We are using several virtualization platforms on a daily basis - some of our experiences with Proxmox were described in our previous blog posts. Now the time has come to use Hyper-V, Microsoft's well known hypervisor-based virtualization system. We have several of these systems running for well over two years, all of them in more or less closed environments. The idea was to replace several old boxes hosting different Web sites and applications with one powerful Hyper-V system. As it turned out, our Hyper-V configuration experience happened to be very different, as it relies on the fact that you can always access the Windows Core system powering the Hyper-V virtualizer from another machine inside the same local network. Of course, it is rather difficult to achieve something like that when you have your virtualization systems collocated in a hosting center a few thousand miles away from you. Here is what we've learned while performing the installation tasks.
Starting from Windows 2008 Server, you have two options when installing server OS: a Full installation or a Core installation. As you probably know, a Server Core is a minimal installation of Windows Server OS that comes without the standard Windows user interface, and can be used to work with a subset of server roles, all of which are managed from the command prompt. One of the supported roles is Hyper-V. Although a full installation is much easier to manage, a Hyper-V server running in a production environment will almost always run under the core version, due to reduced attack surface, reduced management, and reduced maintenance requirements. At first, it feels a bit strange - you are back in the good old DOS (or should I say Unix) days, where every single task has to be done via command prompt. Most of us never really bothered to use it for a decade or so, when all those nice GUI options were one mouse click away.
Installation and a few nice tools
The installation itself usually goes flawlessly. Here is a nice little tutorial on how to setup a Hyper-V role on top of Server Core. You will probably want to disable the Allow MMC Remote Management and Allow Server Manager Remote Management in a live, public hosted environment. Here’s why: these are DCOM-based utilities that does not really work well with firewalls on public networks (not that you would want to open DCOM related ports to the outside world anyway). The easiest solution would require a separate machine (physical or virtual) on a VPN that could be used to manage a Hyper-V server remotely. However, there is an alternative: a tool called 59manager that can be run directly from your Server Core system, providing every bit of functionality you need to manage your virtual machines. Coupled with the free CoreConfigurator tool, it will make all administration tasks much easier. You will also want to have Sysinternals Suite under your belt if things go wrong at any point.
There is a chance that the installation will run smoothly, but you will be unable to add and start a virtual machine after it is finished. Hyper-V requires your CPU and BIOS to support virtualization extensions (Intel VT or AMD-V) and to have the “No Execute” option enabled. If your system doesn't meet those requirements, you'll generally be able to install Hyper-V, but you'll be unable to start VMs. Remember to check the BIOS settings if something like this occurs in your environment!
Remote Desktop and firewall settings
In any case, you will probably want to use Remote Desktop Protocol (RDP) to access and manage your Hyper-V server. Type the following command at a command prompt to enable it:
cscript C:\Windows\System32\Scregedit.wsf /ar 0
This enables the Remote Desktop for Administration mode to accept connections. BTW, in order to view your current settings you can type:
cscript C:\Windows\System32\Scregedit.wsf /ar /v
If you see "1" in the script output, that means that RDP connections are denied. If you see a "0", they will be allowed.
Of course, no production server can run with a badly configured firewall. You can connect to the Hyper-V server from a MMC console running on another machine if the MMC Remote Management is enabled. However, as noted above, we are disabling this option on live servers. Again, a command line interface comes to the rescue. You can dump all firewall rules to a file (it can be a long list) by typing the following command:
netsh advfirewall firewall show rule name=all > firewall.txt
To disable the firewall rules for remote MMC management enter
netsh advfirewall firewall set rule group="Remote Administration" new
To open a specific port, enter
netsh firewall set portopening protocol=TCP port=1234 name="My custom
You can always close it like this
netsh firewall delete portopening protocol=TCP port=1234
Command line interface is your friend…
There is an excellent tutorial, “Beginners Guide to Server Core” that will get you up to speed with other command line tools.
You may also have to refresh your knowledge about a few rather old, but still very useful CLI tools. For example, we needed to format a new disk after the installation was over. This is where you’ll need to use DISKPART:
SELECT DISK 1
CREATE PARTITION PRIMARY
SELECT PARTITION 1
FORMAT FS=NTFS LABEL="New Volume" QUICK
… but it is nice to have a GUI when you need it
You will often need to download an OS image or another tool, or perform a similar simple task. Well, it might not be so simple in the command-line world, when you don’t have a browser or an FTP client at your disposal. Fortunately, you can use portable variants of various popular tools, like Chrome or FileZilla. These applications are self-contained and don’t require the installation procedure – you can view a list of available tools at portableapps.com. We have tried many of them, and never had any problems.
Creating and migrating VMs – and not only Windows
Hyper-V allows you to easily create new virtual machines, and virtualize your existing servers. Once again, SysInternals come out with a brilliant tool, Disk2vhd, that creates VHD (Virtual Hard Disk - Microsoft's Virtual Machine disk format) versions of physical disks for use in Microsoft Hyper-V virtual machines. The difference between Disk2vhd and other physical-to-virtual tools is that you can run Disk2vhd on a system that’s online. The process is very simple, although it can take a long time to create a VHD for an existing machine, so please be patient.
If you are creating VHDs of newer versions of Windows, everything tends to go smoothly. However, when working with Windows 2003, you may end up with a virtual machine with non-functional mouse and network adapters. The solution is obvious and includes the installation of integration components. The problem is that we often didn’t get the menu option for this task in 59manager, and had to do it manually by choosing “Edit hardware” and mounting c:\windows\system32\vmguest.iso to guest' machine DVD. You will just have to start setup.exe, and the integration components will install in a few seconds.
As for other operating systems, we were pleasantly surprised by the fact that almost all flavors of Linux that we needed ran without too much hassle. Although at this moment only SUSE Linux Enterprise Server, Red Hat Enterprise Linux and CentOS are officially supported, we have a few TurnKey Linux systems, based on Ubuntu 10.04, running happily on our Hyper-Vs. Unsupported distributions will not recognize the network adapter in most scenarios, and the trick here is to use the “Legacy network adapter” as described in this article. You will need to have a dedicated network card for this to work, but other than that, we are pretty happy with the performance.