.com/fwlink/?LinkID=188401) c. IA-64 package: (http://go.microsoft.com/fwlink/?LinkID=188402) Microsoft SQL Server 2008 R2 Command Line Utilities a. x86 package: (http://go.microsoft.com/fwlink/?LinkID=188429) b. x64 package: (http://go.microsoft.com/fwlink/?LinkID=188430) c. IA-64 package: (http://go.microsoft.com/fwlink/?LinkID=188431) Microsoft Analysis Management Objects a. x86 package: (http://go.microsoft.com/fwlink/p/?LinkID=218847) b. x64 package: (http://go.microsoft.com/fwlink/p/?LinkID=218910) c. IA-64 package: (http://go.microsoft.com/fwlink/p/?LinkID=218912)
Creating the Installer Computer
The Installer Computer is the computer where you will run the Unified Installer. The Unified Installer can be run on a Windows Server 2008 R2 SP1 or a Windows 7 SP1. In our scenario, to save on resources, we are going to run the Unified Installer on the same server that we are going to run System Center Orchestrator (Orchestrator). To be able to run the Unified Installer, we need to prepare this machine in advance. We do this by changing the local policy of that server. We can also do this by using a Group Policy but Jeff decides to follow the documentation on TechNet and therefore changes the local policy.
34
1.
Open a blank MMC (Click Start > Run, type MMC and select OK)
2. 3.
Add the Group Policy Object (File > Add/Remove Snap-in, choose Group Policy Object, select Add) In the Select Group Policy Object dialog box, select Finish
4.
In the Add or Remove Snap-ins window, select OK
35
5.
In the Console1 window, browse to Credential Delegation. (Console Root, expand Local Computer Policy > Computer Configuration > Administrative Templates > System > Credential Delegation)
6. 7.
Open Allow Delegating Fresh Credentials in the Settings pane In the Allow Delegating Fresh Credentials dialog box, do the following: Enable the policy In the Options area, click Show and enter WSMAN/* in the value field
36
Make sure that Concatenate OS defaults with input above is selected, and then select OK
8. 9.
Open Allow Delegating Fresh Credentials with NTLM-only Server Authentication in the Settings pane In the Allow Delegating Fresh Credentials with NTLM-only Server Authentication dialog box, do the following: Enable the policy In the Options area, click Show and enter WSMAN/* in the value field Make sure that Concatenate OS defaults with input above is selected, and then select OK
10. In the Console1 window, browse to WinRm Client. (Console Root, expand Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Remote Management (WRM) > WinRM Client) 11. Open Allow CredSSP authentication in the Settings pane37
12. In the Allow CredSSP authentication dialog box, click Enabled, and then select OK
13. Open Trusted Hosts in the Settings pane 14. In the Trusted Hosts dialog box, select Enabled 15. In the Options area, in TrustedHostsList, type *, and then select OK
16. Close the Local Group Policy Editor.
38
Preparing the Target Computers
To prepare the Target Computers, you can either change the local policy on each target computer or create a group policy object for those servers. We created a new OU in Active Directory and placed all the target computers in that OU.
On that OU, we created a GPO with the following parameters Location Computer Configuration / Administrative Templates / Windows Components / Windows Remote Management (WinRM) / WinRM Service Computer Configuration / Administrative Templates / Windows Components / Windows Remote Management (WinRM) / WinRM Service Computer Configuration / Administrative Templates / Windows Components / Windows Remote Shell Parameter Allow automatic configuration of listeners Value Enabled IPv4 filter: * IPv6 filter: * Enabled
Allow CredSSP authentication
Allow Remote Shell Access
Enabled
39
Computer Configuration / Administrative Templates / Windows Components / Windows Remote Shell The GPO report will look like this:
Specify maximum amount of memory in MB per Shell
2048
Preparing the Prerequisites and Source FilesBefore you start with the installation, you need to prepare the source files and prerequisites. After downloading the evaluation versions of System Center 2012 you will need to extract some of these installers and you also need to download all the prerequisite files and place them on a share. Create a share on the installer computer with all the prerequisites and install media as shown below:
40
All of the components and prerequisites need to be extracted into separate folders in order for the Unified Installer to work. If the downloaded files come in ISO or .zip format, you will need to extract them. When you have bits that are one or more .exe files, run a command prompt as an administrator and run the .exe with the extract parameter with it. Example: To extract AppController, run AppController.RTM.exe extract
A new pop-up window will open asking you where you want to extract the files.
Installation of the System Center Components with the Unified InstallerNow that Jeff has done all the preparations, he can start with the deployment of the components. Since Jeff decided to run the Unified Installer on the same computer as the one where he is going to run Orchestrator, he will start on that server. 1. Log on to the computer Orchestrator by using the Domain Administrator account If you want to use another account than the administrator account, you need to take into account that that user has administrative credentials on both the Installer computer and the Target Computers On the Unified Installer installation media, right-click setup.exe, and then select Run as administrator to open the System Center 2012 Wizard
2.
41
If .NET 3.5 is not installed, you will receive the following notification and it will be installed automatically.
3.
If you receive the following notification, select Yes to continue
4.
On the System Center 2012 page, select Install System Center
5.
On the System Center Unified Installer window, select OK to continue
42
6.
On the Product Registration page, read the Microsoft Software License Terms, and accept by selecting, I have read, understood, and agree with the terms of the license agreement. Since we are doing an evaluation, Jeff also select Install as an evaluation edition and then select Next
43
7.
On the Component Selection page, select the System Center 2012 components to install. In our evaluation, Jeff is going to install Orchestrator, Virtual Machine Manager, App Controller, Operations Manager, Service Manager and Data Protection Manager and then select Next
8.
On the Component Media Location page, select Browse or type the folder where you stored the installation media. In our case, the source files are located on a share on the hyperv02 server and then select Next
44
Specifying a mapped drive for installation files is not supported. You must specify location by universal naming convention (UNC) or by copying the installation files to a local hard disk drive.
9.
On the Prerequisite License Terms page, select I accept these License Terms for the prerequisites that you will be using, and then select Next. These are the prerequisites that you downloaded earlier and placed into the different folders.
10. On the Perquisite Media Location page, select Browse or type the folder where you stored the installation media and then click Next45
11. On the Installation Destination Location page, accept the defaults, and then select Next Due to constraints for the path name, the destination location for DPM cannot be changed.
12. On the Servers page, type the name of the server or servers that will host the System Center 2012 components, and then select Next For this release, you must use a computer short name when you are specifying the computer that will host a System Center 2012 component. Do not use a fully qualified domain name (FQDN) or an IP address when you are defining a target computer. The computer names must be unique. You can install only one component per computer.46
13. On the Service Accounts page, in Installer Account, type the credentials for the account that will perform the installation, and then select Next You can change the installer account for the components. For the Installer Account, the Domain and Account names cannot be changed. For the Service Manager Administrator Role Group, no password is needed.
14. Depending on the components you selectfor example, Operations Manager or Service Manageryou might be presented with a Component Specific Questions page. If so, provide the requested information47
(for example, the management group name), and then click Next
15. On the Communications and Updates page, indicate your preferences for the Customer Experience Improvement Program, Error Reporting, and Microsoft Update, and then select Next
16. On the Installation Validation page, examine the settings, and then select Install
17. When installation is complete, select Next48
The deployment progress bar times out after two hours. Some installations may exceed the default time-out period. In these cases, your installation might still be running in the background. You can confirm that by checking the local system installation logs. 18. On the Deployment Summary Report page, select Finish
Troubleshooting the Unified InstallerIf the installation of one of the components should go wrong, then you can find the log files at the following locations: Component Name Orchestrator VMM Operations Manager App Controller DPM System Center 2012 Configuration Manager Service Manager Unified Installer Log Location \Users\\AppData\Local\Microsoft System Center 2012\Orchestrator\LOGS \programdata\vmmlogs \Users\\AppData\Local\SCOM\Logs \Users\\AppData\Local\AppController\Logs \Program Files\Microsoft System Center 2012\Data Protection Manager\DPMLogs \ConfigManagerSetup.log \Users\\AppData\Local\Temp\1 \Users\\AppData\Local\Microsoft System Center 2012\Unified Installer\LOGS
SummaryIn this chapter, Jeff has installed all the System Center components through the use of the Unified Installer. Now he has all the management tools he needs to continue with his private cloud evaluation. In the next chapter, Jeff is going to connect the components together.49
Chapter 4: Connecting the System Center ComponentsOverviewOne of the biggest strengths of System Center 2012 is its integrated approach to workflow, knowledge and data management. System Center 2012 has connectors and integration packs that simplify communication between the components that help to provide full life-cycle management of your applications and infrastructure. In this chapter we will start with the overview of how to connect the components together. Now that Jeff has installed all the components by using the Unified Installer, he is going to set up the connections between the components. Because Jeffs goal is to make sure that Emilys application is monitored, deployed, and upgradable, he needs to ensure that all of the components are working and communicating together. In this chapter, we are going to create all these connections.
Bringing the System Center 2012 Components Together
When we look back at the model of interaction between Emily and Jeff, we see that the Orchestrator and Service Manager components are located in the middle of the model. This is not a coincidence. Service Manager and Orchestrator automate the workflows, the data management required to deliver self-service and efficiently deliver the private cloud SLAs.
50
In this figure we see how the components work together. We will now describe the different connections and then Jeff will configure them in his environment.
Orchestrator and the Integration PacksJeff knows that Orchestrator comes with an entire set of automation activities out of the box. But Orchestrator can easily be extended by using integration packs. An integration pack is a combination of activities that can extend the functionality of Orchestrator to provide more automation capabilities and integration into other thirdparty applications. In this evaluation, Jeff is going to use the Integration Packs to System Center 2012. Registering Integration Packs Before we can use an integration pack in Orchestrator, we need to register it. Jeff is going to register four integration packs. 1. Open the System Center 2012 Orchestrator Deployment Manager
51
2.
Right-click on Integration Packs and choose Register IP with the Orchestrator Management Server
3.
On the Welcome to the Integration Pack Registration Wizard select Next
4.
Select the Add button and browse to the location where you stored your Integration Packs
5.
Select the System Center 2012 Virtual Machine Manager Integration Pack and the select Open
52
6.
Repeat this process for the following integration packs: System Center 2012 Data Protection Manager System Center 2012 Operations Manager System Center 2012 Service Manager
7.
Select Next when you have added all the management packs
8.
On the Completing the Integration Pack page, select Finish
53
9.
Accept the End-User License Agreement by selecting Accept. You will have to do this four times (one EULA per integration pack)
Deploying Integration Packs Now that Jeff has registered the Integration Packs, he also needs to deploy them to each Runbook server and to each server / workstation with a runbook designer that will use the integration packs. In our evaluation, Jeff is going to deploy them on the Orchestrator server as this is the server that he is going to use for the evaluation. 1. Open the System Center 2012 Orchestrator Deployment Manager
54
2.
Right-click on Integration Packs and choose Deploy IP to Runbook Server or Runbook Designer
3.
On the Welcome to the Integration Deployment Wizard select Next
4.
On the Deploy Integration Packs or Hotfixes page select the four integration packs that we registered and then select Next System Center Integration Pack for System Center 2012 Data Protection Manager System Center Integration Pack for System Center 2012 Virtual Machine Manager System Center Integration Pack for System Center 2012 Service Manager System Center Integration Pack for System Center 2012 Operations Manager
55
5.
On the Computer Selection Details page, type in the name of the runbook server (in our case this is Orchestrator) and select the Add button. Then select Next
6.
On the Installation Configuration page, Jeff is going to choose to deploy the Integration Packs now. This will stop all the running runbooks on that server. If that would be a problem, then Jeff could have chosen to schedule the installation or to install the Integration Packs without stopping the runbooks and restart the server afterwards.
7.56
On the Completing the Integration Pack Deployment page, select Finish
8.
You can verify that the deployment is successful by looking at the Runbook Designers folder within the Orchestrator Deployment Manager to see that the Integration Packs are there. You can do the same by looking at the Runbook Servers and selecting Orchestrator to see if the Integration Packs are shown.
Configuring the System Center 2012 Virtual Machine Manager Integration Pack Before Jeff can actually use the Integration Packs, he needs to configure them so that they have a connection to the correct server(s) and that they have a username and password to connect to these servers. In the next steps, Jeff is going to configure the four integration packs that he just registered and deployed. Before Jeff can configure an integration pack, he needs to make sure that the prerequisites are OK. In the documentation on TechNet, he finds all the information that he needs: http://technet.microsoft.com/en-us/library/hh295851.aspx To configure the System Center 2012 Virtual Machine Manager Integration Pack, Jeff needs to have the following prerequisites: System Center 2012 Orchestrator System Center 2012 Virtual Machine Manager (VMM) Windows Management Framework (Windows PowerShell 2.0 and WinRM 2.0)
Jeff has deployed the Orchestrator server and the VMM server in Chapter 3. The Orchestrator server is configured on Windows Server 2008 R2 SP1 so the Windows Management Framework is also covered. Last but not least, Jeff needs to change the execution policy of PowerShell. The execution policy in Windows PowerShell determines which scripts must be digitally signed before they will run. By default, the execution policy is set to Restricted which prohibits loading any configuration files or running any scripts. 1. Right Click on the PowerShell icon and choose Run As Administrator
57
2.
In the PowerShell window, type set-executionpolicy remotesigned and select Enter
3.
Type Y when asked
4.
Jeff is now ready to connect the Integration Pack to the Virtual Machine Manager server. Open System Center 2012 Orchestrator Runbook Designer
58
5.
On the menu bar, select Options and select SC 2012 Virtual Machine Manager
6.
On the Prerequisite Configuration page, select Add
7.
On the Add Configuration page, type in the Name (VMM Connection) and click on the button to add the Type (System Center Virtual Machine Manager). Then fill in the following properties and then select OK VMM Administrator Console: vmm.contoso.com VMM Server: vmm.contoso.com User: administrator Domain: contoso
59
Password: ********** Authentication Type (Remote only): Default Port (Remote only): 5985 Use SSL (Remote only): False Cache Session Timeout (Min.): 10
8.
Select Finish
Jeff has now configured the Integration Pack to connect to Virtual Machine Manager in his environment.
Configuring the System Center 2012 Service Manager Integration Pack Jeff continues by configuring the System Center 2012 Service Manager Integration Pack. Just as before, he reads the prerequisites first: 60
System Center 2012 Orchestrator System Center 2012 Service Manager The Service Manager IP is supported for use only on computers set to use:
o o
The ENU Locale The U.S. English date format (month/day/year)
Jeff doesnt need to do anything special to configure this Integration Pack so he can go directly to System Center 2012 Orchestrator Runbook Designer 1. Open System Center 2012 Orchestrator Runbook Designer
2.
On the menu bar, select Options and select SC 2012 Service Manager
3.
On the Connections page, select Add
61
4.
Fill in the following information, then select the Test Connection button Name: Service Manage Connection Server: servicemgr.contoso.com Domain: contoso User name: administrator Password: ****** Polling: 10 Reconnect: 10
5.
When the window Test connection succeeded appears, select OK and then OK again
6.
Select Finish
62
Configuring the System Center 2012 Operations Manager Integration Pack The next integration pack that needs to be configured is System Center 2012 Operations Manager. Jeff looks again on the TechNet Page and notices that he needs the following prerequisites: System Center 2012 - Orchestrator System Center 2012 Operations Manager Operations Manager console on each computer where an Orchestrator Runbook server or Runbook Designer is installed. Orchestrator will use the Operations Manager console to interact with Operations Manager.
Before configuring the Integration Pack, Jeff installs the Operations Manager console on the Orchestrator server. The procedure for this can be found in the Appendix. Jeff is now ready to connect the Integration Pack to the Operations Manager server. 1. Open System Center 2012 Orchestrator Runbook Designer
2.
On the menu bar, select Options and select SC 2012 Operations Manager
3.
On the Microsoft System Center Operations Manager Connections page, select Add
63
4.
On the System Center Operations Manager Connection Settings page, fill in the following information and select Test Connection Name: OpsMgr.contoso.com Domain: contoso User name: administrator Password: *******
5.
When the Connection successful dialog box appears, select OK twice
6.
Select Finish
64
Configuring the System Center 2012 Data Protection Manager Integration Pack The last integration pack that Jeff wants to deploy is the Data Protection Manager integration pack. As usual, he checks the prerequisites: System Center 2012 - Orchestrator System Center 2012 Data Protection Manager (DPM) Windows Management Framework
All the prerequisites are OK. The integration pack also requires that the execution policy of PowerShell is set to Remote Signed but we already did that when we configured the Virtual Machine Manager integration pack. The System Center Data Protection Manager Integration Pack requires that the PowerShell remoting is enabled. This integration pack uses Windows PowerShell remote commands to communicate with the DPM server, regardless of whether the server is remote or local. If you have not already done so, you must configure the DPM server and the Orchestrator client computer to receive Windows PowerShell remote commands that are sent by the Orchestrator server. To enable PS Remoting: 1. 2. 3. On the DPM server Open a Windows PowerShell (x86) console as an administrator. Type Enable-PSRemoting and select Enter
65
4.
Select Y when asked to continue
5.
Select Y again when asked to perform this action
Jeff can now configure the Data Protection Manager integration pack. 1. Open System Center 2012 Orchestrator Runbook Designer
2.66
On the menu bar, select Options and select SC 2012 Data Protection Manager
3.
On the Prerequisite Configuration page, select Add
4.
Fill in the following configuration and then select OK DPM Administrator Console: DPM.Contoso.com DPM Server: DPM.Contoso.com User: administrator Domain: Contoso Password: ****** Authentication Type: Default Port: 5985 Use SSL: false Cache Session Timeout: 10
67
5.
Select Finish
Additional Exercise Install Active Directory Integration PackIf want to perform the remaining exercises in this Private Cloud Evaluation Guide, youll first need to install the Active Directory Integration Pack, otherwise this exercise is optional.
1. 2. 3. 4.
Download the Active Directory Integration Pack: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=28020 Register the integration pack Deploy the integration pack Configure the integration pack with the information below: Name: Active Directory Connection Type: Microsoft Active Directory Domain Configuration Configuration User Name: administrator Configuration Password: ****** Configuration Domain Controller Name: contoso.com
68
Service Manager and the ConnectorsJeff has created the connections in System Center 2012 Orchestrator. Now he needs to configure the Connectors in System Center 2012 Service Manager. Connectors in Service Manager are used to build the configuration management database, CMDB. The CMDB is created and maintained by importing configuration items (CIs) from Active Directory Domain Services, Operations Manager, Virtual Machine manager, and Configuration Manager There is also a connector that allows you to automatically import alerts from Operations Manager and you can import data manually as well from a CSV file. By having an accurate and easily maintained CMDB, Jeff can accurately create the organizational processes and automated responses required to maintain his private cloud SLAs. For creating the connectors in Service Manager, Jeff logs on to the Service Manager server as a Domain Administrator The Active Directory Connector The Active Directory Connector will import users, groups, printers and computers as configuration items into the Service Manager CMDB database. Those objects then can be used as objects in incidents, requests and so on. Jeff is going to configure this connector. 1. In the Service Manager console, under Administration, click on Connectors
I 2. In the Tasks pane, on the right, select the Create connector button
69
3.
Choose Active Directory connector
4.
On the Before you begin page, select Next
5.
On the General page, type in the following parameters and select Next Name: Active Directory Connector Description: Connector for Active Directory Enable this connector: checked
70
6.
On the Domain or organizational unit page, select the domain then select New to create a specific account for this connection or choose an already created account. In this case, we are going to create a new one.
7.
On the Run As Account page, fill in the following parameters; after that, when back on the Domain/OU page test the connection and select Next Name: Active Directory Account Description: Account to connect to Active Directory Account: Windows Account User name: administrator Password: ******
71
Domain: Contoso
8.
On the Select objects screen, select All computers, printers, users and user groups and select Next
9.
On the Confirm connector settings screen, review your settings and select Create to create the connector
72
10. On the Completion screen, select Close
The Operations Manager Alert Connector The next connector that Jeff wants to connect is the Operations Manager Alert Connector. This connector is responsible for checking on a defined schedule if there are new Operations Manager Alerts. These alerts are then matched against the rule(s) that Jeff will create. The connector can also be configured to work bidirectionally. If an analyst closes an incident that has been created through this connector, the Alert will be closed in Operations Manager and vice versa.
73
1.
In the Service Manager console, under Administration, click on Connectors
2.
In the Tasks pane, on the right, select the Create connector button
3.
Choose Operations Alert connector
4.
On the Before you begin page, select Next
74
5.
On the General page, type in the following parameters and select Next Name: Operations Manager Alert Connector for Critical Only Alerts Description: This is a Connector to connect OpsMgr with Service Mgr for all critical alerts Enable: checked
6.
On the Server Details screen, type in the following configuration and select Next Server name: opsmgr.contoso.com Run As Account: create a new account with the name Operations Manager Account (see procedure above).
75
7.
On the Alert Routing Rules screen, select the Add button to create a new Alert Routing rule
8.
On the Add Alert Routing Rule screen, add the following parameters and then select Next Name: All Critical Alerts Template: Operations Manager Incident Templates Criteria: Severity: Critical
76
9.
Back on the Alert Routing Rules screen, select Next
10. On the Create a schedule page, select the frequency that Service Manager uses to poll Operations Manager and choose whether to auto close the incidents in Operations Manager when they are resolved or closed in Service Manager and whether to resolve the incidents in Service Manager when the alerts are closed in Operations Manager. In our scenario, we are going to select both because we want to autoresolve incidents in Service Manager when they are closed in Operations Manager and when the service desk resolves an alert, it should close the alert in Operations Manager when this alert is not an alert the system can resolve automatically. Select Next
77
11. On the Confirm the connector settings screen, review your selections and select Create
12. Select Close when the connector is created successfully
78
The Operations Manager CI Connector The Operations Manager Configuration Item connector imports objects into Service Manager that are discovered by Operations Manager. 1. In the Service Manager console, under Administration, click on Connectors
2.
In the Tasks pane, on the right, select the Create connector button
79
3.
Choose Operations Alert connector
4.
In the Before you begin screen, select Next
5.
On the General page, fill in the following details and then select Next Name: Operations Manager CI Connector Description: This is the connector to pull the CI information from Operations Manager Enable: Checked
80
6.
On the server details page, fill in the following details and then select Next Server name: OpsMgr.contoso.com Run As Account: Use the same Operations Manager Account as created before
7.
On the Management Packs page, select the Select All checkbox and select Next Jeff wants to make sure that the management packs that are imported in Operations Manager are also imported in Service Manager
81
8.
On the Schedule page, create a schedule that synchronizes this connector every day at 11.00 PM. Now Jeff knows that changes (new discoveries and deletions) during the day will be synchronized in the evening. Select Next
9.
On the Summary page, review your settings and select Create
82
10. On the Completion page, select Close
The Virtual Machine Manager Connector Jeff continues with the Virtual Machine Manager connector. This connector will import objects, such as clouds, templates, and virtual machines. 1. In the Service Manager console, under Administration, click on Connectors
83
2.
In the Tasks pane, select the Create connector button
3.
Choose Virtual Machine Manager connector
4.
On the Before you begin page, select Next
84
5.
On the General page, type in the following details and select Next Name: Virtual Machine Manager Connector Description: Connector used for Virtual Machine Manager Enable this connector: Checked
6.
On the Connection page, fill in the following details and select Next Server Name: vmm.contoso.com Run As Account: VMM Account (create one using the procedures noted above)
85
7.
On the Summary page, review your settings and select Create
8.
On the Completion page, select Close
86
The Orchestrator Connector The System Center Orchestrator Connector provides the capability to synchronously invoke runbooks from within Service Manager through the use of workflows. 1. In the Service Manager console, under Administration, click on Connectors
2.
In the Tasks pane, select the Create connector button
87
3.
Choose Orchestrator connector
4.
On the Before you Begin page, select Next
5.
In the General screen, enter the following parameters and select Next Name: Orchestrator Connector Description: Connector used for Orchestrator Enable the connector: checked
88
6.
On the Connection page, fill in the URL for the Orchestrator Web Service URL. This is http://servername:port/Orchestrator2012/Orchestrator.svc so in our environment this is http://orchestrator:81/Orchestrator2012/Orchestrator.svc. Add also a Run As Account with the name Orchestrator Account as described earlier. Select the Test Connection and when this has succeeded, select Next
7.
On the Sync folder page, you can select which folders in Orchestrator that you want to import. If you choose the \ folder as Jeff is going to do, then you will import all the runbooks from Orchestrator. Select Next
89
8.
On the Web Console URL page, enter the IRL for the Web Console of Orchestrator. This is http://orchestrator:82/ (or http://orchestratormanagementserver:port). Select Next
9.
On the Summary page, review your settings and select Create
90
10. On the Completion page, select Close
Service Manager and the Data WarehouseAfter you have deployed the service manager management servers and data warehouse management servers, you need to set up reporting. To do this, you run the Data Warehouse Registration Wizard. This wizard registers the service manager management group with the data warehouse management group. It also deploys management packs from the service manager management server to the data warehouse management server. This process can take several hours to complete. It is advised that you dont turn off any services during this period. You can work with Service Manager during this time without any problems.
91
Registering with the Data Warehouse Jeff is not going to evaluate the reporting now but he sure will want to look into this in a later phase of the evaluation. For now, he is going to register the Service Manager installation with the Data Warehouse 1. In the System Center 2012 Service Manager console, go to Administration
2.
On the Administration Overview page, click on Register with Service Manager Data Warehouse
3.
On the Before You Begin page, select Next
92
4.
On the Data Warehouse page, type in the Server name ServiceMgrDW and select the Test Connection button.
5.
If the connection test succeeds, select Next
93
6.
On the Credentials page, select the DW_ServiceManagerMG SecureReference Run As Account and select Next
7.
The system will request you to enter the Password for these credentials. Enter the password and select OK
94
8.
On the Summary page, review your selections and select Create
9.
When the Report Deployment process popup appears, select OK
10. On the Completion page, select Close
95
How to determine when the Data Warehouse registration is complete Jeff knows that the synchronization process can take up to a few hours. In the meantime, he will continue with his evaluation. During this time, he also would like to check on the status of the registration process. Jeff can see if the initial synchronization process is finished by following this procedure: 1. In the System Center 2012 Service Manager console, go to Data Warehouse > Data Warehouse Jobs
2.96
In the Data Warehouse Jobs pane, double click MPSyncJob
3.
On the MPSyncJob details page, go to Status and review the Job details list. The management pack deployment process is complete when the status for all of the management packs is Associated or Imported
4.
After the management packs have been deployed (as determined in step 3), make sure that the following five data warehouse jobs appear in the Data Warehouse Jobs pane: Extract_ Extract_ Load.Common Transform.Common MPSyncJob
97
Virtual Machine Manager and Operations ManagerConnecting System Center 2012 Virtual Machine Manager with System Center 2012 Operations Manager allows you to monitor the health and availability of the virtual machines and hosts that VMM manages. You can also monitor the VMM Management server, the VMM database server, library servers, and VMM Self-Service Portal web servers, and see diagram views of the virtualized environment through the Operations console in Operations Manager. As services are deployed in Virtual Machine Manager, a corresponding Distributed Application will be created in Operations Manager. Also, through the connections between Virtual Machine Manager and Operations Manager, you can view reports on the health and utilization of your private cloud infrastructure. Jeff wants to make sure that he has those views. Because Virtual Machine Manager will be crucial in his private cloud, he needs to make sure that every component is healthy. Before he can start connecting Virtual Machine Manager and Operations Manager he needs to verify some prerequisites: Credentials o An account which is a member of the Operations Manager Administrators user role o An account which is a member of the VMM Administrator user role Management Packs o SQL Server Core Library version 6.0.5000.0 or later (http://www.microsoft.com/download/en/details.aspx?id=10631) o Windows Server Internet Information Services Library version 6.0.5000.0 or later o Windows Server Internet Information Services 2003 version 6.0.5000.0 or later o Windows Server 2008 Internet Information Services 7 version 6.0.6539.0 or later (http://www.microsoft.com/download/en/details.aspx?id=9815) Operations Manager console installed on the VMM Server
Since this is an evaluation, he can use the administrator role for the credentials. The procedure on how to import Management Packs can be found in the Appendix. The procedure on how to install the Operations Manager console on the VMM Server can also found in the Appendix. Jeff performs these procedures first and then starts with the connecting procedure. 1. In the System Center Virtual Machine Manager console, go to Settings > System Center
98
2.
On the Settings pane, double click on Operations Manager Server
3.
On the Introduction page, select Next
4.99
On the Connection to Operations Manager page, enter the following information and then select Next
Server name: OpsMgr Use the VMM server service account: checked Enable Performance and Resource Optimization (PRO): checked Enable maintenance mode integration with Operations Manager: checked
5.
On the Connection to VMM page, fill in the following data and select Next User name: contoso\administrator Password: ******
6.
On the Summary page, review your settings and select Finish
100
7.
A job window will open where you can see if the job succeeds or fails
SummaryIn Chapter 3 Jeff installed all the components with the help of the Unified Installer. In this chapter, he configured all the connectors between the System Center 2012 components. He configured the Integration Packs between Orchestrator and the remaining System Center 2012 components, configured the connectors between Service Manager and the remaining System Center 2012 components, and connected Operations Manager and Virtual Machine Manager through their connector. Jeff is now ready to start configuring his environment.
101
Chapter 5: Configuring Your Private Cloud InfrastructureOverviewIn the previous chapter we connected all the components of System Center 2012 together. Now, we are ready to configure the infrastructure components within our private cloud. One of the key tenets of a private cloud is the ability to abstract your diverse set of physical resources into a logical pool that you can delegate to specific users. Jeff wants to be able to give resources to Emily so that she and her team can do their work. The problem is that Emily doesnt have knowledge of the compute resources, the different internal network architecture or the storage topology. In reality, Emily shouldnt be concerned with that. Emily would just like access to a pool of resources to deploy the applications her team needs to deploy. Jeff wants to provide Emily standard choices for memory, storage, which network to connect to and the number of virtual CPUs so that she and her team can easily create a virtual machine and deploy applications without the need to know the underlying infrastructure details. Jeff is going to prepare the private cloud infrastructure now through Virtual Machine Manager. He needs to import the existing Hyper-V host (or hosts, depending on your scenario) and create a network private cloud infrastructure called SEATTLE_EXTERNAL. He also wants to explore some of the other fabric possibilities such as the storage classifications.
Private Cloud Infrastructure ComponentsWhen working with the private cloud, it is very important to understand the concept of Infrastructure Components. In the past, most of the datacenter administrators talked in terms of hardware. With the private cloud, we are going to abstract the hardware into pooled resources. Components such as networking, storage and compute (CPU, memory) will be abstracted from the hardware and delegated to Emily. It is Jeffs responsibility to manage the underlying physical resources and just ensure that Emily has the correct amount of resources available to suit her business needs. Emily does not need to know or understand the underlying hardware to be able to do that.
Host GroupsHost groups are used to group virtual machine hosts in meaningful ways, often based on physical site location and resource allocation. Jeff has two datacenters and is going to create a specific host group for this evaluation, and create a structure that matches the Brussels Datacenter. For each group, Jeff can define different parameters based on the infrastructure that will be placed beneath that host group. Jeff starts with creating the Seattle host group. 1. In the Virtual Machine Manager console, go to VMs and Services > All Hosts
102
2.
On the ribbon, select Create Host Group
3.
Give it the name Seattle
4.
Jeff also is going to have a quick look on how he can create a tree for a datacenter that Contoso has in Brussels. Below you see the examples.
103
5.
Jeff realizes that he can do some great things with the host groups. However, because he is still evaluating the private cloud, he is going to keep working with the Seattle host group. Jeff right-clicks on host group and select's Properties to adjust some settings specific for that host group.
6.
On the General page, you see the name that you gave the host group when you created it. You can add a description here, change the location if necessary, and decide if you want to allow unencrypted file transfers. Type in the following data: Description: Main host group for the Seattle Datacenter
104
7.
On the Placement Rules page, you can define specific placement settings for this host group
8.
On the Host Reserves page, Jeff decides to change a few settings specific for the Seattle hosts. Change the settings to the following parameters: CPU: 5 % Memory: 256 MB Disk I/O: 0 IOPS Disk space: 1 % Network I/O: 0 %
105
9.
On the Dynamic Optimization page, Jeff looks at the specific options that he has to balance the virtual machine load within a host cluster. Because Jeff doesnt have a cluster in this evaluation it isnt that important, but it is good to see that he has many options to work with. He also selects the Settings button to look at the power optimization settings.
10. After looking at the Power Optimization settings, select OK
106
11. On the Network page, Jeff doesnt see any network resources yet. But since we still need to create the private cloud infrastructure, they will appear here later on.
12. On the Storage page, you can review the Storage allocated to this host group. Again, since we didnt create any private cloud infrastructure yet, we dont see any storage here.
107
13. On the Pro Configuration page, you can view the settings for the Pro Monitors. You can overrule the inheritance and change the settings specific for this host group.
14. On the Custom Properties page, you can manage Custom Properties for your hosts.
108
NetworkingJeff now has some host groups created. In his evaluation, he is only going to use the Seattle host group and now he wants to create a logical network for that host group together with some predefined IP addresses that can be used when deploying the servers for Emilys application.
Create Logical NetworkJeff is going to create a network in Virtual Machine Manager. This network is called the SEATTLE_EXTERNAL network. When your server is connected to this network, you will get internet access. It is perfectly possible that you dont have a specific network. In our evaluation, we only have one network on the host and that network will be imported when we are going to import the hyper-v host. The next exercise is just to create a feeling about how to create a logical network and what the possibilities are 1. In the Virtual Machine manager console, go to Fabric > Networking
109
2.
On the ribbon, select Create Logical Network
3.
On the Name page, fill in a name and description for the network. Please note that a well-chosen name and description are crucial here. Dont forget that it will be Emily that will chose some of these private cloud infrastructure or resources so she will need to know what network it is and what the function of that network is. Select Next Name: Exterior Seattle Network Description: Network that gives access to the Internet
4.110
On the Network Site page, select the Add button
5.
Select the specific host group (Seattle) and fill in the IP Subnet in. For this example, Im using the 10.0.0.1/24 subnet and no VLAN. If you have a VLAN, you need to fill it in here. Also, you can change the Network site name from the suggestion. Select OK
6.
On the Summary page, confirm the settings and select Finish
111
Create IP PoolNow that Jeff has created a logical network he is going to create an IP Pool for that logical network. 1. In the ribbon, select Create IP Pool
2.
On the Name page, select the Seattle Network and type in the information for the IP Pool. Then select Next Name: Internet Seattle Pool Description: All IP-addresses that can be used to connect to the internet from the Seattle Host Group Logical Network: Exterior Seattle Network
112
3.
On the Network Site page, select Use an existing network site and make sure that the correct Seattle Network is selected. Then select Next
4.
On the VIP and Reserved IPs page, fill in the starting IP address and ending IP address. This will give you your total number of IP addresses that can be used in that pool. You can also specify specific IP addresses reserved for load balancers or for other reasons. Jeff fills in the following data as example and then select Next Starting IP address: 10.0.0.10 Ending IP address: 10.0.0.49 IP addresses reserved for load balancer VIPs: 10.0.0.25
113
5.
On the Gateway page, you can specify a gateway for that IP pool. Jeff fills in the IP address for the gateway (10.0.0.1) in that network. Select Next
6.
On the DNS page, you can fill in the IP of the DNS server(s) for that network. You can also specify a DNS suffix. Jeff fills in the DNS server 10.0.0.2. Select Next
114
7.
On the WINS page, you can specify WINS servers. Jeff doesnt have those anymore so he selects Next
8.
On the Summary page, review your selections and settings and select Finish
115
Create VIP TemplateJeff decides to create a VIP template also as Emily will probably need a load balancer in the near future. 1. On the ribbon, click Create VIP Template
2.
On the Name page, fill in the name for the template, the description and the Virtual IP port and then select Next Template name: Seattle VIP Template Description: The template is used for the webservers in the Seattle Host Group Virtual IP Port: 80
116
3.
On the Type page, Jeff selects to create a Specific type because he knows that he is going to use the Microsoft Network Load Balancing feature in the future. Select Next after selecting Microsoft as manufacturer and the correct Model: Network Load Balancing (NLB)
4.
On the Protocol page, Jeff selects the TCP protocol and then he selects Next
117
5.
On the Persistence page, Jeff leaves the Enable persistence open and selects Next
6.
On the Summary page, review your selections and select Finish
118
StorageNow