Download Hyper-v Health Check -Real World Scenario

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
Document related concepts

Cracking of wireless networks wikipedia , lookup

Server Message Block wikipedia , lookup

Distributed firewall wikipedia , lookup

Microsoft Security Essentials wikipedia , lookup

Lag wikipedia , lookup

Remote Desktop Services wikipedia , lookup

VSide wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Virtual LAN wikipedia , lookup

Hyper-V wikipedia , lookup

Transcript 
SKV PROPOSAL
TO OTC FOR HYPER-V HEALTH CHECKS
DATE:
June 17, 2013
Prepared by:
Sainath K.E.V
Microsoft Most Valuable Professional
Directory Services
Introduction:
SKV Consulting is a Premier Consulting providing Enterprise solutions on designing Microsoft
Technologies. SKV follows Microsoft standard frameworks and proven methodologies in designing
and implementing the Infrastructure solutions.
SKV has successfully performed Enterprise Infrastructure transformations including both Desktop
transformations and Server transformations. SKV has proven track record of quality and delivery
methodologies and provide value to its customers by reducing the Operations costs and increase the
revenue.
1
SKV Solution for OTC
Solution Description:
OTC has their infrastructure hosted on Datacenters which are hosted in Sydney and Brisbane. OTC
hosts their Datacenter on Cisco blade servers with Datacenter Interconnect capability and hosts
Microsoft Operating System on their Physical and Virtual machines.
Datacenter runs on CISCO Catalyst 6500 series switches over IP and uses IEEE 802.1ae encryption
with the help of SUP2T.
The virtual infrastructure servers are configured with Microsoft Active Directory, Microsoft Exchange
Server, Microsoft System Center Operations Manager, File Server, OTC Application Servers, and
Microsoft SQL Servers.
OTC has 2 Production VLANs and 1 Client VLAN configured on Cisco Catalyst Switches, each VLAN
is configured on Cisco switches 6500X series with IP networking configured on a dedicated switch.
Each of the VLAN has mix of IBM Physical servers and Microsoft Virtualized Servers. VLAN tags
configured for communication between servers and Storage arrays.
OTC is engaging SKV, a Microsoft Premier Consulting firm to validate their existing Hyper-v
infrastructure. Existing configuration is implemented on Clustered Hyper-v roles and Microsoft
System Center Virtual Machine Manager to manage the Storage, Network and Virtualization tiers.
SKV will perform best practice analysis and identify any risks associated with the infrastructure and
provide Mitigation plan to increase the ROI.
OTC Data Center:
OTC Datacenters are hosted in Sydney and Brisbane and is managed by IBM. OTC has both Inhouse users and mobile users and connects to both Datacenters for Applications, Files or resource
access.
OTC follows industry standard to manage its Datacenter. It has Core, Aggregation and Access
layers to provide different functionality at each layer. The Core is built on CISCO 6513E switches
which provides high speed packet switching which manages in-flow and out-flow data across
Datacenters and Internet. The Aggregation is built on CISCO 6500 series catalyst switches which
has the support for NAT, VPN services. The Access layer is where all the servers connect to the
networking, the SAN storage connects to the virtual infrastructure and there is a dedicated client
VLAN which is used for the clients to connect to corporate network.
On the Virtual Infrastructure, Microsoft services such as Active Directory infrastructure is hosted
with the Forest Functional Level of Windows Server 2008 and Domain Functional Level configured
with Windows Server 2008. OTC have single Forest namespace with Additional Domain Controller
configured and most of the delegation is done using Organizational Units. Below table shows the
existing servers and Network infrastructure of Sydney Datacenter on which the Active Directory
Restructuring activity occurs.
OTC Network Infrastructure
Cisco Router 6500 x 8
Cisco NETRANGE x 2
Cisco VPN concentrator x 2
DELL Equilogic SAN x 1
IBM Servers x 4
Description
Deployed at Core, Aggregation and Access layers
Security intrusion detection
Secure communication
SAN Storage
Application servers and Hyper-v
Server VLAN
2Server VLANs
1 Client VLAN
Microsoft Infrastructure
Components
Primary Domain Controller
VLAN
Description
VLAN 1
Forest Root Domain
Microsoft Hyper-v
Microsoft Exchange Server
VLAN 1
VLAN 1
Virtualization Stack
Exchange Server 2010
Microsoft SharePoint Server 2010
Additional Domain Controller
VLAN 2
VLAN 2
Microsoft System Center Operations
Manager
Microsoft System Center
Configuration Manager
VLAN 2
Hosts SharePoint Web Portal
Secondary Domain Controller with
DNS
Manages Server Incidents
VLAN 2
Operating System Deployment, Patch
Management and Software
Distribution
DNS Namespace
Local
Description
OTC.LOCAL
Global
OTC.com
Domain Controllers
Prime-SYD.OTC. LOCAL
Sec-SYD.OTC.LOCAL
Hosted by ISP
Solution Diagram:
Internet
CORE
Cisco 6500
Cisco 6500
Cisco 6500
Cisco 6500
AGGREGATION
Cisco 6500
Cisco 6500
VPN Concentrator
VPN Concentrator
NetRanger
NetRanger
ACCESS
Cisco 6500
Hybrid Cloud
Hybrid Cloud
Application Server
Hyper-v
Hyper-v
DELL EQUALLOGIC
SAN
SYDNEY DATACENTER
Cisco 6500
Requirement Understanding:
SKV consulting to perform complete analysis of OTC Virtualization infrastructure which includes
a)
b)
c)
d)
Microsoft Hyper-v environment
General Active Directory configuration
General Domain Name Service configuration
Networking validation.
SKV will run few of many commands on the servers to validate the output and recommend OTC the
best practices going further. SKV will raise any errors or configuration issues to OTC. OTC has to
provide required privileges to SKV consulting to perform checks on the physical and virtual
infrastructures.
OTC Tasks:
1.
2.
3.
4.
5.
6.
Data center hosting is performed by OTC Employees
Configuration of CISCO Switches, VLAN configuration is performed by OTC
Provision of Internet Protocol Addresses are provided to SKV Consultants by OTC
Firewall exception rules are performed by OTC
Server Maintenance is performed by OTC which includes Server Patch Management
Storage provisioning is performed by OTC which includes provision of LUNs and
Configuration of ISCSI on Windows Servers.
7. Communications between VLANs is provisioned by OTC
8. DR procedures are managed by 3rd party vendor
9. Private Namespace is hosted by OTC
ASSUMPTIONS:
a) The health checks on the Microsoft suite of products are based on Microsoft standards
b) SKV to run scripts where necessary
c) Any server failure during the validation is not owned by SKV and the issue needs to be fixed
by OCT consultants.
d) SKV will not do any modification to existing infrastructure but provide valuable guidance and
report to OTC Technical Director
PRE-CHECKS
Below sections would cover Pre-checks list for different Microsoft technologies which are in scope
DNS Health Checks:
Below are the DNS checks that will be performed by SKV consultant to understand the Name
Resolution in OTC environment.
a) Understand the DNS infrastructure by validating the Namespace information
b) Note the DNS servers zone information and the IPaddress information.
c) Understand how the client requests are getting routed covering both intranet namespace and
internet namespace.
d) Validate the response time for Recursive DNS requests either with the help of Powershell
script or using Microsoft System Center Operations Manager.
e) Check the average amount of queries that DNS server receives each second, this would assist
in validating the response times between server and client. Powershell script needs to be run
to validate the response time.
f) Validate whether ever Active directory integrated zones are loaded within specified time, this
would help virtualized client / servers to minimize the response time for DFS / Applications or
logon operations.
g) Verify if the DNS Server service is performing slow and connected to appropriate adapter.
Active Directory Health Checks:
Below are the Active Directory checks that will be performed by SKV consultant to understand the
Active Directory Infrastructure in OTC environment and report back any of the configuration issues
or the errors related to Active Directory infrastructure.
a) Collect the Active directory information such as Number of Forests, Number of Domains, and
number of child domains and Organizational Units respectively.
b) Register the namespace being used within Active Directory forest and between Forests.
c) Check for the Forest Functional Level and Domain Functional Level configured for OTC
d) Verify the Time service configuration.
e) Verify the accounts needs to perform the health checks activities have the required
permissions
f) Register the amount of RODC vs Writable Domain controllers.
g) Validate the Group policy infrastructure and ensure the policies are not misconfigured. Run
GPResult on clients ranging from different domains and validate from the GPResult for NO
Overide is disabled for all Active directory Node
h) Verify for Blocked GPO inheritance on the OU nodes. If found, register in the log which will be
submitted to OTC
i) Verify all Domain Controllers are listed under Domain Controller Organizational Unit.
j)
Test the availability of each domain controller , the SYSVOL share should be accessible to
every domain controller.
Network Inventory:
Networking plays key role in designing and implementing successful virtualization solution, hence it
is desired to collect the following information from OCT.
a) Detailed Network architectural diagram of OCT which should show the Network path
information from source to destination.
b) IP space information which includes IP ranges and subnet configuration
c) ACL information which helps understanding the rules defined on the network.
d) VLAN, VLAN Trunk, VLAN Prune, VLAN Port Assignment and VLAN Tags inventory
e) Hyper-v External , Internal and Private Networks information
f) Firewall Ports information
Microsoft Hyper-v Health Checks:
Below are the Microsoft Hyper-V checks that will be performed by SKV consultant to understand the
Hyper-v configuration and supportability to manage Virtual Infrastructure in OTC environment. The
issues will be reported back to OTC respectively.
a) Verify if the Microsoft Hyper-V installation is stand-alone or clustered.
b) Note the storage configuration for Microsoft Hyper-V virtual machines.
c) Verify the number of Internal , External and Private Virtual Networks configured. This would
include validating and documenting Networking interfaces along with IPAddress information
for all the Interfaces.
d) Validate the adapter bindings for appropriate virtual networks and validate the VLAN
configuration along with VLAN Tags.
e) Understand the Hyper-v installation method. Validate how the Hyper-v role was installed and
joined to the Active Directory Domain.
Note: If customer is running Domain Controller on the VM, then the ideal installation
should be
1) Install Hyper-v role on the Physical Machine
2) Create a VM and install Windows Server Operating System, promote the Server to
Domain controller
3) Join the Hyper-v server to the domain
4) (for cluster ) Install the Second Hyper-v server on second Physical server and join to the
AD domain
5) Install the secondary domain controller on Node 2
6) Form the Hyper-v Cluster
f)
g)
h)
i)
j)
k)
l)
m)
n)
o)
p)
q)
r)
Ensure the following services are present in the Service Control Manager / Services.msc
1) Hyper-v Data Exchange Service
2) Hyper-v Guest Shutdown Service
3) Hyper-v Heartbeat Service
4) Hyper-v Remote Desktop Virtualization service
5) Hyper-v Time Synchronization service
6) Hyper-v Virtual Machine Management
7) Hyper-v Volume Shadow Copy Requester
Ensure the Hyper-v Administrators local group is created ( check using lusrmgr.msc 
groups )
Verify the Integration services being used on the virtual machines and upgrade to the latest
Integration services on the virtual machines.
Check for the Hyper-v Virtual Machine Management service account which should be running
with Local system account. If customer using different account, it should be having local
administrator rights. Most of the other Hyper-v services are Manual – Trigger start )
Verify the memory assignment for the Virtual Machines and ensure Dynamic memory is set
for low productivity servers / client Virtual Machines.
Validate the Memory consumption on the Hyper-v host and on the Virtual Machines. Divide
the Virtual Machines into Heavy Usage vs Light usage and run the Performance monitor
diagnostics on the virtual machine and on servers.
Verify the storage capacity configured on the virtual machines and verify the IOPS between
the virtual machines and SAN or NAS storage and identify the bottlenecks. There should be
sufficient diskspace to start the virtual machines. If virtual machines are starting from SAN (
BOOT From SAN ) verify the delay and check for the Jumbo packet support.
For each Virtual Machine verify the processor type and its performance on selected virtual
machines.
Verify the Network performance on the virtual machines for each subnet. Configure Resource
Monitor to capture the performance statistics. Run Tracert to determine number of hops on
every subnet.
Validate the amount of snapshots being taken and the reason for the snapshot. Disable the
feature on Client operating systems and enable the snapshot only for those servers which are
high performance centric.
Check for unused virtual machines that are not in use and decommission them. This can be
done through System Center Virtual Machine management.
Validate the permission on the Hyper-v folders which contain Virtual Hard disks ( VHDs).
Perform strict access check validation to ensure only desired active directory group gets
access to the folder, when remove the permissions , document the groups and perform
testing.
If the guest Virtual Machines are using Teamed NIC ensure
1) Team network should not have any protocols bound to the network
2) Ensure the Microsoft virtual Network switch protocol is left blank
3) Connect the virtual machines to virtual switch which is connected to teamed NIC
s) Verify the Hyper-v Backup strategies and the backup solution for Snapshot management and
verify the snapshot chain length to determine only the valid snapshots are backed-up
t) Run a sanity check on the Audit logs to determine the errors and unauthorized connection to
Hyper-v server. Restrict the users / access management to the Hyper-v server.
u) To have isolated access to Hyper-v server, remove any instance of remote utilities configured
on client operating system to manage Hyper-v.
Conclusion: This document produces best practices to validate Hyper-v installation and
configuration in an Enterprise implementations. This document provide intermediate level check list
to validate Hyper-v configurations.
Related documents
911 O V E R - T H E -
911 O V E R - T H E -
Virtual - Microsoft Center
Virtual - Microsoft Center
Virtualization: Hyper-V 2012 and SCVMM 2012 - U
Virtualization: Hyper-V 2012 and SCVMM 2012 - U
Ornithine Transcarbamylase Deficiency (OTC)
Ornithine Transcarbamylase Deficiency (OTC)
here
here
TechDays_SF
TechDays_SF
Drugs and Alcohol
Drugs and Alcohol
same in MS-Word format, with link to a longer article
same in MS-Word format, with link to a longer article
2015 department of medicine research day
2015 department of medicine research day
OTC Meds MATA 2016
OTC Meds MATA 2016
SIX Edge
SIX Edge
Database Environment - Buffalo State College
Database Environment - Buffalo State College