Archive for Windows Server 2012

Windows Server 2012 Scale Out File Server

scales

Scale out File Server

Windows Server 2012 introduces a clustered Scale-Out File Server that provides more reliability by replicating file shares for application data. Scale-Out File Server varies from traditional file-server clustering technologies and isn’t recommended for scenarios with high-volume operations in which opening, closing, or renaming files occurs frequently.

In Windows Server 2012, the following clustered file servers are available:

  • Scale-Out File Server for application data (Scale-Out File Server)   This clustered file server is introduced in Windows Server 2012 and lets you store server application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability, availability, manageability, and high performance that you would expect from a storage area network. All file shares are online on all nodes simultaneously. File shares associated with this type of clustered file server are called scale-out file shares. This is sometimes referred to as active-active.
  • File Server for general use   This is the continuation of the clustered file server that has been supported in Windows Server since the introduction of Failover Clustering. This type of clustered file server, and thus all the shares associated with the clustered file server, is online on one node at a time. This is sometimes referred to as active-passive or dual-active. File shares associated with this type of clustered file server are called clustered file shares.

Key benefits provided by Scale-Out File Server in Windows Server 2012 include:

  • Active-Active file shares   All cluster nodes can accept and serve SMB client requests. By making the file share content accessible through all cluster nodes simultaneously, SMB 3.0 clusters and clients cooperate to provide transparent failover to alternative cluster nodes during planned maintenance and unplanned failures with service interruption.
  • Increased bandwidth   The maximum share bandwidth is the total bandwidth of all file server cluster nodes. Unlike previous versions of Windows Server, the total bandwidth is no longer constrained to the bandwidth of a single cluster node, but rather the capability of the backing storage system. You can increase the total bandwidth by adding nodes.
  • CHKDSK with zero downtime   CHKDSK in Windows Server 2012 is significantly enhanced to dramatically shorten the time a file system is offline for repair. Clustered shared volumes (CSVs) in Windows Server 2012 take this one step further and eliminates the offline phase. A CSV File System (CSVFS) can perform CHKDSK without impacting applications with open handles on the file system.
  • Clustered Shared Volume cache    CSVs in Windows Server 2012 introduces support for a read cache, which can significantly improve performance in certain scenarios, such as Virtual Desktop Infrastructure.
  • Simpler management   With Scale-Out File Servers, you create the Scale-Out File Server and then add the necessary CSVs and file shares. It is no longer necessary to create multiple clustered file servers, each with separate cluster disks, and then develop placement policies to ensure activity on each cluster node.

When to use Scale-Out File Server

You should not use Scale-Out File Server if your workload generates a high number of metadata operations, such as opening files, closing files, creating new files, or renaming existing files. A typical information worker would generate a lot of metadata operations. You should use a Scale-Out File Server if you are interested in the scalability and simplicity that it offers and you only require technologies that are supported with Scale-Out File Server. The following table shows the new capabilities in SMB 3.0, common Windows file systems, file server data management and applications, and if they are supported with Scale-Out File Server, or will require a traditional clustered file server:

Scale Out File Server

Review Failover Cluster Requirements

  • Scale-Out File Server is built on top of Failover Clustering so any requirements for Failover Clustering apply to Scale-Out File Server. You should have an understanding of Failover Clustering before deploying Scale-Out File Server
  • The storage configuration must be supported by Failover Clustering before you deploy Scale-Out File Server. You must successfully run the Cluster Validation Wizard before you add Scale-Out File Server.
  • Scale-Out File Server requires the use of Clustered Shared Volumes (CSVs). Since CSVs are not supported with Resilient File System, Scale-Out File Server cannot use Resilient File System.
  • Accessing a continuously available file share as a loopback share is not supported. For example, Microsoft SQL Server or Hyper-V storing their data files on SMB file shares must run on computers that are not a member of the file server cluster for the SMB file shares

Review Storage Requirements

  • Fibre Channel Storage Area Network You can use an existing fibre channel Storage Area Network as the storage subsystem for Scale-Out File Server.
  • iSCSI Storage Area Network You can use an existing iSCSI Storage Area Network as the storage subsystem for Scale-Out File Server.
  • Storage Spaces Storage Spaces is new in Windows Server 2012 and can also be used as the storage subsystem for Scale-Out File Server.
  • Clustered RAID controller A clustered RAID controller is new in Windows Server 2012 and can be used as the storage subsystem for Scale-Out File Server.

Review Networking Requirements

  • Ensure that the network adapter configurations are consistent across all of your nodes in Scale-Out File Server
  • Ensure that the network that includes the CSV redirection traffic has sufficient bandwidth
  • Use DNS dynamic update protocol for the cluster node name and all of the cluster nodes. You should ensure that the cluster node name is registered by using DNS dynamic update protocol. This should include the name of the Scale-Out File Server and the IP addresses of all of the network adapters in every cluster node on the client network.

Deploy Scale Out File Server

To take full advantage of Scale-Out File Server, all servers running the server applications that are using scale-out file shares should be running Windows Server 2012. If the server application is running on Windows Server 2008 or Windows Server 2008 R2, the servers will be able to connect to the scale-out file shares but will not take advantage of any of the new features. If the server application is running Windows Server 2003, the server will get access-denied error when connecting to the scale-out file share.

Prerequisites

  • First of all you will need 2 x Windows Server 2012 Servers built, updated and ready to work with for the Windows Failover Cluster
  • You will need 2 virtual NICs on each Windows 2012 Server. One for the Main Network and one for a Heartbeat network. Modify the provider order so the Main Network always comes first. In Network Connections hold down Alt and F then select Advanced and move your Main Network to the top of the binding order

scaleout40

  • I set up a iSCSI Target Disk from another server for my Scale Out File Server Share. Please see the previous blog for instructions on how to do this
  • I also set up an iSCSI Target from another server for my Quorum Disk. Please see the previous blog for instructions on how to do this
  • * Optional * You can also add 3 basic Virtual disks to your first server which are going to be set up as a Storage Space as detailed in the steps below and leave them as Online, Initialised and Unformatted in Disk Management on your Server. I wanted to see if these could be added into the Failover Cluster Pool as an experiment

scaleout48

  • When you have a default build of your servers before adding any roles and features I would take a snapshot so at least you can go back to where you were when everything was a fresh build and worked!! (Setting this up didn’t work too well for me the first time round and I ended up rebuilding servers and getting cross!)

Procedure

  • Log on to the first server as a member of the local Administrators group.
  • In the QUICK START section, click Add roles and features
  • On the Before you begin page of the Add Roles and Features Wizard, click Next.

Scaleout1

  • On the Select installation type page, click Role-based or feature-based installation, and then click Next.

Scaleout2

  • On the Select destination server page, select the appropriate server, and then click Next. The local server is selected by default.

Scaleout3

  • On the Select server roles page, expand File and Storage Services, expand File Services, and then select the File Server check box. Click Next.

Scaleout4

  • On the Select features page, select the Failover Clustering check box, and then click Next.

Scaleout5

  • Click OK to the pop up box

Scaleout6

  • On the Confirm installation selections page, click Install.

Scaleout7

  • Repeat the steps in this procedure for each server that will be added to the cluster
  • Next Click Tools, and then click Failover Cluster Manager
  • Under the Management heading, click Validate Configuration
  • On the Before You Begin page, click Next

Scaleout8

  • On the Select Servers or a Cluster page, in the Enter name box, type the FQDN of one of the servers that will be part of the cluster, and then click Add. Repeat this step for each server that will be in the cluster

Scaleout9

  • Click OK to see the chosen servers

Scaleout10

  • On the Testing Options page, ensure that the Run all tests (recommended) option is selected, and then click Next.

Scaleout11

  • On the Confirmation page, click Next.

Scaleout12

  • The Validation tests will now run

Scaleout13

  • On the Summary page, ensure that the Create the cluster now using the validated nodes check box is selected, and then click Finish. View the report to make sure you do not need to fix anything before proceeding. The Create Cluster Wizard appears.

Scaleout14

  • On the Before You Begin page, click Next

Scaleout15

  • On the Access Point for Administering the Cluster page, in the Cluster Name box, type a name for the cluster, and choose an IP Address then click Next.

Scaleout16

  • On the Confirmation page, click Next.
  • Untick Add all eligible storage to the cluster

Scaleout17

  • On the Summary page, click Finish.

Scaleout18

  • Right click on Disks in Failover Cluster Manager and select Add Disk

scaleout49

  • The 5GB Disk is my Quorum iSCSI Target Disk
  • The 15GB Disk is my Scale Out File Server iSCSI Target Disk
  • The 3 x 10GB Disks are the 3 basic unformatted virtual disks I added at the start of this procedure to my first server in order to try setting up a storage pool from within the Failover Cluster. Keep these unticked for now
  • You should now see the disks looking like the below

scaleout50

  • You should be now be able to change the Quorum setting from Node Majority to Node and Disk Majority as per the instructions below which is the recommended configuraton for a 2 Node Failover Cluster Server
  • Note the Quorum Disk cannot be a Cluster Shared Volume. Please click Quorum Disk to follow a link to mofe information
  • Right click on the Cluster name in Failover Cluster Manager and select More Actions > Configure Cluster Quorum Settings

scaleout42

  • Select Quorum Configuration Options

scaleout43

  • Select Quorum Witness

scaleout44

  • Configure Storage Witness to be your 5GB Drive

scaleout45

  • Confirmation

scaleout46

  • Summary

scaleout47

  • Next Go to Failover Cluster Manager > Storage > Pools and Select New Pool
  • Note that once physical disks have been added to a pool, they are no longer directly usable by the rest of Windows – they have been virtualized, that is, dedicated to the pool in their entirety

Scaleout21

  • Specify a Name for the Storage Pool and choose the Storage Subsystem that is available to the cluster and click Next
  • Select the Physical Disks for the Storage Pool
  • Note the disks should be Online, Initialised but unallocated. If you don’t see any disks, you need to go into Server Manager and delete the volumes

Scaleout23

  • Confirm Selections

Scaleout24

  • Click Create and you will see the wizard running through the tasks

Scaleout25

  • The next step is to create a Virtual Disk (storage space) that will be associated with a storage pool. In the Failover Cluster Manager, select the storage pool that will be supporting the Virtual Disk. Right-click and choose New Virtual Disk

Scaleout35

  • Select the Storage Pool

Scaleout27

  • Specifiy the Virtual Disk Name

Scaleout28

  • Select the Storage Layout. (Simple or Mirror; Parity is not supported in a Failover Cluster) and click Next

Scaleout29

  • Specifiy the Provisioning Type

Scaleout30

  • Specify the size of your virtual disk – I chose Maximum

Scaleout31

  • Check and Confirm and click Create

Scaleout32

  • View Results and make sure Create a Volume when this wizard closes is ticked

Scaleout33

  • The volume wizard opens

Scaleout34

  • Select the Cluster and your disk

Scaleout36

  • Specify the size of the volume

Scaleout37

  • Choose a drive letter

Scaleout38

  • Select File System Settings

Scaleout39

  • Confirm and Create

Scaleout40

  • You should now see this Virtual Disk Storage space as a drive in Windows
  • Open Failover Cluster Manager.
  • Right-click the cluster, and then click Configure Role.
  • On the Before You Begin page, click Next.
  • On the Select Role page, click File Server, and then click Next.
  • On the File Server Type page, select the Scale-Out File Server for application data option, and then click Next.

Scaleout43

  • On the Client Access Point page, in the Name box, type a NETBIOS name that will be used to access Scale-Out File Server, and then click Next
  • On the Confirmation page, confirm your settings, and then click Next.
  • On the Summary page, click Finish.

Scaleout47PNG

  • Click Start, type Failover Cluster, and then click Failover Cluster Manager
  • Expand the cluster, and then click Roles.
  • Right-click the file server role, and then click Add File Share.
  • On the Select the profile for this share page, click SMB Share – Applications, and then click Next.
  • On the Select the server and path for this share page, click the cluster shared volume, and then click Next.
  • On the Specify share name page, in the Share name box, type a name, and then click Next.
  • On the Configure share settings page, ensure that the Enable continuous availability check box is selected, and then click Next.
  • On the Specify permissions to control access page, click Customize permissions, grant the following permissions, and then click Next:
  • If you are using this Scale-Out File Server file share for Hyper-V, all Hyper-V computer accounts, the SYSTEM account, and all Hyper-V administrators must be granted full control on the share and the file system.
  • If you are using Scale-Out File Server on Microsoft SQL Server, the SQL Server service account must be granted full control on the share and the file system
  • On the Confirm selections page, click Create.
  • On the View results page, click Close
  • Note: You should not use access-based enumeration on file shares for Scale-Out File Server because of the increased metadata traffic that is generated on the coordinator node.

Useful Links

http://technet.microsoft.com/en-us/library/jj612868.aspx

http://support.microsoft.com/kb/2813005/en-us

Storage Spaces in Windows Server 2012

Storage

What are Storage Spaces?

A technology in Windows and Windows Server that enables you to virtualize storage by grouping industry-standard disks into storage pools, and then create virtual disks called storage spaces from the available capacity in the storage pools

Storage Spaces enables cost-effective, highly available, scalable, and flexible storage solutions for business-critical (virtual or physical) deployments. Storage Spaces delivers sophisticated storage virtualization capabilities, which empower customers to use industry-standard storage for single computer and scalable multi-node deployments. It is appropriate for a wide range of customers, including enterprise and cloud hosting companies, which use Windows Server for highly available storage that can cost-effectively grow with demand.

With Storage Spaces the Windows storage stack has been fundamentally enhanced to incorporate two new abstractions:

  • Storage pools. A collection of physical disks that enable you to aggregate disks, expand capacity in a flexible manner, and delegate administration.
  • Storage spaces. Virtual disks created from free space in a storage pool. Storage spaces have such attributes as resiliency level, storage tiers, fixed provisioning, and precise administrative control.

Storage Spaces is manageable through the Windows Storage Management API in Windows Management Instrumentation (WMI) and Windows PowerShell, and through the File and Storage Services role in Server Manager. Storage Spaces is completely integrated with failover clustering for high availability, and it is integrated with CSV for scale-out deployments

Important functionality

Storage Spaces includes the following features:

  • Storage pools.

Storage pools are the fundamental building blocks for Storage Spaces. Storage administrators are already familiar with this concept, obviating the need to learn a new model. They can flexibly create storage pools based on the needs of the deployment. For example, given a set of physical disks, an administrator can create one pool (by using all the available physical disks) or multiple pools (by dividing the physical disks as required). Furthermore, to maximize the value from storage hardware, the administrator can combine hard disks and solid-state drives (SSDs) in the same pool, using storage tiers to move frequently accessed portions of files to SSD storage, and using write-back caches to buffer small random writes to SSD storage. Pools can be expanded dynamically by simply adding additional drives, thereby seamlessly scaling to cope with unceasing data growth.

  • Resilient storage.

Storage Spaces provides three storage layouts (also known as resiliency types):

  • Mirror. Data is duplicated on two or three physical disks, increasing reliability, but reducing capacity. This storage layout requires at least two disks to protect you from a single disk failure, or at least five disks to protect you from two simultaneous disk failures.
  • Parity. Data and parity information are striped across physical disks, increasing reliability, but somewhat reducing capacity. This storage layout requires at least three disks to protect you from a single disk failure and at least seven disks to protect you from two disk failures.
  • Simple (no resiliency). Data is striped across physical disks, maximizing capacity and increasing throughput, but decreasing reliability. This storage layout requires at least one disk and does not protect you from a disk failure.

Additionally, Storage Spaces can automatically rebuild mirror and parity spaces in which a disk fails by using dedicated disks that are reserved for replacing failed disks (hot spares), or more rapidly by using spare capacity on other drives in the pool. Storage Spaces also includes background scrubbing and intelligent error correction to allow continuous service availability despite storage component failures. In the event of a power failure or cluster failover, the integrity of data is preserved so that recovery happens quickly and does not result in data loss.

  • Continuous availability.

Storage Spaces is fully integrated with failover clustering, which allows it to deliver continuously available service deployments. One or more pools can be clustered across multiple nodes within a single cluster. Storage spaces can then be instantiated on individual nodes, and the storage will seamlessly fail over to a different node when necessary (in response to failure conditions or due to load balancing). Integration with CSVs permits scale-out access to data.

  • Storage tiers.

Storage Spaces in Windows Server 2012 R2 Preview combines the best attributes of SSDs and hard disk drives (HDDs) by enabling the creation of virtual disks composed of two tiers of storage – an SSD tier for frequently accessed data, and a HDD tier for less-frequently accessed data. Storage Spaces transparently moves data at a sub-file level between the two tiers based on how frequently data is accessed. As a result, storage tiers can dramatically increase performance for the most used (“hot”) data by moving it to SSD storage, without sacrificing the ability to store large quantities of data on inexpensive HDDs.

  • Write-back cache.

Storage Spaces in Windows Server 2012 R2 Preview supports creating a write-back cache that uses a small amount of space on existing SSDs in the pool to buffer small random writes. Random writes, which often dominate common enterprise workloads, are directed to SSDs and later are written to HDDs.

  • Operational simplicity.

The Windows Storage Management API, WMI, and Windows PowerShell permit full scripting and remote management. Storage Spaces can also be easily managed through the File and Storage Services role in Server Manager. Storage Spaces also provides notifications when the amount of available capacity in a storage pool hits a configurable threshold.

  • Multitenancy.

Administration of storage pools can be controlled through access control lists (ACLs) and delegated on a per-pool basis, thereby supporting hosting scenarios that require tenant isolation. Storage Spaces follows the familiar Windows security model; therefore, it can be fully integrated with Active Directory Domain Services.

Requirements

Storage Spaces has the following requirements:

  • Windows Server 2012 R2 Preview, Windows Server 2012, Windows 8.1 Preview, or Windows 8.
  • Serial ATA (SATA) or Serial Attached SCSI (SAS) connected disks, optionally in a just-a-bunch-of-disks (JBOD) enclosure. RAID adapters, if used, must have all RAID functionality disabled and must not obscure any attached devices, including enclosure services provided by an attached JBOD
  • Consumers can use USB drives with Storage Spaces, though USB 3 drives are recommended to ensure a high level of performance. USB 2 drives will decrease performance – a single USB 2 hard drive can saturate the bandwidth available on the shared USB bus, limiting performance when multiple drives are attached to the same USB 2 controller. When using USB 2 drives, plug them directly into different USB controllers on your computer, do not use USB hubs, and add USB 2 drives to a separate storage pool used only for storage spaces that do not require a high level of performance
  • For shared-storage deployments on failover clusters: Two or more servers running Windows Server 2012 R2 Preview or Windows Server 2012, Requirements as specified for failover clustering and Cluster Shared Volumes (CSV) and SAS connected JBODs that comply with Windows Certification requirements

What are the recommended configuration limits?

In Windows Server 2012, the following are the recommended configuration limits:

  • Up to 160 physical disks in a storage pool; you can, however, have multiple pools of 160 disks.
  • Up to 480 TB of capacity in a single storage pool.
  • Up to 128 storage spaces in a single storage pool.
  • In a clustered configuration, up to four storage pools per cluster.

FAQs

http://social.technet.microsoft.com/wiki/contents/articles/11382.storage-spaces-frequently-asked-questions-faq.aspx

Deploying Storage Spaces

In this example I will create a Storage Space from a Resource Pool containing 3 Disks

Storage Spaces4

Procedure 

  • Go to Server Manager > File and Storage Services > Storage Pools
  • Click Tasks and Select New Storage Pool
  • Note that once physical disks have been added to a pool, they are no longer directly usable by the rest of Windows – they have been virtualized, that is, dedicated to the pool in their entirety

Scaleout21

  • Specify a Name for the Storage Pool and choose the Storage Subsystem that is available

storagespaces3

  • Select the Physical Disks for the Storage PooL
  • Note the disks should be Online, Initialised but unallocated. If you don’t see any disks, you need to go into Server Manager and delete the volumes

Scaleout23

  • Confirm Selections

Scaleout24

  • Click Create and you will see the wizard running through the tasks

Scaleout25

  • The next step is to create a Virtual Disk (storage space) that will be associated with a storage pool. In the Failover Cluster Manager, select the storage pool that will be supporting the Virtual Disk. Right-click and choose New Virtual Disk

Scaleout35

  • Select the Storage Pool

Scaleout27

  • Specifiy the Virtual Disk Name

Scaleout28

  • Select the Storage Layout. (Simple or Mirror; Parity is not supported in a Failover Cluster) and click Next

Scaleout29

  • Specifiy the Provisioning Type

Scaleout30

  • Specify the size of your virtual disk – I chose Maximum

Scaleout31

  • Check and Confirm and click Create

Scaleout32

  • View Results and make sure Create a Volume when this wizard closes is ticked

Scaleout33

  • The volume wizard opens

Scaleout34

  • Select the Cluster and your disk

Scaleout36

  • Specify the size of the volume

Scaleout37

  • Choose a drive letter

Scaleout38

  • Select File System Settings

Scaleout39

  • Confirm and Create

Scaleout40

  • You should now see this Virtual Disk Storage space as a drive in Windows

 

Cluster Shared Volumes in Windows Server 2012

Cluster

What are Cluster Shared Volumes?

Cluster Shared Volumes (CSVs) in a Windows Server 2012 failover cluster allow multiple nodes in the cluster to simultaneously have read-write access to the same LUN (disk) that is provisioned as an NTFS volume. With CSVs, clustered roles can fail over quickly from one node to another node without requiring a change in drive ownership, or dismounting and remounting a volume. CSVs also help simplify managing a potentially large number of LUNs in a failover cluster.

CSVs provide a general-purpose, clustered file system in Windows Server 2012, which is layered above NTFS. They are not restricted to specific clustered workloads. (In Windows Server 2008 R2, CSVs only supported the Hyper-V workload.) CSV applications include:

  • Clustered virtual hard disk (VHD) files for clustered Hyper-V virtual machines
  • Scale-out file shares to store application data for the Scale-Out File Server role. Examples of the application data for this role include Hyper-V virtual machine files and Microsoft SQL Server data

Other Details

  • At this time, CSVs do not support the Microsoft SQL Server clustered workload.
  • External authentication dependencies for CSVs have been removed
  • CSVs support the functional improvements in chkdsk
  • CSVs interoperate with antivirus and backup applications
  • CSVs are also now integrated with general storage features such as Bitlocker and Storage Spaces
  • Cluster Share Volumes (CSVs), system volumes, dynamic disks, and Resilient File System (ReFS) are not eligible for data deduplication

Benefits of using Cluster Shared Volumes in a failover cluster

Cluster Shared Volumes provides the following benefits in a failover cluster:

  • The configuration of clustered virtual machines is much simpler than before.
  • You can reduce the number of LUNs (disks) required for your virtual machines, instead of having to manage one LUN per virtual machine, which was previously the recommended configuration (because the LUN was the unit of failover). Many virtual machines can use a single LUN and can fail over without causing the other virtual machines on the same LUN to also fail over.
  • You can make better use of disk space, because you do not need to place each Virtual Hard Disk (VHD) file on a separate disk with extra free space set aside just for that VHD file. Instead, the free space on a Cluster Shared Volume can be used by any VHD file on that volume.
  • You can more easily track the paths to VHD files and other files used by virtual machines. You can specify the path names, instead of identifying disks by drive letters (limited to the number of letters in the alphabet) or identifiers called GUIDs (which are hard to use and remember). With Cluster Shared Volumes, the path appears to be on the system drive of the node, under the \ClusterStorage folder. However, this path is the same when viewed from any node in the cluster.
  • If you use a few Cluster Shared Volumes to create a configuration that supports many clustered virtual machines, you can perform validation more quickly than you could with a configuration that uses many LUNs to support many clustered virtual machines. With fewer LUNs, validation runs more quickly. (You perform validation by running the Validate a Configuration Wizard in the snap-in for failover clusters.)
  • There are no special hardware requirements beyond what is already required for storage in a failover cluster (although Cluster Shared Volumes require NTFS).
  • Resiliency is increased, because the cluster can respond correctly even if connectivity between one node and the SAN is interrupted, or part of a network is down. The cluster will re-route the Cluster Shared Volumes communication through an intact part of the SAN or network.

How to Configure a Clustered Storage Space in Windows Server 2012

Prerequisites

  • A minimum of three physical drives, with at least 4 gigabytes (GB) capacity each, are required to create a storage pool in a Failover Cluster.
  • The clustered storage pool MUST be comprised of Serial Attached SCSI (SAS) connected physical disks. Layering any form of storage subsystem, whether an internal RAID card or an external RAID box, regardless of being directly connected or connected via a storage fabric, is not supported.
  • All physical disks used to create a clustered pool must pass the Failover Cluster validation tests.
  • To run cluster validation tests: Open the Failover Cluster Manager interface (cluadmin.msc) and select the Validate Cluster options
  • Clustered storage spaces must use fixed provisioning.
  • Simple and mirror storage spaces are supported for use in Failover Cluster. Parity Spaces are not supported.
  • The physical disks used for a clustered pool must be dedicated to the pool. Boot disks should not be added to a clustered pool nor should a physical disk be shared among multiple clustered pools.
  • Storage spaces formatted with ReFS cannot be added to the Cluster Shared Volume (CSV)

Procedure

  • Go to Server Manager > File and Storage Services > Storage Pools and Select New Pool
  • Note that once physical disks have been added to a pool, they are no longer directly usable by the rest of Windows – they have been virtualized, that is, dedicated to the pool in their entirety

Scaleout21

  • Specify a Name for the Storage Pool and choose the Storage Subsystem that is available to the cluster and click Next
  • Select the Physical Disks for the Storage Pool
  • Note the disks should be Online, Initialised but unallocated. If you don’t see any disks, you need to go into Server Manager and delete the volumes

Scaleout23

  • Confirm Selections

Scaleout24

  • Click Create and you will see the wizard running through the tasks

Scaleout25

  • The next step is to create a Virtual Disk (storage space) that will be associated with a storage pool. In the Failover Cluster Manager, select the storage pool that will be supporting the Virtual Disk. Right-click and choose New Virtual Disk

Scaleout35

  • Select the Storage Pool

Scaleout27

  • Specifiy the Virtual Disk Name

Scaleout28

  • Select the Storage Layout. (Simple or Mirror; Parity is not supported in a Failover Cluster) and click Next

Scaleout29

  • Specifiy the Provisioning Type

Scaleout30

  • Specify the size of your virtual disk – I chose Maximum

Scaleout31

  • Check and Confirm and click Create

Scaleout32

  • View Results and make sure Create a Volume when this wizard closes is ticked

Scaleout33

  • The volume wizard opens

Scaleout34

  • Select the Cluster and your disk

Scaleout36

  • Specify the size of the volume

Scaleout37

  • Choose a drive letter

Scaleout38

  • Select File System Settings

Scaleout39

  • Confirm and Create

Scaleout40

  • You should now see this Virtual Disk Storage space as a drive in Windows
  • In Failover Cluster Manager, expand ClusterName, expand Storage, and then click Disks
  • Right-click a cluster disk, and then click Add to Cluster Shared Volumes. The Assigned To column changes to Cluster Shared Volume.

cluster

 

 

Installing and Configuring iSCSI Target Server on Windows Server 2012

iscsi

What is iSCSI Target Server?

iSCSI Target allows your Windows Server to share block storage remotely. iSCSI leverages the Ethernet network and does not require any specialized hardware. There is a brand new UI integrated with Server manager, along with 20+ cmdlets for easy management.

iSCSI Terms

  • iSCSI:

An industry standard protocol allow sharing block storage over the Ethernet. The server shares the storage is called iSCSI Target. The server (machine) consumes the storage is called iSCSI initiator. Typically, the iSCSI initiator is an application server. For example, iSCSI Target provides storage to a SQL server, the SQL server will be the iSCSI initiator in this deployment.

  • Target:

It is an object which allows the iSCSI initiator to make a connection. The Target keeps track of the initiators which are allowed to be connected to it. The Target also keeps track of the iSCSI virtual disks which are associated with it. Once the initiator establishes the connection to the Target, all the iSCSI virtual disks associated with the Target will be accessible by the initiator.

  • iSCSI Target Server:

The server runs the iSCSI Target. It is also the iSCSI Target role name in Windows Server 2012.

  • iSCSI virtual disk:

It also referred to as iSCSI LUN. It is the object which can be mounted by the iSCSI initiator. The iSCSI virtual disk is backed by the VHD file.

  • iSCSI connection:

iSCSI initiator makes a connection to the iSCSI Target by logging on to a Target. There could be multiple Targets on the iSCSI Target Server, each Target can be accessed by a defined list of initiators. Multiple initiators can make connections to the same Target. However, this type of configuration is only supported with clustering. Because when multiple initiators connects to the same Target, all the initiators can read/write to the same set of iSCSI virtual disks, if there is no clustering (or equivalent process) to govern the disk access, corruption will occur. With Clustering, only one machine is allowed to access the iSCSI virtual disk at one time.

  • IQN:

It is a unique identifier of the Target or Initiator. The Target IQN is shown when it is created on the Server. The initiator IQN can be found by typing a simple “iscsicli” cmd in the command window.

  • Loopback:

There are cases where you want to run the initiator and Target on the same machine; it is referred as “loopback”. In Windows Server 2012, it is a supported configuration. In loopback configuration, you can provide the local machine name to the initiator for discovery, and it will list all the Targets which the initiator can connect to. Once connected, the iSCSI virtual disk will be presented to the local machine as a new disk mounted. There will be performance impact to the IO, since it will travel through the iSCSI initiator and Target software stack when comparing to other local I/Os. One use case of this configuration is to have initiators writing data to the iSCSI virtual disk, then mount those disks on the Target server (using loopback) to check the data in read mode.

Instructions

The aim of this particular blog is to configure an iSCSI Target Disk which my Windows Server 2012 Failover Cluster can use as its Quorum Disk so we will be configuring a 5GB Quorum Disk which we will then present to the Failover Cluster Servers

  • Open Server Manager and click Add Roles and Features

ISCSI1

  • Choose Role based or Feature based installation

iSCSI2

  • Select Destination Server

iSCSI3

  • Select Server Roles > File and Storage Services > File and iSCSI Services > iSCSI Target Server

iSCSI4

  • Add Features that are required for iSCSI Target Server (None ticked here)

iSCSI5

  • Confirm Installation Selections

iSCSI6

  •  To complete iSCSI target server the configuration go to Server Manager , click File and Storage Services > iSCSI
  • Go to iSCSI Virtual disks and click “Launch the New Virtual Disk wizard to create a virtual disk” and walk through the Virtual Disks and targets creation
  • Select an iSCSI virtual disk location

iSCSI7

  • Specify iSCSI virtual disk name

iSCSI8

  • Specify iSCSI virtual disk size

iSCSI9

  • Assign iSCSI Target

iSCSI10

  • Specify Target Name. Underscores are not allowed but it will change them for you

iSCSI12

  • Specify Access Servers

iSCSI14

  • Select a method to identify the initiator

iSCSI13

  • Click Browse and type in the name of the servers which will need to access this virtual disk
  • I have added my 2 Windows Failover Cluster VMs which are called dacvsof001 and dacvsof002

iSCSI15

  • Enable Authentication

iSCSI16

  • Confirm Selections

iSCSI17

  • View Results

iSCSI18

  • Next we need to go to the first Failover Cluster Server dacvsof001 and add the disk
  • On dacvsof001, open Server Manager click Tools and select iSCSI Initiator. When you select this, you will get the following message. Click Yes

iSCSI19

  • Type the Target Server address in which is the server you created the Virtual Disk on and click Quick Connect

iSCSI20

  • You will the Target listed which is available for connection

iSCSI21

  • Click Done
  • Now open Disk Management to make sure that the disk is presented correctly

iSCSI22

  • Right click on this and select Online
  • Right click again and select Initialise
  • Create new Volume. I used Q for Quorum Disk

iSCSI23

  • Now go to the second Windows Failover Cluster Server and do exactly the same thing
  • Leave this disk online and initialised but not given a letter

Dynamic Access Control on Server 2012

security

What is Dynamic Access Control?

Controlling access and ensuring compliance are essential components of IT systems in today’s business environment. Windows Server 2012 includes enhancements that provide improved authorization for file servers to control and audit who is able to access data on them. These enhancements are described under the umbrella name of Dynamic Access Control and enable automatic and manual classification of files, central access policies for controlling access to files, central audit policies for identifying who accessed files, and the application of Rights Management Services (RMS) protection to safeguard sensitive information.

Dynamic Access Control is enabled in Windows Server 2012 through the following new features:

  • A new authorization and audit engine that supports central policies and can process conditional expressions
  • A redesigned Advanced Security Settings Editor that simplifies configuration of auditing and determination of effective access.
  • Kerberos authentication support for user and device claims
  • Enhancements to the File Classification Infrastructure (FCI) introduced previously in Windows Server 2008 R2
  • RMS extensibility to allow partners to provide solutions for applying Windows Server– based RMS to non-Microsoft file types

There is one good rule of thumb to remember when you’re deploying DAC into existing
Windows networks: NTFS permissions won’t give more access than a claims-based rule
allows, and a claims-based rule won’t give more permission than NTFS allows

dac26

Instructions

Step 1 – Open Active Directory Administrative Center

  • Click Server Manager.
  • Click Tools, and then click Active Directory Administrative Center.
  • NOTE: Active Directory Administrative Center provides functionality that is separate from, but overlapping with Active Directory Users and Computers.
  • Click the Tree View icon to simplify navigation

dac1a

Step 2 – Configure claim types for users

In this step, you will add two existing Active Directory attributes to the list of attributes which can be used when evaluating Dynamic Access Control. The user’s country value and department value will be part of the calculation that determines if they have access to specific files.

  • In Active Directory Administrative Center, expand Dynamic Access Control, and then click Claim Types.
  • Click New, and then click Claim Type.
  • In the Source Attribute list, click Department, and then click OK.
  • NOTE: This uses the existing Active Directory attribute.

dac2

  • Click New, and then click Claim Type.
  • In the Source Attribute list, click C, and then in Display name, type Country.
  • NOTE: This uses the existing Active Directory attribute.
  • Click OK.

dac3a

Step 3 – Configure resource properties for files

In this step, you will configure the properties which will be downloaded by file servers and used to classify files. Future dynamic access control rules will compare user attribute values with resource properties. The list of resource properties is predefined by Microsoft as a starter set of properties that can be used by most organizations. You can enable existing properties or create new ones. You will add a resource property to match the country claim, and then enable the existing department property to match the department claim

  • In Active Directory Administrative Center, click Resource Properties.
  • Click New, and then click Resource Property.
  • In Display name, type Country.

dac4

  • Click Add.
  • In Value and Display Name, type US, and then click OK.
  • Click Add.

DAC5

  • In Value and Display Name, type JP, and then click OK.

DAC6

  • Click OK
  • NOTE: The Country property is now listed and is enabled.

DAC7

  • In the Resource Properties, under ID, locate the Department_MS property.
  • Click Department_MS, and then click Enable

DAC8

  • NOTE: The Country property is now listed and is enabled.

Step 4  – Add resource properties to the global list

Each resource property must be added to at least one resource property list before it is downloaded by file servers. The global resource property list is downloaded by all file servers; however individual lists can be created and delivered to specific file servers using Group Policy.

  • In Active Directory Administrative Center, click Resource Property Lists.
  • Click Add resource properties.
  • Select Country and Department, and then click the Add button (>>).
  • Click OK.

dac10

Step 5 – Create a new central access rule

In this step, you will create a new central access rule. This is similar to an access control list (ACL) in that it describes which conditions must be met in order for file access to be granted. In this specific rule, you will require that the user accounts, department, and country attributes match the value of the file’s department and country attributes prior to access being granted

  • In Active Directory Administrative Center, click Central Access Rules.
  • Click New, and then click Central Access Rule.
  • In Name, type Department-Country-Match-Required.
  • Under Target Resources, click Edit.
  • Click Add a condition.
  • Add the condition Resource-Country-Exists.
  • Click Add a condition.
  • Add the condition Resource-Department-Exists.
  • Click OK.

dac11

  • In Permissions, select Use the following permissions as current permissions.
  • NOTE: This setting enforces dynamic access control. The default setting will only create audit log entries and is used for impact analysis prior to implementation.
  • In Permissions, click Edit.
  • Click Add.
  • Click Select a principal, and then type Authenticated.
  • NOTE: This will automatically select Authenticated Users.

dac12

  • Click OK.
  • In Permissions, check the Full Control check box.
  • Click Add a condition.
  • Add the condition User-Country-Equals-Resource-Country.
  • Click Add a condition.
  • Add the condition User-Department-Equals-Resource-Department.

dac14

  • IMPORTANT: In creating this rule, the list of attributes for the user is generated by the list of attributes used for claim types. The list of attributes for the resource is generated by the list of enabled resource properties.
  • Click OK three times to return to Active Directory Administrative Center.

Step 6 – Create a central access policy

In this step, you will take the new rule and add it to a central access policy. A central access policy is a group of rules that are enforced as a unit. A file or folder can have only one central access policy applied to it.

  • In Active Directory Administrative Center, click Central Access Policies.
  • Click New, and then click Central Access Policy.
  • In Name, type Contoso File Server Policy, and then click Add.
  • Click Department-Company-Match-Required, and then click the Add button (>>)

dac15

  • Click OK.
  • Click OK.

Step 7 – Publish the central access policy with Group Policy

In this step, you will create a new Group Policy Object (GPO) to deliver the central access policy to your file servers. This will make the policy available, but will not enforce it on individual files or folders.

  • Open Server Manager.
  • On the Tools menu, click Group Policy Management.
  • Under Domains, click Contoso.com.
  • Click Action, and then click Create a GPO in this domain and link it here.
  • Type Dynamic Access Control Policy, and then click OK.
  • Expand Contoso.com, click Dynamic Access Control Policy, and then click OK.
  • In Security Filtering, click Authenticated Users, click Remove, and then click OK.
  • Click Add.
  • Click Object Types, check Computers, and then click OK.
  • Type Server1, and then click OK.
  • NOTE: We are limiting this GPO to be applied only on Server1.

dac16

  • Right-click Dynamic Access Control Policy, and then click Edit.
  • Navigate to Computer Configuration/Policies/Windows Settings/Security Settings/File System, and then click Central Access Policy.

dac17

  • On the Action menu, click Manage Central Access Policies.
  • Click Contoso File Server Policy, and then click Add.

dac18

Step 8 – Enable Kerberos armoring for domain controllers

In this step, you will enable Kerberos armoring for domain controllers, which ensures that Kerberos tickets contain the required claims information which can then be evaluated by file servers.

  • In Group Policy Management Console, navigate to Contoso.com, and then click Default Domain Policy.
  • Click OK.
  • On the Action menu, click Edit.
  • Navigate to Computer Configuration/Policies/Administrative Templates/System/KDC.
  • Click KDC Support for claims, compound authentication, and Kerberos armoring.
  • NOTE: This setting must be applied to all domain controllers in your organization to extend the Kerberos protocol to support Dynamic Access Control. You can do this in any manner which is appropriate for your organization.
  • Kerberos armoring addresses security concerns that dogged Kerberos authentication,
    such as vulnerability to brute force attacks and spoofing. With Kerberos armoring, a
    secured tunnel is created between a domain client and a domain controller

dac21

  • On the Action menu, click Edit. Select Enabled
  • Click OK.
  • Navigate to Computer Configuration/Policies/Administrative Templates/System/Kerberos.
  • Click Kerberos client support for claims, compound authentication, and Kerberos armoring.
  • NOTE: This setting must be applied to all clients in your organization to extend the Kerberos protocol to support Dynamic Access Control. You can do this in any manner which is appropriate for your organization.

dac20

  • On the Action menu, click Edit > Enabled
  • Click OK.
  • Close Group Policy Management Editor.

Step 9 – Deploying a File Server with Dynamic Access Control

In this exercise, you will install the required components for Dynamic Access Control on a file server, and then configure the resources properties of a folder.
Install the file server roles and role features
In this step, you will install the file server role and the file server resource manager role service.

  • Open Server Manager.
  • In Server Manager, click Add Roles and Features.
  • Click Next at each step of the wizard until you reach the Select server roles page.
  • Expand File and Storage Services (Installed).
  • Check File and iSCSI Services, and then expand File and iSCSI Services.
  • NOTE: File Server Resource Manager is required to manage DAC properties locally

dac22

Step 10 – Add classification data to the file share

In this step, you will classify the files in the file share by adding and configuring the resource properties you defined in Step 1

  • In Windows Explorer, navigate to C:\Shares on the File Server
  • Right-click CorpData, and then click Properties.
  • Click the Classification tab.
  • NOTE: Note that the two defined resource properties are available.
  • IMPORTANT: If you do not see Country and Department, run the Windows PowerShell command Update-FSRMClassificationPropertyDefinition, as this will force the update to occur. You will need to reopen the properties box after this command.

dac23

  • In CorpData Properties, click Country, click JP, and then click Apply.
  • Click Department, and then click Finance.
  • NOTE: The department list is present because the resource property Department is predefined by Microsoft and contains this set of default department names.

dac24

  • Click Apply and leave the Properties window open

Step 11 – Add the central access policy to the CorpData folder

In this step, you will configure the CorpData folder to use the central policy you created in Step 1 as part of the access control evaluation process.

  • Click Windows PowerShell.
  • Type GPUpdate /Force, and then press ENTER. Wait for Group Policy to refresh.
  • NOTE: This is required to ensure the central policy defined by the Dynamic Access Control Policy GPO is applied to this system. Under normal circumstances, the regular group policy refresh would perform this step.
  • Switch to the CorpData Properties window.
  • On the Security tab, click Advanced.
  • Click Central Policy, and then click Change.
  • Select Contoso File Server Policy, and then click Apply.

dac25

  • NOTE: You can use this screen to review the policy rules and the conditions when selecting the policy.

 

Testing an install of Microsoft Virtual Machine Manager 2012 SP1 on Windows 2012

cloud

What is Microsoft Virtual Machine Manager? Virtual Machine Manager (VMM) is a management solution for the virtualized datacenter, enabling you to configure and manage your virtualization host, networking, and storage resources in order to create and deploy virtual machines and services to private clouds that you have created A deployment of VMM consists of the following: vmm Pre-Requisites Your servers may slightly differ as to how many roles you put on one server but you will generally need the following. I am going to presume you have a Domain Controller and a Hyper V Server.

  • 1 x Windows 2008 or Windows 2012 Domain Controller
  • 1 x Windows 2012 Server running Microsoft Virtual Machine Manager
  • 1 x Windows 2012 Server running Microsoft SQL Server 2008 or 2012
  • 1 x Windows 2012 Server running Hyper V 2012 Server for testing VMM. Note: You will need to add hypervisor.cpuid.v0 = “FALSE” and mce.enable = “TRUE” and vhv.enable = “True” to the .vmx file if this server is a VM running on VMware
  • For System Center 2012 – Virtual Machine Manager: Windows Automated Installation Kit (AIK) for Windows 7
  • For VMM in System Center 2012 SP1: Windows Assessment and Deployment Kit (ADK) for Windows 8. SCVMM Management Server only requires the Deployment Tools and Windows PE components.
  • For System Center 2012 – Virtual Machine Manager: At least Microsoft .NET Framework 3.5 Service Pack 1 (SP1)
  • For VMM in System Center 2012 SP1: Microsoft .NET Framework 4, or Microsoft .NET Framework 4.
  • The computer on which you install the VMM management server must be a member of an Active Directory domain.
  • The name of the computer on which you install the VMM management server cannot exceed 15 characters.
  •  The SCVMM machine name can’t include –SCVMM- for example My-SCVMM-Server but can be called SCVMM.
  • If using Dynamic memory the start-up RAM must be at least 2048 MB.  This demo uses 4096 MB of RAM.
  • It is also recommended that the SQL Command Line Tools and Native Client Tools are also installed on the SCVMM server. See links at the end of this article.  We have used the SQL 2012 versions here.
  • Membership in the local Administrators group, or equivalent, on the computer that you are configuring is the minimum required to complete this procedure.

Extra Notes on SQL Server In System Center 2012 Service Pack 1 (SP1) you can take advantage of the AlwaysOn feature in Microsoft SQL Server 2012 to ensure high availability of the VMM database. To configure SQL Server with the AlwaysOn feature, complete both procedures below. For more information about the AlwaysOn feature, and AlwaysOn availability groups see the followings:

Before you begin the installation of the VMM management server, ensure that you have a computer with a supported version of Microsoft SQL Server installed and running. Unlike VMM 2008 R2, System Center 2012 – Virtual Machine Manager will not automatically install an Express edition of SQL Server Instructions

  • Firstly make sure you have Windows Server 2012 installed on your VMM Server
  • Click Manage > Install Roles and Features on your VMM Server

iis1

  • Select Installation type as Role based or Feature based installation

iis2

  • Select Destination Server

iis3

  • Go to Roles and select Web Server (IIS)

iis4

  • Click Add Features > Next

iis5

  • Select Features

iis6

  • Read the Information

iis7

  • Add Windows Authentication

iis8

  • Check Install Information and tick Restart if required

iis9

  • Click Install

iis10

  • Next Install Windows Assessment and Deployment Kit which you should have downloaded and copied to your VMM Server ready to install
  • Note this seems to take long to install!
  • The Windows ADK is a collection of tools that you can use to customise, assess and deploy Windows Operating Systems to new computers, is a pre-requisite for VMM 2012 SP1 and is used for bare metal deployment of Hyper-V Servers
  • Specify Location

deploy1

  • Join the Customer Improvement Program

deploy2

  • Accept the License Agreement

deploy3

  • Select the Features to Install. You generally need Deployment Tools and Windows Pre-Installation Environment (Windows PE)

deploy4

  • Click Install

deploy5

  • On the SCVMM server – install the SQL 2012 Native Client with SQL 2012 Command Line Utilities to follow
  • SQL Native Client contains runtime support for applications using native code APIs (ODBC, OLE DB and ADO) to connect to Microsoft SQL Server 2005, 2008, 2008 R2 and 2012. SQL Native Client is used to enhance applications that need to take advantage of new SQL Server 2012 features

sql1

  • Accept the License Agreement

sql2

  • Choose your Features in the Feature Selection Box

sql3

  • Install

sql4

  • Next Install SQL 2012 Command Line Utilities
  • The SQLCMD utility allows users to connect to, send Transact SQL batches from and output row set information from SQL Server 2008, 2008 R2 and 2012. It is used to enhance applications that need to take advantage of new SQL Server 2012 features

sql5

  • Accept License Agreement

sql6

  • Click Install

sql7

  • Next go to your SQL Server 2012 Server
  • Attach the SQL ISO
  • Run the Installer > New SQL Server stand-alone installation

sql1

  • Setup Support Rules will run > Click Next

sql2

  • Choose Specify the free edition

sql3

  • Accept the License Terms

sql4

  • Select Next to Install Product Updates if connected to the internet

sql5

  • You will see the status of the updating

sql6

  • Check Setup Support Rules

sql7

  • Choose SQL Server Feature Installation

sql8

  • Select All on the Feature Installation and choose where you want to install the Shared Feature Directories

sql9

  • Check Installation Rules

sql10

  • Just keep the Default Instance for now – MSSQLSERVER

sql11

  • Check Disk Space Requirements

SQL12

  • Check SQL Server Service Accounts and add your own as required

SQL13

  • Check Collation

sql14

  • Database Engine Configuration > Choose Mixed Mode and add the Domain Admin

sql15

  • Choose Data Directories

sql16

  • Check Analysis Services Settings

sql17

  • Reporting Services Configuration > Choose Install Only

sql18

  • Distributed Replay Controller > Just add the current user

sql19

  • Distributed Replay Client

sql20

  • Check Error Reporting

sql21

  • Installation Configuration Rules check

sql22

  • Ready to Install

sql23

  • Click Install

sql24

  • Don’t forget to go into SQL Server Configuration Manager > SQL Server Network Configuration > Protocols for MSSQLSERVER and enable Named Pipes and TCP/IP

sqlports

sqlports2

  • Restart SQL Services once this is done and it should look like the below

SQL Enabled

  • I also found I had to add my Domain Admin account to the Local Administrators group on the SCVMM and SQL Server or I got a message saying “Setup cannot connect to the specified SQL Server Instance. Ensure the server name is correct etc”
  • I also found that I add to adjust the hosts file in c:\Windows\System32\Drivers\etc on both the SCVMM Server and SQL Server and add in a mapping for the SQL Server
  • Now you are ready to install Microsoft VMM
  • Launch the Installer
  • Click Install

vmm1

  • Choose Features
  • Select VMM Server, VMM Administrator Console

vmm2

  • Put in Product Registration Information > Name, Organisation and Product Key if you have one. If not it will enter Evaluation Mode

VMM3

  • Accept the License Agreement

vmm4

  • Choose an option for the Customer Service Program

vmm5

  • Turn on Microsoft Update

vmm6

  • Select Installation Location

vmm7

  • Pre-Requisite Checking will then run. You can see I need to put more memory in my VM

vmm8

  • Put in your Database configuration. In my case I am using a separate SQL 2012 Server called DACVSQL002
  • Change the Database Name if you want to and the port is usually 1433
  • If you find you experience connection errors, then you will need to adjust firewall ports

vmm10

  • Put in Service Account Information
  • Ignore Distributed Key Management for now
  • DKM is used to store VMM encryption keys in Active Directory Domain Services. By default, using the Windows Data Protection API (DPAPI) VMM encrypts some data in the VMM Database (for example the Run As account credentials and passwords) and this data is tied in to the VMM server and the service account used by VMM. However with DKM, different machines can securely access the shared data. Once a HA VMM Node fails over to another node, it will start accessing the VMM database and use the encryption keys conveniently stored under a container in AD to decrypt the data in the VMM database

vmm11

  • Check Port Configuration Information

vmm12

  • Specify a Share for the Virtual Machine Manager Library

vmm13

  • Check the Installation Summary

vmm14

  • Install

vmm15

  • Once finished it should look like the following

vmm16

  • If there is a problem with setup completing successfully, consult the log files in the %SYSTEMDRIVE%\ProgramData\VMMLogs folder. ProgramData is a hidden folder.
  • Connect to VMM Console

vmm17

  • You will now see the VMM Console

vmm18

  • Next explore around VMM 2012.
  • Create a Run As account

creds

  • Practice adding a host Group and a Hyper-V Host
  • Right click on All Host and Select Create Host Group
  • Right click the New Host Group and select Add Hyper V Hosts and Clusters

hyperv1

  • Specifiy credentials to run for discovery. Use your previously created Run As account

Add resource

  • Choose the scope to search for the Hosts you want or add them manually

hyperv1

  • Choose your Hyper V Server

hyperv2

  • Choose Host Group and Virtual Machine Placement

HostSettings

  • Choose Migration Settings

Migration

  • Check Summary and Confirm Details

summary

  • You will see the job start in the job window
  • Check any warnings post addition

finish

  • See the articles below by Scott Lowe which walk you through VMM 2012

Links

Windows 2012 Domain Controller Command Line Tools

tools-icon

Once you install the Windows 2012 Domain Controller Role, you will find you are able to right click on the server in the console and a menu will appear showing that you are able to connect to several different command line tools. This looks like a very handy feature to have so lets have a deeper look at these tools

You can run these commands in the Active Directory Module for Windows PowerShell or cmd.exe

tools

What does Dcdiag.exe do?

This command-line tool analyzes the state of one or all domain controllers in a forest and reports any problems to assist in troubleshooting. DCDiag.exe consists of a variety of tests that can be run individually or as part of a suite to verify domain controller health and DNS Health

dcacls

What does Dsacls.exe do?

Dsacls.exe is a command-line tool that you can use to query the security attributes and to change permissions and security attributes of Active Directory objects. It is the command-line equivalent of the Security tab in the Windows Active Directory snap-in tools such as Active Directory Users and Computers and Active Directory Sites and Services.

dsacls

What does Dsdbutil.exe do?

Dsdbutil is a command-line tool that is built into Windows Server 2008. It is available if you have the AD LDS server role installed. To use dsdbutil, you must run the dsdbutil command from an elevated command prompt It performs database maintenance of the Active Directory Domain Services (AD DS) store, facilitates configuration of Active Directory Lightweight Directory Services (AD LDS) communication ports, and views AD LDS instances that are installed on a computer

dbsdbutil

What does Dsmgmt.exe do?

Dsmgmt is a command-line tool which is available if you have the AD LDS server role installed. To use dsmgmt, you must run the dsmgmt command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator. It facilitates managing Active Directory Lightweight Directory Services (AD LDS) application partitions, managing and controlling flexible single master operations (FSMO), and cleaning up metadata that is left behind by abandoned Active Directory domain controllers and AD LDS instances. (Abandoned domain controllers and AD LDS instances are those that are removed from the network without being uninstalled.)

dsm

What does Gpfixup.exe do?

This tool is used to fix domain name dependencies in Group Policy Objects (GPOs) and Group Policy links after a domain rename operation

gpfixup

What does ldp.exe do?

This GUI tool is a Lightweight Directory Access Protocol (LDAP) client that allows users to perform operations (such as connect, bind, search, modify, add, delete) against any LDAP-compatible directory, such as Active Directory. LDP is used to view objects stored in Active Directory along with their metadata, such as security descriptors and replication metadata. LDP is a GUI-based, Windows Explorer–like utility with a scope pane on the left that is used for navigating through the Active Directory namespace, and a details pane on the right that is used for displaying the results of the LDAP operations. Any text displayed in the details pane can be selected with the mouse and “copied” to the Clipboard.

  • Connect through PowerShell to ldp.exe
  • Click Connection
  • Put in your DC Name
  • You are then connected and ready to use the tool

http://technet.microsoft.com/en-us/library/cc756988%28v=ws.10%29.aspx

ldp

What does Netdom.exe do?

This command-line tool enables administrators to manage Windows Server 2003 and Windows 2000 domains and trust relationships from the command line. You can join a machine to a domain, manage computer accounts for domain member workstations and member servers, establish one-way or two-way trust relationships between domains, including certain kinds of trust relationships, verify and/or reset the secure channel for the following configurations and manage trust relationships between domains

http://technet.microsoft.com/en-us/library/cc781853%28v=ws.10%29.aspx 

What does Nltest.exe do?

Nltest.exe is available if you have the AD DS or the AD LDS server role installed. It is also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT) This tool can do the following

  • Get a list of domain controllers
  • Force a remote shutdown
  • Query the status of trust
  • Test trust relationships and the state of domain controller replication in a Windows domain
  • Force a user-account database to synchronize on Windows NT version 4.0 or earlier domain controllers

http://technet.microsoft.com/en-us/library/cc731935%28v=WS.10%29.aspx

What does Ntdsutil.exe do?

Ntdsutil.exe is a command-line tool that provides management facilities for Active Directory Domain Services (AD DS) and Active Directory Lightweight Directory Services (AD LDS). You can use the ntdsutil commands to perform database maintenance of AD DS, manage and control single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled. This tool is intended for use by experienced administrators.

ntdsutil

What does Repadmin do?

This command-line tool assists administrators in diagnosing replication problems between Windows domain controllers.

Administrators can use Repadmin to view the replication topology (sometimes referred to as RepsFrom and RepsTo) as seen from the perspective of each domain controller. In addition, Repadmin can be used to manually create the replication topology (although in normal practice this should not be necessary), to force replication events between domain controllers, and to view both the replication metadata and up-to-dateness vectors.

Repadmin.exe can also be used for monitoring the relative health of an Active Directory forest. The operations replsummary, showrepl, showrepl /csv, and showvector /latency can be used to check for replication problems.

http://technet.microsoft.com/en-us/library/cc736571%28v=ws.10%29.aspx

What does W32tm.exe do?

W32tm.exe is used to configure Windows Time service settings. It can also be used to diagnose problems with the time service. W32tm.exe is the preferred command line tool for configuring, monitoring, or troubleshooting the Windows Time service. The W32Time service is not a full-featured NTP solution that meets time-sensitive application needs and is not supported by Microsoft as such

http://technet.microsoft.com/en-us/library/cc773263%28v=WS.10%29.aspx

Installing a Windows Server 2012 Domain Controller and DNS

corpdir-lg

Installing a new DC

  • Install Windows Server 2012
  • Click Manage > Install Roles and Features
  • The Add Roles and Features Wizard will start

step_1

  • Click Next
  • Choose Role based or Feature installation

Step-2

  • Select the Server

Step-3

  • Click Next and Choose Active Directory Domain Services

Step-4

  • A box will pop up as per below
  • Click Add Features

Step-5

  •  Click DNS as well

step-9

  • A box will pop up
  • Click Add Features

Step-8

  • Click Next
  • Read the Notes

Step-7

  • Read the Notes about the DNS Server

step-10

  • Select Restart

Step-11

  • You will get the following message after selecting the checkbox for Restarting

step-12

  • Click Install
  • The final screen will show the progress of the install

step13

  • You can also Export Configuration Settings which are in the form of PowerShell commands allowing you to install from these to another DC in the future
  • Click Export Configuration Settings

step14

  • Once AD Domain Services has been installed, you now need to promote this server to be a Domain Controller
  • In Server Manager, you will see a notification triangle in the top right. Click this and you will get the following message

step15

  • Click Promote this server to a Domain Controller

step16

  • I am going to add this Domain Controller to my current domain dacmt.local
  • Click Next

step17

  • Type in a Directory Services Restore Mode Password
  • Click Next
  • Click Next on the DNS Screen

step18

  • Choose your replication option

step19

  • Choose paths for the AD Files
  • Note Best Practice would advise you to separate out these services on different redundant drives but this is just a demo so they all reside on the C Drive

step20

  • Check the Preparation Options

step21

  • Review Options

step22

  • Pre Requisites Check

step23

  • Click Install
  • Reboot when Install is finished
  • Once in Server Manager and you have chosen the AD DS role scroll down and you will see a section called Best Practices Analyzer. You can then go to Tasks and choose to run the BPA scan. This BPA scan can also be run from Windows PowerShell

Microsoft Technet Further Information

http://technet.microsoft.com/library/hh472162.aspx

Changing between Windows Server 2012 Installation Types

core4

As in Windows Server 2008 and Windows Server 2008 R2, Windows Setup in Windows Server 2012 allows you to choose one of two installation types:

  • Server Core Installation
  • Server with a GUI (also called a full installation)

server2012c

One of the more interesting new features in Windows Server 2012 is the ability to convert a full installation to a Server Core Installation and vice versa. You can switch between a Server Core installation and full installation in Windows Server 2012 because the difference between these installation options is contained in two specific Windows features that can be added or removed

server2012full

Features

  • Server Core. None of the options are selected. No GUI Interface
  • Graphical Management Tools and Infrastructure (Server-Gui-Mgmt-Infra) This provides a minimal server interface and server management tools such as Server Manager and the Microsoft Management Console
  • Server Graphical Shell (Server-Gui-Shell) It is dependent on the first feature and provides the rest of the GUI experience, including Windows Explorer
  • Desktop Experience is a third available GUI feature. It builds on the Server Graphical Shell feature and is not installed by default in the Server with a GUI installation of Windows Server 2012. Desktop Experience makes available Windows 8 client features such as Windows Media Player, desktop themes, and photo management.

The Different Types of Setup

Windows 2012 brings in another user interface for use; GUI, Server Core & Something in-between called Minimal Server Interface

  • Server Core – always installed and enabled; the baseline feature for all Windows Servers

server2012core

  • Server Graphical Management Tools & Infrastructure – functionality for Minimal Server Interface. No Desktop, Start Screen, Windows Explorer or Internet Explorer

server2012_minimal

  • Server Graphical Shell – equivalent to Server with a GUI

server2012full

Using PowerShell to swap between different Installations

  • Making Server 2012 a Server Core Installation

PowerShell Core

  • Making Server 2012 a Minimal Interface Installation

PowerShell Minimal

  • Making PowerShell a Full GUI Installation

Powershell Full

sconfig in a Server Core Installation

In Windows Server 2012, you can use the Server Configuration tool (Sconfig.cmd) to configure and manage several common aspects of Server Core installations. You must be a member of the Administrators group to use the tool.

Sconfig.cmd is available in the Minimal Server Interface and in Server with a GUI mod

sconfig

Reference Table

2012