Installing and Configuring Windows Server 2012 R2

spine = .75” Prepare for Microsoft Exam 70-410—and help demonstrate your real-world mastery installing and configuring Windows Server 2012 R2. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSA or MCSE level. This Microsoft Exam Ref: • Is fully updated for Windows Server 2012 R2. • Organizes its coverage by exam objectives. • Features strategic, what-if scenarios to challenge you. • Assumes you have experience implementing Windows Server 2012 R2 core services in an enterprise environment. About the Exam Exam 70-410 validates your ability to install and configure Windows Server 2012 R2 core services. Passing this exam counts as credit toward MCSA: Windows Server 2012 R2 certification, as well as three MCSE certifications. About Microsoft Certification Microsoft Certified Solutions Associate (MCSA) certifications validate the core technical skills required to build a sustainable career in IT. The MCSA certification for Windows Server 2012 R2 requires three exams—70-410, 70-411, and 70-412— and can also be applied toward earning Microsoft Certified Solutions Expert (MCSE) certification for the Server Infrastructure, Desktop Infrastructure, and Private Cloud specialties. Installing and Configuring Windows Server 2012 R2 Focus on the expertise measured by these objectives: • Install and Configure Servers • Configure Server Roles and Features • Configure Hyper-V • Deploy and Configure Core Network Services • Install and Administer Active Directory • Create and Manage Group Policy Installing and Configuring Windows Server 2012 R2 Exam Ref 70-410 Exam Ref 70-410 Exam Ref 70 410 See full details at: microsoft.com/learning/certification About the Author microsoft.com/mspress ISBN: 978-0-7356-8424-9 U.S.A.$39.99 Canada $41.99 [Recommended] Certification/Windows Server Craig Zacker is an educator and editor who has written or contributed to dozens of books on operating systems, networking, and PC hardware. He is coauthor of the Microsoft Training Kit for Exam 70-686 and author of Windows Small Business Server 2011 Administrator’s Pocket Consultant. Installing and Configuring Windows Server 2012 R2 Zacker Craig Zacker PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2014 by Craig Zacker (All) All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Library of Congress Control Number: 2014931253 ISBN: 978-0-7356-8424-9 Printed and bound in the United States of America. First Printing Microsoft Press books are available through booksellers and distributors worldwide. If you need support related to this book, email Microsoft Press Book Support at [email protected] Please tell us what you think of this book at http://www.microsoft.com/learning/booksurvey. Microsoft and the trademarks listed at http://www.microsoft.com/en-us/legal/intellectualproperty/Trademarks/ EN-US.aspx are trademarks of the Microsoft group of companies. All other marks are property of their respective owners. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred. This book expresses the author’s views and opinions. The information contained in this book is provided without any express, statutory, or implied warranties. Neither the authors, Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book. Acquisitions Editor: Anne Hamilton Developmental Editor: Karen Szall Editorial Production: Box Twelve Communications Technical Reviewer: Brian Svidergol Cover: Twist Creative • Seattle Contents at a glance Introductionxi Preparing for the exam xiii Chapter 1 Installing and configuring servers 1 Chapter 2 Configuring server roles and features Chapter 3 Configuring Hyper-V 131 Chapter 4 Deploying and configuring core network services 197 Chapter 5 Installing and administering Active Directory 257 Chapter 6 Creating and managing Group Policy 317 71 Index377 Contents Introductionxi Microsoft certifications xi Errata & book support xii We want to hear from you xii Stay in touch xii Preparing for the exam xiii Chapter 1 Installing and configuring servers 1 Objective 1.1: Install servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Planning for a server installation 2 Choosing installation options 6 Upgrading servers 12 Migrating roles 14 Objective summary 16 Objective review 17 Objective 1.2: Configure servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Completing postinstallation tasks 18 Using Server Manager 26 Configuring services 36 Delegating server administration 37 Using Windows PowerShell Desired State Configuration (DSC) 37 Objective summary 39 Objective review 40 Objective 1.3: Configure local storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Planning server storage 41 What do you think of this book? We want to hear from you! Microsoft is interested in hearing your feedback so we can continually improve our books and learning resources for you. To participate in a brief online survey, please visit: www.microsoft.com/learning/booksurvey/ v Understanding Windows disk settings 43 Working with disks 46 Objective summary 62 Objective review 63 Answers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Chapter 2 Configuring server roles and features 71 Objective 2.1: Configure file and share access . . . . . . . . . . . . . . . . . . . . . . . 71 Creating folder shares 72 Assigning permissions 77 Configuring Volume Shadow Copies 86 Configuring NTFS quotas 87 Configuring Work Folders 89 Objective summary 90 Objective review 91 Objective 2.2: Configure print and document services . . . . . . . . . . . . . . . . 92 Deploying a print server 92 Sharing a printer 99 Managing documents 103 Managing printers 104 Using the Print and Document Services role 106 Objective summary 111 Objective review 111 Objective 2.3: Configure servers for remote management . . . . . . . . . . . 112 Using Server Manager for remote management 113 Using Remote Server Administration Tools 121 Working with remote servers 122 Objective summary 123 Objective review 124 Answers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Chapter 3 Configuring Hyper-V 131 Objective 3.1: Create and configure virtual machine settings . . . . . . . . . 131 Virtualization architectures vi Contents 132 Hyper-V implementations 133 Installing Hyper-V 136 Using Hyper-V Manager 138 Configuring resource metering 152 Objective summary 154 Objective review 154 Objective 3.2: Create and configure virtual machine storage. . . . . . . . . . 156 Virtual disk formats 156 Creating virtual disks 157 Configuring pass-through disks 163 Modifying virtual disks 164 Creating checkpoints 165 Configuring Storage Quality of Service (QoS) 166 Connecting to a storage area network (SAN) 167 Objective summary 173 Objective review 173 Objective 3.3: Create and configure virtual networks. . . . . . . . . . . . . . . . 174 Creating virtual switches 175 Creating virtual network adapters 181 Configuring NIC teaming in a virtual network environment 185 Creating virtual network configurations 188 Objective summary 190 Objective review 191 Answers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 Chapter 4 Deploying and configuring core network services 197 Objective 4.1: Configure IPv4 and IPv6 addressing . . . . . . . . . . . . . . . . . . 197 IPv4 addressing 198 IPv6 addressing 205 Subnetting IPv6 Addresses 210 Planning an IP transition 211 Objective summary 215 Objective review 215 Objective 4.2: Configure servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Contents vii Understanding DHCP 217 Deploying a DHCP server 222 Deploying a DHCP relay agent 227 Objective summary 230 Objective review 231 Objective 4.3: Deploy and configure the DNS service. . . . . . . . . . . . . . . . 232 Understanding the DNS architecture 232 Deploying a DNS server 241 Objective summary 249 Objective review 250 Answers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 Chapter 5 Installing and administering Active Directory 257 Objective 5.1: Install domain controllers . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 Deploying Active Directory Domain Services 258 Objective summary 274 Objective review 275 Objective 5.2: Create and manage Active Directory users and computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 Creating user objects 276 Creating computer objects 285 Managing Active Directory objects 288 Objective summary 294 Objective review 294 Objective 5.3: Create and manage Active Directory groups and organizational units (OUs). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 Working with groups 300 Objective summary 309 Objective review 310 Answers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 viii Contents Chapter 6 Creating and managing Group Policy 317 Objective 6.1: Create Group Policy Objects. . . . . . . . . . . . . . . . . . . . . . . . . 317 Understanding Group Policy Objects 318 Configuring a Central Store 319 Using the Group Policy Management Console 319 Managing starter GPOs 322 Configuring Group Policy settings 323 Creating multiple local GPOs 324 Objective summary 326 Objective review 327 Objective 6.2: Configure security policies . . . . . . . . . . . . . . . . . . . . . . . . . . 328 Defining local policies 328 Using security templates 333 Configuring local users and groups 336 Unserstanding User Account Control (UAC) 339 Objective summary 344 Objective review 344 Objective 6.3: Configure application restriction policies. . . . . . . . . . . . . . 345 Using software restriction policies 345 Using AppLocker 352 Objective summary 355 Objective review 355 Objective 6.4: Configure Windows Firewall. . . . . . . . . . . . . . . . . . . . . . . . . 357 Understanding Windows Firewall settings 357 Working with Windows Firewall 358 Using the Windows Firewall control panel applet 359 Using the Windows Firewall With Advanced Security console 363 Objective summary 369 Objective review 369 Answers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 Index 377 Contents ix What do you think of this book? We want to hear from you! Microsoft is interested in hearing your feedback so we can continually improve our books and learning resources for you. To participate in a brief online survey, please visit: www.microsoft.com/learning/booksurvey/ Introduction Most books take a very low-level approach, teaching you how to use basic concepts to accomplish fine-grained tasks. Like the Microsoft 70-410 certification exam, this book takes a high-level approach, building on your existing knowledge of lower-level Microsoft Windows system administration and extending it into higher-level server concepts needed for Windows Server 2012 R2. Candidates for this exam are Information Technology (IT) Professionals who have Windows Server 2012 R2 operating system knowledge and experience and want to validate the skills and knowledge necessary to implement the Windows Server 2012 R2 core infrastructure services. The 70-410 exam is the first in a series of three exams that validate the skills and knowledge necessary to implement a core Windows Server 2012 R2 Infrastructure into an existing enterprise environment. This book covers the initial implementation and configuration of the Windows Server 2012 R2 core services, such as Active Directory and the networking services. This book, along with the Exam Reference books covering the 70-411 and 70-412 exams, will collectively illustrate the skills and knowledge necessary for implementing, managing, maintaining and provisioning services and infrastructure in a Windows Server 2012 R2 environment. This book covers every exam objective, but it does not cover every exam question. Only the Microsoft exam team has access to the exam questions themselves and Microsoft regularly adds new questions to the exam, making it impossible to cover specific questions. You should consider this book a supplement to your relevant real-world experience and other study materials. If you encounter a topic in this book that you do not feel completely comfortable with, use the links you’ll find in text to find more information and take the time to research and study the topic. Great information is available on MSDN, TechNet, and in blogs and forums. Microsoft certifications Microsoft certifications distinguish you by proving your command of a broad set of skills and experience with current Microsoft products and technologies. The exams and corresponding certifications are developed to validate your mastery of critical competencies as you design and develop, or implement and support, solutions with Microsoft products and technologies both on-premises and in the cloud. Certification brings a variety of benefits to the individual and to employers and organizations. xi MORE INFO ALL MICROSOFT CERTIFICATIONS For information about Microsoft certifications, including a full list of available certifications, go to http://www.microsoft.com/learning/en/us/certification/cert-default.aspx. Errata & book support We’ve made every effort to ensure the accuracy of this book and its companion content. Any errors that have been reported since this book was published are listed at: http://aka.ms/ER410R2/errata If you find an error that is not already listed, you can report it to us through the same page. If you need additional support, email Microsoft Press Book Support at [email protected] Please note that product support for Microsoft software is not offered through the addresses above. We want to hear from you At Microsoft Press, your satisfaction is our top priority, and your feedback our most valuable asset. Please tell us what you think of this book at: http://aka.ms/tellpress The survey is short, and we read every one of your comments and ideas. Thanks in advance for your input! Stay in touch Let’s keep the conversation going! We’re on Twitter: http://twitter.com/MicrosoftPress. xii Introduction Preparing for the exam Microsoft certification exams are a great way to build your resume and let the world know about your level of expertise. Certification exams validate your on-the-job experience and product knowledge. While there is no substitution for on-the-job experience, preparation through study and hands-on practice can help you prepare for the exam. We recommend that you round out your exam preparation plan by using a combination of available study materials and courses. For example, you might use the Training Guide and another study guide for your “at home” preparation and take a Microsoft Official Curriculum course for the classroom experience. Choose the combination that you think works best for you. xiii CHAPTER 3 Configuring Hyper-V The concept of virtualizing servers has, in the past several years, grown from a novel experiment to a convenient lab and testing tool to a legitimate deployment strategy for production servers. Windows Server 2012 R2 includes the Hyper-V role, which enables administrators to create virtual machines (VMs), each of which runs in its own isolated environment. VMs are self-contained units that administrators can easily move from one physical computer to another, greatly simplifying the process of deploying network applications and services. This chapter covers some of the fundamental tasks that administrators perform to create and deploy Hyper-V servers and VMs. Objectives in this chapter: ■■ Objective 3.1: Create and configure virtual machine settings ■■ Objective 3.2: Create and configure virtual machine storage ■■ Objective 3.3: Create and configure virtual networks Objective 3.1: Create and configure virtual machine settings Server virtualization in Windows Server 2012 R2 is based on a module called a hyper visor. Sometimes called a virtual machine monitor (VMM), the hypervisor is responsible for abstracting the computer’s physical hardware and creating multiple virtualized hardware environments, called VMs. Each VM has its own (virtual) hardware configuration and can run a separate copy of an operating system (OS). Therefore, with sufficient physical hardware and the correct licensing, a single computer running Windows Server 2012 R2 with the Hyper-V role installed can support multiple VMs, which administrators can manage as if they were standalone computers. NOTE REMOTEFX RemoteFX enables remote computers to connect Hyper-V guest VMs with an enhanced desktop experience, including graphics adapter virtualization, USB redirection, and intelligent encoding and decoding. Don’t expect many questions about RemoteFX on the exam. 131 This objective covers how to: ■■ Configure dynamic memory ■■ Configure smart paging ■■ Configure Resource Metering ■■ Configure guest integration services ■■ Create and configure Generation 1 and Generation 2 VMs ■■ Configure and use enhanced session mode Virtualization architectures Virtualization products can use several different architectures to share a computer’s hardware resources among VMs. The earlier type of virtualization products, including Microsoft Windows Virtual PC and Microsoft Virtual Server, requires a standard OS installed on a computer. This becomes the “host” OS. Then you install the virtualization product, which adds the hypervisor component. The hypervisor essentially runs alongside the host OS, as shown in Figure 3-1, and enables you to create as many VMs as the computer has hardware to support. FIGURE 3-1 A hybrid VMM sharing hardware access with a host operating system This arrangement, in which the hypervisor runs on top of a host OS, is called Type II virtu alization. By using the Type II hypervisor, you create a virtual hardware environment for each VM. You can specify how much memory to allocate to each VM, create virtual disk drives by using space on the computer’s physical drives, and provide access to peripheral devices. You then install a “guest” OS on each VM, just as if you were deploying a new computer. The host OS then shares access to the computer’s processor with the hypervisor, with each taking the clock cycles it needs and passing control of the processor back to the other. Type II virtualization can provide adequate VM performance, particularly in classroom and laboratory environments, but it does not provide performance equivalent to separate physical computers. Therefore, it is not generally recommended for high-traffic servers in production environments. 132 CHAPTER 3 Configuring Hyper-V The virtualization capability built into Windows Server 2012 R2, called Hyper-V, uses a different type of architecture. Hyper-V uses Type I virtualization, in which the hypervisor is an abstraction layer that interacts directly with the computer’s physical hardware—that is, without an intervening host OS. The term hypervisor is intended to represent the level beyond the term supervisor, in regard to the responsibility for allocating a computer’s processor clock cycles. The hypervisor creates individual environments called partitions, each of which has its own OS installed and accesses the computer’s hardware via the hypervisor. Unlike Type II virtualization, no host OS shares processor time with the hypervisor. Instead, the hypervisor designates the first partition it creates as the parent partition and all subsequent partitions as child partitions, as shown in Figure 3-2. FIGURE 3-2 A Type I VMM, with the hypervisor running directly on the hardware The parent partition accesses the system hardware through the hypervisor, just as the child partitions do. The only difference is that the parent runs the virtualization stack, which creates and manages the child partitions. The parent partition is also responsible for the subsystems that directly affect the performance of the computer’s physical hardware, such as Plug and Play, power management, and error handling. These subsystems also run in the OSs on the child partitions, but they address only virtual hardware, whereas the parent, or root, partition handles the actual hardware. NOTE HYPER-V It might not seem like the Hyper-V role in Windows Server 2012 R2 provides Type I virtualization, because it requires the Windows Server OS to be installed and running. However, adding the Hyper-V role actually converts the installed instance of Windows Server 2012 R2 into the parent partition and causes the system to load the hypervisor before the OS. Hyper-V implementations Windows Server 2012 R2 includes the Hyper-V role only in the Standard and Datacenter editions. The Hyper-V role is required for the OS to function as a computer’s primary partition, enabling it to host other VMs. No special software is required for an OS to function as a guest OS in a VM. Therefore, although Windows Server 2012 R2 Essentials does not include the Hyper-V role, it can function as a guest OS. Other guest OSs supported by Hyper-V include the current Windows workstation OSs and many other non-Microsoft server and workstation products. Objective 3.1: Create and configure virtual machine settings CHAPTER 3 133 Hyper-V licensing The primary difference between the Standard and Datacenter editions of Windows Server 2012 R2 is the number of VMs they support. When you install a Windows Server 2012 R2 instance on a VM, you must have a license for it, just like when you install it on a physical machine. Purchasing the Datacenter edition allows you to license an unlimited number of VMs running Windows Server 2012 R2 on that one physical machine. The Standard license allows you to license only two virtual instances of Windows Server 2012 R2. IMPORTANT READERAID HEADER Readeraid. You might find that reports vary on the specific minimum requirements of Windows Server 2008. This is not uncommon for new operating systems because the minimum requirements change as the operating system moves from beta to the release candidate stage to the final RTM version. The requirements outlined in Table 1-1 are not finalized. You might be able to get Windows Server 2008 to install on a computer that does not meet these specifications, but the experience will be less than optimal. Hyper-V hardware limitations The Windows Server 2012 R2 version of Hyper-V contains massive improvements in the scalability of the system over previous versions. A Windows Server 2012 R2 Hyper-V host system can have up to 320 logical processors, supporting up to 2,048 virtual CPUs and up to 4 terabytes (TB) of physical memory. One server can host as many as 1,024 active VMs and a single VM can have up to 64 virtual CPUs and up to 1 TB of memory. Hyper-V can also support clusters with up to 64 nodes and 8,000 VMs. NOTE WINDOWS POWERSHELL Another major improvement in the Windows Server 2012 and Windows Server 2012 R2 versions of Hyper-V is the inclusion of a Hyper-V module for Windows PowerShell, which includes new cmdlets dedicated to the creation and management of the Hyper-V service and its VMs. Hyper-V Server In addition to the Hyper-V implementation in Windows Server 2012 R2, Microsoft provides a dedicated Hyper-V Server product, which is a subset of Windows Server 2012 R2. Hyper-V Server 2012 R2 includes the Hyper-V role, which it installs by default during the OS installation. With the exception of some limited File and Storage Services and Remote Desktop capabilities, the OS includes no other roles, as shown in Figure 3-3. 134 CHAPTER 3 Configuring Hyper-V FIGURE 3-3 Roles available in Hyper-V Server The Hyper-V Server is also limited to the Server Core interface, althoughas with all Server Core installationsit includes SCONFIG, a simple, script-based configuration interface, as shown in Figure 3-4. You can manage Hyper-V Server remotely by using Server Manager and Hyper-V Manager, just as you would any other Server Core installation. FIGURE 3-4 The Server Core interface in Hyper-V Server Objective 3.1: Create and configure virtual machine settings CHAPTER 3 135 Unlike Windows Server 2012 R2, Hyper-V Server is a free product, available for download from Microsoft’s website. However, Hyper-V Server does not include any licenses for virtual instances. You must obtain and license all the OSs you install on the VMs you create. Installing Hyper-V Once you have the appropriate hardware, you can add the Hyper-V role to Windows Server 2012 R2 by using Server Manager, just as you would any other role. Adding the Hyper-V role installs the hypervisor software, and, in the case of a full GUI installation, also installs the management tools. The primary tool for creating and managing VMs and their components on Hyper-V servers is the Hyper-V Manager console. Hyper-V Manager provides administrators with a list of all the VMs on the local host and enables administrators to configure the environments of both the servers and the individual VMs. There is also a set of Hyper-V cmdlets for Windows PowerShell that enables you to exercise complete control over VMs using that interface. Microsoft recommends that you do not install other roles with Hyper-V. It is better to implement any other roles that you need the physical computer to perform within one of the VMs you create by using Hyper-V. In addition, you might want to consider installing Hyper-V on a computer by using the Server Core installation option. This will minimize the overhead expended on the partition. As with other roles, installing Hyper-V on Server Core excludes the graphical management tools, which you must install separately as a feature on another computer. Before you can install the Hyper-V role on a server running Windows Server 2012 R2, you must have the appropriate hardware: ■■ ■■ ■■ A 64-bit processor that includes hardware-assisted virtualization. This is available in processors that include a virtualization option, such as Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) technology. A system BIOS that supports the virtualization hardware, on which the virtualization feature has been enabled. Hardware-enforced Data Execution Prevention (DEP), which Intel describes as eXecute Disable (XD) and AMD describes as No eXecute (NX). This is a technology used in CPUs to segregate areas of memory. Specifically, you must enable the Intel XD bit (execute disable bit) or the AMD NX bit (no execute bit). To install the Hyper-V role, use the following procedure. 1. In Server Manager, on the Manage menu, select Add Roles And Features. The Add Roles And Features Wizard starts, displaying the Before You Begin page. 136 CHAPTER 3 Configuring Hyper-V 2. Click Next to open the Select Installation Type page. 3. Leave the Role-Based Or Feature-Based Installation option selected and click Next. The Select Destination Server page opens. 4. Select the server on which you want to install Hyper-V and click Next. The Select Server Roles page opens. 5. Select the Hyper-V role. The Add Features That Are Required For Hyper-V dialog box appears. 6. Click Add Features to accept the dependencies and then click Next to open the Select Features page. 7. Click Next to open the Hyper-V page. 8. Click Next. The Create Virtual Switches page opens, as shown in Figure 3-5. FIGURE 3-5 The Create Virtual Switches page of the Add Roles and Features Wizard 9. Select the appropriate check box for a network adapter and click Next. The Virtual Machine Migration page opens, as shown in Figure 3-6. Objective 3.1: Create and configure virtual machine settings CHAPTER 3 137 FIGURE 3-6 The Virtual Machine Migration page of the Add Roles and Features Wizard 10. Click Next to open the Default Stores page. 11. Specify alternatives to the default locations for virtual hard disk (VHD) and VM config- uration files, if desired, and click Next. The Confirm Installation Selection page opens. 12. Click Install to move to the Installation Progress page as the wizard installs the role. 13. Click Close to close the wizard. 14. Restart the server. Installing the role modifies the Windows Server 2012 R2 startup procedure so that the newly installed hypervisor is able to address the system hardware directly and then load the OS as the primary partition on top of that. NOTE USING WINDOWS POWERSHELL You can also install the Hyper-V role by using the Install-WindowsFeature cmdlet, using the following syntax: Install-WindowsFeature –Name Hyper-V -ComputerName <name> -IncludeManagementTools -Restart Using Hyper-V Manager Once you have installed the Hyper-V role and restarted the computer, you can begin to create VMs and deploy OSs on them by using the Hyper-V Manager console, which you can access from the Tools menu in Server Manager. 138 CHAPTER 3 Configuring Hyper-V Like most of the Windows Server 2012 R2 management tools, including Server Manager itself, you can use the Hyper-V Manager console to create and manage VMs on multiple servers, enabling administrators to exercise full control over their servers from a central location. To run Hyper-V Manager on a server that does not have the Hyper-V role, you must install the Hyper-V Management Tools feature. These tools are also found in the Remote Server Administration Tools feature Once you install and launch the Hyper-V Manager console, you can add servers to the display by right-clicking the Hyper-V Manager node in the left pane and selecting Connect To Server from the shortcut menu. The Select Computer dialog box appears, in which you can type or browse to the name of a Hyper-V server. The Hyper-V Manager console lists all the VMs on the selected server, as shown in Figure 3-7, along with status information about each one. FIGURE 3-7 The Hyper-V Manager console Creating a virtual machine After installing Hyper-V and configuring it using Hyper-V Manager, you are ready to create VMs and install the OS on each one. By using Hyper-V Manager, you can create new VMs and define the hardware resources that the system should allocate to them. In the settings for a particular VM, depending on the physical hardware available in the computer and the limitations of the guest OS, administrators can specify the number of processors and the amount of memory allotted to a VM, install virtual network adapters, and create virtual disks by using a variety of technologies, including storage area networks (SANs). Objective 3.1: Create and configure virtual machine settings CHAPTER 3 139 By default, Hyper-V stores the files that make up VMs in the folders you specified on the Default Stores page during the role installation. Each VM uses the following files: ■■ ■■ A virtual machine configuration file in XML format with an .xml extension that contains the VM configuration information, including all settings for the VM One or more VHD (.vhd or .vhdx) files to store the guest OS, applications, and data for the VM In addition, a VM can use a saved-state (.vsv) file if the machine has been placed into a saved state. To create a new VM, use the following procedure. 1. In Server Manager, on the Tools menu, select Hyper-V Manager to open the Hyper-V Manager console. 2. In the left pane, select a Hyper-V server. 3. From the Action menu, select New, Virtual Machine. The New Virtual Machine Wizard starts, displaying the Before You Begin page. 4. Click Next to open the Specify Name And Location page. 5. In the Name text box, type a name for the VM, keeping in mind that the system will also use this name to create the VM files and folders. To create the VM files in a location other than the default, select the Store The Virtual Machine In A Different Location check box and type an alternate path in the Location text box. Then click Next. The Specify Generation page appears. MORE INFORMATION VM GENERATIONS For more information on the distinction between Generation 1 virtual machines and Generation 2 virtual machines, see “Creating Generation 1 and Generation 2 VMs” later in this chapter. 6. Specify whether you want to create a Generation 1 or Generation 2 virtual machine and click Next. The Assign Memory page opens. MORE INFORMATION MEMORY For more information on how Hyper-V uses memory, see “Allocating memory” later in this chapter. 7. In the Startup Memory text box, type the amount of memory you want the VM to use and click Next. The Configure Networking page opens, as shown in Figure 3-8. 140 CHAPTER 3 Configuring Hyper-V FIGURE 3-8 The Configure Networking page of the New Virtual Machine Wizard 8. From the Connection drop-down list, select a virtual switch and click Next. The Connect Virtual Hard Disk page opens, as shown in Figure 3-9. FIGURE 3-9 The Connect Virtual Hard Disk page of the New Virtual Machine Wizard Objective 3.1: Create and configure virtual machine settings CHAPTER 3 141 MORE INFORMATION NETWORKS For more information on virtual switches and networking VMs, see Objective 3.3, “Create and configure virtual networks,” later in this chapter. 9. Leave the Create A Virtual Hard Disk option selected and type values for the following fields: ■■ ■■ ■■ Name Specifies the file name for the VHD, using the .vhdx format new to Windows Server 2012 R2 Location Specifies a location for the VHD other than the default you specified on the Default Stores page Size Specifies the maximum size of the VHD MORE INFORMATION STORAGE By default, the wizard creates a VHD file that starts small and dynamically expands up to the maximum size you specify. For more information on Hyper-V storage, see Objective 3.2, “Create and configure virtual machine storage,” later in this chapter. 10. Click Next. The Installation Options page opens. 11. Leave the Install An Operating System Later Option selected and click Next. The Completing The New Virtual Machine Wizard page opens. 12. Click Finish. The wizard creates the new VM and adds it to the list of VMs in Hyper-V Manager. The VM that this procedure creates is the equivalent of a bare-metal computer. It has all the (virtual) hardware it needs to run, but it has no software. NOTE USING WINDOWS POWERSHELL To create a new VM by using Windows PowerShell, use the New-VM cmdlet with the following basic syntax: New-VM –Name “VM name” –MemoryStartupBytes <memory> –NewVHDSizeBytes <disk size> For example, the following command creates a new VM called ServerA with 1 GB of memory and a new 60-GB VHD drive: New-VM –Name “ServerA” –MemoryStartupBytes 1GB –NewVHDSizeBytes 60GB There are, of course, many more parameters for the New-VM cmdlet, which you can explore through the Get-Help cmdlet. 142 CHAPTER 3 Configuring Hyper-V Each VM on a Hyper-V server consists of a collection of settings that specify the hardware resources in the machine and the configuration settings that control those resources. You can manage and modify those settings by using the Settings page for the particular VM. Selecting a VM from the list in Hyper-V Manager displays a series of icons in the Actions pane. Clicking the Settings icon opens the Settings dialog box, shown in Figure 3-10, which is the primary configuration interface for that VM. Here, you can modify any of the settings that the New Virtual Machine Wizard configured for you. FIGURE 3-10 The Settings dialog box for a VM Creating Generation 1 and Generation 2 VMs In Windows Server 2012 R2, Hyper-V includes a new type of virtual machine, which it refers to as Generation 2. The VM type created by all previous versions is called Generation 1. When you create a new virtual machine in the Hyper-V manager, the New Virtual Machine Wizard includes a new page (shown in Figure 3-11) on which you specify whether you want to create a Generation 1 or Generation 2 VM. The New-VM cmdlet in Windows PowerShell also includes a new –Generation parameter. Objective 3.1: Create and configure virtual machine settings CHAPTER 3 143 FIGURE 3-11 The Specify Generation page in the New Virtual Machine Wizard Generation 1 VMs are designed to emulate the hardware found in a typical computer. To do this, they use drivers for specific devices, such as an AMI BIOS, an S3 graphics adapter, and an Intel chipset and network adapter. Generation 1 VMs that you create with Windows Server 2012 R2 Hyper-V are completely compatible with all previous Hyper-V versions. Generation 2 VMs use synthetic drivers and software-based devices instead; they provide advantages that include the following: ■■ ■■ UEFI boot Instead of using the traditional BIOS, Generation 2 VMs support Secure Boot using the Universal Extensible Firmware Interface (UEFI), which requires a system to boot from digitally signed drivers and enables them to boot from drives larger than 2 TB with GUID partition tables. SCSI disks Generation 2 VMs omit the IDE disk controller used by Generation 1 VMs to boot the system and use a high-performance virtual SCSI controller for all disks, enabling the VMs to boot from VHDX files and support hot-disk adds and removes. The end result is a Generation 2 virtual machine that deploys much faster than its Generation 1 counterparts and performs better as well. The limitations, however, are that Generation 2 VMs can only run the following guest operating systems: 144 ■■ Windows Server 2012 ■■ Windows Server 2012 R2 ■■ Windows 8 64-bit ■■ Windows 8.1 64-bit CHAPTER 3 Configuring Hyper-V Installing an operating system Once you have created a VM, you can install an OS on it. Hyper-V in Windows Server 2012 R2 supports all the following as OSs you can install in Generation 1 VMs: ■■ Windows Server 2012 R2 ■■ Windows Server 2012 ■■ Windows Server 2008 R2 ■■ Windows Server 2008 ■■ Windows Home Server 2011 ■■ Windows Small Business Server 2011 ■■ Windows Server 2003 R2 ■■ Windows Server 2003 SP2 ■■ Windows 8.1 ■■ Windows 8 ■■ Windows 7 Enterprise and Ultimate ■■ Windows Vista Business, Enterprise, and Ultimate SP2 ■■ Windows XP Professional SP3 ■■ Windows XP x64 Professional SP2 ■■ CentOS 6.0–6.2 ■■ Red Hat Enterprise Linux 6.0–6.2 ■■ SUSE Linux Enterprise Server 11 SP2 NOTE GUEST OSS This is the official list of supported guest OSs at RTM. Other OSs might also function but have not been fully tested. One of the advantages of installing software on VMs is that there are several ways to access the installation files. A VM, by default, has a DVD drive, which can itself be physical or virtual. When you open the Settings dialog box for a Generation 1 VM and select the DVD drive in the Hardware list, you see the interface shown in Figure 3-12. In the Media section, you can select one of the following options for the drive: ■■ ■■ ■■ None The equivalent of a drive with no disk inserted Image File Points to a disk image file with a .iso extension stored on one of the host computer’s drives or on a shared network drive Physical CD/DVD Drive Links the virtual DVD drive to one of the physical DVD drives in the host computer Objective 3.1: Create and configure virtual machine settings CHAPTER 3 145 In a Generation 2 VM, the DVD drive supports only the None option and the Image File option, as shown in Figure 3-12. The ability to mount an image file to a virtual DVD drive is particularly useful for administrators who download OS files as disk images. Once you have mounted an installation disk, either physically or virtually, you can click Start in the Actions pane of Hyper-V Manager, which is the equivalent of turning on the VM. Starting a VM causes the thumbnail in the Hyper-V Manager to go live, displaying the contents of the computer’s screen. To display the VM’s activity at full size, click Connect in the Actions pane to open a new window for the VM. You can then interact with the VM through that window, just as if you were sitting at a physical computer’s console. FIGURE 3-12 DVD drive settings for a VM When the VM boots from the disk you mounted, the OS installation proceeds just as if you were using a physical computer. During the installation process, you can work with the VHD drive just as you would a physical one, creating partitions of various sizes and selecting one for the OS. When the installation is complete, the VM restarts, and you can then log on and use it in the normal manner. 146 CHAPTER 3 Configuring Hyper-V Configuring Guest Integration Services In some cases, certain Hyper-V guest OS features do not function properly using the OS’s own device drivers. Hyper-V, therefore, includes a software package called Guest Integration Services, which you can install on your VMs for compatibility purposes. Some of the functions provided by the Guest Integration Services package are as follows: ■■ ■■ ■■ ■■ ■■ ■■ Operating System Shutdown Enables the Hyper-V Manager console to remotely shut down a guest OS in a controlled manner, eliminating the need for an administrator to log on and manually shut the system down. Time Synchronization Enables Hyper-V to synchronize the OS clocks in parent and child partitions. Data Exchange Enables the Windows OSs on the parent and child partitions to exchange information, such as OS version information and fully qualified domain names. Heartbeat Implements a service in which the parent partition sends regular heartbeat signals to the child partitions, which are expected to respond in kind. A failure of a child partition to respond indicates that the guest OS has frozen or malfunctioned. Backup Enables backup of Windows VMs by using Volume Shadow Copy Services. Guest Services Enables administrators to copy files to a virtual machine without using a network connection. The Windows Server 2012, Windows Server R2, Windows 8, and Windows 8.1 operating systems have the latest Guest Integration Services software built in, so there is no need to install the package on VMs running those OSs as guests. Earlier versions of Windows have earlier versions of the Guest Integration Services package that need to be upgraded, however, and some Windows versions do not include the package at all. NOTE LINUX For Linux guest OSs, you must download and install the latest release of Linux Integration Services Version 3.4 for Hyper-V from the Microsoft Download Center. As of this writing, the latest version is 3.4 and is available at http://www.microsoft.com/en-gb/download/ details.aspx?id=34603. To upgrade Guest Integration Services on a Windows guest OS, use the following procedure: 1. In Server Manager, on the Tools menu, select Hyper-V Manager. The Hyper-V Manager console starts. 2. In the left pane, select a Hyper-V server. 3. In the Actions pane, start the VM on which you want to install Guest Integration Services and click Connect. A Virtual Machine Connection window opens. 4. In the Virtual Machine Connection window, from the Action menu, select Insert Integration Services Setup Disk. Hyper-V mounts an image of the Guest Integration Services disk to a virtual disk drive and an Autoplay window appears. Objective 3.1: Create and configure virtual machine settings CHAPTER 3 147 5. Click Install Hyper-V Integration Services. A message box appears, asking you to upgrade the existing installation. 6. Click OK. The system installs the package and prompts you to restart the computer. 7. Click Yes to restart the computer. Once you have installed or upgraded Guest Integration Services, you can enable or disable each of the individual functions by opening the Settings dialog box for the VM and selecting the Integration Services page, as shown in Figure 3-13. FIGURE 3-13 Integration Services settings for a VM At this point, you are ready to configure and manage the VM just as if you were working on a physical server. This can include modifying the network configuration, enabling remote desktop, loading the appropriate roles and features, and installing applications. Using Enhanced Session mode In previous versions of Hyper-V, when you open a Virtual Machine Connection window in the Hyper-V Manager console, you receive mouse and keyboard connectivity plus a limited cut and paste functionality. To obtain any further access, such as audio or print functionality, you could establish a Remote Desktop Services connection to the VM, but this requires the computers to be connected to the same network, which is not always possible. 148 CHAPTER 3 Configuring Hyper-V Starting in Windows Server 2012 R2, Hyper-V supports an enhanced session mode that enables the Virtual Machine Connection window to redirect any of the following local resources to VMs running Windows Server 2012 R2 or Windows 8.1: ■■ Display configuration ■■ Audio ■■ Printers ■■ Clipboard ■■ Smart cards ■■ USB devices ■■ Drives ■■ Supported Plug and Play devices The enhanced session mode works by establishing a Remote Desktop Protocol connection between the host computer and the VM, but it does not require a standard network path because it uses VMBus instead. VMBus is a high-speed conduit between the various partitions running on a Hyper-V server. Enhanced session mode is enabled by default in Windows 8.1, but in Windows Server 2012 R2, you must enable it on the Enhanced Session Mode Policy page of the Hyper-V Settings dialog box, as shown in Figure 3-14. FIGURE 3-14 Enhanced Session Mode Policy settings Objective 3.1: Create and configure virtual machine settings CHAPTER 3 149 Allocating memory Dynamic memory enables Hyper-V to adjust the amount of RAM allocated to VMs, depending on their ongoing requirements. Some computer components can be virtualized. You can take some disk space and create a virtual hard drive, and you can take an image file and create a virtual DVD drive. You can also create virtual network interface adapters and other components, which appear like the real thing in a VM. System memory is different, however. There is no substitute for memory, so all Hyper-V can do is take the physical memory installed in the computer and allocate it among the various VMs. When you create a VM, you specify how much memory to allocate to the VM. Obviously, the amount of memory available for use is based on the physical memory installed in the computer. After you have created the VM, you can modify the amount of memory allocated to it by shutting down the VM, opening its Settings dialog box, and changing the Startup RAM setting on the Memory page, as shown in Figure 3-15. This enables you to experiment with various amounts of memory, and set the optimum performance level for the system. FIGURE 3-15 Memory settings for a VM 150 CHAPTER 3 Configuring Hyper-V USING DYNAMIC MEMORY In the first versions of Hyper-V, shutting down the VM was the only way to modify its memory allocation. In the Windows Server 2012 R2 version, however, you can use a feature called Dynamic Memory to automatically reallocate memory to the VM from a shared memory pool as its demands change. If a virtualized server starts to experience larger amounts of client traffic, for example, Hyper-V can increase the memory allocated to the system, and reduce it again when the traffic subsides. To use Dynamic Memory, you must enable it by selecting the Enable Dynamic Memory check box on the VM’s Memory settings page and then configure the following settings: ■■ ■■ ■■ ■■ ■■ Startup RAM Specifies the amount of memory that you want to allocate to the VM when it starts. When you are using Dynamic Memory, this value can be the minimum amount of memory needed to boot the system. Minimum RAM Specifies the smallest amount of memory the VM can use at any time. OSs can require more memory to start up than to run, so this value can be smaller than the Startup RAM value. Maximum RAM Specifies the largest amount of memory that the VM can use at any time. The value can range from a low equal to the Startup RAM value to a high of 64 GB. Memory Buffer Specifies a percentage that Hyper-V uses to calculate how much memory to allocate to the VM, compared to its actual utilization, as measured by performance counters. For example, with the Memory Buffer value set to 20 percent, a VM with applications and OS that consume 1 GB of memory will receive a dynamic allocation of 1.2 GB. Memory Weight Specifies a relative value that specifies the priority of this VM compared to the other VMs on the same computer. When the physical memory in the computer is insufficient to allocate the full-buffered amount specified for each VM, the VMs with the highest Memory Weight settings receive priority. NOTE RAM You can reduce the Minimum RAM, increase the Maximum RAM, or change the Memory Buffer value or the Memory Weight value at any time, but to enable or disable Dynamic Memory, you must shut down the VM. In addition to configuring the VM settings, the guest VM must be running Windows Vista or later or Windows Server 2003 SP2 or later and have Windows Server 2012 R2 Guest Integration Services installed to use Dynamic Memory. Objective 3.1: Create and configure virtual machine settings CHAPTER 3 151 NOTE USING WINDOWS POWERSHELL To configure the memory settings for a VM, use the Set-VMMemory cmdlet by using the following basic syntax: Set-VMMemory <VM name> -DynamicMemoryEnabled $true -MinimumBytes <memory> -StartupBytes <memory> -MaximumBytes <memory> -Priority <value> -Buffer <percentage> For example, to configure the memory settings for the VM ServerA, enabling Dynamic Memory and configuring values for all of its settings, use the following command: Set-VMMemory ServerA -DynamicMemoryEnabled $true -MinimumBytes 64MB CONFIGURING SMART PAGING Dynamic Memory was introduced in Windows Server 2008 R2 Hyper-V, but Windows Server 2012 R2 improves on the concept by adding the Minimum RAM setting. This makes it possible for Hyper-V to reduce the memory used by a VM to a level lower than that needed to start the system, reclaiming that memory for other uses. The problem with having minimum RAM values that are lower than the startup RAM values is that it becomes possible to deplete the supply of physical memory with too many VMs running simultaneously at their minimum RAM values. If this occurs, a VM that has to restart might be unable to do so because there is not enough free memory to increase its memory allocation from its minimum RAM value to its startup RAM value. To address this possibility, Hyper-V includes a feature called smart paging. If a VM has to restart and there is not enough memory available to allocate its startup RAM value, the system uses hard disk space to make up the difference and begins paging memory contents to disk. Disk access rates are far slower than memory access rates, of course, so smart paging incurs a severe performance penalty, but the paging occurs only for as long as it takes to restart the VM and return it to its minimum RAM allocation. Hyper-V only uses smart paging in specific conditions: when a VM must be restarted, there is no free memory available, and there are no other means available to free up the necessary memory. You can select the Smart Paging File Location page in a VM’s Setting dialog box to specify a location for the paging file. Selecting the fastest possible hard drive is recommended. Configuring resource metering Resource metering is a Windows PowerShell–based feature in Windows Server 2012 R2 Hyper-V that enables administrators to document VM usage by using a variety of criteria. There are various reasons why organizations might want to track the use of VMs. For large corporations, it might be a matter of internal accounting and controlling ongoing expenses, 152 CHAPTER 3 Configuring Hyper-V such as wide area network (WAN) bandwidth. For service providers, it might be necessary to bill customers based on the VM resources they use. Resource metering uses Windows PowerShell cmdlets to track a variety of performance metrics for individual VMs, including the following: ■■ CPU utilization ■■ Minimum, maximum, and average memory utilization ■■ Disk space utilization ■■ Incoming and outgoing network traffic Resource metering statistics remain consistent, even when you transfer VMs between host systems by using Live Migration or move VHD files between VMs. To use resource metering, you must first enable it for the specific VM that you want to monitor by using the Enable-VMResourceMetering cmdlet with the following syntax: Enable-VMResourceMetering –VMName <name> Once you have enabled metering, you can display a statistical report at any time by using the Measure-VM cmdlet with the following syntax: Measure-VM –VMName <name> In addition to metering resources for entire VMs, administrators can also create resource pools that enable them to monitor specific VM components, such as processors, memory, network adapters, and VHDs. You create a resource pool by using the New-VMResourcePool cmdlet and then enable metering for the pool by using Enable-VMResourceMetering. By using techniques such as pipelining, administrators can use the resource metering cmdlets to gather data on VM performance and export it to applications or data files. Thought experiment Configuring virtual machine memory In the following thought experiment, apply what you’ve learned about this objective to predict what steps you need to take. You can find answers to these questions in the “Answers” section at the end of this chapter. Alice has a computer with 8 GB of memory installed and running Windows Server 2012 R2, which she has configured as a Hyper-V server. After creating eight VMs, each with a startup RAM value of 1,024 MB, Alice is having trouble getting all eight VMs to boot. What settings can she modify to resolve the problem without changing the startup RAM value? Objective 3.1: Create and configure virtual machine settings CHAPTER 3 153 Objective summary ■■ ■■ ■■ ■■ ■■ ■■ ■■ Virtualization is a process that adds a layer of abstraction between actual, physical hardware and the system making use of it. Instead of having the server access the computer’s hardware directly, an intervening component called a hypervisor creates a VM environment, and the server OS runs in that environment. Virtualization is the process of deploying and maintaining multiple instances of an OS, called VMs, on a single computer. Microsoft Hyper-V is a hypervisor-based virtualization system for x64 computers starting with Windows Server 2008. The hypervisor is installed between the hardware and the OS and is the main component that manages the virtual computers. For licensing purposes, Microsoft refers to each VM that you create on a Hyper-V server as a virtual instance. Each Windows Server 2012 R2 version includes licenses for a set number of virtual instances; you must purchase additional licenses to license additional instances. To keep a small footprint and minimal overhead, Hyper-V Server contains only the Windows Hypervisor, Windows Server driver model, and virtualization components. Hyper-V in Windows Server 2012 R2 supports two types of VMs: Generation 1 and Generation 2. Generation 1 VMs are designed to emulate the hardware found in a typical computer and are compatible with previous versions of Hyper-V. Generation 2 VMs use synthetic drivers and software-based devices instead and can only run on the Windows Server 2012 R2 Hyper-V. Windows Server 2012 R2 Hyper-V supports an enhanced session mode that enables the Virtual Machine Connection window to redirect a variety of local resources to VMs running Windows Server 2012 R2 or Windows 8.1. Objective review Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of this chapter. 1. Which of the following statements about Type I and Type II virtualization are true? (Choose all that apply.) A. In Type I virtualization, the hypervisor runs on top of a host OS. B. In Type I virtualization, the hypervisor runs directly on the computer hardware. C. In Type II virtualization, the hypervisor runs on top of a host OS. D. In Type II virtualization, the hypervisor runs directly on the computer hardware. 154 CHAPTER 3 Configuring Hyper-V 2. Which of the following types of server virtualization provides the best performance for high-traffic servers in production environments? A. Type I virtualization B. Type II virtualization C. Presentation virtualization D. RemoteApp 3. Which of the following Microsoft operating systems includes a license that enables you to license an unlimited number of virtual instances? A. Hyper-V Server B. Windows Server 2012 R2 Datacenter C. Windows Server 2012 R2 Standard D. Windows Server 2012 R2 Foundation 4. Which of the following Hyper-V features make it possible for a VM to function with a minimum RAM value that is lower than the startup RAM value? (Choose all that apply.) A. Smart paging B. Dynamic Memory C. Memory Weight D. Guest Integration Services 5. When you install the Hyper-V role on a server running Windows Server 2012 R2, the instance of the OS on which you installed the role is converted to what system element? A. The hypervisor B. The Virtual Machine Monitor C. The parent partition D. A child partition 6. Which of the following statements about Generation 1 and Generation 2 virtual ma- chines are true? (Choose all that apply.) A. You must create a Generation 1 VM before you can create a Generation 2 VM. B. Generation 2 VMs deploy faster than Generation 1 VMs. C. Generation 2 VMs only support Windows 8.1 and Windows Server 2012 R2 as guest operating systems. D. Generation 2 VMs use the same device drivers as Generation 1 VMs. Objective 3.1: Create and configure virtual machine settings CHAPTER 3 155 Objective 3.2: Create and configure virtual machine storage When you create a VM in Windows Server 2012 R2 Hyper-V, you emulate all the components that you typically find in a physical computer. When you virtualize memory, as discussed in Objective 3.1, “Create and configure virtual machine settings,” you take a portion of the physical memory in the computer and dedicate it to a VM. The same is true with hard disk space. Hyper-V uses a specialized VHD format to package part of the space on a physical disk and make it appear to the VM as though it is a physical hard disk drive. When you create a new Generation 1 VM in Hyper-V, the wizard creates a virtual storage subsystem that consists of two Integrated Drive Electronics (IDE) controllers and one Small Computer Systems Interface (SCSI) controller. The IDE controllers host the VM’s system drive and its DVD drive. Like their physical equivalents, each IDE controller can host two devices, so you can create two additional virtual drives and add them to the system. The SCSI controller in the default Generation 1 VM configuration is unpopulated, and you can create additional drives and add them to that controller to provide the VM with additional storage. In a Generation 2 VM, the system and DVD drives are connected to the default SCSI controller and there is no IDE alternative. In a VM of either generation, you can also create additional SCSI controllers and add drives to them. By creating multiple drives and controllers, Hyper-V makes it possible to construct virtual storage subsystems that emulate almost any physical storage solution you might devise. This objective covers how to: ■■ Create VHDs and VHDX ■■ Configure differencing drives ■■ Modify VHDs ■■ Configure pass-through disks ■■ Manage checkpoints ■■ Implement a virtual Fibre Channel adapter ■■ Configure storage Quality of Service (QoS) Virtual disk formats Windows Server 2012 R2 Hyper-V supports the original VHD disk image file and the new VHDX format. The original VHD format was created by a company called Connectix for its Virtual PC product. Microsoft later acquired the product and used the VHD format for all its subsequent virtualization products, including Hyper-V. There are three types of VHD files, as follows: 156 CHAPTER 3 Configuring Hyper-V ■■ ■■ ■■ Fixed hard disk image An image file of a specified size in which all the disk space required to create the image is allocated during its creation. Fixed disk images can be wasteful in terms of storage because they can contain large amounts of empty space, but they are also efficient from a performance standpoint because there is no overhead due to dynamic expansion. Dynamic hard disk image An image file with a specified maximum size, which starts small and expands as needed to accommodate the data the system writes to it. This option conserves disk space but can negatively affect performance. Differencing hard disk image A child image file associated with a specific parent image. The system writes all changes made to the data on the parent image file to the child image, to manage disk space or to facilitate a rollback at a later time. VHD images are limited to maximum size of 2 TB and are compatible with all versions of Hyper-V and Microsoft Type II hypervisor products, such as Virtual Server and Virtual PC. Windows Server 2012 introduced an updated version of the format, which uses a VHDX filename extension. VHDX image files can be as large as 64 TB, and they also support 4-KB logical sector sizes to provide compatibility with new 4-KB native drives. VHDX files can also use larger block sizes (up to 256 MB), which enable administrators to fine-tune the performance level of a virtual storage subsystem to accommodate specific applications and data file types. However, VHDX files are not backward compatible and can only be read by Windows Server 2012, Windows Server 2012 R2, Windows 8, and Windows 8.1 Hyper-V servers. If migrating your VMs from Windows Server 2012 R2 to an older version of Hyper-V is even a remote possibility, you should continue using the VHD file format. Creating virtual disks Windows Server 2012 R2 Hyper-V provides several ways to create virtual disk files. You can create them as part of a VM or create them at another time and add them to a VM. The graphical interface in Hyper-V Manager provides access to most of the VHD parameters, but the Windows PowerShell cmdlets included in Windows Server 2012 R2 provide the most granular control over the disk image format. Creating a virtual disk with a VM The New Virtual Machine Wizard includes a Connect Virtual Hard Disk page with which you can add a single disk to your new VM. The options for this disk are relatively limited and consist of the following: ■■ Create A Virtual Hard Disk Enables you to specify the name, location, and size of a new VHD. The wizard only allows you to create a dynamically expanding disk using the VHDX format, but you can also create fixed and differencing VHDX disks using Windows PowerShell. Objective 3.2: Create and configure virtual machine storage CHAPTER 3 157 ■■ ■■ Use An Existing Virtual Hard Disk Enables you to specify the location of an existing VHD or VHDX disk, which the VM will presumably use as its system disk. Attach A Virtual Hard Disk Later Prevents the wizard from adding any virtual disks to the VM configuration. The assumption is that you will manually add a disk later, before you start the VM. The object of this wizard page is to create the disk on which you will install the VM’s OS or to select an existing disk on which an OS is already installed. The disk the wizard creates is always a dynamically expanding one connected to IDE Controller 0 on a Generation 1 VM or connected to the SCSI Controller on a Generation 2 VM. NOTE VHDS It has become a common practice for Microsoft to release evaluation copies of its products as preinstalled VHD files as an alternative to the traditional installable disk images. After downloading one of these files, you can create a VM on a Hyper-V server and select the Use An Existing Virtual Hard Disk option to mount the VHD as its system drive. Creating a new virtual disk You can create a VHD file at any time without adding it to a VM by using the New Virtual Hard Disk Wizard in Hyper-V Manager. To create a new virtual disk, use the following procedure. 1. In Server Manager, on the Tools menu, select Hyper-V Manager. The Hyper-V Manager console opens. 2. In the left pane, select a Hyper-V server. 3. From the Action menu, select New, Hard Disk to start the New Virtual Hard Disk Wizard, displaying the Before You Begin page. 4. Click Next to open the Choose Disk Format page. 5. Select one of the following disk format options: ■■ ■■ VHD Creates an image no larger than 2 TB, using the highly compatible VHD format VHDX Creates an image up to 64 TB, using the new VHDX format 6. Click Next to open the Choose Disk Type page. 7. Select one of the following disk type options: ■■ ■■ ■■ 158 CHAPTER 3 Fixed Size Creates a disk of a specific size, allocating all of the space at once Dynamically Expanding Creates a disk that can grow to the maximum size you specify as you add data Differencing Creates a child drive that will contain changes made to a specified parent drive Configuring Hyper-V 8. Click Next. The Specify Name And Location page opens. 9. Specify a file name for the disk image in the Name text box and, if desired, specify a location for the file other than the server default. Click Next to open the Configure Disk page. 10. For fixed and dynamically expanding disks, select and configure one of the following options: ■■ ■■ ■■ Create A New Blank Virtual Hard Disk Specifies the size (or the maximum size) of the disk image file to create Copy The Contents Of The Specified Physical Disk Enables you to select one of the physical hard disks in the computer and copy its contents to the new disk image Copy The Contents Of The Specified Virtual Hard Disk Enables you to select an existing virtual disk file and copy its contents to the new disk image 11. Click Next. The Completing The New Virtual Hard Disk Wizard page opens. 12. Click Finish. The wizard creates the new image disk and saves it to the specified location. NOTE USING WINDOWS POWERSHELL You can create new VHD files by using Windows PowerShell, which gives you more control than is available through the graphical interface. To create a new disk image, use the New-VHD cmdlet with the following basic syntax: New-VHD –Path c:\filename.vhd|c:\filename.vhdx –Fixed|-Dynamic|-Differencing –SizeBytes <size> [-BlockSizeBytes <block size>] [-LogicalSectorSizeBytes 512|4096] [-ParentPath <pathname>] When using the cmdlet to create a disk image, the extension you specify for the filename determines the format (VHD or VHDX); also, you can specify the block size and the logical sector size for the image, two things you cannot do in the GUI. For example, the following command creates a 400-GB fixed VHDX image file with a logical sector size of 4 KB: New-VHD –Path c:\diskfile.vhdx –Fixed –SizeBytes 400GB -LogicalSectorSizeBytes 4096 Adding virtual disks to virtual machines Creating virtual disk image files as a separate process enables administrators to exercise more control over their capabilities, but after creating the VHD or VHDX files, you must add them to a VM for them to be useful. To add a hard disk drive to a physical computer, you must connect it to a controller; the same is true with a VM in Hyper-V. When you open the Settings dialog box for a Generation 1 VM in its default configuration, you see three controllers labeled IDE Controller 0, IDE Con- Objective 3.2: Create and configure virtual machine storage CHAPTER 3 159 troller 1, and SCSI Controller. These correspond to the controllers you might find in a typical physical server computer. Each IDE controller can support two devices and the default VM configuration uses one channel on IDE Controller 0 for the system hard disk and one channel on IDE controller 1 for the system’s DVD drive. If you did not create a virtual disk as part of the new Virtual Machine Wizard—that is, if you chose the Attach A Virtual Hard Disk Later option—then you must add a hard disk image to IDE Controller 0 to use as a system drive. A Generation 1 VM cannot boot from the SCSI controller. To add an existing virtual system drive to a VM, use the following procedure. 1. In Server Manager, on the Tools menu, select Hyper-V Manager to open the Hyper-V Manager console. 2. In the left pane, select a Hyper-V server. 3. Select a VM and, in the Actions pane, select Settings. The Settings dialog box for the VM appears. 4. Select IDE Controller 0, as shown in Figure 3-16. FIGURE 3-16 The IDE Controller interface in the Settings dialog box 160 CHAPTER 3 Configuring Hyper-V 5. In the IDE Controller box, select Hard Drive and click Add. The Hard Drive page opens, as shown in Figure 3-17. FIGURE 3-17 The Hard Drive interface in the Settings dialog box 6. In the Controller drop-down and the Location drop-down, select the IDE controller and the channel you want to use for the hard disk. 7. With the Virtual Hard Disk option selected, click Browse and select the disk image file you want to add. 8. Click OK to close the Settings dialog box. Although you cannot use a SCSI drive as the system disk in a Generation 1 VM, you can add virtual data disks to the SCSI controller. In Generation 2 VMs, you must create a SCSI system disk to boot the machine. . Unlike the IDE connectors, which support only two devices each, a SCSI connector in Hyper-V can support up to 64 drives. You can also add multiple SCSI controllers to a VM, providing almost unlimited scalability for your virtual storage subsystem. Objective 3.2: Create and configure virtual machine storage CHAPTER 3 161 Creating differencing disks A 1differencing disk enables you to preserve an existing virtual disk image file in its original state while mounting it in an operating system and even modifying its contents. For example, when building a laboratory setup, you can create a baseline system by installing a clean copy of an OS on a new virtual disk and configuring the environment to fit your needs. Then you can create a new child-differencing disk using your baseline image as the parent. All subsequent changes you make to the system will then be written to the differencing disk while the parent remains untouched. You can experiment on the test system as you wish, knowing that you can revert to your baseline configuration by just creating a new differencing disk. You can create multiple differencing disks that point to the same parent image, enabling you to populate a lab network with as many VMs as you need, which saves disk space and eliminates the need to repeatedly install the OS. To create a cloned version of a baseline installation with a differencing disk, use the following procedure. 1. Install and configure the baseline VM Create a new VM with a new disk image file and install a guest OS on it. Configure the OS as needed and install any roles, features, applications, or services you need. 2. Generalize the parent image Open an elevated command prompt on the base- line system and run the Sysprep.exe utility with the appropriate parameters for your requirements. Sysprep configures the system to assign itself a new, unique security ID (SID) the next time the computer starts. This enables you to create multiple cloned systems from a single disk image. 3. Create a parent disk image Once you have generalized the baseline installation, you no longer need the original VM. You can delete everything except the VHD or VHDX file containing the disk image. This will become your parent image. Open the Properties sheet for the image file and set the read-only flag to ensure that the baseline does not change. 4. Create a differencing disk By using the New Virtual Hard Disk Wizard or the New- VHD cmdlet for Windows PowerShell, create a new differencing disk pointing to the baseline image you created and prepared earlier as the parent image. 5. Create a cloned VM Create a new VM and, on the Connect Virtual Hard Disk page, attach the differencing disk you just created to it by using the Use An Existing Virtual Hard Disk option. You can then proceed to create additional cloned VMs with differencing disks that all use the same parent. Each one can function independently and the parent disk will remain unchanged. When you create a differencing drive by using the New Virtual Hard Disk Wizard, selecting the Differencing option on the Choose Disk Type page causes the Configure Disk page to 162 CHAPTER 3 Configuring Hyper-V appear as shown in Figure 3-18. In the Location text box, specify the name of the file that you want to use as the parent image. In the same way, if you create the differencing disk by using Windows PowerShell, you must run the New-VHD cmdlet with the –Differencing parameter and the –ParentPath parameter, specifying the location of the parent disk. FIGURE 3-18 The Configure Disk page in the New Virtual Hard Disk Wizard Configuring pass-through disks This objective has thus far been concerned primarily with VHDs, areas of space on a physical disk drive allocated for use by VMs. However, it is also possible for VMs to access physical disks directly. A pass-through disk is a type of virtual disk that points to a physical disk drive installed on the host computer. When you add a hard drive to any of the controllers in a VM, you have the option of selecting a physical hard disk as opposed to a virtual one. To add a physical hard disk to a VM, the VM must have exclusive access to it. This means that you must first take the disk offline in the parent OS by using the Disk Management snap-in, as shown in Figure 3-19, or the Diskpart.exe utility. Once the disk is offline, it will be available for selection in the Physical Hard Disk drop-down list. Objective 3.2: Create and configure virtual machine storage CHAPTER 3 163 FIGURE 3-19 An offline disk in the Disk Management snap-in Modifying virtual disks Windows Server 2012 R2 and Hyper-V provide several ways for administrators to manage and manipulate VHD images without mounting them in a VM. Once you have created a VHD, whether you have attached it to a VM or not, you can manage it by using the Edit Virtual Hard Disk Wizard in Hyper-V Manager. To edit an existing VHD or VHDX file, use the following procedure. 1. In Server Manager, on the Tools menu, select Hyper-V Manager to open the Hyper-V Manager console. 2. In the left pane, select a Hyper-V server. 3. In the Actions pane, select Edit Disk. The Edit Virtual Hard Disk Wizard starts, display- ing the Before You Begin page. 4. Click Next to open the Locate Disk page. 5. Type or browse to the name of the VHD or VHDX file you want to open and click Next. The Choose Action page appears. 6. Select one of the following functions: ■■ ■■ ■■ 164 CHAPTER 3 Compact Reduces the size of a dynamically expanding or differencing disk by deleting empty space while leaving the disk’s capacity unchanged Convert Changes the type of format of a disk by copying the data to a new disk image file Expand Increases the capacity of the disk by adding empty storage space to the image file Configuring Hyper-V ■■ ■■ Shrink Reduces the capacity of the disk by deleting empty storage space from the file Merge Combines the data on a differencing disk with that of the parent disk to form a single composite image file 7. Click Next to open the Completing The Edit Virtual Hard Disk Wizard page. 8. Complete any new pages presented by the wizard as a result of your selection and click Finish. The options that appear on the wizard’s Choose Action page depend on the current status of the image file you select. For example, the Merge option only appears if you choose a differencing disk, and the Shrink option does not appear unless there is free space in the file that the wizard can delete. In addition to these disk-editing functions provided by Hyper-V Manager, it is possible to use the Disk Management snap-in on the Hyper-V host to mount a VHD or VHDX file as a drive and access its contents, just as if it were a physical disk. To mount a VHD file, use the following procedure. 1. In Server Manager, on the Tools menu, select Computer Management to open the Computer Management console. 2. In the left pane, select Disk Management. The Disk Management snap-in opens. 3. From the Action menu, select Attach VHD. The Attach Virtual Hard Disk dialog box appears. 4. In the Location text box, type or browse to the image disk file you want to attach and click OK. The disk appears in the Disk Management interface. 5. Close the Computer Management console. At this point, you can work with the virtual disk and its contents using any standard tools, just as you would a physical hard disk drive. To detach the VHD, you use the same procedure and select Detach VHD from the Action menu. Creating checkpoints In Hyper-V, a checkpoint is a captured image of the state, data, and hardware configuration of a VM at a particular moment in time. Creating checkpoints is a convenient way for administrators to revert a VM to a previous state at will. For example, if you create a checkpoint just before applying a system update, and the update is somehow problematic, you can apply the checkpoint and return the VM to the state in which it was before you applied the update. EXAM TIP Prior to Windows Server 2012 R2, the checkpoints in Hyper-V were known as snapshots. Checkpoints function in exactly the same way as snapshots; only the name is changed. You can expect to see either term on the 70-410 exam. Objective 3.2: Create and configure virtual machine storage CHAPTER 3 165 Creating a checkpoint is as simple as selecting a running VM in Hyper-V Manager and selecting Checkpoint from the Actions pane. The system creates a checkpoint file with an AVHD or AVHDX extension, in the same folder as the VHD file, and adds the checkpoint to the Hyper-V Manager display, as shown in Figure 3-20. FIGURE 3-20 A checkpoint in Hyper-V Manager Checkpoints are a useful tool for administrators implementing a test environment in Hyper-V, but they are not recommended for heavy use in production environments. In addition to consuming disk space, the presence of checkpoints can reduce the overall performance of a VM’s disk subsystem. Administrators also should not use checkpoints on VMs containing databases—such as those created by SQL Server, Exchange, or Windows domain controllers—because the checkpointing process does not account for the current state of the database, and corruption might occur. Configuring Storage Quality of Service (QoS) Because it is common for there to be more than one virtual hard disk hosted by a single physical hard disk, it is possible for one virtual disk to monopolize the input/output capacity of a physical disk, causing the other virtual disks to slow down. To help prevent this, Windows Server 2012 R2 enables you to control the Quality of Service (QoS) for a given virtual hard disk. QoS management in Hyper-V takes the form of controls that enables you to specify the minimum and maximum input/output operations per second (IOPS) for a disk. To configure 166 CHAPTER 3 Configuring Hyper-V storage QoS, open the Settings dialog box for a VM, expand a hard drive component, and select Advanced Features to display the Advanced Features page shown in Figure 3-21. FIGURE 3-21 Storage Quality of Service controls in Hyper-V Manager After selecting the Enable Quality of Service Management check box, you can specify Minimum IOPS values and Maximum IOPS values for the disk in 8 KB increments. Connecting to a storage area network (SAN) At its most basic level, a storage area network (SAN) is simply a network dedicated to highspeed connections between servers and storage devices. Instead of installing disk drives into servers or connecting them by using an external SCSI bus, a SAN consists of one or more drive arrays equipped with network interface adapters, which you connect to your servers by using standard twisted pair or fiber optic network cables. A SAN-connected server, therefore, typically has at least two network adapters, one for the standard local area network (LAN) connection and one for the SAN, as shown in Figure 3-22. Objective 3.2: Create and configure virtual machine storage CHAPTER 3 167 Server Workstation Drive Array Server Workstation Local Area Network Drive Array Drive Array Storage Area Network FIGURE 3-22 A server connected to a SAN The advantages of SANs are many. By connecting the storage devices to a network instead of to the servers themselves, you avoid the limitations imposed by the maximum number of devices you can connect directly to a computer. SANs also provide added flexibility in their communications capabilities. Because any device on a SAN can conceivably communicate with any other device on the same SAN, high-speed data transfers can occur in any of the following ways: ■■ ■■ ■■ Server to storage Servers can access storage devices over the SAN just as if they were connected directly to the computer. Server to server Servers can use the SAN to communicate directly with one another at high speeds to avoid flooding the LAN with traffic. Storage to storage Storage devices can communicate among themselves without server intervention, for example, to perform backups from one medium to another or to mirror drives on different arrays. Although a SAN is not in itself a high-availability technology, you can make it one by connecting redundant servers to the same network, as shown in Figure 3-23, enabling them to access the same data storage devices. If one server should fail, another can assume its roles by accessing the same data. This is called server clustering. 168 CHAPTER 3 Configuring Hyper-V Server Drive Array Server Server Workstation Drive Array Server Workstation Drive Array Local Area Network Storage Area Network FIGURE 3-23 Multiple servers connected to a SAN Because they use standard networking technologies, SANs can also greatly extend the distances between servers and storage devices. You can design a SAN that spans different rooms, different floors, or even different buildings, just as you would a standard computer network. Servers and storage devices cannot exchange SCSI commands over a SAN connection the way they do when the devices are directly connected using a SCSI cable. To communicate over a SAN, servers and storage devices map their SCSI communications onto another protocol, such as Fibre Channel. Using Fibre Channel Fibre Channel is a versatile SAN communications technology supporting various network media, transmission speeds, topologies, and upper-level protocols. Its primary disadvantage is that it requires specialized hardware that can be extremely expensive. MORE INFORMATION FIBRE CHANNEL The nonstandard spelling of the word fibre in Fibre Channel is deliberate, to distinguish the term from fiber optic. Fibre Channel can run on either twisted-pair copper cables or it can run on optical cables, whereas the spelling fiber always refers to an optical medium. Objective 3.2: Create and configure virtual machine storage CHAPTER 3 169 Installing a traditional Fibre Channel SAN entails building an entirely new network with its own special medium, switches, and network interface adapters. In addition to the hardware costs, which can easily be 10 times those of a traditional Ethernet network, there are also installation and maintenance expenses to consider. Fibre Channel is a rather esoteric technology, with relatively few experts in the field. To install and maintain a Fibre Channel SAN, an organization must either hire experienced staff or train existing personnel on the new technology. However, there is also a variant called Fibre Channel over Ethernet (FCoE) that uses standard Ethernet hardware and is therefore much less expensive. Connecting virtual machines to a SAN The specialized networking technologies used to build Fibre Channel SANs have, in the past, made it difficult to use them with virtualized servers. However, since the Windows Server 2012 implementation, Hyper-V has supported the creation of virtual Fibre Channel adapters. A Hyper-V Fibre Channel adapter is essentially a pass-through device that enables a VM to access a physical Fibre Channel adapter installed in the computer, and through that, to access the external resources connected to the SAN. With this capability, applications running on VMs can access data files stored on SAN devices and administrators can use VMs to create server clusters with shared storage subsystems. To support virtual Fibre Channel connectivity, the physical Fibre Channel host bus adapter(s) in the host computer must have drivers that explicitly support virtual Fibre Channel. This support is relatively rare, but more manufacturers are expected to update their drivers to provide the necessary support. Your SAN must also be able to address its connected resources by using logical unit numbers (LUNs). Assuming you have the appropriate hardware and software installed on the host computer, you implement the Fibre Channel capabilities in Hyper-V by first creating a virtual SAN by using the Virtual SAN Manager, accessible from Hyper-V Manager. When you create the virtual SAN, the World Wide Node Names (WWNNs) and World Wide Port Names (WWPNs) of your host bus adapter appear, as shown in Figure 3-24. 170 CHAPTER 3 Configuring Hyper-V FIGURE 3-24 WWNNs and WWPNs in a virtual SAN The next step is to add a Fibre Channel adapter to a VM from the Add Hardware page in the Settings dialog box. When you do this, the virtual SAN you created earlier is available on the Fibre Channel Adapter page, shown in Figure 3-25. Hyper-V virtualizes the SAN and makes the WWNNs and WWPNs available to the VM. Objective 3.2: Create and configure virtual machine storage CHAPTER 3 171 FIGURE 3-25 A Fibre Channel adapter in a VM Thought experiment Creating a VHD In the following thought experiment, apply what you’ve learned about this objective to predict what steps you need to take. You can find answers to these questions in the “Answers” section at the end of this chapter. Ed wants to create a new VHD file on his Hyper-V server by using Windows PowerShell. He runs the Get-Disk cmdlet and receives the following results: Number Friendly Name Operational Total Status Size Partition Style 0 WDC WD5003ABYX-18WERA0 Online 465.76 GB MBR 1 WDC WD1002FAEX-00Z3A0 Online 931.51 GB GPT What command should Ed use to create a new 500-GB fixed VHD for his Server A VM, in the Windows Server 2012 R2 format, using data from the 465-GB drive on his computer, and a 4,096-byte sector size? 172 CHAPTER 3 Configuring Hyper-V Objective summary ■■ ■■ ■■ ■■ ■■ ■■ ■■ ■■ Hyper-V uses a specialized VHD format to package part of the space on a physical disk and make it appear to the VM as though it is a physical hard disk drive. A dynamic hard disk image is an image file with a specified maximum size, which starts small and expands as needed to accommodate the data the system writes to it. A differencing hard disk image is a child image file associated with a specific parent image. The system writes all changes made to the operating system to the child image, to facilitate a rollback at a later time. VHDX image files in Windows Server 2012 R2 can be as large as 64 TB, and they also support 4-KB logical sector sizes to provide compatibility with new 4-KB native drives. A pass-through disk is a type of virtual disk that points to a physical disk drive installed on the host computer. In Hyper-V, a checkpoint is a captured image of the state, data, and hardware configuration of a VM at a particular moment in time. QoS management in Hyper-V takes the form of controls that enable you to specify the minimum and maximum input/output operations per second (IOPS) for a disk. The specialized networking technologies used to build Fibre Channel SANs have, in the past, made it difficult to use them with virtualized servers. However, Windows Server 2012 R2 Hyper-V supports the creation of virtual Fibre Channel adapters. Objective review Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of this chapter. 1. Which of the following statements about VHDX files is not true? A. VHDX files can be as large as 64 TB. B. VHDX files can only be opened by computers running Windows Server 2012 and Windows Server 2012 R2. C. VHDX files support larger block sizes than VHD files. D. VHDX files support 4-KB logical sectors. 2. Which of the following must be true about a pass-through disk? A. A pass-through disk must be offline in the guest OS that will access it. B. A pass-through disk must be offline in the parent partition of the Hyper-V server. C. A pass-through disk can only be connected to a SCSI controller. D. A pass-through disk must be added to a VM with the Disk Management snap-in. Objective 3.2: Create and configure virtual machine storage CHAPTER 3 173 3. The Merge function only appears in the Edit Virtual Hard Disk Wizard under which of the following conditions? A. When you select a VHDX file for editing B. When you select two or more disks for editing C. When you select a disk with free space available in it D. When you select a differencing disk for editing 4. Which of the following are valid reasons not to take checkpoints of VMs? (Choose all that apply.) A. Checkpoints can consume a large amount of disk space. B. Each checkpoint requires a separate copy of the VM’s memory allocation. C. Each checkpoint can take several hours to create. D. The existence of checkpoints slows down VM performance. 5. Which of the following is not required to add a Fibre Channel adapter to a Hyper-V VM? A. You must create a Fibre Channel virtual SAN. B. You must have a physical Fibre Channel adapter installed in the host computer. C. You must have a Fibre Channel adapter driver that supports virtual networking. D. You must have a SCSI cable connecting the Fibre Channel adapter to the storage devices. Objective 3.3: Create and configure virtual networks Networking is a critical part of creating a VM infrastructure. Depending on your network plan, the VMs you create on a Windows Server 2012 R2 Hyper-V server can require communication with other VMs, with the computers on your physical network, and with the Internet. When you build a network out of physical computers, you install a network interface adapter in each one and connect it to a hardware switch. The same principle is true in a Hyper-V environment, except that you use virtual components instead of physical ones. Each VM you create has at least one virtual network adapter and you can connect that adapter to a virtual switch. This enables you to connect the VMs on your Hyper-V server in various network configurations that either include or exclude the systems on your physical network. You can create multiple virtual switches on a Hyper-V server and multiple network adapters in each VM. This enables you to create a flexible networking environment that is suitable for anything from a laboratory or classroom network to a production environment. In addition, Windows Server 2012 R2 has added the ability to create extensions for virtual switches so that software developers can enhance their capabilities. 174 CHAPTER 3 Configuring Hyper-V This objective covers how to: ■■ Implement Hyper-V Network Virtualization ■■ Configure Hyper-V virtual switches ■■ Optimize network performance ■■ Configure MAC addresses ■■ Configure network isolation ■■ Configure synthetic and legacy virtual network adapters ■■ Configure network interface card (NIC) teaming in VMs Creating virtual switches A virtual switch, like its physical counterpart, is a device that functions at Layer 2 of the Open Systems Interconnect (OSI) reference model. A switch has a series of ports, each of which is connected to a computer’s network interface adapter. Any computer connected to the switch can transmit data to any other computer connected to the same switch. Unlike physical switches, the virtual switches created by Hyper-V can have an unlimited number of ports, so administrators don’t have to be concerned about connecting switches together or about uplinks and crossover circuits. Creating the default virtual switch The Windows Server 2012 R2 Add Roles and Features Wizard provides the opportunity to create virtual switches when you install the Hyper-V role. When you install Hyper-V on a server running Windows Server 2012 R2, the Create Virtual Switches page provides you with the opportunity to create a virtual switch for each of the physical network adapters installed in the host computer. These switches enable VMs to participate on the networks to which the physical adapters are connected. When you create a virtual switch, the networking configuration in the host OS on the parent partition changes. The new virtual switch appears in the Network Connections window, and if you examine its properties, you can see that the switch is bound to the operating system’s TCP/IP client, as shown in Figure 3-26. Meanwhile, Hyper-V also changes the properties of original network connection representing the physical network interface adapter in the computer. The physical network adapter is now bound only to the virtual switch, as shown in Figure 3-27. As a result, the computer’s physical network configuration, in which its network adapter is connected to an external physical switch, is overlaid by the virtual network configuration created by Hyper-V. In this virtual configuration, the virtual switch is connected to the physical switch and the network adapter in the host OS is connected to the virtual switch. The Objective 3.3: Create and configure virtual networks CHAPTER 3 175 internal virtual network and the external physical network are joined into a single LAN, just as if you connected two physical switches. FIGURE 3-26 A virtual switch and its properties, displayed in the host OS FIGURE 3-27 A network interface adapter in the host OS, bound to a virtual switch Once Hyper-V has created the virtual switch and made these configuration changes, any new VMs that administrators choose to connect to the virtual switch become part of this conjoined network, as do any physical computers connected to the physical network through an external switch. 176 CHAPTER 3 Configuring Hyper-V This type of virtual switch is, in Hyper-V terminology, an external network switch because it provides connections external to the Hyper-V environment. This is typically the preferred arrangement for a production network in which Hyper-V VMs provide and consume services for the entire network. For example, a VM connected to this switch will automatically obtain an IP address from a Dynamic Host Configuration Protocol (DHCP) server on the physical network, if there is one. As an alternative, you could configure a VM as a DHCP server and let it provide addresses to all of the systems on the network, virtual or physical. Perhaps more important, this arrangement can also enable your VMs to access the Internet by using the router and DNS servers on the external network. The VMs can then download OS updates from servers on the Internet, just as external machines often do. There are situations in which this type of virtual switch is inappropriate. If you are creating a laboratory network for product testing or a classroom network, you might not want it to be accessible to or from the external network. In these cases, you must create a different type of virtual switch by using the Virtual Switch Manager in Hyper-V Manager. Creating a new virtual switch Hyper-V in Windows Server 2012 R2 supports three types of switches, which you must create in the Virtual Switch Manager before you can connect VMs to them. To create a new virtual switch, use the following procedure. 1. In Server Manager, on the Tools menu, select Hyper-V Manager to open the Hyper-V Manager console. 2. In the left pane, select a Hyper-V server. 3. From the Actions pane, select Virtual Switch Manager. The Virtual Switch Manager dialog box for the Hyper-V server opens, as shown in Figure 3-28. Objective 3.3: Create and configure virtual networks CHAPTER 3 177 FIGURE 3-28 The Virtual Switch Manager dialog box 4. In the Create Virtual Switch section, select one of the following switch types: ■■ ■■ ■■ 178 CHAPTER 3 External The virtual switch is bound to the networking protocol stack in the host OS and connected to a physical network interface adapter in the Hyper-V server. VMs running on the server’s parent and child partitions can all access the physical network to which the physical adapter is connected. Internal An internal network switch is bound to a separate instance of the networking protocol stack in the host OS, independent from the physical network interface adapter and its connected network. VMs running on the server’s parent and child partitions can all access the virtual network implemented by the virtual switch; the host OS on the parent partition can access the physical network through the physical network interface adapter, but the VMs on the child partitions cannot access the physical network through the physical adapter. Private A private network switch exists only in the Hyper-V server and is accessible only to the VMs running on the child partitions. The host OS on the parent Configuring Hyper-V partition can access the physical network through the physical network interface adapter, but it cannot access the virtual network created by the virtual switch. 5. Click Create Virtual Switch to open the Virtual Switch Properties page. 6. Configure the following options, if desired: ■■ ■■ ■■ Allow Management Operating System To Share This Network Adapter Selected by default when you create an external virtual switch, clearing this check box excludes the host OS from the physical network while allowing access to the child VMs. Enable Single Root I/O Virtualization (SR-IOV) Enables you to create an external virtual switch that is associated with a physical network adapter capable of supporting SR-IOV. This option is only available when creating a new virtual switch; you cannot modify an existing virtual switch to use this option. Enable Virtual LAN Identification For Management Operating System If your host computer is connected to a physical switching infrastructure that uses virtual LANs (VLANs) to create separate subnets, you can select this check box and enter a VLAN identifier to associate the virtual switch with a particular VLAN on your physical network. 7. Click OK. The new virtual switch appears in the left pane, in the list of virtual switches. You can create additional virtual switches as needed. You can create only one external switch for each physical network adapter in the computer, but you can create multiple internal or private switches to create as many virtual networks as you need. NOTE USING WINDOWS POWERSHELL To create a new virtual switch by using Windows PowerShell, use the New-VMSwitch cmdlet with the following basic syntax: New-VMSwitch <switch name> -NetAdapterName <adapter name> [-SwitchType Internal|Private] For example, to create an external switch called LAN Switch, you would use the following command: New-VMSwitch “LAN Switch” –NetAdapterName “Ethernet” Configuring MAC addresses Every network interface adapter has a Media Access Control (MAC) address—sometimes called a hardware address—that uniquely identifies the device on the network. On physical network adapters, the MAC is assigned by the manufacturer and permanently entered in the adapter’s firmware. The MAC address is a 6-byte hexadecimal value, the first three bytes of which are an organizationally unique identifier (OUI) that specifies the manufacturer, and the last three bytes of which identify the adapter itself. Objective 3.3: Create and configure virtual networks CHAPTER 3 179 The MAC address is essential to the operation of a LAN, so the virtual network adapters on a Hyper-V server need to have them. The server has at least one real MAC address, provided in its physical network adapter, but Hyper-V cannot use that one address for all the virtual adapters connecting VMs to the network. Instead, Hyper-V creates a pool of MAC addresses during the installation of the role and it assigns addresses from this pool to VMs as you create them. To view or modify the MAC address pool for the Hyper-V server, you open the Virtual Switch Manager and, under Global Network Settings, select MAC Address Range, as shown in Figure 3-29. FIGURE 3-29 The MAC Address Range in the Virtual Switch Manager The first three bytes of the MAC address range are always 00-15-5D, which is an OUI registered by Microsoft. The fourth and fifth bytes of the MAC address are the last two bytes of the IP address assigned to the server’s physical network adapter, converted to hexadecimal notation. The sixth and last byte of the MAC address contains the range of values from 00 to FF, which provides 256 possible addresses. 180 CHAPTER 3 Configuring Hyper-V The Hyper-V server assigns the MAC addresses to the network adapters in VMs as administrators create the adapters. The adapters retain their MAC addresses permanently or until the adapter is removed from the VM. The server reclaims any unused addresses and reuses them. The default pool of 256 addresses is expected to be sufficient for most Hyper-V VM configurations, but if it is not, you can modify the Minimum and Maximum values to enlarge the pool. To prevent address duplication, you should change the second-to-last byte only, making it into a range of addresses like the last byte. For example, the range illustrated in the figure provides 256 addresses with the following values: 00-15-1D-02-12-00 to 00-15-1D-02-12-FF Modifying only the least significant digit, as in the following values, increases the pool from 256 to 4,096: 00-15-1D-02-10-00 to 00-15-1D-02-1F-FF WARNING MAC ADDRESSES When you modify the MAC address pool and you have other Hyper-V servers on your network, you must be careful not to create an overlap situation in which duplicate MAC addresses can occur or networking problems can result. Creating virtual network adapters Once you have created virtual switches in Hyper-V Manager, you can connect VMs to them by creating and configuring virtual network adapters. When you create a new VM, the default configuration includes one virtual network adapter. The New Virtual Machine Wizard includes a Configure Networking page, on which you can select one of the virtual switches you have created. If you have created only the default external virtual switch when installing Hyper-V, then connecting a VM to that switch joins the system to the physical network. If you want to create additional network adapters in your VMs, you must use the following procedure. 1. In Server Manager, on the Tools menu, select Hyper-V Manager to open the Hyper-V Manager console. 2. In the left pane, select a Hyper-V server. 3. In the Virtual Machines list, select a VM and, in the Actions pane, click Settings. The Settings dialog box for the VM appears. 4. In the Add Hardware list, select Network Adapter and click Add. A new adapter appears in the Hardware list, as shown in Figure 3-307. Objective 3.3: Create and configure virtual networks CHAPTER 3 181 FIGURE 3-30 A new network adapter in the Settings dialog box 5. In the Virtual Switch drop-down list, select the switch to which you want to connect the network adapter. 6. If your host computer is connected to a physical switching infrastructure that uses VLANs to create separate subnets, you can select the Enable Virtual LAN Identification check box and enter a VLAN identifier to associate the network adapter with a particular VLAN on your physical network. 7. To control the amount of network bandwidth allocated to the network adapter, select the Enable Bandwidth Management check box and supply values for the Minimum Bandwidth and Maximum Bandwidth settings. 8. Click OK. The settings are saved to the VM configuration. You can create up to 12 network adapters on a Windows Server 2012 R2 Hyper-V server: eight synthetic and four emulated. 182 CHAPTER 3 Configuring Hyper-V Synthetic adapters and emulated adapters Selecting the Network Adapter option on the Add Hardware page creates what is known in Hyper-V terminology as a synthetic network adapter. Hyper-V supports two types of network and storage adapters: synthetic and emulated (sometimes called legacy). A synthetic adapter is a purely virtual device that does not correspond to a real-world product. Synthetic devices in a VM running on a child partition communicate with the parent partition by using a high-speed conduit called the VMBus. The virtual switches you create in Hyper-V reside in the parent partition and are part of a component called the network Virtualization Service Provider (VSP). The synthetic network adapter in the child partition is a Virtualization Service Client (VSC). The VSP and the VSC are both connected to the VMBus, which provides interpartition communications, as shown in Figure 3-31. The VSP, in the parent partition, provides the VSC, in the child partition, with access to the physical hardware in the host computer; that is, the physical network interface adapter. Parent Partition Child Partition Application Application TCP/IP Stack TCP/IP Stack VSC VSC Virtual Switch Synthetic Adapter VMBus Hardware Hypervisor FIGURE 3-31 Synthetic network adapters communicate by using the VMBus Because they have access to the hardware through the VMBus, synthetic adapters provide a much higher level of performance than the alternative, emulated adapters. Synthetic adapters are implemented as part of the Guest Integration Services package that runs on supported guest OSs. The main drawback of synthetic network adapters is that they are not operational until the OS is loaded on the VM. An emulated adapter—sometimes called a legacy adapter—is a standard network adapter driver that communicates with the parent partition by making calls directly to the hypervisor, which is external to the partitions, as shown in Figure 3-32. This communication method is Objective 3.3: Create and configure virtual networks CHAPTER 3 183 substantially slower than the VMBus used by the synthetic network adapters and is therefore less desirable. FIGURE 3-32 Emulated network adapters communicate by using the hypervisor To install an emulated adapter, you use the same procedure described earlier, except that you select Legacy Network Adapter from the Add Hardware list. Unlike synthetic adapters, emulated adapters load their drivers before the OS, so it is possible to boot the VM by using the Preboot eXecution Environment (PXE) and then deploy an OS over the network. This is one of two scenarios in which using an emulated adapter is preferable to using a synthetic adapter. The other is when you are installing an OS on your VMs that does not have a Guest Integration Services package available for it. Configuring hardware acceleration settings Some physical network interface adapters have features that are designed to improve performance by offloading certain functions from the system processor to components built into the adapter itself. Hyper-V includes support for some of these features, as long as the hardware in the physical network adapter supports them properly. When you expand a network adapter in the Settings dialog box of a VM, you gain access to the Hardware Acceleration page. On this page, you can configure the following hardware acceleration settings: ■■ 184 Enable Virtual Machine Queue Virtual machine queue (VMQ) is a technique that stores incoming packets intended for VMs in separate queues on the physical network adapter and delivers them directly to the VMs, bypassing the processing normally performed by the virtual switch on the parent partition. CHAPTER 3 Configuring Hyper-V ■■ ■■ Enable IPsec Task Offloading Uses the components on the network adapter to perform some of the cryptographic functions required by IPsec. You can also specify the maximum number of security associations you want the adapter to be able to calculate. Single-Root I/O Virtualization Enables the virtual adapter to take advantage of the SR-IOV capabilities of the physical adapter. Configuring advanced network adapter features The Advanced Features page provides additional options for supporting network adapter capabilities, as follows: ■■ ■■ ■■ ■■ ■■ Static MAC Address By default, virtual network adapters receive a dynamically assigned MAC address from the Hyper-V server. However, you can opt to create a static MAC address by using this option. The only requirement is that no other adapter, virtual or physical, on the same network uses the same address. Enable MAC Address Spoofing When enabled, the port in the virtual switch to which the virtual network adapter is connected can send and receive packets that contain any MAC address. The virtual switch port can also learn of new MAC addresses and add them to its forwarding table. Enable DHCP Guard Prevents the adapter from processing messages sent by rogue DHCP servers. Port Mirroring Mode Enables the adapter to forward all the packets it receives over the network to another virtual adapter for analysis by using an application such as Network Monitor. NIC Teaming Enables the adapter to add its bandwidth to that of other adapters in the same guest OS in a NIC teaming arrangement. Configuring NIC teaming in a virtual network environment As explained in objective 1.2, “Configuring Servers,” NIC teaming is a Windows feature that enables administrators to join multiple network adapters into a single entity for performance enhancement or fault tolerance purposes. Hyper-V virtual machines can also take advantage of NIC teaming, but they are limited to teams of only two, as opposed to the host operating system, which can have teams of up to 64 NICs. To use NIC teaming in Hyper-V, you must complete three basic tasks, as follows: 1. Create the NIC team in the Windows Server 2012 R2 host operating system. 2. In Hyper-V Manager, create an external virtual switch using the NIC team. 3. Configure the network adapter in a virtual machine to connect to the virtual switch representing the NIC team. Objective 3.3: Create and configure virtual networks CHAPTER 3 185 Creating the NIC team NIC teams must consist of physical network interface adapters, so before you can use a NIC team in a virtual machine, you must create it in the host operating system. After installing two NICs in the computer, you can create a NIC team with Server Manager in the usual manner, using the settings shown in Figure 3-33. Creating the team installs the Microsoft Network Adapter Multiplexor Driver, which appears as one of the components of the network connection representing the team. FIGURE 3-33 The NIC Teaming dialog box 186 CHAPTER 3 Configuring Hyper-V Creating the team virtual switch Once you have created the NIC team, you can open the Virtual Switch Manager and create a new virtual switch by selecting the External network option and choosing Microsoft Network Adapter Multiplexor Driver from the drop-down list, as shown in Figure 3-34. FIGURE 3-34 The Virtual Switch Properties settings for a NIC team switch Configuring a NIC team virtual network adapter To configure a virtual machine to use a NIC team, you must use the Settings dialog box to modify the properties for a virtual network adapter, configuring it to use the team switch you created in the previous section, as shown in Figure 3-35. Objective 3.3: Create and configure virtual networks CHAPTER 3 187 FIGURE 3-35 The Network Adapter settings for a NIC team adapter Finally, you must open the Advanced Features page for the network adapter and select the Enable The Network Adapter To Be Part Of A Team In The Guest Operating System check box. At this point, the NIC team is operational for the virtual machine. You can unplug one of the network cables and the system will maintain its connection to the network. Creating virtual network configurations Hyper-V makes it possible to extend nearly any existing physical network configuration into its virtual space or create a completely separated and isolated network within the Hyper-V environment. The basic default configuration of a Hyper-V VM connects its network adapter to an external virtual switch, thus attaching the guest OS on the VM to the outside network. The VM can then take advantage of services running on the outside network and send traffic through routers to other networks, including the Internet. This type of arrangement can enable administrators to consolidate many physical servers into VMs on a single Hyper-V server, providing them all with access to the entire network. 188 CHAPTER 3 Configuring Hyper-V There is no distinction here between the physical network and the virtual one in the Hyper-V space. Extending a production network into virtual space Keep in mind that a Hyper-V server can have multiple physical network adapters installed in it, which might be connected to different networks to separate traffic or they might be connected to the same network to increase available bandwidth. You might also have adapters dedicated to SAN connections for shared storage and server clustering. Microsoft recommends the use of at least two physical network adapters in a Hyper-V server, with one adapter servicing the parent partition and the other connected to the child partitions. When you have more than two physical adapters in the server, you can create separate external virtual network switches for the physical adapters and connect each one to a separate VM. Creating an isolated network For testing and evaluation purposes or for classroom situations, administrators might want to create isolated network environments. By creating internal or private virtual switches, you can create a network that exists only within the Hyper-V space, with or without the parent partition included. An isolated network such as this has limitations, however. If you want to install the guest OSs by using Windows Deployment Services or configure the VMs by using DHCP, you must install and configure those services on your private network. The guest OSs also do not have access to the Internet, which prevents them from downloading OS updates. In this case, you must deploy appropriate substitutes on the private network. One way to provide your systems with updates is to install two network adapters on each of your VMs, connecting one to a private switch and one to an external switch. This enables the VMs to access the Internet and the private network. Another method for creating an isolated network is to use VLANs. This is particularly helpful if you have VMs on different Hyper-V servers that you want to add to the isolated network. By connecting the network adapters to an external switch and configuring them with the same VLAN identifier, you can create a network within a network, which isolates the VLAN from other computers. You can, for example, deploy a DHCP server on your VLAN without it interfering with the other DHCP servers in your production environment. Objective 3.3: Create and configure virtual networks CHAPTER 3 189 Thought experiment Configuring Hyper-V networking In the following thought experiment, apply what you’ve learned about this objective to predict what steps you need to take. You can find answers to these questions in the “Answers” section at the end of this chapter. Ralph has a Windows Server 2012 R2 Hyper-V server with one physical network adapter and one external virtual switch connected to that adapter. This arrangement enables the VMs on the server to automatically download OS updates from the Internet. However, Ralph wants to use the VMs on the Hyper-V server on an isolated test network on which he can evaluate new software products. The test network must have its own DHCP server that does not interfere with the DHCP server on the production network. How can Ralph create the test network he needs for his VMs without changing the configuration that provides the machines with Internet access? Objective summary ■■ ■■ ■■ ■■ ■■ ■■ ■■ 190 Networking is a critical part of creating a VM infrastructure. Depending on your network plan, the VMs you create on a Windows Server 2012 R2 Hyper-V server can require communication with other VMs, with the computers on your physical network, and with the Internet. A virtual switch, like its physical counterpart, is a device that functions at Layer 2 of the OSI reference model. A switch has a series of ports, each of which is connected to a computer’s network interface adapter. Any computer connected to the switch can transmit data to any other computer connected to the same switch. Hyper-V in Windows Server 2012 R2 supports three types of switches: external, internal, and private, which you must create in the virtual Switch Manager before you can connect VMs to them. Every network interface adapter has a MAC address—sometimes called a hardware address—that uniquely identifies the device on the network. Once you have created virtual switches in Hyper-V Manager, you can connect VMs to them by creating and configuring virtual network adapters. Selecting the Network Adapter option on the Add Hardware page creates what is known in Hyper-V terminology as a synthetic network adapter. Hyper-V supports two types of network and storage adapters: synthetic and emulated (sometimes called legacy). NIC teaming is a Windows feature that enables administrators to join multiple network adapters into a single entity for performance enhancement or fault tolerance purposes. CHAPTER 3 Configuring Hyper-V Objective review Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of this chapter. 1. Which of the following are valid reasons for using an emulated network adapter rather than a synthetic one? (Choose all that apply.) A. You want to install the guest OS by using a Windows Deployment Services server. B. There is no Guest Integration Services package available for the guest OS you plan to use. C. The manufacturer of your physical network adapter has not yet provided a syn- thetic network adapter driver. D. The emulated network adapter provides better performance. 2. Which of the following statements is not true about synthetic network adapters? A. Synthetic adapters communicate with the parent partition by using the VMBus. B. Synthetic adapters require the Guest Integration Services package to be installed on the guest OS. C. Synthetic adapters provide faster performance than emulated adapters. D. Synthetic adapters can start the child VM by using a PXE network boot. 3. What is the maximum number of ports supported by a Hyper-V virtual switch? A. 8 B. 256 C. 4,096 D. Unlimited 4. Which of the following virtual switch types does not enable guest OSs to communicate with the parent partition? A. External B. Internal C. Private D. Isolated 5. How many dynamically assigned MAC addresses can a Hyper-V server provide by default? A. 8 B. 256 C. 4,096 D. Unlimited Objective 3.3: Create and configure virtual networks CHAPTER 3 191 Answers This section contains the solutions to the thought experiments and answers to the objective review questions in this chapter. Objective 3.1: Thought experiment Alice can enable Dynamic Memory on each of the eight VMs and set the minimum RAM value on each to 512 MB. This will enable each VM to start with 1,024 MB of memory and then reduce its footprint, allowing the next machine to start. Objective 3.1: Review 1. Correct answers: B, C A. Incorrect: In Type I virtualization, the hypervisor does not run on top of a host OS. B. Correct: A Type I hypervisor runs directly on the computer hardware. C. Correct: A Type II hypervisor runs on top of a host OS. D. Incorrect: In Type II virtualization, the hypervisor does not run directly on the computer hardware. 2. Correct answer: A A. Correct: Type I virtualization provides the best performance because the hypervi- sor runs directly on the computer hardware and does not have the overhead of a host OS. B. Incorrect: Type II virtualization provides poorer performance than Type I because of the need to share processor time with the host OS. C. Incorrect: Presentation virtualization is the term used to describe the Remote Desktop Services functionality in Windows. It is not designed for virtualizing servers. D. Incorrect: RemoteApp is a technology for virtualizing individual applications and deploying them by using Remote Desktop Services. 3. Correct answer: B A. Incorrect: Hyper-V Server does not include a license for any virtual instances. B. Correct: Windows Server 2012 R2 Datacenter edition includes a license that enables you to create an unlimited number of virtual instances. C. Incorrect: Windows Server 2012 R2 Standard edition includes a license that enables you to create two virtual instances. D. Incorrect: Windows Server 2012 R2 Foundation edition does not include support for Hyper-V. 192 CHAPTER 3 Configuring Hyper-V 4. Correct answers: A, B, D A. Correct: Smart paging enables a VM to restart even if the amount of RAM speci- fied as the startup value is unavailable. Smart paging causes the system to use disk space as a temporary substitute for memory during a system restart. B. Correct: Dynamic Memory enables you to specify a minimum RAM value that is smaller than the startup RAM value, but Smart paging enables the system to function with those parameters. C. Incorrect: Windows Memory Weight controls the allocation of memory among VMs, but it does not affect the ability of a system to start. D. Correct: Guest Integration Services is required for a guest OS to use Dynamic Memory. 5. Correct answer: C A. Incorrect: The instance of the OS on which you install Hyper-V does not become the hypervisor. B. Incorrect: The instance of the OS on which you install Hyper-V does not become the VMM. C. Correct: The instance of the OS on which you install the Hyper-V role becomes the parent partition. D. Incorrect: The instance of the OS on which you install the Hyper-V role does not become the child partition. 6. Correct answer: B A. Incorrect: You can create a new Generation 1 or Generation 2 virtual machine at any time. B. Correct: Because they use improved and synthetic drivers, Generation 2 VMs de- ploy faster than Generation 1 VMs. C. Incorrect: Generation 2 VMs can run Windows Server 2012, Windows Server 2012 R2, Windows 8, or Windows 8.1 as a guest operating system. D. Incorrect: Generation 2 VMs use improved and synthetic drivers, as compared to the legacy drivers in Generation 1 VMs. Objective 3.2: Thought experiment Ed should use the following Windows PowerShell command to create the VHD. New-VHD –Path c:\servera.vhdx –Fixed –SizeBytes 500GB -LogicalSectorSizeBytes 4096 – SourceDisk 0 Objective 3.2: Review 1. Correct answer: B Answers CHAPTER 3 193 A. Incorrect: VHDX files can be as large as 64 TB, whereas VHD files are limited to 2 TB. B. Correct: Windows Server 2012, Windows Server 2012 R2, Windows 8, and Windows 8.1 can all open VHDX files. C. Incorrect: VHDX files support block sizes as large as 256 MB. D. Incorrect: VHDX files can support the 4,096-byte block sizes found on some newer drives. 2. Correct answer: B A. Incorrect: A pass-through disk must be online in the guest OS that will access it. B. Correct: A pass-through disk must be offline in the parent container so that the guest OS can have exclusive access to it. C. Incorrect: A pass-through disk can be connected to any type of controller. D. Incorrect: You do not use the Disk Management snap-in to add a pass-through disk to a VM; you use Hyper-V Manager. 3. Correct answer: D A. Incorrect: You can merge VHD or VHDX disks. B. Incorrect: You can only select one disk for editing. C. Incorrect: There is no free space requirement when merging a disk. D. Correct: The Merge function appears only when you select a differencing disk for editing. The object of the function is to combine the data in the differencing disk with that of the parent. 4. Correct answers: A, D A. Correct: Checkpoints consume disk space that could be better used for other purposes. B. Incorrect: Checkpoints do not require a duplicate memory allocation. C. Incorrect: Under typical conditions, checkpoints do not take several hours to create. D. Correct: The Hyper-V server must locate and process checkpoints each time it accesses a VM’s disk drives, slowing down its performance. 5. Correct answer: D A. Incorrect: You must create a Fibre Channel SAN before you can add a Fibre Channel adapter to a VM. 194 CHAPTER 3 Configuring Hyper-V B. Incorrect: You must have a physical Fibre Channel adapter before you can create virtual Fibre Channel components. C. Incorrect: The driver for your physical Fibre Channel adapter must support virtual networking. D. Correct: SCSI cables are not required for Fibre Channel installations. Objective 3.3: Thought experiment Ralph can create an isolated test environment without changing the virtual switch configuration by selecting the Enable Virtual LAN Identification check box on the network adapter in each VM and specifying the same VLAN identifier for each VM he wants on the test network. Objective 3.3: Review 1. Correct answers: A, B A. Correct: A Windows Deployment Server installation requires the network adapter to support PXE, which emulated adapters do, but synthetic adapters do not. B. Correct: Synthetic adapter drivers are installed as part of the Guest Integra- tion Services package; if there is no package for the guest OS, then there are no synthetic drivers. C. Incorrect: Synthetic adapter drivers are not provided by hardware manufacturers. D. Incorrect: Synthetic adapters provide better performance than emulated adapters. 2. Correct answer: D A. Incorrect: Synthetic adapters use the faster VMBus for communications with the parent partition; emulated adapters must use calls to the hypervisor. B. Incorrect: Synthetic adapter drivers are installed as part of the Guest Integration Services package on the guest OS. C. Incorrect: Because of their more efficient communication with the parent parti- tion, synthetic adapters perform better than emulated adapters. D. Correct: Synthetic network adapters load with the Guest Integration Services on the guest OS, which prevents them from supporting PXE. 3. Correct answer: D A. Incorrect: Switches limited to eight connections would be insufficient for many Hyper-V installations. Answers CHAPTER 3 195 B. Incorrect: Hyper-V switches are not limited to 256 connections. C. Incorrect: Hyper-V switches are not limited to 4,096 connections. D. Correct: Hyper-V virtual switches can support an unlimited number of connections. 4. Correct answer: C A. Incorrect: External switches enable the guest OSs to communicate with the outside network and the parent partition. B. Incorrect: Internal switches enable the guest OSs to communicate with the parent partition but not with the outside network. C. Correct: Private switches enable the guest OSs to communicate with one another but not with the outside network or the parent partition. D. Incorrect: Isolated is not a technical term referring to a type of virtual switch. 5. Correct answer: B A. Incorrect: A pool of eight MAC addresses would be insufficient for many Hyper-V installations. B. Correct: A Hyper-V server provides a pool of 256 MAC addresses by default. You can create more by modifying the default address range. C. Incorrect: Hyper-V, by default, dedicates only one byte of the MAC address to a dynamic value, which is not enough to support 4,096 addresses. D. Incorrect: Hyper-V creates a finite pool of MAC addresses by specifying minimum and maximum address values. 196 CHAPTER 3 Configuring Hyper-V Index Symbols 6to4 mechanism, IP transitioning, 213 A AAAA (Address) resource records, 245 A (Address) resource records, 245 ABE (access-based enumeration), 76 access-based enumeration (ABE), 76 access control entries (ACEs), 77 access control list (ACL), 77 accessing files, configuring share access, 71–89 folder shares, 72–77 NTFS quotas, 87–88 permissions, 77–86 Volume Shadow Copies, 86–87 Work Folders, 89 access tokens, 300 Account Operators group, 292 ACEs (access control entries), 77 ACL (access control list), 77 Action parameter (New Inbound Rule Wizard), 366 Activate instance ntds command, 268 Activate Scope page (New Scope Wizard), 224 active/active configuration (Switch Independent Mode), 22 Active Directory Administrative Center console, 277 creating computer objects, 288 creating single AD DS users, 278–282 Active Directory Domain Services. See AD DS Active Directory-integrated zones, 243–244 Active Directory objects, management, 288–293 Active Directory Object Type page (Delegation of Control Wizard), 299 Active Directory Sites And Services console, 273 Active Directory tab adding servers in Server Manager, 114 Active Directory Users and Computers console, 277 Copy Object-User Wizard, 282 creating computer objects, 287 creating user templates, 282–283 New Object - User Wizard, 279 Active Directory Zone Replication Scope page (New Zone Wizard), 244 active/standby configuration (Switch Independent Mode), 22 adapters, virtual networks, 181–185 advanced network adapter features, 185 emulated adapters, 183–184 hardware acceleration settings, 184–185 synthetic adapters, 183–184 Add action, LDIFDE.exe utility, 284 Add-DnsServerPrimaryZone cmdlet, 245 Add Exclusions And Delay page (New Scope Wizard), 223 Add Features That Are Required dialog box, 32 Add Features That Are Required For Active Directory Domain Services dialog box, 258 Add Features That Are Required For Hyper-V dialog box, 137 adding print servers, 107, 107–108 servers, Server Manager, 113–114 Additional Drivers dialog box, 100 Additional Options page (AD DS Configuration Wizard), 264 Additional Rules folder (Software Restriction Policies node), 346 Additive permission management task, 79 -addmbr <members> command-line parameter, 307 Add Or Remove Snap-Ins dialog box, 325 377 Add Printer Wizard Add Printer Wizard, 99 Add/Remove Servers dialog box, 107 Address (AAAA) resource records, 245 Address (A) resource records, 245 addresses IPv4 addressing. See IPv4 addressing IPv6 addressing. See IPv6 addressing Add Roles And Features Wizard Create Virtual Switches page, 137 Virtual Machine Migration page, 137–138 AD DS Configuration Wizard, 259 domain controllers, 257–273 adding to existing domains, 263–265 configuring the global catalog, 272–273 creating a new child domain in a forest, 265–266 creating a new forest, 259–263 deploying IaaS on Windows Azure, 270–271 Install from Media (IFM) option, 268–269 installing AD DS on Server Core, 266–268 installing AD DS role, 258–259 removing, 271–272 troubleshooting DNS SRV registration failure, 273 upgrading AD DS, 269–270 Installation Wizard, 259 management of groups and OUs, 295–309 creating OUs, 296–298 using OUs to assign Group Policy settings, 298 using OUs to delegate AD management tasks, 298–300 working with groups, 300–309 management of users and computers, 276–293 Active Directory objects, 288–293 creating computer objects, 285–288 creating user objects, 276–285 Add Servers dialog box, 27, 114 Add Workstations To The Domain right, 291 administration AD DS domain controllers, 257–273 management of groups and OUs, 295–309 management of users and computers, 276–293 administrative tasks, configuring User Account Control, 340–341 Administrative Templates subnode, 323 Administrators and Nonadministrators Group Policy layer, 324 378 Administrators group, 292 ADMX files, 319 Adprep.exe functionality, 270 advanced network adapter features, 185 advanced NTFS permissions, assigning, 85 advanced permissions, 78–79 advanced printing configurations, 99 Advanced Security Settings dialog box, 79, 82 Advanced Sharing dialog box, 72–73 aggregation (NIC teaming), 22 allocating memory, Hyper-V Manager console, 150– 153 allocation methods DHCP IP addresses, 217 Allocation Unit Size option, Configuring the Format Partition page, 59 Allow (access control entry), 79 Allowed Apps dialog box, 359, 362 allowing permissions, 79–80 Allow Management Operating System To Share This Network Adapter option, 179 Allow Manage This Printer permission, 104 All Servers home page (Server Manager), 27–28 AMD-V (AMD Virtualization) technology, 136 AMD Virtualization (AMD-V) technology, 136 anycast addresses, IPv6, 207 Anycast transmissions, IPv6 addressing, 206 APIPA (Automatic Private IP Addressing), 205 Application Identity service, AppLocker and, 354 application restriction policies (GP), 345–354 AppLocker, 352–354 configuring restriction properties, 349–352 configuring rules, 347–349 enforcing restrictions, 346–347 AppLocker, 352–354 architecture DNS, 232–241 client-side resolver caching, 238 DNS coomunications, 233–236 forwarders, 239–240 referrals and queries, 238–239 reverse name resolution, 240–241 server caching, 236–238 permissions, 77–78 virtualization, 132–133 Windows print architecture, 93 Assign Drive Letter Or Path page (New Simple Volume Wizard), 58 cmdlets Assign Drive Letter Or Path page (New Volume Wizard), 61 assigning IPv4 addresses, 203–205 IPv6 addresses, 207–209 user rights, 292 local security policies, 331–333 assigning permissions, 77–86 advanced NTFS permissions, 85 allowing/denying permissions, 79–80 basic and advanced permissions, 78–79 basic NTFS permissions, 83–85 combining share permissions with NTFS permissions, 85–86 effective access, 80–81 inherited permissions, 80 NTFS authorization, 83 setting share permissions, 81–83 Windows permission architecture, 77–78 Assign The Following Drive Letter option, 58 Attach A Virtual Hard Disk Later option, Connect Virtual Hard Disk page, 158 attributes creating user accounts, 283 Audit Directory Service Access event category, 331 Audit Object Access event category, 331 audit policies, GPOs, 328–331 authentication, 276 Authentication Method parameter (New Connection Security Rule Wizard), 368 authorization, 276 automatic allocation definition, 217 Automatically Generate Rules Wizard, 354 Automatic Private IP Addressing (APIPA), 205 B Backup function (Guest Integration Services), 147 Backup Operators group, 292 balancing (NIC teaming), 22 basic disks, 44 basic NTFS permissions, assigning, 83–85 basic permissions, 78–79 Basic User approach, enforcing restrictions, 346 bonding (NIC teaming), 22 BOOTP (Bootstrap Protocol), 218 Bootstrap Protocol (BOOTP), 218 boot threshold, 229 boot vendor information extensions, 218 Browse For A Group Policy Object dialog box, 325 C caching DNS servers, 236–238 Canonical Name (CNAME) resource records, 245 capabilities, Server Core, 9–10 Central Store, configuring, 319 certificate rules, 348 Change Zone Replication Scope dialog box, 247 checkpoints, 165–166 child domains creating in a forest, 265–266 child partitions, 133 -chmbr <members> command-line parameter, 308 CIDR (Classless Inter-Domain Routing), 200–201 classes IPv4 addresses, 198–200 classful addressing, IPv4, 198–200 Classless Inter-Domain Routing (CIDR), 200–201 clients, DHCP, 217 client-side resolver caching, DNS, 238 client-sode caching, 76 cmdlets Add-DnsServerPrimaryZone, 245 Enable-VMResourceMetering, 153 Get-PhysicalDisk, 53 Get-StorageSubsystem, 53 Install-ADDSDomain, 266 Install-ADDSDomainController, 266 Install-ADDSForest, 266 Install-WindowsFeature, 266 Measure-VM, 153 New-ADUser, 281 New-GPO, 322 New-StoragePool, 52 options, 53 New-VHD, 159 New-VM, 142 New-VMResourcePool, 153 New-VMSwitch, 179 Set-VMMemory, 152 Uninstall-WindowsFeature, 11 379 CNAME (Canonical Name) resource records CNAME (Canonical Name) resource records, 245 command-line tools, postinstallation tasks, 20–21 commands Activate instance ntds, 268 Create Full|RODC, 269 Get-Help, 267 Ifm, 268 Ntdsutil, 268 Comma-Separated Value Directory Exchange (CSVDE. exe) command-line tool, 277 creating multiple AD DS users, 283–284 communications DHCP, 219–223, 220–224 lease negotiation, 219–221 lease renewal, 221–223 DNS, 233–236 Compact function (Edit Virtual Hard Disk Wizard), 164 Compatability Report page (Setup program), 13 Completing The New Simple Volume Wizard page (New Simple Volume Wizard), 59 Computer Name/Domain Changes dialog box, 289–290 Computer Name tab, System Properties sheets, 289 computers, AD DS management, 276–293 Active Directory objects, 288–293 creating computer objects, 285–288 Configuration page (Routing and Remote Access Server Setup Wizard), 228 configurations virtual networks, 188–189 configuration scripts, DSC, 38 Configure DHCP Options page (New Scope Wizard), 223 Configure Networking page (New Virtual Machine Wizard), 140 Configure Remote Access Getting Started Wizard, 228 Configure Share Settings page (New Share Wizard), 75 configuring core network services DHCP service, 217–232 DNS, 232–250 IPv4 and IPv6 addressing, 197–214 file and share access, 71–89 folder shares, 72–77 NTFS quotas, 87–88 permissions, 77–86 Volume Shadow Copies, 86–87 Work Folders, 89 global catalog, 272–273 380 Group Policy settings, 323–324 Hyper-V virtual machine settings, 131–155 local storage, 41–63 disks, 46–63 disk settings, 43–46 planning storage needs, 41–43 print and document services, 92–110 deploying print servers, 92–99 document management, 103–104 managing printers, 104–106 Print and Document Services role, 106–110 sharing printers, 99–103 printer security, 102–103 roles and features file and share access, 71–89 print and document services, 92–110 servers for remote management, 112–122 servers, 18–37 delegating server administration, 37 DSC (Desired State Configuration), 37–38 postinstallation tasks, 18–25 remote management, 112–122 Server Manager tool, 26–35 services, 36–37 software restriction policies (GP), 347–349 software restriction properties, 349–352 virtual machine settings, 131–155 Hyper-V implementations, 133–136 Hyper-V Manager, 138–154 installing Hyper-V, 136–138 resource metering, 152–153 virtualization architectures, 132–133 virtual machine storage, 156–173 checkpoints, 165–166 connecting to a SAN, 167–172 modifying virtual disks, 164–165 pass-through disks, 163–164 QoS (Quality of Service), 166–167 virtual disk formats, 156–157 virtual disks, 157–163 virtual networks, 174–188 configurations, 188–189 NIC teaming, 185–188 virtual network adapters, 181–185 virtual switches, 175–181 Windows Firewall, 116–118, 357–368 control panel applet, 359–363 creating settings, 357–358 Windows Firewall with Advanced Security snapin, 363–368 WinRM, 116–117 connections SANs (storage area networks), 167–172 Fibre Channel, 169–170 virtual machines to SANs, 170–172 Connect Virtual Hard Disk page (New Virtual Machine Wizard), 141–142, 157 containers, 296 contextual tasks, addressing remote servers, 122 contracting IPv6 addresses, 206 control panel applet, Windows Firewall, 359–363 Convert function (Edit Virtual Hard Disk Wizard), 164 converting groups, AD DS, 308 Convert To GPT Disk option, 48 Convert To MBR Disk option, 48 Copy Object-User Wizard, 282 core network services DHCP, 217–232 communications, 219–223 deploying DHCP relay agents, 227–230 deploying DHCP servers, 222–227 IP address allocation methods, 217 options, 218–220 DNS, 232–250 architecture, 232–241 deploying servers, 241–248 IPv4 and IPv6 addressing, 197–214 assigning IPv4 addresses, 203–205 assigning IPv6 addrersses, 207–209 CIDR (Classless Inter-Domain Routing), 200–201 introduction to IPv6 addressing, 205–206 IPv4 classful addressing, 198–200 IPv4 subnetting, 201–202 IPv6 address types, 206–207 planning an IP transition, 211–214 public and private IPv4 addressing, 201 subnetting IPv6 addresses, 210–211 supernetting, 202–203 Create And Attach Virtual Hard Disk dialog box, 49 Create A Virtual Hard Disk option, Connect Virtual Hard Disk page, 157 Create Full|RODC command, 269 Create Group window, AD Administrative Center console, 303–304 Create Organizational Unit window, AD DS Administrative Center console, 297 Create Server Group dialog box, 120–121 Create User window (Active Directory Administrative Center console), 278 Create Virtual Switches page (Add Roles and Features Wizard), 137 creating checkpoints, 165–166 computer objects, AD DS, 285–288 differencing disks, 162–163 folder shares, 72–77 forests, 259–263 Group Policy settings GPOs (Group Policy Objects), 317–325 software restriction policies, 345–354 Windows Firewall, 357–368 groups, AD DS, 303–305 OUs (organizational units), AD DS, 296–298 printer pools, 105 reservations, DHCP servers, 225–226 resource records, DNS, 245–247 Restricted Groups policies, 306 scope, DHCP servers, 222–224 server groups, 120–121 user objects, AD DS, 276–285 multiple users, 283–285 single users, 278–282 user templates, 282–283 virtual disks, 53–57, 157–163 virtual machine settings, 131–155 Hyper-V implementations, 133–136 Hyper-V Manager, 138–154 installing Hyper-V, 136–138 resource metering, 152–153 virtualization architectures, 132–133 virtual machine storage, 156–173 checkpoints, 165–166 connecting to a SAN, 167–172 modifying virtual disks, 164–165 pass-through disks, 163–164 QoS (Quality of Service), 166–167 virtual disk formats, 156–157 virtual disks, 157–163 virtual networks, 174–188 configurations, 188–189 NIC teaming, 185–188, 186–189 virtual network adapters, 181–185 381 creation permissions virtual switches, 175–181, 177–179 zones, DNS servers, 242–245 creation permissions, 299 creation tools, creating AD DS user objects, 277–278 credential prompts, User Account Control, 340 Credentials For Deployment Operation dialog box, 263 CSVDE.exe (Comma-Separated Value Directory Exchange) command-line tool, 277 creating multiple AD DS users, 283–284 CSV files, 283 Custom Configuration page (Routing and Remote Access Server Setup Wizard), 228 Custom Filters node (Print Management console), 108– 109 Customize Settings dialog box, 360 D Dashboard page (Server Manager), 26–27 Datacenter edition, 3 Hyper-V licensing, 134 support for Hyper-V, 4 Data Exchange function (Guest Integration Services), 147 Data Execution Prevention (DEP), 136 Dcpromo.exe program, 259 Default Domain Controllers Policy GPO, 291 Default Gateway option, manual configuration of IPv4 addresses, 204 default installation, Server Core, 8 default rules, AppLocker, 354 Default Security Level setting (Software Restriction Policies node), 346 default virtual switches, 175–176 delegating printer privileges, 37 server administration, 37 Delegation of Control Wizard, 298 Delete action, LDIFDE.exe utility, 284 deleting groups, AD DS, 308–309 deletion permissions, 299 Deny (access control entry), 79 denying permissions, 79–80 DEP (Data Execution Prevention), 136 deploying Active Directory IaaS on Windows Azure, 270–271 382 core network services DHCP, 217–232 DNS, 232–250 IPv4 and IPv6 addressing, 197–214 DHCP relay agents, 227–230 DHCP servers, 222–227 configuring DHCP options, 224–225 creating a scope, 222–224 creating reservations, 225–226 PXE, 226–227 DNS servers, 241–248 configuring settings, 247–248 creating zones, 242–245 resource records, 245–248 Group Policy settings GPOs (Group Policy Objects), 317–325 software restriction policies, 345–354 Windows Firewall, 357–368 printers with Group Policy, 109–110 print servers, 92–99 understanding Windows printing, 93–94 Windows print architecture, 93 Windows print flexibility, 94–99 roles to VHDs, 34–35 Deployment Configuration page (AD DS Configuration Wizard), 259–260, 265 Deploy With Group Policy dialog box, 109–110 deprecated IPv6 addresses, 207 -desc <description> command-line parameter, 305 Designated File Types properties, 350–351 Desired State Configuration (DSC), 37–38 DHCPACK message type, DHCP, 218 DHCPDECLINE message type, DHCP, 218 DHCPDISCOVER message type, DHCP, 218 DHCP (Dynamic Host Configuration Protocol), 217–232 communications, 219–223 lease negotiation, 219–221 lease renewal, 221–223 deploying DHCP relay agents, 227–230 deploying servers, 222–227 configuring DHCP options, 224–225 creating a scope, 222–224 creating reservations, 225–226 PXE, 226–227 IP address allocation methods, 209, 217 manual configuration of IPv4 addresses, 204–205 options, 218–220 DHCPINFORM message type, DHCP, 218 DNS (Domain Name System) DHCPNAK message type, DHCP, 218 DHCPOFFER message type, DHCP, 218 DHCP Relay Agent Properties sheet, 229 DHCPRELEASE message type, DHCP, 218 DHCPREQUEST message type, DHCP, 218 dialog boxes Add Features That Are Required, 32 Add Features That Are Required For Active Directory Domain Services, 258 Add Features That Are Required For Hyper-V, 137 Additional Drivers, 100 Add Or Remove Snap-Ins, 325 Add/Remove Servers, 107 Add Servers, 27, 114 Advanced Security Settings, 79, 82 Advanced Sharing, 72–73 Allowed Apps, 359, 362 Browse For A Group Policy Object, 325 Change Zone Replication Scope, 247 Computer Name/Domain Changes, 289–290 Create And Attach Virtual Hard Disk, 49 Create Server Group, 120–121 Credentials For Deployment Operation, 263 Customize Settings, 360 Deploy With Group Policy, 109–110 File Sharing, 72 Import Policy From, 336 Move, 297 New GPO, 320 New Group, 339 New Host, 246 New Interface For DHCP Relay Agent, 229 New Object-Group, 304 New Path Rule, 347 New User, 338 NIC Teaming, 186 Select A Domain From The Forest, 263 Select GPO, 321 Select Print Server, 107 Select Users, 339 Settings, new virtual machines, 143–144 Shadow Copies, 86 User Account Control Settings, 342 Validation Results, 271 Virtual Switch Manager, 177 differencing disks, 158, 162–163 differencing hard disk image VHD files, 157 directory services, definition, 257 Directory Services Restore Mode (DSRM), 262 direct printing, 95 Disabled state, Administrative Template settings, 323 disabling user accounts, 292–293 Disallowed approach, enforcing restrictions, 346 Disk Management snap-in, 45, 47 creating simple volumes, 57 DiskPart.exe utility, 57 disks configuring local storage, 46–63 adding physical disks, 47–48 creating a simple volume, 56–60 storage pools, 50–53 striped, spanned, mirrored, RAID-5 volumes, 60– 62 VHDs (virtual hard disks), 48–50 virtual disks, 53–57 settings, 43–46 disk types, 44–45 partition style, 43–44 Disks tile (Server Manager), 47–48 disks, virtual creating, 157–163 formats, 156–157 modifying, 164–165 pass-through disks, 163–164 QoS (Quality of Service), 166–167 disk virtualization technology, Storage Spaces, 42–43 distinguished name (DN), users, 280 Distributed Scan Server option (Select Role Services page), 106 distribution groups, 301 Djoin.exe command-line tool, joining a domain while offline, 292 dn attribute, 283 DN (distinguished name), users, 280 DNS (Domain Name System), 232–250 architecture, 232–241 client-side resolver caching, 238 DNS coomunications, 233–236 forwarders, 239–240 referrals and queries, 238–239 reverse name resolution, 240–241 server caching, 236–238 deploying servers, 241–248 configuring settings, 247–248 creating zones, 242–245 resource records, 245–248 383 DNS SRV registration failure DNS SRV registration failure, 273 DNS tab adding servers in Server Manager, 114 document services, configuring, 92–110 deploying print servers, 92–99 understanding Windows printing, 93–94 Windows print architecture, 93 Windows print flexibility, 94–99 document management, 103–104 managing printers, 104–106 Print and Document Services role, 106–110 adding print servers, 107–108 deploying printers with Group Policy, 109–110 viewing printers, 108–109 sharing printers, 99–103 configuring printer security, 102–103 managing printer drivers, 101 remote access Easy Print, 101–102 Domain Admins group, 270 Domain Controller Options page (AD DS Configuration Wizard), 260–261, 263 domain controllers installation, 257–273 adding to existing domains, 263–265 configuring the global catalog, 272–273 creating a new child domain in a forest, 265–266 creating a new forest, 259–263 deploying IaaS on Windows Azure, 270–271 Install from Media (IFM) option, 268–269 installing AD DS on Server Core, 266–268 installing AD DS role, 258–259 troubleshooting DNS SRV registration failure, 273 upgrading AD DS, 269–270 removing, 271–272 domain local groups, AD DS, 301–302 Domain Name And DNS Servers page (New Scope Wizard), 224 Domain Name System. See DNS (Domain Name System) domains adding domain controllers to existing domains, 263–265 definition, 257 joining computers to, 289–292 domain users, 277 Do Not Assign A Drive Letter Or Drive Path option, 58 down-level servers, 118–120 384 drivers printers, 101 Dsadd.exe command-line tool, 277 creating computer objects, 288 creating group objects, 304–305 creating single AD DS users, 279–280 DSC (Desired State Configuration), 37–38 DSC Service, 38 Dsmod.exe command-line tool managing group objects, 307–308 DSRM (Directory Services Restore Mode), 262 dual IP stacks, IP transitioning, 212 DVD drive settings, virtual machines, 145–146 dynamic allocation assigning IPv6 addresses, 208–209 definition, 217 Dynamically Expanding disks, 158 Dynamically Expanding VHD Type option, 49 dynamic disks, 45 dynamic hard disk image VHD files, 157 Dynamic Host Configuration Protocol. See DHCP (Dynamic Host Configuration Protocol) Dynamic Memory, Hyper-V Manager console, 150–153 Dynamic Update page (New Zone Wizard), 244 E Easy Print, 101–102 editions, 3 Edit Virtual Hard Disk Wizard, 164–165 effective access, assigning permissions, 80–81 elevation prompts, User Account Control, 341 emulated adapters, 183–184 Enable DHCP Guard (advanced network adapter feature), 185 Enabled state, Administrative Template settings, 323 Enable File And Folder Compression option, Configuring the Format Partition page, 59 Enable IPsec Task Offloading (hardware acceleration setting), 185 Enable MAC Address Spoofing (advanced network adapter feature), 185 Enable Single Root I/O Virtualization (SR-IOV) option, 179 Enable Virtual LAN Identification For Management Operating System option, 179 global routing prefixes, IP addresses Enable Virtual Machine Queue (hardware acceleration setting), 184 Enable-VMResourceMetering cmdlet, 153 -EnclosureAwareDefault option (New-StoragePool cmdlet), 53 Endpoints parameter (New Connection Security Rule Wizard), 368 Enforcement properties, 350 enforcing restrictions, Group Policy, 346–347 enhanced session mode, 148–149 Enhanced Session Mode Policy settings, 149–150 Enterprise Admins group, 270 Essentials edition, 3 Executable Rules node, AppLocker, 353 eXecute Disable (XD), 136 Expand function (Edit Virtual Hard Disk Wizard), 164 Export Configuration Settings function, 259 expressing IPv6 network addresses, 206 External virtual switches, 178 F FAT file systems, 46 fault tolerance, Storage Spaces, 54 FCoE (Fibre Channel over Ethernet), 170 features adding, Server Manager tool, 29–33 configuring file and share access, 71–89 print and document srevices, 92–110 servers for remote management, 112–122 Features on Demand, 10–11 Fibre Channel, 169–170 Fibre Channel over Ethernet (FCoE), 170 File and Storage Services home page (Server Manager), 73 File and Storage Services role, 46–47 file hash rules, 353 files ADMX, 319 configuring, 71–89 folder shares, 72–77 NTFS quotas, 87–88 permissions, 77–86 Volume Shadow Copies, 86–87 Work Folders, 89 CSV, 283 File Server Resource Manager quotas, 87 File Server role service, 73 File Sharing, 359–360 File Sharing dialog box, 72 File System option, Configuring the Format Partition page, 59 file systems, 46 Firewall configuring, 116–118 Firewall (Windows), 357–368 control panel applet, 359–363 settings, 357–358 Windows Firewall with Advanced Security snapin, 363–368 first bit values, IP addresses, 199 fixed hard disk image VHD files, 157 Fixed Provisioning Type option, 55 Fixed Size disks, 158 Fixed Size (Recommended) VHD Type option, 49 flexibility, Windows printing, 94–99 folder shares, creating, 72–77 forests creating, 259–263 creating new child domains in, 265–266 Format Partition page (New Simple Volume Wizard), 58 formats virtual disks, 156–157 forwarders, DNS, 239–240 Forwarders tab (DNS server Properties sheet), 239–240 Foundation edition, 3 G GC (Global Catalog) configuring, 272–273 domain controllers, 261 general permissions, 299 Generation 1 VMs, 143–146 Generation 2 VMs, 143–146 Get-Help command, 267 Get-PhysicalDisk cmdlet, 53 Get-StorageSubsystem cmdlet, 53 Global Catalog (GC) configuring, 272–273 domain controllers, 261 global groups, AD DS, 302 global routing prefixes, IP addresses, 210 385 global unicast addresses, IPv6 global unicast addresses, IPv6, 206 GPMC (Group Policy Management Console), 319, 320 creating/linking nonlocal GPs, 320–321 security filtering, 321–322 GPOs (Group Policy objects), 109 GPOs (Group Policy Objects) creating, 317–325 Central Store, 319 configuring settings, 323–324 Group Policy Management Console, 319–322 local GPOs, 318, 324–325 nonlocal GPOs, 319 starter GPOs, 319, 322 GPT partition style, 44 group nesting, 301, 303 Group Policy assigning settings using OUs, 298 creating GPOs, 317–325 Central Store, 319 configuring settings, 323–324 Group Policy Management Console, 319–322 local GPOs, 318, 324–325 nonlocal GPOs, 319 starter GPOs, 319, 322 deploying printers, 109–110 managing group membership, 306–308 security policies, 328–342 defining local policies, 328–333 local users and groups, 336–339 security templates, 333–336 User Account Control, 339–342 software restriction policies, 345–354 AppLocker, 352–354 configuring properties, 349–352 configuring rules, 347–349 enforcing restrictions, 346–347 using multiple rules, 349 Windows Firewall, 357–368 control panel applet, 359–363 settings, 357–358 Windows Firewall with Advanced Security snapin, 363–368 Group Policy Management Console (GPMC), 319–322 creating/linking nonlocal GPOs, 320–321 security filtering, 321–322 Group Policy Management Editor console, 118 Group Policy Management Editor window, 330 Group Policy Object Editor snap-in, 324 386 Group Policy Objects. See GPOs (Group Policy Objects) Group Policy objects (GPOs), 109 groups access to SAM, 336 Group Policy security policies, 336–339 groups, AD DS management, 295–309 converting groups, 308 creating groups, 303–305 deleting groups, 308–309 Domain Admins, 270 Enterprise Admins, 270 group memberships, 305–308 group scopes, 301–302 group types, 301 nesting groups, 303 Schema Admins, 270 group scopes, AD DS, 301–302 Guest Integration Services, 147–148 Guest Services function (Guest Integration Services), 147 GUI tools postinstallation tasks, 19–20 H Hard Drive interface, Settings dialog box, 161 hardware acceleration settings, virtual network adapters, 184–185 hardware limitations, Hyper-V, 134 hardware requirements Hyper-V installation, 136 hardware requirements, server installation, 5 hash rules, 348 Heartbeat function (Guest Integration Services), 147 hop-count threshold, 229 host operating systems, hypervisor and, 132 Hyper-V configuring virtual machine settings, 131–155 virtual machine storage, 156–173 virtual networks, 174–188 installation, 136–138 licensing, 134 server installation considerations, 4–5 hypervisor, 131 Hyper-V Manager console, 138–154 creating virtual machines, 139–144 iterative queries, DNS enhanced session mode, 148–149 Generation 1 and Generation 2 VMs, 143–146 Guest Integration Services, 147–148 memory allocation, 150–153 Hyper-V Server, 134–136 I IaaS (Infrastructure as a Service) Windows Azure, 270–271 ICANN (Internet Corporation for Assigned Names and Numbers), 201 ICMPv6 (Internet Control Message Protocol version 6), 214 IDE Controller interface, Settings dialog box, 160 IDE (Integrated Drive Electronics) controllers, 156 Ifm command, 268 IFM (Install from Media) option, 268–269 IIS Hostable Web Core feature, 89 implementations Hyper-V, 133–136 importing security templates into GPOs, 335–336 Import Policy From dialog box, 336 Import tab adding servers in Server Manager, 114 in-addr.arpa domain, 240 Inbound Rules list, Windows Firewall with Advanced Security console, 364–365 Infrastructure as a Service (IaaS) Windows Azure, 270–271 inheriting permissions, 80 Install-ADDSDomain cmdlet, 266 Install-ADDSDomainController cmdlet, 266 Install-ADDSForest cmdlet, 266 installation AD DS role, 258–259 domain controllers. See domain controllers Hyper-V, 136–138 Migration Tools, 15–16 network-attached print devices, 100 operating systems, 145–146 printers, 94 servers, 2–15 Features on Demand, 10–11 migrating roles, 14–15 Minimal Server Interface, 9–10 planning installation, 2–6 Server Core, 6–9 upgrades, 12–15 Install from Media (IFM) option, 268–269 Install-WindowsFeature cmdlet, 266 Integrated Drive Electronics (IDE) controllers, 156 Integration Services settings, virtual machines, 148 Intel Virtualization Technology (Intel VT), 136 Intel VT (Intel Virtualization Technology), 136 Interface ID, IP addresses, 210 Internal virtual switches, 178 Internet Control Message Protocol version 6 (ICMPv6), 214 Internet Corporation for Assigned Names and Numbers (ICANN), 201 Internet Printing option (Select Role Services page), 106 Internet Protocol Version 4 (TCP/IPv4) Properties sheet, 203–204 Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), 214 IP address aggregation (supernetting), 202–203 IP address allocation methods, DHCP, 217 IP addresses, 358 IP Address Lease Time extension, DHCP, 219 IP Address option, manual configuration of IPv4 addresses, 204 IP Address Range page (New Scope Wizard), 223–224 IPv4 addressing, 197–214 assigning IPv4 addresses, 203–205 CIDR (Classless Inter-Domain Routing), 200–201 classful addressing, 198–200 planning an IP transition, 211–214 public and private addressing, 201 subnetting, 201–202 supernetting, 202–203 IPv6 addressing, 197–214 address types, 206–207 assigning IPv6 addrersses, 207–209 introduction, 205–206 planning an IP transition, 211–214 subnetting IPv6 addresses, 210–211 ISATAP (Intra-Site Automatic Tunnel Addressing Protocol), 214 isolated network environments, 189 iterative queries, DNS, 238 J 387 JOBD (“Just a Bunch of Disks”) arrays JOBD (“Just a Bunch of Disks”) arrays, 42 joining computers to domains, 289–292 “Just a Bunch of Disks” (JBOD) arrays, 42 L LDAP Data Interchange Formal Directory Exchange (LDIFDE.exe) utility, 277 creating multiple AD DS users, 284 LDIFDE.exe (LDAP Data Interchange Formal Directory Exchange) utility, 277 creating multiple AD DS users, 284 Lease Duration page (New Scope Wizard), 223 lease negotiation, DHCP, 219–221 lease renewal, DHCP, 221–223 legacy adapters, 183 licensing Hyper-V, 134 server installation, 5 limitations Hyper-V hardware, 134 linking nonlocal GPOs, Group Policy Management Console, 320–321 link-local unicast addresses, IPv6, 207 local GPOs, 318, 324–325 Local Group Policy layer, 324 local groups, creating, 339 locally attached print devices, 95 locally attached printer sharing, 95–96 local policies, 328–333 local storage configuring, 41–63 disks, 46–63 disk settings, 43–46 planning storage needs, 41–43 local users, 277 Group Policy security policies, 336–339 Local Users And Groups snap-in, 337–339 Log On Locally right, 292 LPD Service option (Select Role Services page), 106 M MAC addresses virtual switches, 179–180 MAC Address Range (Virtual Switch Manager), 180 388 Mail Exchanger (MX) resource records, 245 management AD DS groups and OUs, 295–309 creating OUs, 296–298 using OUs to assign Group Policy settings, 298 using OUs to delegate AD management tasks, 298–300 working with groups, 300–309 AD DS users and computers, 276–293 Active Directory objects, 288–293 creating computer objects, 285–288 creating user objects, 276–285 Group Policy settings GPOs (Group Policy Objects), 317–325 software restriction policies, 345–354 Windows Firewall, 357–368 Manager (Hyper-V), 138–154 creating virtual machines, 139–144 enhanced session mode, 148–149 Generation 1 and Generation 2 VMs, 143–146 Guest Integration Services, 147–148 memory allocation, 150–153 managing documents, 103–104 printer drivers, 101 printers, 104–106, 108 print servers, 108 manual allocation assigning IPv6 addresses, 207–208 definition, 217 manual IPv4 address configuration, 203–204 Maximum RAM setting, Dynamic Memory, 151 MBR partition style, 43 Measure-VM cmdlet, 153 -member <GroupDN> command-line parameter, 305 -memberof <GroupDN> command-line parameter, 305 memberships, AD DS groups, 305–308 memory allocation, Hyper-V Manager console, 150– 153 Memory Buffer setting, Dynamic Memory, 151 Memory settings, virtual machines, 150 Memory Weight setting, Dynamic Memory, 151 Merge function (Edit Virtual Hard Disk Wizard), 165 Message extension, DHCP, 219 Message Type option, DHCP, 218–219 Microsoft Network Adapter Multiplexor Driver, 186 migration guides, 15 migration, servers, 14–15 New-VHD cmdlet Migration Tools, 14–15 Minimal Server Interface, 9–10 Minimum RAM setting, Dynamic Memory, 151 mirrored volumes configuring local storage, 60–62 disks, 45 Mirror storage layout option, 54 Modify action, LDIFDE.exe utility, 284 modifying virtual disks, 164–165 Mount In The Following Empty NTFS Folder option, 58 Move dialog box, 297 multicast addresses, IPv6, 207 Multicast transmissions, IPv6 addressing, 206 multi-level subnet option, subnetting IPv6 addresses, 210 multiple local GPOs, creating, 324–325 multiple users, AD DS, 283–285 MX (Mail Exchanger) resource records, 245 N Name parameter New Connection Security Rule Wizard, 368 New Inbound Rule Wizard, 366 name resolution process, DNS, 240–241 name resolution requests (referrals), DNS, 238–239 Name Server (NS) resource records, 245 name servers, DNS, 232 namespace, DNS, 232 NAS (network attached storage) technologies, 42 ND (Neighbor Discovery) protocol, 209 Neighbor Discovery (ND) protocol, 209 nesting groups, 301, 303 Netdom.exe command-line utility, joining computers to domains, 290–291 Network Adapter settings, NIC team adapter, 188 Network And Sharing Center control panel, 359 network-attached print devices installation, 100 network-attached printer sharing, 98–99 network attached printing, 96–98 network attached storage (NAS) technologies, 42 Network Discovery, 359–360 Network File System (NFS), 73 networks virtual networks, 174–188 configurations, 188–189 NIC teaming, 185–188 virtual network adapters, 181–185 virtual switches, 175–181 network services DHCP, 217–232 communications, 219–223 deploying DHCP relay agents, 227–230 deploying DHCP servers, 222–227 IP address allocation methods, 217 options, 218–220 DNS, 232–250 architecture, 232–241 deploying servers, 241–248 IPv4 and IPv6 addressing, 197–214 assigning IPv4 addresses, 203–205 assigning IPv6 addrersses, 207–209 CIDR (Classless Inter-Domain Routing), 200–201 introduction to IPv6 addressing, 205–206 IPv4 classful addressing, 198–200 IPv4 subnetting, 201–202 IPv6 address types, 206–207 planning an IP transition, 211–214 public and private IPv4 addressing, 201 subnetting IPv6 addresses, 210–211 supernetting, 202–203 network zone rules, 349 New-ADUser cmdlet, 281 New Connection Security Rule Wizard, 367 New-GPO cmdlet, 322 New GPO dialog box, 320 New Group dialog box, 339 New Host dialog box, 246 New Inbound (or Outbound) Rule Wizard, 365 New Interface For DHCP Relay Agent dialog box, 229 New Object-Computer Wizard, 287 New Object-Group dialog box, 304 New Object - User Wizard, 279 New Path Rule dialog box, 347 New Scope Wizard, 223, 224–225 New Share Wizard, 73–74 New Simple Volume Wizard, 57 New-StoragePool cmdlet, 52 options, 53 New Storage Pool Wizard, 50 New Team page (Server Manager), 23 New User dialog box, 338 New-VHD cmdlet, 159 389 New Virtual Disk menu New Virtual Disk menu, 53 New Virtual Machine Wizard Configure Networking page, 140 Connect Virtual Hard Disk page, 141–142, 157 Specify Generation page, 144 New-VM cmdlet, 142 New-VMResourcePool cmdlet, 153 New-VMSwitch cmdlet, 179 New Zone Wizard, 244 NFS (Network File System), 73 NFS Share-Advanced option (File Share Profile list), 74 NFS Share-Quick option (File Share Profile list), 74 NIC teaming, 22–26 virtual networks, 185–188 configuring virtual network adapters, 187–188 creating NIC teams, 186 creating team virtual switches, 187 NIC Teaming dialog box, 186 NIC Teaming window, 23 NIC teams, creating, 186 No eXecute (NX), 136 noncontextual tasks, addressing remote servers, 122 noncontextual tools, addressing remote servers, 122 non-domain joined servers, 115–116 nonlocal GPOs, 319 creating and linking, , Group Policy Management Console, 320–321 Not Configured state, Administrative Template settings, 323 NS (Name Server) resource records, 245 Ntdsutil.exe command-line tool, 268 NTFS authorization assigning permissions, 83 NTFS file system, 46 NTFS permissions, 77 advanced NTFS permissions, 85 basic permissions, 83–85 combining with share permissions, 85–86 NTFS quotas, configuring, 87–88 NX (No eXecute), 136 O objectClass attribute, 283 Offline Files, 76 one-level subnet option, subnetting IPv6 addresses, 210 390 Open Systems Interconnect (OSI) reference model, 175 operating systems installation, 145–146 operating systems, considerations for server installation, 3 Operating System Shutdown function (Guest Integration Services), 147 organizational units. See OUs OSI (Open Systems Interconnect) reference model, 175 OUs (organizational units), AD DS management, 295– 309 creating OUs, 296–298 using OUs to assign Group Policy settings, 298 using OUs to delegate AD management tasks, 298– 300 Outbound Rules list, Windows Firewall with Advanced Security console, 364 P Packaged App Rules node, AppLocker, 353 Parameter Request List extension, DHCP, 219 parent partition, 133 Parity storage layout option, 54 partitions, 133 partition style, disks, 43–44 pass-through disks, 163–164 path rules, 348–349, 353 PCL (printer control language), 94 Perform A Quick Format option, Configuring the Format Partition page, 59 permission inheritance, 80 permissions assigning, 77–86 advanced NTFS permissions, 85 allowing/denying permission, 79–80 basic and advanced permissions, 78–79 basic NTFS permissions, 83–85 combining share permissions with NTFS permissions, 85–86 effective access, 80–81 inherited permissions, 80 NTFS authorization, 83 setting share permissions, 81–83 Windows permission architecture, 77–78 Permissions page (Delegation of Control Wizard), 299 physical disks print services, configuring configuring local storage, 47–48 physical operating system environment (POSE) installation, 4 planning IP transitions, 211–214 server installation, 2–6 installation requirements, 5–6 selecting Windows Server 2012 R2 edition, 3 server licensing, 5 supporting server roles, 3–4 supporting server virtualization, 4–5 server storage, 41–43 Pointer (PTR) resource records, 245 policies Group Policy security policies, 328–342 defining local policies, 328–333 local users and groups, 336–339 security templates, 333–336 User Account Control, 339–342 Group Policy software restriction policies, 345–354 AppLocker, 352–354 configuring properties, 349–352 configuring rules, 347–349 enforcing restrictions, 346–347 using multiple rules, 349 Port Mirroring Mode (advanced network adapter feature), 185 port numbers, 358 POSE (physical operating system environment) installation, 4 postinstallation tasks configuring servers, 18–25 command-line tools, 20–21 converting between GUI and Server Core, 21–22 GUI tools, 19–20 NIC teaming, 22–26 PowerShell, Windows, 277 creating computer objects, 288 creating single AD DS users, 281 creating user objects, 285 Preboot eXecution Environment (PXE), 184, 226–227 Predefined Rules parameter (New Inbound Rule Wizard), 366 Preferred DNS Server option, manual configuration of IPv4 addresses, 204 preparing server upgrades, 12–14 Prerequisites Check page (AD DS Configuration Wizard), 262 primary zones, DNS servers, 242 Print and Document Services role, 106–110 adding print servers, 107–108 deploying printers with Group Policy, 109–110 viewing printers, 108–109 print clients, 95 print device, defined, 93 printer control language (PCL), 94 printer drivers defined, 93 managing, 101 printer pools, creating, 105 printers defined, 93 deploying with Group Policy, 109–110 installation, 94 management, 104–106 managing, 108 viewing, 108–109 printer sharing, 99–103 advanced printing configurations, 99 configuring printer security, 102–103 locally attached printer sharing, 95–96 managing printer drivers, 101 network-attached printer sharing, 98–99 network attached printing, 96–98 remote access Easy Print, 101–102 Print Management console, 106 Print Operators group, 292 print queue, 94 print queue window, 103 Print Server option (Select Role Services page), 106 print servers adding, 107–108 defined, 93 deploying, 92–99 understanding Windows printing, 93–94 Windows print architecture, 93 Windows print flexibility, 94–99 managing, 108 print services, configuring, 92–110 deploying print servers, 92–99 understanding Windows printing, 93–94 Windows print architecture, 93 Windows print flexibility, 94–99 document management, 103–104 391 private IPv4 addressing managing printers, 104–106 Print And Document Services role, 106–110 adding print servers, 107–108 deploying printers with Group Policy, 109–110 viewing printers, 108–109 sharing printers, 99–103 configuring printer security, 102–103 managing printer drivers, 101 remote access Easy Print, 101–102 private IPv4 addressing, 201 Private virtual switches, 178 privileges delegating printer privileges, 37 Profile parameter New Connection Security Rule Wizard, 368 New Inbound Rule Wizard, 366 Program parameter (New Inbound Rule Wizard), 365 properties configuring software restriction properties, 349–352 Properties sheet policy setting, 330 Properties sheets, AD Administrative Center/Users and Computers consoles, 288–289 Properties tile (Server Manager), 19–20 property-specific permissions, 299 Protocol And Ports parameter (New Inbound Rule Wizard), 366 protocol numbers, 358 -ProvisioningTypeDefault option (New-StoragePool cmdlet), 53 PTR (Pointer) resource records, 245 public IPv4 addressing, 201 publisher rules, 353 PXE ( Preboot eXecution Environment), 226–227 PXE (Preboot eXecution Environment), 184 Q QoS (Quality of Service), virtual hard disks, 166–167 Quality of Service (QoS), virtual hard disks, 166–167 queries DNS, 238–239 R RAID-5 volumes 392 configuring local storage, 60–62 disks, 46 Readeraid, 134 Read Only Domain Controller (RODC) domain controllers, 261 Rebinding (T2) time value extension, DHCP, 219 recursive queries, DNS, 238 referrals, DNS, 238–239 ReFS file system, 46 relay agents, DHCP, 227–230 remote access Easy Print, 101–102 Remote Desktop Session Host role service, 101 Remote Server Administration tools, 121–122 remote server management configuring servers, 112–122 Remote Server Administration tools, 121–122 Server Manager, 113–121 working with remote servers, 122 remote servers, 122 Remove Features page (Server Manager), 21–22 -Remove flag, 11 Remove Roles And Features Wizard, 10, 271 removing domain controllers, 271–272 Server Graphical Shell feature, 10 renewal process, DHCP IP addresses, 221–223 Renewal (T1) time value extension, DHCP, 219 replication, 268 Requested IP Address extension, DHCP, 219 Requirements parameter (New Connection Security Rule Wizard), 368 reservations, DHCP servers, 225–226 -ResiliencySettingsNameDefault option (NewStoragePool cmdlet), 53 resolvers, DNS, 233 resource access, AD DS users, 276 resource metering, 152–153 resource records, DNS servers, 245–248 Restart The Destination Server Automatically If Desired function, 259 Restricted Groups policies, creating, 306 Reverse Lookup Zone Name page (New Zone Wizard), 247 reverse name resolution, DNS, 240–241 -rmmbr <members> command-line parameter, 308 RODC (Read Only Domain Controller) domain controllers, 261 Select Users dialog box roles adding, Server Manager tool, 29–33 configuring file and share access, 71–89 print and document srevices, 92–110 servers for remote management, 112–122 considerations for server installation, 3–4 deploying to VHDs, 34–35 Hyper-V Server, 134–135 Root Hints, configuring, 248–249 Root Hints tab (DNS server Proeprties sheet), 248–249 Router (Default Gateway) page (New Scope Wizard), 223–224 Routing And Remote Access console, 228 Routing And Remote Access Server Setup Wizard, 228 Rule Type parameter New Connection Security Rule Wizard, 368 New Inbound Rule Wizard, 365 S sales channels, server licensing, 5 SAM account name attribute, 280, 283 -samid <SAMName> command-line parameter, 305 SAM (Security Account Manager), 336 SANs (storage area networks), 167–172 Fibre Channel, 169–170 virtual machines to SANs, 170–172 Schema Admins group, 270 SCM (Security Compliance Manager) tool, 334 SCONFIG interface, 135 scope DHCP servers, 222–224 IPv6 addresses, 206 -scope l|g|u command-line parameter, 305, 307 Scope parameter (New Inbound Rule Wizard), 366 scripting model, DSC, 38 Script Rules node, AppLocker, 353 SCSI disks, 144 SCSI (Small Computer Systems Interface) controllers, 156 -secgrp yes|no command-line parameter, 304, 307 secondary zones, DNS servers, 243 secure desktop, configuring User Account Control, 341 security AD DS authentication and authorization, 276 Group Policy security policies, 328–342 defining local policies, 328–333 local users and groups, 336–339 security templates, 333–336 User Account Control, 339–342 Group Policy software restriction policies, 345–354 AppLocker, 352–354 configuring properties, 349–352 configuring rules, 347–349 enforcing restrictions, 346–347 using multiple rules, 349 printers, 102–103 Security Account Manager (SAM), 336 Security Compliance Manager (SCM) tool, 334 security filtering, Group Policy Management Console, 321–322 security identifiers (SIDs), 83 Security Levels folder (Software Restriction Policies node), 345 Security Options node, GPOs, 332–333 security-related groups, 301 security templates, 333–336 creating, 335 importing into GPOs, 335–336 Security Template snap-in, 334 settings, 335 Security Templates snap-in, 334 Select A Domain From The Forest dialog box, 263 Select Destination Server page (Add Roles and Features Wizard), 30–31, 35 Select Disks page (New Volume Wizard), 61 Select Features page (Add Roles and Features Wizard), 32 Select GPO dialog box, 321 Select Installation Type page (Add Roles and Features Wizard), 29 Select Physical Disks For the Storage Pool page (New Storage Pool Wizard), 51 Select Print Server dialog box, 107 Select Server Roles page (Add Roles and Features Wizard), 31–32 Select The Profile For This Share page (New Share Wizard), 73–74 Select The Server And Storage Pool page (Server Manager), 53 Select The Storage Layout page (Server Manager), 53– 54 Select Users dialog box, 339 393 self-allocation, assigning IPv6 addresses self-allocation, assigning IPv6 addresses, 208–209 server caching DNS, 236–238 Server Core installing AD DS on, 266–268 Server Core installation option, 6–9 Server Core interface Hyper-V Server, 135 Server for NFS role service, 73 Server Graphical Shell feature, removing, 10 server groups, creating, 120–121 Server Identifier extension, DHCP, 219 Server Manager, 26–35 adding roles and features, 29–33 adding servers, 26–29 deploying roles to VHDs, 34–35 remote management, 113–121 adding servers, 113–114 creating server groups, 120–121 down-level servers, 118–120 non-domain joined servers, 115–116 Windows Server 2012 R2 servers, 115–118 Server Message Blocks (SMB), 73 Server Operators group, 292 servers adding, Server Manager, 113–114 adding, Server Manager tool, 26–29 configuring, 18–37 delegating server administration, 37 DSC (Desired State Configuration), 37–38 postinstallation tasks, 18–25 remote management, 112–122 Server Manager tool, 26–35 services, 36–37 DHCP, 222–227 configuring DHCP options, 224–225 creating a scope, 222–224 creating reservations, 225–226 PXE, 226–227 DNS, 241–248 configuring settings, 247–248 creating zones, 242–245 resource records, 245–248 installation, 2–15 Features on Demand, 10–11 migrating roles, 14–15 Minimal Server Interface, 9–10 planning installation, 2–6 394 Server Core, 6–9 upgrades, 12–15 print servers, 92–99 adding, 107–108 understanding Windows printing, 93–94 Windows print architecture, 93 Windows print flexibility, 94–99 SAN connections, 168–172 services configuring servers, 36–37 Services tile (Server Manager), 36 setting printer priorities, 104–106 share permissions, 81–83 settings disks, 43–46 disk types, 44–45 partition style, 43–44 volumes, 45–46 VMs (virtual machines), 131–155 Hyper-V implementations, 133–136 Hyper-V Manager, 138–154 installing Hyper-V, 136–138 resource metering, 152–153 virtualization architectures, 132–133 Settings dialog box, new virtual machines, 143–144 Setup program, Compatability Report page, 13 Set-VMMemory cmdlet, 152 Shadow Copies dialog box, 86 share access, files configuring, 71–89 folder shares, 72–77 NTFS quotas, 87–88 permissions, 77–86 Volume Shadow Copies, 86–87 Work Folders, 89 share permissions, 77, 81–83 Share Permissions tab (shared folders), 81 sharing folders, 72–77 sharing printers, 99–103 advanced printing configurations, 99 configuring printer security, 102–103 locally attached printer sharing, 95–96 managing printer drivers, 101 network-attached printer sharing, 98–99 network attached printing, 96–98 remote access Easy Print, 101–102 Shrink function (Edit Virtual Hard Disk Wizard), 165 subnetting SIDs (security identifiers), 83 Simple storage layout option, 54 simple volumes disks, 45 Single-Root I/O Virtualization (hardware acceleration setting), 185 single users, AD DS, 278–282 Small Computer Systems Interface (SCSI) controllers, 156 smart paging, 152–153 Smart Paging File Location settings, 152 SMB (Server Message Blocks), 73 SMB Share-Advanced option (File Share Profile list), 74 SMB Share-Applications option (File Share Profile list), 74 SMB Share-Quick option (File Share Profile list), 74 snap-ins Group Policy Object Editor, 324 Local Users and Groups, 337–339 Security Templates, 334 Windows Firewall with Advanced Security, 363–368 snapshots, 165 SOA (Start of Authority) resource records, 245 SOA (Start Of Authority) tab (DNS server Properties sheet), 237–238 software restriction policies (GP), 345–354 AppLocker, 352–354 configuring restriction properties, 349–352 configuring rules, 347–349 enforcing restrictions, 346–347 Software Settings subnode, 323 spanned volumes configuring local storage, 60–62 disks, 45 special permissions, 78 Specify An Alternate Source Path function, 259 Specify A Storage Pool Name and Subsystem page (New Storage Pool Wizard), 50–51 Specify Generation page (New Virtual Machine Wizard), 144 Specify The Provisioning Type page (Server Manager), 54 Specify The Size Of The Virtual Disk page (Server Manager), 55–56 Specify The Virtual Disk Name page (Server Manager), 53 Specify Volume Size page (New Simple Volume Wizard), 57 spooler (print queue), 94 Standard edition, 3 Hyper-V licensing, 134 support for Hyper-V, 4 standard permissions, 78 starter GPOs, 319, 322 Start of Authority (SOA) resource records, 245 Start Of Authority (SOA) tab (DNS server Properties sheet), 237–238 Startup RAM setting, Dynamic Memory, 151 stateless IPv6 address autoconfiguration, 208–209 states, Features on Demand, 11 Static MAC Address (advanced network adapter feature), 185 static teaming, 22 storage configuring local storage, 41–63 disks, 46–63 disk settings, 43–46 planning storage needs, 41–43 virtual machines, 156–173 checkpoints, 165–166 connecting to a SAN, 167–172 modifying virtual disks, 164–165 pass-through disks, 163–164 QoS (Quality of Service), 166–167 virtual disk formats, 156–157 virtual disks, 157–163 storage area networks (SANs), 167–172 Fibre Channel, 169–170 virtual machines to SANs, 170–172 storage pools configuring local storage, 50–53 Storage Pools tile (Server Manager), 50 Storage Services role, 73 Storage Spaces, 42–43 striped volumes configuring local storage, 60–62 disks, 45 stub zones, DNS servers, 243 subdomains of in-addr.arpa domain, 240–241 Subnet ID, IP addresses, 210 subnet mask, IP addresses, 198 Subnet Mask option, manual configuration of IPv4 addresses, 204 subnetting IPv4 addressing, 201–202 IPv6 addresses, 210–211 395 Subtractive permission management task Subtractive permission management task, 79 supernetting, IPv4 addressing, 202–203 Switch Dependent Mode, NIC teaming, 22 switches, virtual, 175–181 creating a new switch, 177–179 default virtual switches, 175–176 MAC addresses, 179–180 Switch Independent Mode, NIC teaming, 22 sync shares, 89 synthetic adapters, 183–184 System Properties sheets, 289 T Tasks To Delegate page (Delegation of Control Wizard), 299 TCP (Transmission Control Protocol) ports, 96 telephoneNumber attribute, 283 Teredo, IP transitioning, 214 TFTP (Trivial File Transfer Protocol), 227 Thin Provisioning Type option, 55 Time Synchronization function (Guest Integration Services), 147 time to live (TTL), 237 Transmission Control Protocol (TCP) ports, 96 Trivial File Transfer Protocol (TFTP), 227 Trusted Publishers properties, 351–352 TTL (time to live), 237 tunneling, IP transitioning, 212–213 two-level subnet option, subnetting IPv6 addresses, 210 Type II virtualization, 132 Type I virtualization, 133 U UAC (User Account Control), Group Policy security, 339–342 UEFI boot, 144 Unicast transmissions, IPv6 addressing, 206 uninstalling features, Remove Features page, 21–22 Uninstall-WindowsFeature cmdlet, 11 unique local unicast addresses, IPv6, 207 universal groups, AD DS, 302 Unrestricted approach, enforcing restrictions, 346 upgrade paths, servers, 12 396 upgrades servers, 12–15 preparing to upgrade, 12–14 upgrade paths, 12 upgrading AD DS, 269–270 Guest Integration Services, 147–148 USB-connected printers, 99 Use An Existing Virtual Hard Disk option, Connect Virtual Hard Disk page, 158 User Account Control Settings dialog box, 342 User Account Control (UAC), Group Policy security, 339–342 User Accounts control panel, configuring local users, 336–337 user objects, AD DS, 276–285 creating multiple users, 283–285 single users, 278–282 user templates, 282–283 userPrincipalName attribute, 283 user rights local security policies, 331–333 user rights, assigning, 292 User Rights Assignment settings, 331–333 users AD DS, 276–293 Active Directory objects, 288–293 creating user objects, 276–285 Group Policy security policies, 336–339 User-specific Group Policy layer, 324 user templates, AD DS, 282–283 V Validation Results dialog box, 271 variable length subnet masking (VLSM), 200 VHDs (virtual hard disks) creating and mounting, 48–50 deploying roles to, 34–35 VHDX image files, 157 viewing printers, 108–109 View Results page New Storage Pool Wizard, 52 Server Manager, 56 virtual disks WinRM configuring local storage, 53–57 creating, 157–163 formats, 156–157 modifying, 164–165 pass-through disks, 163–164 QoS (Quality of Service), 166–167 Virtual Hard Disk Format options, 49 virtual hard disks (VHDs) creating and mounting, 48–50 deploying roles to, 34–36 Virtual Hard Disk Type options, 49 virtualization considerations for server installation, 4–5 virtualization architectures, 132–133 Virtualization Service Client (VSC), 183 Virtualization Service Provider (VSP), 183 Virtual Machine Migration page (Add Roles and Features Wizard), 137–138 virtual machine monitor (VMM), 131 virtual machines. See VMs virtual network adapters, 181–185 advanced network adapter features, 185 emulated adapters, 183–184 hardware acceleration settings, 184–185 synthetic adapters, 183–184 virtual networks creating and configuring, 174–188 configurations, 188–189 NIC teaming, 185–188 virtual network adapters, 181–185 virtual switches, 175–181 virtual operating system environment (VOSE) installation, 4 virtual switches, 175–181 creating a new switch, 177–179 default virtual switches, 175–176 MAC addresses, 179–180 Virtual Switch Manager dialog box, 177 Virtual Switch Properties page, 179 Virtual Switch Properties settings, NIC team switch, 187 VLSM (variable length subnet masking), 200 VMBus, 183 VMM (virtual machine monitor), 131 VMs connecting to SANs, 170–172 creating and configuring settings, 131–155 Hyper-V implementations, 133–136 Hyper-V Manager, 138–154 installing Hyper-V, 136–138 resource metering, 152–153 virtualization architectures, 132–133 creating and configuring storage, 156–173 checkpoints, 165–166 connecting to a SAN, 167–172 modifying virtual disks, 164–165 pass-through disks, 163–164 QoS (Quality of Service), 166–167 virtual disk formats, 156–157 virtual disks, 157–163 Volume Label option, Configuring the Format Partition page, 59 volumes configuring local storage, 56–62 disks, 45–46 Volume Shadow Copies, 86–87 VOSE (virtual operating system environment) installation, 4 VSC (Virtualization Service Client), 183 VSP (Virtualization Service Provider), 183 W windows NIC Teaming, 23 Windows Azure Infrastructure as a Service (IaaS), 270–271 Windows Firewall, 357–368 configuring, 116–118 control panel applet, 359–363 settings, 357–358 Windows Firewall With Advanced Security snapin, 363–368 Windows Firewall With Advanced Security snapin, 363–368 Windows Installer Rules node, AppLocker, 353 Windows PowerShell, 277 creating computer objects, 288 creating single AD DS users, 281 creating user objects, 285 installing AD DS on Server Core, 266–268 Windows Remote Management (HTTP-In) rules, 119 Windows Server 2012 R2 servers managing, 115–118 Windows Settings subnode, 323 WinRM 397 WINS Servers page (New Scope Wizard) configuring, 116–117 WINS Servers page (New Scope Wizard), 224 wizards Active Directory Domain Services Configuration, 259 Active Directory Domain Services Installation, 259 Add Printer, 99 Add Roles And Features Create Virtual Switches page, 137 Virtual Machine Migration page, 137–138 Automatically Generate Rules, 354 Configure Remote Access Getting Started, 228 Copy Object-User, 282 Delegation of Control, 298 Edit Virtual Hard Disk, 164–165 New Connection Security Rule, 367 New Inbound (or Outbound) Rule, 365 New Object - Computer, 287 New Object - User, 279 New Scope, 223 configuring DHCP options, 224–225 New Share, 73–74 New Simple Volume, 57 New Storage Pool, 50 New Virtual Machine Configure Networking page, 140 Connect Virtual Hard Disk page, 141–142, 157 Specify Generation page, 144 New Zone, 244 Remove Roles And Features, 10, 271 Routing And Remote Access Server Setup, 228 Work Folders, configuring, 89 World Wide Node Names (WWNNs), 170–171 World Wide Port Names (WWPNs), 170–171 WWNNs (World Wide Node Names), 170–171 WWPNs (World Wide Port Names), 170–171 X XD (eXecute Disable), 136 Z zones, DNS servers, 242–245 398
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project
Related manuals
Download PDF
advertisement