Preparation guide for 70-743 – Upgrading Your Skills to MCSA: Windows Server 2016

Posted on October 27, 2016 by Arnaud

blogtw

If you are MCSA certified on Windows Server 2012 or Windows Server 2008, you might want to upgrade your certification to Windows Server 2016. Fortunately you don’t have to go through the whole curriculum again and can just upgrade to MCSA Windows Server 2016 with one exam.

As an upgrade certification, 70-473 mainly verifies that you know the new features and differences compared to Windows Server 2012, so a very nice starting point is to review all the “What’s new in Windows Server 2016” sections for the different technologies and study their prerequisites, deployments methods and management techniques. The outline of this certification is located here: https://www.microsoft.com/en-us/learning/exam-70-743.aspx

Generally speaking the Windows Server 2016 docs center is a wealth of information and you can access it here: https://technet.microsoft.com/windows-server-docs/get-started/Windows-Server-2016

Below is my list of links mapping to the different exam categories. This list is here to help you review before going to the exam, but of course is not sufficient to pass and you will need some hands-on experience to succeed.

Install Windows Servers in host and compute environments

There has been some significant improvements in the toolset you use to manage Windows, including a whole set of commands to manage the new DIY edition of Windows: Nano Server. In this area we check your basic knowledge of DSC to manage configurations of Windows, and let me remind you that you cannot anymore switch from graphical to core editions of Windows and vice/versa. Very importantly we want to make sure you know how to service images online or offline.

General changes related to installation and management are documented here – https://technet.microsoft.com/en-us/windows-server-docs/management/management-and-automation

Implement storage solutions

In this section we verify that you know how to configure a resilient storage infrastructure including support for DCB, Multipath IO and SMB 3.0. We verify that you know the scenarios and mechanisms for Storage replica server to server, cluster-to-cluster and in stretch cluster topology.

General changes related to storage are documented here: What’s new in storage in Windows Server 2016 – https://technet.microsoft.com/en-us/windows-server-docs/storage/whats-new-in-storage

Implement Server Storage

What’s new in Storage Replica for Windows Server 2016 – https://technet.microsoft.com/en-us/windows-server-docs/storage/storage-replica/storage-replica-overview
VIDEO: Storage Replica in Windows Server 2016 – https://channel9.msdn.com/Blogs/windowsserver/Storage-Replica-in-Windows-Server-2016
VIDEO: Drill into Storage Replica in Windows Server 2016 https://myignite.microsoft.com/videos/2689
Frequently Asked Questions about Storage Replica – https://technet.microsoft.com/windows-server-docs/storage/storage-replica/storage-replica-frequently-asked-questions
Cluster to cluster Storage Replication – https://technet.microsoft.com/en-us/windows-server-docs/storage/storage-replica/cluster-to-cluster-storage-replication
Server to Server Storage Replication – https://technet.microsoft.com/en-us/windows-server-docs/storage/storage-replica/server-to-server-storage-replication
Storage Quality of Service – https://technet.microsoft.com/en-us/windows-server-docs/storage/storage-qos/storage-qos-overview

Implement Data Deduplication

What’s New in Data Deduplication – https://technet.microsoft.com/en-us/windows-server-docs/storage/data-deduplication/whats-new
VIDEO: Data Deduplication in Windows Server 2016 – https://channel9.msdn.com/Blogs/windowsserver/Data-Deduplication-in-Windows-Server-2016
Understanding Data Deduplication – https://technet.microsoft.com/en-us/windows-server-docs/storage/data-deduplication/understand
Data Deduplication CmdLets – https://technet.microsoft.com/en-us/library/hh848450.aspx
Set-DedupVolume – https://technet.microsoft.com/en-us/library/hh848438.aspx

Implement Hyper-V

Hyper-V has evolved and now allows nested virtualization, secure boot with Linux VM, and PowerShell direct. Production checkpoints allows to do VM “snapshots” that are using VSS providers so that you can use that as a valid “backup”. Shielded VM (preventing the fabric administrator to access the VM data and to run the VM in another fabric.) are also a topic to work before you go to the exam.

All the details are here: What’s new on Hyper-V on Windows Server 2016 – https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/what-s-new-in-hyper-v-on-windows

Install and configure Hyper-V

System requirements for Hyper-V on Windows Server 2016 – https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/system-requirements-for-hyper-v-on-windows
Set up hosts for live migration without Failover Clustering – https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/deploy/set-up-hosts-for-live-migration-without-failover-clustering
Hyper-V CmdLets – https://technet.microsoft.com/en-us/library/hh848559.aspx
Manage Windows virtual machines with PowerShell Direct – https://technet.microsoft.com/windows-server-docs/compute/hyper-v/manage/manage-windows-virtual-machines-with-powershell-direct
Hyper-V feature compatibility by generation and guest – https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/hyper-v-feature-compatibility-by-generation-and-guest

Configure virtual machine (VM) settings

Choose between standard or production checkpoints in Hyper-V – https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/manage/choose-between-standard-or-production-checkpoints-in-hyper-v
Manage Windows virtual machines with PowerShell Direct – https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/manage/manage-windows-virtual-machines-with-powershell-direct
Run Hyper-V in a Virtual Machine with Nested Virtualization – https://msdn.microsoft.com/virtualization/hyperv_on_windows/user_guide/nesting

Configure Hyper-V storage

Understand Microsoft Hyper Converged Solution – https://gallery.technet.microsoft.com/Understand-Hyper-Converged-bae286dd

Configure Hyper-V networking

Hyper-V Virtual Switch Reference – https://technet.microsoft.com/windows-server-docs/networking/technologies/hyper-v-virtual-switch/hyper-v-virtual-switch

Implement Windows containers

Containers is a new way to deploy and manage applications in Windows. You can deploy and manage containers using Docker on Windows as on Linux.

Windows Containers Documentation – https://msdn.microsoft.com/virtualization/windowscontainers/containers_welcome

Deploy Windows containers

Windows container requirements – https://msdn.microsoft.com/en-us/virtualization/windowscontainers/deployment/system_requirements
Windows Containers – https://msdn.microsoft.com/virtualization/windowscontainers/about/about_overview
Windows Containers vs. Hyper-V Containers in Windows Server 2016 – http://social.technet.microsoft.com/wiki/contents/articles/33664.windows-containers-vs-hyper-v-containers-in-windows-server-2016.aspx
Windows Containers Quickstart – https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start
Manage data in containers – https://docs.docker.com/engine/tutorials/dockervolumes/
Understanding Docker for Absolute Beginners – http://social.technet.microsoft.com/wiki/contents/articles/34082.understanding-docker-for-absolute-beginners.aspx

Manage Windows containers

Docker and Windows – https://docs.docker.com/engine/installation/windows/ and https://docs.docker.com/docker-for-windows/
Docker Engine on Windows – https://msdn.microsoft.com/en-us/virtualization/windowscontainers/docker/configure_docker_daemon
Container Networking – https://msdn.microsoft.com/en-us/virtualization/windowscontainers/management/container_networking
Optimize Windows Dockerfiles https://msdn.microsoft.com/en-us/virtualization/windowscontainers/docker/optimize_windows_dockerfile
Patching Docker Containers – The Balance of Secure and Functional – https://blogs.msdn.microsoft.com/stevelasker/2016/10/15/patching-docker-containers/

Implement high availability

Just to name a few important features to work on: Cluster Operating System Rolling Upgrade, Storage Replica and cloud witness

What’s new in Failover Clustering in Windows Server 2016 – https://technet.microsoft.com/en-us/windows-server-docs/failover-clustering/whats-new-in-failover-clustering

Implement high availability and disaster recovery options in Hyper-V

Cluster Node Fairness- https://blogs.msdn.microsoft.com/clustering/2016/04/29/failover-cluster-node-fairness-in-windows-server-2016/
Virtual Machine Load Balancing overview – https://technet.microsoft.com/en-us/windows-server-docs/failover-clustering/vm-load-balancing-overview

Implement failover clustering

Cloud Witness – https://blogs.msdn.microsoft.com/clustering/2014/11/13/introducing-cloud-witness/
VIDEO: Windows Server 2016 Failover Clustering – https://myignite.microsoft.com/videos/3133
Cluster operating system rolling upgrade – https://technet.microsoft.com/en-us/windows-server-docs/failover-clustering/cluster-operating-system-rolling-upgrade

Implement Storage Spaces Direct

Storage Space Direct in WS 2016 – https://technet.microsoft.com/en-us/windows-server-docs/storage/storage-spaces/storage-spaces-direct-overview
VIDEO: Storage Spaces Direct in Windows Server 2016 – https://channel9.msdn.com/Blogs/windowsserver/Storage-Spaces-Direct-in-Windows-Server-2016
VIDEO: Storage Spaces Direct, the ultimate software-defined storage for Hyper-V – https://myignite.microsoft.com/videos/2771
Health Service in Windows Server 2016 – https://technet.microsoft.com/en-us/windows-server-docs/failover-clustering/health-service-overview

Manage failover clustering

Failover Cluster Cmdlets in Windows PowerShell – https://technet.microsoft.com/en-us/library/hh847239.aspx
Failover Clustering Sets for Start Ordering – https://blogs.msdn.microsoft.com/clustering/2016/10/10/failover-clustering-sets-for-start-ordering/

Manage VM movement in clustered nodes

Fault domain awareness in Windows Server 2016 – https://technet.microsoft.com/en-us/windows-server-docs/failover-clustering/fault-domains

Implement Domain Name System (DNS)

The DNS service in Windows Server 2016 implements a couple of new features like policies which allows you to send different results to client request based on criteria like subnets or hour of the day. It allows also to query IPv6 root hints by default and has a request pacer to limit request-intensive clients.

What’s new in DNS in Windows Server 2016 – https://technet.microsoft.com/en-us/windows-server-docs/networking/dns/what-s-new-in-dns-server

Install and configure DNS servers

DNS Policies Overview – https://technet.microsoft.com/en-us/windows-server-docs/networking/dns/deploy/dns-policies-overview
VIDEO: Reduce cost and increase flexibility with Windows Server 2016 DDI in your datacenter – https://myignite.microsoft.com/videos/3125

Implement IP Address Management (IPAM)

Windows IPAM has new scenarios and integrated management possibilities. It will basically allows you to manage more efficiently your DNS and DHCP infrastructure without having the need to logon to the different consoles and granting you a better view on the whole infrastructure, physical or virtualized with VMM.

What’s new in IPAM – https://technet.microsoft.com/en-us/windows-server-docs/networking/technologies/ipam/what-s-new-in-ipam

Install and configure IPAM

IPAM Deployment Planning – https://technet.microsoft.com/en-us/library/jj878312(v=ws.11).aspx
VIDEO: Reduce cost and increase flexibility with Windows Server 2016 DDI in your datacenter – https://myignite.microsoft.com/videos/3125

Manage DNS and DHCP using IPAM

VIDEO: Windows Server 2016: DNS management in IPAM- https://channel9.msdn.com/blogs/windowsserver/windows-server-2016-dns-management-in-ipam
Manage IPAM – https://technet.microsoft.com/windows-server-docs/networking/technologies/ipam/manage-ipam
IP Address Management (IPAM) Server Cmdlets in Windows PowerShell – https://technet.microsoft.com/library/jj553807.aspx
Manage Role Based Access Control with Server Manager – https://technet.microsoft.com/en-us/windows-server-docs/networking/technologies/ipam/manage-role-based-access-control-with-server-manager
Manage Role Based Access Control with Windows PowerShell – https://technet.microsoft.com/en-us/windows-server-docs/networking/technologies/ipam/manage-role-based-access-control-with-windows-powershell

Implement network connectivity and remote access solutions

DirectAcccess had no major evolution in Windows Server 2016, so you can rely on your Windows Server 2012 R2 knowledge. Most of the new features are related to SDN multi-tenant gateway implementation and BGP support.

Implement virtual private network (VPN) and DirectAccess solutions

DirectAccess Reference – https://technet.microsoft.com/en-us/windows-server-docs/networking/remote-access/directaccess/directaccess
Border Gateway Protocol (BGP) – https://technet.microsoft.com/en-us/windows-server-docs/networking/remote-access/bgp/border-gateway-protocol-bgp
RAS Gateway – https://technet.microsoft.com/en-us/windows-server-docs/networking/remote-access/ras-gateway/ras-gateway

Implement an advanced network infrastructure

In this section, we evaluate your knowledge of the new SDN architecture of Windows Server 2016. It now has a real SDN controller which is acting as a central point to manage and deploy network definitions and policies via software calls.

Windows Server 2016 Supported Networking Scenarios – https://technet.microsoft.com/en-us/windows-server-docs/networking/windows-server-2016-supported-networking-scenarios

Implement high performance network solutions

Remote Direct Memory Access (RDMA) and Switch Embedded Teaming (SET) – https://technet.microsoft.com/en-us/library/mt403349.aspx?f=255&MSPPError=-2147217396
Create a New NIC Team on a Host Computer or VM – https://technet.microsoft.com/en-us/windows-server-docs/networking/technologies/nic-teaming/create-a-new-nic-team-on-a-host-computer-or-vm

Determine scenarios and requirements for implementing software-defined networking (SDN)

Network Controller – https://technet.microsoft.com/en-us/library/dn859239.aspx
VIDEO: Microsegment and secure your networks with the Azure inspired Software Defined Networking- https://myignite.microsoft.com/videos/2872
Plan for Hyper-V networking in Windows Server 2016 – https://technet.microsoft.com/en-us/windows-server-docs/compute/hyper-v/plan/plan-for-hyper-v-networking-in-windows-server-2016
Software Load Balancing (SLB) for SDN – https://technet.microsoft.com/en-us/windows-server-docs/networking/sdn/technologies/network-function-virtualization/software-load-balancing–slb–for-sdn
VIDEO: Software-defined Networking Load Balancer in Windows Server 2016 – https://channel9.msdn.com/Blogs/windowsserver/Software-defined-Networking-Load-Balancer-in-Windows-Server-2016
RAS Gateway for SDN – https://technet.microsoft.com/en-us/windows-server-docs/networking/sdn/technologies/network-function-virtualization/ras-gateway-for-sdn
System Center Technologies for Software Defined Networking – https://technet.microsoft.com/en-us/windows-server-docs/networking/sdn/sc-tech-for-sdn

Install and configure Active Directory Domain Services (AD DS)

AD has new features mainly related to Azure AD integration, better security and Just in Time Admin concepts. For the exam, we will also check that you know how to administer replication topology and FSMO roles operations in PowerShell.

What’s new in Active Directory Domain Services for Windows Server 2016 – https://technet.microsoft.com/en-us/windows-server-docs/identity/whats-new-active-directory-domain-services

Install and configure domain controllers

VIDEO: Ten Reasons you’ll love Windows Server 2016: Active Directory and Identity – https://channel9.msdn.com/Blogs/windowsserver/Active-Directory-and-Identity
Advanced Active Directory Replication and Topology Management Using Windows PowerShell – https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-ds/manage/powershell/advanced-active-directory-replication-and-topology-management-using-windows-powershell–level-200-
Move-ADDirectoryServerOperationMasterRole – https://technet.microsoft.com/en-us/library/hh852302(v=wps.630).aspx

Implement identity federation and access solutions

In this section, we exam the new features and mostly evaluate your PowerShell skills as most of the configuration happens here in scripting.

Install and configure Active Directory Federation Services (AD FS)

What’s new in Active Directory Federation Services for Windows Server 2016 – https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/overview/whats-new-active-directory-federation-services-windows-server-2016
VIDEO: What’s new in Active Directory Federation and domain services in Windows Server 2016 – https://myignite.microsoft.com/videos/20528
Windows Server 2016 and 2012 R2 AD FS Deployment Guide – https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/deployment/windows-server-2012-r2-ad-fs-deployment-guide

Implement Web Application Proxy (WAP)

Web Application Proxy in Windows Server 2016 – https://technet.microsoft.com/en-us/windows-server-docs/identity/web-application-proxy/web-application-proxy-windows-server
Publishing Applications using AD FS Preauthentication – https://technet.microsoft.com/en-us/windows-server-docs/identity/web-application-proxy/publishing-applications-using-ad-fs-preauthentication
Publishing Applications with WAP for SharePoint, Exchange and RDG – https://technet.microsoft.com/en-us/windows-server-docs/identity/web-application-proxy/publishing-applications-with-sharepoint,-exchange-and-rdg

Good luck for the exam! Would be happy to hear if that helped you pass!

Arnaud

Virtualized Services Directory on Hyper-V for Windows Server 2012 R2 – part 2

Posted on August 17, 2016 by Arnaud

In the previous article of this serie, we deployed an empty VM to host our VSD server, in this second part, we are getting serious and deploy the Linux OS and the VSD server role!

Proceed to CentOS 6.7 Installation

We will proceed to default minimal install of Centos 6.7:

1.	Double click on the Contoso – VSD VM and click the Power Button to start it.
2.	Start the setup of CentOS:
3.	Proceed to setup choosing the desired keyboard, then select “Basic Storage Device” and “Yes, Discard Any Data” Type the hostname for this machine “vsd.contoso.local” and the desired timezone. Select the root password and Use All Space, Write Changes to Disk. Click Done and Begin Installation.
4.	Once the setup is finished, restart the virtual machine and log in to do basic networking setup: dhclient eth0 In order to edit my configuration files, I don’t like vi and I prefer nano, so I get it online. sudo yum install nano –y Edit the file Ethernet NIC settings to match your network: nano /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=”eth0″ NM_CONTROLLED=”no” ONBOOT=”yes” TYPE=”Ethernet” BOOTPROTO=”static” IPADDR=192.168.0.95 GATEWAY=192.168.0.1 NETMASK=255.255.255.0 Then verify the network name: nano /etc/sysconfig/network NETWORKING=yes HOSTNAME=vsd.contoso.local Add the server IP address to the host file: nano /etc/hosts 192.168.0.95 vsd.contoso.local Restart networking: nano service network restart Check your hostname settings with the following command: hostname -f
5.	Install and configure NTP service: sudo yum install ntp -y sudo nano /etc/ntp.conf Modify the ntp.conf to have the internal server: nano /etc/ntp.conf server 192.168.0.211 We choose to use a local NTP server in our environment with IP address 192.168.0.211. Please note that Microsoft Active Directory provides a NTP server feature, however, we are not able to use it as a time source for VSD, so we use an alternate NTP Server. Save the file and restart the NTP client: sudo service ntpd restart Set the ntpd service to start automatically: sudo chkconfig ntpd on Verify that host is synchronized by using the following command: ntpstat
6.	We will pin our distribution to CentOS 6.7 repository in order to avoid it to be upgraded to later builds. We create a new file with repo information: sudo nano /etc/yum.repos.d/c67.repo [c67] name=CentOS67 enabled=1 gpgcheck=0 baseurl=http://vault.centos.org/6.7/os/x86_64/
7.	Install dependencies sudo yum install openssh-clients libedit bind-utils -y

Linux Integration Services Update

Microsoft regularly updates Kernel driver and user mode components in order to make Linux work best and add new supported features. We need to install Linux Integrated Services (LIS) in order to ensure best behavior.

1.	Open a SSH session to the newly configured machine, in this guide, we use MobaXTerm:
2.	Download LIS 4.1.2 components from Microsoft Website with the following command: sudo yum install wget -y wget https://download.microsoft.com/download/7/6/B/76BE7A6E-E39F-436C-9353-F4B44EF966E9/lis-rpms-4.1.2-1.tar.gz
3.	Extract the files using the following command: tar -xvzf lis-rpms-4.1.2-1.tar.gz
4.	Update the components using: cd LISISO/ sudo ./upgrade.sh
5.	Once the setup is finished, restart the virtual machine and log back in.

Deploying the VSD Components on the VM

In this section, we will copy the VSD installation binaries to the VSD VM and proceed to setup.

1.	Extract the “Nuage-VSD--ISO.tar.gz” file that you have downloaded. Get the .ISO file and go to Hyper-V manager and mount it to the “CONTOSO-VSD*” VM.
2.	Mount the ISO file on your system: sudo mkdir /media/cdrom sudo mount /dev/sr0 /media/cdrom
3.	Launch VSD Setup process: cd /media/cdrom sudo ./install.sh Select standalone option by hitting s and confirm with yes.
4.	Wait for the install to finish, note that it can take several minutes. Once the setup is finished, you can check that all the components are active using the following command: monit summary This should display you the following output for a fully ready environment:

Verify that VSD is operational

Once the setup has completed, you can verify the configuration and log in the portal for the first time. After reviewing operations, you will be able to install a product key to start using licensed features of your VSD.

Open your favorite browser and enter the URL:

https://192.168.0.95:8443

Add exception to your browser as this is expected for a first configuration running with self-signed certificate

Welcome to the world of VSD!

So that you have VSD installed, you can start playing and creating organizations, networks, network policies.

But in order to have it enforced somewhere, you need a network controller. Monitor this blog and we will review the steps to make Nuage Networks controller run on Hyper-V!

For more information:

Homepage: http://www.nuagenetworks.net/products/virtualized-services-platform/
Datasheet: http://www.nuagenetworks.net/wp-content/uploads/2014/11/MKT2014097652EN_NN_VSP_Virtualized_Services_Platform_R3_Datasheet.pdf
Supported Linux and FreeBSD virtual machines for Hyper-V on Windows – https://technet.microsoft.com/en-us/library/dn531030.aspx
Supported CentOS and Red Hat Enterprise Linux virtual machines on Hyper-V – https://technet.microsoft.com/en-us/library/dn531026.aspx
Best practices for running Linux on Hyper-V – https://technet.microsoft.com/en-us/library/dn720239.aspx

You can also reach me at my email if you need more info and trial: [first].[last]@nuagenetworks.net!

Arnaud

Virtualized Services Directory on Hyper-V for Windows Server 2012 R2 – part 1

Posted on August 12, 2016 by Arnaud

In Nuage Networks solutions family (see previous post for a quick intro), Virtualized Services Directory is the foundation for enterprise-class SDN. VSD serves as a policy, business logic and analytics engine for the network services.

VSD includes the architect role, a HTML5-based UI that allows operations to occur in a user-friendly way. It also comes with a command line interface and every single operation can also be done by REST API calls.

VSD contains a multi-tenanted service directory that supports role-based administration of users, compute and network resources. It also manages network resource assignments such as IP and MAC addresses.

For the purpose of network service assurance, the VSD allows the definition of statistics rules such as collection frequencies, rolling averages and samples, as well as Threshold Crossing Alerts. When a TCA occurs, it will trigger an event that can be exported to external systems through a generic messaging bus. Statistics are aggregated over hours, days and months and stored in an analytics cluster to facilitate data mining and performance reporting.

VSD Supported Configurations

VSD supported configurations are detailed here, but in a nutshell, VSD is composed of two roles:

VSD Server itself
VSD Statistics server (can be a Hadoop or Elastic Search storage)

In this post, I will focus on VSD Server itself.

The VSD can be deployed stand-alone for testing and validation environments, and will be deployed in clusters for production environments in order to achieve high-availability and scaling needs.

As a customer, Nuage Networks provides you with the following form factors for VSD server deployment:

VMware Image: supported on ESXi 5.5/6.0
QCOW Image: supported on KVM for CentOS 6.X, RHEL 6.X/7.X
ISO file for your own setup.

The ISO files allows it to be deployed on a physical server running: CentOS and RHEL versions 6.5, 6.6 and 6.7 with minimal install.

Objectives of this setup

So there is no reference to Hyper-V in the supported platforms list, but it was too tempting for me not to test it’s installation and running.

Warning! This post does not depict any current Nuage Networks best practice nor supported configuration for hosting VSD platform.

I will provide here some platform-level recommendations to make VSD usable for some small demo/POC environments where you want the platform to be usable and stable.

We will deploy a VSD role on a Hyper-V host name CLOUDHOST, which is running Windows Server 2012 R2. This host has an external virtual switch called “Management” which is linked to the datacenter world and has connectivity to the Internet.

Prerequisites for this setup

In order to start with this setup, you should have the following elements available:

A running Windows Server 2012 R2 host machine with Hyper-V role, management console and PowerShell enabled.
Latest VSD binaries from Nokia Online Support Center.
CentOS 6.7 ISO Minimal Install Setup files.
SSH Client: Anything like Putty, I personally like MobaXterm.
A NTP server.
The VSD VM will need internet connectivity to download various components during the setup process.

VSD VM Recommendations for Hyper-V

The first step consists of creating a Hyper-V Virtual Machine with CentOS 6.7 binaries installed. The specifics recommended parameters (Recommended by me, not officially Nuage Networks!) for this VM are:

Configuration item	Recommended value
VM Generation	Generation 1
RAM	8192 GB (bare minimum) NO dynamic memory used
Processor	4 vCPU or more
Disk type and Size	Use VHDX format Dynamic Size (127 GB by default)
NIC Configuration	1 VNIC for management Use Synthetic NIC and not the emulated (legacy)
Integration services	NOT using the Time Synchronization option Stop action: Shutdown the guest operating system

VM Creation

In Windows Server 2012 R2 UI, the following steps need to be completed:

1.	Open the Hyper-V management console. In the Server Manager, select Hyper-V, right click on the computer name and select Hyper-V Manager.
2.	On the right side on the management console, select New then Virtual Machine
3.	On the New Virtual Machine Wizard, click Next
4.	Type a name for the Virtual Machine you created: CONTOSO-VSD
5.	Create a Generation 1 virtual machine:
6.	Specify 8192MB of RAM, verify that the checkbox “Use dynamic memory” is NOT enabled.
7.	Connect the virtual machine to the Management network Interface or any suitable virtual switch for your environment.
8.	Create the virtual hard disk file on the desired path:
9.	Specify “Install an operating system from a bootable CD/DVD-ROM” and select the location of your CentOS 6.7 installation media
10.	Review the parameters and click Finish: Do not start the VM, we need to modify additional settings.
11.	Once the VM has been created, right click on it and select Settings
12.	In the processor section, add cores to have at least 4 virtual CPU
13.	Go to the Integration Services section of the Virtual Machine and Uncheck the “Time Synchronization” item as we will use the NTP service to have consistent time-stamps with the whole Nuage Architecture In the Automatic Stop Action, select “Shutdown the guest operating system”.
14.	Click OK to confirm the VM settings.

VM Creation: PowerShell

If you prefer to use PowerShell, you can do the previous steps in just a couple of lines where I define the following variables:

vmpath and vhdpath as the paths for the VM and the virtual hard disk file to be created.
vmname as the name of the VM.
vmswitchname as the name of the hyper-v virtual switch where this VM will be attached.
Linuxisopath with the path to the CentOS 6.7 minimal install ISO.

$vmpath=”C:\VM\CONTOSOVSD”
$vhdpath=”C:\VM\CONTOSOVSD\contoso2.vhdx”
$vmname=”CONTOSO-VSD2″
$vswitchname=”Management”
$linuxisopath=”E:\iso\CentOS-6.7-x86_64-minimal.iso”

New-VM -NewVHDPath $vhdpath -NewVHDSizeBytes 127GB -Generation 1 -MemoryStartupBytes 8GB -Name $vmname -Path $vmpath -SwitchName $vswitchname
Set-VM -Name $vmname -ProcessorCount 4 -AutomaticStopAction ShutDown
Get-VMIntegrationService -VMName $vmname -Name “Time Synchronization” | Disable-VMIntegrationService
Set-VMDvdDrive -VMName $vmname -Path $linuxisopath
Start-VM -Name $vmname

This is quick so in many times, I prefer PowerShell!

That was easy! This is it for this first part of this post, in the second part, we will proceed to Linux CentOS 6.7 setup with the prerequisites for VSD and proceed to VSD server setup!

For more information in the meantime:

Arnaud

Hyper-V Network Virtualization – montage pas à pas d’une plateforme – partie 10 – Windows Server Gateway

Posted on August 13, 2013 by Arnaud

Dans une série d’articles, Stanislas décrit comment mettre en place la virtualisation de réseau avec Hyper-V (HNV). C’est une technique fondamentale qui permet de faire cohabiter sur un réseau IP de Datacenter de multiples réseaux IP (de clients d’un cloud par exemple).

Pour cela, nous utilisons dans Windows Server 2012 (R2) et System Center Virtual Machine Manager 2012 SP1/R2 l’encapsulation NVGRE (voir mon article précédent)

Puisque la vocation principale de HNV est de virtualiser et d’isoler les réseaux, lorsque nos machines isolées doivent communiquer avec l’extérieur, il faudra donc utiliser une passerelle qui permettra décapsuler/encapsuler pour envoyer ces paquets à :

Destination d’un réseau physique de Datacenter
Destination d’un autre protocole de virtualisation (VXLAN, ou autre)
Destination d’un réseau distant (VPN site-à-site, etc. )

Le but de cet article est de mettre en œuvre, étape par étape le composant Windows Server Gateway de Windows Server 2012 R2, avec l’aide de Virtual Machine Manager 2012 R2. Dans un prochain article, on décrira la mise en œuvre dans un VM Network et son utilisation.

Prérequis

Pour mettre en œuvre ces fonctionnalités du point de vue de nos machines virtuelles, il nous faut System Center Virtual Machine Manager 2012 R2.

Pour utiliser le rôle de passerelle “Windows Server Gateway” de Windows Server 2012 R2, ils nous faut deux choses :

un hyperviseur Windows Server 2012 R2 Hyper-V :

Cet Hyperviseur ne doit pas héberger de machines virtuelles utilisant la virtualisation de réseau (mais il peut héberger des VM classiques)

une machine virtuelle Windows Server 2012 R2 avec le rôle d’accès distant activé. C’est celle qui fera réellement toutes les opérations réseau et fera le rôle de passerelle de manière active.

Voici la plateforme que j’utilise :

Cette machine virtuelle/passerelle HNV nécessite 3 interfaces réseaux virtuelles :

une carte réseau dans le réseau virtualisé HNV (la carte qui est sur le réseau provider/Datacenter, dans l’espace d’adressage PA),
une carte réseau sur le réseau extérieur (le réseau physique classique du Datacenter)
optionnellement (vraiment?) une carte réseau d’administration

1. Paramétrage de l’hyperviseur pour les opérations de passerelle

La première étape se déroule dans System Center 2012 R2 VMM et consiste à configurer l’hyperviseur pour activer le rôle de passerelle, on va donc pour cela dans les propriétés de l’hyperviseur dans la partie Fabric pour activer l’option This host is a dedicated network virtualisation Gateway… :

Une fois cela validé, on va ajouter le couple hyperviseur/machine virtuelle dans notre configuration.

2. Configuration des cartes réseau de la VM

Démarrons la machine virtuelle de la passerelle et vérifions l’état des connexions réseau, on doit avoir :

une carte sur le réseau physique extérieur (elle obtiendra son adresse IP par le DHCP du réseau physique ou par configuration manuelle).
une carte d’administration dans l’espace d’adressage du Datacenter (la machine doit pouvoir contacter des contrôleurs de domaine de l’organisation). Dans mon cas, le réseau d’administration et le réseau extérieur sont les mêmes, je n’ai que deux cartes.
une carte sur le réseau NVGRE (on devra configurer l’adresse IP manuellement dans la VM, on la laisse dans l’état déconnecté au moment du setup pour la repérer.)

La configuration de la carte NVGRE doit se faire via SCVMM, la difficulté est qu’il faut la connecter à un réseau logique sans la connecter à un VM Network, alors que cette option n’est pas présentée dans l’interface graphique !

Il faut alors :

Dans les propriétés de la carte réseau non connectée, on sélectionne l’option VM Network et on clique sur Clear Selection comme suit :

On vérifie alors que la carte est connectée sur le réseau NVGRE, appelé dans notre cas LogicalSwitch-CloudProvider.

On valide et continue la configuration.

3. Déploiement de la passerelle dans VMM 2012 R2

Allons maintenant déclarer la passerelle comme ressource de la fabrique. Nous allons donc pour cela dans la console Fabric :

Nous spécifions ensuite le type de service réseau que nous ajoutons :

Il s’agit ici de la passerelle implémentée dans Windows Server 2012 R2.

Nous devons ensuite spécifier un compte d’action qui a des droits administratifs :

sur l’hyperviseur physique
sur la machine virtuelle qui sert de passerelle

Nous spécifions ensuite la chaine de connexion à la plateforme. Cette chaine se compose comme suit : VMHost=serveurPhysiqueHyperV;RRASServer=VMquiTourneLeServiceRRASS

A l’étape étape test, on va se connecter à la machine physique et la machine virtuelle pour vérifier les différentes capacités de virtualisation.

On spécifie ensuite pour quels groupes d’hyperviseurs est disponible la passerelle.

Validons la création.

Une fois l’ajout validé, on obtient alors l’écran de résumé de la passerelle. On peut alors constater qu’une passerelle HNV peut supporter dans cette version :

50 routing domains (VM Networks)
500 sous-réseaux virtuels (sous réseaux dans les VM networks)
200 connections VPN site à site

Normalement, en situation de production, on devrait avoir saturé le lien avant d’avoir atteint ces chiffres.

Lorsque la passerelle est ajoutée, il nous faut ensuite la configurer pour l’environnement.

4. Paramétrage de la passerelle

L’étape de paramétrage est assez simple et va permettre de déterminer à quels usages sont destinées différentes cartes réseaux de la VM et du serveur physique.

Nous devons à cette étape déterminer les interfaces réseau et leurs bindings :

front-end : interface connectée au réseau traditionnel (ici, ma carte réseau appelée “Dehors”). J’ai crée un réseau logique pour le réseau extérieur (InternetLogical), pour configurer dans VMM l’existence mon réseau physique Internet, j’y ai également ajouté un IP Pool, dans la plage 192.168.0.0/24, pour plus de détails sur le réseau logique et sa création, voir l’article de Stanislas)

back-end : interface connectée au réseau virtualisé HNV (réseau PA) (ici ma carte réseau appelée NVGRE, sur le site Paris du réseau logicque NetCloudPRovider)

A cette étape, il se passe en fait plusieurs choses, le paramétrage des cartes réseaux virtuelles pour le service RAS, et le paramétrage du mode multi-locataire sur la carte virtuelle. On peut vérifier cela avec la commande PowerShell :

Get-VMNetworkAdapterIsolation

Dans cet article, nous configurons la plateforme de base, dans un article suivant, nous configurerons les VM networks pour tirer partie de la passerelle ! Stay tuned !

Pour revenir aux premiers articles qui décrivent l’installation de la plateforme pas à pas :

partie 1 (introduction et principe à HNV) : http://blogs.technet.com/b/stanislas/archive/2013/07/19/hyper-v-network-virtualization-montage-pas-224-pas-d-une-plateforme-partie-1-introduction.aspx

partie 2 (description de la plateforme technique minimale) : http://blogs.technet.com/b/stanislas/archive/2013/07/22/hyper-v-network-virtualization-montage-pas-224-pas-d-une-plateforme-partie-2-description-de-la-plateforme.aspx

partie 3 (création du réseau logique) : http://blogs.technet.com/b/stanislas/archive/2013/07/31/hyper-v-network-virtualization-montage-pas-224-pas-d-une-plateforme-partie-3-logical-network.aspx

partie 4 (création des IP Pool pour Logical Network) : http://blogs.technet.com/b/stanislas/archive/2013/08/01/hyper-v-network-virtualization-montage-pas-224-pas-d-une-plateforme-partie-4-ip-pool-pour-logical-network.aspx

partie 5 (création du switch logique) : http://blogs.technet.com/b/stanislas/archive/2013/08/02/hyper-v-network-virtualization-montage-pas-224-pas-d-une-plateforme-partie-5-logical-switch.aspx

partie 6 (affectation du switch logique aux hyperviseurs de la plateforme) : http://blogs.technet.com/b/stanislas/archive/2013/08/05/hyper-v-network-virtualization-montage-pas-224-pas-d-une-plateforme-partie-6-affection-du-logical-switch-aux-hyperviseurs.aspx

partie 7 (création d’un VM Network) : http://blogs.technet.com/b/stanislas/archive/2013/08/06/hyper-v-network-virtualization-montage-pas-224-pas-d-une-plateforme-partie-7-cr-233-ation-des-vm-networks.aspx

partie 8 (création des IP Pool pour Virtual Subnet) : http://blogs.technet.com/b/stanislas/archive/2013/08/07/hyper-v-network-virtualization-montage-pas-224-pas-d-une-plateforme-partie-8-cr-233-ation-des-ip-pool-ca.aspx

partie 9 – connexion de VM à des VM Networks : http://blogs.technet.com/b/stanislas/archive/2013/08/08/hyper-v-network-virtualization-montage-pas-224-pas-d-une-plateforme-partie-9-connexion-de-vm-224-des-vm-networks.aspx

Encapsulation NVGRE : http://blogs.technet.com/b/arnaud/archive/2013/08/01/hyper-v-network-virtualization-encapsulation-nvgre.aspx

Références :

http://technet.microsoft.com/en-us/library/dn313101.aspx – Windows Server Gateway

http://technet.microsoft.com/library/dn249417.aspx – How to Use a Server Running Windows Server 2012 R2 as a Gateway with VMM

http://technet.microsoft.com/en-us/library/jj721575.aspx – Configuring VM Networks and Gateways in VMM

Pour tester Windows Server 2012 R2 et Hyper-V, vous pouvez télécharger gratuitement la version d’évaluation disponible sous la forme :
– d'une image ISO : https://aka.ms/jeveuxwindows2012r2
– d'un fichier VHD avec un système préinstallé : https://aka.ms/jeveuxwindows2012r2

Et si vous souhaitez découvrir en 4 heures nos technologies telles que Windows Server 2012 R2, Windows 8.1 en entreprise, le Cloud Privé ou Hybride, vous pouvez vous inscrire gratuitement à un de nos IT Camps : https://aka.ms/itCampFr. La liste des IT Camps de septembre 2013 à juin 2014 sera bientôt en ligne. Attention, il n’y aura qu’une date par sujet et par semestre par ville et le nombre de place est limité.

Arnaud – les bons tuyaux

Hyper-V Network Virtualization – Encapsulation NVGRE

Posted on August 1, 2013 by Arnaud

Dans une série d’articles, Stanislas décrit comment mettre en place la virtualisation de réseau avec Hyper-V (HNV). C’est une technique fondamentale qui permet de faire cohabiter de manière isolée plusieurs réseaux IP (de clients d’un cloud par exemple) à l’intérieur d’un réseau IP de Datacenter.

Lors de la mise sur le câble des paquets échangés entre machines Hyper-V, nous utilisons dans Windows Server 2012 (R2) et System Center Virtual Machine Manager 2012 SP1/R2 l’encapsulation NVGRE telle que définie dans : http://tools.ietf.org/html/draft-sridharan-virtualization-nvgre-02

Cette encapsulation du trafic d’un client d’un cloud se fait sur le réseau provider (espace d’adressage PA). Alors que l’espace d’adressage PA est unique, plusieurs espaces d’adressages de clients (CA) vont cohabiter sur le PA et seront discriminés grâce à leur identifiant “GRE Key” qui contient les différents réseaux (VSID).

Regardons de plus près à quoi ressemble l’encapsulation réseau avec nos outils préférés: Netmon Monitor et Message Analyzer.

Pour notre exemple nous prendrons, la machine sur le réseau “blue” avec pour adresse IP 10.1.0.2 qui va envoyer un ping vers 10.2.0.2. Les masques de sous réseaux sont /16 donc, les machines sont dans le même réseau virtuel (VM Network), mais dans un “VM Subnet” différent.

Network Monitor

Lorsque nous activons la virtualisation de réseau Hyper-V, la carte réseau qui y est attachée se voit retirer tous les attachements de protocoles pour n’avoir uniquement :

Windows Network Virtualization Filter Driver (uniquement en Windows Server 2012, supprimé en R2 car intégré dans le switch virtuel Hyper-V)
Hyper-V Extensible Virtual Switch

Si l’on veut effectuer une trace réseau, il faut alors cocher la case “Microsoft Network Monitor 3 Driver”; le filter driver de Netmon qui permet de capturer des paquets.

Cochons cette case et lançons la trace réseau sur l’interface qui a été activé pour la virtualisation de réseau:

Démarrons alors la trace et regardons de plus près à l’encapsulation:

Dans notre exemple, nous voyons sur la trace un paquet envoyé depuis 172.16.0.2 vers 172.16.0.3 avec pour protocole GRE. Nous sommes sur le réseau du provider, c’est donc bien ce qu’on s’attend à voir :

Regardons maintenant au paquet en hexa:

Pour nos amis les plus avertis, cela ressemble à une payload de ping (abcd…. à la fin du paquet.) Essayons d’y voir un peu plus clair. D’après ce que l’on sait de l’encapsulation NVGRE, on doit y trouver quelque part l'identifiant de sous réseau virtuel (VSID).

Si l’on veut retrouver les VSID de nos machines virtuelles, on peut faire de la sorte en Powershell:

Get-NetVirtualizationLookupRecord

Nous avons donc 4020644 (decimal) que nous devons convertir en hexadécimal. un petit coup de calc.exe nous permet de trouver 3D59A4. Cherchons cette séquence dans le paquet…

Si l’on continue l’exploration du paquet, on voit même l’adresse IP de destination 10.2.0.2:

Voila comment se passe l’encapsulation NVGRE, c’est intéressant si l’on aime faire le parseur humain, sinon Message Analyzer sait interpréter automatiquement ces messages, regardons donc la même trace avec ce dernier outil !

Message Analyzer

Message Analyzer est le remplaçant de Network Monitor qui permet d'Analyzer bien plus que des traces réseau, il est disponible sur connect (http://connect.microsoft.com/site216) en Beta pour le moment. Ouvrons la trace précédente et observons le résultat :

On a ici une meilleure vue sur l’encapsulation de protocoles, on retrouve le VSID dans le champ Key, et on a désormais le paquet complètement parsé. Beaucoup plus facilement utilisable pour dépannage !

Notons au passage que pour l’exemple de la démonstration, nous utilisons des machines sur des sous réseaux virtuels (VSID) différents :

L’hyperviseur qui envoi le paquet va remplir le GRE Key avec le VSID du destinataire, aussi lorsque la machine 10.2.0.2 va répondre au ping que l’on vient d’émettre, alors l’hyperviseur qui herberge la VM utilisera le VSID 8793502 enfin je veux dire 86 2D 9E !

Si vous en voulez plus, vous pourrez trouver sur Microsoft Virtual Academy, un ensemble de contenus dédiés à Windows Server 2012 et le réseau : http://www.microsoftvirtualacademy.com/training-courses/services-reseaux-de-windows-server-2012

Et si vous souhaitez découvrir en 4 heures nos technologies telles que Windows Server 2012 R2, Windows 8.1 en entreprise, le Cloud Privé ou Hybride par Microsoft, vous pouvez vous inscrire gratuitement à un de nos IT Camp : https://aka.ms/itCampFr.

Références :

http://blogs.technet.com/b/stanislas/archive/2013/07/19/hyper-v-network-virtualization-montage-pas-224-pas-d-une-plateforme-partie-1-introduction.aspx – Premier article de la série de Stanislas

http://tools.ietf.org/html/draft-sridharan-virtualization-nvgre-02 – NVGRE @ IETF

http://technet.microsoft.com/fr-fr/library/jj134174.aspx – Détails techniques sur la virtualisation de réseau

http://www.microsoft.com/en-us/download/details.aspx?id=39284 – Test Lab Guide: Windows Server 2012 R2 Hyper-V Network Virtualization with System Center 2012 R2 VMM

Arnaud – les bons tuyaux

Install Windows Servers in host and compute environments

Install, upgrade, and migrate servers and workloads

Install and configure Nano Server

Create, manage, and maintain images for deployment

Implement storage solutions

Implement Server Storage

Implement Data Deduplication

Implement Hyper-V

Install and configure Hyper-V

Configure virtual machine (VM) settings

Configure Hyper-V storage

Configure Hyper-V networking

Implement Windows containers

Deploy Windows containers

Manage Windows containers

Implement high availability

Implement high availability and disaster recovery options in Hyper-V

Implement failover clustering

Implement Storage Spaces Direct

Manage failover clustering

Manage VM movement in clustered nodes

Implement Domain Name System (DNS)

Install and configure DNS servers

Implement IP Address Management (IPAM)

Install and configure IPAM

Manage DNS and DHCP using IPAM

Implement network connectivity and remote access solutions

Implement virtual private network (VPN) and DirectAccess solutions

Implement an advanced network infrastructure

Implement high performance network solutions

Determine scenarios and requirements for implementing software-defined networking (SDN)

Install and configure Active Directory Domain Services (AD DS)

Install and configure domain controllers

Implement identity federation and access solutions

Install and configure Active Directory Federation Services (AD FS)

Implement Web Application Proxy (WAP)

Share this:

Proceed to CentOS 6.7 Installation

Linux Integration Services Update

Deploying the VSD Components on the VM

Verify that VSD is operational

Share this:

VSD Supported Configurations

Objectives of this setup

Prerequisites for this setup

VSD VM Recommendations for Hyper-V

VM Creation

VM Creation: PowerShell

Share this:

Prérequis

1. Paramétrage de l’hyperviseur pour les opérations de passerelle

2. Configuration des cartes réseau de la VM

3. Déploiement de la passerelle dans VMM 2012 R2

4. Paramétrage de la passerelle

Share this:

Network Monitor

Message Analyzer

Share this: