Hyper-V

Hyper-V

• 'Host' machines can run virtualized computers ('virtual machines' with 'guest' operating systems)

Virtualization benefits

• More efficient use of hardware resources: can separate network roles like DNS & DHCP roles into separate partitions which can be relocated to other host computers
• Improved availability: consolidating services into single hardware platform can reduce costs & maintenance. Implementing redundancy technology provides greater reliability for lower cost
• Services only need to be intermittently available: e.g. Enterprise Root CA using subordinate CAs to issue certs while keeping root CA offline.
• Role sandboxing: i.e. partitioning of server resources so app or service does not influence other components on server, so that it can’t bring down entire server.
• Greater capacity: adding hardware capacity to single server cheaper than adding incremental upgrades to many servers.
• Greater portability: once server virtualized moving it to another host relatively simple.
• Easier back up & restore: volume shadow copy allows back up entire server’s image while server is still operational. If host fails, images can be rapidly restored on another host. Back up entire virtualized computer in 1 operation. System center virtual machine manager allows move virtual machines back & forth to storage area network (SAN) & migrate virtual machines between hosts.

Creating virtual machines

• Creating virtual machines: run new virtual machine wizard from virtualization management console or use PowerShell
• Consider putting VMs on dedicated volumes (separate from host) for better performance

Use cases for virtualization

• Want to use WDS at branch office location for rollout lasting several days but don’t have resources to deploy extra hardware to that location, create virtual WDS server & turn on only when needed
• Have 2 apps hosted on same server that conflict. Can also virtualize app itself
• Working with developers who need to test an app, allowing them to crash machine as often as like without affecting others.
• Servers that have high I/O requirements or CPU requirements poor candidates

Virtualizing existing physical servers

• Can use 2 tools to virtualize server installed on traditional hardware (known as physical to virtual or P2V), virtual server migration toolkit (VSMT) and system center virtual machine manager: both compatible with Hyper-V & Virtual Server 2005 R2. VSMT best when small no. servers need to be virtualized, command-line based, uses XML files to store config data used during migration process.
• Use system center when have large no. machines to manage in single location. Requires significant infrastructure investment & primarily to manage large virtual server deployments. Is fully integrated with PowerShell. Deployment of system center requires connection to SQL server database, uses that database to store virtual machine config info. Can use system center VMM to monitor all virtualized servers in environment, all hyper-V hosts, etc.

Managing virtualized servers

• Managed through Hyper-V console
• Snapshots: allow you to roll back to earlier instance of OS more quickly than any other technology would like backup tapes.
• Licensing: all OS virtualized need to be licensed. Apps that run on virtual machines also need licences.
• Modifying hardware settings: edit virtual machine settings to add virtual disks, more RAM, snapshot file location etc. Integration services allow info & data to be directly exchanged between host & virtual machine, must be installed on guest machine. Can assign processors and CPU usage limits.

Powershell

• New Hyper-V module in PowerShell 3.0 provides new cmdlets to operate Hyper-V at command line. Find then with get-command -module Hyper-V

Dynamic memory

• Introduced with 2008R2 SP1. Pools available RAM on Hyper-V host for all running VMs that have dynamic memory enabled. Automatically assigns RAM to these VMs as need increases/decreases (improves consolidation levels). More efficient memory use etc.
  • Can enable in memory settings of VM or with set-vm cmdlet. VM must be in stopped state before can enable it for dynamic memory. When enabled can set min & max RAM. In 2012 startup RAM is only assigned to VM when it starts up (so if uses less after starting up, excess can be reclaimed by host)
  • Buffer: if RAM spikes on VM can increase the buffer of reserved extra RAM available to it
  • Memory weight: prioritize VM when host is allocating RAM among VMs.
  • Get-VMMemory, Set-VMMemory

Smart paging

• Enable a VM being restarted to use disk resources on host temporarily as source of additional memory needed to restart it. After restarted & memory requirements decrease, releases disk resources. Impacts performance of VMs (restart slower)
• Only used when
  • VM being restarted
  • No physical memory available
  • No memory can be reclaimed from other VMs running on host
• Not used when
  • VM being started from off state
  • When VM failing over in Hyper-V cluster
• You can configure the drive where smart paging file hosted

Resource metering

• Know how much CPU, disk, network and disk space being used by VM so e.g. can charge customer accordingly. Records info on following metrics:
  • Av. CPU use by VM
  • Av. Physical memory use by VM
  • Min. physical memory use by VM
  • Max. physical memory use by VM
  • Max. disk space allocated to VM
  • Total incoming network traffic for virtual NIC
  • Total outgoing network traffic for virtual NIC
• Enable resource metering on VM with Enable-VMResourceMetering Use Measure-VM to view metering stats. Reset stats with Reset-VMResourceMetering and disable with Disable-VMResourceMetering

Non-uniform memory access (NUMA) topology

• NUMA config node beneath processor node in VM settings. Optimizes memory & bus usage in multiprocessor systems. In 2012 VMs are NUMA-aware. Normally VMs configured automatically based on server hardware.

Hyper-V Integration Services

• Time synchronization, host-backup awareness, system shutdown awareness

VHDX disk format

• Virtual hard disk file (VHD): 2TB size limit
• VDHX: 64TB limit. However not supported by 2008R2 or below. Also boot volumes still limited to 2TB even with VHDX. Can convert between VHDX & VHD if volume 2TB or less.
• In VM settings, disk settings, edit virtual hard disk or Convert-VHD cmdlet.
• Note: physical hard disk option is like raw device mapping in VMware.
• Other advantages of VHDX:
  • New disk log providing resiliency from power failures
  • 4KB sector disk support
  • Larger block sizes = better performance
  • Supports user-defined metadata

Virtual Fibre Channel adapter

• Using virtual FC adapter can directly provision storage from FC SAN to VM. Easier migration of existing servers connected to specific LUNs & setting up clustered guest OSes.
• Virtual SAN Manager in Active pane of Hyper-V Manager – create new virtual FC SAN. Virtual FC SAN adapters connected to 1 or more physical HBAs. Then add new FC adapter to VM – settings of VM, Add Hardware.
• Port addresses inc. WWPN generated automatically but can click ‘Edit Addresses’ to customize
• Limitations: HBA drivers must support virtual FC. Can’t use virtual FC to connect to boot media for VMs. Guest must be 2008, 2008R2, 2012, 2012R2.
• Cmdlets: Add-, Set-, Remove-, Get-VMFibreChannelHBA

Create and configure virtual networks

• In 2012 virtual networks renamed virtual switches. Virtual adapters (VMs) connect to these & can be external, internal or private. New: can add virtual switch extensions.
• Capturing extensions: can capture packets to monitor network traffic but cannot modify or drop packets.
• Filtering extensions: like capturing extensions but can also inspect & drop packets
• Forwarding extensions: can modify packet routing & integrate with physical network infrastructure.
• Extensions enabled/disabled on a per-virtual switch basis.
• Go to Hyper-V Manager, virtual switch manager (Actions)
• By default each switch has Microsoft NDIS Capture (disabled) & MS Windows Filtering Platform (enabled)
• To display available commands in PowerShell get-command *vmswitch*
• Specific to switch extensions get-command *vmswitchextension*

Network virtualization

• Used by hosting providers to manage cloud infrastructure when VMs of multiple customers share same physical host servers & networks. Allows them to migrate into your cloud retaining existing IP address settings. Allows multiple customers to use same IP ranges on same physical network via
• IP rewrite (better performance): modifies addresses of packets before leaving VM to go into physical network
• IP encapsulation (better security): all VM’s packets encapsulated with new header before transmitted onto physical network.
• Most usually configured using System Center Virtual Manager Manager (SCVMM) 2012
• ‘Scalable, multi-tenant clouds’

Port ACLs (network isolation)

• Isolate VMs from unwanted network traffic
• add-vmnetworkadapteracl
• Aka port ACLs. Like a firewall rule that allows/denies traffic associated with MAC or with IP address. Remains in effect even if VM moves to different host server.
• View ACLs for a VM: Get-vmnetworkadapteracl –vmname *VM name*
• To remove an ACL: Remove-vmnetworkadapteracl
• Resource metering: use –Action Meter parameter thus get-vmnetworkadapteracl –vmname *VM name* -action meter will show the metered usage
  • Like Resource Metering feature in general intended to be leveraged through scripts & programs. Can show internet use (traffic to & from default gateway) separately from general network traffic

Single root I/O virtualization

• Aka SR-IOV: extension to PCIe standard to improve network performance for VMs. New to 2012 Hyper-V: allows network traffic to bypass software switch layer of Hyper-V virtualization stack reducing I/O overhead. Increases VM network performance & reduces processing overhead on host.
• To enable SR-IOV: create new virtual switch, cannot enable it on existing virtual switch. Hyper-V Manager, Virtual Switch Manager. Then in connection type area enable SR-IOV box. PowerShell new-vmswitch w/ EnableIOV $True parameter
  • Then open settings for target VM. Connect adapter to new switch. Expand network adapter settings, hardware acceleration, enable SR-IOV. May need to install drivers within guest OS. Look in Hyper-V Manager for the VM, it tells you if SR-IOV active.

Bandwidth management

• New in Hyper-V 2012. Can set min & max Mbps throughput for any virtual network adapter. In 2008R2 could only configure max. value.
• Go to settings of VM – virtual network adapter. Selecting ‘0’ value leaves unrestricted for max or min.
• Or use set-vmnetworkadapter
  • Can also specify relative bandwidth weight value of 0 – 100 relative to other VM network adapters e.g. -MinimumBandwidthWeight 1
• Cannot set bandwidth weight on legacy adapters

Advanced features for virtual network adapters

• Expand network adapter in hardware menu (in properties of VM), ‘advanced’
• DHCP Guard: drops DHCP server messages from unauthorized VMs pretending to be DHCP servers (man-in-the-middle attacks)
• Router guard: drops router advertisement & redirection messages from unauthorized VMs pretending to be routers
• Port mirroring: enables monitoring of VM’s network traffic by forwarding copies of destination/source packets to another VM being used for monitoring purposes
• NIC teaming: in 2012, NIC teaming can be configured for virtual network adapters as well as physical. help set-vmnetworkadapter

VM resource pools

• Measure host resource usage by all guest VMs
• Each Hyper-V host includes predefined VM resource pools: CPU, Ethernet, Memory, Disk. Can also create new resource pools measuring subsets of resources. To see list of all VM resource pools: get-vmresourcepool
• Predefined resource pools aka primordial because they represent total amount of resource available on host machine rather than user-defined subsets of resource
• As with VM resource metering, resource pool metering intended to provide raw data to be captured by other apps. Can use PowerShell to test functionality of VM resource pools & view usage data associated with them.
• Enable-vmresourcemetering with –resourcepoolname & -resourcepooltype (e.g. memory) or omit type & enable all with *
  • Then enable metering measure-vmresourcepool
  • Create new resource pool: new-resourcepool

VM eventing

• Keeps Hyper-V PowerShell objects updated without polling the virtual machine host
• Enabled by default
• Enable-vmeventing and disable-vmeventing
• Review PS commands for regular server monitoring get-command *event*
• Investigate new WDS features in 2012 & new WSUS especially Update Files options