DHCP ipv4 lease negotiation:
client DHCPDISCOVER
server DHCPOFFER
client accepts DHCPREQUEST
server accepts DHCPACK or not DHCPNAK.
client tests address with and fails DHCPDECLINE
DHCPRELEASE client releases lease
DHCPINFORM client requests more options
Client will attempt to renew lease starting at 50% of lifetime via DHCPREQUEST messages.
at 87.5% of lease and no responses, client will DHCPREQUEST broadcast for any dhcp server.
releases lease at 100% of no response, or a DHCPNAK response.
Install role DHCP Server (DHCP) and DHCP tools(RSAT-DHCP). When you install from the Gui Add Roles and Features, you will have a task for "complete DHCP configuration" in Server Manager. This wizard will prompt you to authorize the DHCP server,
Bind server to the NIC's that you want to use for DHCP: IPv4, or IPv6 properties, Advanced, Bindings.
4.2.1 Create and configure scopes
v4
DHCP manager, right click IPv4 and select New Scope.
Give the scope a name and description
Put in a start and end ip address for the scope. Then configure the subnet mask.
Add an exclusion range for ip's you do not want to be given out.
Set a lease duration.
You will be prompted to configure DHCP options(see 4.2.3)
Once created, you should right click the scope and select "Activate"
v6
DHCP manager, right click ipv6 and select new scope
Give the scope a name and description
Enter the prefix for the scope. Enter a preference, which determines which dhcp server has preference when
client receives messages from multiple dhcp servers(highest value is preferred). set to
255 for immediate use.
Add exclusion ranges, if necessary.
Configure lease durations. preferred determines how long an interface should consider address usable. valid
lifetime is how long the address is valid.
You are prompted to activate the scope, or you can manually activate it later.
Powershell:
v4
add-dhcpserverv4scope -name "192.168.11.0 scope" -startrange 192.168.11.1 -endrange
192.168.11.254 -subnetmask 255.255.255.0
add-dhcpserverv4exclusionrange
other commands:
get-dhcpserverv4scope, get-dhcpserverv4exclusionrange, remove-dhcpserverv4scope, remove-dhcpserverv4exclusionrange, set-dhcpserverv4scope
extra note:
superscope: container for ipv4 scopes, and can be used to distribute addresses from multiple logical ip networks in the same physical segment
multicast scope: class D network
failover scope: 2012 mode that automatically splits scopes between two dhcp servers
v6
add-dhcpserverv6scope -name "0200 scope" -prefix fc00:0:0:0200:0:0:0:0
add-dhcpserverv6exclusionrange -prefix fc00:0:0:200:: -startrange fc00:0:0:200::1 -endrange fc00:0:0:200:0:0:3:ffff
other commands:
get-dhcpserverv6scope, get-dhcpserverv6exclusionrange, remove-dhcpserverv6scope, remove-dhcpserverv6exclusionrange, set-dhcpserverv6scope
use -state active|inactive parameter with set-dhcpserverv#scope command to activate/deactivate scope
extra note: split-scope is where a scope is split between dhcp servers as a failover. you can right click the scope and advanced/split-scope to bring up the wizard. In 2012 should probably use the failover option instead.
4.2.2 configure a DHCP reservation
DHCP reservations are ip addresses that will always be assigned to a machine's interface when it requests an ip.
v4
Requires the mac address of the interface on the computer that will be assigned a reservation
Under the appropriate scope, right click reservations and new reservation.
give it a name, enter the ip address, then the mac address, and finally a description. specifiy dhcp if you wish
to only support dhcp for this reservation
After creation, you can right click the ip and specify specific dhcp options for this address.
v6
v6 reservation is similar to v4 except for v6 you will need the following from the interface, instead of a mac address. You can get both with ipconfig /all
DHCP Unique Identifier(DUID): This uniquely identifies a client or server
IAID: a unique id part of the Identity Association(IA) that identifies a specific interface.
powershell
v4
add-dhcpserverv4reservation -scopeid 192.168.10.0 -ipaddress 192.168.10.8
-clientid 00155d017506
v6
add-dhcpserverv6reservation -prefix fc00::200:0:0:0:0 -ipaddress fc00::200:0:0:0:6
-clientduid 0001000117d29a2e00155d017500 -iaid 536876381
other commands: get-dhcpserverv4reservation, remove-dhcpserverv4reservation, get-dhcpserverv6reservation, remove-dhcpserverv6reservation
4.2.3 configure
DHCP options
options are sent to the client. They can be configured for all scopes on server, a specific scope, or a single reservation.
You configure options for one scope under Scope options.
v4
common v4 options.
001-Subnet mask(sent by default from the scope)
003-Router: default gateway
006-DNS Servers
015- DNS name
044 Wins Server
v6
common v6 options
0023 DNS Recursive Name Server
0024 Domain Search List.
powershell
list all options available
get-dhcpserverv4optiondefinition
get-dhcpserverv6optiondefinition
show current values assigned to a specific scope:
get-dhcpserverv4optionvalue -scopeid 192.168.10.0
get-dhcpserverv6optionvalue -prefix fc00:0:0:200::
set new option values for a specific scope
set-dhcpserverv4optionvalue -scopeid 192.168.10.0 -optionid 6 -value 192.168.10.1, 192.168.10.2
set-dhcpserverv6optionvalue -prefix fc00:0:0:200:: -optionid 23 -value fc00:0:0:200::5
extra note: for dns server options. use -force to skip checking if they exist
extra note: you can define classes to assign options to a group of computers. right click ipv4 or ipv6 select define user classes. create a new ClassID. Use ipconfig /setclassid "LAN" ClassID on the client interfaces that will be in that class
4.2.4 configure client and server for PXE boot
if DHCP server is on same machine as WDS, set custom option 60 to PXECLIENT
if they are on separate servers on same subnet, use:
option 66: boot server host name
option 67: boot file name
Extra note: MS recommends using a router to ip-helper address to the DHCP and WDS servers on different subnet for all dhcp requests
4.2.5 configure DHCP
relay agent
If you aren't using a router to do DHCP relay, you can install RRAS role to get DHCP relay setup on a server:
add role Remote Access(RemoteAccess) and check Directaccess and VPN, as well as Routing
once installed, go into computer management, and go under Services and Applications
Right click Routing and Remote access and select "Configure and enable Routing and remote access"
select custom configuration, and then LAN Routing
Expand Ipv4 or Ipv6.
Go to general and right click the pane and "New Routing Protocol". Select DHCP Relay Agent
right click Dhcp Relay Agent and "New Interface"
Select options: Relay DHCP Packets(enabled), Hop-count threshold, Boot threshold(this delay is so local DHCP servers will respond first)
Right click DHCP Relay Agent, properties. Enter the IP address for the server to forward to.
IPv6 is similar except Boot threshold is called Elapsed-time threshold. Also, properties has Server tab for ipv6 servers. General tab is for event logging options.
extra note:
install-windowsfeature remoteaccess -includeallsubfeatures -includemanagementtools
4.2.6 authorize DHCP server
As stated above, you are prompted with a task to authorize the DHCP server when you first install the role. However, if you need to Unauthorize/Authorize the server, you can right click the server in DHCP Manager and select authorize/unauthorize.
Powershell:
If installed in powershell, the DHCP server is not automatically authorized. Use get-dhcpserverindc to see authorized DHCP servers. Then authorize the server with cmdlet:
add-dhcpserverindc -dnsname 'dc.contoso.com' -ipaddress 192.168.10.1.
command line:
netsh dhcp server \\dhcpsrv01 initiate auth
Wednesday, May 29, 2013
Monday, May 27, 2013
4. Deploy and configure core network services 4.1 Configure IPv4 and IPv6 addressing
4.1.1 Configure IP address options
4.1.2 configure subnetting
4.1.3 configure supernetting
Not going to spend a lot of time on this.
IPv4
Classful:
Class A: 1-127 8 network bits, but starts with 0(binary). 24 host bits
Class B: 128-191 16 network bits, starts with 10(binary). 16 host bits
Class C: 192-223 24 network bits, starts with 110(binary). 8 host bits
Class D: 224 multicast (1110)
Class E: 240 Experimental/unused
Classless Inter-Domain Routing(CIDR)
Allows the assigning of any size networks with a subnet mask that can be any number of bits and the network can then be further divided.
VLSM is the subdividing within a private network into smaller subnets that can be variable size.
subnetting is the process of dividing up networks into smaller networks
supernetting is a way to represent multiple contiguous networks with the same subnet mask by creating a
new subnet mask made up of their common network bits.
Static IP, Dynamic IP
Automatic Private IP Addressing - APIPA - A microsoft mechanism that automatically assigns an address in
the 169.254.0.0./16 network if Windows is unable to contact a DHCP server.
Configure IP address in the network adapter properts under TCP/IPv4 properties. IP address, subnet
mask, default gateway, DNS Servers. Or set to use DHCP
Powershell:
use modules Netadapter and NetTCPIP
To set an adapter to DHCP:
set-netipinterface 'ethernet 5' -dhcp enabled
To setup a static IP:
get-netipinterface
get-netipconfiguration 'ethernet 2' | new-netipaddress -ipaddress 192.168.10.20 -prefixlength 24 -defaultgateway 192.168.10.1
set-dnsclientserveraddress 'ethernet 5' -serveraddresses 192.168.15.90, 192.168.15.91
To remove an ip address, use
remove-netipaddress 192.168.10.20 -defaultgateway 192.168.10.1
Note that you should remove the default gateway along with the ip address, or else the default gateway gets "stuck" on that interface, and cannot be removed using cmdlets until you add another ip in the same subnet to the same interface(or edit through the GUI).
To reset the dns server addresses to default, use the following:
set-dnsclientserveraddress 'ethernet 5' -resetserveraddresses
IPv6
128 bits
:: can be used to compress consecutive 0's. leading 0's can be left off.
63c5:0091:0000:0000:e8cc:011f:009a:c001 can be
63c5:91::e8cc:11f:9a:c001
types of ipv6 addresses:
global unicast address: registered ipv6 block
link-local unicast address: reserved block that can assign themselves automatically(like APIPA IPv4)
10 bit prefix 1111111010 fe80::/64
unique local address : reserved block in fc00::/7 for private use.
multicast: begin with 11111111 ffanycast: a unicast address that is assigned to identify the routers within a given address scope.
site-local address : reserved fec0::/10 for "private" use but has since been deprecated for unique local addresses(ULA)
neighbor discovery(ND): provides functions for v6 similar to v4's ICMP, ARP, Router Discovery, Router
redirect.
powershell
get-netipconfiguration 'ethernet 2' | new-netipaddress -ipaddress fc00::200:cd -prefixlength 64 -defaultgateway fc00::200:1
set-dnsclientserveraddress 'ethernet 5' -serveraddresses fc00::199:40,fc00::199:41
remove an ipv6 address
remove-netipaddress -ipaddress fc00::200:cd -defaultgateway fc00::200:1
4.1.4 configure interoperability between IPv4 and IPv6
1.use a dual stack
2. tunneling:
static configuration with netsh
netsh interface ipv6 add v6v4tunnel tunnelname localaddress remoteaddress
netsh interface ipv6 add v6v4tunnel "tunnel" 192.168.90.1 192.168.91.1
automatic configuration:
6to4: provides automatic tunneling allowing ipv6/ipv4 hosts to establish ipv6 connectivity across ipv4
internet using ipv4 multicast
isatap: intra-site automatic tunnel addressing protocol : emulates an ipv6 link using a ip4 network. does not support multicasting.
teredo: encapsulates v6 packets inside UDP to facilitate tunneling behind nat routers. like 6to4 but works
with NAT
Extra Note: There is another technology called IP-HTTPS that can be used as a directaccess
fallback method of ipv6/ipv4 access
Translation technologies:
Nat64: used by directaccess on ipv4 networks.
DNS64: maps ipv6 AAAA name queries to ipv4 A records queries.
Portproxy: allows ipv4/ipv6 TCP traffic to be proxied.
4.1.5 configure ISATAP
uses a virtual ipv6 network interface whose link-local address is determined by concatenating either fe80::200:5efe for global unique, or fe80::5efe to the 32 bits of a v4 address
To configure ISATAP you only need a router name. You can configure ISATAP with either a GPO(Network/TCPIP Settings/IPv6 Transistion), set-netisatapconfiguration -router cmdlet, or using netsh interface isatap set router
to disable ISATAP, set the state to Disabled, using GPO, set-netisatapconfiguration -state, or netsh interface isatap set state disabled
The other two isatap states are:
enabled: link-local address configured on each isatap interface
default: attemps to contact isatap server. If it cannot be contacted, no addresses are configured.
other powershell commands: get-netisatapconfiguration, reset-netisatapconfiguration
4.1.6 configure Teredo
Teredo components:
clients, servers, relays, host-specific relays
Client: IPv6/IPv4 node that supports teredo tunneling.
Server: ipv6/ipv4 node that is connected to both ipv4 internet and ipv6 internet, and assists in the address configuration of teredo client and facilitate initial communication between teredo clients and other clients, or with ipv6-only hosts. listens on UDP 3544 for teredo traffic
Relay: ipv6/ipv4 router that can forward packets between teredo clients on the ipv4 internet.
Qualified Types:
qualified(enabled): teredo is always enabled.
not qualified: teredo is dormant when not in use.
You can only configure qualified type by GPO
State/types:
default: default is client state
client: teredo interface present only when host is not on a network with a Domain Controller
enterprise client: teredo interface is always present.
disabled
Configure by GPO: Teredo Default Qualified, Teredo Server Name, Teredo State
netsh interface teredo show state
netsh interface teredo set state servername
netsh interface teredo set state type
powershell:
get-netteredoconfiguration
set-netteredoconfiguration -servername -type
Disable teredo:
set state to disabled in GPO
netsh interface teredo set state type disabled
set-netteredoconfiguration -type disabled
4.1.2 configure subnetting
4.1.3 configure supernetting
Not going to spend a lot of time on this.
IPv4
Classful:
Class A: 1-127 8 network bits, but starts with 0(binary). 24 host bits
Class B: 128-191 16 network bits, starts with 10(binary). 16 host bits
Class C: 192-223 24 network bits, starts with 110(binary). 8 host bits
Class D: 224 multicast (1110)
Class E: 240 Experimental/unused
Classless Inter-Domain Routing(CIDR)
Allows the assigning of any size networks with a subnet mask that can be any number of bits and the network can then be further divided.
VLSM is the subdividing within a private network into smaller subnets that can be variable size.
subnetting is the process of dividing up networks into smaller networks
supernetting is a way to represent multiple contiguous networks with the same subnet mask by creating a
new subnet mask made up of their common network bits.
Static IP, Dynamic IP
Automatic Private IP Addressing - APIPA - A microsoft mechanism that automatically assigns an address in
the 169.254.0.0./16 network if Windows is unable to contact a DHCP server.
Configure IP address in the network adapter properts under TCP/IPv4 properties. IP address, subnet
mask, default gateway, DNS Servers. Or set to use DHCP
Powershell:
use modules Netadapter and NetTCPIP
To set an adapter to DHCP:
set-netipinterface 'ethernet 5' -dhcp enabled
To setup a static IP:
get-netipinterface
get-netipconfiguration 'ethernet 2' | new-netipaddress -ipaddress 192.168.10.20 -prefixlength 24 -defaultgateway 192.168.10.1
set-dnsclientserveraddress 'ethernet 5' -serveraddresses 192.168.15.90, 192.168.15.91
To remove an ip address, use
remove-netipaddress 192.168.10.20 -defaultgateway 192.168.10.1
Note that you should remove the default gateway along with the ip address, or else the default gateway gets "stuck" on that interface, and cannot be removed using cmdlets until you add another ip in the same subnet to the same interface(or edit through the GUI).
To reset the dns server addresses to default, use the following:
set-dnsclientserveraddress 'ethernet 5' -resetserveraddresses
IPv6
128 bits
:: can be used to compress consecutive 0's. leading 0's can be left off.
63c5:0091:0000:0000:e8cc:011f:009a:c001 can be
63c5:91::e8cc:11f:9a:c001
types of ipv6 addresses:
global unicast address: registered ipv6 block
link-local unicast address: reserved block that can assign themselves automatically(like APIPA IPv4)
10 bit prefix 1111111010 fe80::/64
unique local address : reserved block in fc00::/7 for private use.
multicast: begin with 11111111 ffanycast: a unicast address that is assigned to identify the routers within a given address scope.
site-local address : reserved fec0::/10 for "private" use but has since been deprecated for unique local addresses(ULA)
neighbor discovery(ND): provides functions for v6 similar to v4's ICMP, ARP, Router Discovery, Router
redirect.
powershell
get-netipconfiguration 'ethernet 2' | new-netipaddress -ipaddress fc00::200:cd -prefixlength 64 -defaultgateway fc00::200:1
set-dnsclientserveraddress 'ethernet 5' -serveraddresses fc00::199:40,fc00::199:41
remove an ipv6 address
remove-netipaddress -ipaddress fc00::200:cd -defaultgateway fc00::200:1
4.1.4 configure interoperability between IPv4 and IPv6
1.use a dual stack
2. tunneling:
static configuration with netsh
netsh interface ipv6 add v6v4tunnel tunnelname localaddress remoteaddress
netsh interface ipv6 add v6v4tunnel "tunnel" 192.168.90.1 192.168.91.1
automatic configuration:
6to4: provides automatic tunneling allowing ipv6/ipv4 hosts to establish ipv6 connectivity across ipv4
internet using ipv4 multicast
isatap: intra-site automatic tunnel addressing protocol : emulates an ipv6 link using a ip4 network. does not support multicasting.
teredo: encapsulates v6 packets inside UDP to facilitate tunneling behind nat routers. like 6to4 but works
with NAT
Extra Note: There is another technology called IP-HTTPS that can be used as a directaccess
fallback method of ipv6/ipv4 access
Translation technologies:
Nat64: used by directaccess on ipv4 networks.
DNS64: maps ipv6 AAAA name queries to ipv4 A records queries.
Portproxy: allows ipv4/ipv6 TCP traffic to be proxied.
4.1.5 configure ISATAP
uses a virtual ipv6 network interface whose link-local address is determined by concatenating either fe80::200:5efe for global unique, or fe80::5efe to the 32 bits of a v4 address
To configure ISATAP you only need a router name. You can configure ISATAP with either a GPO(Network/TCPIP Settings/IPv6 Transistion), set-netisatapconfiguration -router cmdlet, or using netsh interface isatap set router
to disable ISATAP, set the state to Disabled, using GPO, set-netisatapconfiguration -state, or netsh interface isatap set state disabled
The other two isatap states are:
enabled: link-local address configured on each isatap interface
default: attemps to contact isatap server. If it cannot be contacted, no addresses are configured.
other powershell commands: get-netisatapconfiguration, reset-netisatapconfiguration
4.1.6 configure Teredo
Teredo components:
clients, servers, relays, host-specific relays
Client: IPv6/IPv4 node that supports teredo tunneling.
Server: ipv6/ipv4 node that is connected to both ipv4 internet and ipv6 internet, and assists in the address configuration of teredo client and facilitate initial communication between teredo clients and other clients, or with ipv6-only hosts. listens on UDP 3544 for teredo traffic
Relay: ipv6/ipv4 router that can forward packets between teredo clients on the ipv4 internet.
Qualified Types:
qualified(enabled): teredo is always enabled.
not qualified: teredo is dormant when not in use.
You can only configure qualified type by GPO
State/types:
default: default is client state
client: teredo interface present only when host is not on a network with a Domain Controller
enterprise client: teredo interface is always present.
disabled
Configure by GPO: Teredo Default Qualified, Teredo Server Name, Teredo State
netsh interface teredo show state
netsh interface teredo set state servername
netsh interface teredo set state type
powershell:
get-netteredoconfiguration
set-netteredoconfiguration -servername -type
Disable teredo:
set state to disabled in GPO
netsh interface teredo set state type disabled
set-netteredoconfiguration -type disabled
Saturday, May 25, 2013
3. Configure Hyper-V 3.3 Create and configure virtual networks
3.3.1 implement Hyper-V Network Virtualization
Network Virtualization is a layer 2 process in which the inside virtual network is independent of the outside physical network, and can be configured to communicate with other hypervisors as one network, regardless of the physical network.
2 possible ways that Hyper-V can accomplish this:
NVGRE: Network Virtual Generic Routing Encapsulation. This builds encapsulated tunnels between hyper-v virtual hosts.
IP Rewrite: this is a NAT approach at each host, which translate the virtual addresses to physical ones.
Provider Addresses(PA) : Unique IP addresses assigned to each host. physical addresses
Customer Addresses(CA): virtual IP addresses assigned to VM's.
Virtual subnet ID(VSID): a GRE key that signifies which virtual network the packet is on.
Routing Domain ID(RDID): a GUID id that signifies a "customer" network which is made up of one or more
VSID's
Network virtualization can be setup using Powershell.
3.3.2 configure Hyper-V virtual switches
Creating a new external switch will appear in the host's network connections. When bound to one of the host's network adapters, the host will communicate directly with the switch, not the physical network. The switch communicates with the physical network.
right-click the hyper-v server, and select Virtual Network Switch Manager
Click New Virtual Network Switch
Give it a name
Select switch type: External, Internal, or Private
External: VM's need access to physical network
Internal: VM's can only communicate internally on the host and with the host. The switch is not bound to a
network adapter
Private: VM's can only communicate with each other on this switch. Not the host or physical. switch is not
bound to a network adapter.
If external, select a network adapter to bind too. Check or uncheck "allow management operating system
to share this adapter". Check to enable SR-IOV
Select a Vlan ID if for the management network.
You can also set global mac addresses for this host in the Virtual Switch Manager(see 3.3.4)
A virtual switch can have up to 512 VM's assigned to it.
Powershell:
new-vmswitch -name "New External Switch" -netadaptername "Broadcom NetXtreme Gigabit Ethernet"
other VM switch commands:
get-vmswitch, set-vmswitch, rename-vmswitch, remove-vmswitch
3.3.3 optimize network performance
1. Use network adapter type(synthetic) instead of legacy for best performance
2. Configure bandwith management under each virtual network adapter in a VM
3. Configure hardware acceleration under virtual network adapter:
a. Virtual Machine Queue(VMQ): uses hardware packet filtering for VM to external VM networking.
enabled by default
b. IPsec task offloading: performs IPsec processing on the network adapter. Enabled by default
c. SR-IOV: maximmizes network throughput
4. Configure advanced settings under each virtual network adapter:
a. Mac Address static or dynamic
b. DHCP guard
c. Router guard
d. Port mirroring
e. NIC Teaming(LBFO)
You can also use GRE offloading for network virtualization if an adapter supports it.
Powershell:
Most of the options above can be set using the following command:
set-vmnetworkadapter http://technet.microsoft.com/en-us/library/hh848457.aspx
3.3.4 configure MAC addresses
In the virtual network switch manager, you can set a range of Mac addresses that will be assigned to guests. This is to prevent multiple hosts from accidently assigning the same mac addresses to VM's.
You can also set an adapter with a static mac address in the VM's network adapter settings
dynamic pool:
set-vmhost -macaddressminimum 00155d08e600 -macaddressmaximum 00155d08ffff
static mac:
set-vmnetworkadapter -vmname 'VMServer' -vmnetworkadaptername 'NIC 1'
-staticmacaddress 00155d08e601
3.3.5 configure network isolation
Setup standard vlans,
Use a private virtual switch, or
Port Virtual LAN (private VLAN): Can isolate a set of vm's from being able to see each other's traffic, using only 2 vlans: a primary and secondary vlan. This can be setup instead of hyper-v network virtualization if each customer needs to be isolated and only has one VM each.
Powershell examples:
PVLAN
set-vmnetworkadaptervlan -isolated -primaryvlanid 10 -secondaryvlandid 200
Standard VLANS
place all adapters on a VM in vlan 30
set-vmnetworkadaptervlan -vmname 'VMServer' -access 30
create a trunk on a specific adapter
set-vmnetworkadaptervlan -vmname 'VMserver' -vmnetworkadaptername 'NIC 1' -trunk
-nativevlanid 2 -allowedvlanidlist 1-36
Extra note: To remove vlan tagging on an adapter, you can use:
set-vmnetworkadaptervlan -vmname 'VMServer' -untagged
3.3.6 configure synthetic and legacy virtual network adapters
Each VM can have up to 12 virtual network adapters. up to 8 can be network adapter type(synthetic) and up to 4 can be legacy.
Network adapter type(synthetic): Relies on the guest integration components installed on the VM.
Legacy network adapter: supports OS's that do not support guest integration components. Also can be
used for PXE boot if needed.
Powershell
use the -IsLegacy $true parameter on the add-vmnetworkadapter cmdlet to setup a legacy adapter.
Network Virtualization is a layer 2 process in which the inside virtual network is independent of the outside physical network, and can be configured to communicate with other hypervisors as one network, regardless of the physical network.
2 possible ways that Hyper-V can accomplish this:
NVGRE: Network Virtual Generic Routing Encapsulation. This builds encapsulated tunnels between hyper-v virtual hosts.
IP Rewrite: this is a NAT approach at each host, which translate the virtual addresses to physical ones.
Provider Addresses(PA) : Unique IP addresses assigned to each host. physical addresses
Customer Addresses(CA): virtual IP addresses assigned to VM's.
Virtual subnet ID(VSID): a GRE key that signifies which virtual network the packet is on.
Routing Domain ID(RDID): a GUID id that signifies a "customer" network which is made up of one or more
VSID's
Network virtualization can be setup using Powershell.
3.3.2 configure Hyper-V virtual switches
Creating a new external switch will appear in the host's network connections. When bound to one of the host's network adapters, the host will communicate directly with the switch, not the physical network. The switch communicates with the physical network.
right-click the hyper-v server, and select Virtual Network Switch Manager
Click New Virtual Network Switch
Give it a name
Select switch type: External, Internal, or Private
External: VM's need access to physical network
Internal: VM's can only communicate internally on the host and with the host. The switch is not bound to a
network adapter
Private: VM's can only communicate with each other on this switch. Not the host or physical. switch is not
bound to a network adapter.
If external, select a network adapter to bind too. Check or uncheck "allow management operating system
to share this adapter". Check to enable SR-IOV
Select a Vlan ID if for the management network.
You can also set global mac addresses for this host in the Virtual Switch Manager(see 3.3.4)
A virtual switch can have up to 512 VM's assigned to it.
Powershell:
new-vmswitch -name "New External Switch" -netadaptername "Broadcom NetXtreme Gigabit Ethernet"
other VM switch commands:
get-vmswitch, set-vmswitch, rename-vmswitch, remove-vmswitch
3.3.3 optimize network performance
1. Use network adapter type(synthetic) instead of legacy for best performance
2. Configure bandwith management under each virtual network adapter in a VM
3. Configure hardware acceleration under virtual network adapter:
a. Virtual Machine Queue(VMQ): uses hardware packet filtering for VM to external VM networking.
enabled by default
b. IPsec task offloading: performs IPsec processing on the network adapter. Enabled by default
c. SR-IOV: maximmizes network throughput
4. Configure advanced settings under each virtual network adapter:
a. Mac Address static or dynamic
b. DHCP guard
c. Router guard
d. Port mirroring
e. NIC Teaming(LBFO)
You can also use GRE offloading for network virtualization if an adapter supports it.
Powershell:
Most of the options above can be set using the following command:
set-vmnetworkadapter http://technet.microsoft.com/en-us/library/hh848457.aspx
3.3.4 configure MAC addresses
In the virtual network switch manager, you can set a range of Mac addresses that will be assigned to guests. This is to prevent multiple hosts from accidently assigning the same mac addresses to VM's.
You can also set an adapter with a static mac address in the VM's network adapter settings
dynamic pool:
set-vmhost -macaddressminimum 00155d08e600 -macaddressmaximum 00155d08ffff
static mac:
set-vmnetworkadapter -vmname 'VMServer' -vmnetworkadaptername 'NIC 1'
-staticmacaddress 00155d08e601
3.3.5 configure network isolation
Setup standard vlans,
Use a private virtual switch, or
Port Virtual LAN (private VLAN): Can isolate a set of vm's from being able to see each other's traffic, using only 2 vlans: a primary and secondary vlan. This can be setup instead of hyper-v network virtualization if each customer needs to be isolated and only has one VM each.
Powershell examples:
PVLAN
set-vmnetworkadaptervlan -isolated -primaryvlanid 10 -secondaryvlandid 200
Standard VLANS
place all adapters on a VM in vlan 30
set-vmnetworkadaptervlan -vmname 'VMServer' -access 30
create a trunk on a specific adapter
set-vmnetworkadaptervlan -vmname 'VMserver' -vmnetworkadaptername 'NIC 1' -trunk
-nativevlanid 2 -allowedvlanidlist 1-36
Extra note: To remove vlan tagging on an adapter, you can use:
set-vmnetworkadaptervlan -vmname 'VMServer' -untagged
3.3.6 configure synthetic and legacy virtual network adapters
Each VM can have up to 12 virtual network adapters. up to 8 can be network adapter type(synthetic) and up to 4 can be legacy.
Network adapter type(synthetic): Relies on the guest integration components installed on the VM.
Legacy network adapter: supports OS's that do not support guest integration components. Also can be
used for PXE boot if needed.
Powershell
use the -IsLegacy $true parameter on the add-vmnetworkadapter cmdlet to setup a legacy adapter.
Thursday, May 23, 2013
3. Configure Hyper-V 3.2 Create and configure virtual machine storage
3.2.1 create VHDs and VHDX
VHD: original hyper-v image file. Max of 2TB in size.
VHDX: only supported by Windows 8 and 2012. up to 64 TB in size.
fixed: size is pre-allocated on disk
dynamic: can expand as it grows.
differencing: a "snapshot-like" type where a second child drive is created to hold changes and so the parent
is never written to
First disk is considered a "virtual IDE" drive. Others can be "virtual IDE" or "virtual SCSI"
Create a Virtual Disk while creating a new VM:
If you use Hyper-V manager from 2012, or windows 8, while creating a new VM, on the Connect Virtual Hard Disk menu. This will only allow you to create a dynamic VHDX, not a VHD.
Create a virtual disk from "New virtual hard disk" option.
Right click server, "New-> hard disk",
Choose VHD or VHDX, choose fixed, dynamic, or differencing,
Specify name and location
Configure the disk with a fixed/max size(value only accepts a minimum of 1GB, max depends on format), or
copy from a physical driver or another VHD/VHDX.
Create a virtual disk using powershell
This is the only way to specify the block size and logical sector size.
the extension you specify for the filename determines whether it's a VHD or VHDX.
new-vhd -path 'c:\vhd-store\newserver.vhd' -fixed | -dynamic | -differencing -sizebytes 100GB -sourcedisk
3.2.2 configure differencing drives
1. Create a baseline VM and finish all your installs for it.
2. sysprep /generalize the image.
3. delete the VM but keep the parent VHD/VHDX. Set it to read-only just in case.
4. Create a child differencing disk and point it to the parent.
5. Create a VM and attach the child disk
differencing:
new-vhd -path 'c:\vhd-store\newserver.vhd' -differencing -parentpath 'c:\vhd-store\newserverparent.vhd'
3.2.3 modify VHDs
1. Right click server, Edit disk.
2. browse to the location of the vhd or vhdx
3. Choose an option:
Compact: compacts the size of the virtual disk
Convert: Copies the contents to a new VHD. You can switch between VHD and VHDX.
Expand: increases the capacity of the virtual disk.
Shrink(only available if there is free space in the file): reduce capacity of disk by deleting free space.
Merge(only available with differencing): combine child differencing disk with it's parent to form single disk.
As outlined in 1.3.5 you can mount a VHD/VHDX in disk management and access it's contents.
powershell:
optimize-vhd (compact)
convert-vhd
resize-vhd (expand)
resize-vhd (shrink)
merge-vhd
3.2.4 configure pass-through disks
a pass-through disk is a virtual disk points at a physical drive. the drive must be taken offline before it's available in the VM's settings: add a hard drive to a controller, select physical hard disk.
Powershell:
use -disknumber to point at the offline physical disk to attach
add-vmharddiskdrive -vmname Server -controllertype SCSI -controllernumber 0 -disknumber 2
3.2.5 manage snapshots
create a new snapshot by rightclick the VM and selecting snapshot. This creates a AVHD or AVHDX file in the snapshots folder.
Snapshots are managed in Snapshot pane. You have the following options:
Settings - read-only except name and notes
Apply -copies that snapshots data into the VM, deleting anything that's changed since.
Revert - revert to the last snapshot in the tree before "Now" state.
Rename
Delete - delete a single snapshot. If there is a child then it will merge with parent on next power off.
Delete snapshot subtree - deletes snapshot and every snapshot under it.
Powershell:
Create snapshot:
checkpoint-vm -name VMserver -snapshotname 'Snapshot 1'
Apply snapshot -
restore-vmsnapshot -name 'Snapshot 1' -VMname VMserver
Delete snapshot -
remove-vmsnapshot -name 'Snapshot 1' -VMname VMserver
Other commands: get-vmsnapshot, export-vmsnapshot, rename-vmsnapshot
3.2.6 implement a virtual Fibre Channel adapter
virtual fibre channel is a pass-through for a physical fibre channel HBA. The HBA drivers must support virtual fibre channel and address it's resources with LUNs.
Create a virtual SAN using Virtual SAN Manager
Right click hyper-v server choose Virtual San Manager.
New Fibre Channel San. The WWNN and WWPN of the HBA should show up. Apply.
Now settings of a VM, you can Add Hardware - Fibre Channel adapter.
powershell:
new-vmsan -name 'FC SAN' -worldwidenodename -worldwideportname
add-vmfibrechannelhba -vmname VMserver -sanname 'FC SAN'
VHD: original hyper-v image file. Max of 2TB in size.
VHDX: only supported by Windows 8 and 2012. up to 64 TB in size.
fixed: size is pre-allocated on disk
dynamic: can expand as it grows.
differencing: a "snapshot-like" type where a second child drive is created to hold changes and so the parent
is never written to
First disk is considered a "virtual IDE" drive. Others can be "virtual IDE" or "virtual SCSI"
Create a Virtual Disk while creating a new VM:
If you use Hyper-V manager from 2012, or windows 8, while creating a new VM, on the Connect Virtual Hard Disk menu. This will only allow you to create a dynamic VHDX, not a VHD.
Create a virtual disk from "New virtual hard disk" option.
Right click server, "New-> hard disk",
Choose VHD or VHDX, choose fixed, dynamic, or differencing,
Specify name and location
Configure the disk with a fixed/max size(value only accepts a minimum of 1GB, max depends on format), or
copy from a physical driver or another VHD/VHDX.
Create a virtual disk using powershell
This is the only way to specify the block size and logical sector size.
the extension you specify for the filename determines whether it's a VHD or VHDX.
new-vhd -path 'c:\vhd-store\newserver.vhd' -fixed | -dynamic | -differencing -sizebytes 100GB -sourcedisk
3.2.2 configure differencing drives
1. Create a baseline VM and finish all your installs for it.
2. sysprep /generalize the image.
3. delete the VM but keep the parent VHD/VHDX. Set it to read-only just in case.
4. Create a child differencing disk and point it to the parent.
5. Create a VM and attach the child disk
differencing:
new-vhd -path 'c:\vhd-store\newserver.vhd' -differencing -parentpath 'c:\vhd-store\newserverparent.vhd'
3.2.3 modify VHDs
1. Right click server, Edit disk.
2. browse to the location of the vhd or vhdx
3. Choose an option:
Compact: compacts the size of the virtual disk
Convert: Copies the contents to a new VHD. You can switch between VHD and VHDX.
Expand: increases the capacity of the virtual disk.
Shrink(only available if there is free space in the file): reduce capacity of disk by deleting free space.
Merge(only available with differencing): combine child differencing disk with it's parent to form single disk.
As outlined in 1.3.5 you can mount a VHD/VHDX in disk management and access it's contents.
powershell:
optimize-vhd (compact)
convert-vhd
resize-vhd (expand)
resize-vhd (shrink)
merge-vhd
3.2.4 configure pass-through disks
a pass-through disk is a virtual disk points at a physical drive. the drive must be taken offline before it's available in the VM's settings: add a hard drive to a controller, select physical hard disk.
Powershell:
use -disknumber to point at the offline physical disk to attach
add-vmharddiskdrive -vmname Server -controllertype SCSI -controllernumber 0 -disknumber 2
3.2.5 manage snapshots
create a new snapshot by rightclick the VM and selecting snapshot. This creates a AVHD or AVHDX file in the snapshots folder.
Snapshots are managed in Snapshot pane. You have the following options:
Settings - read-only except name and notes
Apply -copies that snapshots data into the VM, deleting anything that's changed since.
Revert - revert to the last snapshot in the tree before "Now" state.
Rename
Delete - delete a single snapshot. If there is a child then it will merge with parent on next power off.
Delete snapshot subtree - deletes snapshot and every snapshot under it.
Powershell:
Create snapshot:
checkpoint-vm -name VMserver -snapshotname 'Snapshot 1'
Apply snapshot -
restore-vmsnapshot -name 'Snapshot 1' -VMname VMserver
Delete snapshot -
remove-vmsnapshot -name 'Snapshot 1' -VMname VMserver
Other commands: get-vmsnapshot, export-vmsnapshot, rename-vmsnapshot
3.2.6 implement a virtual Fibre Channel adapter
virtual fibre channel is a pass-through for a physical fibre channel HBA. The HBA drivers must support virtual fibre channel and address it's resources with LUNs.
Create a virtual SAN using Virtual SAN Manager
Right click hyper-v server choose Virtual San Manager.
New Fibre Channel San. The WWNN and WWPN of the HBA should show up. Apply.
Now settings of a VM, you can Add Hardware - Fibre Channel adapter.
powershell:
new-vmsan -name 'FC SAN' -worldwidenodename -worldwideportname
add-vmfibrechannelhba -vmname VMserver -sanname 'FC SAN'
Tuesday, May 21, 2013
3. Configure Hyper-V 3.1 Create and configure virtual machine settings
Hyper-V overview
Type 2 hypervisor: hypervisor runs on top of OS, which runs on top of the hardware
Type 1 hypervisor: hypervisor runs on top of the hardware
When you install Hyper-V role on Datacenter or Standard, it will load the hypervisor before the OS, so it is a Type 1. The OS is then run in the parent/root "partition"
Hyper-V 2012 Free product that will install Hyper-V role only into a server core install. Storage-Services role also installed. Remote-Desktop-Services role also available. No other roles can be installed. Guest OS's still have to be licensed if necessary.
3.1.1 configure dynamic memory
Enables Hyper-V to adjust memory as VM's need it.
While VM is off, go to Settings and Memory. Check "Dynamic Memory".
Minimum Ram: specifies the minimum amount of ram the machine will run with(after start). This value can be
less than startup ram, because running usually uses less.
Maximum Ram: The largest amount of ram this machine can use for itself.
Memory Buffer: Determines how much to allocate extra ram to allocate to a VM that needs it, based on
current memory utilization
Memory weight: Set priority of memory allocation for this VM compared to others.
After enabling dynamic memory, these values can be changed while the VM is running.
Powershell:
View current settings for all VM's on server:
get-vm | get-vmmemory | format-table vmname, dynamicmemoryenabled, startup, minimum, maximum, buffer, priority
Output those numbers in MB instead:
get-vm | get-vmmemory | format-table vmname, dynamicmemoryenabled, @{n='Startup(MB)';e={$_.startup / 1MB}}, @{n='Min(MB)';e={$_.minimum / 1MB}}, @{n='Max(MB)';e={$_.maximum / 1MB}}, buffer, priority
Now to set values on a specific vm:
set-vmmemory -vmname 'VMserv1' -dynamicmemoryenabled $true -startupbytes 4096MB -minimumbytes 2048MB -maximumbytes 8192MB -buffer 25 -priority 60
3.1.2 configure smart paging
Smart paging allows for a VM to restart/start even though it doesn't have enough physical memory to do so. It can page memory onto hard disk. This is of course slower than using physical memory.
Smart setting location is set in a VM's settings under Management/Smart Paging File Location node.
powershell:
set-vm -name 'VMserv1' -smartpagingfilepath 'd:\hyper-v_pagingfiles'
3.1.3 configure Resource Metering
Resource metering is a feature that will track VM usages by various criteria:
By default:
Cpu
Memory: min, max and average
Disk space
Incoming and outgoing network straffic.
Powershell:
enable-resourcemetering -vmname 'VMserv1'
show resource metering report:
measure-vm -vmname 'VMserver1'
You can also create resource pools across computers/resources
new-vmresourcepool
enable-vmresourcemetering -resourcepoolname serverpool
measure-vmresourcepool
3.1.4 configure guest integration services
Guest integration services is a software package that helps provide some guest OS features. This is installed on 2012 and Windows 8 by default. There is even a linux package available. Features included with Guest Integration Services:
Operating System Shutdown: Enabled Hyper-V manager to remotely shut down a guest OS gracefully.
Time synchronization: synchronize the os clocks in parent and child partitions
Data Exchange: Windows OS's on parent and child partitions can exchange some information
Heartbeat: Parent partitions "ping" child partitions to see if they are up
Backup: Enables backup of windows VM by using VSS.
To Upgrade/install GIS on a Windows guest OS:
1. Select the VM to install/upgrade GIS and click Connect
2. In VM connection windows, click Action/Insert Integration SErvices Setup Disk. Hyper-V will mount an image of GIS.
3. Install GIS and restart computer
Once GIS is installed, you can enable/disable the services available to this machine by going into VM settings, Management/Integration Services node and checking/unchecking the GIS services.
Type 2 hypervisor: hypervisor runs on top of OS, which runs on top of the hardware
Type 1 hypervisor: hypervisor runs on top of the hardware
When you install Hyper-V role on Datacenter or Standard, it will load the hypervisor before the OS, so it is a Type 1. The OS is then run in the parent/root "partition"
Hyper-V 2012 Free product that will install Hyper-V role only into a server core install. Storage-Services role also installed. Remote-Desktop-Services role also available. No other roles can be installed. Guest OS's still have to be licensed if necessary.
3.1.1 configure dynamic memory
Enables Hyper-V to adjust memory as VM's need it.
While VM is off, go to Settings and Memory. Check "Dynamic Memory".
Minimum Ram: specifies the minimum amount of ram the machine will run with(after start). This value can be
less than startup ram, because running usually uses less.
Maximum Ram: The largest amount of ram this machine can use for itself.
Memory Buffer: Determines how much to allocate extra ram to allocate to a VM that needs it, based on
current memory utilization
Memory weight: Set priority of memory allocation for this VM compared to others.
After enabling dynamic memory, these values can be changed while the VM is running.
Powershell:
View current settings for all VM's on server:
get-vm | get-vmmemory | format-table vmname, dynamicmemoryenabled, startup, minimum, maximum, buffer, priority
Output those numbers in MB instead:
get-vm | get-vmmemory | format-table vmname, dynamicmemoryenabled, @{n='Startup(MB)';e={$_.startup / 1MB}}, @{n='Min(MB)';e={$_.minimum / 1MB}}, @{n='Max(MB)';e={$_.maximum / 1MB}}, buffer, priority
Now to set values on a specific vm:
set-vmmemory -vmname 'VMserv1' -dynamicmemoryenabled $true -startupbytes 4096MB -minimumbytes 2048MB -maximumbytes 8192MB -buffer 25 -priority 60
3.1.2 configure smart paging
Smart paging allows for a VM to restart/start even though it doesn't have enough physical memory to do so. It can page memory onto hard disk. This is of course slower than using physical memory.
Smart setting location is set in a VM's settings under Management/Smart Paging File Location node.
powershell:
set-vm -name 'VMserv1' -smartpagingfilepath 'd:\hyper-v_pagingfiles'
3.1.3 configure Resource Metering
Resource metering is a feature that will track VM usages by various criteria:
By default:
Cpu
Memory: min, max and average
Disk space
Incoming and outgoing network straffic.
Powershell:
enable-resourcemetering -vmname 'VMserv1'
show resource metering report:
measure-vm -vmname 'VMserver1'
You can also create resource pools across computers/resources
new-vmresourcepool
enable-vmresourcemetering -resourcepoolname serverpool
measure-vmresourcepool
3.1.4 configure guest integration services
Guest integration services is a software package that helps provide some guest OS features. This is installed on 2012 and Windows 8 by default. There is even a linux package available. Features included with Guest Integration Services:
Operating System Shutdown: Enabled Hyper-V manager to remotely shut down a guest OS gracefully.
Time synchronization: synchronize the os clocks in parent and child partitions
Data Exchange: Windows OS's on parent and child partitions can exchange some information
Heartbeat: Parent partitions "ping" child partitions to see if they are up
Backup: Enables backup of windows VM by using VSS.
To Upgrade/install GIS on a Windows guest OS:
1. Select the VM to install/upgrade GIS and click Connect
2. In VM connection windows, click Action/Insert Integration SErvices Setup Disk. Hyper-V will mount an image of GIS.
3. Install GIS and restart computer
Once GIS is installed, you can enable/disable the services available to this machine by going into VM settings, Management/Integration Services node and checking/unchecking the GIS services.
2. Configure server roles and features 2.3 Configure servers for remote management
2.3.1 Configure WinRM
enabled by default in 2012
In Server Manager, on Local Server, Properties Tile:
Remote Managent click and check or uncheck "Enable remote management..." to enable or disable.
2.3.2 configure down-level server management
You can setup some limited management of 2008 SP2 and 2008R2 SP1 using Server Manager:
1.install .Net Framework 4.0
2.install Windows Management Framework 3.0(also installs Powershell 3)
3.set-executionpolicy remotesigned
configure-smremoting.ps1 -enable
4. Enable Com+ Network Access and Remote Event log Management rules
Extra note: Im not sure if configure-smremoting.exe or enable-psremoting are available on 2008 in this case, but any of these should work.
Note that you won't be able to add/remove roles
You can also setup very limited Online view of 2008 and 2008r2 otherwise, and of 2003 by adding them to a group.
2.3.3 configure servers for day-to-day management tasks
http://technet.microsoft.com/en-us/library/hh831394.aspx
Manageability:
This section on the Dashboard will show Server Manager notifications for the associated Server Group.
Event log data collection:
For each server group in the server grouping nodes, you can manage the events to collect:
click a Server Group or Role-specific page.
On Events tile, select Tasks and Configure Event Data.
Check Critical, Error, Warning, and/or Informational
Select range to retrieve events from
If server group, select which event logs to get events from. (Role specific pages default to role logs)
You can also affect the Event alerts on the dashboard for a group/role by clicking Events in the associated dashboard tile. Event severity, sources, logs, time period, specific id's, and servers in the group.
Services alerts
You can setup alerts for services for a group in the dashboard by clicking on Services in a specific group tile.
Select Start Types, All or specific services, Service Status, and specific servers
Collect Performance Data and alerts
In a Server Group node,in Servers tile right click "Start Performance Alerts"
On Performance tile: Tasks/Configure Performance Alerts, or from Dashboard/server group tile/performance
Set CPU usage threshold fror Alert, Set Memory threshold. Set Performance Graph display period.
BPA Scan:
You can start a BPA scan from associated server group node under BPA tile.
You can also set alert criteria in the dashboard under Server Group tile.
2.3.4 configure multi-server management
Add servers by clicking Add Servers to Manage from Dashboard, or Manage, Add Server
Create a new server group from Dashboard, or Manage "Create Server Group"
2.3.5 configure Server Core
seems a bit redundant. covered in 1.2.1
WinRM is enabled by default in 2012
Enabling Win-RM:enable-psremoting
Disable Win-RM: disable-psremoting
See 2.3.6 for MMC access
Extra note: Some documentation talks about using configure-smremoting.exe -enable to enable Server Manager to remotely access the 2012 server core installs, but i believe this is superseded by enable-psremoting, which also enables Win-RM, and sets up win-rm listener, etc. Regardless, 2012 is enabled for remote management by default.
2.3.6 configure Windows Firewall
Enable for DCOM access: Com+ Network Access, Remote Event Log Management rules
This will allow MMC components to work.
set-netfirewallrule -name 'ComPlusNetworkAccess-Dcom-In' -enabled true
set-netfirewallrule -displaygroup 'Remote Event Log Management' -enabled true
enabled by default in 2012
In Server Manager, on Local Server, Properties Tile:
Remote Managent click and check or uncheck "Enable remote management..." to enable or disable.
2.3.2 configure down-level server management
You can setup some limited management of 2008 SP2 and 2008R2 SP1 using Server Manager:
1.install .Net Framework 4.0
2.install Windows Management Framework 3.0(also installs Powershell 3)
3.set-executionpolicy remotesigned
configure-smremoting.ps1 -enable
4. Enable Com+ Network Access and Remote Event log Management rules
Extra note: Im not sure if configure-smremoting.exe or enable-psremoting are available on 2008 in this case, but any of these should work.
Note that you won't be able to add/remove roles
You can also setup very limited Online view of 2008 and 2008r2 otherwise, and of 2003 by adding them to a group.
2.3.3 configure servers for day-to-day management tasks
http://technet.microsoft.com/en-us/library/hh831394.aspx
Manageability:
This section on the Dashboard will show Server Manager notifications for the associated Server Group.
Event log data collection:
For each server group in the server grouping nodes, you can manage the events to collect:
click a Server Group or Role-specific page.
On Events tile, select Tasks and Configure Event Data.
Check Critical, Error, Warning, and/or Informational
Select range to retrieve events from
If server group, select which event logs to get events from. (Role specific pages default to role logs)
You can also affect the Event alerts on the dashboard for a group/role by clicking Events in the associated dashboard tile. Event severity, sources, logs, time period, specific id's, and servers in the group.
Services alerts
You can setup alerts for services for a group in the dashboard by clicking on Services in a specific group tile.
Select Start Types, All or specific services, Service Status, and specific servers
Collect Performance Data and alerts
In a Server Group node,in Servers tile right click "Start Performance Alerts"
On Performance tile: Tasks/Configure Performance Alerts, or from Dashboard/server group tile/performance
Set CPU usage threshold fror Alert, Set Memory threshold. Set Performance Graph display period.
BPA Scan:
You can start a BPA scan from associated server group node under BPA tile.
You can also set alert criteria in the dashboard under Server Group tile.
2.3.4 configure multi-server management
Add servers by clicking Add Servers to Manage from Dashboard, or Manage, Add Server
Create a new server group from Dashboard, or Manage "Create Server Group"
2.3.5 configure Server Core
seems a bit redundant. covered in 1.2.1
WinRM is enabled by default in 2012
Enabling Win-RM:enable-psremoting
Disable Win-RM: disable-psremoting
See 2.3.6 for MMC access
Extra note: Some documentation talks about using configure-smremoting.exe -enable to enable Server Manager to remotely access the 2012 server core installs, but i believe this is superseded by enable-psremoting, which also enables Win-RM, and sets up win-rm listener, etc. Regardless, 2012 is enabled for remote management by default.
2.3.6 configure Windows Firewall
Enable for DCOM access: Com+ Network Access, Remote Event Log Management rules
This will allow MMC components to work.
set-netfirewallrule -name 'ComPlusNetworkAccess-Dcom-In' -enabled true
set-netfirewallrule -displaygroup 'Remote Event Log Management' -enabled true
Monday, May 20, 2013
2. Configure server roles and features 2.2 Configure print and document services
2.2.1 Configure the Easy Print print driver
Easy Print print driver redirects printing from a remote desktop session to the local client printers. It requires only that RDS role be installed.
2.2.2 Configure Enterprise Print Management
Install Print and Document Service(Print-Services) / Print Server(Print-Server) role.
This will add tab "Print Services" to Server Manager allows limited management.
View printer events
Manage Print Spooler service
Start performance counters
View installed print and documents roles
Most configuration and management done through Tools: Print Management
Nodes in Printer Management:
Custom Filters:
create custom views for print print management
Print Servers:
Individual print server management:
1. Change who can access the print server by right-click and Properties, Security tab
2. Configure drivers (see 2.2.3)
3. Configure forms
4. Configure ports
5. Configure Printers
a. View Printer Queue
b. List printer in AD
c. Deploy printer using GPO
d. Print test page
e. Share a printer by right clicking and "Manage Sharing"
f. Enable Branch office direct printing.
g. configure printer priority
h. Use Properties/Security tab to control who has access to the printer
Deployed Printers
Shows printers that have been deployed to a GPO.
Printer Sharing:
Right click printer choose Manage Sharing, or Sharing tab on properties
"Share this Printer" Printer Name
Render Print jobs on client computers: Uncheck to have this done on the server.
List in directory
Install addition drivers(V3 drivers).
When dealing with sharing, there are 3 types of driver distribution:
Enhanced Point and Print: V4 aware drivers no need to distribute to client.
Package Aware Point and Print: V3 distributed signed driver packages
Legacy Point and Print: v3 driver distribution
http://technet.microsoft.com/en-us/library/jj590748.aspx
Printer Migration
Migrate print servers from 2003, 2003 R2, 2008, 2008 R2
right-click root node in Print Management, Migrate printers
or
use the printbrm.exe tool
Powershell commands:
module: PrintManagement
get-command -module PrintManagement
get-printer, get-printerdriver, get-printerport, get-printerproperty, get-printjob,
get-printconfiguration
add-printer, add-printerdriver, add-printerport
rename-printer
set-printer, set-printerproperty, set-printconfiguration
remove-printer, remove-printerport, remove-printjob, remove-printer
restart-printjob, resume-printjob, suspend-printjob
Extra note:
Other subfeatures of Print and Document Services:
Distributed Scan Server - receives scanned documents from network scanners and routes them.
installs "Scan Management" tool
Internet Printing - installs IIS and allows users to manage their print jobs on a web site. Also allows
for use of Internet Printing Protocol(IPP)
Line Printer Daemon (LPD) - Unix-based printers
2.2.3 Configure drivers
Windows 8 and 2012 introduce new Version 4(V4) driver.
V3 drivers(Windows 2000+) still supported
V4 driver features:
Smaller disk footprint
Simplified drivers through new print class driver framework.
Driver isolation for better crash handling
Client architecture doesn't matter.
Supports multiple devices
Delete the driver: uninstall printer driver but leaves driver package in store
Remove driver package: uninstall and remove driver package
Configure driver isolation: (if driver supports it):
Shared - driver runs in driver shared process separate from print spooler
Isolated - driver runs in it's own process
None - driver runs in print spooler process
2.2.4 Configure printer pooling
1.In Printer properties, ports tab, select port for each print device in the pool
2.Check enable printer pooling
Repeat for each logical printer in the pool
2.2.5 Configure Print Priorities
Printer priorities are set in the Printer properties/advanced tab. A higher priority means this logical printer will have preference over another logical printer that is pointed at the same print device.
2.2.6 Configure Printer Permissions
http://technet.microsoft.com/en-us/library/jj190062#BKMK_Delegated_Print_Admin
Print Server permissions:
View Server: View server, including printers.
Manage Server: allows for ability to create and delete print queues, add or delete ports, and add or delete
forms.
Both Print Server and Printer permissions:
Print: ability to print and manage queue for their own documents
Manage Documents: Allows control for all documents in a queue, including delete
Manage Printers: assigns ability to pause/restart printer, change spooler settings, share printer, adjust
permissions, and change printer properties
Easy Print print driver redirects printing from a remote desktop session to the local client printers. It requires only that RDS role be installed.
2.2.2 Configure Enterprise Print Management
Install Print and Document Service(Print-Services) / Print Server(Print-Server) role.
This will add tab "Print Services" to Server Manager allows limited management.
View printer events
Manage Print Spooler service
Start performance counters
View installed print and documents roles
Most configuration and management done through Tools: Print Management
Nodes in Printer Management:
Custom Filters:
create custom views for print print management
Print Servers:
Individual print server management:
1. Change who can access the print server by right-click and Properties, Security tab
2. Configure drivers (see 2.2.3)
3. Configure forms
4. Configure ports
5. Configure Printers
a. View Printer Queue
b. List printer in AD
c. Deploy printer using GPO
d. Print test page
e. Share a printer by right clicking and "Manage Sharing"
f. Enable Branch office direct printing.
g. configure printer priority
h. Use Properties/Security tab to control who has access to the printer
Deployed Printers
Shows printers that have been deployed to a GPO.
Printer Sharing:
Right click printer choose Manage Sharing, or Sharing tab on properties
"Share this Printer" Printer Name
Render Print jobs on client computers: Uncheck to have this done on the server.
List in directory
Install addition drivers(V3 drivers).
When dealing with sharing, there are 3 types of driver distribution:
Enhanced Point and Print: V4 aware drivers no need to distribute to client.
Package Aware Point and Print: V3 distributed signed driver packages
Legacy Point and Print: v3 driver distribution
http://technet.microsoft.com/en-us/library/jj590748.aspx
Printer Migration
Migrate print servers from 2003, 2003 R2, 2008, 2008 R2
right-click root node in Print Management, Migrate printers
or
use the printbrm.exe tool
Powershell commands:
module: PrintManagement
get-command -module PrintManagement
get-printer, get-printerdriver, get-printerport, get-printerproperty, get-printjob,
get-printconfiguration
add-printer, add-printerdriver, add-printerport
rename-printer
set-printer, set-printerproperty, set-printconfiguration
remove-printer, remove-printerport, remove-printjob, remove-printer
restart-printjob, resume-printjob, suspend-printjob
Extra note:
Other subfeatures of Print and Document Services:
Distributed Scan Server - receives scanned documents from network scanners and routes them.
installs "Scan Management" tool
Internet Printing - installs IIS and allows users to manage their print jobs on a web site. Also allows
for use of Internet Printing Protocol(IPP)
Line Printer Daemon (LPD) - Unix-based printers
2.2.3 Configure drivers
Windows 8 and 2012 introduce new Version 4(V4) driver.
V3 drivers(Windows 2000+) still supported
V4 driver features:
Smaller disk footprint
Simplified drivers through new print class driver framework.
Driver isolation for better crash handling
Client architecture doesn't matter.
Supports multiple devices
Delete the driver: uninstall printer driver but leaves driver package in store
Remove driver package: uninstall and remove driver package
Configure driver isolation: (if driver supports it):
Shared - driver runs in driver shared process separate from print spooler
Isolated - driver runs in it's own process
None - driver runs in print spooler process
2.2.4 Configure printer pooling
1.In Printer properties, ports tab, select port for each print device in the pool
2.Check enable printer pooling
Repeat for each logical printer in the pool
2.2.5 Configure Print Priorities
Printer priorities are set in the Printer properties/advanced tab. A higher priority means this logical printer will have preference over another logical printer that is pointed at the same print device.
2.2.6 Configure Printer Permissions
http://technet.microsoft.com/en-us/library/jj190062#BKMK_Delegated_Print_Admin
Print Server permissions:
View Server: View server, including printers.
Manage Server: allows for ability to create and delete print queues, add or delete ports, and add or delete
forms.
Both Print Server and Printer permissions:
Print: ability to print and manage queue for their own documents
Manage Documents: Allows control for all documents in a queue, including delete
Manage Printers: assigns ability to pause/restart printer, change spooler settings, share printer, adjust
permissions, and change printer properties
Subscribe to:
Posts (Atom)