Upload
marco-ugaz-olivari
View
268
Download
0
Embed Size (px)
Citation preview
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 1/58
Hyper-V Planning and Deployment Guide
Microsoft CorporationPublished: March 2009
AbstractThis guide describes the considerations you should take into account when planning to deploy
the Hyper-! technology" and pro#ides installation and configuration details that will help you
deploy Hyper-$
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 2/58
Copyright information
%nfor&ation in this docu&ent" including '() and other %nternet *eb site references" is sub+ect to
change without notice$ 'nless otherwise noted" the co&panies" organi,ations" products" do&ain
na&es" e-&ail addresses" logos" people" places" and e#ents depicted in ea&ples herein are
fictitious$ .o association with any real co&pany" organi,ation" product" do&ain na&e" e-&ail
address" logo" person" place" or e#ent is intended or should be inferred$ Co&plying with all
applicable copyright laws is the responsibility of the user$ *ithout li&iting the rights under
copyright" no part of this docu&ent &ay be reproduced" stored in or introduced into a retrie#al
syste&" or trans&itted in any for& or by any &eans /electronic" &echanical" photocopying"
recording" or otherwise" or for any purpose" without the epress written per&ission of Microsoft
Corporation$
Microsoft &ay ha#e patents" patent applications" trade&arks" copyrights" or other intellectual
property rights co#ering sub+ect &atter in this docu&ent$ 1cept as epressly pro#ided in any
written license agree&ent fro& Microsoft" the furnishing of this docu&ent does not gi#e you any
license to these patents" trade&arks" copyrights" or other intellectual property$
2009 Microsoft Corporation$ 3ll rights reser#ed$
3cti#e 4irectory" Hyper-" Microsoft" M5-465" isual 7asic" isual 5tudio" *indows"
*indows .T" *indows 5er#er" and *indows ista are trade&arks of the Microsoft group of
co&panies$
3ll other trade&arks are property of their respecti#e owners$
8202009 republished to fi content bug /restored &issing list of file eceptions fro& pages ;<-;8$
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 3/58
Contents
Hyper- Planning and 4eploy&ent =uide$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ <
3bout this guide$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$<
6#er#iew of Hyper-$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$<
*hat does Hyper- do>$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ <
*ho will be interested in this role>$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$8
*hat are the key features of Hyper->$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 8
7efore ?ou %nstall Hyper-$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 8
Hardware Considerations$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$ 9
Hardware re@uire&ents$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 9
Me&ory$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ;0
Processors$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$ ;0
.etworking$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$ ;0
5torage$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ;;
6ther hardware co&ponents$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ;2
3bout irtual Machines and =uest 6perating 5yste&s$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ;A
(unning &ultiple #irtual &achines$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ;A
5upported guest operating syste&s$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ;A
%ntegration ser#ices$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ;B
3dditional considerations$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ ;
Planning for Hyper- 5ecurity$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$;
Hyper- security best practices$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$;<
3dditional resources$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 20
'sing 3uthori,ation Manager for Hyper- 5ecurity$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$20
Configure Hyper- for (ole-based 3ccess Control$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$2;
Configuring role-based access control$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 22
3dditional resources$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 2A
Planning for 7ackup$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$2B
'nderstanding backup options and considerations$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 2B5torage considerations$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$ 2D
'nderstanding online and offline backups$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$2D
'nderstanding the restore process$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$2
Considerations about clustered #irtual &achines$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 2<
%nstalling Hyper-$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 28
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 4/58
3bout the Hyper- update packages$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$28
Hyper- role package$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$ 28
Hyper- (e&ote &anage&ent tools packages$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$29
Hyper- )anguage Pack for *indows 5er#er 2008$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$A0
3dditional considerations$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ A0
%nstall the Hyper- (ole on a 5er#er Core %nstallation of *indows 5er#er 2008$$$$$$$$$$$$$$$$$$$$$$$$$$A0
3dditional references$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$ A2
%nstall the Hyper- (ole on a Eull %nstallation of *indows 5er#er 2008$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$AA
3dditional considerations$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ AB
%nstall and Configure Hyper- Tools for (e&ote 3d&inistration$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ AB
%nstalling the &anage&ent tools$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ AB
Configuring the &anage&ent tools$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$AD
Configuring the ser#er running Hyper-$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$AD
Configuring *indows ista 5P;$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$A9
Configuring irtual .etworks$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$ B0
irtual network types$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ B;
irtual networking basics$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$B;
.etworking and #irtual &achines$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$BB
Configuring #irtual local area networks /)3.s$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$BB
%&ple&enting 4isks and 5torage$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ BD
4eter&ining your storage options on the &anage&ent operating syste&$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$B
4eter&ining your storage options on #irtual &achines$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$B<
How to create #irtual hard disks$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$B9
How to configure physical disks that are directly attached to a #irtual &achine$$$$$$$$$$$$$$$$$$$$$ $$$D0
3ppendi 3: 1a&ple 3uthori,ation Manager Tasks and 6perations$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$D;
1a&ple tasks and operations$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $D;
3dd eternal network to ser#er$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$D;
3dd internal network to ser#er$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$D2
3dd pri#ate network$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$ D2
3pply a snapshot$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ D2
3ttach internal network adapter to #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$DA
Connect to a #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ DA
Create a #irtual floppy disk or #irtual hard disk$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$DA
Create a #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ DA4elete a pri#ate network$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ DA
4elete a snapshot$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ DB
4elete a #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$DB
1port #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$DB
%&port #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ DB
Modify #irtual &achine settings /reconfigure a #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$DB
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 5/58
Pass CT() F 3)T F 41)1T1 /send control signals to a #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$DB
Pause a #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ DD
(e&o#e eternal network fro& ser#er$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$DD
(e&o#e internal network adapter fro& a #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$DD
(e&o#e internal network fro& ser#er$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ D(e&o#e pri#ate network fro& ser#er$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ D
(ena&e a snapshot$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ D
(ena&e a #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ D
(esu&e a #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$D
5a#e a #irtual &achine and start a #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ D<
5tart a #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$ D<
Turn off a #irtual &achine$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ D<
iew Hyper- ser#er settings$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ D<
iew network &anage&ent$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$D<
iew #irtual &achines$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$D<
3ppendi 7: 3uthori,ation Manager Ter&inology$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$D8
Ter&inology$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ D8
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 6/58
Hyper-V Planning and Deployment Guide
About this guideThe Hyper- Planning and 4eploy&ent =uide is intended to help you understand the
considerations you should take into account when planning to deploy Hyper-!" and to pro#ide
installation and configuration details that will help you deploy Hyper-$
• 6#er#iew of Hyper-
• 7efore ?ou %nstall Hyper-
• %nstalling Hyper-
• Configuring irtual .etworks
• %&ple&enting 4isks and 5torage
• 3ppendi 3: 1a&ple 3uthori,ation Manager Tasks and 6perations
• 3ppendi 7: 3uthori,ation Manager Ter&inology
Overview of Hyper-V
Hyper- enables you to create a #irtuali,ed ser#er co&puting en#iron&ent using a technology
that is part of *indows 5er#erG 2008$ ?ou can use a #irtuali,ed co&puting en#iron&ent to
i&pro#e the efficiency of your co&puting resources by utili,ing &ore of your hardware resources$
This is possible because you use Hyper- to create and &anage #irtual &achines and theirresources$ 1ach #irtual &achine is a #irtuali,ed co&puter syste& that operates in an isolated
eecution en#iron&ent$ This allows you to run &ultiple operating syste&s si&ultaneously on one
physical co&puter$
ote
Hyper- is a hyper#isor-based #irtuali,ation technology that re@uires specific hardware$
Eor &ore infor&ation about the re@uire&ents and other considerations about hardware"
see Hardware Considerations$
!hat does Hyper-V do"Hyper- pro#ides software infrastructure and basic &anage&ent tools in *indows 5er#er 2008
that you can use to create and &anage a #irtuali,ed ser#er co&puting en#iron&ent$ This
#irtuali,ed en#iron&ent can be used to address a #ariety of business goals ai&ed at i&pro#ing
efficiency and reducing costs$ Eor ea&ple" a #irtuali,ed ser#er en#iron&ent can help you:
• (educe the costs of operating and &aintaining physical ser#ers by increasing your hardware
utili,ation$ ?ou can reduce the a&ount of hardware needed to run your ser#er workloads$
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 7/58
• %ncrease de#elop&ent and test efficiency by reducing the a&ount of ti&e it takes to set up
hardware and software and reproduce test en#iron&ents$
• %&pro#e ser#er a#ailability without using as &any physical co&puters as you would need in a
failo#er configuration that uses only physical co&puters$
!ho will be interested in this role"Hyper- can be useful to you if you are:
• 3n %T ad&inistrator" planner" or designer$
• 3n %T architect responsible for co&puter &anage&ent and security throughout your
organi,ation$
• 3n %T operations &anager who is looking for ways to reduce the total cost of ownership of
their ser#er infrastructure" in ter&s of both power costs and &anage&ent costs$
• 3 software de#eloper or tester who is looking for ways to increase producti#ity by reducing
the ti&e it takes to build and configure a ser#er for de#elop&ent or test use$
!hat are the #ey features of Hyper-V"The key features of Hyper- are as follows:
• B-bit nati#e hyper#isor-based #irtuali,ation$
• 3bility to run A2-bit and B-bit #irtual &achines concurrently$
• 'niprocessor and &ultiprocessor #irtual &achines$
• irtual &achine snapshots" which capture the state" data" and hardware configuration of a
running #irtual &achine$ 7ecause snapshots record syste& states" you can re#ert the #irtual
&achine to a pre#ious state$• )arge #irtual &achine &e&ory support$
• irtual local area network /)3. support$
• Microsoft Manage&ent Console /MMC &anage&ent snap-in$
• 4ocu&ented *indows Manage&ent %nstru&entation /*M% interfaces for scripting and
&anage&ent$
Eor &ore infor&ation about the *M% interfaces" see irtuali,ation *M% Pro#ider
/http:go$&icrosoft$co&fwlink>)ink%4;08DB$
$efore %ou &nstall Hyper-VHyper- has specific hardware re@uire&ents and considerations that you should fa&iliari,e
yourself with when planning to deploy this technology$ Topics to re#iew include the following:
• Hardware Considerations
• 3bout irtual Machines and =uest 6perating 5yste&s
8
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 8/58
• Planning for Hyper- 5ecurity
• Planning for 7ackup
Hardware ConsiderationsTo effecti#ely plan for and deploy Hyper-" you should understand the re@uire&ents and
&ai&u& configurations for the physical and #irtual hardware that will co&prise the #irtuali,ed
ser#er co&puting en#iron&ent$
Hardware re'uirementsHyper- re@uires specific hardware$ To install and use the Hyper- role" you will need the
following:
• An ()*-based processor+Hyper- is a#ailable in B-bit editions of *indows 5er#er 2008I
specifically" the B-bit editions of *indows 5er#er 2008 5tandard" *indows 5er#er 2008
1nterprise" and *indows 5er#er 2008 4atacenter$ Hyper- is not a#ailable for A2-bit /8
editions or *indows 5er#er 2008 for %taniu&-7ased 5yste&s$ Howe#er" the Hyper-
&anage&ent tools are a#ailable for A2-bit editions$ Eor &ore infor&ation about the tools" see
%nstalling Hyper-$
• Hardware-assisted virtuali,ation+ This is a#ailable in processors that include a #irtuali,ation
optionIspecifically processors with %ntel irtuali,ation Technology /%ntel T or 3M4
irtuali,ation /3M4- technology$
• Hardware-enforced Data (ecution Prevention .DP/ must be available and enabled+
5pecifically" you &ust enable %ntel J4 bit /eecute disable bit or 3M4 .J bit /no eecute bit$
?ou can identify syste&s that support the B architecture and Hyper- by searching the*indows 5er#er catalog for Hyper- as an additional @ualification /see
http:go$&icrosoft$co&fwlink>)ink%d;;;228 $
0ip
The settings for hardware-assisted #irtuali,ation and hardware-enforced 41P are
a#ailable in the 7%65$ Howe#er" the na&es of the settings &ay differ fro& the na&es
identified abo#e$ Eor &ore infor&ation about whether a specific processor &odel
supports Hyper-" check with the &anufacturer of the co&puter$ %f you &odify the settings
for hardware-assisted #irtuali,ation or hardware-enforced 41P" we reco&&end that you
turn off the power to the co&puter and then turn it back on$ (estarting the co&puter &ay
not apply the changes to the settings$
1emoryThe &ai&u& a&ount of &e&ory that can be used is deter&ined by the operating syste&" as
follows:
9
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 9/58
• Eor *indows 5er#er 2008 1nterprise and *indows 5er#er 2008 4atacenter" the physical
co&puter can be configured with up to ; T7 of physical &e&ory" and #irtual &achines that
run either of those editions can be configured with up to B =7 of &e&ory per #irtual
&achine$
•Eor *indows 5er#er 2008 5tandard" the physical co&puter can be configured with up to A2=7 of physical &e&ory" and #irtual &achines that run that edition can be configured with up
to A; =7 of &e&ory per #irtual &achine$
ProcessorsThe release #ersion of Hyper- is supported on physical co&puters with up to ; logical
processors$ Howe#er" a hotfi /K79D<;0 is a#ailable that increases the &ai&u& nu&ber of
#irtual processors to 2B$ Eor &ore infor&ation and links to the updates" see Hyper- 'pdate )ist$
3 logical processor can be a single core or &ulti-core processor$ ?ou can configure up to B #irtual
processors on a #irtual &achine$ .ote that the nu&ber of #irtual processors supported by a guest
operating syste& &ight be lower$ Eor &ore infor&ation" see 3bout irtual Machines and =uest6perating 5yste&s$ The following are so&e ea&ples of supported syste&s and the nu&ber of
logical processors they pro#ide:
• 3 single-processordual-core syste& pro#ides 2 logical processors$
• 3 single-processor@uad-core syste& pro#ides B logical processors$
• 3 dual-processordual-core syste& pro#ides B logical processors$
• 3 dual-processor@uad-core syste& pro#ides 8 logical processors$
• 3 @uad-processordual-core syste& pro#ides 8 logical processors$
• 3 @uad-processordual-core" hyper-threaded syste& pro#ides ; logical processors$
•
3 @uad-processor@uad-core syste& pro#ides ; logical processors$
etwor#ingHyper- pro#ides a #ariety of networking options and configurations to &eet different networking
re@uire&ents$ Eor &ore infor&ation about different types of #irtual networks and #irtual network
adapters" see Configuring irtual .etworks$
Hyper- networking includes the following support:
• 1ach #irtual &achine can be configured with up to ;2 #irtual network adaptersI8 can be the
Lnetwork adapter type and B can be the Llegacy network adapter type$ The network adapter
type pro#ides better perfor&ance and re@uires a #irtual &achine dri#er that is included in the
integration ser#ices packages$
• 1ach #irtual network adapter can be configured with either a static or dyna&ic M3C address$
• 1ach #irtual network adapter offers integrated #irtual local area network /)3. support and
can be assigned a uni@ue )3. channel$
• ?ou can ha#e an unli&ited nu&ber of #irtual networks with up to D;2 #irtual &achines per
#irtual network$
;0
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 10/58
ote
?ou cannot connect a #irtual network to a wireless network adapter$ 3s a result" you
cannot pro#ide wireless networking capabilities to #irtual &achines$
2torageHyper- supports a #ariety of storage options$ Eor &ore infor&ation about the storage options"
see %&ple&enting 4isks and 5torage$
?ou can use the following types of physical storage with a ser#er that runs Hyper-:
• 4irect-attached storage: ?ou can use 5erial 3d#anced Technology 3ttach&ent /53T3"
eternal 5erial 3d#anced Technology 3ttach&ent /e53T3" Parallel 3d#anced Technology
3ttach&ent /P3T3" 5erial 3ttached 5C5% /535" 5C5%" '57" and Eirewire$
• 5torage area networks /53.s: ?ou can use %nternet 5C5% /i5C5%" Eibre Channel" and 535
technologies$
&mportant
Microsoft does not support network-attached storage /.35 for Hyper-$
?ou can configure a #irtual &achine to use the following types of storage:
• Virtual &D devices+ 1ach #irtual &achine supports up to B %41 de#ices$ The startup disk
/so&eti&es referred to as the boot disk &ust be attached to one of the %41 de#ices$ The
startup disk can be either a #irtual hard disk or a physical disk$ 3lthough a #irtual &achine
&ust use a #irtual %41 de#ice as the startup disk to start the guest operating syste&" you
ha#e &any options to choose fro& when selecting the physical de#ice that will pro#ide the
storage for the #irtual %41 de#ice$ Eor ea&ple" you can use any of the types of physical
storage identified in the preceding list$
• Virtual 2C2& devices+ 1ach #irtual &achine supports up to B #irtual 5C5% controllers" andeach controller supports up to B disks$ This &eans that each #irtual &achine can be
configured with as &any as 2D #irtual 5C5% disks$ 'se of #irtual 5C5% de#ices re@uires
integration ser#ices to be installed in the guest operating syste&$ Eor a list of the guest
operating syste&s for which integration ser#ices are a#ailable" see 3bout irtual Machines
and =uest 6perating 5yste&s
• Virtual hard dis#s of up to 34*4 G$+ ?ou can use fied #irtual hard disks" dyna&ically
epanding #irtual hard disks" and differencing disks$
• Physical dis#s+ Physical disks attached directly to a #irtual &achine ha#e no si,e li&itation
other than what is supported by the guest operating syste&$
•
Virtual machine storage capacity+ 'sing #irtual hard disks" each #irtual &achine supportsup to D;2 T7 of storage$ 'sing physical disks" this nu&ber is e#en greater depending on what
is supported by the guest operating syste&$
• Virtual machine snapshots+ Hyper- supports up to D0 snapshots per #irtual &achine$
;;
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 11/58
0ip
3lthough the %6 perfor&ance of physical 5C5% and %41 de#ices can differ significantly"
this is not true for the #irtuali,ed 5C5% and %41 de#ices in Hyper-$ Hyper- %41 and
5C5% storage de#ices both offer e@ually fast high %6 perfor&ance when integration
ser#ices are installed in the guest operating syste&$ Eor a list of the guest operatingsyste&s for which integration ser#ices are a#ailable" see 3bout irtual Machines and
=uest 6perating 5yste&s$
Other hardware componentsThe following is infor&ation about the other types of physical and #irtual hardware co&ponents
that you can use with Hyper-$
44 dri#e 3 #irtual &achine has ; #irtual 44 dri#e by
default when you create the #irtual &achine$
irtual &achines can be configured with up to A
44 dri#es" connected to an %41 controller$
/irtual &achines support up to B %41 de#ices"
but one de#ice &ust be the startup disk$
3 #irtual 44 dri#e can access C4s and 44s"
either $iso files or physical &edia$ Howe#er" only
one #irtual &achine can be configured to
access a physical C444 dri#e at a ti&e$
irtual C6M port 1ach #irtual &achine is configured with 2 #irtual
serial /C6M ports that can be attached to a
na&ed pipe to co&&unicate with a local orre&ote physical co&puter$
ote
.o access to a physical C6M port is
a#ailable fro& a #irtual &achine$
irtual floppy dri#e 1ach #irtual &achine is configured with ; #irtual
floppy dri#e" which can access #irtual floppy
disk /$#fd files$
ote
.o access to a physical floppy dri#e isa#ailable fro& a #irtual &achine$
;2
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 12/58
About Virtual 1achines and Guest Operating2ystems
5unning multiple virtual machines?ou can use Hyper- to configure and use &any #irtual &achines at the sa&e ti&e$ The specific
nu&ber depends on two factors$ 6ne factor is the a#ailable physical resources on the ser#er
running Hyper-$ Eor &ore infor&ation" see Hardware Considerations$ The other factor is the
&ai&u& capacity of Hyper-$ ?ou can configure as &any as D;2 #irtual &achines on a ser#er
running Hyper-$ *ith the appropriate physical resources" the release #ersion of Hyper-
supports up to ;28 #irtual &achines running at the sa&e ti&e$ 3 hotfi /K79D<;0 is a#ailable
that increases the &ai&u& nu&ber of running #irtual &achines to ;92$ Eor &ore infor&ation
and links to the updates" see Hyper- 'pdate )ist$
2upported guest operating systemsThe following operating syste&s are supported for use on a #irtual &achine as a guest operating
syste&$ ?ou can run A2-bit and B-bit guest operating syste&s at the sa&e ti&e on one ser#er
running Hyper-$
• ?ou can use the following A2-bit and B-bit editions of *indows 5er#er 2008 as a supported
guest operating syste& on a #irtual &achine configured with ;" 2" or B #irtual processors:
• *indows 5er#er 2008 5tandard and *indows 5er#er 2008 5tandard without Hyper-
• *indows 5er#er 2008 1nterprise and *indows 5er#er 2008 1nterprise without Hyper-
• *indows 5er#er 2008 4atacenter and *indows 5er#er 2008 4atacenter without Hyper-
• *indows *eb 5er#er 2008
• *indows 5er#er 2008 HPC 1dition
• ?ou can use the following editions of *indows 5er#er 200A as a supported guest operating
syste& on a #irtual &achine configured with ; or 2 #irtual processors:
• *indows 5er#er 200A (2 5tandard 1dition with 5er#ice Pack 2
• *indows 5er#er 200A (2 1nterprise 1dition with 5er#ice Pack 2
• *indows 5er#er 200A (2 4atacenter 1dition with 5er#ice Pack 2
• *indows 5er#er 200A 5tandard 1dition with 5er#ice Pack 2
• *indows 5er#er 200A 1nterprise 1dition with 5er#ice Pack 2
• *indows 5er#er 200A 4atacenter 1dition with 5er#ice Pack 2
• *indows 5er#er 200A *eb 1dition with 5er#ice Pack 2
• *indows 5er#er 200A (2 5tandard B 1dition with 5er#ice Pack 2
• *indows 5er#er 200A (2 1nterprise B 1dition with 5er#ice Pack 2
• *indows 5er#er 200A (2 4atacenter B 1dition with 5er#ice Pack 2
• *indows 5er#er 200A 5tandard B 1dition with 5er#ice Pack 2
;A
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 13/58
• *indows 5er#er 200A 1nterprise B 1dition with 5er#ice Pack 2
• *indows 5er#er 200A 4atacenter B 1dition with 5er#ice Pack 2
• ?ou can run the following #ersions of *indows 2000 on a #irtual &achine configured with ;
#irtual processor:
• *indows 2000 5er#er with 5er#ice Pack B
• *indows 2000 3d#anced 5er#er with 5er#ice Pack B
• ?ou can run the following )inu distributions on a #irtual &achine configured with ; #irtual
processor:
• 5use )inu 1nterprise 5er#er ;0 with 5er#ice Pack 2 /8 edition or B edition
• 5use )inu 1nterprise 5er#er ;0 with 5er#ice Pack ; /8 edition or B edition
• ?ou can run the following A2-bit and B-bit #ersions of *indows ista on a #irtual &achine
configured with ; or 2 #irtual processors:
• *indows ista 7usiness with 5er#ice Pack ;
•*indows ista 1nterprise with 5er#ice Pack ;
• *indows ista 'lti&ate with 5er#ice Pack ;
• ?ou can run the following #ersions of *indows JP on a #irtual &achine:
• *indows JP Professional with 5er#ice Pack A /configured with ; or 2 #irtual processors
• *indows JP Professional with 5er#ice Pack 2 /configured with ; #irtual processor
• *indows JP Professional B 1dition with 5er#ice Pack 2 /configured with ; or 2 #irtual
processors
&ntegration services
%ntegration ser#ices are a#ailable for supported guest operating syste&s as described in thefollowing table$
&mportant
*hen a ser#ice pack is listed" the ser#ice pack is re@uired and the guest operating
syste& is not supported without the listed ser#ice pack$
ote
5o&e guest operating syste&s do not support the olu&e 5hadow Copy 5er#ice$ 3s a
result" online backup ser#ice is not a#ailable and is not listed for those guest operating
syste&s$
Guest operating system Device and service support
*indows 5er#er 2008 /B-bit editions and 8
editions
4ri#ers: %41" 5C5%" networking" #ideo" and
&ouse
5er#ices: operating syste& shutdown" ti&e
synchroni,ation" data echange" heartbeat" and
online backup
;B
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 14/58
*indows 5er#er 200A /B editions with
5er#ice Pack 2
4ri#ers: %41" 5C5%" networking" #ideo" and
&ouse
5er#ices: operating syste& shutdown" ti&e
synchroni,ation" data echange" heartbeat" and
online backup
ote
This operating syste& does not support
a legacy network adapter$ Eor &ore
infor&ation about #irtual networking and
network adapter types" see Configuring
irtual .etworks$
*indows 5er#er 200A /8 editions with
5er#ice Pack 2
4ri#ers: %41" 5C5%" networking" #ideo" and
&ouse
5er#ices: operating syste& shutdown" ti&e
synchroni,ation" data echange" heartbeat" and
online backup
*indows 2000 5er#er with 5er#ice Pack B 4ri#ers: %41" networking" #ideo" and &ouse
5er#ices: operating syste& shutdown" ti&e
synchroni,ation" data echange" and heartbeat
*indows 2000 3d#anced 5er#er with 5er#ice
Pack B
4ri#ers: %41" networking" #ideo" and &ouse
5er#ices: operating syste& shutdown" ti&e
synchroni,ation" data echange" and heartbeat
5use )inu 1nterprise 5er#er ;0 /B edition
with 5er#ice Pack ; or 2
4ri#ers only: %41" 5C5%" and networking
5use )inu 1nterprise 5er#er ;0 /8 edition
with 5er#ice Pack ; or 2
4ri#ers only: %41" 5C5%" and networking
*indows ista /B-bit editions with 5er#ice
Pack ;
4ri#ers: %41" 5C5%" networking" #ideo" and
&ouse
5er#ices: operating syste& shutdown" ti&e
synchroni,ation" data echange" heartbeat" and
online backup
*indows ista /8 editions with 5er#ice Pack
;
4ri#ers: %41" networking" #ideo" and &ouse
5er#ices: operating syste& shutdown" ti&e
synchroni,ation" data echange" heartbeat" and
online backup
*indows JP Professional /8 editions with
5er#ice Pack 2 or A
4ri#ers: %41" 5C5%" networking" #ideo" and
&ouse
;D
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 15/58
5er#ices: operating syste& shutdown" ti&e
synchroni,ation" data echange" and heartbeat
*indows JP Professional B 1dition with
5er#ice Pack 2
4ri#ers: %41" 5C5%" networking" #ideo" and
&ouse
5er#ices: operating syste& shutdown" ti&e
synchroni,ation" data echange" and heartbeat
Additional considerations• 6n *indows operating syste&s" you &ay need to close the Eound .ew Hardware *i,ard to
start the installation of integration ser#ices$
• %f you installed a prerelease #ersion of integration ser#ices on a guest operating syste&" we
reco&&end that you upgrade to the release #ersion$ Eor supported *indows operating
syste&s" the release #ersion of integration ser#ices is included in the update package for theHyper- role$ Eor &ore infor&ation about the role update package" see %nstalling Hyper-$
• %ntegration ser#ices for the supported #ersions of )inu distributions are distributed through
the Microsoft Connect *eb site and are identified as )inu %ntegration Co&ponents for
Microsoft Hyper-$ Eor &ore infor&ation" see http:go$&icrosoft$co&fwlink>)ink%4;0202B$
Planning for Hyper-V 2ecurity
?ou should secure your #irtuali,ation ser#er using the sa&e &easures you would take to
safeguard any ser#er running *indows 5er#er 2008$ 3dditionally" you should use a few etra
&easures to help secure the #irtual &achines" configuration files" and data$ Eor &ore infor&ation
about how to secure *indows 5er#er 2008 workloads" see the *indows 5er#er 2008 5ecurity
=uide /http:go$&icrosoft$co&fwlink>)ink%d;AB200$
3dditionally" see the following security-related topics in this guide:
• 'sing 3uthori,ation Manager for Hyper- 5ecurity
• Configure Hyper- for (ole-based 3ccess Control
?ou should secure the #irtual &achines running on the #irtuali,ation ser#er according to your
procedures for securing that kind of ser#er or workload$ There is nothing special or different you
need to do to secure the #irtual &achine +ust because it is a #irtual &achine$ Eor ea&ple" if your
policies and procedures re@uire that you run anti#irus software" run it on the #irtual &achine$ %f
you ha#e a policy re@uire&ent to seg&ent the physical ser#er to a particular network" follow the
policy for the #irtual &achine as well$
*e reco&&end the following best practices to i&pro#e the security of your ser#ers running
Hyper-$
;
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 16/58
ote
?ou can use 7it)ocker 4ri#e 1ncryption to help protect #irtual &achines and data" but it
re@uires careful deploy&ent and reco#ery planning$ Eor &ore infor&ation" re#iew the
*indows 7it)ocker 4ri#e 1ncryption 4esign and 4eploy&ent =uides
/http:go$&icrosoft$co&fwlink>)ink%d;AB20;$
Hyper-V security best practices• 6se a 2erver Core installation of !indows 2erver 3447 for the management operating
system+ 3 5er#er Core installation pro#ides the s&allest attack surface and reduces the
nu&ber of patches" updates" and restarts re@uired for &aintenance$ Eor detailed infor&ation
and installation guidance" see the 5er#er Core %nstallation 6ption of *indows 5er#er 2008
5tep-7y-5tep =uide /http:go$&icrosoft$co&fwlink>)ink%d;AB202$
Eor &ore infor&ation about enabling the Hyper- role on a ser#er running a 5er#er Core
installation" see %nstall the Hyper- (ole on a 5er#er Core %nstallation of *indows 5er#er
2008$
otes
• There is no way to upgrade fro& a 5er#er Core installation to a full installation of
*indows 5er#er 2008$ %f you need the *indows user interface or a ser#er role that is not
supported in a 5er#er Core installation" install a full installation of *indows 5er#er 2008$
• To re&otely &anage Hyper- on a 5er#er Core installation" use the Hyper-
&anage&ent tools for *indows 5er#er 2008 and *indows ista 5er#ice Pack ; /5P;$
Eor &ore infor&ation" see article 9D00D0 /http:go$&icrosoft$co&fwlink>)ink%d;22;88
and article 9D22< /http:go$&icrosoft$co&fwlink>)ink%4;22;89 in the Microsoft
Knowledge 7ase$ Eor &ore infor&ation about configuring tools for re&ote &anage&ent
of Hyper-" see %nstall and Configure Hyper- Tools for (e&ote 3d&inistration$
• Do not run any applications in the management operating system8run all applications
on virtual machines+ 7y keeping the &anage&ent operating syste& free of applications and
running a *indows 5er#er 2008 core installation" you will need fewer updates to the
&anage&ent operating syste& because nothing re@uires software updates ecept the 5er#er
Core installation" the Hyper- ser#ice co&ponents" and the hyper#isor$
otes
%f you run progra&s in the &anage&ent operating syste&" you should run your
anti#irus solution there and add the following to the anti#irus eclusions:
• irtual &achine configuration files directory$ 7y default" it is
C:NProgra&4ataNMicrosoftN*indowsNHyper-$
• irtual &achine #irtual hard disk files directory$ 7y default" it is
C:N'sersNPublicN4ocu&entsNHyper-Nirtual Hard 4isks$
• 5napshot files directory$ 7y default" it is Osyste&dri#e
ONProgra&4ataNMicrosoftN*indowsNHyper-N5napshots$
• &&s$ee
;<
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 17/58
• &wp$ee
%f you need to use the full #ersion of *indows 5er#er 2008 and run applications in the
&anage&ent operating syste&" then you should run an anti#irus progra& there$
• 6se the security level of your virtual machines to determine the security level of your
management operating system+ ?ou should deploy #irtual &achines onto #irtuali,ationser#ers that ha#e si&ilar security re@uire&ents$ Eor ea&ple" assu&e that you classify the
le#el of risk and effort to secure your ser#ers into three categories: Lsecure" L&ore secure"
and L&ost secure$ ?ou would put &ore co&pliance effort and control procedures into the
&ost secure ser#ers than on the secure ser#ers$ This would be true whether the ser#er is
physical or running on a #irtual &achine$ %f you deploy both secure and &ost secure #irtual
&achines on the &anage&ent operating syste&" then you should secure the #irtuali,ation
ser#er as a L&ost secure ser#er$ 4eploying #irtual &achines with si&ilar security le#els on a
#irtuali,ation ser#er can &ake &anage&ent and &o#e&ent of the #irtual &achines easier$
• Do not give virtual machine administrators permissions on the management operating
system+ 3ccording to the principle of least pri#ilege" you should gi#e ad&inistrators of a
#irtual &achine /so&eti&es called depart&ent ad&inistrators or delegated ad&inistrators the
&ini&u& per&issions re@uired$ Managing the re@uired per&issions on all the ob+ects
associated with a #irtual &achine can be co&ple" and can lead to potential security issues if
not handled properly$ (ole-based access control enables you to specify access control in
ter&s of the organi,ational structure of a co&panyIby creating a new ob+ect called a role$
?ou assign a user to a role to perfor& a +ob function$ Hyper- uses 3uthori,ation Manager
policies for role-based access control$
• nsure that virtual machines are fully updated before they are deployed in a
production environment+ 7ecause #irtual &achines are so &uch easier to &o#e around and
@uicker to deploy than physical &achines" there is a greater risk that a #irtual &achine that is
not fully updated or patched &ight be deployed$ To &anage this risk effecti#ely" use the sa&eðods and procedures to update #irtual &achines as you use to update physical ser#ers$
Eor ea&ple" if you allow the use of auto&atic updates using *indows 'pdate" Microsoft
5yste& Center Configuration Manager" or another software distribution ðod" ensure that
#irtual &achines are updated andor patched before they are deployed$
?ou can use &aintenance hosts and @uick &igration in Hyper- to acco&plish this$ 3
&aintenance host is a host co&puter that you can dedicate for patching stored resources and
for staging #irtual &achines before you &o#e the& into your production en#iron&ent$ Eor
&ore infor&ation about &aintenance hosts" see Planning for Hosts
/http:go$&icrosoft$co&fwlink>)ink%d;ABB82$ Eor infor&ation about using @uick &igration
to &o#e #irtual &achines to a &aintenance host" see Hyper- 5tep-by-5tep =uide: Testing
Hyper- and Eailo#er Clustering /http:go$&icrosoft$co&fwlink>)ink%d;ABB8;$
• nsure integration services are installed on virtual machines+ The accuracy of
ti&esta&ps and audit log entries is i&portant for co&puter forensics and co&pliance$
%ntegration ser#ices ensure that ti&e is synchroni,ed between #irtual &achines and the
&anage&ent operating syste&$ This synchroni,ation &akes sure that ti&e is consistent with
the physical location of the #irtual &achine in the e#ent that #irtual &achines are &igrated
;8
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 18/58
between data centers in different ti&e ,ones or #irtual &achines are restored fro& pre#ious
snapshots$
• 6se a dedicated networ# adapter for the management operating system of the
virtuali,ation server+ 7y default" no #irtual networking is configured for the &anage&ent
operating syste&$ 'se a dedicated network adapter for &anaging the ser#er running Hyper-and do not epose it to untrusted network traffic$ 4o not allow #irtual &achines to use this
network adapter$ 'se one or &ore different dedicated network adapters for #irtual &achine
networking$ This allows you to apply different le#els of networking security policy and
configuration for your #irtual &achines$ Eor ea&ple" you can configure networking so that
the #irtual &achines ha#e different networking access than your &anage&ent operating
syste&" including the use of #irtual local area networks /)3.s" %nternet Protocol 5ecurity
/%Psec" .etwork 3ccess Protection /.3P and Microsoft Eorefront Threat Manage&ent
=ateway$ Eor &ore infor&ation about configuring networking" see Configuring irtual
.etworks$
Eor &ore infor&ation about .3P" see http:go$&icrosoft$co&fwlink>)ink%4;;<80B$ Eor
infor&ation about Microsoft Eorefront Threat Manage&ent =ateway and Microsoft EorefrontL5tirling" see http:go$&icrosoft$co&fwlink>)ink%d;ABBD2$
• 6se $it9oc#er Drive ncryption to protect resources+ 7it)ocker 4ri#e 1ncryption works
with features in ser#er hardware and fir&ware to pro#ide secure operating syste& boot and
disk dri#e encryption" e#en when the ser#er is not powered on$ This helps protect data if a
disk is stolen and &ounted on another co&puter for data &ining$ 7it)ocker 4ri#e 1ncryption
also helps protect data if an attacker uses a different operating syste& or runs a software
hacking tool to access a disk$
)osing a physical disk is a &ore significant risk in scenarios with s&all and &ediu&
businesses" as well as re&ote offices" where physical security of the ser#er &ay not be as
rigorous as in an enterprise data center$ Howe#er" using 7it)ocker 4ri#e 1ncryption &akessense for all co&ptuers$ ?ou should use 7it)ocker 4ri#e 1ncryption on all #olu&es that store
#irtual &achine files too$ This includes the #irtual hard disks" configuration files" snapshots"
and any #irtual &achine resources" such as %56 i&ages and #irtual floppy disks$ Eor a higher
le#el of security that includes secure startup" 7it)ocker 4ri#e 1ncryption re@uires Trusted
Platfor& Module /TPM hardware$ Eor &ore infor&ation about TPM &anage&ent" see the
*indows Trusted Platfor& Module Manage&ent 5tep-by-5tep =uide
/http:go$&icrosoft$co&fwlink>)ink%d;AB22<$
Eor &ore infor&ation on how to configure 7it)ocker 4ri#e 1ncryption to help protect your
ser#er and the #irtual &achines running on it" see *indows 5er#er 2008 Hyper- and
7it)ocker 4ri#e 1ncryption /http:go$&icrosoft$co&fwlink>)ink%4;2ADAB$
3lso see *indows 7it)ocker 4ri#e 1ncryption Ere@uently 3sked uestions
/http:go$&icrosoft$co&fwlink>)ink%d;AB228 and the 7it)ocker (epair Tool
/http:go$&icrosoft$co&fwlink>)ink%d;AB229$
&mportant
'se 7it)ocker 4ri#e 1ncryption in the Hyper- &anage&ent operating syste& and to
protect #olu&es that contain configuration files" #irtual hard disks" and snapshots$ 4o
;9
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 19/58
not run 7it)ocker 4ri#e 1ncryption within a #irtual &achine$ 7it)ocker 4ri#e
1ncryption is not supported within a #irtual &achine$
• Disable virtuali,ation $&O2 settings when they are not re'uired+ *hen you are no longer
using a ser#er for #irtuali,ation" for ea&ple in a test or de#elop&ent scenario" you should
turn off the hardware-assisted #irtuali,ation 7%65 settings that were re@uired for Hyper-$ Eorinstructions on disabling these settings" consult your hardware &anufacturer$
Additional resources• irtuali,ation 5ecurity 7est Practices Podcast /http:go$&icrosoft$co&fwlink>
)ink%d;AB22D
• *indows 5er#er irtuali,ation and the *indows Hyper#isor /http:go$&icrosoft$co&fwlink>
)ink%d;AB22
6sing Authori,ation 1anager for Hyper-V2ecurity
?ou use 3uthori,ation Manager to pro#ide role-based access control for Hyper-$ Eor instructions
on i&ple&enting role-based access control" see Configure Hyper- for (ole-based 3ccess
Control$ Eor &ore infor&ation about getting started with 3uthori,ation Manager" see 3ppendi 7:
3uthori,ation Manager Ter&inology and Checklist: 7efore you start using 3uthori,ation Manager
/http:go$&icrosoft$co&fwlink>)ink%d;AB;9<$
3uthori,ation Manager is co&prised of the following:
• Authori,ation 1anager snap-in .A,1an+msc/+ ?ou can use the Microsoft Manage&ent
Console /MMC snap-in to select operations" group the& into tasks" and then authori,e roles
to perfor& specific tasks$ ?ou also use it to &anage tasks" operations" user roles" and
per&issions$ To use the snap-in" you &ust first create an authori,ation store or open an
eisting store$ Eor &ore infor&ation" see http:go$&icrosoft$co&fwlink>)ink%d;AB08$
• Authori,ation 1anager AP&+ The 3P% pro#ides a si&plified de#elop&ent &odel in which to
&anage fleible groups and business rules and store authori,ation policies$ Eor &ore
infor&ation" see (ole-based 3ccess Control /http:go$&icrosoft$co&fwlink>)ink%d;AB0<9$
3uthori,ation Manager re@uires a data store for the policy that correlates roles" users" and access
rights$ This is called an authori,ation store$ %n Hyper-" this data store can be &aintained in an
3cti#e 4irectory database or in an JM) file on the local ser#er running the Hyper- role$ ?ou can
edit the store through the 3uthori,ation Manager snap-in or through the 3uthori,ation Manager 3P%" which are a#ailable to scripting languages such as 75cript$
%f an 3cti#e 4irectory database is used for the authori,ation store" 3cti#e 4irectory 4o&ain
5er#ices /34 45 &ust be at the *indows 5er#er 200A functional le#el$
The JM) store does not support delegation of applications" stores" or scopes because access to
the JM) file is controlled by the discretionary access control list /43C) on the file" which grants
or restricts access to the entire contents of the file$ /Eor &ore infor&ation about 3uthori,ation
20
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 20/58
Manager delegation" see http:go$&icrosoft$co&fwlink>)ink%d;AB0<D$ 7ecause of this" if an
JM) file is used for the authori,ation store" it is i&portant that it is backed up regularly$ The .TE5
file syste& does not support applications issuing a se@uence of separate write operations as a
single logical write to a file when &ultiple applications write to the sa&e file$ This &eans an
3uthori,ation Manager policy file /JM) file could be edited si&ultaneously by two ad&inistrati#e
applications and could beco&e corrupted$ The Hyper- 55 writer will back up the authori,ation
store with the ser#er running the Hyper- role$
Configure Hyper-V for 5ole-based AccessControl
This topic describes how to configure role-based access control for #irtual &achines in Hyper-$
?ou use the 3uthori,ation Manager Microsoft Manage&ent Console /MMC snap-in /3,Man$&sc
to pro#ide role-based access control for Hyper-$ Eor &ore infor&ation" see the following topics in
this guide:
• 'sing 3uthori,ation Manager for Hyper- 5ecurity
• 3ppendi 7: 3uthori,ation Manager Ter&inology
• Planning for Hyper- 5ecurity
To i&ple&ent role-based access control" you &ust first define scopes and then organi,e
operations into groups to acco&plish tasks$ ?ou assign tasks to roles" and then assign users or
groups to the role$ 3ny user assigned to a role can then perfor& all of the operations in all of the
tasks that are assigned to the role$
There are four general steps to setting up role-based access control for Hyper-:
;$ 4efine scope according to your organi,ational needs$ Eor ea&ple" you can define scopes bygeography" organi,ational structure" function /de#elopertest or production" or 3cti#e
4irectory 4o&ain 5er#ices$ Eor a sa&ple script to create the scopes" see
http:go$&icrosoft$co&fwlink>)ink%d;AB0<B$
2$ 4efine tasks$ %n 3uthori,ation Manager" you cannot change or create new operations$
Howe#er" you can create as &any tasks as you want and then co&bine these into role
definitions$ Eor ea&ple tasks that you can use in your role definitions" see 3ppendi 3:
1a&ple 3uthori,ation Manager Tasks and 6perations$
A$ Create roles$ Eor ea&ple" if you want to create an L%T Monitor role that you can use to #iew
properties of a #irtual &achine but not interact with the #irtual &achine" create a new task in
3uthori,ation Manager called LMonitor irtual Machine" with the following operations:
• (ead 5er#ice Configuration
• iew 1ternal 1thernet Ports
• iew %nternal 1thernet Ports
• iew )3. 1ndpoints
• iew 5witch Ports
2;
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 21/58
• iew 5witches
• iew irtual 5witch Manage&ent 5er#ice
• iew )3. 5ettings
B$ 3ssign users or groups to roles$
Eor ea&ple" assu&e you ha#e two sets of #irtual &achines where one set belongs to the Hu&an
(esources depart&ent and the other set belongs to the Einance depart&ent$ ?ou want the #irtual
&achine ad&inistrators for Hu&an (esources to ha#e full control o#er the #irtual &achines for
that depart&ent" but to ha#e no control o#er the #irtual &achines in Einance$ ?ou want the sa&e
arrange&ent for the #irtual &achine ad&inistrators for EinanceIno access to the #irtual
&achines in Hu&an (esources$ To acco&plish this" you would define one role called
L4epart&ental irtual Machine 3d&inistrator" define the appropriate tasks" and then assign each
ad&inistrator to the L4epart&ental irtual Machine 3d&inistrator role assign&ent in the specific
scope$ ?ou would scope the #irtual &achine ad&inistrators for Hu&an (esources to the #irtual
&achines in Hu&an (esources and the #irtual &achine ad&inistrators for Einance to the #irtual
&achines in Einance$ Then" you would assign the #irtual &achines to their respecti#e scopes$
Configuring role-based access control'se the following procedures to set up role-based access control for #irtual &achines in Hyper-$
&mportant
To co&plete these procedures" you &ust open 3uthori,ation Manager using an account
that is a &e&ber of the 3d&inistrators group$
0o create a scope
;$ 6pen 3uthori,ation Manager by running a,man+msc fro& a co&&and pro&pt$The default authori,ation policy is JM)-based and stored at
NProgra&4ataNMicrosoftN*indowsNHyper-N%nitial5tore$&l$
ote
.ote that NProgra&4ataN is in a hidden directory" you cannot browse to it$ Type
the location in 2tore ame in the Open Authori,ation 2tore dialog bo$
2$ %n the console tree" right-click Hyper-V services and then click ew 2cope$
A$ %n the ew 2cope dialog bo" in ame" type a na&e for the scope and then click O:$
B$ /6ptional %n Description" type a description for the scope and then click O:$
The description has a &ai&u& si,e li&it of ;02B bytes$ 1nter a description that will help
you apply the scope to achie#e your goal$ Eor ea&ple" you can use a description to
distinguish the Hu&an (esources scope fro& the Einance scope$
0o create a tas#
;$ 6pen 3uthori,ation Manager by running a,man+msc fro& a co&&and pro&pt$
2$ %n the console tree" right-click the scope" and then click Definitions$
22
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 22/58
A$ %n the console tree" right-click 0as# Definitions and then click ew 0as# Definition$
B$ %n the ew 0as# Definition dialog bo" in ame" type a na&e for the task$
D$ Click Add to bring up the Add Definition dialog bo and click the Operations tab$
$ %n Operations" select each operation in the task" and then click O:$
0o create a role
;$ 6pen 3uthori,ation Manager by running a,man+msc fro& a co&&and pro&pt$
2$ 1pand the scope" click Definitions" right-click 5ole Definition" and then click ew 5ole
Definition$
The description has a &ai&u& si,e li&it of ;02B bytes$
A$ %n the ew 5ole Definition dialog bo" in ame" type a na&e for the role$
B$ %n Description" type a description for the role and then click O: twice$
D$ /6ptional Click Add to specify the operations" tasks" roles" and authori,ation rules that
you want to include" and then click O: twice$
0o assign a role
;$ 6pen 3uthori,ation Manager by running a,man+msc fro& a co&&and pro&pt$
2$ 1pand the scope" right-click 5ole Assignments" and click ew 5ole Assignment$
A$ %n the Add 5ole dialog bo" check the role definitions to add and then click O:$
B$ (ight-click the role" click Assign 6sers and Groups" and then click ;rom !indows and
Active Directory or ;rom Authori,ation 1anager $
D$ %n the 2elect 6sers< Computers< or Groups dialog bo" enter ob+ect na&es to select"
and then click O:$
Additional resources• 5copes in 3uthori,ation Manager /http:go$&icrosoft$co&fwlink>)ink%d;AB;98
• *ork *ith 5copes /http:go$&icrosoft$co&fwlink>)ink%d;AB;99
• 3uthori,ation Manager How ToQ /http:go$&icrosoft$co&fwlink>)ink%4;AB08
Planning for $ac#up
*hen you plan a backup and reco#ery strategy for a #irtuali,ed ser#er en#iron&ent" there are
se#eral factors to consider$ ?ou &ust consider the different types of backups you can &ake" the
state of the #irtual &achine" and the type of storage being used by the #irtual &achines$ This
topic discusses the ad#antages" disad#antages" and considerations for these factors$
2A
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 23/58
ote
This topic discusses considerations for backup strategies that are i&ple&ented using
backup applications that support the Hyper- olu&e 5hadow Copy 5er#ice /55 writer$
55 snapshots are not the sa&e as #irtual &achine snapshots$ This topic does not co#er
the use of #irtual &achine snapshots because we do not reco&&end the& as aper&anent data or syste& reco#ery solution$ irtual &achine snapshots are intended
&ainly for use in de#elop&ent and test en#iron&ents because they pro#ide a con#enient
way to store different points of syste& state" data" and configuration$ Howe#er" there are
so&e inherent risks of unintended data loss if they are not &anaged appropriately$ Eor
&ore infor&ation about #irtual &achine snapshots" see http:go$&icrosoft$co&fwlink>
)ink%d;AAAB2$
6nderstanding bac#up options andconsiderations
The backup integration ser#ice /identifiable as Hyper- olu&e 5hadow Copy (e@uestor ser#ice
in the guest operating syste& and the Hyper- olu&e 5hadow Copy 5er#ice /55 writer
pro#ide the &echanis& for backing up #irtual &achines as well as syste&-wide settings that
apply to Hyper-$ To i&ple&ent the backup and reco#ery scenarios discussed in this section" you
&ust use a backup application that is co&patible with the Hyper- 55 writer$ %f you want to use
*indows 5er#er 7ackup" you &ust add a registry key to register the Hyper- 55 writer$ Eor
&ore infor&ation" see http:go$&icrosoft$co&fwlink>)ink%4;AAADB$
There are two basic ðods you can use to perfor& a backup$ ?ou can:
• Perform a bac#up from the server running Hyper-V+ *e reco&&end that you use this
ðod to perfor& a full ser#er backup because it captures &ore data than the other ðod$
%f the backup application is co&patible with Hyper- and the Hyper- 55 writer" you canperfor& a full ser#er backup that helps protect all of the data re@uired to fully restore the
ser#er" ecept the #irtual networks$ The data included in such a backup includes the
configuration of #irtual &achines" snapshots associated with the #irtual &achines" and #irtual
hard disks used by the #irtual &achines$ 3s a result" using this ðod can &ake it easier to
reco#er the ser#er if you need to" because you do not ha#e to recreate #irtual &achines or
reinstall Hyper-$ Howe#er" #irtual networks are not included in a full ser#er backup$ ?ou will
need to reconfigure the #irtual networking by recreating the #irtual networks and then
reattaching the #irtual network adapters in each #irtual &achine to the appropriate #irtual
network$ 3s part of your backup planning" &ake sure you docu&ent the configuration and all
rele#ant settings of your #irtual network if you want to be able to recreate it$
• Perform a bac#up from within the guest operating system of a virtual machine+ 'se this
ðod when you need to back up data fro& storage that is not supported by the Hyper-
55 writer$ *hen you use this ðod" you run a backup application fro& the guest
operating syste& of the #irtual &achine$ %f you need to use this ðod" you should use it in
addition to a full ser#er backup and not as an alternati#e to a full ser#er backup$ Perfor& a
backup fro& within the guest operating syste& before you perfor& a full backup of the ser#er
2B
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 24/58
running Hyper-$ Eor &ore infor&ation about storage considerations" see the following
section$
2torage considerations 3s you plan your backup strategy" consider the co&patibility between the storage and backup
solutions:
• Virtual hard dis#s+ These offer the best co&patibility and can be stored on &any types of
physical &edia$ Eor &ore infor&ation about the types of storage you can use with Hyper-"
see Hardware Considerations$
• Physical dis#s that are directly attached to a virtual machine+ These disks cannot be
backed up by the Hyper- 55 writer$ 3s a result" this type of disk will not be included in any
backup perfor&ed by a backup progra& that uses the Hyper- 55 writer$ %n this situation"
you would need to use so&e other process to back up the physical disk" such as running a
backup application within the guest operating syste&$
• i2C2&-based storage+ This storage is supported for backup by the Hyper- 55 writer when
the storage is connected through the &anage&ent operating syste& and the storage is used
for #irtual hard disks$
• 2torage accessed from a virtual machine by using an &nternet 2C2& .i2C2&/ initiator
within the guest operating system+ This storage will not be included in a backup of the
physical co&puter$ %n this scenario" you &ust use another process to back up the data fro&
the i5C5%-based storage before you perfor& a full ser#er backup$ Eor ea&ple" you could run
a backup of the data on the i5C5% storage fro& a backup application running in the guest
operating syste&$
Eor &ore infor&ation about deploying storage for Hyper-" see %&ple&enting 4isks and 5torage$
6nderstanding online and offline bac#ups*hether a backup is perfor&ed online or offline depends on whether the backup can be
perfor&ed without downti&e$
?ou can perfor& an online backup with no downti&e on a running #irtual &achine when all of the
following conditions are &et:
• %ntegration ser#ices are installed and the backup integration ser#ice has not been disabled$
• 3ll disks being used by the #irtual &achine are configured within the guest operating syste&
as .TE5-for&atted basic disks$ irtual &achines that use storage on which the physical
partitions ha#e been for&atted as dyna&ic disks or the E3TA2 file syste& pre#ent an online
backup fro& being perfor&ed$ This is not the sa&e as dyna&ically epanding #irtual hard
disks" which are fully supported by backup and restore operations$
• olu&e 5hadow Copy 5er#ice &ust be enabled on all #olu&es used by the #irtual &achine
with a specific configuration$ 1ach #olu&e &ust also ser#e as the storage location for shadow
2D
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 25/58
copies of the #olu&e$ Eor ea&ple" the shadow copy storage for #olu&e C: &ust be located
on C:$
%f an online backup cannot be perfor&ed" then an offline backup is taken$ This type of backup
results in so&e degree of downti&e$ 3 #ariety of factors can affect the ti&e re@uired to take an
offline backup$ %f the #irtual &achine is running or paused" it is put into a sa#ed state as part ofthe offline backup process$ 3fter the backup is co&pleted" the #irtual &achine is returned to its
eisting state$
6nderstanding the restore processThe restore process is straightforward as long as the reco&&endations outlined in the pre#ious
sections were followed when the backups were created$ This includes taking the reco&&ended
steps to ensure that data which is not included in a full ser#er backup can be reco#ered or
recreated$
To restore when all co&ponents of your backup set are supported by the Hyper- 55 writer"
ha#e all the &edia and e@uip&ent a#ailable and then perfor& a restore of the entire syste& or the#irtual &achine" depending on your circu&stances$ The Hyper- 55 writer treats Hyper- as an
application that can be backed up$ This &eans that you can reco#er indi#idual #irtual &achines$
Howe#er" you cannot use this ðod to reco#er only a portion of a #irtual &achine$
To restore when your backup set includes &edia that is not supported by the Hyper- 55 writer"
you &ust perfor& an additional step$ Eirst" perfor& a restore of the entire syste& or the #irtual
&achine" depending on your circu&stances$ Then" restore the unsupported &edia fro& within the
guest operating syste&$
ote
%f you atte&pt to restore a #irtual &achine while it is running" it is turned off and deleted
before the backed-up #ersion of the #irtual &achine is restored$
ote
%f you restore a #irtual &achine fro& an online backup" when you start the #irtual &achine
you &ay recei#e a &essage that the operating syste& was not shut down properly$ ?ou
can ignore this &essage$
Considerations about clustered virtual machines%f you plan to cluster #irtual &achines" there are additional factors that you need to consider when
planning to backup and restore those #irtual &achines$ 7efore you atte&pt to back up or restore
clustered #irtual &achines" consider the following:• 3pply a hotfi to pre#ent possible failure of a full ser#er backup on a node when a #irtual
&achine uses a #olu&e &ounted with a ='%4$ *hen the hotfi applied" a directory path that
cannot be resol#ed will pre#ent only the #irtual &achine that uses the directory path fro&
being backed up$ Howe#er" when the hotfi is not applied" a #olu&e &ounted with a ='%4
&ay cause the entire backup operation to fail$ Eor &ore infor&ation" see
http:go$&icrosoft$co&fwlink>)ink%d;AAAB8$
2
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 26/58
• ?ou &ay need to take the #irtual &achine offline before you run a backup or restore a #irtual
&achine$ Eor instructions on taking a clustered #irtual &achine offline" see
http:go$&icrosoft$co&fwlink>)ink%4;290A$
5e#eral factors can affect backup and reco#ery operations when a #irtual &achine is
clustered$ The following tables identify the factors you need to consider and the action youneed to take to perfor& the backup or reco#ery operation$ The infor&ation in both tables
assu&es that you will run the backup or reco#ery operation on node ;$
Considerations for bac#ing up clustered virtual machines
)ocation of
cluster
group
Cluster
resource
state
Configuration
resource state
5torage
resource
state
7ackup type 3ction
re@uired to
prepare for a
backup
.ode ; 6nline 6nline 6nline 6nline .one
.ode ; 6nline 6nline 6nline 6ffline /due to
storage
configuration of
the #irtual
&achine
'se the
Cluster
ser#ice to
take the
#irtual
&achine
cluster
resource
offline
.ode ; 6ffline 6ffline 6nline 6ffline .one
.ode ; 6ffline 6nline 6nline 6ffline .one
.ode 2 3ny state 3ny state 3ny state irtual &achine
not reported for
backup on node
;
Mo#e the
#irtual
&achine to
node ;
Considerations for restoring clustered virtual machines
)ocation Cluster
resource state
Configuration
resource state
5torage
resource state
3ction re@uired to
prepare for a
restore
.ode ; 6nline 6nline 6nline Take the cluster
resource and
configuration
resource offline$
.ode ; 6ffline 6nline 6nline Take the
2<
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 27/58
configuration
resource offline$
.ode ; 6ffline 6ffline 6ffline .one
.ode 2 3ny state 3ny state 3ny state The clusterresource and the
configuration
resource need to
be taken offline on
.ode 2 to a#oid a
conflict$
&nstalling Hyper-V
The release #ersion of the Hyper- technology in *indows 5er#er 2008 is distributed in update
packages that are a#ailable fro& the Microsoft *eb site$ To install the release #ersion of any of
the Hyper- co&ponents" you &ust obtain and install the appropriate update package$ This topic
describes the packages and pro#ides links to the installation procedures for each package$
About the Hyper-V update pac#ages5e#eral update packages are a#ailable$ 1ach update package is described below" including
infor&ation about how to obtain the package$
Hyper-V role pac#ageThe release #ersion of Hyper- is distributed in the package RHyper- 'pdate for *indows 5er#er
2008 B 1dition /K79D00D0S$ The package consists of the Hyper- role" including the B
#ersion of the re&ote &anage&ent tools" and integration ser#ices for the supported #ersions of
the *indows operating syste&$
This update is offered through *indows 'pdate as a reco&&ended update$ Howe#er" you also
can obtain the update through the Microsoft 4ownload Center$ To download this update" see
http:go$&icrosoft$co&fwlink>)ink%d;2ADA9$
&mportant
The Hyper- role update package is a per&anent package$ 6nce you install the updatepackage" you cannot re&o#e it$
Eor instructions about installing the role" see %nstall the Hyper- (ole on a 5er#er Core
%nstallation of *indows 5er#er 2008 or %nstall the Hyper- (ole on a Eull %nstallation of *indows
5er#er 2008$
%f you used a prerelease #ersion of Hyper- to create #irtual &achines and installed integration
ser#ices on the #irtual &achines" you &ust upgrade the integration ser#ices to the release
28
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 28/58
#ersion$ %ntegration ser#ices are specific to the build of Hyper-$ To install the integration ser#ices"
fro& the Action &enu of irtual Machine Connection" click &nsert &ntegration 2ervices 2etup
Dis#$ 6n *indows operating syste&s" if the .ew Hardware *i,ard appears" you &ust close the
wi,ard to start the installation$ %f 3utorun does not start the installation auto&atically" you can start
it &anually$ Click anywhere in the guest operating syste& window and na#igate to the C4 dri#e$
'se the ðod that is appropriate for the guest operating syste& to start the installation package
fro& the C4 dri#e$
%f you are interested in &igrating fro& irtual 5er#er to Hyper-" a &igration guide is a#ailable$
Eor &ore infor&ation" see the irtual Machine Migration =uide$
Hyper-V 5emote management tools pac#agesThe Hyper- &anage&ent tools are a#ailable separately to allow re&ote &anage&ent of a ser#er
running Hyper-$ Packages are a#ailable to install the tools on *indows ista with 5er#ice
Pack ; /5P; and on A2-bit editions of *indows 5er#er 2008$ The following download packages
are a#ailable:
• Eor B-bit editions of *indows ista with 5P;" see http:go$&icrosoft$co&fwlink>
)ink%d;2ADB0$
• Eor A2-bit editions of *indows ista with 5P;" see http:go$&icrosoft$co&fwlink>
)ink%d;2ADB;$
• Eor A2-bit editions of *indows 5er#er 2008" see http:go$&icrosoft$co&fwlink>
)ink%d;2ADB2$
&mportant
The re&ote &anage&ent tools update package for the A2-bit editions of *indows
5er#er 2008 is a per&anent package$ 6nce you install the update package" you
cannot re&o#e it$
Eor instructions about installing the tools" see %nstall and Configure Hyper- Tools for (e&ote
3d&inistration$
Hyper-V 9anguage Pac# for !indows 2erver 3447The Hyper- )anguage Pack for *indows 5er#er 2008 installs the language pack for the release
#ersion of Hyper- and supports the following additional languages:
• Chinese /5i&plified
• Chinese /Traditional
• C,ech
• Hungarian
• Korean
• Polish
• Portuguese /7ra,il
• Portuguese /Portugal
29
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 29/58
• (ussian
• 5wedish
• Turkish
Eor &ore infor&ation about the language pack and links to download the packs" see article
9D;A in the Microsoft Knowledge 7ase /http:go$&icrosoft$co&fwlink>)ink%4;2ADA$
Additional considerations• To find out whether an update has been applied to your co&puter" you can check the update
history:
• 6n a full installation of *indows 5er#er 2008" click 2tart" click !indows 6pdate" click
View update history" and then click &nstalled 6pdates$
• 6n a 5er#er Core installation" at the co&&and pro&pt" type:
wmic 'fe list
)ook for update nu&ber #bid=>?44?4" which indicates that the update for Hyper- has
been installed$
&nstall the Hyper-V 5ole on a 2erver Core&nstallation of !indows 2erver 3447
The 5er#er Core installation option of the *indows 5er#er 2008 operating syste& installs a
&ini&al ser#er installation of *indows 5er#er 2008 to run supported ser#er roles" including the
Hyper- role$ ?ou can use the 5er#er Core installation option to help secure the ser#er running
Hyper- and all the #irtual &achines running on it$ The benefits of using the 5er#er Core
installation option include a reduced attack surface and reduced &aintenance$ Eor infor&ation
about the &ini&u& hardware re@uire&ents for a ser#er running a 5er#er Core installation" see
%nstalling *indows 5er#er 2008 /http:go$&icrosoft$co&fwlink>)ink%d;2ADA8$
*hen you select the 5er#er Core installation option" 5etup installs only the files that are re@uired
for the supported ser#er roles$ Eor ea&ple" the 1plorer shell is not installed as part of a 5er#er
Core installation$ 3fter you ha#e enabled the Hyper- role" you can &anage the Hyper- role and
#irtual &achines re&otely using the Hyper- &anage&ent tools$ The &anage&ent tools are
a#ailable for *indows 5er#er 2008 and *indows ista 5er#ice Pack ; /5P;$ Eor &ore
infor&ation" see article 9D00D0 /http:go$&icrosoft$co&fwlink>)ink%d;22;88 and article
9D22< /http:go$&icrosoft$co&fwlink>)ink%d;2ADA< in the Microsoft Knowledge 7ase$ Eor
&ore infor&ation about configuring tools for the re&ote &anage&ent of Hyper-" see %nstall and
Configure Hyper- Tools for (e&ote 3d&inistration$
?ou can use unattended installation to configure a ser#er running a 5er#er Core installation and
Hyper-$ Eor &ore infor&ation about unattended installation settings" see the *indows
3uto&ated %nstallation Kit /http:go$&icrosoft$co&fwlink>)ink%d8;0A0$ ?ou can find &ore
infor&ation and a sa&ple 'nattend$&l file in the 5er#er Core %nstallation 6ption of *indows
A0
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 30/58
5er#er 2008 5tep-7y-5tep =uide /http:go$&icrosoft$co&fwlink>)ink%4;009D9$ This guide is
also a#ailable as a download /http:go$&icrosoft$co&fwlink>)ink%48DD$
&mportant
• 6nce you install these ser#er updates" you will not be able to re&o#e the&$ There is no
way to upgrade fro& a full installation of *indows 5er#er 2008 or a pre#ious #ersion of
*indows 5er#er to a 5er#er Core installation$ 6nly a clean installation is supported$
There is no way to upgrade fro& a 5er#er Core installation to a full installation of
*indows 5er#er 2008$ %f you need the *indows user interface or a ser#er role that is not
supported in a 5er#er Core installation" you should install a full installation of *indows
5er#er 2008$ Eor instructions about installing the Hyper- role on a full installation of
*indows 5er#er 2008" see %nstall the Hyper- (ole on a Eull %nstallation of *indows
5er#er 2008$
• %f you close all local co&&and pro&pts while installing the Hyper- role" you will ha#e no
way to &anage the 5er#er Core installation$ %f this happens" press CT()F3)TF41)1T1"
click 2tart 0as# 1anager " click ;ile" click 5un" and type cmd+e(e$ 3lternati#ely" you canlog off and log on again$
0o install Hyper-V on a 2erver Core installation
;$ ?ou &ust perfor& a 5er#er Core installation before you install the Hyper- role$ Eor
instructions" see the 5er#er Core %nstallation 6ption of *indows 5er#er 2008 5tep-7y-
5tep =uide /http:go$&icrosoft$co&fwlink>)ink%4;009D9$
2$ 3fter you ha#e installed *indows 5er#er 2008" you &ust apply the Hyper- update
packages for *indows 5er#er 2008 /K79D00D0$ Eor links and &ore infor&ation about
installing the update for the release #ersion of the Hyper- technology for *indows
5er#er 2008" see %nstalling Hyper-$ ?ou should also apply any other re@uired updates
before you install the Hyper- role$
To #iew the list of software updates and check if any are &issing" at the co&&and
pro&pt" type:
wmic 'fe list
%f you do not see L#bid=>?44?4" download the Hyper- updates and then type the
following co&&and at a co&&and pro&pt:
wusa+e(e !indows)+4-:$>?44?4-()*+msu @'uiet
There are three update packages$ 3fter you install the updates" you &ust restart the
ser#er$ The 'pdate for *indows 5er#er 2008 B 1dition /K7 9D00D0 and )anguage
Pack for Hyper- /K79D;A &ust be installed on the parent partition of the 5er#er Core
installation$
The 'pdate for *indows 5er#er 2008 /K79D22< is for re&ote &anage&ent of the
5er#er Core installation if you are &anaging the ser#er fro& a co&puter running
*indows ista 5er#ice Pack ; /5P;" and &ust be installed on the co&puter running
*indows ista 5P;$
&mportant
A;
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 31/58
7efore you enable the Hyper- role" ensure that you ha#e enabled the re@uired
hardware-assisted #irtuali,ation and hardware-enforced 4ata 1ecution
Pre#ention /41P 7%65 settings$ Checks for these settings are perfor&ed before
you enable the Hyper- role on a full installation" but not on a 5er#er Core
installation$ 3fter you &ake the 7%65 configuration changes to enable the re@uired hardware
features" you &ay need to turn off the power to the co&puter and then turn it back on
/restarting the co&puter &ay not apply the changes to the settings$ %f you enable the
Hyper- role without &odifying the 7%65 settings" the *indows hyper#isor &ay not work
as epected$ %f this happens" check the e#ent log for details" &odify the 7%65 settings
according to the ser#er hardware &anufacturer instructions" turn off and turn on the
co&puter running a 5er#er Core installation" and then install Hyper- again$
To check if your ser#er hardware is co&patible" see the *indows 5er#er catalog
/http:go$&icrosoft$co&fwlink>)ink%d;2ADAD$ Click the list of Certified 2ervers" and
then click $y additional 'ualifications Hyper-V$ Eor instructions about how to enable
the 7%65 settings" check with your hardware &anufacturer$
Additional references• 6C5etup Co&&and-)ine 6ptions /http:go$&icrosoft$co&fwlink>)ink%d;2ADA2
• Co&&and (eference /http:go$&icrosoft$co&fwlink>)ink%49;B<A
• 5er#er Core installation blog on Tech.et /http:go$&icrosoft$co&fwlink>)ink%d;2ADA;
&nstall the Hyper-V 5ole on a ;ull &nstallation
of !indows 2erver 3447%nstalling the Hyper- role on a full installation of *indows 5er#er 2008 installs all the
co&ponents of the Hyper- technology" including the re&ote &anage&ent tools$ The tools
consist of Hyper- Manager" which is a Microsoft Manage&ent Console /MMC snap-in" and
irtual Machine Connection" which pro#ides you with direct access to a #irtual &achine through a
network connection$
The release #ersion of this role is distributed in an update package$ *e reco&&end that you
obtain and apply the update package before you install and begin using the Hyper- role$ Eor
&ore infor&ation about the update packages for Hyper-" see %nstalling Hyper-$
&mportant
%f you ha#e installed an earlier #ersion of Hyper-" we strongly reco&&end that you
re#iew the infor&ation about &igrating to the release #ersion of Hyper- before you apply
the update package$ 5o&e co&ponents cannot be &igrated" as eplained in the support
article that describes the role update package$ Eor &ore infor&ation" see article 9D00D0
in the Microsoft Knowledge 7ase /http:go$&icrosoft$co&fwlink>)ink%d;22;88$
A2
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 32/58
&mportant
Me&bership in the local Administrators group" or e@ui#alent" is the &ini&u& re@uired to
co&plete this procedure$
0o install the Hyper-V role;$ %f you recently installed *indows 5er#er 2008" %nitial Configuration Tasks &ay be
displayed$ ?ou can install Hyper- fro& %nitial Configuration Tasks or fro& 5er#er
Manager:
• %n %nitial Configuration Tasks" under Customi,e 0his 2erver " click Add roles$
• %n 5er#er Manager" under 5oles 2ummary" click Add 5oles$ /%f 5er#er Manager is
not running" click 2tart" point to Administrative 0ools" click 2erver 1anager " and
then" if pro&pted for per&ission to continue" click Continue$
2$ 6n the 2elect 2erver 5oles page" click Hyper-V$
A$ 6n the Create Virtual etwor#s page" click one or &ore network adapters if you want to
&ake their connection to a physical network a#ailable to #irtual &achines$
B$ 6n the Confirm &nstallation 2elections page" click &nstall$
D$ The co&puter &ust be restarted to co&plete the installation$ Click Close to finish the
wi,ard" and then click %es to restart the co&puter$
$ 3fter you restart the co&puter" log on with the sa&e account you used to install the role$
3fter the (esu&e Configuration *i,ard co&pletes the installation" click Close to finish
the wi,ard$
Additional considerations• ?ou can create a #irtual network when you install the Hyper- role$ This action changes the
configuration of the physical network adapter you selected when you installed the role$ Eor
&ore infor&ation about how a physical network adapter operates after you associate it to a
#irtual network" see Configuring irtual .etworks$
• ?ou can install the &anage&ent tools on so&e #ersions of *indows without installing the
Hyper- role$ Eor &ore infor&ation about installing the tools without installing the Hyper-
role" see %nstall and Configure Hyper- Tools for (e&ote 3d&inistration$
• *hen the Hyper- role is installed" the use of irtual 5er#er or irtual PC on the co&puter is
not supported$
&nstall and Configure Hyper-V 0ools for5emote Administration
?ou can install the Hyper- &anage&ent tools on a full installation of *indows 5er#er 2008 and
on *indows ista 5er#ice Pack ; /5P;$ This topic describes how to install and configure the
tools$
AA
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 33/58
ote
Me&bership in the local Administrators group" or e@ui#alent" is the &ini&u& re@uired to
co&plete this procedure$
&nstalling the management tools%nstalling the tools consists of obtaining and applying the appropriate update to the operating
syste&$
0o install the management tools
;$ 6btain the appropriate update package for the operating syste& on which you want to
install the tools$ Eor &ore infor&ation" see %nstalling Hyper-$
2$ %nstall the update package using the ðod appropriate for the way you obtained the
package:
•
%f you obtained the update fro& *indows 'pdate and the co&puter is not set up toinstall updates auto&atically" install the update &anually$
• %f you obtained the update fro& the Microsoft 4ownload Center" download the file to
the co&puter and then double-click the $&su file$
A$ %f you are installing the tools on *indows ista 5P;" no additional installation steps are
re@uired" so you can proceed to the configuration instructions$ %f you are installing the
tools on *indows 5er#er 2008" co&plete the re&aining steps$
B$ 6pen 5er#er Manager$ /%f 5er#er Manager is not running" click 2tart" point to
Administrative 0ools" click 2erver 1anager " and then" if pro&pted for per&ission to
continue" click Continue$
D$ %n 5er#er Manager" under ;eatures 2ummary" click Add ;eatures$$ 6n the 2elect ;eatures page" epand 5emote 2erver Administration 0ools" and then
epand 5emote Administration 0ools$
<$ Click Hyper-V 0ools" and then proceed through the rest of the wi,ard$
Configuring the management toolsThe configuration process consists of &odifying #arious co&ponents that control access and
co&&unications between the ser#er running Hyper- and the co&puter on which you will run the
Hyper- &anage&ent tools$
ote.o additional configuration is re@uired if you are using the &anage&ent tools on a
co&puter running *indows 5er#er 2008 and the sa&e user account is a &e&ber of the
3d&inistrators group on both co&puters$
AB
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 34/58
Configuring the server running Hyper-VThe following procedures describe how to configure the ser#er running Hyper-$ *hen do&ain-
le#el trust is not established" perfor& all the steps$ *hen do&ain-le#el trust eists but the re&ote
user is not a &e&ber of the 3d&inistrators group on the ser#er running Hyper-" you &ust &odify
the authori,ation policy" but you can skip the steps for &odifying the 4istributed C6M 'sersgroup and the *indows Manage&ent %nstru&entation /*M% na&espaces$
ote
The following procedures assu&e that you ha#e installed the Hyper- role on the ser#er$
Eor instructions about installing the Hyper- role" see %nstall the Hyper- (ole on a Eull
%nstallation of *indows 5er#er 2008 or %nstall the Hyper- (ole on a 5er#er Core
%nstallation of *indows 5er#er 2008$
0o configure the Hyper-V role for remote management on a full installation of !indows2erver 3447
;$ 1nable the firewall rules for *indows Manage&ent %nstru&entation$ Ero& an ele#atedco&&and pro&pt" type:
netsh advfirewall firewall set rule group=B!indows 1anagement &nstrumentation
.!1&/ new enable=yes
The co&&and has succeeded when it returns the following &essage: L'pdated B
rules/s$ 6k$
ote
To #erify that the co&&and succeeded" you can #iew the results in *indows
Eirewall with 3d#anced 5ecurity$ Click 2tart" click Control Panel" switch to
Classic iew if you are not using that #iew" click Administrative 0ools" and then
click !indows ;irewall with Advanced 2ecurity$ 5elect inbound rules oroutbound rules and then sort by the Group colu&n$ There should be three
inbound rules and one outbound rule enabled for *indows Manage&ent
%nstru&entation$
2$ The net steps configure the authori,ation policy for the ser#er running the Hyper- role$
%f the user who re@uires re&ote access to the ser#er running Hyper- belongs to the
3d&inistrators group on both co&puters" then it is not necessary to configure the
authori,ation policy$
ote
The instructions for configuring the authori,ation policy assu&e that the default
authori,ation policy has not been &odified" including the default location" and
that the account you are configuring for re&ote access re@uires full
ad&inistrati#e access to the Hyper- role$
A$ Click 2tart" click 2tart 2earch and type a,man+msc$ %f you are pro&pted to confir& the
action" click Continue$ The 3uthori,ation Manager Microsoft Manage&ent Console
/MMC snap-in opens$
AD
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 35/58
B$ %n the na#igation pane" right-click Authori,ation 1anager and click Open Authori,ation
2tore$ Make sure that 19 file is selected$ 7rowse to the Osyste& dri#eONProgra&
4ataNMicrosoftN*indowsNHyper- folder" select %nitial5tore$&l" click Open and then click
O:$
ote
The Progra& 4ata folder is a hidden folder by default$ %f the folder is not #isible"
type: EsystemFdriveProgramData1icrosoft!indowsHyper-
Vinitalstore+(ml
D$ %n the na#igation pane" click Hyper-V services" and then click 5ole Assignments$ (ight-
click Administrator " point to Assign 6sers and Groups" and then point to ;rom
!indows and Active Directory$ %n the 2elect 6sers< Computers< or Groups dialog
bo" type the do&ain na&e and user na&e of the user account" and then click O:$
$ Close 3uthori,ation Manager$
<$ .et" you add the re&ote user to the 4istributed C6M 'sers group to pro#ide access to
the re&ote user$ Click 2tart" point to Administrative tools" and click Computer
1anagement$ %f 'ser 3ccount Control is enabled" click Continue$ Co&ponent 5er#ices
opens$
8$ 1pand 9ocal 6sers and Groups" and then click Groups$ (ight-click Distributed CO1
6sers and click Add to Group$
9$ %n the Distributed CO1 6sers Properties dialog bo" click Add$
;0$ %n the 2elect 6sers< Computers< or Groups dialog bo" type the na&e of the user and
click O:$
;;$ Click O: again to close the Distributed CO1 6sers Properties dialog bo$ Close
Co&ponent 5er#ices$
;2$ The re&aining steps grant the re@uired *M% per&issions to the re&ote user for two
na&espaces: the C%M2 na&espace and the #irtuali,ation na&espace$ Click 2tart" click
Administrative 0ools" and then click Computer 1anagement$
;A$ %n the na#igation pane" click 2ervices and Applications" right-click !1& Control" and
then click Properties$
;B$ Click the 2ecurity tab" click 5oot" and then click C&1V3$ 7elow the na&espace list" click
2ecurity$
;D$ %n the 2ecurity for 5OO0C&1V3 dialog bo" check to see if the appropriate user is
listed$ %f not" click Add$ %n the 2elect 6sers< Computers< or Groups dialog bo" type the
na&e of the user and click O:$
;$ 6n the 2ecurity tab" select the na&e of the user$ 'nder Permissions for Euser or
group name" click Advanced$ 6n the Permissions tab" #erify that the user you want is
selected and then click dit$ %n the Permission ntry for C&1V3 dialog bo" &odify
three settings as follows:
• Eor Apply to" select 0his namespace and subnamespaces$
• %n the Permissions list" in the Allow colu&n" select the 5emote nable check bo$
A
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 36/58
• 7elow the Permissions list" select the Apply these permissions to obIects and@or
containers within this container only check bo$
;<$ Click O: in each dialog bo until you return to the !1& Control Properties dialog bo$
;8$ .et" you repeat the process for the #irtuali,ation na&espace$ 5croll down if necessary
until you can see the #irtuali,ation na&espace$ Click virtuali,ation$ 7elow the
na&espace list" click 2ecurity$
;9$ %n the 2ecurity for 5OO0virtuali,ation dialog bo" check to see if the appropriate user
is listed$ %f not" click Add$ %n the 2elect 6sers< Computers< or Groups dialog bo" type
the na&e of the user and click O:$
20$ 6n the 2ecurity tab" select the na&e of the user$ 'nder Permissions for Euser or
group name" click Advanced$ 6n the Permissions tab" #erify that the user you want is
selected and then click dit$ %n the Permission ntry for virtuali,ation dialog bo"
&odify three settings as follows:
• Eor Apply to" select 0his namespace and subnamespaces$
• %n the Permissions list" in the Allow colu&n" select the 5emote nable check bo$
• 7elow the Permissions list" select the Apply these permissions to obIects and@or
containers within this container only check bo$
2;$ Click O: in each dialog bo and then close Co&puter Manage&ent$
22$ (estart the ser#er to apply the changes to the authori,ation policy$
0o configure the Hyper-V role for remote management on a 2erver Core installation of!indows 2erver 3447
;$ 1nable the firewall rules on the ser#er for *indows Manage&ent %nstru&entation$ Ero&
an ele#ated co&&and pro&pt" type:
netsh advfirewall firewall set rule group=B!indows 1anagement &nstrumentation
.!1&/ new enable=yes
The co&&and has succeeded when it returns the following &essage: L'pdated B
rules/s$ 6k$
2$ .et" you &odify the 4istributed C6M per&issions to pro#ide access to the re&ote user$
Type:
net localgroup BDistributed CO1 6sers @add EdomainFnameEuserFname
where do&ainUna&eV is the do&ain that the user account belongs to and
userUna&eV is the user account you want to grant re&ote access to$
A$ .et" you connect re&otely to the ser#er running the 5er#er Core installation so you can&odify the authori,ation policy and the two *M% na&espaces" using MMC snap-ins that
are not a#ailable on the 5er#er Core installation$
)og on to the co&puter on which you will run the Hyper- &anage&ent tools" using a
do&ain account that is a &e&ber of the 3d&inistrators group on the co&puter running a
5er#er Core installation$ /%f you need to add this user" see the instructions in %nstall the
Hyper- (ole on a 5er#er Core %nstallation of *indows 5er#er 2008$
A<
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 37/58
ote
The instructions for configuring the authori,ation policy assu&e that the default
authori,ation policy has not been &odified" including the default location" and
that the account you are configuring for re&ote access re@uires full
ad&inistrati#e access to the Hyper- role$
B$ Click 2tart" click 2tart 2earch and type a,man+msc$ %f you are pro&pted to confir& the
action" click Continue$ The 3uthori,ation Manager snap-in opens$
D$ %n the na#igation pane" right-click Authori,ation 1anager and click Open Authori,ation
2tore$ Make sure that 19 file is selected and type:
EremoteFcomputercJProgramData1icrosoft!indowsHyper-Vinitalstore+(ml
where re&oteUco&puterV is the na&e of the co&puter running the 5er#er Core
installation$
Click Open and then click O:$
$ %n the na#igation pane" click Hyper-V services" and then click 5ole Assignments$ (ight-click Administrator " point to Assign 6sers and Groups" and then point to ;rom
!indows and Active Directory$ %n the 2elect 6sers< Computers< or Groups dialog
bo" type the do&ain na&e and user na&e of the user account" and then click O:$
<$ Close 3uthori,ation Manager$
8$ The re&aining steps grant the re@uired *M% per&issions to the re&ote user for two
na&espaces: the C%M2 na&espace and the #irtuali,ation na&espace$ Click 2tart" click
Administrative 0ools" and then click Computer 1anagement$
9$ %n the na#igation pane" click 2ervices and Applications" right-click !1& Control" and
then click Properties$
;0$ Click the 2ecurity tab$ Click 5oot and then click C&1V3$ 7elow the na&espace list" click2ecurity$
;;$ %n the 2ecurity for 5OO0C&1V3 dialog bo" check to see if the appropriate user is
listed$ %f not" click Add$ %n the 2elect 6sers< Computers< or Groups dialog bo" type the
na&e of the user and click O:$
;2$ 6n the 2ecurity tab" select the na&e of the user$ 'nder Permissions for Euser or
group name" click Advanced$ 6n the Permissions tab" #erify that the user you want is
selected and then click dit$ %n the Permission ntry for C&1V3 dialog bo" &odify
three settings as follows:
• Eor Apply to" select 0his namespace and subnamespaces$
• %n the Permissions list" in the Allow colu&n" select the 5emote nable check bo$
• 7elow the Permissions list" select the Apply these permissions to obIects and@or
containers within this container only check bo$
;A$ Click O: in each dialog bo until you return to the !1& Control Properties dialog bo$
;B$ .et" you repeat the process for the #irtuali,ation na&espace$ 5croll down if necessary
until you can see the #irtuali,ation na&espace$ Click virtuali,ation$ 7elow the
na&espace list" click 2ecurity$
A8
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 38/58
;D$ %n the 2ecurity for 5OO0virtuali,ation dialog bo" check to see if the appropriate user
is listed$ %f not" click Add$ %n the 2elect 6sers< Computers< or Groups dialog bo" type
the na&e of the user and click O:$
;$ 6n the 2ecurity tab" select the na&e of the user$ 'nder Permissions for Euser or
group name" click Advanced$ 6n the Permissions tab" #erify that the user you want isselected and then click dit$ %n the Permission ntry for virtuali,ation dialog bo"
&odify three settings as follows:
• Eor Apply to" select 0his namespace and subnamespaces$
• %n the Permissions list" in the Allow colu&n" select the 5emote nable check bo$
• 7elow the Permissions list" select the Apply these permissions to obIects and@or
containers within this container only check bo$
;<$ Click O: in each dialog bo and then close Co&puter Manage&ent$
;8$ (estart the co&puter running a 5er#er Core installation to apply the changes to the
authori,ation policy$
Configuring !indows Vista 2PKThe following procedure describes how to configure *indows ista 5P; when do&ain-le#el trust
is not established$
0o configure !indows Vista 2PK
;$ )og on to the co&puter running *indows ista 5P;$
2$ 1nable the firewall rules for *indows Manage&ent %nstru&entation$ Ero& an ele#ated
co&&and pro&pt" type:
netsh advfirewall firewall set rule group=!indows 1anagement &nstrumentation.!1&/ new enable=yes
The co&&and has succeeded when it returns the following &essage: L'pdated 8
rules/s$ 6k$
ote
To #erify that the co&&and succeeded" you can #iew the results in *indows
Eirewall with 3d#anced 5ecurity$ Click 2tart" click Control Panel" switch to
Classic iew if you are not using that #iew" click Administrative 0ools" and then
click !indows ;irewall with Advanced 2ecurity$ 5elect inbound rules or
outbound rules and then sort by the Group colu&n$ There should be si inbound
rules and two outbound rules enabled for *indows Manage&ent%nstru&entation$
A$ 1nable a firewall eception for the Microsoft Manage&ent Console$ Ero& an ele#ated
co&&and pro&pt" type:
etsh firewall add allowedprogram program=LwindirLsystemM3mmc+e(e
name=N1icrosoft 1anagement ConsoleN
A9
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 39/58
B$ 5tart Hyper- Manager to #erify that you can connect re&otely to the ser#er$ Click 2tart"
click the 2tart 2earch bo" type Hyper-V 1anager and press 1.T1($ %f you are
pro&pted to confir& the action" click Continue$ %n Hyper- Manager" under Actions"
click Connect to 2erver $ Type the na&e of the co&puter or browse to it" and click O:$ %f
Hyper- Manager can connect to the re&ote co&puter" the co&puter na&e will appear inthe na#igation pane and the results pane will list all the #irtual &achines configured on
the ser#er$
Configuring Virtual etwor#s
This section describes the basics of #irtual networking in Hyper- and the different types of #irtual
networks you can configure$ .etworking in Hyper- works differently than networking in
irtual 5er#er 200D" and these differences are also discussed$ 7efore configuring a #irtual
network" you should deter&ine the design and type of #irtual network you plan to use$ ?ou should
be aware that Hyper- does not support wireless networks$
Eor step-by-step instructions to configure a #irtual network" see 5tep-by-5tep =uide to =etting
5tarted with Hyper- /http:go$&icrosoft$co&fwlink>)ink%4;;920<$
Virtual networ# types?ou can create #irtual networks on the ser#er running Hyper- to define #arious networking
topologies for #irtual &achines and the #irtuali,ation ser#er$ 'sing irtual .etwork Manager
/accessed fro& Hyper- Manager" you ha#e three different types of #irtual networks to choose
fro&$• (ternal virtual networ#s$ 'se this type when you want to allow #irtual &achines to
co&&unicate with eternally located ser#ers and the &anage&ent operating syste&
/so&eti&es referred to as the parent partition$ This type also allows #irtual &achines on the
sa&e physical ser#er to co&&unicate with each other$
• &nternal virtual networ#s$ 'se this type when you want to allow co&&unication between
#irtual &achines on the sa&e physical ser#er and #irtual &achines and the &anage&ent
operating syste&$ 3n internal #irtual network is a #irtual network that is not bound to a
physical network adapter$ %t is co&&only used to build a test en#iron&ent where you need to
connect to the #irtual &achines fro& the &anage&ent operating syste&$
• Private virtual networ#s$ 'se this type when you want to allow co&&unication only between
#irtual &achines on the sa&e physical ser#er$ 3 pri#ate #irtual network is a #irtual network
without a #irtual network adapter in the &anage&ent operating syste&$ Pri#ate #irtual
networks are co&&only used when you want to isolate #irtual &achines fro& network traffic
in the &anage&ent operating syste& and in the eternal networks$
B0
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 40/58
Virtual networ#ing basics*hile Hyper- allows you to configure co&ple #irtual network en#iron&ents" the basic concept
of #irtual networking is straightforward$ Eor a si&ple #irtual network configuration" we reco&&end
that you ha#e at least two network adapters on the ser#er running Hyper-: one network adapter
dedicated to the physical &achine for re&ote &anage&ent" and one or &ore network adaptersdedicated to the #irtual &achines$ %f you are running an %nternet 5C5% /i5C5% initiator for #irtual
hard disk storage" we reco&&end that you use additional network adapters in the &anage&ent
operating syste&$ The &anage&ent operating syste& is a partition that calls the *indows
hyper#isor and re@uests that new partitions are created$ There can be only one &anage&ent
operating syste&$ Eor infor&ation on the backup and reco#ery strategy for a #irtuali,ed ser#er
en#iron&ent" see Planning for 7ackup$
*hen you add the Hyper- role during a full installation of *indows 5er#er 2008" you ha#e the
option to configure one or &ore eternal #irtual networks$
ote
This option is not a#ailable when perfor&ing a 5er#er Core installation of *indows5er#er 2008$ The #irtual network adapters can be rena&ed to reflect if they are assigned
to the physical &achine or the #irtual &achines$
*hen you install Hyper- and create an eternal #irtual network" the &anage&ent operating
syste& uses a new #irtual network adapter to connect to the physical network$ The network
connections consist of the original network adapter and the new #irtual network adapter$ The
original physical network adapter does not ha#e anything bound to it$ Howe#er" the #irtual
network adapter has all of the standard protocols and ser#ices bound to it$
Hyper- binds the irtual .etwork 5er#ice Protocol to a physical network adapter when an
eternal #irtual network is created$ ?ou should be aware that eternal network connecti#ity will be
te&porarily disrupted when an eternal #irtual network is created or deleted$
6nce it is created" a #irtual network works +ust like a physical network ecept that the switch is
software based and ports can be added or re&o#ed dyna&ically as they are needed$
6nce an eternal #irtual network is configured" all networking traffic is routed though the #irtual
switch$ Eor this reason" we reco&&end using at least one additional physical network adapter for
&anaging network traffic$ The #irtual switch functions as a physical switch would and routes
networking traffic through the #irtual network to its destination$ The following i&age is an ea&ple
of an eternal #irtual network$
B;
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 41/58
(ternal virtual networ#
Eor internal #irtual networks" only co&&unication between #irtual &achines on the sa&e physical
ser#er and between #irtual &achines and the &anage&ent operating syste& is allowed$ The
following i&age is an ea&ple of an internal #irtual network$
B2
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 42/58
&nternal virtual networ#
'se a pri#ate #irtual network when you want to allow co&&unication only between #irtual
&achines on the sa&e physical ser#er$ The following i&age is an ea&ple of a pri#ate #irtual
network$
Private virtual networ#
BA
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 43/58
etwor#ing and virtual machines%n Hyper-" when a #irtual &achine is created and attached to a #irtual network" it connects using
a #irtual network adapter$ There are two types of network adapters a#ailable for Hyper-: a
network adapter and a legacy network adapter$ Eor the network adapter to work" integration
ser#ices &ust be installed" which is part of the Hyper- installation$ %f integration ser#ices cannotbe installed because of the #ersion of the operating syste&" the network adapter cannot be used$
%nstead" you need to add a legacy network adapter that e&ulates an %ntel 2;;B0-based PC% East
1thernet 3dapter and works without installing a #irtual &achine dri#er$ 3 legacy network adapter
also supports network-based installations because it includes the ability to boot to the Pre-7oot
1ecution 1n#iron&ent /PJ1$ The legacy network adapter is also re@uired if a #irtual &achine
needs to boot fro& a network$ ?ou will need to disable the network adapter after the PJ1 boot$
The #irtual &achine is logically connected to a port on the #irtual network$ Eor a networking
application on the #irtual &achine to connect to soðing eternally" it is first routed through the
#irtual network adapter to the #irtual port on the eternal #irtual network to which the #irtual
&achine is attached$ The networking packet is then directed to the physical network adapter and
out to an eternal physical network$
Eor the #irtual &achine to co&&unicate with the &anage&ent operating syste&" there are two
options$ 6ne option is to route the network packet through the physical network adapter and out
to the physical network" which then returns the packet back to the ser#er running Hyper- using
the second physical network adapter$ 3nother option is to route the network packet through the
#irtual network" which is &ore efficient$ The option selected is deter&ined by the #irtual network$
The #irtual network includes a learning algorith&" which deter&ines the &ost efficient port to
direct traffic to and will send the network packet to that port$ 'ntil that deter&ination is &ade by
the #irtual network" network packets are sent out to all #irtual ports$
Configuring virtual local area networ#s .V9As/Hyper- supports #irtual local area networks /)3.s" and because a )3. configuration is
software-based" co&puters can easily be &o#ed and still &aintain their network configurations$
Eor each #irtual network adapter you connect to a #irtual &achine" you can configure a )3. %4
for the #irtual &achine$ ?ou will need the following to configure )3.s:
• 3 physical network adapter that supports )3.s$
• 3 physical network adapter that supports network packets with )3. %4s that are already
applied$
6n the &anage&ent operating syste&" you will need to configure the #irtual network to allow
network traffic on the physical port$ This is for the )3. %4s that you want to use internally with
#irtual &achines$ .et" you configure the #irtual &achine to specify the #irtual )3. that the #irtual
&achine will use for all network co&&unications$
There are two &odes in which you can configure a )3.: access &ode and trunk &ode$ %n
access &ode" the eternal port of the #irtual network is restricted to a single )3. %4 in the '%$
?ou can ha#e &ultiple )3.s using *M%$ 'se access &ode when the physical network adapter
is connected to a port on the physical network switch that also is in access &ode$ To gi#e a #irtual
&achine eternal access on the #irtual network that is in access &ode" you &ust configure the
BB
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 44/58
#irtual &achine to use the sa&e )3. %4 that is configured in the access &ode of the #irtual
network$ Trunk &ode allows &ultiple )3. %4s to share the connection between the physical
network adapter and the physical network$ To gi#e #irtual &achines eternal access on the #irtual
network in &ultiple )3.s" you need to configure the port on the physical network to be in trunk
&ode$ ?ou will also need to know the specific )3.s that are used and all of the )3. %4s used
by the #irtual &achines that the #irtual network supports$
0o allow Hyper-V to use a V9A
;$ 6pen Hyper- Manager$
2$ Ero& the 3ctions &enu" click Virtual etwor# 1anager $
A$ 5elect the #irtual network you want to edit" and" in the right pane" check to select nable
virtual 9A identification$
B$ 1nter a nu&ber for the )3. %4$ 3ll traffic for the &anage&ent operating syste& that
goes through the network adapter will be tagged with the )3. %4 you set$
0o allow a virtual machine to use a V9A
;$ 6pen Hyper- Manager$
2$ %n the results pane" under Virtual 1achines" select the #irtual &achine that you want to
configure to use a )3.$
A$ %n the Action pane" under the #irtual &achine na&e" click 2ettings$
B$ 'nder Hardware" select the #irtual network adapter connected to the eternal #irtual
network$
D$ %n the right pane" select nable virtual 9A identification" and then enter the )3. %4
you plan to use$
%f you need the #irtual &achine to co&&unicate using additional )3.s" connect additional
network adapters to the appropriate #irtual network and assign the )3. %4$ Make sure to
configure the %P addresses correctly and that the traffic you want to &o#e across the )3. is also
using the correct %P address$
&mplementing Dis#s and 2torage
This section describes the #arious storage options that a ser#er running Hyper- supports$ %t also
generally discusses how to plan for storage" how to create a #irtual hard disk" and how to
configure storage$?ou can use the following types of physical storage with a ser#er that runs Hyper-:
• Direct-attached storage .storage attached to the management operating system/+ ?ou
can use 5erial 3d#anced Technology 3ttach&ent /53T3" eternal 5erial 3d#anced
Technology 3ttach&ent /e53T3" Parallel 3d#anced Technology 3ttach&ent /P3T3" 5erial
3ttached 5C5% /535" 5C5%" '57" and Eirewire$
BD
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 45/58
• 2torage area networ#s .2As/+ ?ou can use %nternet 5C5% /i5C5%" Eibre Channel" and
535 technologies$
ote
.etwork-attached storage /.35 is not supported for Hyper-$
Eor &ore infor&ation about the re@uire&ents and other considerations about hardware" see
Hardware Considerations$
Determining your storage options on themanagement operating system
6n the &anage&ent operating syste&" you can select to use either #irtual hard disks or physical
disks that are directly attached to a #irtual &achine$ irtual hard disks can ha#e a capacity of up
to 20B0 gigabytes and include the following types:
• ;i(ed$ 3 fied #irtual hard disk is a disk that occupies physical disk space on the
&anage&ent operating syste& e@ual to the &ai&u& si,e of the disk" regardless of whether
a #irtual &achine re@uires the disk space$ 3 fied #irtual hard disk takes longer to create than
other types of disks because the allocated si,e of the $#hd file is deter&ined when it is
created$ This type of #irtual hard disk pro#ides i&pro#ed perfor&ance co&pared to other
types because fied #irtual hard disks are stored in a contiguous block on the &anage&ent
operating syste&$
• Dynamically e(panding$ 3 dyna&ically epanding #irtual hard disk is a disk in which the si,e
of the $#hd file grows as data is written to the disk$ This type pro#ides the &ost efficient use of
disk space$ ?ou will need to &onitor the a#ailable disk space to a#oid running out of disk
space on the &anage&ent operating syste&$
•
Differencing$ 3 differencing #irtual hard disk stores the differences fro& the #irtual hard diskon the &anage&ent operating syste&$ This allows you to isolate changes to a #irtual
&achine and keep a #irtual hard disk in an unchanged state$ The differencing disk on the
&anage&ent operating syste& can be shared with #irtual &achines and" as a best practice"
&ust re&ain read-only$ %f it is not read-only" the #irtual &achineSs #irtual hard disk will be
in#alidated$
*ith #irtual hard disks" each #irtual &achine supports up to D;2 T7 of storage$ Physical disks that
are directly attached to a #irtual &achine ha#e no si,e li&it other than what is supported by the
guest operating syste&$ Physical disks are discussed in &ore detail later in this docu&ent in How
to configure physical disks that are directly attached to a #irtual &achine$
Determining your storage options on virtualmachines
?ou can select either integrated de#ice electronics /%41 or 5C5% de#ices on #irtual &achines:
• &D devices$ Hyper- uses e&ulated de#ices with %41 controllers$ ?ou can ha#e up to two
%41 controllers with two disks on each controller$ The startup disk /so&eti&es referred to as
B
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 46/58
the boot disk &ust be attached to one of the %41 de#ices$ The startup disk can be either a
#irtual hard disk or a physical disk$ 3lthough a #irtual &achine &ust use an %41 de#ice as the
startup disk to start the guest operating syste&" you ha#e &any options to choose fro& when
selecting the physical de#ice that will pro#ide the storage for the %41 de#ice$ Eor ea&ple"
you can use any of the types of physical storage identified in the introduction section$
• 2C2& devices$ 1ach #irtual &achine supports up to 2D 5C5% disks /four 5C5% controllers
with each controller supporting up to B disks$ 5C5% controllers use a type of de#ice
de#eloped specifically for use with #irtual &achines and use the #irtual &achine bus to
co&&unicate$ The #irtual &achine bus &ust be a#ailable when the guest operating syste& is
started$ Therefore" #irtual hard disks attached to 5C5% controllers cannot be used as startup
disks$
ote
3lthough the %6 perfor&ance of physical 5C5% and %41 de#ices can differ significantly"
this is not true for the #irtuali,ed 5C5% and %41 de#ices in Hyper-$ Hyper- %41 and
5C5% de#ices both offer e@ually fast %6 perfor&ance when integration ser#ices areinstalled in the guest operating syste&$
The following table describes the #arious storage options a#ailable with %41 de#ices:
2cenario 9ocal &D
virtual hard
dis#
9ocal directly
attached &D
5emote &D virtual
hard dis#
5emote directly
attached &D
5torage type 4irect-attached
storage
4irect-attached
storage
53." Eibre
Channeli5C5%
53." Eibre
Channeli5C5%
Type of disk that
is eposed to the&anage&ent
operating syste&
irtual hard
disk on .TE5
Physical disk
directlyattached to a
#irtual &achine
irtual hard disk on
.TE5
Physical disk
directly attached toa #irtual &achine
Mai&u&
supported disk
si,e on #irtual
&achine
2 terabytes .o si,e li&it
other than what
is supported by
the guest
operating
syste&
2 terabytes .o si,e li&it other
than what is
supported by the
guest operating
syste&
irtual hard disk
snapshots are
supported
?es .o ?es .o
4yna&ically
epanding #irtual
hard disk
?es .o ?es .o
4ifferencing ?es .o ?es .o
B<
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 47/58
2cenario 9ocal &D
virtual hard
dis#
9ocal directly
attached &D
5emote &D virtual
hard dis#
5emote directly
attached &D
#irtual hard disk
3bility of #irtual
&achines to
dyna&ically /hot
add access any
disk
.o .o .o .o
The following table describes the #arious storage options a#ailable with 5C5% de#ices:
2cenario 9ocal 2C2&
virtual hard
dis#
9ocal directly
attached 2C2&
5emote 2C2& virtual
hard dis#
5emote directly
attached 2C2&
5torage type 4irect-attached
storage
4irect-attached
storage
53." Eibre
Channeli5C5%
53." Eibre
Channeli5C5%
Type of disk that
is eposed to the
&anage&ent
operating syste&
irtual hard
disk on .TE5
Physical disk
directly
attached to a
#irtual &achine
irtual hard disk on
.TE5
Physical disk
directly attached to
a #irtual &achine
Mai&u&
supported disk
si,e on #irtual&achine
2 terabytes .o si,e li&it
other than what
is supported bythe guest
operating
syste&
2 terabytes .o si,e li&it other
than what is
supported by theguest operating
syste&
irtual hard disk
snapshots are
supported
?es .o ?es .o
4yna&ically
epanding #irtual
hard disk
?es .o ?es .o
4ifferencing
#irtual hard disk
?es .o ?es .o
3bility of #irtual
&achines to
dyna&ically /Lhot-
add access any
.o .o .o .o
B8
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 48/58
2cenario 9ocal 2C2&
virtual hard
dis#
9ocal directly
attached 2C2&
5emote 2C2& virtual
hard dis#
5emote directly
attached 2C2&
disk
How to create virtual hard dis#s?ou can use #irtual hard disks as a storage option on the &anage&ent operating syste&" and
then &ake the storage a#ailable to #irtual &achines$
?ou can create and &anage #irtual hard disks using the Hyper- Manager tool$ To create a new
#irtual hard disk" you would use either the .ew irtual Hard 4isk *i,ard or the .ew irtual
Machine *i,ard$ %f you are creating dyna&ically epanding disks" the .ew irtual Machine
*i,ard pro#ides a way to create storage for the new #irtual &achine without running the .ew
irtual Hard 4isk *i,ard$ This can be useful if you want to install a guest operating syste& in a#irtual &achine soon after you create it$
*hen creating a new #irtual hard disk" a na&e and storage location is re@uired$ The disks are
stored as $#hd files" which &akes the& portable but also poses a potential security risk$ ?ou
should &itigate this risk by taking precautions such as storing the $#hd files in a secure location$
4o not create the #irtual hard disk in a folder that is &arked for encryption$ Hyper- does not
support the use of storage &edia if 1ncrypting Eile 5yste& has been used to encrypt the $#hd file$
Howe#er" you can use files stored on a #olu&e that uses *indows 7itlocker 4ri#e 1ncryption$
0o create a virtual hard dis#
;$ 6pen Hyper- Manager$ Click 2tart" point to Administrative 0ools" and then click
Hyper-V 1anager $
2$ %n the 3ction pane" click ew" and then click Hard Dis#$
A$ Proceed through the pages of the wi,ard to custo&i,e the #irtual hard disk$ ?ou can click
e(t to &o#e through each page of the wi,ard" or you can click the na&e of a page in
the left pane to &o#e directly to that page$
B$ 3fter you ha#e finished configuring the #irtual hard disk" click ;inish$
How to configure physical dis#s that are directlyattached to a virtual machine
?ou can use physical disks that are directly attached to a #irtual &achine as a storage option on
the &anage&ent operating syste&$ This allows #irtual &achines to access storage that is
&apped directly to the ser#er running Hyper- without first configuring the #olu&e$ The storage
can be either a physical disk which is internal to the ser#er" or a 53. logical unit nu&ber /)'.
that is &apped to the ser#er /a )'. is a logical reference to a portion of a storage subsyste&$
The #irtual &achine &ust ha#e eclusi#e access to the storage" so the storage &ust be set in an
B9
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 49/58
6ffline state in 4isk Manage&ent$ The storage is not li&ited in si,e" so it can be a &ultiterabyte
)'.$
*hen using physical disks that are directly attached to a #irtual &achine" you should be aware of
the following:
• This type of disk cannot be dyna&ically epanded$
• ?ou cannot use differencing disks with the&$
• ?ou cannot take #irtual hard disk snapshots$
0o configure physical dis#s that are directly attached to a virtual machine
;$ Map the storage de#ice you plan to use to the ser#er running Hyper-$ %n 4isk
Manage&ent" the storage appears as a raw #olu&e and is in an 6ffline state$
2$ To initiali,e the raw #olu&e" in 4isk Manage&ent" right-click the disk you want to
initiali,e" and then click &nitiali,e Dis#$ .ote that before you can initiali,e the disk" it &ust
be in an 6nline state$
A$ %n the &nitiali,e Dis# dialog bo" select the disk to initiali,e$ ?ou can select whether to
use the &aster boot record /M7( or ='%4 partition table /=PT partition style$
B$ 3fter a disk is initiali,ed" return it to an 6ffline state$ %f the disk is not in an 6ffline state" it
will not be a#ailable when configuring storage for a #irtual &achine$
D$ Eollow the steps in LTo create a #irtual hard disk and &ake sure to select Attach a
virtual hard dis# later in the .ew irtual Machine *i,ard$
$ 6pen Hyper- Manager$ Click 2tart" point to Administrative 0ools" and then click
Hyper-V 1anager $
<$ 'nder Virtual 1achines" select the #irtual &achine that you want to configure$
8$ %n the Action pane" under the #irtual &achine na&e" click 2ettings$
9$ %n the na#igation pane /left pane" click the controller that you want to attach the disk to$ %f
you plan to use the disk as a startup disk" &ake sure you attach it to an %41 controller$
Click Add$
;0$ 6n the Hard Drive page" select the location on the controller to attach the disk$
;;$ 'nder 1edia" specify the physical hard disk$ %f the disk does not appear in the drop-down
list under Physical hard dis#s" &ake sure the disk is in an 6ffline state in 4isk
Manage&ent$
;2$ 6nce the physical disk is configured" you can start the #irtual &achine and store data on
the disk$ %f installing an operating syste&" the installation process auto&atically prepares
the disk for use$ %f you are using the physical disk to store data" it &ust first be prepared
by the #irtual &achine$
%f you are installing an operating syste& on the physical disk and it is in an 6nline state
before the #irtual &achine is started" the #irtual &achine will fail to start$ ?ou &ust store
the #irtual &achine configuration file in an alternate location because the physical disk is
used by the operating syste& installation$ Eor ea&ple" locate the configuration file on
another internal dri#e on the ser#er running Hyper-$
D0
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 50/58
Appendi( A (ample Authori,ation 1anager
0as#s and Operations?ou can use the ea&ple tasks and operations listed here to help create role definitions$ (ole
definitions" co&bined with scopes and role assign&ents" help you pro#ide security for your
#irtuali,ation en#iron&ent using role-based access control$ Eor &ore infor&ation about role-
based access control in Hyper-" see the following topics in this guide:
• 'sing 3uthori,ation Manager for Hyper- 5ecurity
• Configure Hyper- for (ole-based 3ccess Control
ote
?ou &ust be a &e&ber of the 3d&inistrators group on the local co&puter to &odify thedefault 3uthori,ation Manager policy /an JM) file to create role definitions and
assign&ents$
(ample tas#s and operations?ou cannot create or change operations$ ?ou can create tasks and role definitions that include
different groups of operations to allow a user within that role to perfor& the task$ 5o&e tasks
re@uire a co&ple group of operations$ 5uggested task na&es that describe what the tasks do
are listed in alphabetical order$ The operations re@uired are listed underneath each task na&e$
Add e(ternal networ# to server • 7ind to 1ternal 1thernet Port
• Create %nternal 1thernet port
• Connect irtual Machine
• Create irtual 5witch
• Create irtual 5witch Port
• iew 1ternal 1thernet Ports
• iew %nternal 1thernet Ports
• iew )3. 1ndpoints
• iew 5witch Ports
• iew 5witches
• iew irtual 5witch Manage&ent 5er#ice
• iew )3. 5ettings
D;
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 51/58
Add internal networ# to server • Create %nternal 1thernet Port
• Create irtual 5witch
• Connect irtual 5witch Port
• Create irtual 5witch Port
• iew %nternal 1thernet Ports
• iew )3. 1ndpoints
• iew 5witch Ports
• iew 5witches
• iew irtual 5witch Manage&ent 5er#ice
• iew )3. 5ettings
Add private networ#• Connect irtual 5witch Port
• Create irtual 5witch
• iew 5witch Ports
• iew 5witches
• iew irtual 5witch Manage&ent 5er#ice
Apply a snapshot• 3llow 6utput fro& irtual Machine
• Pause and (estart irtual Machine
• (ead 5er#ice Configuration
• (econfigure irtual Machine
• 5tart irtual Machine
• 5top irtual Machine
• iew irtual Machine Configuration
Attach internal networ# adapter to virtual machine• (ead 5er#ice Configuration
• iew irtual 5witch Manage&ent 5er#ice
• Connect irtual 5witch Port
• iew %nternal 1thernet Ports
• iew )3. 1ndpoints
• iew 5witch Ports
• iew 5witches
D2
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 52/58
• iew irtual Machine Configuration
• iew )3. 5ettings
• 3llow 6utput fro& irtual Machine
• (econfigure irtual Machine
• Create irtual 5witch Port
• Change )3. Configuration on Port
Connect to a virtual machine• 3llow 6utput fro& irtual Machine
• 3llow %nput to irtual Machine
• (ead 5er#ice Configuration
Create a virtual floppy dis# or virtual hard dis#• (ead 5er#ice Configuration
Create a virtual machine• 3llow 6utput fro& a irtual Machine
• Change irtual Machine 3uthori,ation 5cope
• Create irtual Machine
• (ead 5er#ice Configuration
• 6ptional: Connect irtual 5witch Port
ote
%f you do not need this #irtual &achine connected to a network" you can lea#e this
out$ %f you want to connect your #irtual &achine to a network" add this operation$
Delete a private networ#• 4elete irtual 5witch
• iew 5witch Ports
• iew 5witches
• iew irtual 5witch Manage&ent 5er#ice
Delete a snapshot• (ead 5er#ice Configuration
• 4elete irtual Machine
DA
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 53/58
Delete a virtual machine• 3llow 6utput fro& irtual Machine
• (ead 5er#ice Configuration
• 4elete irtual Machine
(port virtual machine• (ead 5er#ice Configuration
• 3llow 6utput fro& irtual Machine
&mport virtual machine• 3llow 6utput fro& a irtual Machine
• Create irtual Machine
• Change irtual Machine 3uthori,ation 5cope
• (ead 5er#ice Configuration
• iew irtual Machine Configuration
1odify virtual machine settings .reconfigure a virtual machine/• 3llow 6utput fro& a irtual Machine
• (ead 5er#ice Configuration
• (econfigure irtual Machine
• iew irtual Machine Configuration
Pass C059 A90 D90 .send control signals to a virtualmachine/
• 3llow %nput to a irtual Machine
• 3llow 6utput fro& a irtual Machine
• (ead 5er#ice Configuration
Pause a virtual machine• 3llow 6utput fro& irtual Machine
• Pause and (estart irtual Machine
• (ead 5er#ice Configuration
5emove e(ternal networ# from server • 4elete irtual 5witch
• 4elete irtual 5witch Port
DB
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 54/58
• 4elete %nternal 1thernet port
• 4isconnect irtual 5witch Port
• 'nbind 1ternal 1thernet Port
• iew irtual 5witch Manage&ent 5er#ice
• iew 1ternal 1thernet Ports
• iew %nternal 1thernet Ports
• iew )3. 1ndpoints
• iew 5witch Ports
• iew 5witches
• iew )3. 5ettings
5emove internal networ# adapter from a virtual machine• 3llow 6utput fro& irtual Machine
• Create irtual 5witch Ports
• Change )3. Configuration on Port
• 4isconnect irtual 5witch Port
• (econfigure 5er#ice
• (econfigure irtual Machine
• (ead 5er#ice Configuration
• iew %nternal 1thernet Ports
• iew )3. 1ndpoints
• iew 5witch Ports
• iew 5witches
• iew irtual Machine Configuration
• iew irtual 5witch Manage&ent 5er#ice
• iew )3. 5ettings
5emove internal networ# from server • 4elete irtual 5witch
• 4elete irtual 5witch Ports
• 4elete %nternal 1thernet Ports
• 4isconnect irtual 5witch Ports
• iew %nternal 1thernet Ports
• iew )3. 1ndpoints
• iew 5witch Ports
• iew 5witches
DD
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 55/58
• iew )3. 5ettings
• iew irtual 5witch Manage&ent 5er#ice
5emove private networ# from server • 4elete irtual 5witch
• iew 5witch Ports
• iew 5witches
• iew irtual 5witch Manage&ent 5er#ice
5ename a snapshot• 3llow 6utput fro& irtual Machine
• (ead 5er#ice Configuration
• (econfigure irtual Machine
• iew irtual Machine Configuration
5ename a virtual machine• 3llow 6utput fro& irtual Machine
• (ead 5er#ice Configuration
• (econfigure irtual Machine
• iew irtual Machine Configuration
5esume a virtual machine• 3llow 6utput fro& irtual Machine
• (ead 5er#ice Configuration
• Pause and (estart a irtual Machine
2ave a virtual machine and start a virtual machine• 3llow 6utput fro& irtual Machine
• (ead 5er#ice Configuration
• 5top irtual Machine
• 5tart irtual Machine
2tart a virtual machine• 3llow 6utput fro& irtual Machine
• (ead 5er#ice Configuration
• 5tart irtual Machine
D
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 56/58
0urn off a virtual machine• 3llow 6utput fro& irtual Machine
• (ead 5er#ice Configuration
• 5top irtual Machine
View Hyper-V server settings• 3llow 6utput fro& irtual Machine
• (ead 5er#ice Configuration
• (econfigure 5er#ice
• iew irtual Machine Configuration
View networ# management• iew 5witch Ports
• iew 5witches
• iew irtual 5witch Manage&ent 5er#ice
View virtual machines• 3llow 6utput fro& irtual Machine
• (ead 5er#ice Configuration
• iew irtual Machine Configuration
Appendi( $ Authori,ation 1anager0erminology
?ou use the 3uthori,ation Manager Microsoft Manage&ent Console /MMC snap-in /3,Man$&sc
to select operations" group the& into tasks" and then authori,e roles to perfor& specific tasks$
?ou also use the snap-in to &anage tasks" operations" and user roles and per&issions$ 5ee
'sing 3uthori,ation Manager for Hyper- 5ecurity and Configure Hyper- for (ole-based 3ccess
Control for &ore infor&ation about using role-based access control for #irtual &achines in Hyper-
$
0erminologyThe following ter&inology is used in the contet of 3uthori,ation Manager:
• Operation+ 3 low-le#el per&ission in an application$ 6perations are the building blocks of
your policy for role-based access control$ Eor ea&ple" in Hyper- W3llow %nput to a irtual
MachineW" W3llow 6utput fro& a irtual Machine"W and WCreate a irtual MachineW are
operations$
D<
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 57/58
• Policy+ The data that 3uthori,ation Manager uses for role-based access control$ This data"
configured by a #irtuali,ation ad&inistrator" describes the relationships between roles" tasks"
and operations$ The policy is an JM) file that you can edit using the 3uthori,ation Manager
snap-in or with scripting tools$ Eor &ore infor&ation about the ele&ents of a policy" see
Checklist: 7efore you start using 3uthori,ation Manager /http:go$&icrosoft$co&fwlink>
)ink%4;AB;9<$
• 5ole+ 3 set of users andor groups that define a category of user who can perfor& a set of
tasks or operations$ Eor ea&ple" the users assigned to the ad&inistrator role by default ha#e
the ability to perfor& any task or operation in Hyper-$ The ad&inistrator can create any
nu&ber of other roles$
• Authori,ation store+ The repository for the authori,ation policy$ ?ou &ust create a store to
control resource accessIyou can do this either progra&&atically or using the snap-in$ The
default store location in Hyper- is an JM) file located at
NProgra&4ataNMicrosoftN*indowsNHyper-N%nitial5tore$&l$ 7oth Hyper- and 3uthori,ation
Manager support JM) files and 3cti#e 4irectory 4o&ain 5er#ices for storing a policy$
Howe#er" 3uthori,ation Manager stores for other applications can be created in 3cti#e4irectory )ightweight 4irectory 5er#ices and Microsoft 5) 5er#er /new for *indows ista
and *indows 5er#er 2008$
• 2cope+ 3 collection of resources with a co&&on access control policy$ %n 3uthori,ation
Manager" the scope can be a folder" an 3cti#e 4irectory container" a file-&asked collection of
files /for ea&ple" X$doc" a '()" or any ob+ect that can be accessed by the application and
its underlying authori,ation store$ The ob+ect can be assigned to only one scope$ 3ny ob+ect
that is not assigned to a scope takes the access control policy that is defined in the
3uthori,ation Manager application /or root scope$ The default scope is LHyper-V 2ervices$
Hyper- ob+ects that you can use for scopes include #irtual &achines" #irtual switches" and
#irtual switch ports$
Eor ea&ple" to grant ad&inistrator access to a set of #irtual &achines to a specific user or
group" create a scope for those #irtual &achines$ Eor &ore infor&ation" see *ork with
5copes /http:go$&icrosoft$co&fwlink>)ink%4;AB;99$
• 0as#+ 3 logical group of operations for acco&plishing a task$ Tasks can be categori,ed by
ob+ects and used to control access to the ob+ect$
ote
.o checks are &ade for dependent operations when you add tasks to a role
definition$ Eor ea&ple" the LConnect to a #irtual &achine task re@uires the L(ead
5er#ice Configuration" L3llow 6utput fro& a irtual Machine" and L3llow %nput to a
irtual Machine operations$• Departmental administrator+ 3n ad&inistrator who only has per&issions to perfor& the
tasks that are outlined in the role description$ 3t a higher organi,ational le#el" the
#irtuali,ation ad&inistrator creates and &aintains the role definitions and scopes$ Eor
ea&ple" the #irtuali,ation ad&inistrator can create a LHu&an (esources 3d&inistrator
depart&ental ad&inistrator role that is scoped only to #irtual &achines owned by the Hu&an
(esources depart&ent" and can create a different role /with the sa&e operations and tasks
D8
8/20/2019 HyperV Deploy
http://slidepdf.com/reader/full/hyperv-deploy 58/58
called LEinance 3d&inistrator that is scoped only to the Einance depart&ent #irtual
&achines$
• 5ole definition+ The list of operations that a user can perfor& with the assigned role$
• 5ole assignment+ 3 list of users who can perfor& the operations that are listed in the role
definition$
Eor ea&ple" the default ad&inistrator role definition includes all operations and the default
role assign&ent is for all users in the 7'%)T%.N3d&inistrators group$ ?ou can create a L'ser
role that can only use the L5tart irtual Machine" L5top irtual Machine" L3llow %nput to
irtual Machine and L3llow 6utput fro& irtual Machine operations$ ?ou can also create
roles based on organi,ational structures$ Eor ea&ple" you can create a role called Lirtual
.etwork 3d&inistrator and assign only the operations for #irtual networking to that role$ Eor
&ore infor&ation" see Manage =roups" (oles" and Tasks /http:go$&icrosoft$co&fwlink>
)ink%d;ABD;<$
• Virtuali,ation administrator+ 3n ad&inistrator who has local ad&inistrator per&ission on the
#irtuali,ation ser#er &anage&ent operating syste& and controls all other delegated
ad&inistrator rights and per&issions$