Hyper-V Deployment and Best Practices

Satyen Pradhan Premier Field Engineer satyenp@microsoft.com Microsoft (Malaysia)

Session Objectives

Hyper-V Benefits
Server consolidation Utilization

Business Continuity

Flexibility

Hyper-V: Production Ready

TAP, RDP & MSIT Hyper-V Deployments
Thousands of Hyper-V VMs in PRODUCTION Windows Server 2003/2008 Roles:
File, Print, AD, RODC, IIS/Web, TS, Application Services, DHCP, DNS, WSS and more

Microsoft Server Products:

SQL, Exchange, HPC, ISA, Sharepoint, Project Server, VSTS, BizTalk, Configuration Manager, Operations Manager & more

Hyper-V Stats:
Performance Blockers: ZERO Deployment Blockers: ZERO Application Compatibility Bugs: ZERO Scalability Blockers: ZERO

Hyper-V: Production Scalability

Hyper-V Powering Microsoft Internet Properties TechNet: 100% Hyper-V http://technet.microsoft.com ~1 million hits a DAY MSDN: 100% Hyper-V http://msdn.microsoft.com ~3 million hits a DAY Microsoft.com: ~50% Hyper-V and growing http://www.microsoft.com >1 billion hits a month

Provided by:

Parent Partition
VM Worker Processes

Child Partitions

OS ISV / IHV / OEM Microsoft Hyper-V Microsoft / XenSource

Applications
WMI Provider VM Service

Applications

Applications

Applications

User Mode

Windows Server 2008

Windows Kernel IHV Drivers

Windows Server 2003, 2008

Windows Kernel

NonHypervisor Aware OS

Xen-Enabled Linux Kernel

Linux VSC

VSP

VSC

VMBus

VMBus

VMBus

Emulation

Hypercall Adapter

Kernel Mode Ring -1

Windows hypervisor Designed for Windows Server Hardware

Virtualization Requirements
1. Scheduler 2. Memory Management 3. VM State Machine 4. Virtualized Devices 5. Storage Stack 6. Network Stack 7. Drivers 8. Management API

Why not get rid of the parent?

No defense in depth Entire hypervisor running in the most privileged mode of the system
Virtual Machine
User Mode

Virtual Machine
User Mode

Virtual Machine
User Mode

Ring 3

Kernel Mode

Kernel Mode

Kernel Mode

Ring 0

Scheduler Memory Management Storage Stack Network Stack VM State Machine Virtualized Devices Drivers Management API

Ring -1

Hardware

Micro-kernelized Hypervisor
Defense in depth Using hardware to protect Hyper-V doesnt use ring compression

Parent Partition
VM State Machine Virtualized Devices Management API

Virtual Machine
User Mode

Virtual Machine
User Mode

Ring 3

Storage Stack Network Stack Drivers

Kernel Mode

Kernel Mode

Ring 0 Ring -1

Scheduler Memory Management

Hardware

HOW TO INSTALL HYPER-V?

SERVER CORE

Windows Server Core

Windows Server Core

Step-by-step instructions

ENABLING HYPER-V WITH SERVER CORE

Installing Hyper-V Role on Core Install Windows Server 2008, select a Server Core installation
option

Set Admin Password

net user administrator <new_password> shutdown /r /t 0

Rename Computer
netdom renamecomputer %computername% /newname:<new_computername> shutdown /r /t 0

Join Domain
netdom join %computername% /domain:<domain> /userd:<username> /passwordd:* enter password when prompted shutdown /r /t 0

Add domain account to local admin group

net localgroup administrators /add <domain_account> logoff

Add Hyper-V Role

ocsetup Microsoft-Hyper-V Restart when prompted

Enabling Remote Desktop

OPTIONAL cscript \windows\system32\scregedit.wsf /ar 0 cscript \windows\system32\scregedit.wsf /cs 0

HYPER-V NETWORKING

Hyper-V Networking
Two physical network adapters at minimum One for management One (or more) for VM networking Dedicated NIC(s) for iSCSI Connect parent to backend management network Only expose guests to internet traffic

Hyper-V Network Configurations

Example 1:
Physical Server has 4 network adapters NIC 1: Assigned to parent partition for management NICs 2/3/4: Assigned to virtual switches for virtual machine networking Storage is non-iSCSI such as:
Direct attach SAS or Fibre Channel

Hyper-V Setup & Networking 1

Hyper-V Setup & Networking 2

Hyper-V Setup & Networking 3

Hyper-V Network Configurations

Example 2:
Server has 4 physical network adapters NIC 1: Assigned to parent partition for management NIC 2: Assigned to parent partition for iSCSI NICs 3/4: Assigned to virtual switches for virtual machine networking

Hyper-V Setup, Networking & iSCSI

Networking: Parent Partition

Networking: Virtual Switches

Step by Step Instructions

HYPER-V & STORAGE

Hyper-V Storage...
Performance wise from fastest to slowest
Fixed Disk VHDs/Pass Through Disks
About the same in terms of performance

Dynamically Expanding VHDs

Grow as needed

Pass Through Disks

Pro: VM writes directly to a disk/LUN without encapsulation in a VHD Cons:
You cant use VM snapshots

Pro/Con: Dedicating a disk to a vm

Use Fixed Disk VHDs or Pass Through Disks in Production!

VM Setting No Pass Through

Computer Management: Disk

Taking a disk offline

Disk is offline

Pass Through Configured

BEST PRACTICES & TIPS AND TRICKS

Deployment Considerations
Minimize risk to the Parent Partition
Use Server Core Dont run arbitrary apps, no web surfing
Run your apps and services in guests

Moving VMs from Virtual Server to Hyper-V

FIRST: Uninstall the VM Additions

Two physical network adapters at minimum

One for management (use a VLAN too) One (or more) for vm networking Dedicated NIC(s) for iSCSI Only expose guests to internet traffic

Cluster Production Systems

Best Practices for Physical Servers

Avoid Overloading the Server Ensure High Speed access to Storage Avoid Mixing Virtual Machines that can and cannot use Integration Services Avoid Storing System Files on Drives used for Hyper-V Storage Monitor Performance to Optimize and Manage Server Loading

Best Practices for Configuring Virtual Machines

Install Integration Services Uninstall VMAdditions and Compact the VHDs Set Display for Best Performance
To ensure the hardware acceleration is set to full

Configure Fixed-Size VHDs

The file system is less likely to fragment and better space management

Use SCSI Virtual Adapter for Data Drives Allocate CPU Resources Based on Anticipated Usage Consider using Pass-Through Disks Configure Domain Controllers to Optimize Performance
Never save state or pause and do not take snapshots

Windows Server 2003 Cluster Creation

Cluster Hyper-V Servers

Don't forget the ICs!

Emulated vs. VSC

Anti-Virus & More

Anti-Virus
Parent partition

Run AV software and exclude .vhd

Configure Anti-Virus to Bypass Hyper-V Processes and Directories

Child partitions

Run AV software within each VM

Use .isos
Great performance; Can be mounted and unmounted remotely Physical DVD cant be shared across multiple vms Having them in SCVMM Library fast & convenient

BitLocker-Persistent Protection
Mitigating Against External Threats Very Real Threat of Data Theft When a System is Stolen, Lost, or Otherwise Compromised (Hacker Tools Exist!) Decommissioned Systems are not Guaranteed Clean BitLocker Drive Encryption Support in Windows Server 2008 Addresses Leading External Threats by Combining Drive Level Encryption with Boot Process Integrity Validation Leverages Trusted Platform Model (TPM) Technology (Hardware Module) Integrates with Enterprise Ecosystem Maintaining Keys in Active Directory Protects Data While a System is Offline Entire Windows Volume is Encrypted (Hibernation and Page Files) Delivers Umbrella Protection to Applications (On Encrypted Volume) Ensures Boot Process Integrity Automatically Locks System when Tampering Occurs Simplifies Equipment Recycling One Step Data Wipe Deleting Access Keys Renders Disk Drive Useless

Online Resources
Hyper-V WMI API
http://msdn2.microsoft.com/en-us/library/cc136992(VS.85).aspx http://www.microsoft.com/technet/virtualserver/downloads/vhdspec.mspx

Virtual Hard Disk Specification OSP: MSDN & TechNet Powered by Hyper-V
http://blogs.technet.com/virtualization/archive/2008/05/20/msdn-andtechnet-powered-by-hyper-v.aspx

Virtualization Solution Accelerators

http://technet.microsoft.com/en-us/solutionaccelerators/cc197910.aspx

How to install the Hyper-V role

http://www.microsoft.com/windowsserver2008/en/us/hyperv-install.aspx http://www.microsoft.com/whdc/system/sysperf/Perf_tun_srv.mspx

Windows Server 2008 Hyper-V Performance Tuning Guide Using Hyper-V & BitLocker White Paper
http://www.microsoft.com/downloads/details.aspx?FamilyID=2c3c0615-baf4-4a9c-b6133fda14e84545&DisplayLang=en

Q&A

Have You Visited the Windows Client TechCenter website?

www.technet.com/windows
Windows Client TechCenter provides IT professionals with the right resources, at the right technical level, at the right point in your technology adoption and management processes

Special Start.NET Promotion

RM50 DISCOUNT + a FREE GIFT for selected Start.NET Workshops Windows Presentation Foundation Silverlight 2.0 SQL Server 2008 SharePoint
Limited to the first 50 delegates who registered.

Register today!

Housekeeping Announcement
Please complete the evaluation form and return it to the Registration Counter in return for a Windows 7 Beta DVD. Here is where you can get the product key :
http://technet.microsoft.com/evalcenter/dd353205.aspx

Please complete the TechNet MSDN Quiz Sheet and return it to the Redemption Counter in return for a mystery gift Print out the TechCenter Homepage and redeem your gift at the Redemption Counter Visit the Partners & MS Learning counters at the foyer for great promotional offers

 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.