Configuring a Private Cloud Environment

Editor's Notes

• #1: Presentation: 60 minutes Demonstration: 10 minutes Lab: 40 minutes Required materials To teach this module, you must have the Microsoft® PowerPoint® file 20246D_02.pptx. Important: The use of PowerPoint 2013, PowerPoint 2010, or PowerPoint 2007 is recommended to display the slides for this course. If you use PowerPoint Viewer or a version of PowerPoint older than PowerPoint 2007, some features of the slides might not be displayed correctly. Preparation tasks To prepare for this module: Read all the materials for this module. Practice performing the demonstrations. Practice performing the labs. Work through the “Module Review and Takeaways” section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on-the-job performance. As you prepare for this class, make sure that you complete the labs yourself so that you understand how they work and the concepts that are covered in each. This will help you provide meaningful hints to students who might have problems in a lab. It will also help guide your lecture to make sure that you cover the concepts that the labs cover.
• #2: After completing this module you will be able to: Describe the, key features, architecture, and security features of Virtual Machine Manager, including the role that it plays in a cloud environment. Manage a cloud infrastructure using Virtual Machine Manager. Configure private cloud resources and security.
• #3: After completing this lesson, you will be able to describe: Virtual Machine Manager. Virtual Machine Managers key features. How to secure access to Virtual Machine Manager.
• #4: Discuss the VMM components shown on the slide: Console: The program enables connection to a VMM management server to centrally view and manage physical and virtual resources, such as virtual machine hosts, virtual machines, services, and library resources. Windows PowerShell: The Windows PowerShell-based command shell makes available the cmdlets that perform all functions in VMM. Virtual Machine Manager Management Server: The computer on which the Virtual Machine Manager service runs and which processes commands and controls communications with the VMM database, the library server, and virtual machine hosts. SQL Server: A Microsoft SQL Server database that stores VMM configuration information. Operations Manager Management Server: The connection point between VMM and Operations Manager. SCVMM Connector: The connection between VMM and Operations Manager that allows Operations Manager to perform PRO actions such as migrating a virtual machine. Windows Deployment Services: Used to deploy network-based installations of Windows Operating Systems. Windows Software Update Services Server (WSUS): Used to manage software updates on Windows Operating Systems. Service Provider Framework: The HTP Web API service which permits both AppController and Windows Azure Pack communicate with the Virtual Machine Manager Management Server, by using the Windows PowerShell cmdlets. AppController: Silverlight based Web Portal for end users to manage their respective cloud resources. AppController can connect either directly to VMM Management Services or connect via the Service Provider Framework (useful in hosted scenarios).
• #5: Discuss the key features of System Center 2012 R2 Virtual Machine Manager (VMM), focusing on new features and how students can use VMM to manage and maintain private clouds. When covering the features listed in the bulleted list on the slide, pay special attention to Intelligent Placement and Microsoft Server Application Virtualization (Server App-V) Support. Also ensure you highlight the support for Software defined networks, VMMs extensibility to support third party networking services and enhancements. Server App-V builds on App-V by providing virtualization for Server applications. You can record an installation of a server application and save the contents as a package that you can copy to a virtual machine when it is being deployed as part of a service. This allows the package to run in its own environment and not conflict with any other applications or the operating system. This is a key feature of VMM. Intelligent placement is another key feature in VMM that allows for the automatic placement of virtual machines based on a number of configurable options such as memory or CPU. Based on these settings, VMM can automatically decide which virtualization host should be used when it deploys virtual machines. Native support for Microsoft Network virtualization technology, NVGRE including a complete re-structure of the networking features in VMM abstracting the logical network implementation on the fabric, from the virtual network presented to our clouds.
• #6: Discuss some of the new features and enhancements included in System Center 2012 R2 Virtual Machine Manager as noted on the slide. Ask students which features and enhancements they would most likely use and why.
• #7: The key point is that the security in VMM is flexible. In the lab, students will create Run As accounts and User roles and apply them to private clouds, delegated administration scopes, and assign tenancies to their created cloud. Talk about the various uses of Run As accounts and try to get students to name some uses, such as connecting to Operations Manager or a Provider, joining VMs to domains, etc. Talk about the various uses of each user role and how important they are when creating private clouds because the functionality has to be restricted to the users of the specific cloud. Discuss the hierarchy of the roles, and their respective scoping, to help the students understand when each role is appropriate. The most common role to be created will be the Application Administrator (Self-Service User), explain why this is. Question Describe the difference between an Administrator and a Delegated Administrator. Answer Members of Delegated Administrator User roles can perform all administrative tasks within their assigned host groups, clouds, and library servers, except adding XenServer and WSUS servers. Delegated Administrators are scoped based on Host Groups. Members of the Administrator User Role can perform all tasks in VMM. Question Describe the purpose of the Tenant Administrator, and the main features of this role which make it useful. Answer Tenant Administrators provide management of self-service users and relevant VM networks. They can create and deploy services and virtual machines. Tenant Admin Permissions determine the actions which can be delegated to application administrators (end users) for example, restricting the users of a cloud pool from creating snapshots (checkpoints).
• #8: After completing this lesson, you will be able to: Describe Fabric resources in VMM. Describe virtual machine properties in VMM. Describe jobs in VMM. Configure VMM settings.
• #9: Discuss the various fabric resources that are used within VMM as noted on the slide and in the student guide, Ask students which storage providers they use in their environment to determine how they can be used within VMM. Question Name the types of storage arrays that are supported by VMM. Answer Storage devices which are SMI-S enabled and certified as supported in VMM; this includes the Microsoft Windows 2012 R2 iSCSI Server, Windows Storage Spaces, and Windows Server 2012 SMB3 shares, including Scale-Out File Servers.
• #10: VMM Networking services are both complex and powerful, it is essential that the students understand the elements of networking in VMM. First focus the student on the structure of networking services in VMM, how they depend and interact, and why each element is necessary. Once the student understands the hierarchy, the can begin to appreciate the abstraction benefits of VM Networks and Logical Networks. Once the Students appreciate the abstraction of the Logical network which is managing the physical data flow (data plane), and the VM Network managing the flow from the Virtual machine, they can only then visualize the relationship between these two layers, and understand how SDN is managed. The abstraction scenario when using VLAN Isolation is essentially mapping a 1:1 relationship between the VM Network and the underpinning Logical Networks Network Site. One could consider as a pass though. In a similar essence SDN establishes a MANY:1 relationship between the VM Network and its underpinning Logical Networks Network Site. The key difference been the IP Pool associated with the Logical Network, Network Site is the address to transit the encapsulated data on the physical network (data plane); while the IP ranges defined on the associated VM Network, defines the addresses which will be associated with the VMs, and ultimately the payload which is encapsulated on the logical network. Finally, time should be spent discussing the benefits of this approach with the students, considering scenarios where they may benefit from using SDN, while also considering some of the current drawbacks – for example acceleration. SDN traffic will need to be decapsulated to communicate with devices and services still hosted on the physical network Introduce the concept of the VM Network Gateway which is positioned to deliver this process.
• #11: Question What are the main components of a Network fabric in VMM? Answer Logical Networks, Logical Network Site definitions, IP Pools, Port Profiles, Logical Switches, and finally VM Networks. Question To enable SDN for an existing cloud tenant, which of the components on the network fabric would you focus on? Answer The VM Network. Assuming you have created a Logical network to support SDN, and enabled the feature in your logical Switch, your primary focus will be on the VM Network. As you create a new VM network, which is hosted on a SDN Enabled Logical network, you have the ability to define the configuration for your new SDN, and then present this VM to your tenant, to connect their respective VMs.
• #12: While focusing on the main features of VMs and the scalability levels capable with Hyper-V 2012 R2, you should discuss with the students the introduction of Generation 2 Virtual Machines. The main features to emphasize to the students on Generation 2 virtual machines should include: Replacement of BIOS with UEFI. Secure Boot, which is enabled by default. Boot from a SCSI virtual hard disk or DVD. PXE Booting with the Standard network adaptor. IDE drives and legacy network adapters, floppy disks, support has been removed. Question What does VMM use the CPU Priority and Memory Weight options for when you create a virtual machine? Answer When memory or CPU use of the host is high, VMM automatically assigns CPU resources and memory to virtual machines with a higher priority before virtual machines with a lower priority.
• #13: Discuss how the Job views help the administrator see the VMM environment and see specific actions that are recorded. Discuss the three available job views: Jobs view. Jobs window – discuss how the Job window can be used to view the most recent action that was performed on an object. Recent Job. Also mention the VMM log files that are stored on the VMM Management Server, in this folder: C:\ProgramData\VMMLogs. Question What are the three places in VMM where you can view jobs? Answer The three places in VMM that jobs can be viewed are: Jobs view, Jobs window, and Recent Jobs.
• #14: Generally, the default values for most of these settings are sufficient, but it is good to know what can be configured and how to configure it. Discuss the General settings, mentioning the Library refresh interval and Network Settings, and why they might need to be modified based on requirements. Explain how students can use servicing windows to schedule maintenance windows with VMM and how this can be incorporated with the Operations Manager Maintenance mode feature. Also discuss the Configuration Providers and how they are used to provide functionality with third-party hardware manufacturers such as Load Balancers. The Microsoft System Center 2012 R2 settings have already been covered in Module 1, but mention it as a refresher. Question What does the Automatic creation of logical networks setting do? Answer The Automatic creation of logical networks setting enables the automatic creation of a logical network based on the logical network matching selection. This only occurs if the physical network adapter on the host does not have a logical network associated with it. Normally in a production environment it is recommended to disable this setting. Question What does the Automatic creation of virtual networks setting do? Answer The Automatic creation of virtual networks setting enables the creation of an external virtual network when a job connects a Virtual Machine to a logical network that is associated with a physical network adapter. This only occurs if the host has a physical network adapter with an associated logical network but no virtual networks attached.
• #15: If this demonstration is performed on the instructor machine then the “Configure the Contoso logical network” task should be omitted when running the lab. Preparation Steps On LON-HOST1 Start the following virtual machines: 20246D-LON-DC1 20246D-LON-SQ1 On LON-HOST2 start the following virtual machines: 20246D-LON-VM1 Sign in to 20246D-LON-VM1 using Contoso\Administrator and Pa$$w0rd. Demonstration Steps On LON-VM1, open the Virtual Machine Manager Console. Click the Fabric pane, expand Networking, and then click Logical Networks. From the results pane, right-click External Network, and then click Properties. 4. Enable the check box Allow new VM Networks created on this logical network to use Network Virtualization 5. Click OK to close the properties. 6. Right-click External Network, and then click Create IP Pool
• #16: 7. In the Name box, type Provider Addresses, and then click Next. 8. On the Network Site page, in the Network site box, type Provider Addresses. 9. In the IP Subnet box, type 10.10.0.0/16. 10. Under Host groups that can use this network site, select the Contoso host group, and then click Next. On the IP address range page, in the Starting IP address box, type 10.10.0.150. In the Ending IP address box, type 10.10.0.160, and then click Next. On the Gateway page, click Insert, and in the Gateway Address box, type 10.10.0.1, and then click Next. On the DNS page, click the top Insert button and type 10.10.0.10 in the DNS Server Address box. In the Connection specific DNS suffix box type Contoso.com and then click Next. On the WINS page, click Next. On the Summary page, click Finish. When the Create static IP address pool job has completed, close the Jobs window.
• #17: After completing this lesson, you will be able to describe: A Microsoft private cloud. The process of configuring cloud resources. The process of configuring cloud capacity. The process of configuring cloud capabilities.
• #18: Discuss what constitutes a private cloud. Ask students to think about factors to consider when providing a service to the private cloud. Talk about tiered applications and how they are applied in VMM terminology, for example, service templates. Module 3 covers Service Templates in much more detail, but it is relevant to mention them here. Ask students to talk about their own internal applications and departments and how they could be offered as a service in the private cloud. Talk about the various functions that are involved in creating a Private Cloud in VMM.
• #19: This builds on the previous slide by talking about the various cloud and tenant resources that are assigned to the private cloud tenant. As part of the lab, you will create a cloud that includes these resources, and then share these resources to the private cloud tenant. Review the private cloud tenant discussion and how the tenant resources help segregate the resources for each cloud, for example, a Logical Network for each cloud, then the tenant would be provided a VM Network based on the scoped clouds logical network; and how VIP Profiles are used in conjunction with Load Balancers.
• #20: This topic focuses on the capacity options that are available to assign Quota restrictions on the tenant against the hosting cloud, including: Virtual CPUs. Memory (GB). Storage (GB). Custom quota (points). Virtual machines. Discuss the various limits that can be applied and how they can be relevant to the service that is being delivered. For preventing the tenant from taking a checkpoint on a cloud which might be hosted on slow SATA Disks, while permitting this action on clouds which are hosted on higher speed storage, etc.
• #21: The default Capability profile covers the basic settings for Hyper-V, VMware ESX, and Citrix XenServer. Discuss why in some cases you would want to create a custom compatibility profile. For example, a specific business unit might require the ability to have an increased hard disk-size range due to the business storing a large quantity of multimedia content. It could be that you create a compatibility profile for each private cloud, allowing you to have more control over the available resources.
• #22: This topic focuses on the capacity options that are available to assign Quota restrictions on the tenant against the hosting cloud, including: Virtual CPUs. Memory (GB). Storage (GB). Custom quota (points). Virtual machines. While also considering the permissions granted to the tenant for actions which may be permitted on VMs and Services hosted on clouds within their tenancy. Discuss the various limits that can be applied and how they can be relevant to the service that is being delivered. Consider the scenario of preventing the tenant from taking a checkpoint on a cloud which might be hosted on slow SATA Disks, while permitting this action on clouds which are hosted on higher speed storage, etc.
• #23: Before students begin the lab, read the scenario that is associated with each exercise to the class. This will reinforce the broad issue that the students are verifying and will help to facilitate the lab discussion at the end of the module. Remind students to complete the discussion questions after the last lab exercise. Exercise 1: Configuring Network Resources The application needs to be connected to the Contoso Logical network to communicate with the domain and relevant network resources. As you are going to deploy to three different environments, we will use SDN isolation to separate each tenancy to a dedicated Virtual Network. To supply this, you need to create the network infrastructure in VMM first. Instructor Note: In this exercise students create an IP address pool for the NVGRE Provider Address range on the External logical network. Exercise 2: Creating a Cloud You have defined the logical network to host the VM Networks which we will be assigning to the tenancy for each release of the StockTrader application. Now, you need to create a cloud and associate it to the logical network. Instructor Note: In this exercise students create a cloud in VMM and associated it to the relevant networking components.
• #24: Exercise 3: Create a VM Network using Software Defined Networks Isolation In this exercise you will create two VM Networks for the StockTrader Application, each of these will be using SDN to isolate each other, yet implemented using the same IP range; which will demonstrate the ability for multiple networks to overlap the same IP range with no side effects. Instructor Note: In this exercise students create two VM Networks for the StockTrader Application, each of these will be using SDN to isolate each other, yet implemented using the same IP range; which will demonstrate the ability for multiple networks to overlap the same IP range with no side effects. Exercise 4: Creating the Contoso Cloud Tenant for StockTrader Production You have created the cloud for the StockTrader application, and additionally you have created the VM Networks using SDN to host the application. We have not yet configured access to it. In this exercise, you will create a new Tenant to configure who can manage the service which we will deploy to the hosting cloud by configuring Self-Service user access. Instructor Note: In this exercise students use Virtual Machine Manager to create Run As accounts and User roles, and be able to configure a new Tenancy on the hosting cloud, restricting the access, and connecting the SDN VM Network.
• #26: Question When you create a Software Update Baseline in VMM, what servers can be updated with the baseline? Answer An update baseline can be used to apply updates to: Host groups Stand-alone hosts Host cluster VMM management server VMM infrastructure server Question After you have applied updates, does VMM automatically restart the servers? Answer You can configure to automatically restart the servers or you can ensure a manual restart of the servers by selecting the Do not restart the servers after remediation check box during remediation.
• #27: Review Question(s) Question Name the components of the VMM architecture. Answer The components of the VMM architecture include the following: VMM Management Server. VMM Database. VMM Console. VMM Library. VMM Command Shell. VMM Self-Service Portal.
• #28: Question List five key features of VMM. Answer Five key features of VMM are: Support for Hyper-V, VMware ESX and Citrix XenServer virtual machine hosts. PRO. Live migration. Centralized Resource Management. Delegated administration. Question What destinations are available when you deploy a virtual machine? Answer Destinations available when deploying a virtual machine are: A Private Cloud. A host. The Library.
• #29: Question Explain the function of Run As accounts in VMM and provide an example of when they might be used. Answer A Run As account is a container for a set of stored credentials that can be used for processes in VMM where a user would enter a username and password, for example, when a user is configuring the connection between VMM and Operations Manager. Question List the different user roles that are available in VMM and their functions. Answer The user roles available in VMM and their functions are: Administrator. Members of the Administrator user role can perform all administrative actions on all objects managed by VMM. Delegated Administrator. Members of the Delegated Administrator user role can perform all administrative tasks within their assigned host groups, clouds, and library servers, except for adding XenServer and adding WSUS servers. Read-Only Administrator. Read-Only Administrators can view status, job status, and properties of objects within their assigned host groups, clouds, and library servers. The user role also specifies the Run As accounts that the Read-Only Administrator can view. Tenant Administrators. Provide management of self-service users and relevant VM networks. They can create and deploy services and virtual machines. You configure which virtual machines and services should be made available to members of the Tenant Administrator user role. Self-Service User. Members of the Self-Service User roles create, deploy, and manage their own virtual machines and services by using the VMM console or a Web portal.