Embed Size (px)
Citation preview
Hyper-V R2 Healthcheck (Configuration and Performance)
Mark GhazaiSr. Premier Field Engineer (PFE) Microsoft Corporation
Peter MeisterGroup Product ManagerMicrosoft Corporation
VIR309
Session Objectives
Tools used on the field for the Hyper-V Health ChecksHyper-V BPA (Full and Server Core)MAP Toolkit
Hyper-V R2 Best PracticesHAVM, Failover ClusteringCluster Validation Wizard (in case of Hyper-V Cluster)
Performance Monitor and PAL for Hyper-V R2New Premier Hyper-V Health Checks Offering
Hyper-V Health Check tools
Hyper-V Best Practices Analyzer
Best Practices Analyzer (BPA)What is the BPA?
TechNet definitionBest Practices Analyzer (BPA) is a server management tool that is available in Windows Server® 2008 R2. BPA can help administrators reduce best practice violations by scanning one or more roles that are installed on Windows Server 2008 R2, and reporting best practice violations to the administrator. Administrators can filter or exclude results from BPA reports that they don’t need to see. Administrators can also perform BPA tasks by using either the Server Manager GUI, or Windows PowerShell cmdlets.
Hyper-V R2 BPARequirements
Windows Server 2008 R2 Core or Full Edition
Hyper-V Role Update 977238 required on Hyper-V HostsServer Manager remote access (Optional)Server Manager and BPA modules for Powershell execution
Why Hyper-V BPA?Important checks
•Installed? What version? Are all of the ICs added to the VMs?Integration Components
•Supported LPs number on hostNumber of logical processors
•Inventory and supported number of VPs for each OSNumber of VPs on each VM
•Fixed, Dynamic or Differencing Disk inventoryVHD type detection
•Only use it if it’s mandatory (i.e Citrix provisioning VDI scenarios)Legacy Network Adapters
•http://technet.microsoft.com/en-us/library/ee941122(WS.10).aspx Much more…
Hyper-V BPATips and Recommendations
Export scan results to HTML formathttp://blogs.technet.com/b/cedward/archive/2011/01/11/hyper-v-bpa-html-report.aspx
Configure Server Manager for remote administrationhttp://blogs.technet.com/b/mghazai/archive/2010/06/08/hyper-v-best-practices-analyzer-powershell-automation.aspx
Apply specific filters to avoid false positives or known errorsSome warning or errors can be safely ignored depending on the your environment or requirementsApply Hyper-V BPA Updates (i.e. KB2485986 )
Run BPA remotely with Powershell to a group of servershttp://gallery.technet.microsoft.com/scriptcenter/en-us/84d3e608-1404-4ee9-b5e2-24452ecc8b94
demo
Hyper-V R2 BPA
Sample PS Script: Hyper-V R2 BPA
Import-Module failoverclusters$OutputPath = "c:\temp\hvbpa.csv"$clustername = "ServerName"$s = Get-ClusterNode -cluster $clustername | New-PSSessioninvoke-command -session $s -scriptblock { import-module BestPractices Invoke-BpaModel Microsoft/Windows/Hyper-V | out-null Get-BPAResult Microsoft/Windows/Hyper-v | select ResultNumber,@{Name="Server Name"; Expression={hostname}},ModelId,RuleId,ResultId,Severity,NeutralSeverity,Category,Title,Problem,Impact,Resolution,Compliance,Help,Excluded } | Export-Csv $OutputPathRemove-PSSession $s
Hyper-V Health Check tools
Microsoft Assessment and Planning Toolkit
MAP Toolkit (5.5)Tips and Recommendations
Enhanced server consolidation capabilities Migration to cloud-based servicesServer virtualization with Hyper-V
http://technet.microsoft.com/en-us/library/bb977556.aspx
Hyper-V Health Check tools
Security
Hyper-V Security
Hardening Hyper-V and Parent PartitionHyper-V R2 SKU or Server CoreNo Other Apps/Roles/FeaturesPatch and A/VIsolate network traffic (separate NICs and VLANs)Bitlocker
Hyper-V Security
Delegating Virtual Machine ManagementVM Admins no access to ParentAuthorization Manager (AzMan.msc)SCVMM and Self Service PortalHarden Management host OSVirtual Machine Servicing Toolkit (VMST)http://technet.microsoft.com/en-us/library/cc501231.aspx
Offline VMs in SCVMM libraryStopped and saved state VMs on a hostVM Templates.Offline VHDs in SCVMM library by injecting update packages
Hyper-V Security
Protecting Virtual MachinesPatch and A/VOS hardening
Encryption (i.e. EFS)AuditPermission
Hyper-V Security Guide http://technet.microsoft.com/en-us/library/dd569113.aspx
Microsoft Security Compliance Managerhttp://technet.microsoft.com/en-us/library/cc677002.aspx
MBSAWhat is the Microsoft Baseline Security Analyzer?
TechNet definitionMicrosoft Baseline Security Analyzer (MBSA) is an easy-to-use tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems.
MBSA for Windows Server 2008 R2Requirements
MBSA 2.1.1 or greaterMBSA 2.2 recommended
Admin rights on target host to run it remotelyInternet access and Firewall exceptions for remote scanning
TCP port 135, 139 and 445 and UDP 137 and 138
Remote Registry service, Server service, Workstation service, File and Printer Sharing service, and Automatic Updates service.MBSA FAQ
http://technet.microsoft.com/en-us/security/cc184922#EWBAC
Why Microsoft Baseline Security Analyzer?
•Fast and automated security updates report
Security Updates Check
•Administrators number, Administrator blank passwords, Firewall configuration,
Other security checks
•Local or remote scan to one or many servers
Local and remote execution
Hyper-V Health Check
Highly Available VM (HAVM)
HAVM EmPOWERED By: Failover Cluster
Failover Cluster provides key features to make Hyper-V VMs Highly Available
Live MigrationCSV (Cluster Shared Volumes)Health MonitoringAutomatic Recovery
Cluster Validation WizardWhat is the Cluster Validation Wizard?
TechNet definitionThe cluster validation wizard is a feature that is integrated into failover clustering in Windows Server 2008 and Windows Server 2008 R2. With the cluster validation wizard, you can run a set of focused tests on a collection of servers that you intend to use as nodes in a cluster. This cluster validation process tests the underlying hardware and software directly, and individually, to obtain an accurate assessment of how well failover clustering can be supported on a given configuration.
Failover Cluster Validation WizardRequirements
Windows Server 2008 or 2008 R2Failover Cluster Feature enabledStorage and Network Connections Configured
Run Validate immediately after setup of Virtual SwitchesValidate does not currently check Hyper-V specific config
More info:http://technet.microsoft.com/en-us/library/cc732035(WS.10).aspx
Why Cluster Validation Wizard?Important checks
•Configuration and functional testingShared Storage Configuration
•Heartbeat, CSV and LiveMigration network configuration tests
Cluster Network Configuration
•Hardware, updates and drivers Inventory and
Compare
•Active Directory settings, DNS, Quorum, dependencies and many more…
Cluster Configuration
Hyper-V Health Check
Live Migration and CSV Volumes
Live Migration
Identical ProcessorsMay enable Processor CompatibilityMust be same processor manufacturer
Identically named ‘Virtual Switches’Ensure that no ISOs are mountedVM may need to be ‘refreshed’ in Failover Cluster Specify the network for the VMs to use for Live MigrationDon’t use IPSec on LM network unless required for securityLinux HAVM needs Static MAC Address
CSV – SAN Fault Tolerance
26
VM running on Node 2
Coordinator Node
SAN Connectivity Failure
VHD
SAN
VHD
I/O Redirected Over CSV Network
VHD
CSV Volume
Nodes running Windows Server 2008 R2Drive letter of the System Disk must be identical
%SystemDrive%\ClusterStorage
NTLM Protocol enabled on all nodesLatest Identical HBA/Storage/Drivers/FirmwareSMB used by CSV
Client for Microsoft Networks File and Printer Sharing for Microsoft Networks
Check Free Space – Use PowerShell Scripthttp://blogs.msdn.com/b/clustering/archive/2010/06/19/10027366.aspx
CSV Settings
Highest priority network = CSV networkNetwork with lowest ‘metric’ is the highest priority
Manually set CSV network if not set properly:Get-ClusterNetwork | ft Name, Metric, AutoMetric, Role( Get-ClusterNetwork “Cluster Network” ).Metric=900
CSV Performance Baseline
What is the data telling us?Counters from Parent Partition:
Object: Physical DiskDisk Reads/sec, Disk Writes/sec, Avg Disk Queue, Current Disk Queue
Multiple nodes are accessing the same CSVAggregate data across nodes
Reads/Sec, Writes/Sec
Disk latency issuesCheck counters within VMs
http://blogs.technet.com/b/kaitling/archive/2011/02/11/deciphering-performance-data-csv-volumes.aspx
Networking
Best Scenario – 4 physical network access points1 – Virtual Machine Access2 – Management 3 – Cluster and CSV4 – Live Migration(5th network when using ISCSI)
Gigabit or faster NICsTeaming ok – Ensure latest drivers, use good Server Class NICsAll nodes must be on the same ‘logical’ subnetConfigure Network Priority Consider QoS policy for Live Migration Network Ensure networks are aptly named
http://technet.microsoft.com/en-us/library/ff428137(WS.10).aspx
Other
Use Possible and Preferred Owners with VM resourcesProper Exclusion in Parent’s Anti-VirusProper Page File sizing on parent and VMsEnsure proper amounts of RAM per nodeBase performance on least powerful node (as applicable)
Each node must be able to handle the workload it may be given
SCVMM PRO and SCOM feature for load balancingUse VMQ in place of Chimney Offload
More efficient copying between networks
With SP1 use MemoryReserve registry value on hosts
Hyper-V Cluster Best Practice ChecksValidate Report?Network adapters- Number of? Speed?Metric (Priority) Settings? Role (1-3)? Client Access - Private/Live Migration network, AutoMetric enabledSelected Network for Live Migration? Network configuration - Other - iSCSI in use? Verify Proper/Dedicated Network PathAny VMs running on disks that are in "Redirected Access Mode"? Maintenance Mode?Heartbeat monitoring for the Virtual Machine - Enabled/Disabled?Policy for VM recovery/actionsIs Persistent Mode/Auto Start Enabled?VMStates? Paused/Online/Offline/Failed/CSV enabled? State of the disks? (R2 ONLY)How many VMs per (CSV) volume? Optimization available?GPT disk/MBR disk?Multi-site cluster?H/W Logo'd for Win2008/R2?Filter Drivers Loaded?Backup/Restore Process of (CSV or other) volumesPerfmon counters for CSV volumesProcessors must be identical across cluster nodes - Processor Compat mode enabled?Is Live Migration working properly? Event logs for failed migrations?System Drive letter must be the same across nodesVerify supported workloads are running on each VMCheck firmware version of HBA from validation report and matches on all nodesVerify DSM Module in useCheck if network teaming used for ISCSIIs MPIO feature installedCheck for proper cluster Quorum ModelStorage configured to vendor tested configurationChkdsk set to run on any drives?
Microsoft Approved!
Hyper-V Health Check
Performance monitor and PAL
Performance monitor and PALThings you must know
New PAL version available – http://pal.codeplex.comVersion 2.06 include Hyper-V R2 SP1 counters thresholds for Dynamic Memory analysis
Performance monitor and PALThings you must know
LPs and Hyper threadingHyper threading is not multiplying processors for realCapacity planning must be done without Hyperthreading
Support Statements are based on LPs/VPs ratios1:8 Ratio is the supported limit for Server Virtualizations scenarios1:12 Ratio is the supported limit for VDI scenarios with Windows 7 w/SP1> 32 Procs – Do NOT enable HT
# Physical Processors
Hyperthreading# Logical
Processors# Virtual
ProcessorsLP / VP Ratio
2 (1 Dual Core) Disabled 2 16 1:8
2 (1 Dual Core)Enabled 4 16 1:4
Performance monitor and PALWhat to monitor
Host processes CPU consumption“\Process\% Processor time” and “\Process\Working Set” to identify problems on the parent partition with monitoring agents, AV, drivers or other Apps
VHDs reads and writes profiling“\Hyper-V Virtual Storage device\reads /sec and writes/sec” to identify what VMs or disks are demanding more IOs
VMs network adapters bandwidth profiling“Hyper-V Virtual Network Adapter\Bytes/sec” to identify what VMs are demanding more bandwidth
Performance monitor and PALWhat to monitor
Premier Hyper-V Health Check
Ask your TAM
Offering
Premier Hyper-V Health Check Offering
Storage Storage Types Connections
Network Interface Configuration Virtual Switches
OS Configuration Driver versions Page file Memory Dump Service Packs and recommended Hotfixes Antivirus Exclusion Firewall settings
Premier Hyper-V Health Check Offering
Hyper-V Host configurationCapacity Planning Supportability issue
Virtual Machine Configuration Integration Components Snapshots
Cluster ConfigurationCSV / Live Migration implementation
Disaster Recovery Backup Method Restore Method
Performance Detailed performance analysis with “perfmon”
Related Content
VIR201 Virtualization: State of the Union VIR306 Hyper-V and Dynamic Memory in Depth VIR310 Inside the LAB: Building Your Own Private Cloud Infrastructure VIR327 Hyper-V Cloud Fast Track: A Reference Architecture for Private
VIR371-HOL Simplify Windows Server 2008 R2 Migrations and Hyper-V Server Consolidation Assessments with the Microsoft Assessment and Planning (MAP) 5.5 Toolkit
C4E266 | Cram4Exam on Windows Server 2008 R2 Virtualization IT Professional Series: Exam 70-693
TLC: VIR 18 Windows Server 2008 R2 Hyper –V Station
Track Resources
Don’t forget to visit the Cloud Power area within the TLC (Blue Section) to see product demos and speak with experts about the Server & Cloud Platform solutions that help drive your business forward.
You can also find the latest information about our products at the following links:
Windows Azure - http://www.microsoft.com/windowsazure/
Microsoft System Center - http://www.microsoft.com/systemcenter/
Microsoft Forefront - http://www.microsoft.com/forefront/
Windows Server - http://www.microsoft.com/windowsserver/
Cloud Power - http://www.microsoft.com/cloud/
Private Cloud - http://www.microsoft.com/privatecloud/
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
http://northamerica.msteched.com
Connect. Share. Discuss.
Complete an evaluation on CommNet and enter to win!
Scan the Tag to evaluate this session now on myTech•Ed Mobile
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.
