Hyper-V, Server 2012 / R2, Server 2016, Virtualization

Hyper-V Integration Services

Hyper-V Integration Services allow a virtual machine to communicate with the Hyper-V host. Many of these services are conveniences, such as guest file copy, while others are important to the virtual machine’s ability to function correctly, such as time synchronization. This set of services are sometimes referred to as integration components,

integrationS

The Integration Services pane lists all integration services available on the Hyper-V host, and whether they’re turned on in the virtual machine. To get the version information for a guest operating system, log on to the guest operating system, open a command prompt, and run this command:

REG QUERY “HKLM\Software\Microsoft\Virtual Machine\Auto” /v IntegrationServicesVersion

PowerShell

Integration services

Name Windows Service Name Linux Daemon Name Description Impact on VM when disabled
Hyper-V Heartbeat Service vmicheartbeat hv_utils Reports that the virtual machine is running correctly. Varies
Hyper-V Guest Shutdown Service vmicshutdown hv_utils Allows the host to trigger virtual machines shutdown. High
Hyper-V Time Synchronization Service vmictimesync hv_utils Synchronizes the virtual machine’s clock with the host computer’s clock. High
Hyper-V Data Exchange Service (KVP) vmickvpexchange hv_kvp_daemon Provides a way to exchange basic metadata b etween the virtual machine and the host. Medium
Hyper-V Volume Shadow Copy Requestor vmicvss hv_vss_daemon Allows Volume Shadow Copy Service to back up the virtual machine with out shutting it down. Varies
Hyper-V Guest Service Interface vmicguestinterface hv_fcopy_daemon Provides an interface for the Hyper-V host to copy files to or from the virtual machine. Low
Hyper-V PowerShell Direct Service vmicvmsession not available Provides a way to manage virtual machine with PowerShell without a network connection. Low

Use Windows PowerShell to turn a integration service on or off

To do this in PowerShell, use Enable-VMIntegrationService and Disable-VMIntegrationService.

Get-VMIntegrationService -VMName “TestVM”

VMName Name Enabled PrimaryStatusDescription SecondaryStatusDescription
—— —- ——- ———————— ————————–
TestVM Guest Service Interface      False OK
TestVM Heartbeat                              True OK                                 OK
TestVM Key-Value Pair Exchange   True OK
TestVM Shutdown                              True OK
TestVM Time Synchronization        True OK
TestVM VSS                                          True OK

                                    Services Overview

Hyper-V Guest Shutdown Service

Windows Service Name: vmicshutdown
Linux Daemon Name: hv_utils
Description: Allows the Hyper-V host to request that the virtual machine shutdown. The host can always force the virtual machine to turn off, but that is like flipping the power switch as opposed to selecting shutdown.
Added In: Windows Server 2012, Windows 8
Impact: High Impact When disabled, the host can’t trigger a friendly shutdown inside the virtual machine. All shutdowns will be a hard power-off wich could cause data loss or data corruption.

Hyper-V Time Synchronization Service

Windows Service Name: vmictimesync
Linux Daemon Name: hv_utils
Description: Synchronizes the virtual machine’s system clock with the system clock of the physical computer.
Added In: Windows Server 2012, Windows 8
Impact: High Impact When disabled, the virtual machine’s clock will drift erratically.

Hyper-V Data Exchange Service (KVP)

Windows Service Name: vmickvpexchange
Linux Daemon Name: hv_kvp_daemon
Description: Provides a mechanism to exchange basic metadata between the virtual machine and the host.
Added In: Windows Server 2012, Windows 8
Impact: When disabled, virtual machines running Windows 8 or Windows Server 2012 or earlier will not receive updates to Hyper-V integration services. Disabling data exchange may also impact some kinds of monitoring and host-side diagnostics.+

The data exchange service (sometimes called KVP) shares small amounts of machine information between virtual machine and the Hyper-V host using key-value pairs (KVP) through the Windows registry. The same mechanism can also be used to share customized data between the virtual machine and the host.

Hyper-V Volume Shadow Copy Requestor

Windows Service Name: vmicvss
Linux Daemon Name: hv_vss_daemon
Description: Allows Volume Shadow Copy Service to back up applications and data on the virtual machine.
Added In: Windows Server 2012, Windows 8
Impact: When disabled, the virtual machine can not be backed up while running (using VSS).+

The Volume Shadow Copy Requestor integration service is required for Volume Shadow Copy Service (VSS). The Volume Shadow Copy Service (VSS) captures and copies images for backup on running systems, particularly servers, without unduly degrading the performance and stability of the services they provide. This integration service makes that possible by coordinating the virtual machine’s workloads with the host’s backup process.

Hyper-V Guest Service Interface

Windows Service Name: vmicguestinterface
Linux Daemon Name: hv_fcopy_daemon
Description: Provides an interface for the Hyper-V host to bidirectionally copy files to or from the virtual machine.
Added In: Windows Server 2012 R2, Windows 8.1
Impact: When disabled, the host can not copy files to and from the guest using Copy-VMFile.

Hyper-V PowerShell Direct Service

Windows Service Name: vmicvmsession
Linux Daemon Name: n/a
Description: Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.
Added In: Windows Server TP3, Windows 10
Impact: Disabling this service prevents the host from being able to connect to the virtual machine with PowerShell Direct.

Notes:
The service name was originally was Hyper-V VM Session Service.
PowerShell Direct is under active development and only available on Windows 10/Windows Server Technical Preview 3 or later hosts/guests.

PowerShell Direct allows PowerShell management inside a virtual machine from the Hyper-V host regardless of any network configuration or remote management settings on either the Hyper-V host or the virtual machine. This makes it easier for Hyper-V Administrators to automate and script management and configuration tasks.

Advertisements
Hyper-V, Server 2012 / R2, Server 2016, Virtualization

Advantages of Generation 2 VMs

Generation 2 VMs use synthetic drivers and software-based devices instead, and provide
advantages that include the following:

  • UEFI boot Instead of using the traditional BIOS, Generation 2 VMs support Secure Boot, using the Universal Extensible Firmware Interface (UEFI), which requires a system to boot from digitally signed drivers and enables them to boot from drives larger than 2 TB, with GUID partition tables. UEFI is fully emulated in VMs, regardless of the firmware in the physical host server.
  • SCSI disks Generation 2 VMs omit the IDE disk controller used by Generation 1 VMs to boot the system and use a high-performance virtual SCSI controller for all disks, enabling the VMs to boot from VHDX files, support up to 64 devices per controller, and perform hot disk adds and removes.
  • PXE boot The native virtual network adapter in Generation 2 VMs supports booting from a network server using the Preboot Execution Environment (PXE). Generation 1 VMs require you to use the legacy network adapter to support PXE booting.
  • SCSI boot Generation 2 VMs can boot from a SCSI device, which Generation 1 VMs cannot. Generation 2 VMs have no IDE or floppy controller support, and therefore cannot boot from these devices.
  • Boot volume size Generation 2 VMs can boot from a volume up to 64 TB in size, while Generation 1 boot volumes are limited to 2 TB.
  • VHDX boot volume resizing In a Generation 2 VM, you can expand or reduce a VHDX boot volume while the VM is running.
  • Software-based peripherals The keyboard, mouse, and videos drivers in a Generation 2 VM are software-based, not emulated, so they are less resource-intensive and provide a more secure environment.
  • Hot network adapters In Generation 2 VMs, you can add and remove virtual network adapters while the VM is running.
  • Enhanced Session Mode Generation 2 VMs support Enhanced Session Mode, which provides Hyper-V Manager and VMConnect connections to the VM with additional capabilities, such as audio, clipboard support, printer access, and USB devices.
  • Shielded virtual machines Generation 2 VMs can be shielded, so that the disk and the system state are encrypted and accessible only by authorized administrators.
  • Storage Spaces Direct Generation 2 VMs running Windows Server 2016 Datacenter Edition support Storage Spaces Direct, which can provide a high-performance, faulttolerant storage solution using local drives

 

Hyper-V, Server 2012 / R2, Server 2016, Virtualization

Enabling SR-IOV on VMs

The single root I/O virtualization (SR-IOV) interface is an extension to the PCI Express (PCIe) specification. SR-IOV allows a device, such as a network adapter, to separate access to its resources among various PCIe hardware functions. SR-IOV enables network traffic to bypass the software switch layer of the Hyper-V virtualization stack. Because the VF is assigned to a child partition, the network traffic flows directly between the VF and child partition. As a result, the I/O overhead in the software emulation layer is diminished and achieves network performance that is nearly the same performance as in nonvirtualized environments.

Technically, there are two functions implemented by SR-IOV: physical functions (PFs) and virtual functions (VFs). There are a number of PCI devices available in which the PFs have been implemented, but Microsoft Hyper-V provides SR-IOV support only for networking. In other words, Microsoft Hyper-V provides VFs to allow VMs to communicate to the physical network adapters directly. Since the VMs can communicate directly with the physical network adapters, organizations may benefit from increasing I/O throughput, reducing CPU utilization on Hyper-V hosts for processing network traffic, and reducing network latency by enabling direct communication. Before you can use SR-IOV for a Hyper-V VM, you will need to meet the following prerequisites:

  • The SR-IOV functionality is currently only available to Windows 8 and Windows Server 2012 guests.
  • Hyper-V must be running on a Windows Server 2012 or later operating system.
  • You must have an SR-IOV-capable physical network adapter that implements the PFs and can understand the VFs’ requests coming from the VMs.
  • You must have an external virtual switch that can understand the SR-IOV traffic.
  • The server’s motherboard chipset must also support SR-IOV.

Enabling SR-IOV is a two-step approach. First, you need to create an external switch and enablecSR_IOV or if there is one already created but SR-IOV not enabled, you will need to delete this as this can only be enabled while you are creating the switch. Once the SR-IOV is enabled on the external virtual switch, you can enable SR-IOV on the VMs by checking the “Enable SR-IOV” checkbox found under the “Hardware Acceleration” under Network Adapter settings on the VM’s properties.

4_LI

214

44_LI

 

 

Server 2012 / R2, Server 2016

Add Servers to Server Manager

As you add remote servers to Server Manager, some of the servers that you add might require different user account credentials to access or manage them. To specify credentials for a managed server that are different from those you use to log on to the computer on which you are running Server Manager, use the Manage As command after you add a server to Server Manager, which is accessible by right-clicking the entry for a managed server in the Servers tile of a role or group home page. Clicking Manage As opens the Windows Security dialog box, in which you can provide a user name that has access rights on the managed server.

Add and manage servers in workgroups;

 Although adding servers that are in workgroups to Server Manager might be successful, after they are added, the Manageability column of the Servers tile—on a role or group page that includes a workgroup server—can display Credentials not valid errors that occur while trying to connect to or collect data from the remote, workgroup server.

These or similar errors can occur in the following conditions.

  • The managed server is in the same workgroup as the computer that is running Server Manager.
  • The managed server is in a different workgroup from the computer that is running Server Manager.
  • One of the computers is in a workgroup, while the other is in a domain.
  • The computer that is running Server Manager is in a workgroup, and remote, managed servers are on a different subnet.
  • Both computers are in domains, but there is no trust relationship between the two domains.
  • Both computers are in domains, but there is only a one-way trust relationship between the two domains.
  • The server you want to manage has been added by using its IP address.

To add remote workgroup servers to Server Manager

  1. On the computer that is running Server Manager, add the workgroup server name to the TrustedHosts list. This is a requirement of NTLM authentication. To add a computer name to an existing list of trusted hosts, add the Concatenate parameter to the command. For example, to add the Server01 computer to an existing list of trusted hosts, use the following command.

    Set-Item wsman:\localhost\Client\TrustedHosts ServerName -Concatenate -Force

     

  2. Determine whether the workgroup server that you want to manage is in the same subnet as the computer on which you are running Server Manager.

    If the two computers are in the same subnet, or if the workgroup server’s network profile is set to Private in the Network and Sharing Center, go on to the next step.

    If they are not in the same subnet, or if the workgroup server’s network profile is not set to Private, on the workgroup server, change the inbound Windows Remote Management (HTTP-In) setting in Windows Firewall to explicitly allow connections from remote computers by adding the computer names on the Computers tab of the setting’s Properties dialog box.

  3. To override UAC restrictions on running elevated processes on workgroup computers, create a registry entry called LocalAccountTokenFilterPolicy on the workgroup server by running the following cmdlet.

New-ItemProperty -Name LocalAccountTokenFilterPolicy -path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -propertyType DWord -value 1

Server 2012 / R2, Server 2016

Branch Office Direct Printing

Branch Office Direct Printing can reduce Wide Area Network (WAN) usage by printing directly to a print device instead of a server print queue. This feature can be enabled or disabled on a per printer basis and is transparent to the user.

This feature requires a print server running Windows Server 2012 and clients running Windows 8. It is enabled by an administrator using the Print Management Console or Windows PowerShell on the server.

Branch Office Direct Printing requires the following operating systems:

  • Windows Server 2012
  • Windows 8

To Configure Branch Office Direct Printing

  1. Open the Print Management Console and expand Print Servers.

  2. Expand the print server where the print queues are installed and then expand Printers.

  3. Right click the printer that you wish to manage and select Enable Branch Office Direct Printing. Multiple printers can be configured at the same time by highlighting each printer prior to this step.

     

Set-Printer -name <String> -ComputerName <String> -RenderingMode BranchOffice

Server 2012 / R2, Server 2016

Deploy Storage Spaces on a Stand-Alone Server

To create a storage space, you must first create one or more storage pools. A storage pool is a collection of physical disks. A storage pool enables storage aggregation, elastic capacity expansion, and delegated administration.

From a storage pool, you can create one or more virtual disks. These virtual disks are also referred to as storage spaces. A storage space appears to the Windows operating system as a regular disk from which you can create formatted volumes. When you create a virtual disk through the File and Storage Services user interface, you can configure the resiliency type (simple, mirror, or parity), the provisioning type (thin or fixed), and the size. Through Windows PowerShell, you can set additional parameters such as the number of columns, the interleave value, and which physical disks in the pool to use.

You cannot use a storage space to host the Windows operating system.

Prerequisites;

Area Requirement
Disk bus types Serial Attached SCSI (SAS)

Serial Advanced Technology Attachment (SATA)

Note: You can also use USB drives. However, we do not recommend that you use USB drives in a server environment.

Note: Storage Spaces does not support iSCSI and Fibre Channel controllers.

Disk configuration Physical disks must be at least 4 GB.

Disks must be blank and not formatted. Do not create volumes.

HBA considerations We recommend that you use simple host bus adapters (HBAs) that do not support RAID functionality. If RAID capable, HBAs must be in non-RAID mode with all RAID functionality disabled. Adapters must not abstract the physical disks, cache data, or obscure any attached devices. This includes enclosure services that are provided by attached just-a-bunch-of-disks (JBOD) devices. Storage Spaces is compatible only with HBAs where you can completely disable all RAID functionality.
JBOD enclosures A JBOD enclosure is optional. For full Storage Spaces functionality if you are using a JBOD enclosure, verify with your storage vendor that the JBOD enclosure supports Storage Spaces.

To determine whether the JBOD enclosure supports enclosure and slot identification, run the following Windows PowerShell cmdlet:

Get-PhysicalDisk | ? {$_.BusType –eq “SAS”} | fc

If the EnclosureNumber and SlotNumber fields contain values, this indicates that the enclosure supports these features.

Step 1: Create a storage pool

New-StoragePool –FriendlyName StoragePool1 –StorageSubsystemFriendlyName “Storage Spaces*” –PhysicalDisks (Get-PhysicalDisk PhysicalDisk1, PhysicalDisk2, PhysicalDisk3, PhysicalDisk4)

Step 2: Create a virtual disk

New-VirtualDisk –StoragePoolFriendlyName StoragePool1 –FriendlyName VirtualDisk1 –ResiliencySettingName Mirror –UseMaximumSize

Step 3: Create a volume

Get-VirtualDisk –FriendlyName VirtualDisk1 | Get-Disk | Initialize-Disk –Passthru | New-Partition –AssignDriveLetter –UseMaximumSize | Format-Volume

Hyper-V, Server 2012 / R2, Server 2016

Automatic Virtual Machine Activation

Automatic Virtual Machine Activation was a feature that was added in Windows Server 2012 R2 that enables the activation of your VMs without using a KMS server or MAK key without the requirement of  internet connectivity.  As you create new VMs they activate against the host Hyper-v server. This method of activation only lasts 7 days before the VM renews it’s activation.  Ideal for Datacenter hosts as you can also report on this too.

AVMA requires the Hyper-v host to be running Server 2012 R2 or 2016 Datacenter and it must be activated.   The VMs that run on the host must be at least 2012 R2 or above to activate.  VM’s that can be activated using this method include 2012 R2/2016 Datacenter, Standard and Essentials.

AVMA offers several benefits:

* Activate virtual machines in remote locations
* Activate virtual machines with or without an internet connection
* Track virtual machine usage and licenses from the virtualization server, without requiring any access rights on the virtualized systems

SO

There is no true “configuration” for the virtual machine. When prompted for a license key, you simply give it the key that matches the operating system of the virtual machine.

Guest Operating System Key
Windows Server 2012 R2 Essentials K2XGM-NMBT3-2R6Q8-WF2FK-P36R2
Windows Server 2012 R2 Standard DBGBW-NPF86-BJVTX-K3WKJ-MTB6V
Windows Server 2012 R2 Datacenter Y4TGP-NPTV9-HTC2H-7MGQ3-DV4TW
Windows Server 2016 Essentials B4YNW-62DX9-W8V6M-82649-MHBKQ
Windows Server 2016 Standard C3RCX-M6NRP-6CXC9-TW2F2-4RHYD
Windows Server 2016 Datacenter TMJ3Y-NTRTM-FJYXT-T22BY-CWG3J

In order for the VM’s to talk to the host for activation, the Data Exchange option needs to be activated on the Integration Services.  To ensure this is enabled click on the Settings of the VM and ensure the option is selected.

Capture3