System Center Virtual Machine Manager, Virtualization

SCVMM Networking

There are some components which are like a building blocks, and we put them together to build up our network infrastructure in SCVMM. Everything is all about understanding logical and virtual components and how they interact and connect with the physical components.

Image result for scvmm networking

I like this image to simplify understanding all the components. thanks to Hyper-V Rockstar website. They also have a video to explain all these components and how they connect to each other by given a scenario.

Logical Networks

Most organizations have different types of networks, such as a corporate network, management network, demilitarized zone (DMZ), Internet network, backup network, and testing network. The different networks might be separated physically or separated using networking concepts such as Virtual LAN (VLAN), Private VLAN (PVLAN), and network virtualization. Each of these networks is defined inside VMM as a logical network, which is the primary building block to help model your physical network infrastructure and connectivity.

In addition, an organization might have different physical locations or data centers. In this situation, VMM lets you define a logical network that includes details about the sites it exists at, along with the configuration required at each site. For example, suppose an organization has a management network at its Dallas and Houston locations. In Dallas, the management network uses the 10.1.1.0/24 subnet with VLAN 10, whereas in Houston, the management network uses the 10.1.2.0/24 subnet with VLAN 20. This information can be modeled in VMM using network sites, which are linked to a VMM host group and contained within a logical network. This setup enables VMM to assign not only the correct IP address to virtual machines (VMs) based on location and network but also the correct VLAN or PVLAN. This is a key point. The logical network is modeling the physical network, so it’s important your objects match the physical topology such as the correct IP and VLAN configuration. A network site in a logical network doesn’t have to reflect an actual physical location but rather a specific set of network configurations.

A network site can be configured with just an IP subnet, just a VLAN, or an IP subnet/VLAN pair. You only need to configure IP subnets for a site if VMM will be statically assigning IP addresses to VMs created within the site. If DHCP is present, no IP subnet configuration is required. If VLANs aren’t being used, you don’t need to configure a VLAN. If DHCP is used on the network and VLANs aren’t used, you don’t have to create any network sites.

After the network sites are defined within a logical network, you can add IP pools to the defined IP address subnet, which enables VMM to configure VMs with static IP addresses as the VMs are deployed. If DHCP is used on the network, there’s no need to configure IP pools in VMM or even specify the IP subnet as part of the site configuration. DHCP would be leveraged for the IP assignment. However, if you don’t have DHCP, creating the IP pool allows VMM to handle the IP assignment for you. When a VM is deleted, VMM reclaims the IP address for its pool. Even when DHCP is primarily used on the network, if you’re using features such as load balancing as part of a service, VMM has to be able to allocate and track that IP address, which will require the configuration of an IP pool. If no IP pool is created for a network site, VMM configures the VMs to use DHCP for address allocation.

When using VMM, you should try to minimize the number of logical networks to keep the configuration as simple as possible. You should create them only when you need them. For example, as Figure 1 shows, I have several logical networks defined: a corporate network that has its own DHCP, an Internet network, a private network, two lab networks that use VLANs to separate communication (VMM allocates the IP addresses in these lab networks), and a network virtualization–enabled network that has an IP pool used for the Hyper-V host communications.

Virtual Machine Networks

The goal for virtualization is to separate and abstract the logical networks from the VMs. This abstraction is achieved through the use of VM networks, which is another networking architectural component in VMM. When you use VM networks, the VMs have no idea of the underlying technology (e.g., VLANs, network virtualization) used by the logical network. A VM’s virtual network adapter can only be connected to a VM network. When network virtualization is used, the Customer Address (CA) space (i.e., the IP addresses given to the VMs) is defined as part of the VM network. This allows specific VM subnets to be created as needed within the VM network, completely separate from the logical network IP configuration.

There are some scenarios in which the isolation provided by VM networks isn’t required. For example, you don’t need isolation when direct access to the infrastructure is required, such as when the VMM server is running on a VM. In these instances, you can create a no-isolation pass-through VM network that directly passes communication through to the logical network. The VM network is present only because a VM’s virtual network adapter needs to connect to a VM network. If a logical network has multiple network sites defined, when you deploy a VM, it will automatically pick the correct IP subnet and VLAN configuration based on the location to which you’re deploying the VM. Users of self-service type portals are exposed to VM networks but not the details of the underlying logical networks.

Although logical networks are defined as part of the networking fabric view within the Fabric workspace, VM networks are defined within the VMs and Services workspace. When creating a VM network, you need to specify which logical network and specific site it relates to.

Port Profiles and Port Classifications

There are two types of port profiles: virtual port profiles and uplink port profiles. With virtual port profiles, you can configure settings that will be applied to virtual network adapters attached to VMs or virtual network adapters used by the management host OS. The settings can include:

  • Offload settings such as those used to configure virtual machine queue (VMQ), IPsec task offloading, and single root I/O virtualization (SR-IOV)
  • Security settings such as those used to configure DHCP guard
  • Guest teaming settings
  • Quality of Service (QoS) settings such as minimum and maximum bandwidth settings

VMM provides a number of built-in virtual port profiles for common network adapter uses, many of which are aimed at virtual network adapters used by the host OS. After a virtual port profile is used within a logical switch and the logical switch is deployed to a host, the host will be flagged as noncompliant if the virtual port profile configuration is changed, because the host’s configuration no longer matches the configuration of the virtual port profile. To fix this problem, you can easily remediate the servers to apply the updated configuration.

An uplink port profile defines the connectivity of the virtual switch to the logical networks. You need a separate uplink port profile for each set of hosts that require the same physical connectivity. (Remember that the logical networks define the physical network.) Conversely, anytime you need to restrict a logical network to specific hosts in the same location or need custom connectivity, you need a different uplink port profile. In the uplink port profile, you can select the logical networks that will be available as part of the logical network and the NIC teaming configuration when used on hosts. No preconfigured uplink port profiles are supplied, because their primary purpose is to model the logical networks that can be connected and, by default, there are no logical networks. If a change is made to the uplink port profile definition (e.g., a new VLAN is added), VMM will use a logical switch to automatically update all the virtual switches on the Hyper-V hosts that use the uplink port profile.

Port classifications are also available. They’re containers for port profile settings. You can think of port classifications as storage classifications, where you might create a gold storage classification that uses a top-of-the-line SAN and a bronze storage classification that uses a much lower tier of storage. Or you might create a high bandwidth classification and low bandwidth classification.

The benefit of the port classification is that it acts a layer of abstraction between the port profiles assigned to the logical switches. Because of this abstraction layer, you can assign a port classification to a VM template, but have a VM’s logical switch determine the port profile to be used.

VMM includes a number of port classifications that correlate to the provided virtual port profiles. Port classifications are linked to virtual port profiles as part of the logical switch creation process. Like VM networks, port classifications are exposed to users through self-service portals and not the underlying port profiles.

Logical Switches

Although it’s possible to manually perform virtual switch configurations on a server-by-server basis, it can lead to inconsistencies. In addition, it inhibits the automatic deployment of new Hyper-V hosts.

Fortunately, VMM has the logical switch component, which acts as a container for all virtual switch settings. It also ensures a consistent deployment of switch configurations across all servers. Automatic configuration with the logical switch is useful for not only deployments but also compliance tracking and enforcement. After a host is deployed using the logical switch component, VMM will continue to track the host’s configuration and compare it to the logical switch’s configuration. If the host’s configuration deviates from that of the logical switch, this configuration will be flagged as noncompliant, which you can then resolve through the administrative interface. If the logical switch is updated (e.g., a new extension is added), all the Hyper-V hosts using the logical switch will automatically be updated.

When configuring the logical switch, you can specify:

  • The Hyper-V virtual switch extensions that should be deployed to the hosts.
  • The uplink port profiles that relate to the switch.
  • The port classifications for the various types of virtual ports. For each port classification, you can select a specific virtual port profile to be used for the logical switch

As part of the logical switch component deployment, you can have VMM automatically configure NIC teaming on the Hyper-V hosts. You just need to select multiple network adapters on the host when applying the logical switch to the host. This means that you don’t need to make any networking configurations on the actual Hyper-V host. You do everything in VMM.

 

Advertisements
Microsoft System Center, System Center Virtual Machine Manager

System Center Virtual Machine Manager SCVMM 2016 build numbers

Build Number KB Release Date Description
3.2.9013.0 SCVMM 2016 Technical Preview
3.2.9234.0 SCVMM 2016 Technical Preview 2
3.2.9362.0 SCVMM 2016 Technical Preview 3
4.0.1075.0 SCVMM 2016 Technical Preview 4
4.0.1091.0 KB3119301 Update for SCVMM 2016 Technical Preview 4
4.0.1374.0 SCVMM 2016 Technical Preview 5
4.0.1379.0 KB3158141 Cumulative Update 1 (CU1) for SCVMM 2016 Technical Preview 5
4.0.1381.0 KB3160164 Cumulative Update 2 (CU2) for SCVMM 2016 Technical Preview 5
4.0.1390.0 KB3164176 Cumulative Update 3 (CU3) for SCVMM 2016 Technical Preview 5
4.0.1662.0 Download 2016 September 26 SCVMM 2016 RTM
4.0.1968.0 KB3190597 2016 October 13 Update Rollup 1 for SCVMM 2016
4.0.1968.10 KB3208888 2016 December 12 Hotfix 1 for SCVMM 2016 Update Rollup 1
4.0.2043.0 KB3209586 2017 January 24 Update Rollup 2 for SCVMM 2016
Microsoft System Center, System Center Virtual Machine Manager, Virtualization

Updates Rollup 2 for SCVMM 2016

We have been waiting for this to come up and here it is:

Improvements and issues that are fixed

Virtual Machine Manager now lets you not claim certain storage devices by Multipath I/O

(MPIO) when you add a host. This list of storage devices is controlled through

a registry key on the Virtual Machine Manager server.

When hosts are added to a cluster with Storage Spaces Direct (S2D) enabled,

you receive the following warning:

Error:

Multipath I/O is not enabled for known storage arrays on host hostname.

  • Multipath I/O (MPIO) is not disabled for the hosts in a BMC Storage Spaces Direct cluster.
  • Provides a consistent experience across Hyper-V and S2D clusters for changing classification on Cluster Shared Volume (CSV).
  • The Virtual Machine Manager cloud cannot calculate the storage classification capacity (it is displayed as 0) with an S2D cluster.
  • After onboarding an out-of-band Hyper Converged or S2D Scale Out FileServer (SOFS) into Virtual Machine Manager, the Storage Provider is not added, and SOFS properties such as volume, physical disk, and tiers are not available in Virtual Machine Manager.
  • Migrating a virtual machine (VM) from a VMware ESXi host to a Nano server host fails with error 2903.
  • SAN migration of virtual machines fail between two stand-alone Nano Server hosts.
  • As part of the V2V conversion for a VMWare Highly Available virtual machine, Virtual Machine Manager calculates the host ratings without considering CSV.
  • Migration of and/or cloning the virtual machine fails because the version of the virtualization software on the host does not match the version of the virtual machine’s virtualization software on the source.
  • Files are left in the following scenarios:
    • In the virtual machine library directory, even after the virtual machine is deleted from the Library
    • When a service instance fails and then is deleted
  • You can’t delete NAT Connection from the UI for Network Controller (NC) Managed Networks.
  • The Cloud Summary is missing capacity data for Tenant Administration.
  • Deletion of Logical Switch triggers a Virtual Machine Manager UI crash.
  • Program Menu reverts to System Center 2012 after installation of System Center Virtual Machine Manager 2016 Update Rollup 1.
  • Shielding an existing virtual machine fails intermittently with Error (1730).
  • Virtual machine start job reports fail with error 12711 when a virtual machine has the Set Order Priority option set.
  • Provides a simplified Create Volume wizard for S2D cluster creation.
  • Guest Agent is not upgraded on servicing a service after you upgrade Virtual Machine Manager from System Center 2012 R2 Virtual Machine Manager to System Center 2016 Virtual Machine Manager.
  • Service operations fail when there is a shared VHDX on a CSV volume and more than one Service virtual machine hosted on a single host.
  • Provides reliability improvements in the Virtual Machine Manager service.
  • Removal of Hyper-V Host fails in the following scenarios:
    • If any virtual machine on the host exists with checkpoints
    • If hosts have a VHD that’s referenced by a disk on another host
  • Slow performance when you perform a refresh on virtual machines that have many checkpoints.
  • Nano virtual machine deployment through a virtual machine template does not join the domain.
  • VDI virtual machines deployed through RDS do not appear in the Virtual Machine Manager console.
  • With Network Controller (NC) onboarded, virtual machine operations fail when there is a Port SACL applied on the virtual machine network.
  • NAT improvements including the following:
    • The release of the IP address reserved for a NAT connection when the connection throws an exception
    • The display of junk entries if the virtual machine network has a NAT connection
  • The removal of incoming NAT rules applied on a network adapter after the network adapter is disconnected and reconnected.
  • Creating a Host Cluster with Static IP address fails.
  • Network Controller (NC)–related improvements including the following:
    • The scale-out and scale-in of NC virtual machines.
    • The blocking of IPV6-based virtual machine network creation from the UI.
  • Network Controller-managed network adapter is not displayed as noncompliant after a PortACL rule is removed.
  • Load balancer improvements including the following scenarios:
    • Virtual Machine Manager goes into an inconsistent state after a SLB MUX deployment failure.
    • Load Balancing rules don’t work after disconnecting and reconnecting Network Controller-managed network adapters.
  • Gateways do not require certificates. They use user name and password for authentication. But, Gateway Templates starts the MUX service, which requires certificates for controller certificates and MUX certificates based on CA self-signed scenarios. This forces gateways to mandate certificates even through it is not required.
  • Virtual Machine Manager mandates all the gateway front-end pools to be available for the Network Controller host group scope.
  • Virtual Machine Manager lets users create a network adapter with dynamic option for Network Controller-managed connected networks. This should be blocked with an appropriate error message as the Network Controller does not support dynamic IP configuration for the network adapter.
  • Changing a virtual machine network between Network Controller-managed connected networks is successful in Virtual Machine Manager. However, the Network Controller still has old information in its network adapter JSON when it uses the DHCP option.
  • UI improvements include the following:
    • Noncompliant warning (26909) displayed for a Virtual Machine and its network adapter when you deploy a virtual machine that is connected to a network by using a Dynamic IP address.
    • Hyper-V Nano host is displayed as not compliant for SET team Logical Switch.
  • By default, Remote Access Gateway connections are disabled when configured through Virtual Machine Manager.
  • Improved SDN manageability includes the following:
    • When you use the Force option to remove a Virtual Network Gateway even when the Network Controller is down.
    • Setting Port Profiles of Network Controller-managed virtual machines after migration.
  • Virtual Machine Manager does not delete the routes from the Network Controller. However, removing the VPN Connection deletes the routes and the VPN connection. Creating the same routes from Virtual Machine Manager will also work as it would find the routes in the Network Controller.
  • When a self-service user deploys a virtual machine to the cloud and changes the hardware profile, Virtual Machine Manager does not let you use the IP pool available in the selected VLAN.
  • Unable to create VLAN-based logical networks through Virtual Machine Manager when the subnet is not specified.

For more details about other features that are available in Virtual Machine Manager 2016, see What’s New in VMM 2016.

 

Known issues

  • You cannot update VM hardware profile properties for VMs with dynamic memory after you install Update Rollup 2. The error that you see is because of the startup memory in the Console being reset to 1 every time that you start the VM Properties dialog box from the Console for a VM where Dynamic Memory is enabled. This issue is only a display issue and actual memory of the VM is not affected.

Because this is just a Console issue, you can continue to use VMM PowerShell to manage hardware properties without performing any additional steps. Or, the properties can be updated from the Console after stopping the VM and updating the startup memory within the original acceptable range.

  • When you create a VM with dynamic memory through the Console or by updating the memory of a VM from static to dynamic through the Console after you deploy Update Rollup 2, the default maximum memory is set to a value greater than 1 TB. This causes VM creation/update to fail.

To work around this issue, update the maximum memory value to 1TB or less in the Console to avoid errors. Additionally, you can use PowerShell to create VMs with 1TB maximum memory without performing any additional steps.

  • After you apply Update Rollup 2, if you try to change the value for ‘Number of Processors’ of a deployed VM through the Administrator Console or VMM PowerShell to a number greater than 64, you encounter an error. This issue applies to even new VMs you create after you install Update Rollup 2.

To work around this issue, continue to provision VMs with the number of processors not greater than 64.

 

Hyper-V, Microsoft System Center, System Center Virtual Machine Manager, Virtualization

Network Virtualization vs. Server Virtualization

Many people are asking these again and again. I have found this information really helpful.

How is network virtualization similar to server virtualization? Well, for one thing they’re very similar conceptually. On a virtualized server, a software abstraction layer (server hypervisor) reproduces the familiar attributes of the physical server in software, allowing the attributes to be programmatically assembled in any arbitrary combination to produce a unique virtual machine (VM) in a matter of seconds. With network virtualization, the functional equivalent of a network hypervisor reproduces networking services—like switching, routing, access control, firewalling, quality of service (QoS), and load balancing—in software, allowing them to produce a unique virtual network in a matter of seconds.

Network virtualization also provides similar benefits to server virtualization: just as virtual machines operate independently of the underlying hardware and allow IT to treat physical hosts as a pool of compute capacity, virtual networks operate independently of their underlying IP network hardware, so IT can treat the physical network as a pool of transport capacity that can be consumed and re-purposed on demand. When you think about it, what’s going on in networking today is the same thing that has been going on in compute and storage for years. Just as server virtualization opened up new opportunities for organizations to store and access information with greater reach and speed than ever before, network virtualization resolves the networking challenges that have kept today’s organizations from realizing their datacenters’ full potential—until now. More importantly, network virtualization provides a strong foundation for resolving the networking challenges that are keeping today’s organizations from realizing the full potential of the software-defined datacenter (SDDC).

Microsoft System Center, System Center Virtual Machine Manager, Virtualization

System Center Virtual Machine Manager 2016

I have found these articles by Rayne Wiselman. This was exactly what I was looking for and this guy has done an awesome job to put everything in one place.

System Center Virtual Machine Manager 2016

Plan VMM installation

Installation and upgrade requirements

This table summarizes what you’ll need for VMM 2016 installation.

Requirement Version Details
VMM server operating system Windows Server 2016 Server Core is supported
SQL Server Supported versions Enterprise or standard edition
Command line utilities for SQL Server SQL Server 2014 feature pack If you want to deploy VMM services using SQL Server data-tier apps, install the related command-line utilities on the VMM management server. The version you install should match the SQL Server version. You don’t have to install these to install VMM.
Client (to run VMM console) Windows 8.1 onwards, Windows Server 2012 R2 onwards To run the console the machine must be in an Active Directory domain.
Windows Assessment and Deployment Kit (ADK) Windows ADK for Windows 10 You can install from setup, or you can download it. You only need the Deployment Tools and Windows Preinstallation Environment options.
VMM library Windows Server 2012 onwards Required operating systems if you’re installing the library on a remote server
Virtualization hosts Windows Server 2012 onwards Nano is supported in Windows Server 2016
Guest operating system Windows operating systems supported by Hyper-V

Linux (CentOS, RHEL, Debian, Oracle Linux, SUSE, Ubuntu)

PowerShell PowerShell 4.0

PowerShell 5.0

Used to set up, configure, and manage VMM.
.NET 4.5, 4.5.1, 4.5.2, 4.6 Required for VMM console
.NET 4.5.1, 4.5.2, 4.6 Required for VMM management server
Host agent VMM 2016 Needed for hosts managed in the VMM compute Fabric
Monitoring System Center Operations Manager 2016 You also need SQL Server Analysis Services 2014 or later
VMware vCenter 5.1, 5.5, 5.8, 6.0

ESX 5.5, ESX 6.0

vCenter and ESX servers running these versions can be managed in the VMM Fabric
Update servers WSUS 2012 R2 or later Used to manage updates in the VMM Fabric
Bare metal provisioning System Management Architecture for Server Hardware (SMASH) v1 or higher over WS-MAN

Intelligent Platform Interface 1.5 or higher

Data Center Manager Interface (DCMI) 1.0 or higher

Required to discover physical bare metal servers and set up an operating system and Hyper-V.
PXE/WDS Server Windows Server 2008 R2 or later Used for bare metal provisioning

SPN

If the VMM user installing VMM, or running VMM setup, doesn’t have permissions to write the service principal name (SPN) for the VMM server in Active Directory, setup will finish with a warning. If the SPN isn’t registered, other computers running the VMM console won’t be able to connect to the management server, and you won’t be able to deploy a Hyper-V host on a bare metal computer in the VMM fabric. To avoid this issue, you need to register the SPN as a domain administrator before you install VMM, as follows:

  1. Run these commands from \Windows\System32>, as a domain administrator: setspn -s -u SCVMM/<MachineBIOSName> <VMMServiceAccount> setspn -s -u SCVMM/<MachineFQDN> <VMMServiceAccount>

For a cluster, should be / and should be

  1. On the VMM server (or on each node in a cluster), in the registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft System Center Virtual Machine Manager Server\Setup.
  2. Set VmmServicePrincipalNames to SCVMM/,SCVMM/. For a cluster: SCVMM/,SCVMM/.

If you can’t do this, you can also register the SPN during VMM installation. A domain administrator can provide the SPN write permissions to VMM service user or setup user. Note that this approach isn’t the preferred one. The permission allows the delegated user to register any servicePrincipalName, with no restrictions. Hence, the delegated user should be highly trusted, and the account credentials must be kept secure. To do this:

  1. Run adsiedit as a domain administrator.
  2. Navigate to find the VMM service user. Right-click Properties > Security > Advanced. Then click Add, and in Select a principal, specify user who will be granted the permissions.
  3. Select Write servicePrincipalName > OK .

When you install VMM with this user account SPN will be registered.

VMM management server

  • You can’t run the VMM management server on a Nano server
  • The management server computer name cannot exceed 15 characters.
  • Don’t install the VMM management server, or other System Center components other than agents, on servers running Hyper-V.
  • You can install the VMM management server on a VM. If you do, and you use the Dynamic Memory feature of Hyper-V, then you must set the startup RAM for the virtual machine to be at least 2,048 megabytes (MB).
  • If you want to manage more than 150 hosts, we recommend that you use a dedicated computer for the VMM management server and do the following:
    • Add one or more remote computers as library servers, and do not use the default library share on the VMM management server.
    • Don’t run the SQL Server instance on the VMM management server.
  • For high availability, the VMM management server can be installed on a failover cluster. Learn more.

SQL Server and database

  • The instance of SQL Server that you are using must allow for case-insensitive database objects.
  • The SQL Server’s computer name cannot exceed 15 characters in length.
  • If the VMM management server and the SQL Server computer are not members of the same Active Directory domain, then a two-way trust must exist between the two domains.
  • When you install SQL Server, select the Database Engine Services and Management Tools – Complete features.
  • You can perform an in-place upgrade to a supported version of SQL Server (without moving the VMM database). Make sure no jobs are running when you perform the upgrade, or jobs may fail and may need to be restarted manually.
  • For the VMM database, for better performance, do not store database files on the disk that is used for the operating system.
  • If you are using Software Defined Networking (SDN) in VMM, then all networking information is stored in the VMM database. Because of this, you might want to consider high availability for the VMM database, using the following guidelines:
    • Failover clustering is supported and is the recommended configuration for availability within a single geographical area or datacenter. Read more.
    • Use of AlwaysOn Availability Groups in Microsoft SQL Server is supported, but it’s important to review the differences between the two availability modes, synchronous-commit and asynchronous-commit. Learn more.
      • With asynchronous-commit mode, the replica of the database can be out of date for a period of time after each commit. This can make it appear as if the database were back in time which might cause loss of customer data, inadvertent disclosure of information, or possibly elevation of privilege.
      • You can use synchronous-commit mode as a configuration for remote-site availability scenarios.
  • The SQL Server service must use an account that has permission to access Active Directory Domain Services (AD DS). For example, you can specify the Local System Account, or a domain user account. Do not specify a local user account.
  • You don’t need to configure collation. During deployment, Setup automatically configures CI collation according to the language of the server operating system.
  • Dynamic port is supported.
  • If you want to create the VMM database prior to VMM installation:
    • Make sure you have permissions or create a SQL database, or ask the SQL Server admin to do it.
    • Configure the database as follows:
      1. Create a new database with settings: Name: VirtualManagerDB; Collation: Latin1_General_100_CI_AS, but aligned with the specific SQL Server instance collation.
      2. Grant db_owner permissions for the database to the VMM service account.
      3. In VMM setup you’ll select the option to use an existing database and specify the database details and VMM service account as the database user.

Library server

  • If you run the library server on the VMM management server, then you must provide additional hard disk space to store objects. The space required varies, based on the number and size of the objects you store.
  • The library server is where VMM stores items such as virtual machine templates, virtual hard disks, virtual floppy disks, ISO images, scripts, and stored virtual machines. The optimal hardware requirements that are specified for a VMM library server vary, depending on the quantity and size of these files. You will need to check CPU usage, and other system state variables to determine what works best in your environment.
  • If you want to manage Virtual hard disks in the .vhdx file format, the VMM library server must run Windows Server 2012 or later.
  • VMM does not provide a method for replicating physical files in the VMM library or a method for transferring metadata for objects that are stored in the VMM database. Instead, if necessary, you need to replicate physical files outside of VMM, and you need to transfer metadata by using scripts or other means.
  • VMM does not support file servers that are configured with the case-sensitive option for Windows Services for UNIX, because the Network File System (NFS) case control is set to Ignore.

Account and domain requirements

When you install VMM you need to configure the VMM service to use either the Local System account or a domain account. Note the following before you prepare an account:

  • It is not supported to change the identity of the Virtual Machine Manager service account after installation. This includes changing from the local system account to a domain account, from a domain account to the local system account, or changing the domain account to another domain account. To change the Virtual Machine Manager service account after installation, you must uninstall VMM (selecting the Retain data option if you want to keep the SQL Server database), and then reinstall VMM by using the new service account.
  • If you specify a domain account, the account must be a member of the local Administrators group on the computer.
  • If you specify a domain account, it is strongly recommended that you create an account that is specifically designated to be used for this purpose. When a host is removed from the VMM management server, the account that the System Center Virtual Machine Manager service is running under is removed from the local Administrators group of the host. If the same account is used for other purposes on the host, this can cause unexpected results.
  • If you plan to use shared ISO images with Hyper-V virtual machines, you must use a domain account.
  • If you are using a disjointed namespace, you must use a domain account. For more information about disjointed namespaces, see Naming conventions in Active Directory for computers, domains, sites, and OUs.
  • If you are installing a highly available VMM management server, you must use a domain account.
  • The computer on which you install the VMM management server must be a member of an Active Directory domain. In your environment you might have user accounts in one forest and your VMM servers and host in another. In this environment, you must establish a two-way trust between the two cross-forest domains. One-way trusts between cross-forest domains are not supported in VMM.

Distributed key management

By default, VMM encrypts some data in the VMM database by using the Data Protection Application Programming Interface (DPAPI). For example, Run As account credentials, passwords in guest operating system profiles, and product key information in virtual hard disks properties. Data encryption is tied to the specific computer on which VMM is installed, and the service account that VMM uses. If you move your VMM installation to another computer, VMM won’t retain the encrypted data, and you’ll need to enter it manually.

To ensure that VMM retains encrypted data across moves, you can use distributed key management to store encryption keys in Active Directory. If you move your VMM installation, VMM retains the encrypted data because the new VMM computer has access to the encryption keys in Active Directory. To set up distributed key management you should coordinate with your Active Directory administrator. Note that:

  • You must create a container in AD DS before you install VMM. You can create the container by using ADSI Edit (installed from Server Manager > Remote Server Administration Tools.
  • You create the container in the same domain as the user account with which you are installing VMM. If you specify that the VMM service uses a domain account, that account must be in the same domain. For example, if the installation account and the service account are both in the corp.contoso.com domain, you must create the container in that domain. So, if you want to create a container that is named VMMDKM, you specify the container location as CN=VMMDKM,DC=corp,DC=contoso,DC=com. The account with which you’re installing VMM needs Full Control permissions to the container in AD DS. The permissions must apply to this object, and to all descendant objects.
  • If you are installing a highly available VMM management server, you must use distributed key management to store encryption keys in Active Directory. You need distributed key management because if VMM fails over to a node, that node will need access to the encryption keys.
  • When you configure the service account and distributed key in setup, you must type the location of the container in AD DS, for example: CN=VMMDKM,DC=corp,DC=contoso,DC=com

Install VMM

Before you start

Run setup

  1. Close any open programs and ensure that no restarts are pending on the computer.
  2. To start the Virtual Machine Manager Setup wizard, on your installation media, right-click setup.exe, and then click Run as administrator.
  3. In the main setup page, click Install. If you have not installed the Microsoft .NET Framework, VMM will prompt you to install it now.
  4. On the Select features to install page, select the VMM management server check box, and then click Next. The VMM console will be automatically installed. If you’re installing on a cluster node you’ll be asked if you want to make the management server highly available.
  5. On the Product registration information page, provide the appropriate information, and then click Next. If you do not enter a product key, VMM will be installed as an evaluation version that expires in 180 days after installation.
  6. On the Please read this license agreement page, review the license agreement, select the I have read, understood, and agree with the terms of the license agreement check box, and then click Next.
  7. On the Usage and Connectivity Data page, select either option, and then click Next.
  8. If the Microsoft Update page appears, select whether you want to use Microsoft Update, and then click Next. If you’ve already chosen to use Microsoft Update on this computer the page won’t appear.
  9. On the Installation location page, use the default path or type a different installation path for the VMM program files, and then click Next. The setup program checks the computer on which you are installing the VMM management server to ensure that the computer meets the appropriate hardware and software requirements. If the computer does not meet a prerequisite, a page that contains information about the prerequisite and how to resolve the issue appears.
  10. On the Database configuration page, if you’re using a remote SQL instance specify the name of the computer that is running SQL Server. If you are installing the VMM management server on the same computer that is running SQL Server, then in the Server name box, either type the name of the computer (for example, vmmserver01) or type localhost. If the SQL Server is in a cluster, type the cluster name.
  11. Don’t specify a Port value if you don’t have a remote instance of SQL Server, or if you have a remote SQL Server that uses the default port (1443).
  12. Specify the SQL Server instance name and whether to use an existing or new database. You’ll need an account with permissions to connect to the instance.
  13. On the Configure service account and distributed key management page, specify the account that the VMM service will use. You can’t change the identity of the VMM service account after installation.
  14. Under Distributed Key Management, select whether to store encryption keys in Active Directory.
  15. On the Port configuration page, use the default port number for each feature or provide a unique port number that is appropriate in your environment. You cannot change the ports that you assign during the installation of a VMM management server unless you uninstall and then reinstall the VMM management server. Also, do not configure any feature to use port 5986, because that port number is preassigned.
  16. On the Library configuration page, select whether to create a new library share or to use an existing library share on the computer. The default library share that VMM creates is named MSSCVMMLibrary, and the folder is located at %SYSTEMDRIVE%\ProgramData\Virtual Machine Manager Library FilesProgramData is a hidden folder, and you cannot remove it. After the VMM management server is installed, you can add library shares and library servers by using the VMM console or by using the VMM command shell.
  17. On the Installation summary page, review your selections and then click Install. The Installing features page appears and displays the installation progress.
  18. On the Setup completed successfully page, click Close to finish the installation. To open the VMM console, you can ensure that Open the VMM console when this wizard closes is checked, or you can click the Virtual Machine Manager Console icon on the desktop.

During Setup, VMM enables the following firewall rules. These rules remain in effect even if you later uninstall VMM.

  • Windows Remote Management
  • Windows Standards-Based Storage Management
Note

If Setup does not finish successfully, consult the log files in the %SYSTEMDRIVE%\ProgramData\VMMLogs folder. ProgramData is a hidden folder.

Install VMM from a command prompt

You can install VMM from a command prompt. The installation media contains .ini files for all VMM features:

  • VMServer.ini: Settings for the VMM management server.
  • VMClient.ini: Settings for the VMM console.
  • VMServerUninstall.ini: Uninstallation settings for the VMM management server.

Each of these files contain key/value pairs with default values. These entries are commented out. Remove the comment symbol(#) and change the value.

  1. Edit the VMServer.ini file with the options in the table below this procedure
  2. After you edit open an elevated command prompt and run setup.exe with the parameters below. For example, to use a VMServer.ini file that is stored in C:\Temp with a SQL Server administrator account of contoso\SQLAdmin01 and a VMM service account of contoso\VMMadmin14, use the following command: setup.exe /server /i /f C:\Temp\VMServer.ini /SqlDBAdminDomain contoso /SqlDBAdminName SQLAdmin01 /SqlDBAdminPassword password123 /VmmServiceDomain contoso /VmmServiceUserName VMMadmin14 /VmmServiceUserPassword password456 /IACCEPTSCEULA

VMServer.ini values

Option Values Default
PoductKey Product key in the format: xxxxx-xxxxx-xxxxx-xxxxx-xxxxx xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
UserName Optional display name for the user who is installing the features. This is not the user account for the installation. Administrator
CompanyName Optional display name for the organization that is installing the features. Microsoft Corporation
ProgramFiles Location for VMM files. C:\Program Files\Microsoft System Center 2012\Virtual Machine Manager
CreateNewSqlDatabase 0: Use an existing Microsoft SQL Server database.

1: Create a new SQL Server database.

1
SqlInstanceName Name of the new or existing instance of SQL Server. MICROSOFT$VMM$
SqlDatabaseName Name of the new or existing SQL Server database. VirtualManagerDB
RemoteDatabaseImpersonation 0: Do not impersonate the administrator account for SQL Server. The user that runs setup.exe must be an administrator for the server that is hosting SQL Server.

1: Impersonate the administrator account for SQL Server by using the provided credentials. The user who runs setup.exe must provide values for the SqlDBAdminName, SqlDBAdminPassword, and SqlDBAdminDomain parameters.

0
SqlMachineName Name of the server that is hosting SQL Server. Do not specify localhost. Instead, specify the actual name of the computer.
(various ports) Ports used by VMM IndigoTcpPort: 8100

IndigoHTTPSPort: 8101

<br/ BitsTcpPort: 443

CreateNewLibraryShare 0: Use an existing library share.

1: Create a new library share.

1
LibraryShareName Name of the file share to be used or created. MSSCVMMLibrary
LibrarySharePath Location of the existing file share or the new file share to be created. C:\ProgramData\Virtual Machine Manager Library Files
LibraryShareDescription Description of the share. Virtual Machine Manager Library Files
SQMOptIn 0: Do not opt in for “Diagnostic and Usage Data”.

1: Opt in for “Diagnostic and Usage Data

1
MUOptIn 0: Do not opt in to Microsoft Update.

1: Opt in to Microsoft Update.

0
VmmServiceLocalAccount 0: Use a domain account for the VMM service (scvmmservice).

1: Use the Local System account for the VMM service.

To use a domain account, when you run setup.exe, provide values for the VMMServiceDomain, VMMServiceUserName, and VMMServiceUserPassword parameters.

0
TopContainerName Container for Distributed Key Management (DKM); for example, “CN=DKM,DC=contoso,DC=com”. VMMServer
HighlyAvailable 0: Do not install as highly available.

1: Install as highly available.

0
VmmServerName Clustered service name for a highly available VMM management server. Do not enter the name of the failover cluster or the name of the computer on which the highly available VMM management server is installed.
VMMStaticIPAddress IP address for the clustered service name for a highly available VMM management server, if you are not using Dynamic Host Configuration Protocol (DHCP). Both IPv4 and IPv6 are supported.
Upgrade 0: Do not upgrade from a previous version of VMM.

1: Upgrade from a previous version.

1

Setup-exe parameters

Parameter Details
/server Specifies installation of the VMM management server.
/i or /x Specifies whether to install (/i) or uninstall (/x) the server.
/f Specifies the .ini file to use. Be sure that this parameter points to the correct .ini file. If setup.exe does not find an .ini file, it will perform the installation by using its own default values.
/VmmServiceDomain Specifies the domain name for the account that is running the VMM service (scvmmservice). Use this parameter only if you set VmmServiceLocalAccount to 0 in VMServer.ini.
/VmmServiceUserName Specifies the user name for the account that is running the VMM service (scvmmservice). Use this parameter only if you set VmmServiceLocalAccount to 0 in VMServer.ini.
/VmmServiceUserPassword Specifies the password for the account that is running the VMM service (scvmmservice). Use this parameter only if you set VmmServiceLocalAccount to 0 in VMServer.ini.
/SqlDBAdminDomain Specifies the domain name for the administrator account for the SQL Server database. Use this parameter if the current user does not have administrative rights to SQL Server.
/SqlDBAdminName Specifies the user name for the administrator account for the SQL Server database. Use this parameter if the current user does not have administrative rights to SQL Server.
/SqlDBAdminPassword Specifies the password for the administrator account for the SQL Server database. Use this parameter if the current user does not have administrative rights to SQL Server.
/IACCEPTSCEULA Notes acceptance of the Microsoft Software License Terms. This is a mandatory parameter.

For example, to use a VMServer.ini file that is stored in C:\Temp with a SQL Server administrator account of contoso\SQLAdmin01 and a VMM service account of contoso\VMMadmin14, use the following command: setup.exe /server /i /f C:\Temp\VMServer.ini /SqlDBAdminDomain contoso /SqlDBAdminName SQLAdmin01 /SqlDBAdminPassword password123 /VmmServiceDomain contoso /VmmServiceUserName VMMadmin14 /VmmServiceUserPassword password456 /IACCEPTSCEULA

Uninstall VMM or the VMM console

  1. Make sure the VMM console and VMM command shell are closed.
  2. On the computer on which the VMM management server is installed, click Start, and then click Control Panel.
  3. Under Programs, click Uninstall a program. Under Name, double-click Microsoft System Center 2016 Virtual Machine Manager.
  4. On the What would you like to do? page, click Remove features.
  5. On the Select features to remove page, select the VMM management server check box, and then click Next. If you want to uninstall the VMM console, select the VMM console check box. Note that if you have a highly available VMM deploy, you must remove both the VMM server and VMM console.
  6. On the Database options page, select whether you want to retain or remove the VMM database, and, if necessary, credentials for the database, and then click Next.
  7. On the Summary page, review your selections and click Uninstall. The Uninstalling features page appears and uninstallation progress is displayed.
  8. After the VMM management server is uninstalled, on the The selected features were removed successfully page, click Close.

The following firewall rules, which were enabled during VMM Setup, remain in effect after you uninstall VMM:

  • File Server Remote Management
  • Windows Standards-Based Storage Management firewall rules

If there is a problem with setup completing successfully, consult the log files in the %SYSTEMDRIVE%\ProgramData\VMMLogs folder. ProgramData is a hidden folder.

Uninstall VMM from the command line

To uninstall VMM edit the VMSererUninstall file as described below. Then run setup.exe for the uninstall. For example, to uninstall using an ini file stored in C:\Temp with an account contoso.SQLAdmin01 type: setup.exe /server /x /f C:\Temp\VMServerUninstall.ini /SqlDBAdminDomain contoso /SqlDBAdminName SQLAdmin01 /SqlDBAdminPassword password123

VMServeRUnisntall.ini

Option Details Default value
RemoteDatabaseImpersonation 0: Local SQL Server installation.

1: Remote SQL Server installation.

When you run setup.exe, provide a value for the SqlDBAdminName, SqlDBAdminPassword, and SqlDBAdminDomain parameters unless the user who is running setup.exe is an administrator for SQL Server.

0
RetainSqlDatabase 0: Remove the SQL Server database.

1: Do not remove the SQL Server database

To remove the SQL Server database, when you run setup.exe, provide a value for the SqlDBAdminName, SqlDBAdminPassword, and SqlDBAdminDomain parameters unless the user who is running Setup is an administrator for SQL Server.

0
ForceHAVMMUninstall 0: Do not force uninstallation if setup.exe cannot verify whether this node is the final node of the highly available installation.

1: Force the uninstallation.

 

Plan a highly available VMM deployment

For resilience and scalability you can deploy VMM in high availability mode, as follows:

  • Deploy the VMM management server in a failover cluster.
  • Make library server file shares highly available
  • Deploy the SQL Server VMM database as highly available.

Plan a highly available SQL Server deployment

  • You should set up SQL Server before you deploy the VMM management servers.
  • We recommend you use a highly available SQL Server installation on a failover cluster and configure SQL Server AlwaysOn availability groups. You shouldn’t install SQL Server on the VMM cluster.
  • Review the best practices for failover cluster node prerequisites.
  • AlwaysOn availability groups are supported in VMM. Use synchronous commit for higher protection with more overhead. If you use asynchronous-commit mode the secondary database can lag behind the primary database making some data loss possible.
  • The database server must be in the same domain as the VMM server, or in a domain with a two-way trust.
  • Using a clustered database with VMM requires Kerberos authentication. To support this, the SQL Server instance must associate a Service Principal Name (SPN) with the account that SQL Server will be running on.

Plan a highly available VMM management server

  • You’ll need a failover cluster running Windows Server 2012 R2 or later.
  • You can only set up one VMM deployment on a failover cluster. You can install VMM management nodes on up to 16 nodes but only one node can be active at any one time.
  • All nodes in the clusters that will act as VMM servers must be running Windows Server 2012 R2 or later.
  • On each node you’ll need to install Windows ADK for Windows 8.1 on each computer. You can download and install before you begin deployment or install during setup. When you run the ADK setup select Deployment Tools and Windows Preinstallation Environment.
  • If you plan to deploy VMM services that use SQL Server data-tier applications, install the related command-line utilities on the cluster nodes. The command line utility is available in the SQL Server 2012 feature pack.
  • Each node must be joined to a domain, and computer name shouldn’t exceed 15 characters.
  • Don’t install on a Hyper-V host. You can install VMM on a VM.
  • Before you start you’ll need to set up the VMM service account and distributed key management. Learn more

Plan a highly available VMM library

You can create highly-available library servers to ensure that file-based resources, templates, and profiles are resilient and available.

  • VMM doesn’t automatically create the VMM library as highly available when you deploy VMM in high availability mode. You need to create highly available library servers by deploying the library on a file server cluster.
  • You’ll need to set up a file server failover cluster. Deploying highly available library shares on the VMM cluster isn’t supported.
  • Computers you’ll configure as file servers should be running on a failover cluster running Windows Server 2012 R2 or later. We recommend that all nodes have the same version of Windows.
  • All nodes you want to add as file servers should be in the same domain.
  • Make sure the hardware and software that you want to use for the library meets the system requirements.
  • The user who creates the cluster has Create Computers objects permission to the OU or the contain where the servers that will form the cluster reside. If this isn’t possible ask a domain admin to pre-stage a cluster computer object for the cluster.
  • The account you use to create the cluster should be a domain user on all the computers you want to add as file server nodes.
  • The library server can’t be a scale-out file server (SOFS). It must be on a failover cluster that doesn’t use the SOFS cluster role. This is because when you deploy the library the VMM agent is deployed on the host. For SOFS there are multiple hosts in a cluster provides shares which makes it complicated for agent deployment. When you have a standalone or clustered library server, you can leverage storage on SOFS by creating shares on it.
  • You can deploy the library shares on a cluster with physical nodes, or a guest cluster.
  • If you want to add clustered storage when you create the cluster make sure all computers can access the storage.
  • If you want to deploy a distributed VMM library in different datacenters you’ll need to set up a scheduled copy between the two library shares. No replication is available.

Deploy VMM for high availability

Before you start

You’ll need to prepare for a high availability deployment

  • You can only set up one VMM deployment on a failover cluster. You can install VMM management nodes on up to 16 nodes but only one node can be active at any one time.
  • Requirement for computers running as VMM management nodes:
    • All the computers that will act as VMM servers must be running Windows Server 2012 R2 or later.
    • You’ll need to install Windows ADK for Windows 8.1 on each computer. Install from setup or the download center. Select Deployment Tools and Windows Preinstallation Environment when you install.
    • If you plan to deploy VMM services that use SQL Server data-tier applications, install the related command-line utilities on your VMM management server. The command line utility is available in the SQL Server 2012 feature pack.
    • Each computer must be joined to a domain, and computer name shouldn’t exceed 15 characters.
  • Don’t install on a Hyper-V host. You can install VMM on a VM.

 

Deploy a highly available VMM management server

Before you start

  • Read the planning steps for a highly available deployment.
  • This procedure presumes you’re setting up a single failover cluster with two or more file servers.

Set up the failover cluster

  1. Click Server Manager > Manage > Add Roles and Features.
  2. In Select installation type click Role-based or feature-based installation.
  3. In Select destination server click the server you want to configure for failover clustering. On Select features click Failover Clustering. Click Add Feature to install the failover cluster management tools.
  4. In Confirm installation selections click Install. A server restart isn’t needed.
  5. Repeat for each server you want to add as a node in the file server cluster.
  6. After you have at least two nodes in the cluster you can run cluster validation tests (you’ll need at least two nodes in the cluster. Open Failover Cluster Manager and under Management click Validate Configuration.
  7. In Select Servers or a Cluster specify the NetBIOS or FQDN of a node you’re adding and click Add. In Testing Optionsclick Run all tests (recommended).
  8. In Summary, if the tests completed correctly click Create the cluster now using the validated nodes. Click View Report to troubleshoot any issues.
  9. In Access Point for Administering the Cluster specify the cluster name. For example VMMLibrary. When the cluster is created this name will be registered as the cluster computer object (CNO) in Active Directory. If you specify a NetBIOS name for the cluster the CNO is created in the same location where the computer objects for the cluster node reside (either the default Computers container or an OU). You can specify a different location by adding the distinguished OU name. For example CN=ClusterName, OU=Clusters,DC=Contoso.
  10. If the server isn’t configured to use DHCP specify a static IP address for the cluster. Select each network you want to use for cluster management and in Address select the IP address. This is the IP address that will be associated with the cluster in DNS.
  11. In Confirmation review the settings. Clear Add all eligible storage to the cluster if you want to configure storage later. Click Next to create the cluster.
  12. In Summary confirm that the cluster was created and that the cluster name is listed in Failover Cluster Manager.

Install VMM on the first cluster node

  1. On either node of the cluster you created run VMM setup and click Install.
  2. VMM detects its installing on a cluster node and asks you if you want to make the VMM server highly available. Click Yes.
  3. In Select features to install select the VMM management server and the VMM console.
  4. In Product registration information specify organizational details and the product key.
  5. IN EULA and CEIP accept the EULA and specify whether you want to participate in CEIP.
  6. In Installation Location accept the default settings.
  7. In Prerequisites VMMs check whether prereqs are in place and will install missing components. If you don’t have the Windows ADK installed, you’ll need to download and install it.
  8. In Database configuration specify the database you’ll use for VMM. The database should be highly available and deployed in a separate failover cluster. This dialog appears if VMM isn’t clustered, or if it’s clustered but not using AlwaysOn Availability Groups. Specify the cluster name.
  9. In Cluster configuration specify the name of the VMM cluster for example HAVMMM.
  10. In Configure service account and distributed key management specify the service account and key location you created earlier. VMM Run As accounts are stored as encrypted in the VMM database. For a high availability deployment, you’ll need to access encrypted keys from a central location so you should have created a distributed key management container in Active Directory before you ran setup.
  11. In Port configuration modify port settings if you need to.
  12. Finish installing VMM. You can’t specify a library share right now. In a highly available deployment you create the library share after installation is complete.

Install VMM on the second cluster node

  1. Run setup and confirm that you want to add this server as a node to the highly available deployment.
  2. During the wizard you’ll need to specify the service account password. You don’t need to specify other information.

Deploy a highly available VMM library

This article describes the steps for deploying a highly available System Center 2016 – Virtual Machine Manager (VMM) library. You set up a Windows failover cluster running the File Server role. Then you create file shares on the cluster and assign them as VMM library shares.

Before you start

Read the planning steps for a highly available VMM deployment.

Set up the failover cluster

This procedure presumes you’re setting up a single failover cluster with two or more file servers.

  1. Click Server Manager > Manage > Add Roles and Features.
  2. In Select installation type click Role-based or feature-based installation.
  3. In Select destination server click the server you want to configure for failover clustering. On Select features click Failover Clustering. Click Add Feature to install the failover cluster management tools.
  4. In Confirm installation selections click Install. A server restart isn’t needed.
  5. Repeat for each server you want to add as a node in the file server cluster.
  6. After you have at least two nodes in the cluster you can run cluster validation tests (you’ll need at least two nodes in the cluster). Open Failover Cluster Manager and under Management click Validate Configuration.
  7. In Select Servers or a Cluster specify the NetBIOS or FQDN of a node you’re adding and click Add. In Testing Optionsclick Run all tests (recommended).
  8. In Summary, if the tests completed correctly click Create the cluster now using the validated nodes. Click View Report to troubleshoot any issues.
  9. In Access Point for Administering the Cluster specify the cluster name. For example VMMLibrary. When the cluster is created this name will be registered as the cluster computer object (CNO) in Active Directory. If you specify a NetBIOS name for the cluster the CNO is created in the same location where the computer objects for the cluster node reside (either the default Computers container or an OU). You can specify a different location by adding the distinguished OU name. For example CN=ClusterName, OU=Clusters,DC=Contoso.
  10. If the server isn’t configured to use DHCP specify a static IP address for the cluster. Select each network you want to use for cluster management and in Address select the IP address. This is the IP address that will be associated with the cluster in DNS.
  11. In Confirmation review the settings. Clear Add all eligible storage to the cluster if you want to configure storage later. Click Next to create the cluster.
  12. In Summary confirm that the cluster was created and that the cluster name is listed in Failover Cluster Manager.

If you want to build a guest cluster to deploy the file server read Rudolf Vesely’s useful blog post.

Set up the file server role

  1. On each computer you’ll set up as a file server node, in Failover Cluster Manager select Configure Role.
  2. In the High Availability Wizard > Select Role, selectFile Server.
  3. In File Server Type select File Server for general use.
  4. In Client Access Point type the cluster name (in our procedure this was VMMLibrary and the cluster IP address.
  5. In Select storage specify the shared storage you want to use.
  6. Confirm the settings and finish the wizard.

Create a file share

  1. In Failover Cluster Management > cluster name > Roles. Select the file server and click Add File Share.
  2. In New Share Wizard > Select Profile select SMB Share – Quick.
  3. In Share Location select the file server.
  4. In Share Name specify the share name and description.
  5. In Other Settings leave the default settings.
  6. In Permissions grant full access to the SYSTEM and Administrators accounts, and to the VMM admin account. In Confirmation review settings and click Create.

Add the share as a VMM library

  1. Open the VMM console > Library > Add Library Server.
  2. In Add Library Server Wizard > Enter Credentials specify a domain account with permissions for the file cluster.
  3. In the Select Library Servers page, type in the domain in which the file cluster is located and in Computer name specify the name you assigned to file server cluster or click Search to find it. Click Add > Next.
  4. On the Add Library Servers page select the library shares you want to add. If you want to add the default library resources to the share select Add Default Resources. In addition to default resources this adds the ApplicationFrameworks folder to the share.
  5. On the Summary page review settings and click Add Library Servers. In Library > Library Servers verify the library server and share are listed.
  6. After the share is created you can copy resources to the library share.

Deploy SQL Server for VMM high availability

This article describes the steps for deploying a highly available SQL Server database for System Center 2016 – Virtual Machine Manager (VMM). You set up a SQL Server cluster, configure the SQL Server VMM database with Always On Availability Groups.

Before you start

Read the planning information for a highly available VMM deployment. It includes prerequisites and issues you should be aware of.

Set up availability groups

SQL Server Always On availability groups support failover environments for a discrete set of user databases (availability databases). Each set of availability databases is hosted by an availability replica. To set up an availability group you’ll need to deploy a Windows Server Failover Clustering (WSFC) cluster to host the availability replica, and enable Always On on the cluster nodes. You can then add the VMM SQL Server database as an availability database.

  • Learn more about Always On prerequisites
  • Learn more about setting up a WSFC for AlwaysOn availability groups
  • Learn more about setting up an availability group

Configure the VMM database with Always On Availability Groups

  1. On the VMM server, stop the VMM service. For a cluster, in Failover Cluster Manager, stop the VMM role.
  2. Connect to the machine that hosts the VMM database, and in SQL Server Management Studio, right-click the VMM database > Properties. In Options, set the Recovery model for the database to Full.
  3. Right-click the VMM database > Tasks > Back Up and take a backup of the database.
  4. In SQL Server Management Studio > AlwaysOn High Availability > right-click the availability group name > Add Database.
  5. In Add Database to Availability Group > Select Databases, select the VMM database.
  6. In Select Data Synchronization, leave the Full default.
  7. In Connect to Replicas > Connect, specify permissions for the availability group destination.
  8. Prerequisites are checked in Validation. In Summary, when you click Next AlwaysOn availability support will be initiated for the VMM database. The VMM database is copied and from this point AlwaysOn will keep the VMM database synchronized between the SQL Server AlwaysOn cluster nodes.
  9. Restart the VMM service or cluster role. The VMM server should be able to connect to the SQL Server.
  10. VMM credentials are only stored for the main SQL Server, so you’ll need to create a new login on the secondary node of the SQL Server cluster, with the following characteristics:
  • The login name is identical to the VMM service account name.
  • The login has the user mapping to the VMM database.
  • The login is configured with the database owner credentials.

Run a failover

To check that Always On is working as expected for the VMM database, run a failover from the primary to secondary node in the SQL Server cluster.

  1. In SQL Server Management Studio, right-click the availability group on the secondary server > Failover.
  2. In Fail Over Availability Group > Select New Primary Replica, select the secondary server.
  3. In Summary, click Finish.
  4. Now move it back by initiating a failover to the secondary node computer that is running SQL Server, and verify that you can restart the VMM service (scvmmservice).
  5. Repeat the last two steps for every secondary node in the cluster that is running SQL Server.
  6. If this is a high availability VMM setup, continue to install other high availability VMM nodes.

Plan the VMM fabric

  • Compute: Resources in the compute fabric include virtualization servers (Hyper-V and VMware), VMs, and infrastructure services such as pre-boot execution environment (PXE) servers to handle bare-metal deployment of Hyper-V host servers, and update servers.
  • Network: The network fabric includes VMM networks, load balancers, and gateways.
  • Storage: The storage fabric includes storage arrays, file servers, and storage pools.

This article summarizes planning steps you should perform before you set up components in VMM fabric.

Plan the compute fabric

In the compute fabric you set up all the servers and computers that will be managed in the VMM fabric. It includes the VMM library, virtualization hosts and VMs, and infrastructure servers, including update servers, IPAM servers, and PXE servers used for bare metal deployment.

Learn more about planning the compute fabric.

Plan the networking fabric

In the networking fabric you:

  1. Set up logical networks and IP addressing: Create logical networks that maps to your physical networks. You can create network sites that map to network sites in your physical network. For example IP subnets, VLNS, or subnet/VLAN pairs. Then if you’re not using DHCP you create IP address pools for the network sites that exist within your physical networks.
  2. Create VM networks: Create VM networks that map to network sites that exist within your physical networks.
  3. Create port profiles: Create uplink port profiles that indicates to VMM which networks a host can connect to on a specific network adapter. If required create virtual port profiles to specify settings that should be applied to virtual network adapters.
  4. Create custom port classifications: If you created a custom virtual port profile you’ll probably want to create a custom port classification to abstract it.
  5. Configure logical switches: Create a logical switch, apply it to a host and select the network adapters on the host that you want to bind to the switch. When you apply the switch networking settings will be applied to the host.

Learn more about planning the networking fabric

Plan the storage fabric

VMM supports block and file-based storage. In the VMM storage fabric you discover, configure, and assign storage. You can use storage as a factor in VM placement, so that when a user deploys a VM, VMM checks the VM template or cloud settings for an assigned storage classification. When VMM rates potential VM hosts, it prioritizes hosts that have available storage with the appropriate classification. VMM also identifies the most efficient process for transferring a VM VHD file from the library to an appropriate storage resource, based on the technologies that the storage type uses. For example if a SAN supports Windows Offloaded Data Transfers (ODX) then VMM will use ODX for the transfer.

When planning the storage fabric consider the following:

  • Decide how you want to provision storage in the fabric? You can add existing storage devices and servers, create a scale-out file server from existing Windows servers, or deploy file storage from bare metal computers.
  • Plan storage classifications. You can create storage classifications before you add storage, or during the add process. When you plan your classification you’ll know which classification to add to each storage pool.
  • You can plan classifications based around storage type, or location. For example you could create the following classifications:
    • Bldg1Gold: A set of solid-state drives (SSDs) that you will make available to users in building 1.
    • Bldg1Silver: A set of SSDs and hard disk drives (HDDs) that you will make available to users in building 1
    • Bldg2Gold: A set of SSDs that you will make available to users in building 2.
    • Bldg2Silver: A set of SSDs and HDDs that you will make available to users in building 2.
  • You can map storage classifications to block storage and file shares.

Next steps

Set up the VMM networking fabric

Here’s what you’ll typically do to set up networking in the VMM fabric:

  1. Set up logical networks: Create logical networks that maps to your physical networks. You can create network sites that map to network sites in your physical network. For example IP subnets, VLNS, or subnet/VLAN pairs. Then if you’re not using DHCP you create IP address pools for the network sites that exist within your physical networks.
  2. Create VM networks: Create VM networks that map to network sites that exist within your physical networks.
  3. Set up IP address pools: Create address pool to allocate static IP addresses. You’ll need to configure pools for logical networks, and in some circumstances for VM networks too.
  4. Add a gateway: You might need to set up network virtualization gateways in the VMM networking fabric. By default, if you’re using isolated VM networks in your VMM fabric, VMs associated with a network can only connect to machines in the same subnet. If you want to connect VMs further than the subnet you’ll need a gateway.
  5. Create port profiles: Create uplink port profiles that indicates to VMM which networks a host can connect to on a specific network adapter. If required create virtual port profiles to specify settings that should be applied to virtual network adapters. You can create custom port classifications to abstract virtual port profiles.
  6. Configure logical switches: Create a logical switch, apply it to a host and select the network adapters on the host that you want to bind to the switch. When you apply the switch networking settings will be applied to the host.

Set up logical networks in the VMM fabric

There are different types of networks in most organizations, including corporate networks, management networks, and others. These networks might be isolated physically or virtually using network virtualization and virtual LANs (VLANs). In VMM each of these networks is defined as a logical network. Logical networks are logical objects that mirror your physicals networks and are used to model your VMM network fabric.

When you create logical networks to model your environment you assign them properties that match your physical environment. You specify the type of network, the network sites associated with the logical network, and static address pools if you’re not using DCHP to assign IP addresses to VMs you create in the network sites.

When you provision virtualization hosts in the VMM fabric, you associate physical adapters on those hosts with logical networks.

Before you start

  • Automatic logical networks: By default, VMM creates logical networks automatically. When you provision a host in the VMM fabric and there’s no VMM logical network associated with a physical network adapter on that host, VMM automatically creates a logical network and associates it with an adapter. By default for the logical network VMM first DNS suffix label of the connection-specific DNS suffix. By default VMM also creates a VM network configured with No isolation.
  • Manual logical networks: When you create a logical network manually you specify:
    • Network type: You specify whether the network is isolated or not, and if it is how it’s isolated. Then when you create VM networks based on the logical network they’ll be created with the type of network you specified.
      • No isolation: This is the simplest type of network model that specifies there’s just a single network within which machines can connect to each other with no need to isolate these machines from each other. VM networks in VMM provide an interface through which VMs connect to a logical network, and in a no isolation model you’ll have a single VM network mapped to a logical network.
        • Isolation: More often you’ll want to isolate networks from each other. For example you might want to isolate networks that have different purposes, or you might be a provider who wants to host workloads for multiple tenants on a single logical network, with isolation for each tenant. In this case you’ll have multiple VM networks mapped to a logical network. VM networks mapped to a logical network can be isolated using VLANs/private VLANs, or network virtualization. Note that:
          • A typical setup might be an infrastructure network with no isolation or VLAN isolation, a load balancer backend and internet facing network with PVLAN, and tenant networks with isolation using network virtualization.
            • You can only use one type of isolation on a single logical network. If you do need this you’ll need multiple logical networks.
          • There’s a practical limit of ~2000 tenants and ~4000 VM networks for a single VMM server.
    • Network sites: If your organization has different locations and datacenters you can include information about those sites in your logical network settings. For example you could specify a New York site with and IP subnet and/or VLAN settings, and then a London site with different IP/VLAN settings. You can then assign IP address to VMs based on network, location, and VLAN settings. Note that:
      • You need to assign an IP subnet to a site if VMM is going to distribute static IP addresses to VMs in the site. If you’re using DHCP you don’t need a subnet.
      • You need to configure a VLAN if one’s used in your physical site. If you’re not using VLANs and you’re using DHCP you don’t need to define network sites in your logical network.

Create logical networks automatically

If you want VMM to automatically create logical and VM networks you can specify how VMM determines the logical network name.

  1. Click Settings > General. Double-click Network Settings.
  2. Configure the Logical network matching setting. Note that:
    • For Hyper-V hosts you can use the entire DNS suffix label, or the first one. For example if the DNS suffix is corp.contoso.com the logical network will be corp-contoso.com or just corp. This isn’t supported for VMware hosts.
    • For Hyper-V and VMware hosts you can select the network connection name or the virtual network switch name (the name of the virtual network switch to which the physical adapter of the host is bound).
    • By default VMware hosts use the virtual network switch option.
    • You can also specify a fallback option if the first logical matching fails.

If you don’t want VMM to create logical and VM networks automatically you can disable the global setting.

  1. Click Settings > General and double-click Network Settings.
  2. Clear Create logical networks automatically.

Create logical networks manually

  1. Fabric > Home > Show > Fabric Resources. In Fabric expand Networking > Logical Networks > Home > Create > Create Logical Network.
  2. In Create Logical Network Wizard > Name specify a name and description.
  3. Specify how you want to isolate VM networks associated with this logical network:
    • If you want to have multiple VM networks associated with the logical network and isolate them using network virtualization click One connected network > Allow new VM networks created on this logical network to use network virtualization.
    • If you want to have multiple VM networks associated with the logical network and isolate them using a VLAN/PVLAN select VLAN-based independent networks or Private VLAN (PVLAN) networks.
    • If you don’t want to isolate networks in the logical network, click One connected network > Create a VM network with the same name to allow virtual machines to access this logical network directly. With this setting you’ll have a single VM network associated with your logical network.
    • If you’ve deployed a Microsoft network Controller in the VMM fabric you can select to have the logical network managed by the network controller.
  4. In Network Site add network sites to the logical network. If you don’t need to create network sites click Next.
    • DHCP no VLAN: If you’re using DHCP to allocate IP addresses and you don’t have VLANs you don’t need a network site. Note that VMM automatically suggests a site name. Any network name shouldn’t be longer than 64 characters.
    • Static IP: If you’re using static IP addresses create at least one network site and associate at least one IP subnet with it.
    • VLAN: If you’re using VLANs with static IP addressing create corresponding network site for the VLAN and subnet pairs. If you’re using DHCP create corresponding network sites for VLAN information only.
    • Network virtualization: If you’re using network virtualization create at least one network site with an associated IP subnet so that the logical network has an IP address pool.
    • Load balancer: If the logical network will contain a load balancer create at least one network site with an associated IP subnet.
  5. If you’re using an external network managed by a vendor network management console or virtual switch extension manager outside VMM you can configure settings in the vendor conole and import them into VMM.
  6. In Host groups that can use this network site select each host group to which you want to make the logical network available.
  7. In Associated VLANs and IP subnets click Insert Row to specify the settings that you want to assign to the network site. If you selecting PVLAN you’ll need to add a SecondaryVLAN for each VLAN. Ensure that the VLANs and subnets are available in your physical network. If you leave the VLAN field empty VMM assigns a value of 0 to indicate that VLANs aren’t used. In trunk mode 0 indicates native VLAN.
  8. In Summary review the settings and click Finish. When the job shows as Completed verify the logical network in Logical Networks and IP Pools.

Next steps

If you created network sites and associated one or more IP subnets with them (you’re not using DHCP) you can create static IP address pools from those subnets. Then VMM can automatically allocate IP addresses to VMs in the network site. Set up IP address pools.

Set up VM networks in the VMM fabric

In a virtualized network environment, we want to abstract virtual machines from the underlying logical network. VM networks help you to do this. VM networks are abstract objects that act as an interface to logical networks.

  • A logical network can have one or more associated VM networks.
  • If a logical network isn’t isolated, then a single VM network with be associated with it.
  • If a logical network is isolated, then multiple VM networks can be associated with it. These multiple VM networks allow us to use networks for different purposes. For example, as a provider you might want to host workload for multiple tenants on a single logical network, using a separate VM network for each tenant. The type of VM network you set up depends on the isolation settings for the logical network:
    • Network virtualization: If the logical network is isolated using network virtualization you can create multiple VM networks for a logical network. Within a VM network tenants can use any IP addresses they want for their VMs regardless of the IP addresses used on other VM networks. Tenants can also configure some network settings.
    • VLAN: If the logical network is isolated using VLAN or PVLAN you’ll create on VM network for each network site and VLAN in the logical network.
    • No isolation: If the logical network is configured without isolation you’ll create a single VM network linked to a logical network.

Before you start

  • In some circumstances you’ll need to create a static IP address pool on the VM network after you’ve created it. Learn more.
  • By default machines within a specific VM network can connect to each other. If your VM network will connect to other networks you can configure it with a gateway (network service). If you want to add a gateway to the VM network you’ll need to create it. Learn more.

Create a VM network (network virtualization)

  1. Click VMs and Services > VM Networks > Home > Create > Create VM Network.
  2. In Create VM Network Wizard > Name, type in a name and description and select a logical network on which to base the VM network.
  3. In Isolation, select Isolate using Hyper-V network virtualization, and verify the IP address protocols.
  4. In VM Subnets click Add, and specify subnets for the VM network using CIDR notation. You can add multiple subnets.
  5. In Connectivity, if you see the message No network service, it specifies a gateway has been added to VMM and you can click Next. If you don’t see the message, specify the gateway (network service) options:
    • No connectivity: Leave all check boxes cleared if the virtual machines on this VM network will communicate only with other virtual machines on this VM network. You can also leave clear if you plan to configure the gateway later.
    • Connect to another network through a VPN tunnel: Select this option if the virtual machines on this VM network will communicate with other networks over VPN. If the device will use the Border Gateway Protocol, enable this protocol. Select the VPN gateway device that you want to us. Confirm the settings. If the VPN Connections or Border Gateway Protocol pages appear, complete the settings based on information from the VPN admin. page appears. If you selected the check box for Border Gateway Protocol, the Border Gateway Protocol page also appears.
    • Connect directly to an additional logical network: Select this option if the virtual machines on this VM network will communicate with other networks in this data center. Select either direct routing or NAT. Select the gateway device you want to use an confirm the settings.
  6. In Summary verify settings and click Finish. Verify the network in VM Networks and IP Pools.

Create a VM network (VLAN/PVLAN)

  1. Click VMs and Services > VM Networks > Home > Create > Create VM Network.
  2. In Create VM Network Wizard > Name type in a name and description and select a logical network on which to base the VM network.
  3. In Isolation Options:
    • Select Automatic if you want VMM to automatically configure the isolation settings for the VM network. VMM will select a network site and subnet VLAN based on those available in the logical network.
    • Select Specify a VLAN to configure isolation manually. Note that tenant administrators can only select the Automatic option.
  4. In Summary verify settings and click Finish. Verify the network in VM Networks and IP Pools.

Create a VM network (no isolation)

  1. Click VMs and Services > VM Networks > Home > Create > Create VM Network.
  2. In Create VM Network Wizard > Name type in a name and description and select a logical network on which to base the VM network.
  3. In VM Networks and IP Pools check for a VM network with the same name as the logical network you want to give direct access to. If one exists it probably indicates that the VM network was created automatically when you created the logical network. You can check whether the VM network provides direct access by clicking its properties. If Name and Access are the only tabs it provides direct access.
  4. If there’s no existing VM network click Home > Create > Create VM Network.
  5. In Summary verify settings and click Finish. Verify the network in VM Networks and IP Pools.

Set up static IP address pools in the VMM fabric

When you set up the logical network you’ll need to configure a static IP address pool if you’re not using DHCP. In some circumstances you’ll need to create IP address pools on the logical network only, and in others you’ll need to create the pool on both the logical and VM networks:

  • Pool on logical and VM network: If you configure your logical network for network virtualization you’ll need to create IP address pools on the logical network and the VM network.
  • Pool on logical network only: If you’re using VLAN or no isolation you can use DHCP or create IP address pools on the logical network only. They’ll automatically become available on the VM network.
  • Imported address pools: If you are using external networks through a vendor console your IP address pools will be imported from the vendor and you don’t need to create them in VMM.

Create a static address pool for a logical network

  1. in Logical Networks and IP Pools click the logical network > Home > Create > Create IP Pool.
  2. In Create Static IP Address Pool Wizard > Name specify a name and description. Make sure the correct logical network is indicated.
  3. In Network Site select to use an existing site and select the IP subnet, or create a new site.
    • For an existing site select the site and IP subnet from which to create the pool.
    • For a new stie specify the site name, IP subnet to assign to the site, and VLAN information if relevant. Select the host groups that can access this site and the logical network.
  4. If you’re using network virtualization you can use the pool to support multicasting or broadcasting. To do this click Create a multicast IP address pool and select the IP subnet you want to use. To use multicasting or broadcasting note that:
    • The logical network must have network virtualization enabled.
    • The IP protocol setting for the VM network must match the IP protocol settings for the underlying logical network. You can’t view the protocol setting in the VMM console after you’ve created it. You’ll need to run Get-SCVMMNEtwork -Name | Format -List Name, Isolation Type, PoolType to see it.
    • After you’ve configured this feature multicast and broadcast packets on the VM network will use the IP addresses from the multicast IP address pool. Each subnet in the VM network will consume one IP address from the multicast pool.
  5. In IP address range enter the start and end address for the pool. They must be contained within the subnet. In VIPs and reserved IP addresses specify IP address range you want to reserve for VIPs. VIPS are used during deployment of a service in a load-balanced service tier. VMM automatically assigns a VIP to the load balancer from the reserved VIP address range.
  6. In Gateway click Insert if you want to specify one or more default gateways and the metric. The default gateway address must be in the same subnet range as the IP address pool but doesn’t need to be part of the pool.
  7. In DNS specify DNS information, including DNS servers, the default DNS suffix for the connection, and the list of DNS search suffixes.
  8. In WINS click Insert if you want to enter the IP address of a WINS server. You can also select whether to enable NetBIOS over TCP/IP. This isn’t recommended if the address range is made up of public addresses.
  9. In Summary verify the settings and click Finish. When the job shows as Completed verify the pool in Logical Networks and IP Pools.

Set up an IP address pool on a VM network

  1. Click VMs and Services > VM Networks > Home > Show > VM Networks > VM Network tab.
  2. In VM Networks and IP Pools click the VM network Create > Create IP Pool.
  3. In Create Static IP Address Pool Wizard > Name specify a name and description. Make sure the correct logical network is indicated. Check that the correct VM network and subnet is selected.
  4. In IP address range enter the start and end address for the pool. You can create multiple IP address pools in a subnet but the ranges mustn’t overlap. In Reserved IP addresses specify any ranges you want to reserve for other purposes.
  5. In Gateway click Insert if you want to specify one or more default gateways and the metric. The default gateway address must be in the same subnet range as the IP address pool but doesn’t need to be part of the pool.
  6. In DNS specify DNS information, including DNS servers, the default DNS suffix for the connection, and the list of DNS search suffixes. For virtual machines that will join an Active Directory domain, we recommend that you use Group Policy to set the primary DNS suffix. This will ensure that when a Windows-based virtual machine is set to register its IP addresses with the primary DNS suffix, a Windows-based DNS server will register the IP address dynamically. Additionally, the use of Group Policy enables you to have an IP address pool that spans multiple domains. In this case, you would not want to specify a single primary DNS suffix.
  7. In WINS click Insert if you want to enter the IP address of a WINS server. You can also select whether to enable NetBIOS over TCP/IP. This isn’t recommended if the address range is made up of public addresses.
  8. In Summary verify the settings and click Finish. When the job shows as Completed verify the pool in Logical Networks and IP Pools.

Release inactive addresses from the static address pool

You can release inactive addresses. When you do VMM returns the address to the static IP or MAC address pool and considers it available for reassignment. An address is considered inactive if:

  • A host that was assigned a static IP address through the bare-metal deployment process is removed from VMM management. When you remove the host, any IP and MAC addresses that were statically assigned to virtual machines on the host are also marked as inactive.
  • A virtual machine goes into a missing state because it was removed outside VMM.
  1. Release the IP addresses:
    • To release addresses in a pool in a logical network click Logical Networks and IP Pools expand the logical network and click the IP address pool.
    • To release addresses in a pool in a VM network click Logical Networks and IP Pools expand the VM network and click the IP address pool.
  2. Click Home > Properties > Inactive addresses and select the inactive IP addresses that you want to release.

Add a network virtualization gateway to the VMM fabric

By default, if you’re using isolated VM networks in your VMM fabric, VMs associated with a network can only connect to machines in the same subnet. If you want to connect VMs further than the subnet you’ll need a gateway.

Network virtualization

You set up network virtualization so that multiple VM networks are overload on the VMM logical networks that model your physical network topology and thus decouple the VM networks from the physical network infrastructure. Network virtualization uses NVGRE (Network Virtualization using Generic Routing Encapsulation) to virtualize IP addresses. Learn more about NVGRE.

To figure out whether you need a network virtualization gateway in your network consider:

  • Do you need to connect from VMs in isolated VM networks to other on-premises apps?
  • Do you need to connect from isolated VMs to the internet?
  • Do you need to connect from isolated VM networks to shared services such as DNS?

You can set up your gateway in a number of ways depending on your requirements:

  • Connectivity to a public network can be achieved through NAT.
  • Connectivity to an on-premises network is over a VPN tunnel (with or without Border Gateway Protocol (BGP)
  • Direct routing without NAT can be used for connectivity between different VM networks.

Prerequisites

  • Provider software: If you want to use a non-Windows gateway device you’ll need the provider and an account with permissions to configure the gateway. You install the provider on the VMM server. If certificates are required (for example if the gateway is in an untrusted domain) you’ll need to be able to view thumbprint information for those certificates.
  • Windows Server gateway: If you want to configure a gateway running Windows Server you can use a predefined template available from the Microsoft Download Center. The template supports System Center 2012 R2 or later versions.
  • Logical networks: You need logical networks (you’ll need more than one if you want the gateway to connect from VM networks in one logical network to VM networks in another).
  • Remote VPN settings: If you want to connect the gateway to a remote VPN server you’ll need:
    • The remote server IP address and information about on-premises subnets or the BGP address if relevant.
    • You’ll need to identify how you’ll authenticate with the remote VPN server. If it uses a preshared key you can authenticate with a Run As account and specify the shared key as the password. Or you can authenticate with a certificate. The certificate can be either a certificate that the remote VPN server selects automatically or a certificate that you have obtained and placed on your network.
    • Check whether you need specific VPN connection settings (encryption, integrity checks, cipher transforms, authentication transforms, Perfect Forward Secrecy (PFS) group, Diffie-Hellman group, and VPN protocol) or you can use the default settings.

Add a Windows Server Gateway

The service template provides a highly available Windows Server Gateway deployment in active-standby mode.

  1. You’ll need to download the template from the Download center.
  2. The download is a compressed zip file. You’ll need to extract the file. Files include a Quick Start Guide, two service templates, and a custom resource folder (a folder with a .cr extension) that contains files required for the service templates.
  3. You’ll need to decide which template to use, and then follow the instructions in the Quick Start Guide. The guide includes prerequisites for the template deployment, and instructions for setting up logical networks, creating a scale-out file server, preparing virtual hard disks for the gateway VM, and copying the custom resource file to the library. After you’ve set up the infrastructure it describes how to import and customize the template, and how to deploy it. There’s also troubleshooting information if issues arise.

Add a non-Windows gateway

You’ll need to install the provider software on the VMM management server and add the gateway to the fabric.

  1. Obtain the provider software. You can review a list of supported providers in Settings > Configuration Providers.
  2. Click Fabric > Home > Show **> **Fabric Resources > Fabric > Networking > Network Service. Network services include gateways, virtual switch extensions, network managers, and top-of-rack (TOR) switches.
  3. Click Home > Add **> **Add Resources > Network Service.
  4. In Add Network Service Wizard > Name specify a name and description for the gateway.
  5. In Manufacturer and Model click the required settings.
  6. In Credentials, specify a Run As account with permissions in the domain to which the gateway is connected.
  7. In Connection String type the string that the gateway should use. The string syntax is defined by the gateway vendor.
  8. In Certificates if listed, verify the thumbprints of the certificates match those installed on the gateway. Select to confirm that the certificates can be imported. If none are listed the gateway probably doesn’t need certificate authentication. If they’re needed make sure they’re installed correctly on the gateway.
  9. In Provider select an available provider and click Test to run basic validation test against the gateway.
  10. In Host Group select one or more host groups to which the gateway will be available.
  11. In Summary, review the settings and click Finish.
  12. After the gateway is added find its listing in Network Services and right-click it > Properties > Connectivity.
  13. Select Enable front end connection and select the gateway network adapter and network site that provides connectivity outside the enterprise datacenter or hosting provider. Select Enable back end connection and select a gateway network adapter and network site in a logical network within the enterprise. The network must have network virtualization enabled and the network site must have a static IP address.
  14. When you create a VM network you can assign the gateway to it, and select the required connectivity options.

Set up port profiles in the VMM fabric

  • Uplink port profiles: You create uplink port profiles and then apply them to physical network adapters when you deploy switches. Uplink port profiles define the load balancing algorithm for an adapter, and specify how to team multiple network adapters on a host that use the same uplink port profile. This profile is used in conjunction with the logical network that you associated with the adapter.
  • Virtual network adapter port profiles. You apply virtual network adapter port profiles to virtual network adapters. These profiles define specific capabilities, such as bandwidth limitations, and priority. VMM includes a number of built-in profiles.
  • Port classifications: After creating a virtual network adapter port profiles you can create port classifications. Port classifications are abstractions that identify different types of virtual network adapter port profiles. For example you could create a classification called FAST to identify ports that are configured to have more bandwidth and another one called SLOW with less bandwidth. Classifications are included in logical switches. Administrators and tenants can choose a classification for their VM virtual machine adapters. By default, VMM includes built-in classifications that map to the built-in virtual network adapter port profiles

Define uplink port profiles

Some guidelines for creating uplink port profiles:

  • You’ll need at least one uplink port profile for each physical network in your environment. If you do have a simple environment with a single physical network and all hosts are configured the same way, with the same protocols for network adapter teaming, then you might only need a single uplink port profile. This is rare though. You’ll probably need to scope or restrict certain logical networks to a specific group of hosts computer, and this need makes it useful to create multiple uplink port profiles.
  • You need to define uplinks for each physical location that has its own VLAN and IP subnets.
  • If you plan to restrict or otherwise scope logical networks to a specific set of host computers, you will need to create uplinks for each group of computers.
  • You need separate uplink port profiles for groups of computers (in each physical location) that have different connectivity requirements or use different teaming protocols.
  • You might consider creating separate uplinks for networks that do not or will not support network virtualization.
  • Network sites that will be included in a profile should be scoped to the same group of host computers. If they aren’t you’ll receive an out-of-scope error when you try to apply it to a computer that isn’t a member of the host groups defines in every one of the network sites included in the uplink profile.
  • You should try and ensure that each of the network sites t hat you add to an uplink port profile refers to a different logical network. If you do otherwise all of the VLANs and IP subnets defined in those network sites will be associated with the logical network on any host computer on which the uplink port profile is applied. If you’re not using VLAN isolation the host computer has no way to establish which of the range of possible VLANs and IP subnets will be needed to allow VMs connected to the logical network
  • You can create an uplink port profile that contains references to multiple network sites (and hence logical networks). You should ensure that the VLANs and IP addresses in each of the selected sites should be valid (routable) from the physical network adapter to which the port profile has been applied.
  • When you apply the profile to a physical network adapter these network sites determine the set of logical networks that should be associated with the physical adapter and the VLANs and IP subnets that will be allocated to VMs and services that connect to those logical networks.

Create an uplink port profile

  1. Click Fabric > Home > Show > Fabric Resources. Click Fabric tab > Networking > Port Profiles > Hyper-V Port Profile.
  2. In Create Hyper-V Port Profile Wizard > General type in a name, description and select Uplink Port Profile. Select the load balancing and teaming settings:
    • Load balancingHost Default is the default setting and this will either distribute network traffic based on the Hyper-V switch port identifier of the source VM or use a Dynamic loading balancing algorithm, depending what the Hyper-V host supports. Dynamic is only available from Windows Server 2012 R2 onwards. You can also select:
      • Hyper-V port: Distributes network traffic according to the Hyper-V switch port identifier of the source VM.
      • Transport ports: Uses the source and destination TCP ports and the IP addresses to create a hash and then assigns the packets that have that hash value to one of the available network adapters.
      • IP addresses: Uses the source and destination IP addresses to create a hash and then assigns the packets that have that hash value to one of the available network adapters.
      • MAC addresses: Uses the source and destination MAC addresses to create a hash and then assigns the packets that have that hash value to one of the available network adapters.
    • TeamingSwitch Independent is the default setting and this specifies that physical network switch configuration isn’t needed for the NIC team. The network switch is not configured and so allow network adapters within the team to be connected to multiple (non-=trunked) physical switches. You can also select:
      • LACP: Use the LACP protocol to dynamically identify links that are connected between the host and a given switch.
      • Static teaming: You configure both the switch and host to identify which links form the team.
  3. In Network Configuration select one or more network sites for this uplink port profile to support. Uplink port profiles contains a list of network sites with each network site representing a link to a different logical network. Select Enable Hyper-V Network Virtualization if you want to enable network virtualization to deploy multiple VM networks on a single physical network. You should only do this if the logical network is configured for network virtualization with Allow new VM networks created on this logical network to use network virtualization enabled.
  4. In Summary review the settings and click Finish.

After you create an uplink port profile, the next step is to add it to a logical switch, which places it in a list of profiles that are available through that logical switch. When you apply the logical switch to a network adapter in a host, the uplink port profile is available in the list of profiles, but it is not applied to that network adapter until you select it from the list. This helps you to create consistency in the configurations of network adapters across multiple hosts, but also enables you to configure each network adapter according to your specific requirements.

Create a virtual network adapter port profile

  1. Click Fabric > Home > Show > Fabric Resources. Click Fabric tab > Networking > Port Profiles > Home > Create > Hyper-V Port Profile.
  2. In Create Hyper-V Port Profile Wizard > General type in a name, description and select Uplink Port Profile.
  3. In Offload Setting, specify a setting for offloading traffic:
    • Enable virtual machine queue (VMQ): Packets destined for a virtual network adapter are delivered directly to a queue for that adapter, and they do not have to be copied from the management operating system to the virtual machine. The physical network adapter must support VMQ.
    • Enable IPsec task offloading: Some or all of the IPsec computational work is shifted from the computer’s CPU to a dedicated processor on the network adapter. The physical network adapter and the guest operating system must support it.
    • Enable single-root I/O virtualization: A network adapter can be assigned directly to a virtual machine. This maximizes network throughput while minimizing network latency and minimizing the CPU overhead that is required to process network traffic. The physical network adapter and drivers in the management operating system and guest operating system must support it. If you want to use SR-IOV you’ll need to enable it in the port profile (in Offload settings) and in the logical switch (General settings) that includes the port profile. It must be configured correctly on the host when you create the virtual switch that brings port settings and the logical switch you want to use on the host together. In the virtual switch you attach the port profile to the virtual switch using a port classification (either the default SR-IOV classification provided by VMM, or a custom one)
  4. In Security Settings specify:
    • Allow MAC spoofing: Allows a virtual machine to change the source MAC address in outgoing packets to an address that is not assigned to that virtual machine. For example, a load-balancer virtual appliance might require this setting to be enabled.
    • Enable DHCP guard: Helps protect against a malicious virtual machine that represents itself as a DHCP server for man-in-the-middle attacks.
    • Allow router guard: Helps protect against advertisement and redirection messages that are sent by an unauthorized virtual machine that represents itself as a router.
    • Allow guest teaming: Allows you to team the virtual network adapter with other network adapters that are connected to the same switch.
    • Allow IEEE priority tagging: Allows you to tag outgoing packets from the virtual network adapter with IEEE 802.1p priority. These priority tags can be used by Quality of Service (QoS) to prioritize traffic. If IEEE priority tagging is not allowed, the priority value in the packet is reset to 0.
    • Allow guest specified IP addresses: Affects VM networks using network virtualization. The VM (guest) can add and remove IP addresses on this virtual network adapter. This can simplify the process of managing virtual machine settings. Guest-specified IP addresses are required for virtual machines that use guest clustering with network virtualization. The IP address that a guest adds must be within an existing IP subnet in the VM network.
  5. In Bandwidth Settings specify the minimum and maximum bandwidth that are available to the adapter. The minimum bandwidth can be expressed as megabits per second (Mbps) or as a weighted value (from 0 to 100) that controls how much bandwidth the virtual network adapter can use in relation to other virtual network adapters. Note that bandwidth settings aren’t used SR-IOV is enabled on the port profile and logical switch that contains the port profile.
  6. In Summary review the settings and click Finish.

After creating a port profile you can create a port classification.

Create port classifications for virtual network adapter port profiles

  1. Click Fabric > Home > Show > Fabric Resources. Click the Fabric tab > Networking > Port Classifications > Home > Create > Port Classification.
  2. In Create Port Classification Wizard > Name specify a classification name.

Create logical switches

This article describes how to create logical switches in the System Center 2016 – Virtual Machine Manager (VMM) fabric, convert a host virtual switch to a logical switch, and set up virtual switch extensions if you need them.

A logical switch brings virtual switch extensions, port profiles, and port classifications together so that you can configure each network adapter with the settings you need, and have consistent settings on network adapters across multiple hosts. You can team multiple network adapters by applying the same logical switch and uplink port profile to them.

Set up virtual switch extensions

You install switch extensions on the VMM server and then include them in a logical switch. There are a few types of switch extensions:

  • Monitoring extensions can be used to monitor and report on network traffic, but they cannot modify packets.
  • Capturing extensions can be used to inspect and sample traffic, but they cannot modify packets.
  • Filtering extensions can be used to block, modify, or defragment packets. They can also block ports.
  • Forwarding extensions can be used to direct traffic by defining destinations, and they can capture and filter traffic. To avoid conflicts, only one forwarding extension can be active on a logical switch.

You can set up a virtual switch extension manager (network manager) if you want to managed extensions using a vendor management console and the VMM console together.

Set up a virtual switch extension manager

  1. Obtain the provider software from your vendor and install the provider on the VMM management server. If you have a cluster install it on all nodes.
  2. Click Fabric > Home > Show > Fabric Resources > Networking > Switch Extension Managers.
  3. In Add Virtual Switch Extension Manager Wizard > General specify the manufacturer and type the connection string for example myextmanager1.contosol.com:443. The exact syntax is defined by the vendor. Specify the account you want to use to connect to the resource.
  4. In Host Groups specify the host groups for which you want to use the extension manager.
  5. In Summary review settings and click Finish. Check that the extension appears in the Virtual Switch Extension Managers pane.

Set up a logical switch

  1. Make sure you have at least one uplink port profile before you begin.
  2. Click Fabric tab > Networking > Logical Switches > Create Logical Switch.
  3. In Create Logical Switch Wizard > Getting Started, review the information.
  4. In General, specify a name and optional description.
  5. In Uplink Mode, select:
    • No Uplink Team if you’re not using teaming.
    • Embedded Team if you want to deploy the switch with SET-based teaming
    • Team if you want to use NIC teaming
  6. In Settings, select the minimum bandwidth mode. If you’ve deployed Microsoft network controller, you can specify that it should manage the switch. If you enable this setting you won’t be able to add extensions to the switch.
  7. Enable SR-IOV if you need to. SR-IOV enables virtual machines to bypass the switch and directly address the physical network adapter. If you want to enable:
    • Make sure that you have SR-IOV support in the host hardware and firmware, the physical network adapter, and drivers in the management operating system and in the guest operating system.
    • Create a native port profile for virtual network adapters that is also SR-IOV enabled.
    • When you configure networking settings on the host (in the host property called Virtual switches), attach the native port profile for virtual network adapters to the virtual switch by using a port classification. You can use the SR-IOV port classification that is provided in VMM, or create your own port classification.
  8. In Extensions, if you’re using virtual switch extensions select them and arrange the order. extensions process network traffic through the switch in the order you specify. Note that only one forwarding extension can be enabled.
  9. In Virtual Port add one or more port classifications and virtual network adapter port profiles. You can also create a port classification and set a default classification.
  10. In Uplink add an uplink port profile, or create a new one. When you add an uplink port profile, it is placed in a list of profiles that are available through that logical switch. However, when you apply the logical switch to a network adapter in a host, the uplink port profile is applied to that network adapter only if you select it from the list of available profiles.
  11. In Summary review the settings and click Finish. Verify the switch appears in Logical Switches.

Convert virtual switch to logical switch

If a host in the VMM fabric has a standard virtual switch, you can convert it to use a logical switch.

Note that:

  • Before you can convert, you need a logical switch in place, with specific settings.
  • You must be a member of the Administrator user role, or a member of the Delegated Administrator user role, where the management scope includes the host group in which the Hyper-V host is located.

Compare switch settings

  1. In Server Manager on the host, click Hyper-V. Close Server Manager.
  2. Right-click the host > Configure NIC Teaming, and record any teaming and load balancing settings.
  3. In Hyper-V Manager, right-click the host > Virtual Switch Manager. Select the virtual switch and verify whether Enable single-root I/O virtualization (SR-IOV) is selected. Close Hyper-V Manager.
  4. In the VMM console > Fabric > Servers > All Hosts, right-click the host > Properties.
  5. In Virtual Switches, note the properties, including logical network, and minimum bandwidth mode.
  6. In Fabric > Networking > Logical Switches, right-click the logical switch that you want to convert the host configuration to, and click Properties.
  7. In Logical Switches, record the information:
    • In General, record the uplink mode, whether SR-IOV is enable, and minimum bandwidth mode.
    • In Extensions, note whether any forwarding extensions have been added to the logical switch.
    • In Virtual port, record the names of the port profiles that are listed. Be sure to note if one of them has SR-IOV in the name.
    • In Uplinks, record the network sites, whether uplink mode is teamed, the load balancing algorithm, and teaming mode.
  8. In Fabric > Networking, click Port Profiles. For any relevant port profiles, click Properties. In Offload Settings, see if Enable Single-root I/O virtualization is checked.
  9. Now compare the recorded information that you recorded for the logical switch and port profiles, with the virtual switch information.
  10. Review the following table to see whether you can convert the host to use the logical switch.
Item Conversion
SR-IOV The SR-IOV setting (enabled or disabled) must be the same in the logical switch as it is in the virtual switch.

If SR-IOV is enabled, it must be enabled in the logical switch itself, and in at least one virtual network adapter port profile within the logical switch.

Uplink mode

Load balancing algorithm

Teaming mode

The Uplink mode setting must match.

If the uplink mode is Team, then the Load balancing algorithm and Teaming mode must also match.

Minimum bandwidth mode Must match.
Network sites The logical switch must be configured for the correct network sites (in the correct logical network) for this host.
  1. If the settings in the logical switch don’t match as described in the table, you need to find or create a logical switch that does match.

Convert a host to use a logical switch

Note that:

  • The conversion will not interrupt network traffic.
  • If any operation in the conversion fails, no settings will be changed, and the switch will not be converted.
  1. In VMM, click Fabric ? Servers > All Hosts. Right-click the host > Properties.
  2. On the Virtual Switches tab, click Convert to Logical Switch.
  3. Select the logical switch that you want to convert the host to. Then select the uplink port profile to use, and click Convert.
  4. The Jobs dialog box might appear, depending on your settings. Make sure that the job has a status of Completed, and then close the dialog box.
  5. To verify that the switch was converted, right-click the host, click Properties, and then click the Virtual Switches tab.

Next steps

Apply network settings on a host with a logical switch.

Set up networking for Hyper-V hosts and clusters in the VMM fabric

You can apply network settings to a Hyper-V host or cluster using a logical switch. Applying a logical switch ensure that logical networks, and other network settings, are consistently assigned to multiple physical network adapters.

Before you start

  • If you want to configure network settings manually ensure you’ve set up logical networks before you begin. In addition make sure that the network sites within your logical networks are configured to use the host group of the host you want to assign them to. Check this in Fabric > Servers > All Hosts, and click the host group. In Hosts, click the host > Properties.
  • If you want to use a logical switch you need to create the logical switch and port profiles.

Configure network settings with a logical switch

To do this you’ll need to configure the logical switch and port profiles you’ll apply. Then you need to indicate what the physical network adapter is used for, and configure network settings by applying a logical switch. The network adapters that you configure can be physical or virtual adapters on the hosts.

Specify what the network adapter is used for

Regardless of any port profiles and logical switches you are using in your network configuration, you must specify whether a network adapter in a host is used for virtual machines, host management, neither, or both. (The host must already be under management in VMM.)

  1. Open Fabric > Servers > All Hosts > host group > Hosts > Host > Properties > Hardware.
  2. Under Network adapters, click the physical network adapter that you want to configure.
    • If you want to use this network adapter for virtual machines, ensure that Available for placement is checked.
    • If you want to use this network adapter for communication between the host and the VMM management server, ensure that Used by management is checked. You must make sure that you have at least one network adapter available for communication between the host and the VMM management server.
  3. You don’t need to configure individual settings in Logical network connectivity because you’re using a switch.

Apply a logical switch

  1. Open Fabric > Servers > All Hosts > host group > Hosts > Host > Properties > Virtual Switches.
  2. Select the logical switch you created. Under Adapter, select the physical adapter that you want to apply the logical switch to.
  3. In the Uplink Port Profile list, select the uplink port profile that you want to apply. The list contains the uplink port profiles that have been added to the logical switch that you selected. If a profile seems to be missing, review the configuration of the logical switch and then return to this property tab. Click OK to finish. Note that if you didn’t create the virtual switch earlier and do in now, the host might temporarily lose network connectivity when VMM creates the switch.
  4. Repeat the steps as needed. If you apply the same logical switch and uplink port profile to two or more adapters, the two adapters might be teamed, depending on a setting in the logical switch. To find out if they will be teamed, open the logical switch properties, click the Uplink tab, and view the Uplink mode setting. If the setting is Team, the adapters will be teamed. The specific mode in which they will be teamed is determined by a setting in the uplink port profile.
  5. After applying the logical switch you can check that the network adapter settings and verify whether they’re in compliance with the switch:
    • Click Fabric **> **Networking > Logical Switches > Home > Show > Hosts.
    • In Logical Switch Information for Hosts verify the settings. Fully compliant indicates that the host settings are compliant with the logical switch. Partially compliant indicates some issues. Check the reasons in Compliance errorsNon compliant indicates that none of the IP subnets and VLANs defined for the logical network are assigned to the physical adapter. Click the switch > Remediate to fix this.
    • If you have a cluster, check each node.

Set up MAC address pools in the VMM fabric

VMM uses static MAC address pools to automatically generate and assign MAC address to VMs. This article describes default MAC address pools in the VMM fabric and explains how to create custom pools.

Default MAC address pool settings:

MAC pool name Environment Default range
Default MAC address pool Hyper-V 00:1D:D8:B7:1C:00 – 00:1D:D8:F4:1F:FF
Default VMware MAC address pool ESX/ESXi 00:50:56:00:00:00 – 00:50:56:3F:FF:FF

Before you start

Before you create a custom MAC pool note that:

  • If you want to divide one of the default pools into smaller custom pools, you must first delete the default MAC address pool or the default VMware MAC address pool. You must delete the default pool to avoid duplicate MAC address assignments.
  • The first three octets of the beginning and ending MAC address must be the same.
  • You must enter a valid hexadecimal values between 00 and FF.
  • The ranges that you specify cannot overlap.
  • The address range must not have the multi-cast bit set to 1. For example, you cannot use addresses that start with X1, X3, X5, X7, X9, XB, XD, or XF, where X is any value.
  • To avoid conflicts with addresses reserved by Microsoft, VMware, and Citrix, do not use the following prefixes:
    • Reserved for Microsoft: 00:03:FF; 00:0D:3A; 00:12:5A; 00:15:5D; 00:17:FA; 00:50:F2; 00:1D:D8 (except for the 00:1D:D8:B7:1C:00 – 00:1D:D8:F4:1F:FF range that is reserved for VMM)
    • Reserved for VMware: 00:05:69; 00:0C:29; 00:1C:14; 00:50:56 (except for the 00:50:56:00:00:00 – 00:50:56:3F:FF:FF range that is the reserved as the default VMware static range)

Create a custom pool

  1. Click Fabric > Networking > MAC Address Pools > Home > Show > Fabric Resources > Create > Create MAC Pool.
  2. In Create MAC Address Pool Wizard > Name and Host Group specify a name and description. In Host Group select the host groups that should use the pool.
  3. In MAC Address Range specify the start and end addresses.
  4. In Summary review the settings and click Finish. When the job shows as Completed verify pool in MAC Pools.

Release IP addresses

In some circumstances you might want to remove addresses from the MAC pool. For example if a host that was assigned an IP address during bare metal deployment is removed from VMM management, or if a VM goes into a missing state because it was removed outside VMM.

  1. Click Fabric > Networking > MAC Address Pools > Home > Show > Fabric Resources.
  2. In MAC Pools click the pool you want to modify > Properties.
  3. In Inactive addresses select the addresses you want to release.

Integrate load balancing with VMM service templates

Service templates group VMs together to provide an app. They contain information about a service, including the VMs that are deployed as part of the service, the applications installed on VMs, and the network settings that should be used. You can add VM templates, network settings, applications, and storage to a service template.

Service templates can be single or multi tier. A single tier service contains one VM used as a specific app. A multi-tier service contains multiple VMs. Learn more.

Set up load balancing for a service tier

You can add a load balancer to load balance requests to VMs in a service tier. You can use a hardware load balancer, or NLB for round robin balancing.

To add a load balancer you’ll need to do the following:

  • Ensure you have logical networks configured. The logical networks should have associated network sites. Those network sites should have one or more associated subnets from which you can create static IP address pools. In addition associated each network site with the host group where the service will be deployed.
  • Create an IP address pool for the logical networks. The IP pool must contain a reserved range of virtual IP addresses that can be assigned to the load balancer. You must set up the static IP address pools for the load balancer and for the virtual machines behind the load balancer. These can be from the same pool or from different pools, but you’ll need both VIPs and IP addresses for the virtual machines.
  • Create VM networks on top of logical networks.
  • Create VIP templates: A virtual IP (VIP) template contains load balanced settings for a specific type of network traffic. After you create a VIP template you can specify it when you set up load balancing in a service template.
  • Set up a hardware load balancer: If you want to enable hardware load balancing in a service template there’s a number of prerequisites you’ll need to prepare.
  • Set up NLB: If you don’t want to use a hardware load balancer you can use NLB. There are some requirements and limitations.

Create VIP templates

  1. In the VMM console click Fabric > Networking > VIP Templates.
  2. Click Home > Show > Fabric Resources > Create > Create VIP Template.
  3. In the Load Balancer VIP Template Wizard > Name, specify the template name and description. In VIP port specify the port that will be used for the type of network traffic you want to balance. For example 443 for HTTPS traffic. In Backend port specify the portal on which the backend server is listening for requests.
  1. InType do the following:
    • To use NLB click Microsoft in the manufacturer list and Microsoft network controller in Model.
    • To use a hardware load balancer clickGeneric to create a template for any supported hardware load balancer. Click Specific to create a template for a specific load balancer and specify the manufacturer and model.
  1. InProtocol click the protocol for which you want to create the VIP template.
    • If you select HTTPS you’ll need to specify where the traffic terminates.
    • Select HTTPS passthrough to pass the traffic to the VM without decrypting it.
    • Select HTTPS terminate to terminate and decrypt the HTTPS traffic at the load balancer.This option gives the load balancer more information such as cookies and headers. To use this option specify the subject name of a certificate on the load balancer that can be used for HTTPS authentication. With this option you can enable Re-Encrypt to reencrypt the HTTPS traffic from the load balancer to the VM.
    • Select Custom to specify TCPUDP, or both.
  1. InPersistence select Enable persistence to make the client session sticky (affinity). This setting means that the load balancer will always try to direct the same client to the same VM. It’s based on the specified source IP address and subnet mask, the destination IP address, and other parameters that vary depending on the protocol.
  1. In Health Monitors you can optionally specify that a verification should run against the load balancer at regular intervals. To add a health monitor specify the protocol and the request. For example entering the command GET ? makes an HTTP GET request fo rhte home page of the load balancer and checks for a header response. You can also modify the response type, and monitoring interval, timeout, and retries. Note that the timeout should be less than the interval.
  2. In Load Balancing select which load balancing method you want to use. You can configure new connections to be directed based on the least connections or the fastest response time, using round robin, or using a custom method supported by the load balancer. If you’re enabling NLB select Round Robin.
  3. On the Summary page review the settings and click Finish. The Jobs dialog appears. Wait for a Completed status. Then verify that the template appears in the VIP Templates pane.

Set up a hardware load balancer

Set up a hardware load balancer as follows:

  • Get a configuration provider: To add a supported hardware load balancer you’ll need to download and install a configuration provider available form the load balancer manufacturer. VMM currently supports Brocade ServerIron ADX load balancer provider, and Citrix NetScaler load balancer provider. The provider is a VMM plug-in that translates VMM PowerShell commands to the load balancer API. After you’ve installed the provider you should restart the VMM service (net stop scwmmservice > net start scvmmservice).
  • Set up an account: Create a VMM Run As account with a user name and password with permissions to configure the downloaded load balancer.
  • Add the load balancer to VMM: You add a hardware load balancer to VMM using the Add Load Balancer Wizard.

Add the hardware load balancer to VMM

During the wizard you select the host groups for which the load balancer is available, specify the load balancer model, specify the address and port used to manage the load balancer, specify affinity to VMM logical network, select the configuration provider, and test the connection. You’ll need to configure the hardware load balancer before you deploy a service. After the service is deployed a load balancer can’t be added.

  1. Click Fabric > Networking > Load Balancers > Fabric Resources > Home > Add > Add Resources > Load Balancer.
  2. In Add Load Balancer Wizard > Credentials, select the Run As account with the load balancer credentials.
  3. In Host Group select each host group where the service will be deployed. Hosts should be able to access the load balancer. In addition, a physical network adapter on the host should be configured to use the same logical network as the service tier.
  4. In Manufacturer and Model select the appropriate entries.
  5. In Address specify the IP address and FQDN or NetBIOS names of the load balancer. Specify the port on which the load balancer listens for requests.
  1. InLogical Network Affinity specify the affinity to logical networks. Note that:
    • For frontend affinity you’ll select the logical network from which the load balancer obtains its VIP. The VIP is the IP address that’s assigned to the load balancer when you deploy it in a service template.
    • For frontend affinity, based on the logical networks VMM determines the static IP address pools that are accessible from both the load balancer and from the relevant host group
    • When selecting logical networks for frontend affinity the associated network site with the reserved VIP address range should be available to the host groups associated with the load balancer.
    • For backend affinity you’ll select the logical networks to which you want to make the load balancer available for connections from the VMs in a service tier.
  1. InProvider click the load balancer provider. Click Test to check the configuration.
  1. In Summary verify the settings and click Finish. The Job dialog box appears. Wait for a Completed status and check in the Provider column that the provider is active.

Set up NLB

NLB is automatically included as a load balancer in VMM. As long as you’ve set up an NLB VIP template no other action is required, but note that:

  • NLB can’t be used if VM networks are configured with network virtualization.
  • NLB can’t be used in service tiers running Linux VMs.

Enable load balancing

  1. If the service template isn’t open click Library > Templates > Service Templates and open it.
  2. Click Actions > Open Designer.
  3. In the Service Template Designer click the Service Template Components group > Add Load Balancer.
  4. Click the load balancer object. You’ll identify it with the VIP template name.
  5. Click Tool > Connector. Click the Server connection associated with template and then click a NIC object to connect the load balancer to the adapter. In the NIC properties check the address types and that the MAC address is static.
  6. With the Connector enabled click the Client connection associated with the load balance and then click a logical network object.
  7. Save the service template in Service Template > Save and Validate.

Set up the hardware VIP for user access

When the service is deployed, VMM automatically selects a VIP from the reserved range in the static IP address pool, and assigns it to the load-balanced service tier. To enable users to connect to the service, after the service is deployed you need to determine the VIP and configure a DNS entry for it.

  1. After the service is deployed click Fabric > Networking > Load Balancers.
  2. Click Show > Service > Load Balancer Information for Services and expand the service to see which VIP is assigned.
  3. Request that the DNS administrator manually create a DNS entry for the VIP. The entry should be the name that users will specify to connect to the service. For example servicename.contosol.com.