Cisco UCS Solution for EMC VSPEX Microsoft Private Cloud Fast Track 4.0
June 6, 2015
The CVD program consists of systems and solutions designed, tested, and documented to facilitate faster, more reliable, and more predictable customer deployments. For more information visit
http://www.cisco.com/go/designzone.
ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, "DESIGNS") IN THIS MANUAL ARE PRESENTED "AS IS," WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON FACTORS NOT TESTED BY CISCO.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0809R)
© 2015 Cisco Systems, Inc. All rights reserved.
About Cisco Validated Design (CVD) Program
Private Cloud Fast Track Program Description
Program Requirements and Validation
Core Fast Track Infrastructure
Active Directory Domain Services (AD DS)
IP Address Assignment and Management
PowerShell Deployment Toolkit (PDT)
Windows Server 2012 R2 Workstation
Cisco Nexus 1000V PowerShell Module
Set up Initial Cisco Nexus 9396 Switch
Enable Cisco Nexus Features and Set Global Configurations
Add Individual Port Descriptions for Troubleshooting
Create Necessary Port Channels
Add PortChannel Configurations
Configure Virtual Port Channel Domain
Link into Existing Network Infrastructure
Installing EMC Storage Integrator v3.1
Register the VNX for Use with the ESI PowerShell Toolkit
Configure CIFS Network Service
Create SMB File System and Mounts
Associate Shares with CIFS Server
Configure Cisco Unified Computing System Fabric Interconnects
Perform Initial Setup of the Cisco UCS 6248 Fabric Interconnects
Add a Block of IP Addresses for KVM Access
Edit the Chassis Discovery Policy
Enable Server and Uplink Ports
Configure Fibre Channel Switching Mode
Acknowledge the Cisco UCS Chassis
Create Uplink PortChannels to the Cisco Nexus 9396 Switches
Configure Policies, Pools, and Templates
Create an Organization (Optional)
Create Host Firmware Package Policy
Enable Quality of Service in Cisco UCS Fabric
Create a Local Disk Configuration Policy
Create a Server Pool Qualification Policy
Create vNIC/HBA Placement Policy for Virtual Machine Infrastructure Hosts
Assign VSANs to FCoE Storage Ports
Create vHBA Templates for Fabric A and B
Create Storage Connection Policies
Create Service Profile Templates
Clone Template for Initial Build
First Installation of Windows Server 2012 R2 Datacenter
EMC Enterprise Storage Integratore (ESI) and PowerShell
Install Windows Server 2012 R2
Install Windows Roles and Features
Configure Other Common Criteria
Change Service Profile for MPIO
Join Server to Fabric Management Domain
Rename Computer and Join to Domain
Configure Hyper-V Virtual Switches
Install EMC Unisphere Host Agent
Create Fabric Management Hyper-V Cluster
Create Fabric Management Cluster
Change Hyper-V Default Settings
Configure Cluster Aware Updating
Configure Constrained Delegation
(Optional) Configure Replica Broker Role
Provisioning Fabric Management Hosts
Create Sysprepped Virtual Hard Disk
Create Infrastructure Virtual Machines from Sysprepped Image
Create-VMs.ps1 PowerShell Script
Configure Cluster Preferred Owners and Priority
Create Required User Accounts and Security Groups
SQL Server 2012 Failover Cluster Installation
Establish the SQL Server Guest Cluster
Rename and Join SQL VMs to Active Directory Domain
Assign Users and Groups to Local Administrators Group
Create and Add Shared VHDX to VM
Assign SQL Access to SQL Share
Grant Installation Rights on VNX
Install First SQL Server Instance in Cluster
Install the SQL Server Named Instances on the Guest Cluster (Additional Nodes)
PowerShell Deployment Toolkit SQL Server Installation
Configure Windows Firewall Settings for SQL Server Named Instances
Assign Preferred Owners for SQL Server Instances in Failover Cluster Manager
Rename and Join SCVMM Servers to Active Directory Domain
Install the Windows Assessment and Deployment Kit
Install the Prerequisite Windows Server Roles and Features
Install the Command-Line Utilities in SQL Server 2012 with SP2
Install Virtual Machine Manager on First Node
Install Second Node of SCVMM Cluster
Creating Virtual Machine Manager Library Share on a Failover Cluster
Add Hyper-V Hosts to be Managed by SCVMM
Register VNX File Share to SCVMM
Configure Library Subdirectories (optional)
Configure Constrained Delegation (optional)
Install and Configure Cisco Nexus 1000V
Install the Virtual Supervisor Module Virtual Machine Template
Create Two Virtual Supervisor Module Virtual Machines
Add a Domain Name Service Record for the Virtual Supervisor Module VMs
Configure Virtual Servisor Modules in the VSM Virtual Machines
Configure the Cisco Nexus 1000V VSM for Use with SCVMM
Configure a Logical Switch in SCVMM
Create the Logical Switch on the Hyper-V Hosts
Configure the SCVMM Virtual Machine Properties
Configure SCVMM Network Interfaces
Rename the New Cluster Network
Configure System Center Application Virtual Machine Network Interfaces
Install Cisco UCS SCVMM Add-In
Install and Configure the EMC SMI-S Provider
Install the EMC SMI-S Provider
Register the VNX with the Provider
Create the SMI-S User for the SCVMM Run As Account
Create the Run As Account within SCVMM
Register the EMC SMI-S Provider with SCVMM
Allocate Storage Pools to Host Groups
Create a SAN Copy Capable Template
Select the Rapid Provisioning Deployment Method
Using ODX for Virtual Machine Deployments
Install the SQL Server Reporting Services (Split Configuration) and Analysis Services
Install Microsoft Report Viewer 2012
Configure Operations Manager SQL Server Prerequisites
Install the Operations Manager Management Server
Install the Second Operations Manager Management Server
Install the Operations Manager Reporting Server
Register the Required Service Principal Names for the Operations Manager Management Servers
Deploy Operations Manager Agent on Hyper-V Hosts
Install Operations Manager Console on the Virtual Machine Manager Management Server
Download and Import the Required Prerequisite Management Packs in Operations Manager
Perform Virtual Machine Manager and Operations Manager Integration
Install the Cisco UCS Management Pack
Add Cisco UCS Domains to Operations Manager
Configure Fault Acknowledgement
Installing and Configuring the EMC Storage Integrator Management
Assign Permissions to ESI Service Account
Monitor ESI Management Server with SCOM
Assign Monitor Role to ESI Service Account
Register the VNX with the ESI Service
Install the ESI SCOM Management Packs
Import the ESI SCOM Management Packs
Create ESI Run As Account and Associate with a Profile
Setting Overrides for the EMC SI Service Discovery
Configure Service Manager Environmental Prerequisites
Add .NET Framework 3.5 on all Server Manager Servers
Install SQL Server 2012 Native Client on the on the Management and Data Warehouse Servers
Install SQL Server 2012 SP1 Analysis Management Objects
Install SQL Server Reporting Services (Split Configuration) on the Data Warehouse Server
Install SharePoint Foundation 2010 SP2 on the Self-Service Portal Server.
Install .NET Framework 4 on the Self-Service Portal Server
Request and Install an SSL Certificate on the Self-Service Portal Server
Install Subsequent Management Servers
Install the Data Warehouse Server
Install the Service Manager Self-Service Portal Server
Add .NET Framework 3.5 and .NET Framework 4.5 with HTTP Activation
Install the Full Management Server
Install Second Server as Runbook Server
Install Microsoft Report Viewer 2012
Install the Operations Manager Console
Install the Virtual Machine Manager Console
Download and Register the Orchestrator Integration Packs
Deploy the Orchestrator Integration Packs
System Center 2012 R2 Orchestrator Integration Pack
Install the Virtual Machine Manager Console
Install the App Controller Portal Server
Service Management Automation (SMA)
Request and Install an SSL Certificate
Install the PowerShell Automation Module
System Center Service Provider Foundation
Install Microsoft ASP.NET Model View Control (MVC) 4
Install the Virtual Machine Manager Console
Request and Install an SSL Certificate
Install System Center Service Provider Foundation 2012 R2
Configure SQL Instance Permissions
Deploy .NET 4.5 Extended with ASP.NET
Deploy IIS Recommended Configuration
Administration Authentication Site
Create Service Profile Template
Associate Boot LUN to Service Profile
Complete Tenant Server Configuration
Register VNX File Share to SCVMM
Configure Cisco Nexus 1000V for Tenant NIC
Configure Logical Switch in SCVMM
Create Logical Switch on Hyper-V
The Microsoft Private Cloud Fast Track program is a joint effort between Microsoft and its hardware partners. The goal of the program is to help organizations develop and implement private clouds quickly while reducing both complexity and risk. The program provides a reference architecture that combines Microsoft software, consolidated guidance, and validated configurations with partner technology such as compute, network, and storage architectures, in addition to value-added software components.
The private cloud model provides much of the efficiency and agility of cloud computing, along with the increased control and customization that are achieved through dedicated private resources. With Private Cloud Fast Track, Microsoft and its hardware partners can help provide organizations with the control and the flexibility that are required to reap the potential benefits of the private cloud.
Private Cloud Fast Track utilizes the core capabilities of the Windows Server (OS), Hyper-V, and System Center to deliver a private cloud infrastructure as a service offering. These are also the key software components that are used for every reference implementation.
The Infrastructure as a Service Product Line Architecture (PLA) is focused on deploying virtualization fabric and fabric management technologies in Windows Server and System Center to support private cloud scenarios. This PLA includes reference architectures, best practices, and processes for streamlining deployment of these platforms to support private cloud scenarios.
This component of the IaaS PLA focuses on delivering core foundational virtualization fabric infrastructure guidance that aligns to the defined architectural patterns within this and other Windows Server 2012 R2 private cloud programs. The resulting Hyper-V infrastructure in Windows Server 2012 R2 can be leveraged to host advanced workloads, and subsequent releases will contain fabric management scenarios using System Center components.
Scenarios relevant to this release include:
· Resilient infrastructure – Maximize the availability of IT infrastructure through cost-effective redundant systems that prevent downtime, whether planned or unplanned.
· Centralized IT – Create pooled resources with a highly virtualized infrastructure that supports maintaining individual tenant rights and service levels.
· Consolidation and migration – Remove legacy systems and move workloads to a scalable high-performance infrastructure.
· Preparation for the cloud – Create the foundational infrastructure to begin transition to a private cloud solution.
The Fast Track program has two main solutions, as shown in Figure 1. This Cisco Validated Design will focus exclusively on the Open Solutions branch.
Figure 1 Branches of the Microsoft Private Cloud
Each branch in the Fast Track program uses a reference architecture that defines the requirements that are necessary to design, build, and deliver virtualization and private cloud solutions for small, medium, and large-size enterprise implementations.
Each reference architecture in the Fast Track program combines concise guidance with validated configurations for the compute, network, storage, and virtualization layers. Each architecture presents multiple design patterns for enabling the architecture, and each design pattern describes the minimum requirements for validating each Fast Track solution.
The Cisco and EMC Fast Track Solution presented in this document is an Open solution. The Cisco and EMC with Microsoft Private Cloud Fast Track solution utilizes the core capabilities of Windows Server 2012 R2, Hyper-V, and System Center 2012 R2 to deliver a Private Cloud - Infrastructure as a Service offering. The key software components of every Reference Implementation are Windows Server 2012 R2, Hyper-V, and System Center 2012 R2. The solution also includes software from Cisco and EMC to form a complete solution that is ready for your enterprise.
The Cisco and EMC with Microsoft Private Cloud Fast Track solution provides a reference architecture for building private clouds on each organization’s unique terms. Each Fast-Track solution helps organizations implement private clouds with increased ease and confidence. Among the benefits of the Microsoft Private Cloud Fast Track Program are faster deployment, reduced risk, and a lower cost of ownership.
Reduced risk:
· Tested, end-to-end interoperability of compute, storage, and network
· Predefined, out-of-box solutions based on a common cloud architecture that has already been tested and validated
· High degree of service availability through automated load balancing
Lower cost of ownership:
· A cost-optimized, platform and software-independent solution for rack system integration
· High performance and scalability with Windows Server 2012 R2 operating system and Hyper-V
· Minimized backup times and fulfilled recovery time objectives for each business critical environment
The Microsoft Private Cloud Fast Track Program integrates best-in-class hardware implementations with Microsoft’s software to create a Reference Implementation. This solution has been co-developed by Cisco, EMC, and Microsoft and has gone through a validation process. As a Reference Implementation, Cisco, EMC, and Microsoft have done the work of building a private cloud that is ready to meet a customer’s needs.
Faster deployment:
· End-to-end architectural and deployment guidance
· Streamlined infrastructure planning due to predefined capacity
· Enhanced functionality and automation through deep knowledge of infrastructure
· Integrated management for virtual machine (VM) and infrastructure deployment
· Self-service portal for rapid and simplified provisioning of resources
The Microsoft Private Cloud Fast Track program is comprised of three pillars: Engineering, Marketing, and Enablement. These three pillars drive the creation of Reference Implementations, making them public and finally making them available for customers to purchase. This Reference Architecture is one step in the “Engineering” phase of the program and towards the validation of a Reference Implementation.
The Microsoft Private Cloud Fast Track program has multiple solutions; it also presents multiple design patterns that its partners can choose from to show the partners best solutions. Table 1lists the three design patterns that Microsoft offers.
Table 1 Design Pattern Summaries
Design Pattern |
Key Features |
1. Software-defined infrastructure |
· File-based Storage Networking through SMB3 · Deep guidance for using Windows as the storage platform for example, Storage Spaces, SMB Direct, etc. |
2. Non-Converged infrastructure |
· Dedicated Ethernet NICs and Storage HBAs · iSCSI, FCoE, or Fibre Channel storage networking |
3. Converged infrastructure |
· Converged Networking · FC, FCoE, or iSCSI storage networking |
The Cisco and EMC solution is a converged solution deployed with Fibre Channel over Ethernet and SMB.
Converged Infrastructure is the sharing of network topology between network and storage network traffic. This typically implies Ethernet network devices and network controllers with particular features to provide segregation, quality of service (performance), and scalability. The result is a network fabric with less physical complexity, greater agility and lower costs than those associated with traditional Fiber-based storage networks.
In this topology, many storage designs are supported including traditional SANs, SMB3-enabled SANs, and Windows-based Scale-Out File Servers. The main point in a converged infrastructure is that all storage connectivity is network-based using a single media such as copper. SFP+ adapters are most commonly used.
Key drivers for convergence include cost savings and operational efficiency of a single common Ethernet network vs. multiple physical networks and HBAs for storage traffic. Benefits often include higher utilization levels of datacenter infrastructure with reduced equipment and management costs of the network.
The Cisco and EMC solution is based on Design Pattern 3 – Converged Infrastructure. In Design Pattern 3, the Hyper-V hosts boot from FCoE LUNs and the fabric management VMs are hosted directly on a unified storage array through SMB. Additionally, Pattern 3 leverages the minimal number of System Center component servers recommended in order to provide full functionality and high availability in a production environment. This document covers the steps for installing Design Pattern 3. Design Pattern 3 is outlined in Figure 2: .
A single design pattern is introduced for Fabric Management which includes a dedicated two-to-four node Hyper-V failover cluster to host the fabric management virtual machines. This design pattern utilizes both scaled-out and highly available deployments of the System Center components to provide full functionality in a production environment.
It is recommended that the systems that comprise the Fabric Management layer be physically separated from the rest of the Fabric. Dedicated Fabric Management servers should be used to host those virtual machines which provide management for all of the resources within the cloud infrastructure. This model helps ensure that, regardless of the state of the majority of Fabric resources, management of the infrastructure and its workloads is maintained at all times.
To support this level of availability and separation, IaaS PLA cloud architectures contains a separate set of hosts, running Windows Server 2012 R2 configured as a failover cluster with the Hyper-V role enabled. It should contain a minimum two-node Fabric Management cluster (a three-node cluster is recommended for scale and availability). This Fabric Management cluster is dedicated to the virtual machines running the suite of products that provide IaaS management functionality, and it is not intended to run additional customer workloads over the Fabric infrastructure.
Furthermore, to support Fabric Management operations, these hosts contain high availability virtualized instances (virtual machines) of the management infrastructure (System Center components and their dependencies). However, for some components of the management stack, native high availability is maintained on the application level, for example, a Guest Cluster, built-in availability constructs, or a network load balanced array.
In addition to the System Center components running as virtual machines, Cisco deploys a pair of Cisco Nexus 1000V virtual machines to handle network management for the VMs.
Figure 2 Private Cloud Fabric Management Infrastructure
The Fabric Management cluster is configured in such a manner to help ensure maximum availability of all components of the environment. Each Cisco UCS B200 M4 blade server is configured with sufficient memory to support the running of all the listed virtual machines illustrated above on just two physical servers. By provisioning a fourth node, the environment retains its highly available capability even during those periods of time when a single host node is taken down for maintenance. For example, in the above figure, if Node 3 was down for maintenance, a catastrophic failure of Node 2 would not prevent all the virtual machines from continuing to run on Node 1 and Node 4.
The Cisco and EMC architecture is highly modular. Although each customer’s components might vary in its exact configuration, after a Cisco and EMC configuration is built, it can easily be scaled as requirements and demands change. This includes both scaling up (adding additional resources within a Cisco UCS chassis and/or EMC VNX array) and scaling out (adding additional Cisco UCS chassis and/or EMC VNX array).
The Cisco UCS solution validated with Microsoft Private Cloud includes EMC VNX5400 storage, Cisco Nexus 9000 Series network switches, the Cisco Unified Computing Systems (Cisco UCS) platforms, and Microsoft virtualization software in a single package. The computing and storage can fit in one data center rack with networking residing in a separate rack or deployed according to a customer’s data center design. Due to port density, the networking components can accommodate multiple configurations.
Figure 3 Implementation Diagram
Figure 3 contains the following components:
· One 5108 chassis each with two Cisco UCS 2208XP Fabric Extenders
· Eight Cisco UCS B200 M4 Blade Servers
- Dual Intel E5-2660V3 2.20 GHz processors
- 256 GB memory
- Cisco UCS 1340 Virtual Interface Card
· Two Cisco UCS 6248UP Fabric Interconnects
· Two Cisco Nexus 9396PX Switches
· 10 GE and 10 G FCoE connections
· EMC VNX5400 Unified Platform
- 75 x 300 GB SAS disks
- Two FCoE SLIC used for booting Hyper-V hosts
- Two SMB SLIC used for storage of all virtual hard disks used by virtual machines
- EMC SnapView
· Two Cisco UCS C220 M4 Rack Servers (optional)
- Dual Intel E5-2660V3 2.20 GHz processors
- 256 GB memory
- Cisco UCS 1325 Virtual Interface Card
· Two Cisco Nexus 2232PP Fabric Extenders (optional)
Storage is provided by an EMC VNX5400 storage array with accompanying disk shelves. All systems and fabric links feature redundancy, providing for end-to-end high availability (HA configuration within a single chassis). For server virtualization, the deployment includes Microsoft Hyper-V. While this is the default base design, each of the components can be scaled flexibly to support the specific business requirements in question. For example, more (or different) blades and chassis could be deployed to increase compute capacity, additional disk shelves or SSDs could be deployed to improve I/O capacity and throughput, or special hardware or software features could be added to introduce new features.
The remainder of this document provides guidance through the low-level steps of deploying the base architecture, as shown in Figure 3 . This includes everything from physical cabling, to compute and storage configuration, to configuring virtualization with Microsoft Windows Server 2012 R2 Hyper-V.
· (2) Active Directory, DNS, and DHCP
· (1) NTP services synchronized to an external time source
· (1) Microsoft’s Windows Server Update Services
Active Directory Domain Services (AD DS) is a required foundational component. The IaaS PLA supports customer deployments for AD DS in Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008. Previous versions of the Windows operating system are not directly supported for all workflow provisioning and deprovisioning automation.
· Forests and domains: The preferred approach is to integrate into an existing AD DS forest and domain, but this is not a hard requirement. A dedicated resource forest or domain may also be employed as an additional part of the deployment. System Center does support multiple domains or multiple forests in a trusted environment using two-way forest trusts.
· Trusts: System Center allows multi-domain support within a single forest in which two-way forest (Kerberos) trusts exist between all domains. This is referred to as multi-domain or intra-forest support.
Name resolution is a required element for System Center 2012 R2 components installation and the process automation solution. Domain Name System (DNS) integrated in AD DS is required for automated provisioning and deprovisioning components. This solution provides full support for deployments running Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 DNS.
Using non-Microsoft or non-AD DS integrated DNS solutions might be possible, but they would not provide automated creation and removal of DNS records that are related to component installation as well as virtual machine provisioning and deprovisioning processes. Using solutions outside of AD DS integrated DNS would require manual intervention for these scenarios. Using non-AD DS integrated DNS is not covered in this CVD.
To support dynamic provisioning and runbook automation, and to manage physical and virtual compute capacity within the IaaS infrastructure, Dynamic Host Configuration Protocol (DHCP) is used by default for all physical computers and virtual machines. For physical hosts like the Fabric Management cluster nodes and the scale unit cluster nodes, DHCP reservations or fixed IP addresses are recommended so that physical servers and network adapters have known Internet Protocol (IP) addresses. DHCP provides centralized management of these addresses.
Virtual Machine Manager (VMM) can provide address management both for physical computers (Hyper-V Host Servers and Scale-Out File Servers) and for virtual machines. These IP addresses are assigned statically from IP Address Pools managed by Virtual Machine Manager. This approach is recommended as an alternative to DHCP and also provides centralized management.
If a particular subnet or IP Address range is maintained by Virtual Machine Manager, it should not be served by DHCP. However, other subnets, for example, used by physical servers, which are not managed by Virtual Machine Manager, can still leverage DHCP.
Regardless of the IP address assignment mechanism chosen (DHCP, Virtual Machine Manager, or both), Windows Server IP Address Management (IPAM) feature can be leveraged to track in-use IP addresses for reporting and advanced automation. Optionally, both DHCP and Virtual Machine Manager features can be integrated with IPAM. Using IPAM within Windows Server is outside the scope of this document.
It is important to note the software versions used in this document. Table 2 details the software revisions used throughout this document.
Layer |
Compute |
Version or Release |
Details |
Compute |
Cisco UCS Fabric Interconnect |
2.2(3d) |
http://software.cisco.com/download/type.html?mdfid=283853163&flowid=25821 |
Cisco UCS B-200-M4 |
2.2(3d) |
http://software.cisco.com/download/type.html?mdfid=283853163&flowid=25821 |
|
Network |
Nexus Fabric Switch |
6.1(2)I2(3) |
NX-OS operating system version |
Storage |
EMC VNX5400 Block |
05.33.005.5.081 |
Operating system version |
EMC VNX5400 File (Optional) |
8.1.3-79 |
Operating system version |
|
Software |
Cisco UCS Hosts |
2012 R2 |
Microsoft Windows Server Datacenter Edition + Hyper-V Role |
.NET Framework |
3.5.1 |
Feature enabled within Windows Server 2012 R2 (Required for SQL installations) |
|
.NET Framework |
4.0 |
||
Windows MPIO software |
|
Feature within Windows Server 2012 R2 |
|
Cisco UCS Management Pack for SCOM 2012 R2 |
3.0.1 |
||
Cisco UCS Power Tools |
1.3.1 |
||
Cisco UCS Integration Pack for SCO |
1.0 |
||
Cisco UCS SCO Sample Runbook |
|
||
Cisco Nexus 1000V |
5.2 |
https://software.cisco.com/portal/pub/download/portal/select.html?i=!s&mdfid=284786025 |
|
Cisco Nexus 1000V PowerShell |
1.0 |
http://developer.cisco.com/fileMedia/download/8bf948fb-83a5-4c9e-af5c-4faac735c8d3 |
|
Cisco UCS SCVMM Add-in |
1.0.2 |
https://communities.cisco.com/docs/DOC-37158 |
|
EMC Navisphere |
7.33 |
EMC CLI |
|
EMC PowerPath |
6.0 |
EMC integration within Windows operating system |
|
EMC Storage Integrator (ESI) |
3.6 |
EMC Storage Integrator with EMC PowerShell (only installs on Windows Server operating system instances) |
|
EMC Management Pack |
3.6 |
Systems Center Operations Manager Management Pack |
|
EMC SMI-S Provider |
4.6.2.9 |
Provider for Systems Center Virtual Machine Manager Integration. |
|
EMC Unisphere Host Agent |
1.3.6.1.0096-1 |
Automated host registration with VNX |
|
VM Software |
Windows Server Datacenter Edition
|
2012 R2 |
Evaluation software – can be upgraded. |
Windows Server Datacenter Edition |
2008 R2 SP1 |
Evaluation software – can be upgraded. http://www.microsoft.com/en-us/download/details.aspx?id=11093 |
|
MS SQL Server |
2012 SP2 |
Evaluation software – can be upgraded http://www.microsoft.com/en-us/download/details.aspx?id=43340 |
|
SQL Server Cumulative Update |
2012 SP1 |
||
Operations Manager Management Server |
2012 R2 |
Evaluation software – can be upgraded http://www.microsoft.com/en-us/evalcenter/evaluate-system-center-2012-r2 |
|
Operations Manager Supplemental Management Server |
2012 R2 |
Same as above |
|
Operations Manager Reporting Server |
2012 R2 |
Same as above. |
|
Virtual Machine Manager (2 VMs in HA configuration) |
2012 R2 |
Same as above. |
|
Orchestrator Management and Action Server |
2012 R2 |
Same as above. |
|
Orchestrator Supplemental Action Server |
2012 R2 |
Same as above. |
|
Service Manager Management Server |
2012 R2 |
Same as above. |
|
Service Manager Supplemental Management Server |
2012 R2 |
Same as above. |
|
Service Manager Data Warehouse |
2012 R2 |
Same as above. |
|
Service Manager Self-Service Portal |
2012 R2 |
Same as above. |
|
App Controller |
2012 R2 |
Same as above. |
|
Windows Deployment Server |
2012 R2 |
Optional: Enabled role within Windows Server 2012 R2 |
|
Windows Assessment and Deployment Kit (ADK) for Windows 8.1 |
|
http://www.microsoft.com/en-us/download/details.aspx?id=39982 |
|
System Center 2012 R2 Integration Packs |
2012 R2 |
||
System Center 2012 Operations Manager management packs |
2012 R2 |
Location of current Microsoft management packs can be found at http://social.technet.microsoft.com/wiki/contents/articles/16174.microsoft-management-packs.aspx A PowerShell script to download all Microsoft management packs can be found at http://gallery.technet.microsoft.com/All-Management-Packs-for-37d37902 |
|
SQL Server 2012 Analysis Management Objects |
2012 |
||
SQL Server 2008 R2 SP1 Analysis Management Objects |
2008 |
||
Microsoft Report Viewer 2010 SP1 |
2010 |
http://download.microsoft.com/download/5/B/9/5B95F704-F7E3-440D-8C68-A88635EA4F87/ReportViewer.exe |
|
Microsoft Report Viewer 2008 SP1 |
2008 SP1 |
http://download.microsoft.com/download/0/4/F/04F99ADD-9E02-4C40-838E-76A95BCEFB8B/ReportViewer.exe |
|
SQL Server 2012 SP1 Native Client |
2012 |
||
Microsoft SharePoint Foundation 2010 |
2010 |
||
Microsoft SharePoint Foundation 2010 SP1 |
2010 SP1 |
||
Silverlight |
|
||
Miscellaneous |
Java |
7.0 or later |
|
PuTTy |
0.62 |
||
PL-2303 USB-to-Serial driver |
1.7.0 |
https://s3.amazonaws.com/plugable/bin/PL2303_Prolific_DriverInstaller_v1.7.0.zip |
|
Extractor Utility |
7-Zip, PeaZip, or WinRAR |
· 7-Zip – http://7-zip.org/ · PeaZip – http://www.peazip.org/peazip-64bit.html · WinRAR – http://www.win-rar.com/download.html?&L=0 |
|
Microsoft Web Platform Installer |
5.0 |
Microsoft’s PowerShell Deployment Toolkit (https://gallery.technet.microsoft.com/PowerShell-Deployment-f20bb605 ) contains a script (Downloader.ps1) that can download and extract almost all the Microsoft software requirements. Though it can be used to deploy the complete System Center environment, that exercise is beyond the scope of this document. However, the Downloader script is an easy way to make sure you obtain the latest versions in as quick a way as possible. Download PDT and extract all files into a single directory.
The Downloader script depends upon two files, Workflow.xml and Variable.xml. DO NOT change any content in Workflow.xml. It is the ‘brains’ of the process and changes to this file will likely cause scripts to fail. Make changes only to the Variable.xml file. For Downloader.ps1 to download all the files, you need to change two lines in the Variable.xml file. Change the SourcePath and Download variables to reflect the location to which you wish to download the files. It is recommended to have both these variables point to the same location.
<Variable Name="SourcePath" Value="$SystemDrive\Installer" />
<Variable Name="Download" Value="$SystemDrive\Installer" />
The PDT scripts are not signed. Depending upon the PowerShell execution policy in place, you might need to change it to unrestricted. It can be reset after running the Downloader.ps1 script.
When the Downloader.ps1 script has successfully run to download and extract the files, the download subdirectory can be deleted.
This document provides details for configuring a fully redundant, highly-available configuration. References are made as to which component is being configured with each step whether that be A or B. For example, Storage Processor A (SP A) and Storage Processor B (SP B) are used to identify the two EMC storage controllers that are provisioned with this document while Cisco Nexus A and Nexus B identify the pair of Cisco Nexus switches that are configured. The Cisco UCS fabric interconnects are configured likewise. Additionally, this document details steps for provisioning multiple UCS hosts and these are identified sequentially, VMHost-Mgmt01, VMHost-Mgmt02, and so on. Finally, when indicating that the reader should include information pertinent to their environment in a given step, this is indicated with the inclusion of <italicized text> as part of the command structure. See the example below for the vlan create command:
controller A> vlan create
Usage:
vlan create [-g {on|off}] <ifname> <vlanid_list>
vlan add <ifname> <vlanid_list>
vlan delete –q <ifname> [<vlanid_list>]
vlan modify –g {on|off} <ifname>
vlan stat <ifname> [<vlanid_list>]
Example:
controller A> vlan create vif0 <management VLAN ID>
The Cisco UCS PowerTool allows configuration and modification of the Cisco UCS environment by using Microsoft PowerShell. The same conventions for entering parameters shown above are followed for entering commands, parameters, and variables within PowerShell. One thing to note with Cisco UCS PowerTool is that many of its parameters are case sensitive, whereas parameters in PowerShell are not case sensitive. For example, a parameter value of ‘enabled’ in PowerShell can be represented as either ‘enabled’ or ‘Enabled’ (without the single quotes). With the Cisco UCS PowerTool cmdlets, ‘enabled’ is different from ‘Enabled’.
This document is intended to allow the reader to fully configure the customer environment. In order to do so, there are various steps which will require you to insert your own naming conventions, IP address and VLAN schemes as well as record appropriate WWPN, WWNN, or MAC addresses. The following table details the list of VLANs necessary for deployment as outlined in this guide. Note that in this document the SC-access VLAN and subnet is used for Fabric Management virtual machine access. The Mgmt VLAN and subnet is used for management interfaces of the Hyper-V hosts. A Layer-3 route must exist between the Mgmt and SC-access subnets.
Table 3 VLAN Names and IDs Used in this Document
VLAN Name |
Description |
VLAN ID |
Subnet |
Gateway |
Default |
VLAN to which untagged frames are assigned |
1 |
|
|
Mgmt |
Host management interface |
10 |
192.168.10.0/24 |
192.168.10.1 |
LiveMigration |
Hyper-V Live Migration |
11 |
192.168.11.0/24 |
None |
CSV |
Cluster Shared Volume |
12 |
192.168.12.0/24 |
None |
SMB |
SMB access |
17 |
192.168.15.0/24 |
None |
SC-access |
Fabric Management virtual machine access |
20 |
192.168.20.0/24 |
192.168.20.1 |
SC-database |
Fabric Management DB and cluster communication |
22 |
192.168.22.0/24 |
192.168.22.1 |
T1-access |
First Tenant access |
1000 |
192.168.100.0/24 |
192.168.100.1 |
T1-database |
First Tenant DB and cluster communication |
1002 |
192.168.102.0/24 |
None |
It is recommended to have a Windows 8.1 or Windows Server 2012 R2 workstation configured with certain pre-requisite software and joined to the same domain as the Hyper-V servers will be joined. Using a properly configured workstation makes the job of installing the solution easier. Here is the recommendation for software to be installed on the workstation.
Note: The Remote Server Administration Toolkit (RSAT) is operating system version specific. In order to fully manage the Windows Server 2012 R2 systems, you must use either a Windows 8.1 or Windows Server 2012 R2 workstation. Earlier versions will not work properly.
· Install .NET Framework 3.5 by issuing the following command from an elevated command prompt: Enable-WindowsOptionalFeature –Online –FeatureName NetFx3 –Source D:\sources\sxs. This assumes the drive D: is the location of your Windows distribution media.
· Install the Remote Server Administration Tools for Windows 8.1. This is found at http://www.microsoft.com/en-us/download/details.aspx?id=39296. This is available in both a 32-bit and 64-bit distribution. Make sure you select the copy to match your Windows 8.1 installation.
· After installing the Remote Server Administration Tools, install specific management tools.
- Hyper-V Management Tools – issue the following command from an elevated command prompt: Get-WindowsOptionalFeature -Online -FeatureName *hyper-v*all | Enable-WindowsOptionalFeature -Online
- Failover Clustering Tools – issue the following command from an elevated command prompt: Enable-WindowsOptionalFeature -Online -FeatureName RemoteServerAdministrationTools-Features-Clustering
· Install .NET Framework 3.5 by issuing the following command from an elevated command prompt: Install-WindowsFeature –Name NET-Framework-Core –Source D:\sources\sxs. This assumes the drive D: is the location of your Windows distribution media.
· Install the Hyper-V Management Tools by issuing this PowerShell cmdlet: Install-WindowsFeature –Name RSAT-Hyper-V-Tools
· Install the Windows Failover Clustering Tools by issuing this PowerShell cmdlet: Install-WindowsFeature –Name RSAT-Clustering
· Cisco UCS PowerTool for UCSM, version 1.3.1.
· Cisco Nexus 1000V PowerShell, version 1.0.
· Naviseccli – Navisphere Secure Command Line Interface
· ESI (EMC Storage Integrator) – EMC PowerShell library (only installs on Server instances)
· Java 7 – required for running UCS Manager. Installed from the web.
· PuTTy – an SSH and Telnet client helpful in initial configuration of the Cisco UCS 6248UP Fabric Interconnects. This program just needs to be copied to the system.
· PL-2303 USB-to-Serial driver – used to connect to the Cisco UCS 6248UP Fabric Interconnects through a serial cable connected to a USB port on the workstation. The download is a .zip file. Extract the executable from the .zip file and load it on the system.
· If using the PDT to download installation files, you will need to install the following.
- One of the following extraction packages
ù 7-Zip
ù PeaZip
ù WinRAR
- Web Platform Installer 5.0
You can download all the software listed in the revision table to this workstation. Some of the software, such as distribution media, can be placed into a file share for access by other systems.
Before beginning the installation of Cisco PowerTool and the Cisco Nexus 1000V PowerShell module, make sure the following:
· There are no open windows running Windows PowerShell
· Uninstall all versions of Cisco UCS PowerTool that are older than Cisco UCS PowerTool, Release 0.9.1.0.
· You have downloaded the latest versions of software
- Cisco PowerTool version 1.3.1
- Cisco Nexus 1000V version 1.5(2a) contains PowerShell module
Navigate to the location you have copied the CiscoUcs-PowerTool-1.3.1.0.exe file. Execute it from an elevated command prompt. |
|
A splash screen displays as the compacted file is expanded for installation. |
|
The routine checks to make sure no other instances of PowerShell are running. If so, it is necessary to stop those running instances before proceeding. Click Next to continue. |
|
Click the radio button by I accept the terms in the license agreement. Click Next to continue. |
|
Accept the default installation directory. Click Next to continue. |
|
Click the checkbox by Create Desktop Shortcut if you want to have a desktop shortcut. Click Install to start the installation process. |
|
Click Finish when the installation process completes. |
|
It is a good practice to include the loading of the PowerTool module in the default PowerShell profile. This helps ensure that PowerTool is available any time you launch PowerShell. Open a PowerShell window and execute the command $profile to determine the location of the default profile location for the account you will be running under. |
|
The information provided by the $profile command shows the location PowerShell will look for the profile information, but on a fresh installation of an operating system, the directory and file do not exist. You will need to create a new directory. Enter a command to create a new directory as indicated by the previous command. |
|
When the WindowsPowerShell directory is created in the proper location, enter the command notepad $profile to open the profile to edit it. |
|
AS the file does not exist, Notepad will report that it does not exist. Click Yes to indicate that you want the file created. |
|
Enter the string Import-Module CiscoUcsPs into Notepad, ensuring you terminate the line with a carriage return. Exit and save the file. Now whenever this user starts a PowerShell window, the CiscoUcsPs module will be automatically loaded and be ready for use. |
Cisco provides a PowerShell module containing cmdlets to invoke the REST APIs on the Cisco Nexus 1000V. This can be downloaded from https://developer.cisco.com/fileMedia/download/8bf948fb-83a5-4c9e-af5c-4faac735c8d3.
Download the .zip file and expand it. Copy the Cisco-Nexus1000V.psm1 file to the system from which the PowerShell cmdlets will be used. Before using the cmdlets, the module must be imported.
PS C:\> Import-Module .\<location>\Cisco-Nexus1000V.psm1
Before issuing any other Cisco Nexus 1000V cmdlets, you need to establish a link to the virtual supervisory module with the following cmdlet.
PS C:\> Connect-VSM –Vsm_IP <IP address>
A credentials window will open allowing for the entry of the credentials to connect to the VSM. This cmdlet will create two global variables which must not be overridden during the PowerShell session - $VSM_IP and $Credential.
To see all cmdlets available to be used, issue the following cmdlet.
PS C:\> Get-Command –Module Cisco-Nexus1000V
ESI components, including the PowerShell module, can only be installed on Windows Server instances.
u Perform the following steps to install just the ESI PowerShell module. |
|
Obtain a copy of the Windows Server 2012 R2 source files. The source files can be found on the installation media in the “\sources\sxs” folder
|
|
Install .Net Framework 3.5 using the source files from the previous step. From PowerShell run the following command: Add-WindowsFeature Net-Framework-Core -Source E:\sources\sxs |
|
Install the Windows PowerShell 2.0 Engine Add-WindowsFeature PowerShell-V2
|
|
Launch the EMC Storage Integrator (x64) installer. Click Next on the welcome window. Select the radio button to accept the License Agreement. Click Next.
|
|
On the Prerequisites for ESI window click Next. |
|
Select the following components: · Core (with Windows & Hyper-V Adapters) · EMC VNX Adapter · ESI PowerShell Toolkit · ESI Service Click Next |
|
On the Publish Connection Information window select the radio button by Active Directory. Click Next. |
|
On the Configure Active Directory window enter credentials for an account that can configure Active Directory. Click Next. |
|
On the Ready to Install the Program window click Install.
|
|
A progress window will display showing the installation’s progress. On the InstallShield Wizard Completed page click Finish.
|
|
From an elevated PowerShell window issue the following EMC ESI PowerShell cmdlet: Get-EmcStorageSystemCredential | Connect-EmcSystem Enter required values reflecting your configuration. The File IP Address is the IP address of the VNX control station. Click Test Connection. |
|
On the Test Connection window click OK. Back on the Add Storage System window click OK.
|
This document details the necessary steps to deploy base infrastructure components as well as provisioning Microsoft Private Cloud as the foundation for virtualized workloads. At the end of these deployment steps, you will be prepared to provision your applications on top of a Microsoft Private Cloud virtualized infrastructure. The outlined procedure includes:
· Initial EMC VNX array configuration
· Initial Cisco UCS configuration
· Initial Cisco Nexus configuration
· Creation of necessary VLANs for management, basic functionality, and specific to the Microsoft virtualized infrastructure
· Creation of necessary vPCs to provide HA among devices
· Creation of necessary service profile pools: WWPN, world-wide node name (WWNN), MAC, server, and so forth
· Creation of necessary service profile policies: adapter, boot, and so forth
· Creation of four service profile templates from the created pools and policies: one each for fabric A and B
· Provisioning of four servers from the created service profiles in preparation for OS installation
· Initial configuration of the infrastructure components residing on the EMC Controller
· Deployment of a Microsoft Hyper-V failover cluster to handle Fabric Management roles
· Deployment of Microsoft System Center
- Deployment of the Cisco Plug-ins
- Deployment of the EMC Plug-ins
· Deployment of Microsoft Windows Azure Pack
· Deployment of a Microsoft Hyper-V failover cluster to handle tenant workloads
The Microsoft Private Cloud Solution validated with the Cisco and EMC architecture is flexible; therefore, the exact configuration detailed in this section might vary for customer implementations depending on specific requirements. Although customer implementations might deviate from the information that follows, the best practices, features, and configurations listed in this section should still be used as a reference for building a customized Cisco and EMC with Microsoft Private Cloud solution.
The following information is provided as a reference for cabling the physical equipment in a Cisco and EMC environment. The tables include both local and remote device and port locations in order to simplify cabling requirements.
The tables in this section contain details for the prescribed and supported configuration of the EMC VNX5400.
This document assumes that out-of-band management ports are plugged into an existing management infrastructure at the deployment site.
Be sure to follow the cable directions in this section. Failure to do so will result in necessary changes to the deployment procedures that follow because specific port locations are mentioned.
It is possible to order an EMC VNX5400 system in a different configuration from what is described in the tables in this section. Before starting, be sure the configuration matches what is described in the tables and diagrams in this section. For purposes of this document, the two-port cards are located as follows:
Table 4 I/O Card Locations
I/O Card |
SP or Data Mover |
Slot or IO Module |
FCoE |
SPA / SPB |
3 |
SMB |
Data Mover 2 / Data Mover 3 |
IO Module 1 |
Table 5 Cisco Nexus 9396 A Cabling Information
Local Port |
Connection |
Remote Device |
Remote Port |
Eth 1/1 |
10 GE Twinax – Peer Link |
Cisco Nexus 9396 B |
Eth 1/1 |
Eth 1/2 |
10 GE Twinax – Peer Link |
Cisco Nexus 9396 B |
Eth 1/2 |
Eth 1/9 |
10 GE Twinax – Port Channel |
Cisco 6248 A |
Eth 1/9 |
Eth 1/10 |
10 GE Twinax – Port Channel |
Cisco 6248 B |
Eth 1/9 |
Eth 1/16 |
1 GE RJ45 – Uplink |
Northbound switch |
any |
Eth 1/25 |
Fibre – SMB |
VNX Data Mover A1 |
Port 0 |
Eth 1/26 |
Fibre – SMB |
VNX Data Mover B1 |
Port 0 |
Mgmt0 |
1 GE RJ45 |
Management switch |
any |
Table 6 Cisco Nexus 9396 B Cabling Information
Local Port |
Connection |
Remote Device |
Remote Port |
Eth 1/1 |
10 GE Twinax – Peer Link |
Cisco Nexus 9396 A |
Eth 1/1 |
Eth 1/2 |
10 GE Twinax – Peer Link |
Cisco Nexus 9396 A |
Eth 1/2 |
Eth 1/9 |
10 GE Twinax – Port Channel |
Cisco 6248 A |
Eth 1/10 |
Eth 1/10 |
10 GE Twinax – Port Channel |
Cisco 6248 B |
Eth 1/10 |
Eth 1/16 |
1 GE RJ45 – Uplink |
Northbound switch |
any |
Eth 1/25 |
Fibre – SMB |
VNX Data Mover A1 |
Port 1 |
Eth 1/26 |
Fibre – SMB |
VNX Data Mover B1 |
Port 1 |
Mgmt0 |
1 GE RJ45 |
Management switch |
any |
Table 7 Cisco 6248 Fabric Interconnect A Cabling Information
Local Port |
Connection |
Remote Device |
Remote Port |
Eth 1/1 |
10 GE Twinax – Server Port |
Chassis 1 FEX A |
Port 1 |
Eth 1/2 |
10 GE Twinax – Server Port |
Chassis 1 FEX A |
Port 2 |
Eth 1/3 |
10 GE Twinax – Server Port |
Chassis 1 FEX A |
Port 3 |
Eth 1/4 |
10 GE Twinax – Server Port |
Chassis 1 FEX A |
Port 4 |
Eth 1/9 |
10 GE Twinax – Port Channel |
Cisco 9396 A |
Eth 1/9 |
Eth 1/10 |
10 GE Twinax – Port Channel |
Cisco 9396 B |
Eth 1/9 |
Eth 1/13 |
10 GE Twinax – Server Port |
Cisco 2232 A |
Port 29 |
Eth 1/14 |
10 GE Twinax – Server Port |
Cisco 2232 A |
Port 30 |
Eth 1/21 |
Fibre – FCoE |
VNX SPA-A3 |
Port 0 |
Eth 1/22 |
Fibre – FCoE |
VNX SPB-B3 |
Port 0 |
Mgmt 0 |
1 GE – RJ-45 |
Management switch |
Any |
L1 |
1 GE – RJ-45 |
Cisco 6248 B |
L1 |
L2 |
1 GE – RJ-45 |
Cisco 6248 B |
L2 |
Table 8 Cisco 6248 Fabric Interconnect B Cabling Information
Local Port |
Connection |
Remote Device |
Remote Port |
Eth 1/1 |
10 GE Twinax – Server Port |
Chassis 1 FEX B |
Port 1 |
Eth 1/2 |
10 GE Twinax – Server Port |
Chassis 1 FEX B |
Port 2 |
Eth 1/3 |
10 GE Twinax – Server Port |
Chassis 1 FEX B |
Port 3 |
Eth 1/4 |
10 GE Twinax – Server Port |
Chassis 1 FEX B |
Port 4 |
Eth 1/9 |
10 GE Twinax – Port Channel |
Cisco 9396 A |
Eth 1/10 |
Eth 1/10 |
10 GE Twinax – Port Channel |
Cisco 9396 B |
Eth 1/10 |
Eth 1/13 |
10 GE Twinax – Server Port |
Cisco 2232 B |
Port 29 |
Eth 1/14 |
10 GE Twinax – Server Port |
Cisco 2232 B |
Port 30 |
Eth 1/21 |
Fibre – FCoE |
VNX SPA-A3 |
Port 1 |
Eth 1/22 |
Fibre – FCoE |
VNX SPB-B3 |
Port 1 |
Mgmt 0 |
1 GE – RJ-45 |
Management switch |
Any |
L1 |
1 GE – RJ-45 |
Cisco 6248 A |
L1 |
L2 |
1 GE – RJ-45 |
Cisco 6248 A |
L2 |
The following section provides a detailed procedure for configuring the Cisco Nexus 9396 switches for use in a Cisco and EMC with Microsoft Private Cloud environment. Follow these steps precisely; failure to do so could result in an improper configuration.
Before you begin, identify the following information in Table 9 .
Table 9 Cisco Nexus Management Information
Item |
Value |
Nexus A Switch name |
|
Nexus B Switch name |
|
Nexus A mgmt0 IP / netmask |
|
Nexus B mgmt0 IP / netmask |
|
Mgmt 0 gateway |
|
NTP Server IP |
|
vPC domain ID |
|
These steps provide details for the initial Cisco Nexus 9396 Switch setup.
On initial boot and connection to the serial or console port of the switch, the NX-OS setup should automatically start.
---- System Admin Account Setup ----
Do you want to enforce secure password standard (yes/no) [y]: yes
Enter the password for “admin”: <adminpassword>
Confirm the password for “admin”: <adminpassword>
---- Basic System Configuration Dialog VDC: 1 ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
Please register Cisco Nexus9000 Family devices promptly with your
supplier. Failure to register may affect response times for initial
service calls. Nexus9000 devices must be registered to receive
entitled support services.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): yes
Create another login account (yes/no) [n]: no
Configure read-only SNMP community string (yes/no) [n]: no
Configure read-write SNMP community string (yes/no) [n]: no
Enter the switch name : <NexusA_switch_Name>
Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]: yes
Mgmt0 Ipv4 address : <NexusA_Mgmt0_IPV4_Address>
Mgmt0 Ipv4 netmask : <Mgmt0_IPV4_Netmask>
Configure the default gateway? (yes/no) [y]: yes
Ipv4 address of the default gateway : <Default_Gateway_Address>
Configure advanced IP options? (yes/no) [n]: no
Enable the telnet service? (yes/no) [n]: no
Enable the ssh service? (yes/no) [y]: yes
Type of ssh key you would like to generate (dsa/rsa) [rsa]: rsa
Number of rsa key bits <1024-2048> [1024]: 1024
Configure the ntp server? (yes/no) [n]: yes
NTP server Ipv4 address : <NTP_IPV4_Address>
Configure default interface layer (L3/L2) [L2]: L3
Configure default switchport interface state (shut/noshut) [noshut]: noshut
Configure CoPP system profile (strict/moderate/lenient/dense/skip) [strict]: strict
The following configuration will be applied:
password strength-check
switchname NexusA_switch_Name
vrf context management
ip route 0.0.0.0/0 Default_Gateway_Address
exit
no feature telnet
ssh key rsa 1024 force
feature ssh
ntp server NTP_IPV4_Address
no system default switchport
no system default switchport shutdown
copp profile strict
interface gmt.
ip address NexusA_Mgmt0_IPV4_Address Mgmt0_IPV4_NetMask>
no shutdown
Would you like to edit the configuration? (yes/no) [n]: no
Use this configuration and save it? (yes/no) [y]: yes
2014 Aug 22 20:44:45 <NexusA_switch_Name> %$ VDC-1 %$ %COPP-2-COPP_POLICY: Contro
l-Plane is protected with policy copp-system-p-policy-strict.
[########################################] 100%
Copy complete.
User Access Verification
NexusA_switch_Name login:
On initial boot and connection to the serial or console port of the switch, the NX-OS setup should automatically start.
---- System Admin Account Setup ----
Do you want to enforce secure password standard (yes/no) [y]: yes
Enter the password for “admin”: <adminpassword>
Confirm the password for “admin”: <adminpassword>
---- Basic System Configuration Dialog VDC: 1 ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
Please register Cisco Nexus9000 Family devices promptly with your
supplier. Failure to register may affect response times for initial
service calls. Nexus9000 devices must be registered to receive
entitled support services.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): yes
Create another login account (yes/no) [n]: no
Configure read-only SNMP community string (yes/no) [n]: no
Configure read-write SNMP community string (yes/no) [n]: no
Enter the switch name : <NexusB_switch_Name>
Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]: yes
Mgmt0 Ipv4 address : <NexusB_Mgmt0_IPV4_Address>
Mgmt0 Ipv4 netmask : <Mgmt0_IPV4_Netmask>
Configure the default gateway? (yes/no) [y]: yes
Ipv4 address of the default gateway : <Default_Gateway_Address>
Configure advanced IP options? (yes/no) [n]: no
Enable the telnet service? (yes/no) [n]: no
Enable the ssh service? (yes/no) [y]: yes
Type of ssh key you would like to generate (dsa/rsa) [rsa]: rsa
Number of rsa key bits <1024-2048> [1024]: 1024
Configure the ntp server? (yes/no) [n]: yes
NTP server Ipv4 address : <NTP_IPV4_Address>
Configure default interface layer (L3/L2) [L2]: L3
Configure default switchport interface state (shut/noshut) [noshut]: noshut
Configure CoPP system profile (strict/moderate/lenient/dense/skip) [strict]: strict
The following configuration will be applied:
password strength-check
switchname NexusB_switch_Name
vrf context management
ip route 0.0.0.0/0 Default_Gateway_Address
exit
no feature telnet
ssh key rsa 1024 force
feature ssh
ntp server NTP_IPV4_Address
no system default switchport
no system default switchport shutdown
copp profile strict
interface gmt.
ip address NexusB_Mgmt0_IPV4_Address Mgmt0_IPV4_NetMask>
no shutdown
Would you like to edit the configuration? (yes/no) [n]: no
Use this configuration and save it? (yes/no) [y]: yes
2014 Aug 22 20:44:45 <NexusB_switch_Name> %$ VDC-1 %$ %COPP-2-COPP_POLICY: Contro
l-Plane is protected with policy copp-system-p-policy-strict.
[########################################] 100%
Copy complete.
User Access Verification
NexusB_switch_Name login:
These steps provide details for enabling Cisco Nexus features and setting global configurations.
1. Enter global configuration mode
2. Enable necessary features
3. Configure spanning tree defaults
4. Configure timezone
5. Save the running configuration to the start-up configuration
configure terminal
feature lacp
feature udld
feature vpc
spanning-tree port type network default
spanning-tree port type edge bpduguard default
spanning-tree port type edge bpdufilter default
clock timezone PST -8 00
copy running-config startup-config
Note: If using daylight saving time or summer time, use the following command to configure the time offset.
clock summer-time PST
These steps provide details for creating the necessary VLANs.
1. Enter global configuration mode
2. Define required VLANs
3. Save the running configuration to the start-up configuration
4. Validate the entry
configure terminal
vlan <MGMT VLAN ID>
name Mgmt
exit
vlan <Live Migration VLAN ID>
name LiveMigration
exit
vlan <CSV VLAN ID>
name CSV
exit
vlan <SMB VLAN ID>
name SMB
exit
vlan <SC-access VLAN ID>
name SC-Access
exit
vlan <SC-database VLAN ID>
name SC-database
exit
vlan <T1-access VLAN ID>
name T1-access
exit
copy running-config startup-config
Validate the results of the entered commands by using the show vlan command.
show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Eth1/1, Eth1/2, Eth1/3, Eth1/4
Eth1/5, Eth1/6, Eth1/7, Eth1/8
Eth1/9, Eth1/10, Eth1/11
Eth1/12, Eth1/13, Eth1/14
Eth1/15, Eth1/16, Eth1/17
Eth1/18, Eth1/19, Eth1/20
Eth1/21, Eth1/22, Eth1/23
Eth1/24, Eth1/25, Eth1/26
Eth1/27, Eth1/28, Eth1/29
Eth1/30, Eth1/31, Eth1/32
Eth1/33, Eth1/34, Eth1/35
Eth1/36, Eth1/37, Eth1/38
Eth1/39, Eth1/40, Eth1/41
Eth1/42, Eth1/43, Eth1/44
Eth1/45, Eth1/46, Eth1/47
Eth1/48, Eth2/1, Eth2/2, Eth2/3
Eth2/4, Eth2/5, Eth2/6, Eth2/7
Eth2/8, Eth2/9, Eth2/10, Eth2/11
Eth2/12
10 Mgmt active
11 LiveMigration active
12 CSV active
17 SMB active
20 SC-access active
22 SC-database active
1000 T1-access active
VLAN Type Vlan-mode
---- ----- ----------
1 enet CE
10 enet CE
11 enet CE
12 enet CE
17 enet CE
20 enet CE
22 enet CE
1000 enet CE
Remote SPAN VLANs
-------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- --------------- -------------------------------------------
These steps provide details for adding individual port descriptions for troubleshooting activity and verification.
1. Place descriptions on the ports in use
2. Copy the running configuration to the start-up configuration
3. Validate the entry
interface Eth1/1
description <Nexus B:Eth1/1 Peer>
exit
interface Eth1/2
description <Nexus B:Eth1/2 Peer>
exit
interface Eth1/9
description <UCSM A:Eth1/9 PrtChnl>
exit
interface Eth1/10
description <UCSM B:Eth1/9 PrtChnl>
exit
interface Eth1/16
description <Northbound Uplink>
exit
interface Eth1/25
description <VNX-DM2:0 SMB>
exit
interface Eth1/26
description <VNX-DM3:0 SMB>
exit
copy running-config startup-config
Validate the results of the entered commands by using the show interface description command.
show interface description
---------------------------------------------------------------------
Interface Description
---------------------------------------------------------------------
mgmt0 --
---------------------------------------------------------------------
Port Type Speed Description
---------------------------------------------------------------------
Eth1/1 eth 10G Nexus B:Eth1/1 Peer
Eth1/2 eth 10G Nexus B:Eth1/2 Peer
Eth1/3 eth 10G --
Eth1/4 eth 10G --
Eth1/5 eth 10G --
Eth1/6 eth 10G --
Eth1/7 eth 10G --
Eth1/8 eth 10G --
Eth1/9 eth 10G UCSM A:Eth1/9 PrtChnl
Eth1/10 eth 10G UCSM B:Eth1/9 PrtChnl
Eth1/11 eth 10G --
Eth1/12 eth 10G --
Eth1/13 eth 10G --
Eth1/14 eth 10G --
Eth1/15 eth 10G --
Eth1/16 eth 10G Northbound Uplink
Eth1/17 eth 10G --
Eth1/18 eth 10G --
Eth1/19 eth 10G --
Eth1/20 eth 10G --
Eth1/21 eth 10G --
Eth1/22 eth 10G --
Eth1/23 eth 10G --
Eth1/24 eth 10G --
Eth1/25 eth 10G VNX-DM2:0 SMB
Eth1/26 eth 10G VNX-DM3:0 SMB
Eth1/27 eth 10G --
. . . . . .
. . . . . .
. . . . . .
Eth1/47 eth 10G --
Eth1/48 eth 10G --
Eth2/1 eth 40G --
Eth2/2 eth 40G --
Eth2/3 eth 40G --
Eth2/4 eth 40G --
Eth2/5 eth 40G --
Eth2/6 eth 40G --
Eth2/7 eth 40G --
Eth2/8 eth 40G --
Eth2/9 eth 40G --
Eth2/10 eth 40G --
Eth2/11 eth 40G --
Eth2/12 eth 40G --
1. Place descriptions on the ports in use
2. Copy the running configuration to the start-up configuration
3. Validate the entry
interface Eth1/1
description <Nexus A:Eth1/1 Peer>
exit
interface Eth1/2
description <Nexus A:Eth1/2 Peer>
exit
interface Eth1/9
description <UCSM A:Eth1/10 PrtChnl>
exit
interface Eth1/10
description <UCSM B:Eth1/10 PrtChnl>
exit
interface Eth1/16
description <Northbound Uplink>
exit
interface Eth1/25
description <VNX-DM2:1 SMB>
exit
interface Eth1/26
description <VNX-DM3:1 SMB>
exit
copy run start
Validate the results of the entered commands by using the show interface description command.
show interface description
---------------------------------------------------------------------
Interface Description
---------------------------------------------------------------------
mgmt0 --
---------------------------------------------------------------------
Port Type Speed Description
---------------------------------------------------------------------
Eth1/1 eth 10G Nexus A:Eth1/1 Peer
Eth1/2 eth 10G Nexus A:Eth1/2 Peer
Eth1/3 eth 10G --
Eth1/4 eth 10G --
Eth1/5 eth 10G --
Eth1/6 eth 10G --
Eth1/7 eth 10G --
Eth1/8 eth 10G --
Eth1/9 eth 10G UCSM A:Eth1/10 PrtChnl
Eth1/10 eth 10G UCSM B:Eth1/10 PrtChnl
Eth1/11 eth 10G --
Eth1/12 eth 10G --
Eth1/13 eth 10G --
Eth1/14 eth 10G --
Eth1/15 eth 10G --
Eth1/16 eth 10G Northbound Uplink
Eth1/17 eth 10G --
Eth1/18 eth 10G --
Eth1/19 eth 10G --
Eth1/20 eth 10G --
Eth1/21 eth 10G --
Eth1/22 eth 10G --
Eth1/23 eth 10G --
Eth1/24 eth 10G --
Eth1/25 eth 10G VNX-DM2:1 SMB
Eth1/26 eth 10G VNX-DM3:1 SMB
Eth1/27 eth 10G --
. . . . . .
. . . . . .
. . . . . .
Eth1/47 eth 10G --
Eth1/48 eth 10G --
Eth2/1 eth 40G --
Eth2/2 eth 40G --
Eth2/3 eth 40G --
Eth2/4 eth 40G --
Eth2/5 eth 40G --
Eth2/6 eth 40G --
Eth2/7 eth 40G --
Eth2/8 eth 40G --
Eth2/9 eth 40G --
Eth2/10 eth 40G --
Eth2/11 eth 40G --
Eth2/12 eth 40G --
These steps provide details for creating the necessary PortChannels between devices.
1. Create peer link and add ports
2. Create port channel link to UCS Fabric A
3. Create port channel link to UCS Fabric B
4. Copy the running configuration to the start-up configuration
5. Validate the entry
interface Po10
switchport
description vPC Peer-Link
exit
interface Eth1/1-2
switchport mode trunk
channel-group 10 mode active
no shutdown
exit
interface Po11
switchport
description <vPC 11>
exit
interface Eth1/9
switchport mode trunk
channel-group 11 mode active
no shutdown
exit
interface Po12
switchport
description <vPC 12>
exit
interface Eth1/10
switchport mode trunk
channel-group 12 mode active
no shutdown
exit
copy running-config startup-config
Validate the results of the entered commands by using the show port-channel summary command.
show port-channel summary
Flags: D – Down P – Up in port-channel (members)
I – Individual H – Hot-standby (LACP only)
s – Suspended r – Module-removed
S – Switched R – Routed
U – Up (port-channel)
M – Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
10 Po10(SU) Eth LACP Eth1/1(P) Eth1/2(P)
11 Po11(SD) Eth LACP Eth1/9(s)
12 Po12(SD) Eth LACP Eth1/10(s)
1. Create peer link and add ports
2. Create port channel link to UCS Fabric B
3. Create port channel link to UCS Fabric A
4. Copy the running configuration to the start-up configuration
5. Validate what was just entered
interface Po10
switchport
description vPC Peer-Link
exit
interface Eth1/1-2
switchport mode trunk
channel-group 10 mode active
no shutdown
exit
interface Po11
switchport
description <vPC 11>
exit
interface Eth1/9
switchport mode trunk
channel-group 11 mode active
no shutdown
exit
interface Po12
switchport
description <vPC 11>
exit
interface Eth1/10
switchport mode trunk
channel-group 12 mode active
no shutdown
exit
copy running-config startup-config
Validate the results of the entered commands by using the show port-channel summary command.
show port-channel summary
Flags: D – Down P – Up in port-channel (members)
I – Individual H – Hot-standby (LACP only)
s – Suspended r – Module-removed
S – Switched R – Routed
U – Up (port-channel)
M – Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
10 Po10(SU) Eth LACP Eth1/1(P) Eth1/2(P)
11 Po11(SD) Eth LACP Eth1/9(s)
12 Po12(SD) Eth LACP Eth1/10(s)
These steps provide details for adding PortChannel configurations.
1. Make the peer link a switchport, configure the allowed VLANs, and bring it up
2. Make the first port channel a switchport, configure the allowed VLANs, and bring it up
3. Make the second port channel a switchport, configure the allowed VLANs, and bring it up
4. Set MTU to 9216 to support jumbo frames
5. Copy the running configuration to the start-up configuration
6. Validate the entry
interface Po10
switchport mode trunk
switchport trunk allowed vlan <Default VLAN ID, MGMT VLAN ID, CSV VLAN ID, LiveMigration VLAN ID, SMB VLAN ID, SC-access VLAN ID, SC-database VLAN ID, T1-access VLAN ID >
spanning-tree port type network
no shutdown
exit
interface Po11
switchport mode trunk
switchport trunk allowed vlan <Default VLAN ID, MGMT VLAN ID, CSV VLAN ID, LiveMigration VLAN ID, SMB VLAN ID, SC-access VLAN ID, SC-database VLAN ID, T1-access VLAN ID >
spanning-tree port type edge trunk
mtu 9216
no shutdown
exit
interface Po12
switchport mode trunk
switchport trunk allowed vlan <Default VLAN ID, MGMT VLAN ID, CSV VLAN ID, LiveMigration VLAN ID, SMB VLAN ID, SC-access VLAN ID, SC-database VLAN ID, T1-access VLAN ID >
spanning-tree port type edge trunk
mtu 9216
no shutdown
exit
copy running-config startup-config
Validate the results of the entered commands by using the show running-config port-channel command.
show running-config interface port-channel 10-12
!Command: show running-config interface port-channel10-12
!Time: Wed Sep 3 19:00:07 2014
version 6.1(2)I2(1)
interface port-channel10
description vPC Peer-Link
switchport
switchport mode trunk
switchport trunk allowed vlan 1,10-12,17,20,22,1000
spanning-tree port type network
interface port-channel11
description vPC 11
switchport
switchport mode trunk
switchport trunk allowed vlan 1,10-12,17,20,22,1000
spanning-tree port type edge trunk
mtu 9216
interface port-channel12
description vPC 12
switchport
switchport mode trunk
switchport trunk allowed vlan 1,10-12,17,20,22,1000
spanning-tree port type edge trunk
mtu 9216
These steps provide details for configuring virtual PortChannels (vPCs)
1. Define the vPC domain and define keep alive with Cisco Nexus 9396 B
2. Define Po10 as the peer link
3. Define Po11 as vPC 11
4. Define Po12 as vPC 12
5. Copy the running configuration to the start-up configuration
6. Validate the entry
vpc domain <Nexus vPC domain ID>
role priority 10
peer-keepalive destination <Nexus B mgmt0 IP> source <Nexus A mgmt0 IP> vrf management
peer-switch
peer-gateway
delay restore 150
auto-recovery
exit
interface Po10
vpc peer-link
exit
interface Po11
vpc 11
exit
interface Po12
vpc 12
exit
copy running-config startup-config
Validate the results of the entered commands by using the show vpc brief command.
show vpc brief
Legend:
(*) – local vPC is down, forwarding via vPC peer-link
vPC domain id : 222
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 2
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po10 up 1,10-12,17,20,22,1000
vPC status
---------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
11 Po11 down* Not Consistency Check Not -
Applicable Performed
12 Po12 down* Not Consistency Check Not -
Applicable Performed
1. Define the vPC domain and define keep alive with Nexus 9396 A
2. Define Po10 as the peer link
3. Define Po11 as vPC 11
4. Define Po12 as vPC 12
5. Copy the running configuration to the start-up configuration
6. Validate the entry
vpc domain <Nexus vPC domain ID>
role priority 20
peer-keepalive destination <Nexus A mgmt0 IP> source <Nexus B mgmt0 IP>
peer-switch
peer-gateway
delay restore 150
auto-recovery
exit
interface Po10
vpc peer-link
exit
interface Po11
vpc 11
exit
interface Po12
vpc 12
exit
copy running-config startup-config
Validate the results of the entered commands by using the show vpc brief command.
show vpc brief
Legend:
(*) – local vPC is down, forwarding via vPC peer-link
vPC domain id : 222
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po10 up 1,10-12,17,20,100,1000
vPC status
---------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
11 Po11 down* Not Consistency Check Not -
Applicable Performed
12 Po12 down* Not Consistency Check Not -
Applicable Performed
1. Activate ports to be used for SMB communication
2. Allow SMB VLAN on the interface
interface eth1/25
no shut
switchport access vlan 17
exit
interface eth1/26
no shut
switchport access vlan 17
exit
Depending on the available network infrastructure, several methods and features can be used to uplink the private cloud environment. If an existing Cisco Nexus environment is present, Cisco recommends using vPCs to uplink the Cisco Nexus 9396 switches included in the private cloud environment into the infrastructure. The previously described procedures can be used to create an uplink vPC to the existing environment.
These steps provide examples of how to configure Hot Standby Router Protocol (HSRP). These steps need to be repeated for each IP subnet to be routed within the Nexus switches. If routing is provided outside the Cisco Nexus 9396, these steps are not needed.
1. Select VLAN to enable
2. Specify IPv4 address of interface
3. Specify unique HSRP group number and virtual IPv4 address
4. Enable DHCP relay by specifying configured DHCP server IPv4 address
5. Repeat for all VLANs, assigning different HSRP group to each VLAN
6. Copy running configuration to start-up configuration
7. Validate the entry
vlan 10
interface Vlan10
ip address 192.168.10.253/24
hsrp 10
preempt delay minimum 240
priority 100
timers 1 3
ip 192.168.10.1
exit
ip dhcp relay address <DHCP server IPv4 address>
no shutdown
exit
--- REPEAT FOR EACH VLAN ---
copy running-config startup-config
Validate the results of the entered commands by using the show hsrp brief command.
show hsrp brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan10 1 100 P Active local unknown 192.168.10.1 (conf)
1. Select VLAN to enable
2. Specify IPv4 address of interface
3. Specify HSRP group and virtual IPv4 address, matching group number to share virtual IPv4 address
4. Enable DHCP relay by specifying configured DHCP server IPv4 address
5. Repeat for all VLANs, assigning different group to each VLAN
6. Copy running configuration to start-up configuration
7. Validate the entry
vlan 10
interface Vlan10
no shutdown
ip address 192.168.10.254/24
hsrp 10
preempt delay minimum 240
priority 101
timers 1 3
ip 192.168.10.1
exit
ip dhcp relay address <DHCP server IPv4 address>
exit
--- REPEAT FOR EACH VLAN ---
copy running-config startup-config
Validate the results of the entered commands by using the show hsrp brief command.
show hsrp brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Vlan10 1 101 P Standby 192.168.10.253 local 192.168.10.1 (conf)
Initial configuration and implementation of an EMC VNX5400 is covered in detail from the EMC documentation library. This is accessible at https://mydocs.emc.com/VNX/ and select Install VNX, using the VNX5400 series as the installation type. Installation documentation covers all areas from unpacking VNX storage components, installing in rack, provisioning power requirements, and physical cabling.
When physically installed, the VNX should include the Disk Processing Enclosure (DPE) and two additional Disk Array Enclosures (DAEs), cabled as shown in Figure 4.
Figure 4 Cabling Diagram for VNX5400 with 2 DAE
To complete software setup of the VNX array, it will be necessary to configure system connectivity including the creation of an Administrative user for the VNX array. The following worksheets (also found in the Installation documentation) list all required information, and can be used to facilitate the initial installation.
With your network administrator, determine the IP addresses and network parameters you plan to use with the storage system, and record the information on the following worksheet. You must have this information to set up and initialize the system. The VNX5400 array is managed through a dedicated LAN port on the Control Station and each storage processor. These ports must share a subnet with the host you use to initialize the system. After initialization, any host on the same network and with a supported browser can manage the system through the management ports. This information can be recorded in Table 10 .
Table 10 IPV4 Management Port Information
|
IP Address |
Subnet Mask |
Gateway |
CSO (optional) |
|
|
|
SP A |
|
|
|
SP B |
|
|
|
Note: Do not use 128.221.1.248 through 128.221.1.255, 192.168.1.1, or 192.168.1.2 for an Ipv4 address.
While it is possible to implement Ipv6 settings for the VNX array, the Fast Track implementation does not require it, and it is not implemented.
It is possible to more fully configure management IP addresses for the VNX5400 array. Table 11 lists some of the addresses you can optionally configure.
Table 11 Optional Control Station LAN Settings
Field |
Value |
Comments |
CSO Primary hostname |
|
|
DNS domain |
|
|
Primary DNS Server |
|
|
Secondary DNS Server |
|
|
NTP Server |
|
|
Time Zone |
|
|
An administrative user account is required to be set for the array, and this account can be later utilized for executing NaviSecCLI commands, ass well as for the ESI PowerShell environment used to provision LUNs from storage pools, and map those LUNs to hosts. Information required is outlined in the following table.
Table 12 Login Information for the Storage System Administrator
Field |
Description |
Value |
Username |
nasadmin (default) |
Passwords are default and should be changed during installation or from within Unisphere. |
Password |
nasadmin (default) |
It is also necessary at this time to install the NaviSecCLI command line interface from a supported Windows client environment. The client should have network access to the VNX5400 array for both HTTP/HTTPS access and for remote NaviSecCLI command execution.
Installation media for the NaviSecCLI utility, as well as ESI, are available by download at http://support.emc.com. The current version of the media should always be utilized. Installation of the utility is implemented through the typical application installation process for Windows-based systems.
After array installation, it is possible to connect to the VNX5400 array through the Unisphere graphical user interface at the IP address assigned to either SP-A, SP-B, or the control station. |
|
After entering appropriate login credentials, the Unisphere home page will be presented, providing an overview of the VNX5400 storage array. Summary alerts and errors will be visible as well as full management capabilities for all array features. |
World-wide Node Name (WWNN), World-wide Port Names (WWPN), and SP-Ports will be needed for various configuration tasks. They can be easily retrieved from the Unisphere console. There is a single WWNN for the VNX5400 array, but each fibre channel port used for access has its own unique WWPN. Use the following table to record the WWNN, WWPNs, and SP-Ports for your environment.
Table 13 Optional Control Station LAN Settings
Field |
Value |
SP-Port |
WWNN |
|
|
SPA-<FCoE A module>-<port> WWPN |
|
|
SPA-<FCoE A module>-<port> WWPN |
|
|
SPB-<FCoE B module>-<port> WWPN |
|
|
SPB-<FCoE B module>-<port> WWPN |
|
|
This information can be obtained through Unisphere, NaviSecCli, or ESI.
Navigate to Settings > Network > Settings for Block in Unisphere.
|
Below is an example for obtaining the WWPNs from the connections to the VNX5400. It may be necessary to provide additional parameters, for login, password and scope options. The example below returns configuration information for all ports configured within the array. This includes both Fiber Channel ports, and iSCSI targets. The WWPN for any given Fiber Channel port is derived from the last half of the SP UID entry. The first half of the SP UID is the WWNN entry. As an example, the WWPN of Port 0 on SP-A Port ID 1 is 50:06:01:61:08:60:26:1B.
C:\> naviseccli -address <<IP Address of SP-A or SP-B>> -User <<Admin user>> -Password <<Admin user password>> -Scope 0 port -list –sp
Information about each SPPORT:
SP Name: SP A
SP Port ID: 0
SP UID: 50:06:01:60:88:60:26:1B:50:06:01:60:08:60:26:1B
Link Status: Down
Port Status: DISABLED
Switch Present: NO
SP Name: SP A
SP Port ID: 1
SP UID: 50:06:01:60:88:60:26:1B:50:06:01:61:08:60:26:1B
Link Status: Down
Port Status: DISABLED
Switch Present: NO
SP Name: SP A
SP Port ID: 2
SP UID: 50:06:01:60:88:60:26:1B:50:06:01:62:08:60:26:1B
Link Status: Up
Port Status: Online
Switch Present: YES
Switch UID: 20:01:54:7F:EE:4A:D0:C1:20:1B:54:7F:EE:4A:D0:C0
SP Source ID: 13763311
SP Name: SP A
SP Port ID: 3
SP UID: 50:06:01:60:88:60:26:1B:50:06:01:63:08:60:26:1B
Link Status: Up
Port Status: Online
Switch Present: YES
Switch UID: 20:01:54:7F:EE:49:E9:C1:20:1B:54:7F:EE:49:E9:C0
SP Source ID: 3935983
- - -
(report truncated)
From the Windows Server system on which you have installed EMC Storage Integrator issue the following PowerShell cmdlets: $creds = Get-EmcStorageSystemCredential In the Add Storage System window enter the following information: System Type – VNX Friendly Name – Short name for the storage system that is unique across different storage systems Block-Username – Username for the storage system Block-Password – Password for the storage system SPA’s IP Address – IP address of SP A SPB’s IP Address – IP address of SP B Block Port Number - Control station port number. The default port is automatically selected. If the field is empty, you can leave it blank to use the default port. CIFS-Username – Control station username for CIFS storage system CIFS-Password – Control station password for CIFS storage system CIFS IP Address - IP address of the control station CIFS Port Number - Control station port number. The default port is automatically selected. You can leave it empty to use the default port. Add Host Key If Missing - Select this checkbox when adding a VNX-CIFS system for the first time to ESI 3.0. ESI uses Secure Shell (SSH) to establish a connection with the VNX control station, which uses the storage system host key for authentication. After adding the system the first time, ESI stores the host key and then you can choose to clear this checkbox. Replace Host Key If Changed - If you add the system with this setting, ESI always accepts the new host key data, and updates the key. Even if the host key data does not match from the previous connection, ESI connects and updates the key. |
|
When all the information is entered, click the Test Connection box. If you do not receive a Test connection succeeded notification, fix the problems and try again. When the test connection has succeeded, click OK to continue. |
|
Issue this PowerShell cmdlet to connect to the storage system using the credentials entered in the previous steps. |
Connect-EmcSystem $creds |
When you have successfully connected to the storage system, the following commands will display the WWNN and WWPN for the ports on the selected module. This example is showing module 3 on both SPA and SPB.
$targetports = Get-EmcTargetPort
$targetports | Where {$_.PortLocation -like "*Module 3*"} | fl PortLocation, @{Expression={$_.Wwn.tostring().substring(0,23)};Label="WWNN"},
@{Expression={$_.Wwn.tostring().substring(24)};Label="WWPN"}
PortLocation : SP A I/O Module 3 Port 0
WWNN : 50:06:01:60:88:60:26:1B
WWPN : 50:06:01:66:08:60:26:1B
PortLocation : SP A I/O Module 3 Port 1
WWNN : 50:06:01:60:88:60:26:1B
WWPN : 50:06:01:67:08:60:26:1B
PortLocation : SP B I/O Module 3 Port 0
WWNN : 50:06:01:60:88:60:26:1B
WWPN : 50:06:01:6E:08:60:26:1B
PortLocation : SP B I/O Module 3 Port 1
WWNN : 50:06:01:60:88:60:26:1B
WWPN : 50:06:01:6F:08:60:26:1B
To use ESI features as documented with the Fast Track architecture, perform the following installation procedure.
Note: ESI does not install on a client operating system. If it is to be used, it must be installed on a Windows Server installation.
u Perform the following steps on the EMC Management virtual machine. |
|
Obtain a copy of the Windows Server 2012 R2 source files. The source files can be found on the installation media in the “\sources\sxs” folder
|
|
Install .Net Framework 3.5 using the source files from the previous step. From PowerShell run the following command: Add-WindowsFeature Net-Framework-Core -Source E:\sources\sxs
|
|
Install the Windows PowerShell 2.0 Engine Add-WindowsFeature PowerShell-V2
|
|
Run the EMC Storage Integrator (x64) installer and accept the License Agreement
|
|
Select the following components: · Core (with Windows & Hyper-V Adapters) · ESI PowerShell Toolkit · ESI Service · EMC VNX Adapter Click Next |
|
Click Install. |
|
Click Finish. |
u Perform the following steps on the EMC Management configuration workstation. |
|
From PowerShell command window run: Get-EmcStorageSystemCredential | Connect-EmcSystem When prompted choose the appropriate System Type: · “VNX” for a Unified System · “VNX-Block” for a block only system Enter the credentials and IP address information. If available, select Add host Key If Missing Click Test Connection to make sure connectivity |
|
Click OK following the test connection results Click OK again to register the VNX storage array with ESI |
|
Resulting output from PowerShell |
The VNX5400 storage array provides two methods for configuring storage: RAID Groups and Storage Pools. Two RAID groups and a single storage pool are utilized in the Private Cloud configuration. LUNs accessed through FCoE are subsequently created within the RAID groups and storage pool to satisfy the requirements of the Management Infrastructure, the Virtual Machines, and the applications and services which run within the environment. The following list shows how the disks are allocated.
· RAID Group (RAID1) – LUN Cloning is used for rapid deployment of the Operating System disks for the physical servers. Cloning requires that the LUN being cloned resides within a RAID group. A single RAID1 group comprised of two disks is created to hold the master boot LUN that will be used for cloning.
· RAID Group (RAID5) – Various LUNs for Fabric Management
- Individual LUNs for each Hyper-V host’s boot volume
- Cluster Shared Volume LUN
ù VHDX for SQL Server Analysis Services database and log files
ù VHDX for Virtual Machine Manager’s highly available library share
- Disk Witness LUN for Fabric Management Cluster
- Disk Witness LUN for Tenant Cluster
· Storage pool for SMB storage
- Share for virtual machine virtual hard disk and configuration storage
- Share for SQL Server data and log file storage
The two RAID groups and the storage pool are created from the Unisphere GUI.
From within the Storage > Storage Configuration > Storage Pools window in Unisphere, select the RAID Groups tab and click Create. In the Create Storage Pool window, make sure the radio button by RAID Group is selected. On the Raid Configuration dropdown list, select RAID1. In the Disk area, ensure the radio button by Automatic is selected. Click OK to create the RAID1 group. Repeat the process to create a five disk RAID5 group for creation of the rest of the LUNs. |
Virtual machine hard disks and SQL Server database and log files are stored on SMB shares provided by the Data Movers on the VNX5400 storage array. The storage requirement for the storage of the virtual machines is about 2.5 TB. The storage requirement for the storage of the SQL Server data is about 3.5 TB. Therefore, it is necessary to create a storage pool of at least 6 TB in size.
A single storage pool is used for both the Fabric Management and tenant storage requirements. You may want to configure a larger storage pool to accommodate the requirements of both environments at this. However, the size of the pool can be expanded at any time in the future.
Select the Pools tab and click Create. Accept the default RAID5 (4+1) selection from the RAID Configuration drop-down list. Select the Number of SAS Disks required to create the desired size storage pool. Click OK. Note: Depending on the particular storage configuration on the selected VNX5400 storage array, the number (and type) of disks may vary.
|
This solution requires the creation of several LUNs to be used for different purposes. These LUNs will be configured from the RAID Groups and Storage Pool.
· Master boot LUN from which other LUNs are cloned (50 GB) (RAID1)
· Disk Witness LUN for Fabric Management Cluster (1 GB) (RAID5)
· Disk Witness LUN for Tenant Cluster (1 GB) (RAID5)
· Cluster Shared Volume is used for two specific purposes in this solution (RAID5)
- Storage of the SQL Server Analysis Services database and log files (20 GB)
- Highly available VMM library (300 GB)
· SMB File System (at least 6 TB) (Storage Pool)
The private cloud environment implements a boot from SAN environment, using the concept of a Master Boot LUN. The Master Boot LUN is a storage area that will be used to maintain an image of a Windows Server 2012 R2 image to be used as a Clone source. This image should be configured as a base image to be used for subsequent installations, so all patching and custom configuration steps should be taken. For example, maybe a desired configuration setting is to make sure that all physical servers are able to be remotely managed. When the image is configured according to customer policy, the Microsoft sysprep utility can be run against this image to prepare it for use as a Clone. Make sure any Microsoft hotfixes listed in the software revision table have been applied before running sysprep.
Clones created from the Master Boot LUN will be presented to the physical servers defined by Service Profiles in the Cisco UCS environment. This style of deployment allows Service Profiles to be fully transportable between different physical blades as the boot device is external to the chassis, and also allows for multiple Master Boot images to be implemented providing support for different operating system versions or configurations which may need to be implemented over time.
Management of the boot LUN requires special consideration and needs to make sure that the LUN ID provided to the LUN as seen from the host is set to 0 (zero). The ESI (EMC Storage Integrator) PowerShell commands do not allow the manipulation of the LUN ID for devices presented to servers, and simply default to the sequential allocation of LUN IDs as implemented by the VNX array. As a result of this behavior, the boot LUN must be the first device that is mapped to the server (Cisco UCS service profile). If this is incorrectly implemented, then the wrong target will be selected for Windows boot operations on server power-up.
The following steps show how to create LUNs with Unisphere.
Master Boot LUN From the Storage > LUNs window, select Create. On the General tab, select the radio button by RAID Group. Select RAID1: Mirrored Pair from the RAID Type drop-down list. In User Capacity enter the value 60 GB. Select the radio button by Name and enter a descriptive name for the Master Boot LUN. Click Apply to start the creation. Agree to the confirmation windows that display. |
|
Repeat the above process to create the following LUNs selecting RAID Group for Storage Pool Type and RAID5: Distributed Parity (High Throughput) for RAID Type: · 20 GB LUN to be used by SQL Server Analysis Server · 300 GB SCVMM library · (2) 1 GB disk witness for two clusters that will be created. |
|
Create a single, large LUN from the storage pool. Make sure the radio button by Pool is selected and select the storage pool created earlier from the Storage Pool for new LUN drop-down list. Uncheck the box by Thin. Select MAX from the User Capacity drop-down list and provide a Name for the LUN. Click Apply. Click Cancel to close the Create LUN window after all LUNs have been created. |
As described, the ESI PowerShell commands are utilized for provisioning of the LUNs required within the environment, and assume that the storage pool creation outlined in the previous section have been completed. For this procedure, a single LUN is created, and is used to install a Windows Server 2012 R2 instance. This server instance subsequently will be processed with Windows sysprep, and be removed from the server. All compute nodes will then use a clone of the sysprep image, and will be customized as individual server instances.
Creation of all necessary LUNs within the Private Cloud environment can be executed with the PowerShell script ProcessStorageRequests.ps1 provided Appendix B. The defined XML configuration file is read by the PowerShell script. This XML configuration file contains five parameters. There are two classes that can be repeated multiple times. The XML class <luns> can be repeated multiple times to define multiple LUNs for a server. The <Server> class can be repeated to create multiple server records.
For the purpose of defining and creating the Master Boot LUN, it is recommended to create a unique XML configuration file that defines only this specific device. Later the format of the XML configuration file can be followed for creating multiple LUNs.
· <label> - the name that will be assigned to the LUN that is created
· <pool> - the storage pool from which the LUN will be created
· <size> - the size of the LUN (in GB) to be created
· <ServerName> - the name of the server that will be assigned the LUN that must match the Service Profile name in UCS Manager, including case. This name is also used for management purposes on the VNX array
· <IPAddress> - the management IP address of the server
In addition to the five parameters listed above that can be repeated, there are two other parameters that are defined only once. The <Array> parameter is the name of the VNX array. The <UCSAddress> parameter is the IP address for accessing the UCS management console. An example of the contents of a configuration is shown below for a configuration file called “CFG_STORAGE_LUNS.xml”.
<StorageParams>
<Servers>
<Server>
<ServerName>Initial-Build01</ServerName>
<IPAddress>10.29.130.21</IPAddress>
<luns>
<label>MasterBoot-2012R2</label>
<pool>RAID Group 0</pool>
<size>50GB</size>
</luns>
</Server>
</Servers>
<Array>VNX5400</Array>
<UCSAddress>10.5.177.10</UCSAddress>
</StorageParams>
This configuration file is read by the following sample PowerShell script to result in a LUN named MasterBoot-2012R2 of size 60 GB being created in the storage pool called Boot-LUNs.
#----------------------------------------------------------------------------------
# Filename: ProcessStorageRequests.ps1
# Description: Create LUNs based on xml file
#
#----------------------------------------------------------------------------------
#
# Uses an XML file with the following schema. This same schema is used by
# - PrepMastBoot-AddViaWWPN.ps1
# - Process Storage Requests.ps1
# - PostClone_AddViaWWPN.ps1
#
# <StorageParams>
# <Servers>
# <Server>
# <ServerName>Initial-Build01</ServerName>
# <IPAddress>10.29.130.21</IPAddress>
# <luns>
# <label>MasterBoot-2012R2</label>
# <pool>RAID Group 0</pool>
# <size>50GB</size>
# </luns>
# </Server>
# </Servers>
# <Array>VNX5400</Array>
# <UCSAddress>10.5.177.10</UCSAddress>
# </StorageParams>
#
#----------------------------------------------------------------------------------
$global:rootPath = Split-Path -Parent $MyInvocation.MyCommand.Path
$myxmlfile = $global:rootPath + "\CFG_STORAGE_LUNS.xml"
function ReadStorageConfig ([String]$filename) {
$xmlConfigFile = [xml](Get-Content $filename )
$global:StorageConfig = $xmlConfigFile.SelectSingleNode( '/StorageParams' )
}
ReadStorageConfig $myxmlfile
Import-Module ESIPSToolkit
function LUNExists {
param ($TGTLUN)
$Val = Get-EmcLUN $TGTLUN -Silent
if ($Val -eq $null) {return $false} else {return $true}
}
$StorageArray = get-EMCStorageSystem -ID $global:StorageConfig.Array -silent
if ($StorageArray -eq $null)
{
Write-Host "ERROR: Array" $Array "is not known or registered under that name."
exit 1
}
Update-EmcSystem $StorageArray
function createluns {
foreach ($entry in $global:StorageConfig.Servers.Server) {
foreach ($lun in $entry.luns) {
IF (LUNExists $lun.label)
{ Write-Host "LUN" $lun.label "already exists."}
else
{
# We need to create the LUN
write-host "Creating LUN" $lun.label
$pool = get-emcstoragepool $lun.pool
$Size = invoke-expression $lun.size
$NewLUN = New-EmcLun -Pool $pool -Name $lun.label -Capacity $Size -Description $lun.label
}
}
}
}
createluns
The execution of such a process is shown in the following figure.
Figure 5 Example Execution of Master Boot LUN Creation
The SMB file servers need to be joined to the Active Directory domain. DNS needs to be configured for the servers to find the Active Directory domain. In order to join the domain, the VNX must have a time that is within 5 minutes of the domain’s time (Kerberos requirement). Configuring NTP to the same time service to which the domain is synchronized helps ensure time synchronicity. The following steps illustrate how to configure DNS and NTP for the data movers.
In Unisphere, go to Settings > Network > Settings for File Select the DNS tab and click Create. |
|
Enter the appropriate DNS Domain name and the DNS server addresses separated by commas. Make sure the UDP radio button is selected. Click OK. |
|
Navigate to System > Hardware > Data Movers. Right-click the primary data mover and select Properties. |
|
Enter one (or more) IP addresses in the NTP Servers box. Click OK. |
The following steps describe how to configure the network interfaces to provide access to the SMB data movers.
Navigate to Settings > Network > Settings for File. Select the Interfaces tab and select Create.
|
|
Enter an IP Address on SMB subnet. Enter an interface Name for the device. Enter the appropriate value for the MTU. Click OK to continue. |
|
Repeat to create the second device. Make sure that you have selected the second device in the Device Name drop-down list. |
|
Refresh the Unisphere display to see the newly added interfaces. If your SMB network is on a different subnet from your Active Directory domain controller, you will need to add a route to allow access to the other subnet. |
|
Click the Routes tab. Click Create. |
|
In the Destination field enter the subnet for the Active Directory domain controller. In the Gateway field enter the gateway for the SMB subnet. In the Netmask field enter the appropriate subnet mask. Click OK. |
Click the Network Services tab. Select the CIFS service and click Enable. |
Navigate to Storage > LUNs. Right-click the LUN created earlier that is to be used for SMB storage. Select Add to Storage Group. |
|
Select ~filestorage in the Available Storage Groups column and click the arrow to move it to the Selected Storage Groups column. Click OK.
|
|
Navigate to Storage > Storage Configuration > Storage Pool for File. Click Rescan Storage Systems. A warning window will display. Click OK to proceed. |
|
Navigate to System > Monitoring and Alerts > Background Tasks for File to monitor the status of the rescan. Wait until the job completes successfully before proceeding (need to refresh the display to see the update). |
|
Navigate to Storage > Storage Configuration > Storage Pools for File to see the newly created storage pool. |
Navigate to Storage > Shared Folders > CIFS. Select the CIFS Servers tab and click Create.
|
|
For Server Type select the radio button by Active Directory Domain. Provide a Computer Name and NetBIOS Name. Enter the appropriate information necessary to join the Active Directory domain. Make sure the check boxes by the Interfaces are checked. Click OK. Note: To validate the join action, check Active Directory Users and Computers to make sure the array was properly added to the domain.
|
Navigate to Storage > Storage Configuration > File Systems. Click the File Systems tab and select Create. |
|
Enter a File System Name for the area to be used for storing the virtual machine hard disks. For Storage Capacity, assign a value of 2 TB. The rest of the defaults are acceptable. Click OK to continue. Repeat this step to create a second file system, FabMgmtSQL, for storing the SQL databases. Make it at least 3.5 TB in size. You can monitor the progress of the creation at System > Monitoring and Alerts > Background Tasks for File. When the task is complete, proceed to the next step. |
|
Navigate to Storage > Storage Configuration > File Systems. Select the Mounts tab. Right-click a Path you just created and select Properties. |
|
On the Mount Properties page make sure the following are selected: · Access-Checking Policy: NT – CIFS · Set Advanced Options · Direct Writes Enabled · CIFS Sync Writes Enabled
Note: Check your selections before clicking OK as the Access-Checking Policy will get reset when you select Set Advanced Options. Repeat for the other mount. |
|
The Continuous Availability option needs to be enabled for file shares targeted for Hyper-V or SQL Server use. To enable Continuous Availability, using an SSH client (like PuTTY) connect to the VNX control station as nasadmin. |
|
Run the ‘server_mount’ command against the primary datamover owning the newly created file systems. For example: server_mount server_2 |
|
Run the following commands to mount the file system with the Continuous Availability option: server_mount server_2 –o smbca FabMgmtVMs server_mount server_2 –o smbca FabMgmtSQL |
|
Run the following command to confirm the smbca option is enabled: server_mount server_2 |
|
Run the following commands to create two shares and export the share with the CA option on a specific CIFS server: server_export server_2 –P cifs –n FabMgmtVMs –o type=CA,netbios /FabMgmtVMs server_export server_2 –P cifs –n FabMgmtSQL –o type=CA,netbios /FabMgmtSQL server_export server_2 |
|
The SQL share needs special permissions. Run the following command to set the privileges properly. server_param server_2 -facility cifs -modify acl.mappingErrorAction -value 0xD |
Navigate to Storage > Shared Folders > CIFS. Right-click one of the shares and select Properties. |
|
Check the box for CIFS Servers. Optionally, enter a description for the share’s use. Click OK. Repeat for the other share. |
The following section provides a detailed procedure for configuring the Cisco Unified Computing System for use in a private cloud environment. These steps should be followed precisely because a failure to do so could result in an improper configuration.
Before you begin, identify the following information:
Table 14 Cisco UCS Manager Configuration Information
Item |
Value |
Node A Ipv4 mgmt0 address / netmask |
|
Node B Ipv4 mgmt0 address / netmask |
|
Default gateway address |
|
Cluster Ipv4 address |
|
DNS address |
|
Domain name |
|
These steps provide details for initial setup of the Cisco UCS 6248 fabric Interconnects.
1. Connect to the console port on the first Cisco UCS 6248 fabric interconnect.
2. At the prompt to enter the configuration method, enter console to continue.
3. If asked to either do a new setup or restore from backup, enter setup to continue.
4. Enter y to continue to set up a new fabric interconnect.
5. Enter y to enforce strong passwords.
6. Enter the password for the admin user.
7. Enter the same password again to confirm the password for the admin user.
8. When asked if this fabric interconnect is part of a cluster, answer y to continue.
9. Enter A for the switch fabric.
10. Enter the <cluster name> for the system name.
11. Enter the <Mgmt0 IPv4 address> address.
12. Enter the <Mgmt0 IPv4> netmask.
13. Enter the <default gateway Ipv4 address> of the default gateway.
14. Enter the <cluster IPv4 address>.
15. To configure DNS, answer y.
16. Enter the <DNS IPv4 address>.
17. Answer y to set up the default domain name.
18. Enter the <default domain name>.
19. Review the settings that were printed to the console, and if they are correct, answer yes to save the configuration.
20. Wait for the login prompt to make sure the configuration has been saved.
1. Connect to the console port on the second Cisco UCS 6248 fabric interconnect.
2. When prompted to enter the configuration method, enter console to continue.
3. The installer detects the presence of the partner fabric interconnect and adds this fabric interconnect to the cluster. Enter y to continue the installation.
4. Enter the admin password for the first fabric interconnect.
5. Enter the <Mgmt0 IPv4 address>.
6. Answer yes to save the configuration.
7. Wait for the login prompt to confirm that the configuration has been saved.
These steps provide details for logging into the Cisco UCS environment.
Open a Web browser and navigate to the Cisco UCS 6248 fabric interconnect cluster address. You will see a web page complaining about the website’s security certificate. Click Continue to this website (not recommended). |
|
If you use the PowerTool command you will receive a security warning. Click Continue to continue. |
|
You may receive a security warning about a trusted certificate because UCS uses a self-signed certificate by default. Click Accept to continue. |
|
Select the Launch UCS Manager link to download the Cisco UCS Manager software. If prompted to accept security certificates, accept as necessary. |
|
When prompted, enter admin for the username, enter the administrative password, and click Login to log in to the Cisco UCS Manager software.
|
|
Alternatively you can log into UCS and start the UCS Management GUI through PowerTool. From a PowerTool window execute these two commands. |
Connect-Ucs <IPaddress or DNS name> Start-UcsGuiSession |
These steps provide details for creating a block of KVM IP addresses for server access in the Cisco UCS environment.
Select the LAN tab at the top of the left window. Navigate to Pools > root > IP Pools > IP Pool ext-mgmt. Select Create Block of IPv4 Addresses. |
|
Enter the starting IP address of the block and number of IPs needed as well as the subnet and gateway information. Click OK to create the IP block. Click OK in the message box Note: This block of addresses must be on the same subnet as the management addresses assigned to the UCS Manager. |
Get-UcsOrg -Level root | Get-UcsIpPool -Name "ext-mgmt" -LimitScope | Add-UcsIpPoolBlock -DefGw “192.168.10.1” -From “192.168.10.5” -To “192.168.10.21”
These steps provide details for synchronizing the Cisco UCS environment to the NTP server.
Select the Admin tab at the top of the left window. Navigate to All > Timezone Management. In the right pane, select the appropriate timezone in the Timezone drop-down menu. Click Add NTP Server. |
|
Input the NTP server IP and click OK.
|
|
Click Save Changes and then OK. |
Add-UcsNtpServer -Descr "" -Name "192.168.20.93"
These steps provide details for modifying the chassis discovery policy as the base architecture includes two uplinks from each fabric extender installed in the Cisco UCS chassis.
Navigate to the Equipment tab in the left pane. In the right pane, click the Policies tab. Under Global Policies, set the Chassis/FEX Discovery Policy to 1 Link. Select the Port Channel radio button for the Link Grouping Preference. Click Save Changes in the bottom right corner. Note: Setting this policy to 1 Link helps ensure valid discovery of any configuration. In a later step when the chassis is re-acked, all valid links will be discovered and activated. |
Get-UcsOrg –Level root | Get-UcsChassisDiscoveryPolicy | Set-UcsChassisDiscoveryPolicy –Action “1-Link” –LinkAggregationPref “port-channel” –Force
These steps provide details for enabling server, uplinks port channels, and FCoE links.
Navigate to Equipment > Fabric Interconnects > Fabric Interconnect A (primary) > Fixed Module > Ethernet Ports. Select the first port that is connected to the Cisco UCS chassis. Right-click and select Configure as Server Port from the drop-down menu. A prompt displays asking if this is what you want to do. Click Yes, then OK to continue. Repeat for each server port on Fabric Interconnect A. Repeat for Fabric Interconnect B. Repeat for any ports connected to the Cisco 2232. Note: After a port is configured, you can select the port and select the option to Show Interface. This allows you to add a description, if you so desire. |
|
Continue working on Fabric Interconnect B. Select port 9 that is connected to the Cisco Nexus 9396 switches. Right-click and select Configure as Uplink Port from the drop-down menu. A prompt displays asking if this is what you want to do. Click Yes, then OK to continue. Repeat for port 10. Switch back to working on Fabric Interconnect A. Repeat for Fabric Interconnect A. Note: Unlike Server ports, the only way to add a description to an Uplink port is to use PowerTool |
Cisco UCS PowerTool can work on both fabrics when setting up server and uplink ports.
$var = Get-UcsFabricServerCloud –Id “A”
$var | Add-UcsServerPort -PortId 1 -SlotId 1 –UsrLbl “Blade Server Port”
$var | Add-UcsServerPort -PortId 2 -SlotId 1 –UsrLbl “Blade Server Port”
$var | Add-UcsServerPort -PortId 3 -SlotId 1 –UsrLbl “Blade Server Port”
$var | Add-UcsServerPort -PortId 4 -SlotId 1 –UsrLbl “Blade Server Port”
$var = Get-UcsFiLanCloud –Id “A”
$var | Add-UcsUplinkPort -PortId 9 -SlotId 1 –UsrLbl “Uplink Port Channel”
$var | Add-UcsUplinkPort -PortId 10 -SlotId 1 –UsrLbl “Uplink Port Channel”
$var = Get-UcsFabricServerCloud –Id “B”
$var | Add-UcsServerPort -PortId 1 -SlotId 1 –UsrLbl “Blade Server Port”
$var | Add-UcsServerPort -PortId 2 -SlotId 1 –UsrLbl “Blade Server Port”
$var | Add-UcsServerPort -PortId 3 -SlotId 1 –UsrLbl “Blade Server Port”
$var | Add-UcsServerPort -PortId 4 -SlotId 1 –UsrLbl “Blade Server Port”
$var = Get-UcsFiLanCloud –Id “B”
$var | Add-UcsUplinkPort -PortId 9 -SlotId 1 –UsrLbl “Uplink Port Channel”
$var | Add-UcsUplinkPort -PortId 10 -SlotId 1 –UsrLbl “Uplink Port Channel”
The Fibre Channel switching mode determines how the fabric interconnect behaves as a switching device between the servers and storage devices. The fabric interconnect operates in either of the following Fibre Channel switching modes:
· End-Host Mode – End-host mode allows the fabric interconnect to act as an end host to the connected fibre channel networks, representing all server (hosts) connected to it through vHBAs. End-host mode is synonymous with NPV mode. This is the default Fibre Channel Switching mode.
· Switch Mode – Switch mode is the traditional Fibre Channel switching mode. Switch mode allows the fabric interconnect to connect directly to a storage device.
This solution connects directly from the Cisco UCS fabric interconnects to the EMC VNX5400 storage array.
Note: When you change the FC Uplink Mode, both fabric interconnects will immediately reboot, resulting in a 10 to 15−minute outage.
Select the SAN tab in the navigation pane and select the top-level SAN node in the navigation tree. In the center pane, select the SAN Uplinks tab. Click the SAN Uplinks Manager link in the center pane. The SAN Uplinks Manager window appears. |
|
Click Set FC Switching Mode. The Set FC Switching Mode warning window will appear. Click Yes to proceed. Click OK to acknowledge the success of the action. Note: Both fabric interconnects will immediately reboot.
|
Get-UcsSanCloud | Set-UcsSanCloud -Mode "switch"
The following steps demonstrate the configuration of the links between the fabric interconnect and the storage array.
When the fabric interconnects are back in operation, log back in and select the Equipment tab in the navigation pane and select the top-level Equipment node in the navigation tree. Expand Fabric Interconnects > Fixed Module > Ethernet Ports Select port 21 that is connected to the EMC VNX array. Click Reconfigure, then select Configure as FCoE Storage Port from the drop-down menu. Click Yes in the pop-up window. Click OK on the success window. Repeat these steps for the other ports connected to the FCoE connections on the EMC VNX5400.
|
|
Optional, but recommended. Select one of the ports you just configured. In the main window select Show Interface. |
|
Enter a useful description, such as the storage connection. Click OK to update the record. Repeat for all the newly enabled FCoE ports. |
$storageCloudA = Get-UcsFabricFcStorageCloud -Id "A"
$storageCloudA | Add-UcsFcoeStoragePort -AdminState "enabled" -Name "" -PortId 21 -SlotId 1 -UsrLbl "FCoE SPA-A3-0"
$storageCloudA | Add-UcsFcoeStoragePort -AdminState "enabled" -Name "" -PortId 22 -SlotId 1 -UsrLbl "FCoE SPB-B3-0"
$storageCloudB = Get-UcsFabricFcStorageCloud -Id "B"
$storageCloudB | Add-UcsFcoeStoragePort -AdminState "enabled" -Name "" -PortId 21 -SlotId 1 -UsrLbl "FCoE SPA-A3-1"
$storageCloudB | Add-UcsFcoeStoragePort -AdminState "enabled" -Name "" -PortId 22 -SlotId 1 -UsrLbl "FCoE SPB-B3-1"
The connected chassis needs to be acknowledged before it can be managed by Cisco UCS Manager.
On the Equipment tab, select Chassis 1 in the left pane. Click Acknowledge Chassis. |
Cisco UCS Manager acknowledges the chassis and the blades servers in it. Do this for each chassis in your configuration.
Get-UcsChassis –Id 1 | Set-UcsChassis –AdminState “re-acknowledge”
These steps provide details for configuring the necessary PortChannels out of the Cisco UCS environment.
Select the LAN tab on the left of the window. Note: Two PortChannels are created, one from fabric A to both Cisco Nexus 9396 switches and one from fabric B to both Cisco Nexus 9396 switches. Under LAN Cloud, expand the Fabric A tree. Right-click Port Channels. Select Create Port Channel. |
|
Enter 11 as the unique ID of the PortChannel. Enter vPC-11 as the Name of the PortChannel. Click Next. |
|
Select the port with slot ID 1 and port 9 and also the port with slot ID 1 and port 10 to be added to the PortChannel. Click >> to add the ports to the PortChannel. Click Finish to create the PortChannel.
|
|
Select the newly created port channel. Wait a minute or so until the overall status of the port channel is Up. Repeat for Fabric B using 12 as the unique ID of the Port Channel and vpc-12 as the name. |
$var = Get-UcsFiLanCloud –Id A | Add-UcsUplinkPortChannel -PortId 11 –AdminState enabled -Name <vPC-11>
$var | Add-UcsUplinkPortChannelMember -PortId 9 -SlotId 1 –AdminState enabled
$var | Add-UcsUplinkPortChannelMember -PortId 10 -SlotId 1 –AdminState enabled
$var = Get-UcsFiLanCloud –Id B | Add-UcsUplinkPortChannel -PortId 12 –AdminState enabled –Name <vPC-12>
$var | Add-UcsUplinkPortChannelMember -PortId 9 -SlotId 1 –AdminState enabled
$var | Add-UcsUplinkPortChannelMember -PortId 10 -SlotId 1 –AdminState enabled
Every server that is provisioned in the Cisco Unified Computing System is specified by a service profile. A service profile is a software definition of a server and its LAN and SAN network connectivity In other words, a service profile defines a single server and its storage and networking characteristics. Service profiles are stored in the Cisco UCS 6200 Series Fabric Interconnects. When a service profile is deployed to a server, UCS Manager automatically configures the server, adapters, fabric extenders, and fabric interconnects to match the configuration specified in the service profile. This automation of device configuration reduces the number of manual steps required to configure servers, network interface cards (NICs), host bus adapters (HBAs), and LAN and SAN switches.
A service profile typically includes four types of information:
· Server definition: It defines the resources (for example, a specific server or a blade inserted to a specific chassis) that are required to apply to the profile.
· Identity information: Identity information includes the UUID, MAC address for each virtual NIC (vNIC), and WWN specifications for each HBA.
· Firmware revision specifications: These are used when a certain tested firmware revision is required to be installed or for some other reason a specific firmware is used.
· Connectivity definition: It is used to configure network adapters, fabric extenders, and parent interconnects, however this information is abstract as it does not include the details of how each network component is configured.
A service profile is created by the Cisco UCS server administrator. This service profile leverages configuration policies that were created by the server, network, and storage administrators. Server administrators can also create a Service profile template which can be later used to create Service profiles in an easier way. A service template can be derived from a service profile, with server and I/O interface identity information abstracted. Instead of specifying exact UUID, MAC address, and WWN values, a service template specifies where to get these values. For example, a service profile template might specify the standard network connectivity for a web server and the pool from which its interface's MAC addresses can be obtained. Service profile templates can be used to provision many servers with the same simplicity as creating a single one.
For a guide on configuring server-related policies, see:
These steps provide details for configuring an organization in the Cisco UCS environment. Organizations are used as a means to organize and restrict access to various groups within the IT organization, thereby enabling multi-tenancy of the compute resources.
This document assumes the use of an organization. When the organization is implemented, you must remember the search order UCS employs when searching for components. For example, when creating a template in a sub-organization, UCS will search first in the sub-organization to resolve a reference. If it does not find the reference there, it will search up through its parent tree, ending at root. A sub-organization cannot resolve a reference to an item that exists in a different peer sub-organization or child sub-organization.
From the New… menu at the top of the window, select Create Organization |
|
Enter a name for the organization. Enter a description for the organization (optional). Click OK. In the message box that displays, click OK. |
Add-UcsOrg –Org root –Name <sub-organization name> -Descr “<description>”
A MAC pool is a collection of network identities, or MAC addresses, that are unique in their Layer 2 environment and are available to be assigned to vNICs on a server. If you use MAC pools in service profiles, you do not have to manually configure the MAC addresses to be used by the server associated with the service profile.
In a system that implements multi-tenancy, you can use the organizational hierarchy to help ensure that MAC pools can only be used by specific applications or business services. Cisco UCS Manager uses the name resolution policy to assign MAC addresses from the pool.
To assign a MAC address to a server, you must include the MAC pool in a vNIC policy. The vNIC policy is then included in the service profile assigned to that server.
You can specify your own MAC addresses or use a group of MAC addresses provided by Cisco.
These steps provide details for configuring the necessary MAC address pool for the Cisco UCS environment.
Navigate to LAN > Pools > root > Sub-Organizations > FabMgmt > MAC Pools. Right-click and select Create MAC Pool to create the MAC address pool. Note: Depending on the desired configuration of MAC addresses, you can create multiple pools. You may want to consider creating different MAC pools for each vNIC template. This can facilitate management of NICs based upon MAC ranges. |
|
Enter <FabMgmt> for the name of the MAC pool. (Optional) Enter a description of the MAC pool. Click Next. |
|
Click Add. |
|
Specify a starting MAC address. Specify a size of the MAC address pool sufficient to support the available blade resources. Click OK, then click Finish. In the message box that displays, click OK. Create a separate MAC address pool for the Tenant VMs. |
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsMacPool -AssignmentOrder "sequential" -Descr "" -Name <"FabMgmt"> -PolicyOwner "local"
$mo | Add-UcsMacMemberBlock -From <"00:25:B5:FA:B0:00"> -To <"00:25:B5:FA:B0:3F">
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"Tenant-1"> -LimitScope | Add-UcsMacPool -AssignmentOrder "sequential" -Descr "" -Name <"Tenant-1"> -PolicyOwner "local"
$mo | Add-UcsMacMemberBlock -From <"00:25:B5:FA:B1:00"> -To <"00:25:B5:FA:B1:FF">
A WWN pool is a collection of World Wide Names for use by the Fibre Channel vHBAs in a Cisco UCS instance. You create separate pools for the following:
· WW node names assigned to the server
· WW port names assigned to the vHBA
Note: A WWN pool can include only WWNNs or WWPNs in the ranges from 20:00:00:00:00:00:00:00 to 20:FF:FF:FF:FF:FF:FF:FF or from 50:00:00:00:00:00:00:00 to 5F:FF:FF:FF:FF:FF:FF:FF. All other WWN ranges are reserved.
If you use WWN pools in service profiles, you do not have to manually configure the WWNs that will be used by the server associated with the service profile. In a system that implements multi-tenancy, you can use a WWN pool to control the WWNs used by each organization.
You assign WWNs to pools in blocks. For each block or individual WWN, you can assign a boot target.
· WWNN Pools – a WWNN pool is a WWN pool which contains only WW node names. If you include a pool of WWNNs in a service profile, the associated server is assigned a WWNN from that pool.
· WWPN Pools – a WWPN pool is a WWN pool which contains only WW port names. If you include a pool of WWPNs in a service profile, the port on each vHBA of the associated server is assigned a WWPN from that pool.
These steps provide details for configuring the necessary WWNN pools for the Cisco UCS environment.
Navigate to SAN > Pools > root > Sub-Organizations > FabMgmt > WWNN Pools. Right-click and select Create WWNN Pool.
|
|
Enter <FabMgmtWWNN> as the Name of the WWNN pool. (Optional) Add a description for the WWNN pool. Click Next to continue. |
|
Click Add to add a block of WWNN’s. The default is fine, modify if necessary. Specify a Size of the WWNN block sufficient to support the available blade resources. Click OK, the click Finish to proceed. Click OK to finish. |
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt>" -LimitScope | Add-UcsWwnPool -AssignmentOrder "sequential" -Descr "" -Name <"FabMgmtWWNN>" -PolicyOwner "local" -Purpose "node-wwn-assignment"
$mo | Add-UcsWwnMemberBlock -From <"20:00:00:25:B5:FF:FF:00"> -To <"20:00:00:25:B5:FF:FF:0F">
These steps provide details for configuring the necessary WWPN pools for the Cisco UCS environment. Two WWPN pools are created, one for fabric A and one for Fabric B.
Navigate to SAN > Pools > root > Sub-Organizations > FabMgmt > WWPN Pools. Right-click and select Create WWPN Pool.
|
|
Enter <FabMgmtWWPN-A> as the Name for the WWPN pool for fabric A. (Optional). Give the WWPN pool a description. Click Next. |
|
Click Add to add a block of WWPNs. Enter the starting WWPN in the From block for fabric A. Specify a Size of the WWPN block sufficient to support the available blade resources. Click OK. Click Finish to create the WWPN pool. Click OK. (Optional, but recommended) Repeat the above steps to create a pool for the B fabric. |
|
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsWwnPool -AssignmentOrder "sequential" -Descr "" -Name <"FabMgmtWWPN-A"> -PolicyOwner "local" -Purpose "port-wwn-assignment"
$mo | Add-UcsWwnMemberBlock -From <"20:00:00:25:B5:FF:FA:00"> -To <"20:00:00:25:B5:FF:FA:0F">
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsWwnPool -AssignmentOrder "sequential" -Descr "" -Name <"FabMgmtWWPN-B"> -PolicyOwner "local" -Purpose "port-wwn-assignment"
$mo | Add-UcsWwnMemberBlock -From <"20:00:00:25:B5:FF:FB:00"> -To <"20:00:00:25:B5:FF:FB:0F">
A UUID suffix pool is a collection of SMBIOS UUIDs that are available to be assigned to servers. The first number of digits that constitute the prefix of the UUID are fixed. The remaining digits, the UUID suffix, is variable. A UUID suffix pool helps ensure that these variable values are unique for each server associated with a service profile which uses that particular pool to avoid conflicts.
If you use UUID suffix pools in service profiles, you do not have to manually configure the UUID of the server associated with the service profile.
These steps provide details for configuring the necessary UUID suffix pools for the Cisco UCS environment.
Navigate to Servers > Pools > root > Sub-Organizations > FabMgmt > UUID Suffix Pools. Right-click and select Create UUID Suffix Pool. |
|
Name the UUID suffix pool <FabMgmtk>. (Optional) Give the UUID suffix pool a description. Leave the prefix at the derived option. Click Next to continue. |
|
Click Add to add a block of UUID’s The From field is fine at the default setting, or you can create a hexadecimal string that is unique for your environment. Specify a Size of the UUID block sufficient to support the available blade resources. Click OK, then click Finish to proceed. Click OK to finish. |
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsUuidSuffixPool -AssignmentOrder "sequential" -Descr "" -Name <"FabMgmt"> -PolicyOwner "local" -Prefix "derived"
$mo | Add-UcsUuidSuffixBlock -From <"FAB0-000000000001"> -To <"FAB0-000000000010" >
A server pool contains a set of servers. These servers typically share the same characteristics. Those characteristics can be their location in the chassis, or an attribute such as server type, amount of memory, local storage, type of CPU, or local drive configuration. You can manually assign a server to a server pool, or use server pool policies and server pool policy qualifications to automate the assignment.
If your system implements multi-tenancy through organizations, you can designate one or more server pools to be used by a specific organization. For example, a pool that includes all servers with two CPUs could be assigned to the Marketing organization, while all servers with 64 GB memory could be assigned to the Finance organization.
A server pool can include servers from any chassis in the system. A given server can belong to multiple server pools.
These steps provide details for configuring the necessary server pools for the Cisco UCS environment.
Navigate to Servers > Pools > root > Sub-Organizations > FabMgmt > Server Pools. Right-click and select Create Server Pool. |
|
Name the server pool <FabMgmt>. (Optional) Give the server pool a description. Click Next to continue to add servers.
|
|
Select the B200 servers to be added to the Fabric Management server pool. Click >> to add them to the pool. Click Finish, then select OK to finish. |
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsServerPool -Descr "" -Name <"FabMgmt"> -PolicyOwner "local"
$mo_1 = $mo | Add-UcsComputePooledSlot -ModifyPresent -ChassisId "1" -SlotId 1
$mo_2 = $mo | Add-UcsComputePooledSlot -ModifyPresent -ChassisId "1" -SlotId 2
$mo_3 = $mo | Add-UcsComputePooledSlot -ModifyPresent -ChassisId "1" -SlotId 3
$mo_4 = $mo | Add-UcsComputePooledSlot -ModifyPresent -ChassisId "1" -SlotId 4
A named VLAN creates a connection to a specific external LAN. The VLAN isolates traffic to that external LAN, including broadcast traffic.
The name that you assign to a VLAN ID adds a layer of abstraction that allows you to globally update all servers associated with service profiles that use the named VLAN. You do not need to reconfigure the servers individually to maintain communication with the external LAN.
You can create more than one named VLAN with the same VLAN ID. For example, if servers that host business services for HR and Finance need to access the same external LAN, you can create VLANs named HR and Finance with the same VLAN ID. Then, if the network is reconfigured and Finance is assigned to a different LAN, you only have to change the VLAN ID for the named VLAN for Finance.
In a cluster configuration, you can configure a named VLAN to be accessible only to one fabric interconnect or to both fabric interconnects.
These steps provide details for configuring the necessary VLANs for the Cisco UCS environment.
Navigate to LAN > LAN Cloud > VLANs. Right-click and select Create VLANs.
|
|
Enter <Mgmt> as the name of the VLAN to be used for management traffic. Keep the Common/Global option selected for the scope of the VLAN. Enter the <Mgmt VLAN ID> for the management VLAN. Keep the sharing type as none. Click OK. |
|
Repeat above steps to create the CSV, SMB, LiveMigration, SC-access, SC-database, and T1-access VLANs. |
|
$mo = Get-UcsLanCloud
$mo | Add-UcsVlan –Name <Mgmt> –Id <Mgmt VLAN ID>
$mo | Add-UcsVlan –Name <CSV> –Id <CSV VLAN ID>
$mo | Add-UcsVlan –Name <LiveMigration> –Id <LiveMigration VLAN ID>
$mo | Add-UcsVlan –Name <SMB> –Id <SMB VLAN ID>
$mo | Add-UcsVlan –Name <SC-access> –Id <SC-access VLAN ID>
$mo | Add-UcsVlan –Name <SC-database> –Id <SC-database VLAN ID>
$mo | Add-UcsVlan –Name <SC-SMB> –Id <SC-SMB VLAN ID>
$mo | Add-UcsVlan –Name <T1-access> –Id <T1-access VLAN ID>
Firmware management policies allow the administrator to select the corresponding packages for a given server configuration. These often include adapter, BIOS, board controller, FC adapters, HBA option ROM, and storage controller properties. For recommended best practices on configuring firmware policies see http://www.cisco.com/c/en/us/support/docs/servers-unified-computing/ucs-manager/110511-ucs-fw-mgmt-00.html.
These steps provide details for creating a firmware management policy for a given server configuration in the Cisco UCS environment. These steps show a very small sample as what is actually used in customer environments will likely vary from customer to customer.
Navigate to Servers > Policies > root > Sub-Organizations > FabMgmt > Host Firmware Packages. Right-click and select Create Host Firmware Package. |
|
Enter the name of the host firmware package for the corresponding server configuration. Two types of host firmware package are available. The simple option specifies all firmware based on a firmware version bundle. The Advanced option allows granular control of the firmware version for each device type. Select the Simple option unless granular firmware version control is required. The Blade package is for blade serves and the Rack Package is for rack serves. Select the Blade Package and Rack Package in the dropdown text boxes. Click OK to complete creating the host firmware package. Click OK. |
Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsFirmwareComputeHostPack -BladeBundleVersion "2.2(3a)B" -Descr "" -IgnoreCompCheck "yes" -Mode "staged" -Name "FabMgmt" -PolicyOwner "local" -RackBundleVersion "2.2(3a)C" -StageSize 0 -UpdateTrigger "immediate"
QoS policies assign a system class to the outgoing traffic for a vNIC or vHBA. This system class determines the quality of service for that traffic.
You must include a QoS policy in a vNIC policy or vHBA policy and then include that policy in a service profile to configure the vNIC or vHBA.
These steps provide details for enabling the quality of service in the Cisco UCS Fabric and setting Jumbo frames.
Navigate to LAN > LAN Cloud > QoS System Class. In the right pane, click the General tab On the Platinum, Gold, and Best Effort rows, type 9000 in the MTU boxes. Make sure the check box in the Enabled column is checked for each of these priorities. Click Save Changes in the bottom right corner. Click OK to continue. |
|
Navigate to LAN > Policies > Root > Sub-Organizations > FabMgmt > QoS Policies. Right-click and select Create QoS Policy. |
|
Enter <FabMgmt-SMB> as the QoS Policy name. Change the Priority to Platinum. Leave Burst (Bytes) set to 10240. Leave Rate (Kbps) set to line-rate. Leave Host Control set to None. Click OK twice to complete. |
|
Repeat to create a QoS policy for CSV. Right-click QoS Policies. Select Create QoS Policy. Enter <FabMgmt-CSV> as the QoS Policy name. Change the Priority to Gold. Leave Burst (Bytes) set to 10240. Leave Rate (Kbps) set to line-rate. Leave Host Control set to None. Click OK twice to complete. |
|
Repeat to create a QoS policy for LiveMigration. Right-click QoS Policies. Select Create QoS Policy. Enter <FabMgmt-LiveMig> as the QoS Policy name. Change the Priority to Best Effort. Leave Burst (Bytes) set to 10240. Leave Rate (Kbps) set to line-rate. Leave Host Control set to None. Click OK twice to complete. |
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsQosPolicy -Descr "" -Name <"FabMgmt-SMB"> -PolicyOwner "local"
$mo_1 = $mo | Add-UcsVnicEgressPolicy -ModifyPresent -Burst 10240 -HostControl "none" -Name "" -Prio "platinum" -Rate "line-rate"
Complete-UcsTransaction
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsQosPolicy -Descr "" -Name <"FabMgmt-CSV"> -PolicyOwner "local"
$mo_1 = $mo | Add-UcsVnicEgressPolicy -ModifyPresent -Burst 10240 -HostControl "none" -Name "" -Prio "gold" -Rate "line -rate"
Complete-UcsTransaction
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsQosPolicy -Descr "" -Name <"FabMgmt-LiveMig"> -PolicyOwner "local"
$mo_1 = $mo | Add-UcsVnicEgressPolicy -ModifyPresent -Burst 10240 -HostControl "none" -Name "" -Prio "best-effort" -Rate "line-rate"
Complete-UcsTransaction
These steps provide details for creating a Power Control Policy for the Cisco UCS environment.
Navigate to Servers > Policies > root > Sub-Organizations > FabMgmt > Power Control Policies. Right-click and select Create Power Control Policy |
|
Enter <No-Cap> as the power control policy Name. Change the Power Capping to No Cap. Click OK to complete creating the power control policy. Click OK twice to complete.
|
Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsPowerPolicy -Descr "" -Name <"No-Cap"> -PolicyOwner "local" -Prio "no-cap"
This policy determines what happens to local data on a server during the discovery process and when the server is disassociated from a service profile. This policy can help ensure that the data on local drives is erased at those times.
These steps provide details for creating a Scrub Policy for the Cisco UCS environment.
Navigate to Servers > Policies > root > Sub-Organizations > FabMgmt > Scrub Policies. Right-click and select Create Scrub Policy |
|
Enter <No-Scrub> as the scrub policy Name. Make sure the radio buttons are selecting No. Click OK twice to complete. |
Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsScrubPolicy -BiosSettingsScrub "no" -Descr "" -DiskScrub "no" -FlexFlashScrub "no" -Name <"No-Scrub"> -PolicyOwner "local"
This policy configures any optional SAS local drives that have been installed on a server through the onboard RAID controller of the local drive. This policy enables you to set a local disk mode for all servers that are associated with a service profile that includes the local disk configuration policy. The local disk modes include the following:
· Any Configuration – For a server configuration that carries forward the local disk configuration without any changes.
· No Local Storage – For a diskless workstation or a SAN only configuration. If you select this option, you cannot associate any service profile which uses this policy with a server that has a local disk.
· No RAID – For a server configuration that removes the RAID and leaves the disk MBR and payload unaltered.
· RAID Mirrored – For a 2-disk RAID 1 server configuration.
· RAID Stripes – For a 2-disk RAID 0 server configuration.
You must include this policy in a service profile, and that service profile must be associated with a server for it to take effect.
These steps provide details for creating a local disk configuration for the Cisco UCS environment, which is necessary if the servers in question do not have a local disk.
Note: This policy is recommended for cloud servers even if they do have local disks. Flexibility is a key component of clouds, so it is best to have configurations as loosely tied to physical hardware as possible. By not making provision for local disks and SAN booting, you help make sure that moving the profile to another system will not create an environment that will lose something as it moves.
Navigate to Servers > Policies > root > Sub-Organizations > FabMgmt > Local Disk Config Policies. Right-click and select Create Local Disk Configuration Policy. |
|
Enter <SAN-Boot> as the local disk configuration policy Name. Uncheck the Protect Configuration box. Change the Mode to Any Configuration. Click OK to complete creating the local disk configuration policy. Click OK. |
Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsLocalDiskConfigPolicy -Descr "" -FlexFlashRAIDReportingState "disable" -FlexFlashState "disable" -Mode "any-configuration" -Name <"SAN-Boot"> -PolicyOwner "local" -ProtectConfig "no"
This policy qualifies servers based on the inventory of a server conducted during the discovery process. The qualifications are individual rules that you configure in the policy to determine whether a server meets the selection criteria. For example, you can create a rule that specifies the minimum memory capacity for servers in a data center pool.
Qualifications are used in other policies to place servers, not just by the server pool policies. For example, if a server meets the criteria in a qualification policy, it can be added to one or more server pools or have a service profile automatically associated with it.
Depending upon the implementation, you may include server pool policy qualifications in the following policies:
· Autoconfiguration policy
· Chassis discovery policy
· Server discovery policy
· Server inheritance policy
· Server pool policy
These steps provide details for creating a server pool qualification policy for the Cisco UCS environment.
Navigate to Servers > Policies > root > Sub-Organizations > FabMgmt. > Server Pool Policy Qualification. Right-click and select Create Server Pool Policy Qualification. |
|
Enter <FabMgmt> as the name. Select Create Server PID Qualifications. |
|
Enter UCSB-B200-M4 as the Model (RegEx). Click OK to add this value to the server pool qualification policy. Click OK twice to complete. |
|
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsServerPoolQualification -Descr "" –Name <"FabMgmt"> -PolicyOwner "local"
$mo | Add-UcsServerModelQualification -Model "UCSB-B200-M4"
BIOS policy is a policy that automates the configuration of BIOS settings. You can create one or more BIOS policies which contain a specific grouping of BIOS settings that match the needs of a server or set of servers. If you do not specify a BIOS policy for a server, the default BIOS settings are applied to the server. However, these default BIOS settings can themselves be configured as per need. If a BIOS policy is specified, the policy takes precedence over the BIOS default settings.
Any change made to the default BIOS settings does not affect a server that has a BIOS policy associated with it because the BIOS policy takes precedence over the default BIOS settings. However, in the BIOS policy, if the user leaves the value as platform-default, the UCS manager refers to that particular platform’s BIOS defaults (Servers > Policies > BIOS Defaults), and uses the value specified in the BIOS defaults.
In such cases it is possible for a user to achieve the usage of both BIOS policy and BIOS defaults. This is required because some users might want to customize only a few settings in policy, and use BIOS default values for the rest of the settings.
For example, if the user creates a BIOS policy 'test-policy' and specifies these values:
· 'disabled' for Turbo boost
· 'platform-default' for Hyper Threading
And the BIOS defaults for the platform have these values:
· 'enabled ' for Turbo boost
· 'enabled' for Hyper Threading
The net effect of this is Turbo boost set as 'disabled' and Hyper Threading set as 'enabled'.
When a configuration change is made through a BIOS policy or through default BIOS settings, Cisco UCS Manager immediately pushes these changes to the CIMC buffer. These changes take effect only after the server is rebooted.
These steps provide details for creating a server BIOS policy for the Cisco UCS environment.
Navigate to Servers > Policies > root> Sub-Organizations > FabMgmt > BIOS Policies. Right-click and select Create BIOS Policy. |
|
Enter <FabMgmt> as the BIOS policy Name. Optionally enter a description. Change the Quiet Boot property to disabled. Change the Post Error Pause property to disabled. Change the Resume Ac On Power Loss setting to last-state. Change the Front Panel Lockout property to disabled. See following panels for other recommended BIOS settings. Click Finish to complete creating the BIOS policy. Click OK. |
|
Recommended Processor settings. Note: Hyper Threading setting should generally be enabled. But there are some applications that run more efficiently if the Hyper Threading setting is disabled. If you have applications running in VMs whose performance is impacted by having a hyper-threaded core instead of a full core, you should disable Hyper Threading.
|
|
Recommended Intel Directed IO settings. |
|
Recommended RAS Memory settings.
|
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsBiosPolicy -Descr "Hyper-V with SMT enabled" -Name <"FabMgmt"> -PolicyOwner "local" -RebootOnUpdate "no"
$trash = $mo | Set-UcsBiosVfCPUPerformance -VpCPUPerformance "enterprise"
$trash = $mo | Set-UcsBiosVfCoreMultiProcessing -VpCoreMultiProcessing "platform-default"
$trash = $mo | Set-UcsBiosVfDirectCacheAccess -VpDirectCacheAccess "enabled"
$trash = $mo | Set-UcsBiosVfDramRefreshRate -VpDramRefreshRate "platform-default"
$trash = $mo | Set-UcsBiosEnhancedIntelSpeedStep -VpEnhancedIntelSpeedStepTech "disabled"
$trash = $mo | Set-UcsBiosExecuteDisabledBit -VpExecuteDisableBit "enabled"
$trash = $mo | Set-UcsBiosVfFrontPanelLockout -VpFrontPanelLockout "disabled"
$trash = $mo | Set-UcsBiosHyperThreading -VpIntelHyperThreadingTech "enabled"
$trash = $mo | Set-UcsBiosTurboBoost -VpIntelTurboBoostTech "enabled"
$trash = $mo | Set-UcsBiosIntelDirectedIO -VpIntelVTDATSSupport "platform-default" -VpIntelVTDCoherencySupport "platform-default" -VpIntelVTDInterruptRemapping "platform-default" -VpIntelVTDPassThroughDMASupport "platform-default" -VpIntelVTForDirectedIO "enabled"
$trash = $mo | Set-UcsBiosVfIntelVirtualizationTechnology -VpIntelVirtualizationTechnology "enabled"
$trash = $mo | Set-UcsBiosVfLocalX2Apic -VpLocalX2Apic "platform-default"
$trash = $mo | Set-UcsBiosLvDdrMode -VpLvDDRMode "performance-mode"
$trash = $mo | Set-UcsBiosVfMaxVariableMTRRSetting -VpProcessorMtrr "platform-default"
$trash = $mo | Set-UcsBiosVfMirroringMode -VpMirroringMode "platform-default"
$trash = $mo | Set-UcsBiosNUMA -VpNUMAOptimized "enabled"
$trash = $mo | Set-UcsBiosVfPOSTErrorPause -VpPOSTErrorPause "disabled"
$trash = $mo | Set-UcsBiosVfProcessorCState -VpProcessorCState "disabled"
$trash = $mo | Set-UcsBiosVfProcessorC1E -VpProcessorC1E "disabled"
$trash = $mo | Set-UcsBiosVfProcessorC3Report -VpProcessorC3Report "disabled"
$trash = $mo | Set-UcsBiosVfProcessorC6Report -VpProcessorC6Report "disabled"
$trash = $mo | Set-UcsBiosVfProcessorC7Report -VpProcessorC7Report "disabled"
$trash = $mo | Set-UcsBiosVfQuietBoot -VpQuietBoot "disabled"
$trash = $mo | Set-UcsBiosVfResumeOnACPowerLoss -VpResumeOnACPowerLoss "last-state"
$trash = $mo | Set-UcsBiosVfSelectMemoryRASConfiguration -VpSelectMemoryRASConfiguration "platform-default"
$trash = $mo | Set-UcsBiosVfSerialPortAEnable -VpSerialPortAEnable "platform-default"
$trash = $mo | Set-UcsBiosVfSparingMode -VpSparingMode "platform-default"
Complete-UcsTransaction
Navigate to Servers > Policies > root > Sub-Organizations > FabMgmt > vNIC/HBA Placement Policies. Right-click and select Create Placement Policy. |
|
Enter the Name <AssignedOnly >. Click in the first row under Selection Preference and select Assigned Only. Click OK. |
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope |Add-UcsPlacementPolicy -Descr "" -MezzMapping "linear-ordered" -Name <"AssignedOnly"> -PolicyOwner "local"
$trash = $mo | Add-UcsFabricVCon -ModifyPresent -Fabric "NONE" -Id "1" -InstType "auto" -Placement "physical" -Select "assigned-only" -Share "shared" -Transport "ethernet","fc"
$trash = $mo | Add-UcsFabricVCon -ModifyPresent -Fabric "NONE" -Id "2" -InstType "auto" -Placement "physical" -Select "all" -Share "shared" -Transport "ethernet","fc"
$trash = $mo | Add-UcsFabricVCon -ModifyPresent -Fabric "NONE" -Id "3" -InstType "auto" -Placement "physical" -Select "all" -Share "shared" -Transport "ethernet","fc"
$trash = $mo | Add-UcsFabricVCon -ModifyPresent -Fabric "NONE" -Id "4" -InstType "auto" -Placement "physical" -Select "all" -Share "shared" -Transport "ethernet","fc"
Complete-UcsTransaction
VMQ distributes the computational workload associated with virtual machine network traffic across multiple cores in the Hyper-V host. The Cisco VIC supports up to 256 queues per server and a maximum of 128 queues per eNIC. The VMQ queue value should be configured based on the expected number of synthetic NICs in all VMs that are bound to the Hyper-V switch that is bound to the adapter, plus 2. The extra 2 queues are for the default queue and a queue for the eNIC itself.
The value configured for the number of VMQ’s should be equal to or greater than the number of required queues, but should not exceed the maximum number supported by the Cisco VIC.
The following table lists the VMQ configuration for this deployment.
Name |
Value |
Mgmt |
12 |
SC-access |
50 |
SC-database |
50 |
SMB |
10 |
The number of configured interrupts should be equal to or greater than the number of logical CPU cores in the Hyper-V host.
Navigate to LAN > Policies > root > Sub-Organizations > FabMgmt > VMQ Connection Policies. Right-click and select Create VMQ Connection Policy. |
|
Enter a Name for the policy. Optionally enter a Description. Enter the desired Number of VMQs. Leave the default for Number of Interrupts. Click OK to create the policy. Repeat these steps for each policy to be created. |
Get-UcsOrg -Level root | Get-UcsOrg -Name "FabMgmt" -LimitScope | Add-UcsVnicVmqConPolicy -Descr "Infrastructure management" -IntrCount 64 -Name "Mgmt" -PolicyOwner "local" -VmqCount 12
These steps provide details for creating multiple vNIC templates for the Cisco UCS environment.
Navigate to LAN > Policies > root > Sub-Organization > FabMgmt > vNIC Templates. Right-click and select Create vNIC Template. |
|
Enter <CSV> as the vNIC template Name. Check Fabric A. Check the Enable Failover box. Under target, unselect the VM box. Select Updating Template as the Template Type. Under VLANs, select <CSV>. Set Native VLAN. Under MTU, set to 9000. Under MAC Pool, select <FabMgmt>. For QoS Policy, select <FabMgmt-CSV> For Connection Policies, leave as Dynamic. Click OK to complete creating the vNIC template |
Repeat the above steps to create a template for each of the vNIC templates shown in the following table.
Name |
Fabric |
Failover |
Updating Template |
VLAN |
Native |
MTU |
MAC Pool |
QoS Policy |
Connection Policy - VMQ |
CSV |
A |
Y |
Y |
CSV |
Y |
9000 |
FabMgmt |
FabMgmt-CVS |
|
LiveMigration |
A |
Y |
Y |
LiveMigration |
Y |
9000 |
FabMgmt |
FabMgmt-LiveMig |
|
Mgmt |
A |
Y |
Y |
Mgmt |
Y |
1500 |
FabMgmt |
|
Mgmt |
SMB |
A |
Y |
Y |
SMB |
Y |
9000 |
FabMgmt |
FabMgmt-SMB |
SMB |
SC-access |
B |
Y |
Y |
SC-access |
N |
1500 |
FabMgmt |
|
SC-access |
SC-database |
B |
Y |
Y |
SC-database |
N |
1500 |
FabMgmt |
|
SC-database |
SC-SMB |
B |
Y |
Y |
SMB |
N |
9000 |
FabMgmt |
|
SMB |
T1-access |
B |
Y |
Y |
T1-access |
N |
1500 |
FabMgmt |
|
SC-access |
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsVnicTemplate -Descr "" -IdentPoolName <"FabMgmt"> -Mtu 9000 -Name <"CSV"> -NwCtrlPolicyName "" -PinToGroupName "" -PolicyOwner "local" -QosPolicyName <"FabMgmt-CSV"> -StatsPolicyName "default" -SwitchId "A-B" -TemplType "updating-template"
$mo_1 = $mo | Add-UcsVnicInterface -ModifyPresent -DefaultNet "yes" -Name <"CSV">
Complete-UcsTransaction
The following format shows an additional cmdlet for Templates specifying a VMQ Connection Policy
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsVnicTemplate -Descr "" -IdentPoolName <"FabMgmt"> -Mtu 1500 -Name <"Mgmt"> -NwCtrlPolicyName "" -PinToGroupName "" -PolicyOwner "local" -QosPolicyName "" -StatsPolicyName "default" -SwitchId "A-B" -TemplType "updating-template"
$mo_1 = $mo | Add-UcsVnicInterface -ModifyPresent -DefaultNet "yes" -Name <"Mgmt">
$mo_2 = $mo | Add-UcsVnicVmqConPolicyRef -ModifyPresent -ConPolicyName "Mgmt"
Complete-UcsTransaction
A named VSAN creates a connection to a specific external SAN. The VSAN isolates traffic to that external SAN, including broadcast traffic. The traffic on one named VSAN knows that the traffic on another named VSAN exists, but cannot read or access that traffic.
Like a named VLAN, the name that you assign to a VSAN ID adds a layer of abstraction that allows you to globally update all servers associated with service profiles that use the named VSAN. You do not need to reconfigure the servers individually to maintain communication with the external SAN. You can create more than one named VSAN with the same VSAN ID.
In a cluster configuration, a named VSAN can be configured to be accessible only to the FC uplinks on one fabric interconnect or to the FC Uplinks on both fabric interconnects.
These steps provide details for creating named VSANs for a given server configuration in the Cisco UCS environment.
Navigate to SAN > Storage Cloud -> Fabric A > VSANs in the navigation tree. Right-click and select Create Storage VSAN.
|
|
Enter the name you are assigning to this VSAN. Select the Enabled radio button for FC Zoning. Select the Fabric A radio button. Enter a value for the VSAN ID and the FCoE VLAN. Click OK to add the VSAN. Click OK on the success window. Repeat for a VSAN on Fabric B using the values assigned for Fabric B.
|
Get-UcsFabricFcStorageCloud -Id "A" | Add-UcsVsan -FcZoneSharingMode "coalesce" -FcoeVlan 101 -Id 101 -Name "VSAN-A" -PolicyOwner "local" -ZoningState "enabled"
Get-UcsFabricFcStorageCloud -Id "B" | Add-UcsVsan -FcZoneSharingMode "coalesce" -FcoeVlan 102 -Id 102 -Name "VSAN-B" -PolicyOwner "local" -ZoningState "enabled"
The following steps demonstrate the assigning VSANs to specific FCoE storage ports.
Navigate to Equipment > Fabric Interconnects > Fabric Interconnect A > Fixed Module > Ethernet Ports. Click port 21 (the port assigned to the FCoE connection). Click the VSAN drop-down list and select the appropriate VSAN. Click Save Changes in the lower right-hand corner of the screen. Click OK on the success window that pops up. Repeat these steps for all other ports connected to the FCoE connections on the EMC VNX5400, placing the Fabric A VSANs on the Fabric A ports and the Fabric B VSANs on the Fabric B ports. |
$storageCloudA = Get-UcsFabricFcStorageCloud -Id "A"
$storageCloudA | Get-UcsVsan -Name <"VSAN-A"> | Add-UcsVsanMemberFcoePort -ModifyPresent -AdminState "enabled" -Name "" -PortId 21 -SlotId 1 -SwitchId "A"
$storageCloudA | Get-UcsVsan -Name <"VSAN-A"> | Add-UcsVsanMemberFcoePort -ModifyPresent -AdminState "enabled" -Name "" -PortId 22 -SlotId 1 -SwitchId "A"
$storageCloudB = Get-UcsFabricFcStorageCloud -Id "B"
$storageCloudB | Get-UcsVsan -Name <"VSAN-B"> | Add-UcsVsanMemberFcoePort -ModifyPresent -AdminState "enabled" -Name "" -PortId 21 -SlotId 1 -SwitchId "B"
$storageCloudB | Get-UcsVsan -Name <"VSAN-B"> | Add-UcsVsanMemberFcoePort -ModifyPresent -AdminState "enabled" -Name "" -PortId 22 -SlotId 1 -SwitchId "B"
These steps provide details for creating a vHBA template each for fabric A and fabric B for the Cisco UCS environment.
Navigate to SAN > Policies > root > Sub-Organizations > FabMgmt > vHBA Templates. Right-click and select Create vHBA Template. |
|
Enter <FCoE-A> as the vHBA template Name. Select Fabric A. Select VSAN-A from the drop-down list. Under Template Type select Updating Template. Under WWPN Pool, select <FabMgmtWWPN-A>. Click OK to complete creating the vHBA template. Click OK. |
|
Right-click vHBA Templates. Select Create vHBA Template. Enter <FCoE-B> as the vHBA template Name. Select Fabric B. Select VSAN-B from the drop-down list. Under Template Type select Updating Template. Under WWPN Pool, select <FabMgmtWWPN-B>. Click OK to complete creating the vHBA template. Click OK. |
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsVhbaTemplate -Descr "" -IdentPoolName <"FabMgmtWWPN-A"> -MaxDataFieldSize 2048 -Name <"FCoE-A"> -PinToGroupName "" -PolicyOwner "local" -QosPolicyName "" -StatsPolicyName "default" -SwitchId "A" -TemplType "updating-template"
$mo_1 = $mo | Add-UcsVhbaInterface -ModifyPresent -Name "default"
Complete-UcsTransaction
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsVhbaTemplate -Descr "" -IdentPoolName <"FabMgmtWWPN-B"> -MaxDataFieldSize 2048 -Name <"FCoE-B"> -PinToGroupName "" -PolicyOwner "local" -QosPolicyName "" -StatsPolicyName "default" -SwitchId "B" -TemplType "updating-template"
$mo_1 = $mo | Add-UcsVhbaInterface -ModifyPresent -Name "default"
Complete-UcsTransaction
The storage connection policy contains a collection of target storage ports on storage arrays that you use to configure Cisco UCS local Fibre Channel zoning. You can create this policy underneath an organization or an initiator group. This policy is known as a Fibre Channel storage connection policy in Cisco UCS Manager.
You add vHBA initiator groups to a storage connection policy through the Fibre Channel target endpoints.
The storage arrays in these zones must be directly connected to the fabric interconnects. The target storage ports on these arrays that you include in the storage connection policy can be either Fibre Channel storage ports or FCoE storage ports. You use the WWN of a port to add it to the policy and to identify the port for the Fibre Channel zone.
These steps provide details for creating the storage connection policies for the Cisco UCS environment. Three different policies will be created. The first is created with a single path to the storage array to allow for the initial installation of Windows Server. Windows Server will not install properly if it finds multiple paths to its boot LUN. When the installation is completed and MPIO is installed within the operating system, Windows Server will recognize multiple paths to its storage. The next two policies will define the connection for each fabric.
Navigate to SAN > Policies > root > Sub-Organizations > FabMgmt > Storage Connection Policies. Right-click and select Create Storage Connection Policy.
|
|
INITIAL BUILD Enter a meaning Name for the storage connection policy. (Optional) Enter a Description of the purpose of this policy. For Zoning Type select the radio button by Single Initiator Single Target. Click the icon to create the FC Target Endpoint. |
|
Enter the WWPN for the array port you will be targeting. (Optional) Provide a Description. Select the appropriate fabric Path. Select VSAN-A for the VSAN. Click OK three times to create the connection policy. |
|
FABRIC A Repeat the steps to get to the Create Storage Connection Policy window. Enter a descriptive Name for the policy. (Optional) Enter a Description for the policy. For Zoning Type select the radio button by Single Initiator Multiple Targets. Click the icon to create the first FC Target Endpoint.
|
|
Enter the first WWPN for the array port you will be targeting. (Optional) Provide a Description. Select A for the fabric Path. Select VSAN-A for the VSAN. Click OK to add this endpoint to the connection policy. |
|
Click the icon to create a second FC Target Endpoint.
|
|
Enter the second WWPN for the array port you will be targeting. (Optional) Provide a Description. Select the same fabric Path as for the previous endpoint. Select VSAN-A for the VSAN. Click OK three times to create the connection policy. |
|
FABRIC B Repeat the steps to create a second Single Initiator Multiple Targets storage connection policy for the Fabric B connection policy using VSAN-B. |
|
Upon completion, you should have three storage connection policies that look something like this. |
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsStorageConnectionPolicy -Descr <"Used for initial installation of Windows Server - no MPIO"> -Name <"Initial-Build"> -PolicyOwner "local" -ZoningType "sist"
$mo_1 = $mo | Add-UcsStorageFcTargetEp -Descr <"SPA-A3-0"> -Path "A" -Targetwwpn <"50:06:01:66:08:60:26:1B">
$mo_1_1 = $mo_1 | Add-UcsStorageVsanRef -ModifyPresent -Name "default"
Complete-UcsTransaction
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsStorageConnectionPolicy -Descr <"SPA-A3-0 and SPB-B3-0"> -Name <"FCoE-A"> -PolicyOwner "local" -ZoningType "simt"
$mo_1 = $mo | Add-UcsStorageFcTargetEp -Descr <"SPA-A3-0"> -Path "A" -Targetwwpn <"50:06:01:66:08:60:26:1B">
$mo_1_1 = $mo_1 | Add-UcsStorageVsanRef -ModifyPresent -Name "default"
$mo_2 = $mo | Add-UcsStorageFcTargetEp -Descr <"SPB-B3-0"> -Path "A" -Targetwwpn <"50:06:01:6E:08:60:26:1B">
$mo_2_1 = $mo_2 | Add-UcsStorageVsanRef -ModifyPresent -Name "default"
Complete-UcsTransaction
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsStorageConnectionPolicy -Descr <"SPA-A3-1 and SPB-B3-1"> -Name <"FCoE-B"> -PolicyOwner "local" -ZoningType "simt"
$mo_1 = $mo | Add-UcsStorageFcTargetEp -Descr <"SPA-A3-1"> -Path "B" -Targetwwpn <"50:06:01:67:08:60:26:1B">
$mo_1_1 = $mo_1 | Add-UcsStorageVsanRef -ModifyPresent -Name "default"
$mo_2 = $mo | Add-UcsStorageFcTargetEp -Descr <"SPB-B3-1"> -Path "B" -Targetwwpn <"50:06:01:6F:08:60:26:1B">
$mo_2_1 = $mo_2 | Add-UcsStorageVsanRef -ModifyPresent -Name "default"
Complete-UcsTransaction
The boot policy determines the following:
· Configuration of the boot device
· Location from which the server boots
· Order in which boot devices are invoked
For example, you can choose to have associated servers boot from a local device, such as a local disk or CD-ROM (VMedia), or you can select a SAN boot or a LAN (PXE) boot.
You must include this policy in a service profile, and that service profile must be associated with a server for it to take effect. If you do not include a boot policy in a service profile, the server uses the default settings in the BIOS to determine the boot order. These steps provide details for creating two boot policies for the Cisco UCS environment. The first policy will configure booting just from Fabric A to handle the initial installation of Windows Server. The second policy will configure the primary boot to be from SPA and secondary boot to be from SPB to be used for production deployment.
Values for the WWNNs should have been recorded earlier when you were performing the initial configuration of the VNX5400.
INITIAL BUILD Navigate to Servers > Policies > root > Sub-Organizations > FabMgmt > Boot Policies. Right-click and select Create Boot Policy.
|
|
Name the boot policy <Initial-Build>. (Optional) Give the boot policy a description. Make sure Reboot on Boot Order Change and Enforce vNIC/vHBA/iSCSI Name are unchecked. Leave Legacy radio button selected. Expand the Local Devices drop-down menu and select Add Local CD/DVD. Expand the vHBAs drop-down menu and select Add SAN Boot. |
|
Enter <FCoE-A> in the vHBA field in the Add SAN Boot window that displays. Make sure that Primary is selected as the Type. Click OK to add the SAN boot initiator |
|
Under the vHBA drop-down menu, select Add SAN Boot Target. |
|
Keep the value for Boot Target LUN as 0. Enter the WWPN for the primary FCoE adapter interface <SPA-A3-0> as the Boot Target WWPN. Keep the Type as Primary. Click OK to add the SAN boot target. |
|
Verify your configuration looks something like this. Click OK to create the boot policy. |
|
PRODUCTION BUILD Navigate to Servers > Policies > root > FabMgmt > Boot Policies. Right-click and select Create Boot Policy. Name the boot policy <FabMgmt-Boot>. (Optional) Give the boot policy a description. Make sure Reboot on Boot Order Change and Enforce vNIC/vHBA/iSCSI Name are unchecked. Leave Legacy radio button selected. Expand the Local Devices drop-down menu and select Add Local CD/DVD. Expand the vHBAs drop-down menu and select Add SAN Boot. |
|
Enter <FCoE-A> in the vHBA field in the Add SAN Boot window that displays. Make sure that Primary is selected as the Type. Click OK to add the SAN boot initiator |
|
Under the vHBA drop-down menu, select Add SAN Boot Target. |
|
Keep the value for Boot Target LUN as 0. Enter the WWPN for the primary FCoE adapter interface <SPA-A3-0> as the Boot Target WWPN. Keep the Type as Primary. Click OK to add the SAN boot target. |
|
Under the vHBA drop-down menu, select Add SAN Boot Target. |
|
Keep the value for Boot Target LUN as 0. Enter the WWPN for the primary FC adapter interface <SPB-B3-0> as the Boot Target WWPN. Select the Type as Secondary; it is the default and cannot be changed on the second entry. Click OK to add the SAN boot target. |
|
Select Add SAN Boot under the vHBA drop-down menu. |
|
Enter <FCoE-B> in the vHBA field in the Add SAN Boot window that displays. The type should automatically be set to Secondary and it should be grayed out. This is fine. Click OK to add the SAN boot target. |
|
Select Add SAN Boot Target under the vHBA drop-down menu. |
|
The Add SAN Boot Target window displays. Keep the value for Boot Target LUN as 0. Enter the WWPN for the secondary FC adapter interface <SPB-B3-1> as the Boot Target WWPN. Keep the Type as Primary. Click OK to add the SAN boot target. |
|
Under the vHBA drop-down menu, select Add SAN Boot Target. Keep the value for Boot Target LUN as 0. Enter the WWPN for the secondary FC adapter interface <SPA-A3-1> as the Boot Target WWPN. Select the Type as Secondary. Click OK to add the SAN boot target. |
|
Verify your configuration looks something like this. Click OK to create the boot policy. Click OK to dismiss the confirmation message.
|
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsBootPolicy -BootMode "legacy" -Descr "Used to boot without MPIO" -EnforceVnicName "no" -Name <"Initial-Build"> -PolicyOwner "local" -RebootOnUpdate "no"
$mo_1 = $mo | Add-UcsLsbootVirtualMedia -Access "read-only-local" -LunId 0 -MappingName "" -Order 1
$mo_2 = $mo | Add-UcsLsbootSan -ModifyPresent -Order 2
$mo_2_1 = $mo_2 | Add-UcsLsbootSanCatSanImage -Type "primary" -VnicName "FCoE-A"
$mo_2_1_1 = $mo_2_1 | Add-UcsLsbootSanCatSanImagePath -Lun 0 -Type "primary" -Wwn <"50:06:01:66:08:60:26:1B">
Complete-UcsTransaction
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name <"FabMgmt"> -LimitScope | Add-UcsBootPolicy -BootMode "legacy" -Descr "" -EnforceVnicName "no" -Name <"FabMgmt-Boot"> -PolicyOwner "local" -RebootOnUpdate "no"
$mo_1 = $mo | Add-UcsLsbootVirtualMedia -Access "read-only-local" -LunId 0 -MappingName "" -Order 1
$mo_2 = $mo | Add-UcsLsbootSan -ModifyPresent -Order 2
$mo_2_1 = $mo_2 | Add-UcsLsbootSanCatSanImage -Type "primary" -VnicName "FCoE-A"
$mo_2_1_1 = $mo_2_1 | Add-UcsLsbootSanCatSanImagePath -Lun 0 -Type "primary" -Wwn <"50:06:01:66:08:60:26:1B">
$mo_2_1_2 = $mo_2_1 | Add-UcsLsbootSanCatSanImagePath -Lun 0 -Type "secondary" -Wwn <"50:06:01:6E:08:60:26:1B">
$mo_2_2 = $mo_2 | Add-UcsLsbootSanCatSanImage -Type "secondary" -VnicName "FCoE-B"
$mo_2_2_1 = $mo_2_2 | Add-UcsLsbootSanCatSanImagePath -Lun 0 -Type "primary" -Wwn <"50:06:01:6F:08:60:26:1B">
$mo_2_2_2 = $mo_2_2 | Add-UcsLsbootSanCatSanImagePath -Lun 0 -Type "secondary" -Wwn <"50:06:01:67:08:60:26:1B">
Complete-UcsTransaction
With a service profile template, you can quickly create several service profiles with the same basic parameters, such as the number of vNICs and vHBAs, and with identity information drawn from the same pools. This helps ensure a consistent server configuration across all servers performing the same or similar functions.
These steps show the creation of two Service Profile Templates. The first template is what will be used to create the service profiles for all the Hyper-V hosts. The second template is created as a clone of the first. The boot policy is altered in the clone to enable the non-MPIO boot required for the initial installation of Windows Server.
Navigate to Servers > Service Profile Templates > root > Sub-Organizations > FabMgmt. Select Create Service Profile Template. |
|
The Create Service Profile Template window displays. Identify Service Profile Template Section. Name the service profile template <VMHost-Mgmt>. Select Updating Template. In the UUID section, select <FabMgmt> as the UUID pool. (Optional) Include a description of the purpose of this template. Click Next to continue to the Networking section. |
Leave the Dynamic vNIC Connection Policy field at the default. Select Expert for the How would you like to configure LAN connectivity? option. Click to add a vNIC to the template. |
|
The Create vNIC window displays. Name the vNIC <Mgmt>. Check the Use vNIC Template checkbox. Select <Mgmt> for the vNIC Template field. Select Windows in the Adapter Performance Policy field. Click OK to add the vNIC to the template. This returns you to the Networking window. Repeat for CSV, LiveMigration, SMB, SC-access, SC-database, SC-SMB, and T1-access vNICs. |
|
Verify: Review the table to make sure that all of the vNICs were created. Click Next to continue to the Storage section. |
Select the Local Storage policy defined earlier. Select Expert for the How would you like to configure SAN connectivity? question. Select the appropriate pool for WWNN Assignment. In the WWPN section, click to add the vHBAs to be used. |
|
Enter a value in the Name field. Select Use vHBA Template. Select the vHBA template created to boot from Fabric A from the vHBA Template drop-down list. Select Windows from the Adapter Policy drop-down list. Click OK to accept the values entered. Repeat to add the FCoE-B vHBA. Click Next on the Storage Section to continue to the Zoning section. |
Click to add a vHBA Initiator Group. |
|
On the Create vHBA Initiator Group window, provide a Name for the initiator group. (Optional) Enter a Description. From the Storage Connection Policy drop-down list, select the policy created for booting from Fabric A. Click OK to continue. Repeat this step to create a vHBA initiator group for Fabric B. |
|
Back on the Zoning window, select the Fabric A vHBA initiator and the newly created A Initiator Group. Click to add the Fabric A vHBA initiator to the group. Repeat to add the Fabric B vHBA initiators to the Fabric B vHBA initiator group.
|
|
Validate that your configuration looks something like this. Click Next to continue to the vNIC/vHBA Placement section. |
Select the <AssignedOnly> placement policy in the Select Placement field. Select vCon1 and assign the vNICs in the following order: · Mgmt · CSV · LiveMigration · SMB · SC-access · SC-database · SC-SMB · T1-access |
|
Click the vHBA tab and assign the <FCoE-A> and <FCoE-B> vHBAs. Verify: Review the table to make sure that all of the vHBAs and vNICs were created. Click Next to move to the vMedia Policy section. |
The vMedia Policy is not used in this solution. Click Next to move to the Server Boot Order section.
Select <FabMgmt-Boot> in the Boot Policy field. Verify: Review the table to make sure that all of the boot devices were created and identified. Verify that the boot devices are in the correct boot sequence. Click Next to continue to the Maintenance Policy section. |
Select the appropriate Maintenance Policy from the drop-down list. Click Next to continue to the Server Assignment section.
|
In the Server Assignment select the <FabMgmt> Pool Assignment, Server Pool Qualification, and Firmware Management policies. Click Next to continue to the Operational Policies section.
|
Under BIOS Configuration, select the <FabMgmt> BIOS policy created earlier. Under Power Control Policy Configuration, select the No-Cap policy. Under Scrub Policy, select the No-Scrub policy. Click Finish to create the Service Profile Template. Click OK to dismiss the confirmation message. |
When the production Service Profile Template is built, it is cloned to create a template for use to build the initial installation of Windows Server. The boot policy is altered in the template to remove the MPIO that is configured in the production template.
Navigate to Servers > Service Profile Templates > root > FabMgmt. Right-click the previously created template and select Create a Clone. |
|
Enter <Initial-Build> as the Clone Name. Select <FabMgmt> as the Org. Click OK to create the clone. Click OK to dismiss the confirmation message. |
|
Select the <Initial-Build> template. Optionally enter a Description. Select the Boot Order tab and click Modify Boot Policy. |
|
Select <Initial-Build> from the Boot Policy drop-down list. Click OK to continue. Click OK to dismiss the confirmation message. |
|
In the right-hand pane, select the Storage tab and then the vHBA Initiator Groups tab. Select the first initiator group and click the Wastebasket icon () to erase that initiator group. Delete the second initiator group. |
|
Click the Add icon () to bring up the Create vHBA Initiator Group window. Enter <Initial-Build> as the Name of the initiator group. Select the check-box by FCoE-A. Select <Initial-Build> from the Storage Connection Policy drop-down list. Click OK. Click OK to dismiss the confirmation message. |
|
Expand the <Initial-Build> template and select vHBAs. |
|
Select the FCoE-B vHBA and click . Click Save Changes to accept the change. |
Get-UcsServiceProfile -Name VMHost-Mgmt -Org org-root/org-FabMgmt | Copy-UcsServiceProfile -NewName RemoveMe -DestinationOrg org-root/org-FabMgmt
Get-UcsOrg -Level root | Get-UcsOrg -Name "FabMgmt" -LimitScope | Add-UcsServiceProfile -ModifyPresent -BiosProfileName "FabMgmt" -BootPolicyName "Initial-Build" -HostFwPolicyName "FabMgmt" -IdentPoolName "FabMgmt" "SAN-Boot" -MaintPolicyName "UserAck" -PowerPolicyName "No-Cap" -ResolveRemote "yes" -ScrubPolicyName "No-Scrub" -Name "RemoveMe"
Get-UcsOrg -Level root | Get-UcsOrg -Name "FabMgmt" -LimitScope | Get-UcsServiceProfile -Name "RemoveMe" -LimitScope | Get-UcsStorageIniGroup -Name "B-initiators" | Remove-UcsStorageIniGroup
Get-UcsOrg -Level root | Get-UcsOrg -Name "FabMgmt" -LimitScope | Get-UcsServiceProfile -Name "RemoveMe" -LimitScope | Get-UcsStorageIniGroup -Name "A-initiators" | Remove-UcsStorageIniGroup
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name "FabMgmt" -LimitScope | Get-UcsServiceProfile -Name "RemoveMe" -LimitScope | Add-UcsStorageIniGroup -Descr "" -GroupPolicyName "" -Name "Initial-Build" -PolicyName "" -PolicyOwner "local" -RmtDiskCfgName ""
$mo_1 = $mo | Add-UcsVnicFcGroupDef -ModifyPresent -PolicyOwner "local" -StatsPolicyName "default" -StorageConnPolicyName "Initial-Build"
$mo_2 = $mo | Add-UcsStorageInitiator -ModifyPresent -Name "FCoE-A" -PolicyOwner "local"
Complete-UcsTransaction
Start-UcsTransaction
$mo = Get-UcsOrg -Level root | Get-UcsOrg -Name "FabMgmt" -LimitScope | Get-UcsServiceProfile -Name "RemoveMe" -LimitScope | Set-UcsServiceProfile -BiosProfileName "FabMgmt" -BootPolicyName "Initial-Build" -Descr "" -DynamicConPolicyName "" -ExtIPPoolName "ext-mgmt" -ExtIPState "none" -HostFwPolicyName "FabMgmt" -IdentPoolName "FabMgmt" -KvmMgmtPolicyName "" -LocalDiskPolicyName "SAN-Boot" -MaintPolicyName "UserAck" -MgmtAccessPolicyName "" -MgmtFwPolicyName "" -PolicyOwner "local" -PowerPolicyName "No-Cap" -ResolveRemote "yes" -ScrubPolicyName "No-Scrub" -SolPolicyName "" -SrcTemplName "" -StatsPolicyName "default" -UsrLbl "" -Uuid "0" -VconProfileName "" -VmediaPolicyName ""
$mo_1 = Get-UcsOrg -Level root | Get-UcsOrg -Name "FabMgmt" -LimitScope | Get-UcsServiceProfile -Name "RemoveMe" -LimitScope | Get-UcsVhba -Name "FCoE-B" | Remove-UcsVhba
Complete-UcsTransaction
These steps provide details for creating multiple service profiles from the previously created template. Multiple Service Profiles will be created for the production servers and a single Service Profile will be created for the initial build server.
Navigate to Servers > Service Profiles > root > FabMgmt. Select Create Service Profiles From Template. |
|
Enter <VMHost-Mgmt0> for the Naming Prefix. Enter 1 for the Name Suffix Starting Number. Enter 4 for the Number of service profiles to create. Select <VMHost-Mgmt> from the Service Profile Template drop-down list. Click OK to create the service profile. Click OK in the message box.
|
|
Repeat the process using the <Initial-Build> Service Profile Template to create a single Service Profile. |
|
Get-UcsServiceProfile -Name <VMHost-Mgmt> -Org org-root/org-FabMgmt | Add-UcsServiceProfileFromTemplate -NewName @("VMHost-Mgmt01","VMHost-Mgmt02","VMHost-Mgmt03","VMHost-Mgmt04") -DestinationOrg org-root/org-FabMgmt
The following steps provide the details necessary to prepare the host for the installation of Windows Server 2012 R2 Datacenter Edition. The previous steps configured server profiles that created the zoning for accessing the SAN and the LUN masking on the VNX5400 so that only a single path to server is available.
To speed the process of installing Windows Server 2012 R2 across all the physical hosts, a multiple step process is employed.
· Present the Master Boot LUN to one of the servers
· Install Windows Server 2012 R2 on a single physical server with the boot volume on the EMC VNX5400
· Perform some initial configuration tasks that are common for all servers used in the private cloud.
- Configure the management network
- Update the installation with the latest patches from Microsoft Update
- Install Windows Roles and Features
- Present the boot LUN to both vHBAs and configure MPIO
- Sysprep the image so other servers can be deployed more quickly
· Clone the sysprepped image for future use
- Remove the boot volume from the server on which it was installed.
- Make clones of the sysprepped volume within the EMC VNX5400 so each physical server will have its own clone to boot from.
· Complete build of other Infrastructure hosts
- Mask the cloned LUNs for other servers.
- Start each host and complete the mini-setup to tailor each node with things like name, IP addressing (if fixed IP addresses are used), and join to the domain). It is possible to configure this sort of information with unattend command files. That is beyond the scope of this document, and many shops already have such procedures in place.
Note: In order for the Windows Installer to recognize the Fibre Channel SAN boot disk for the initial server, the Cisco UCS fnic (storage) driver must be loaded into the Windows installer during installation. Please download the latest Unified Computing System (UCS) drivers from www.cisco.com under Cisco UCS B-Series Blade Server Software and place the ISO on the same machine with the Windows Server 2012 R2 installation media.
These steps illustrate how to present a LUN to a Cisco UCS Service Profile and server. This first LUN is the LUN which will contain the first installation of Windows Server 2012 R2. This image will be prepared to be used as a clone for subsequent server installations.
Open your browser. Enter the IP address of your EMC VNX5400 SAN with an https:// prefix. Click Continue to this website (not recommended). |
|
Click Accept to accept EMC’s licensing agreement. |
|
Enter the Name and Password for your installation. |
|
From the drop-down, select your EMC VNX5400 SAN. |
|
You will need to know the SP-Ports equivalents of the ports into which the cables are plugged on the two IO modules. If you did not obtain the information earlier, here are the steps again. Within Unisphere navigate to Settings > Network > Settings for Block. Find all the Physical Locations you will be using and note the SP-Port and WWN values for later usage. |
|
Obtain the WWNN and WWPN from the UCS Management console. Navigate to Servers > Servers > Service Profiles > root > FabMgmt. Expand the profile for <Initial-Build01> and select vHBAs. Note the values for the World Wide Node Name at the top and the WWPN under vHBAs. Note: Until Windows Server is installed and MPIO is configured, only a single path to storage can be presented. |
|
In Unisphere, navigate to Hosts > Initiators. Select Create to create a host initiator for accessing the boot LUN.
|
|
Enter the host’s WWNN and WWPN in the WWN/IQN field. Select the proper port (located in earlier step) in the SP-port drop-down list. Select CLARiiON/VNX from the Initiator Type drop-down list. Make sure that Failover Mode is ALUA. Select the radio button for New Host. Enter values for your Host Name and its IP Address. These do not have to be the actual host name and IP address as they are used just for reference at this time. Click OK. You will receive a message about host not being managed because the record was manually created. That is fine for this instance. |
|
Navigate to Hosts > Storage Groups. Click Create.
|
|
Enter a name for a storage group to be assigned to this server in the Storage Group Name field. Click OK to continue. On the confirmation window that asks if you wish to add LUNs or connect hosts, click Yes. |
|
On the LUNs tab, select the Master Boot LUN that was created for this server. Click Add and an entry will appear in the Selected LUNs section of the screen. |
|
Select the Hosts tab. Select the initiator record you created earlier for this server. Click the right-pointing arrow to move it to the Hosts to be Connected column. Click OK.
|
The following example PowerShell script utilizes both EMC Storage Integrator and the Cisco UCS PowerTool, and expects that both have been successfully installed on the configuration workstation. After presentation of the LUN to the WWPNs defined within the Service Profile, it will be possible to proceed with Windows Server installation.
#----------------------------------------------------------------------------------
# Filename: PrepMasterBoot_AddViaWWPN.ps1
# Description: Set up Cisco UCS ServiceProfile to do Boot from SAN from
# VNX5400
#----------------------------------------------------------------------------------
#
# Uses an XML file with the following schema. This same schema is used by
# - PrepMastBoot-AddViaWWPN.ps1
# - Process Storage Requests.ps1
# - PostClone_AddViaWWPN.ps1
#
# <StorageParams>
# <Servers>
# <Server>
# <ServerName>Initial-Build</ServerName>
# <IPAddress>192.168.20.20</IPAddress>
# <luns>
# <label>MasterBoot2012R2</label>
# <pool>RAID Group 1</pool>
# <size>60GB</size>
# </luns>
# </Server>
# </Servers>
# <Array>EnterpriseFastTrack</Array>
# <UCSAddress>10.5.177.10</UCSAddress>
# </StorageParams>
#
#----------------------------------------------------------------------------------
$global:rootPath = Split-Path -Parent $MyInvocation.MyCommand.Path
$myxmlfile = $global:rootPath + "\CFG_STORAGE_LUNS.xml"
Function ReadStorageConfig ([String]$filename) {
$xmlConfigFile = [xml](Get-Content $filename )
$global:StorageConfig = $xmlConfigFile.SelectSingleNode( '/StorageParams' )
}
ReadStorageConfig $myxmlfile
Import-Module CiscoUcsPS
Import-Module ESIPSToolkit
Function LUNExists {
param ($TGTLUN)
$Val = Get-EmcLUN $TGTLUN -Silent
if ($Val -eq $null) {return $false} else {return $true}
}
Function reghostexists {
param ($tgthost)
$val = Get-EmcStorageRegisteredHost $tgthost
If ($Val -eq $null) {Return $false}
Else {Return $true}
}
$StorageArray = Get-EMCStorageSystem -ID $global:StorageConfig.Array -Silent
If ($StorageArray -eq $null)
{
Write-Host "ERROR: Array" $Array "is not known or registered under that name."
Exit 1
}
Update-EmcSystem $StorageArray
# Prompt user for connection to UCS environment
If ($UCS -eq $null) {$UCS = Connect-Ucs $global:StorageConfig.UCSAddress}
ForEach ($entry in $global:StorageConfig.Servers.Server)
{
ForEach ($lun in $entry.luns)
{
Write-Host $entry.Servername, $lun.label
}
}
# Check for pre-existing LUN
If (LUNExists $global:StorageConfig.Servers.Server.luns.label)
{ # We present the LUN
$MyServiceProfile = Get-UcsServiceProfile | where {$_.Name -eq $global:StorageConfig.Servers.Server.ServerName}
If ($MyServiceProfile -eq $null)
{
Write-Host "ERROR: Cannot find ServiceProfile" $global:StorageConfig.Servers.Server.ServerName
exit 1
}
Else
{
#
# Extract out the WWPN initiator information for the Service Profile
#
$MyvHBAs = Get-UcsVhba -ServiceProfile $MyServiceProfile
#
# Get the Gold Master that we plan to use
#
$MasterLUN = get-EMCLun -ID $global:StorageConfig.Servers.Server.luns.label -BlockStorageSystem $StorageArray
#
# Add all the initiators from the Service Profile to the Storage Group on the VNX
#
ForEach ($vHBA in $MyvHBAs)
{
$HostRegistration = $vHBA.NodeAddr + ":" + $vHBA.Addr
If (reghostexists $global:StorageConfig.Servers.Server.ServerName)
{
$rg=get-emcstorageregisteredhost $global:StorageConfig.Servers.Server.ServerName
Write-Host "New Init" $HostRegistration
New-EmcStorageRegisteredInitiator -registeredhost $rg -InitiatorIds $HostRegistration
}
Else
{
Write-Host "New Host" $HostRegistration
New-EMCStorageRegisteredHost -StorageSystem $StorageArray -HostName $global:StorageConfig.Servers.Server.ServerName -IpAddress $global:StorageConfig.Servers.Server.IPAddress -HostBusAdapterIds $HostRegistration
}
}
}
If (LUNExists $MasterLUN)
{
Write-Host "unmask lun" $masterlun
Set-EmcLunAccess -Lun $MasterLUN -InitiatorId $Hostregistration -HostName $global:StorageConfig.Servers.Server.ServerName -HostIPAddress $global:StorageConfig.Servers.Server.IPAddress -Available
}
Else
{ # We Fail, because the LUN cannot be found
Write-host "ERROR: Cannot find the LUN:" $MasterLUN
Exit 1
}
Open your browser and browse to the address of your Cisco UCS Manager console. Click Continue to this website (not recommended). Or, you can also launch the Cisco UCS Manager from a PowerShell cmdlet on your configuration workstation that has PowerTool installed. The Start-UcsGuiSession cmdlet can take either an IP address or a DNS name. |
Connect-Ucs <IPaddress or DNS name> Start-UcsGuiSession |
Click Launch UCS Manager. |
|
Enter admin as the user name. Enter the password specified in the initial setup. |
|
If you associated your service profile with a Server Pool, the service profile will be associated with a physical server. If you did not have a Server Pool, you will need to manually assign a server to the service profile. Right-click the <Initial-Build01> Service Profile and select Change Service Profile Association. |
|
On the Associate Service Profile window, select Select existing Server from the Server Assignment drop-down list. Select an available server by clicking on the radio button. Click OK to continue. Click Yes on the confirmation window that displays to complete the assignment. When the association complete, you can proceed to the next step.
|
|
Navigate to Servers > Service Profiles > root > FabMgmt. Right-click the <Initial-Build01> service profile and select KVM Console from the menu. You will receive a number of Java and security warnings. Click through them until the KVM Console displays. |
|
On the KVM console menu select the Virtual Media menu item and select Activate Virtual Devices. You will receive a warning about an unencrypted session. Accept the session. |
|
Select the Virtual Media menu option again and select Map CD/DVD. |
|
Browse to the location where you have stored the Windows Server 2012 R2 installation media on your configuration workstation. Select and open the media. On the Virtual Media – Map CD/DVD window, click Map Device.
|
|
On the KVM tab, click Boot Server to boot the server. Click OK on the notification that you are turning on the server. The Cisco UCS blade will go through its startup and finally you will see the start of the Windows Server 2012 R2 installation. |
|
|
|
Select the appropriate localization features and click Next. On the following screen click Install Now. |
|
If you are using volume media, you will not see this screen for entering the activation code. If you are using Retail media, you will need to enter the activation code. |
|
Select Windows Server 2012 R2 Datacenter Server (with a GUI). As this server is going to be hosting multiple virtual machines, it must be assigned a Datacenter Server license for proper licensing. Click Next to continue. Accept the license terms on the following window. Note: This procedure assumes running installation and configuration steps from the console of the installed machine. If you are experienced with managing Windows Server remotely, you can select the Server Core Installation and perform configuration and management from the configuration workstation. |
|
On the Which type of installation do you want? window select the Custom: Install Windows only (advanced) option. |
|
On the Where do you want to install Windows? window, the system will not find any disks on which to install the OS. This is because the Cisco drivers are not included in the Windows installation media. Click Load driver. |
|
You will be presented with a Load driver window. Before working with this window, you must first mount the Cisco driver image. |
|
On the KVM console, select the Virtual Media tab. Click the Windows installation media to un-map that ISO. You will be presented with a warning message recommending to use the OS to dismount. Click Yes to continue. Then check the box by the Cisco driver media. Click the KVM tab. |
|
Select the Virtual Media menu again then click Map CD/DVD. Browse to the location where you have stored the Cisco device drivers and select the ISO file. Click Map Device to continue. |
|
Back on the Load driver window, click Browse. |
|
Expand the CDROM containing the Cisco driver media. Browse to Windows > Storage > Cisco > 1380 > W2K12R2 > x64. Click OK to continue. |
|
On the Select the driver to install window, validate you have selected the proper driver and click Next to continue. Note: It is recommended to repeat this process for the NIC driver. This helps ensure those drivers are installed at this time and saves effort of loading them later. |
|
When the driver installation is complete, you will be returned to the Where do you want to install Windows? window. Return to the Virtual Media menu and re-select the Windows installation media. Back on the KVM tab, if you see the message Windows can’t be installed on this drive you have to click Refresh to see the disk. If you see more than one disk, you need to correct your zoning and masking to present only a single path to the boot LUN. Windows does not install properly if presented with a multi-pathed boot volume. If you do not see any disks, you will need to check your zoning/masking. Note: You can safely ignore the warning about not enough space to install. The calculation for required space assumes a page file equal in size to the memory. This is no longer a strict requirement. Click Next to continue. |
|
Windows will proceed with its initial setup. At the completion of this process, Windows will reboot. If you are watching the installation process, you will see a message on the screen to Press any key to boot from CD or DVD… Do not enter any key when you see this message or it will restart the installation process. Wait until the next step before proceeding. |
|
Enter a password for the local administrator account. Re-enter to validate. Click Finish to complete the installation. |
|
Select Macros on the KVM console. From the drop-down menu, select Static Macros and Ctrl-Alt-Del to bring up the Windows sign in screen. |
|
Log into the new machine using the password entered in the previous step. Enter a carriage return after entering the password. |
|
If you did not load the NIC drivers earlier, open a PowerShell or command window and issue the command to the right. The sample assumes the Cisco driver media is mounted on drive G: When finished with installing the device drivers, you can remove the installation media from the Virtual Media tab of the KVM, or dismount it from within Windows. |
pnputil –i –a G:\Windows\Network\Cisco\1380\W2K12R2\x64\enic6x64.inf
|
At this point, if you have a DHCP server installed on your Management Network, the Management Network Interface should come up with an IP address. If you do not have DHCP, use the following steps to determine which Network Interface is on the Management VLAN and configure it with a static IP with connection to the outside world.
Within Cisco UCS Manager, expand the Service Profile for the machine, and select the vNICs to display the MAC addresses assigned by UCS. |
|
From a PowerShell prompt, enter the Get-NetAdapter cmdlet. This will list the MAC addresses of the networks assigned within the operating system. |
Get-Netadapter
|
Find the MAC address for the host management NIC (Mgmt in this example). Open the Network Connections window by typing ncpa.cpl within the PowerShell window. |
|
Right-click the NIC name with the matching MAC address and select Properties. |
|
Scroll to the bottom of the list and select Internet Protocol Version 4 (TCP/IPv4). Click Properties to open the window to configure the IP address for the host management network. This management network should allow access to either Windows Update on the Internet or to a local Windows Update Server in order to pull the necessary patches to bring it up to date. |
It is highly recommended to fully patch the server at this time from Windows Update. Depending on the patches, it might be necessary to reboot and check for updates multiple times before the server is completely patched. This will save time by ensuring images built from this master image will not need to have as many patches applied. It is a good practice to periodically refresh your master image when more patches are released.
All hosts in the Private Cloud require the same set of base roles and features;
· Multi-port IO (MPIO)
· Failvover Clustering
· Hyper-V
You can manually add the roles and features through Server Manager > Manage > Add Roles and Features, but the following PowerShell commands will perform the same function more quickly. This script adds MPIO feature and all the Product IDs used by EMC, adds the Failover Clustering feature, and then adds the Hyper-V role. Adding the Hyper-V role requires the system to reboot.
Write-Host "`nInstall the MPIO and Failover Clustering features and the Hyper-V role"
Write-Host -ForegroundColor Yellow "`nInstalling Hyper-V will cause the system to reboot`n"
Write-Host "`nInstalling the MPIO feature"
Install-WindowsFeature -Name Multipath-IO -IncludeManagementTools
Write-Host "Add new vendor and product IDs for MPIO"
# Values for EMC VNX
$trash = New-MSDSMSupportedHw -VendorId "DGC" -ProductId "LUNZ"
$trash = New-MSDSMSupportedHw -VendorId "DGC" -ProductId "VDISK"
$trash = New-MSDSMSupportedHw -VendorId "DGC" -ProductId "RAID 0"
$trash = New-MSDSMSupportedHw -VendorId "DGC" -ProductId "RAID 1"
$trash = New-MSDSMSupportedHw -VendorId "DGC" -ProductId "RAID 10"
$trash = New-MSDSMSupportedHw -VendorId "DGC" -ProductId "RAID 5"
$trash = New-MSDSMSupportedHw -VendorId "DGC" -ProductId "VRAID"
Remove-MSDSMSupportedHw -Vendorid "Vendor 8" -Productid "Product 16"
Write-Host "List of configured vendor and product IDs"
Get-MSDSMSupportedHW | FT –auto VendorId, ProductId
Write-Host "`nInstalling the Failover Clustering feature"
Install-WindowsFeature -Name Failover-Clustering -IncludeManagementTools
Write-Host "`nInstalling the Hyper-V role"
Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart
Microsoft has a default formula for setting and managing the paging file. The size of the paging file is determined based upon the amount of physical memory configured on the server. The base amount of recommended memory for this solution is 256 GB. This results in a large amount of the system disk being allocated for use by the paging file.
As most of the memory is allocated to VM usage, little of the overall memory is used by the Hyper-V host. That minimizes the actual amount of space needed for a paging file. Secondly, as the Hyper-V host is configured to make sure the proper amount of memory, the need to swap and/or page memory to the paging file is minimized. These factors combine to allow for a smaller paging file to be configured for the environment with no impact on the performance of the virtualized environment.
The following steps show how to set a paging file to a significantly smaller size.
From Server Manager > Local Server click the Computer Name. |
|
On the System Properties window, select the Advanced tab. |
|
On the Advanced tab click Settings… |
|
On the Performance Options window select the Advanced tab. |
|
On the Advanced tab of the Performance Options window, click the Change… button. |
|
On the Virtual Memory window, uncheck the box by Automatically manage paging file size for all drives. This allows you to then select the radio button by Custom size: Since the systems are sized appropriately to minimize the need for paging during normal operations, a minimum page file can be created to capture a minimum memory dump should the system crash. Enter 1024 in the Initial size (MB): box and 4096 in the Maximum size (MB): box. You must click the Set button for the change to take place. Click OK to continue. |
|
Click OK on the System Properties window that displays. Click OK twice to exit the System Properties windows. |
|
Click Restart Now to accept the changes to the paging file. |
|
PowerShell can be used to set the pagefile size. These cmdlets implement the same settings as shown in the above GUI steps. |
$computerSystem = Get-WmiObject -Class Win32_ComputerSystem -EnableAllPrivileges If ($computerSystem.Model -ne "Virtual Machine") { $computerSystem.AutomaticManagedPagefile = $false $computerSystem.Put() | Out-Null
$pageFileSetting = Get-WmiObject -Class Win32_PageFileSetting $pageFileSetting.InitialSize = 1024 $pageFileSetting.MaximumSize = 4096 $pageFileSetting.Put() | Out-Null }
|
In order to enable complete remote management of the server by using RSAT from another system, it is necessary to enable a number of firewall rules and configure some services. The following PowerShell script performs this function. Additionally, it enables the server to be accessed through a Remote Desktop Connection over the Remote Desktop Protocol.
Since these settings are affecting security settings, you should check with your security team to make sure you these settings are allowed in your environment.
##### Make sure Server Manager remoting is enabled
Configure-SMRemoting.exe -Enable
##### Set some firewall rules
##### Enable ping requests in and out
Set-NetFirewallRule –Name “FPS-ICMP4-ERQ-In” –Enabled True -Profile Any
Set-NetFirewallRule –Name “FPS-ICMP6-ERQ-In” –Enabled True -Profile Any
Set-NetFirewallRule –Name “FPS-ICMP4-ERQ-Out” –Enabled True -Profile Any
Set-NetFirewallRule –Name “FPS-ICMP6-ERQ-Out” –Enabled True -Profile Any
##### Enable remote volume management - firewall rules need to be set on both
##### source and destination computers
##### ***NOTE*** Policy must also be set on system to "Allow remote access
##### to the Plug and Play interface"
##### This is done with gpedit.msc locally or gpedit for domain policy
Set-NetFirewallRule –Name “RVM-VDS-In-TCP” –Enabled True -Profile Any
Set-NetFirewallRule –Name “RVM-VDSLDR-In-TCP” –Enabled True -Profile Any
Set-NetFirewallRule –Name “RVM-RPCSS-In-TCP” –Enabled True -Profile Any
##### Enable DCOM management requests in
Try
{
Set-NetFirewallRule –Name “ComPlusNetworkAccess-DCOM-In” –Enabled True -Profile Any
}
Catch
{
Write-Host "ComPlusNetworkAccess-DCOM-In not set; assuming core installation"
}
##### Enable remote service management
Set-NetFirewallRule –Name “RemoteSvcAdmin-In-TCP” –Enabled True -Profile Any
Set-NetFirewallRule –Name "RemoteSvcAdmin-NP-In-TCP” –Enabled True -Profile Any
Set-NetFirewallRule –Name “RemoteSvcAdmin-RPCSS-In-TCP” –Enabled True -Profile Any
##### Enable Remote Event Log Management
Set-NetFirewallRule –Name "RemoteEventLogSvc-In-TCP” –Enabled True -Profile Any
Set-NetFirewallRule –Name “RemoteEventLogSvc-NP-In-TCP” –Enabled True -Profile Any
Set-NetFirewallRule –Name “RemoteEventLogSvc-RPCSS-In-TCP” –Enabled True -Profile Any
##### Enable Remote Scheduled Tasks Management
Set-NetFirewallRule –Name “RemoteTask-In-TCP” –Enabled True -Profile Any
Set-NetFirewallRule –Name “RemoteTask-RPCSS-In-TCP” –Enabled True -Profile Any
##### Enable Windows Firewall Remote Management
Set-NetFirewallRule –Name “RemoteFwAdmin-In-TCP” –Enabled True -Profile Any
Set-NetFirewallRule –Name “RemoteFwAdmin-RPCSS-In-TCP” –Enabled True -Profile Any
##### Enable WMI management requests in
Set-NetFirewallRule –Name “WMI-WINMGMT-In-TCP” –Enabled True -Profile Any
##### Enable Remote Shutdown
Set-NetFirewallRule –Name “Wininit-Shutdown-In-Rule-TCP-RPC” –Enabled True -Profile Any
##### Enable Network Discovery on the Domain Network
Set-NetFirewallRule –Name “NETDIS-FDPHOST-In-UDP” –Enabled True -Profile Domain
Set-NetFirewallRule –Name “NETDIS-FDPHOST-Out-UDP” –Enabled True -Profile Domain
##### Set some services to automatically start and start them.
Set-Service -Name PlugPlay -StartupType Automatic
Start-Service PlugPlay
Set-Service -Name RemoteRegistry -StartupType Automatic
Start-Service RemoteRegistry
Set-Service -Name vds -StartupType Automatic
Start-Service vds
##### Enable Remote Desktop
(Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\TerminalServices).SetAllowTsConnections(1,1) | Out-Null
(Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace root\cimv2\TerminalServices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0) | Out-Null
##### Enable Remote Desktop rules for all profiles
Set-NetfirewallRule -Name "RemoteDesktop-UserMode-In-TCP" -Enabled True -Profile Any
Set-NetfirewallRule -Name "RemoteDesktop-UserMode-In-UDP" -Enabled True -Profile Any
At this time you should implement any standard configuration items that are required by the organization to be on all servers. This may be an anti-malware product or a management agent or other system settings. They will vary from one organization to another.
Depending upon your configuration, you might need to update the chipset drivers on your system. These steps illustrate how to determine if you need to update the chipset drivers and then update them.
Launch Device Manager and expand Other Devices. If do not see a list of Base System Device entries with the warning symbol (), you most likely do not need to update the chipset drivers and you can skip these steps. If you do, continue to the next step. |
|
Mount the Cisco drivers ISO file as a DVD on the system and navigate to the \Windows\Chipset\Intel\B200M4\W2K12R2 directory. From that location run SetupChipset.exe. Note: If you are not using the B200M4 server, navigate to the appropriate folder before proceeding. |
|
On the Welcome to the Setup Program window click Next to continue. |
|
On the License Agreement window click Accept to continue.
|
|
You read the Readme file here or you can open the file in Notepad directly from the distribution. Click Install to continue. |
|
Wait on the Progress window as the setup program determines what needs to be updated and updates it. When completed, click Finish on the final window. |
|
You can go back to Device Manager. At this time you should no longer see the Other Devices category. |
Up until this point the service profile in use has had just a single path to the storage. In order to configure MPIO a different service profile that is configured with multiple paths to the storage must be used. The following steps explain how to move the LUN that is currently associated with the Initial-Installation service profile to a service profile with two paths to storage so configuration can be completed.
First, shutdown the server gracefully. From the KVM, click Shutdown Server. On the Shutdown Service Profile window, make sure the Gracefully shutdown OS box is checked. Click OK. Acknowledge the informational message. |
|
When the server has successfully shutdown, right-click the server and select Disassociate Service Profile. Click Yes on the validation window that pops up. Before proceeding, wait until you see the status of the service profile change to Unassociated.
|
|
If you associated your service profile with a Server Pool, the service profile will be associated with a physical server. If you did not have a Server Pool, you will need to manually assign a server to the service profile. Select a Service Profile with two paths, right-click, and select Change Service Profile Association. |
|
On the Associate Service Profile window, select Select existing Server from the Server Assignment drop-down list. Select an available server by clicking on the radio button. Click OK to continue. Click Yes on the confirmation window that displays to complete the assignment. As the association completes, you can proceed to the next step.
|
|
Expand the Service Profile you are assigning and expand VHBAs. Note the WWNN and WWPNs. These are needed to mask the LUN to this server. |
When you have the WWNN and WWPNs you can use EMC’s Unisphere to mask the MasterBoot-2012R2 LUN to the service profile with two paths to the storage. The goal here is to sysprep this operating system image then clone the LUN for use by all other physical servers. This means MPIO has to be configured only once. When the operating system image that will be used for booting the additional blades has MPIO configured, it is possible to simply mask the LUNs in Unisphere and boot.
Note: Configuring EMC’s PowerPath software before sysprepping an image is not supported. This is why Microsoft’s MPIO software is configured. By configuring Microsoft’s MPIO software before sysprepping and cloning the image, you enable a new server to boot with all fabric paths defined.
When the zones and zonesets have been updated to reflect the multiple paths to the LUN, it is necessary to configure the EMC VNX5400 SAN to present the boot LUN to the additional paths.
Make sure the server is powered off before starting.
In Unisphere navigate to Hosts > Initiators and click the Create button to add a new initiator. The goal is to create an initiator to each port on the EMC VNX5400. You will have two initiator records for each WWNN and WWPN combination for the server. Select CLARiiON/VNX as the Initiator Type. Select the appropriate SP-Port. For the first initiator you will create a New Host. For the subsequent initiators you will select Existing Host and you will select the host you created for the first initiator. |
|
This sample shows the two initiators from FCoE-A going to one SP-Port on SPA and to another SP-Port on SPB. FCoE-B also has a connection from one SP-Port on SPA and another on a SP-Port on SPB.
|
|
When all initiators are defined and registered, select Hosts > Storage Groups. Select the MasterBoot-2012R2 storage group. Click the Connect Hosts button. |
|
On the Hosts tab, select the Initial-Installation server from the Hosts to be Connected column and move it to the Available Hosts column. Click Apply to move the host to the Available Hosts column. |
|
Select the dual-path server from Available Hosts and move it to Hosts to be Connected. Click OK to continue.
|
|
Go back to the UCS Management console to boot the server and log into the console. |
|
From and elevated command prompt or PowerShell window issue the command mpclaim –s –d 0. You should see four entries similar to what is shown in this screen shot, validating that you have properly configured MPIO. |
When the image is configured with all the base components that should be included in each image, Microsoft’s sysprep utility is run to create an image to be used for cloning to quickly provision physical hosts needed in the private cloud environment.
Note: Microsoft has provided many tools to perform automated configuration of systems through unattend files. These tend to vary in their implementation from customer to customer, as they tailor their systems for different purposes. It is beyond the scope of this document to delve into how unattend files can be configured into sysprepped images.
From an elevated command window, enter the command c:\windows\system32\sysprep\sysprep.exe. Note: The sysprep utility is unique for each version of the operating system. Do not try to use one from another installation. |
|
Select Enter System Out-of-Box Experience (OOBE) from the System Cleanup Action drop-down menu. Select the Generalize box. Select Shutdown from the Shutdown Options drop-down menu. Click OK to perform the system preparation. When the KVM console shows the physical server has shut down, LUN clones can be made for use by other physical servers. |
With the base sysprep image created, clones can be created to replicate the contents of the master LUN for other servers in the environment.
The following procedure can be performed from EMC Unisphere to create the clone relationship and copy the data from the master LUN to the boot target LUNs.
Note: The following steps assume that the server is still connected to the MasterBoot-2012R2 storage group.
Within Unisphere navigate to Data Protection > Clones. Click Clone Wizard to start the process of cloning the LUNs for the servers. |
|
|
|
The wizard will launch and provide an overview of the process. Click Next to continue. |
|
On the Select a Production Server window, select the name of the server you just used to create the sysprepped image. Click Next to continue. |
|
On the Select Storage System window, select the name of your storage system. Click Next to continue.
|
|
On the Select the Source LUNs window select the name of the LUN you just created and sysprepped. Click Add to move the available LUN to the Selected LUNs. Click Next to continue.
|
|
On the Select Clone LUN Names window, edit the Clone LUN Name to reflect your naming convention. Click Next to continue.
|
|
On the Storage Pool Configuration window make sure the proper storage pool is selected in the drop-down list under Clone Storage Pool. Click Next to continue.
|
|
On the Assign Clone to Server window click the radio button by Do not assign Clones to a server at this time. You will assign the clones later. Click Next to continue.
|
|
Review your entries on the Summary window. Click Finish to start the process of cloning.
|
|
On the Results of the Clone Configuration Wizard, it will take a few seconds to complete. When completed, check the box by When I click next, allow me to configure additional cl… Click Next to continue. Repeat the steps above to create a total of four cloned LUNs for your infrastructure servers. After the fourth clone is complete, click Finish to continue. |
|
Back in the main window of Unisphere you will see the clones are synchronizing. If one is not, just wait and it will soon start. |
|
To get more detail on synchronization, Right-click a clone LUN and select Properties. Each clone will have its own tab. Within each tab will be a Synchronized percentage. Wait for all clones to get to a Synchronized state before continuing. Notice that you can set the Synchronization Rate to High to speed the process. |
|
When Condition changes from Synchronizing to Normal, the synchronization is complete. Delete each clone from the clone set. Select one clone at a time, right-click, and select Delete. Select OK following the successful deletion. Note: Failure to perform this step will prevent the servers from booting. |
|
Navigate to Hosts > Storage Groups. Disconnect the host from the MasterBoot-2012R2 storage group. |
When a clone of the sysprepped LUN has been created for each physical server to be built, there are several steps to complete the build process:
· Mask each cloned LUN to a different server
· Boot the server and complete the mini-setup of the sysprepped images
· Configure the networking and Hyper-V virtual switches
· Install EMC PowerPath
· Install EMC Unisphere
Mask the LUN before completing a build from the cloned, sysprepped image. Use the Unisphere management GUI as outlined previously in the “Mask Boot LUN with EMC Unisphere” section. There are two basic steps that need to be completed.
· Create the four host initiator records for each possible path between the server and the storage
· Create a Storage Group for each boot LUN and add the appropriate LUN to the storage group and add the host defined by the initiator records to the appropriate storage group
Because the sysprepped image was created after MPIO was installed, each system should boot properly with multiple paths to the storage. Following the masking operations, start each host and complete the following steps.
In Unisphere, you already created host initiator records for one of your servers. In this example, it is <VMHost-Mgmt01>. Within UCSM to record the WWNN and WWPNs for each subsequent service profile. |
|
Enter the WWNN and WWPN in the WWN/IQN box. Select the appropriate SP-port. Select CLARiiON/VNX as the Initiator Type. Enter a Host Name and IP Address. Click OK to add the record. |
|
Create a second initiator record using the same WWNN:WWPN. Select the B controller port for the SP-port. Select the radio button by Existing Host and select the host defined in the previous step. Click OK to create this initiator record. |
|
Repeat this step to connect the second WWPN to the second set of SP-ports for this host. Repeat for the last two hosts. |
|
Validate that you have entered the proper WWNN:WWPN combinations to the correct SP-ports for the correct hosts. |
In Unisphere navigate to Hosts > Storage Groups. Click Create. Enter a meaningful Storage Group Name. Click OK to create the group. Click Yes on the confirmation window that displays. |
|
On the second confirmation window that asks if you wish to add LUNs or connect hosts, click Yes. |
|
Under the LUNs tab, locate the LUN for which you created the storage group. Select it and click Add.
|
|
Select the Hosts tab. Select the appropriate host and click the arrow to move it to the Hosts to be Connected column. Click OK. Repeat for the other three hosts. |
When the sysprep image has been cloned and the LUNs are properly zoned and masked so the boot volumes only appear to the owning host, every server must complete its installation. Booting from a sysprep image runs what is referred to as a ‘mini-setup’.
Note: This document does not describe the use of an unattend file. If your organization makes use of unattended installations of sysprep images, that can be used to replace these steps.
Use the Cisco UCS Manager console to connect to the selected server using KVM. Select the option to Boot Server.
|
|
Make any necessary changes to the Region and Language settings. Click Next to continue. |
|
Click the box next to I accept the license terms for using Windows. Click Accept to continue. |
|
Enter a complex password and re-enter it to validate its proper entry. Click Finish to complete the mini-setup. |
At this point, you will have a complete base image. This means you will need to perform several items that will vary from site to site.
· Activate Windows – if using Microsoft’s Key Management Service (KMS) this can happen automatically. If using non-volume media or Microsoft’s Multiple Activation Key (MAK), manual steps are required.
· Rename the computer and join the computer to the Active Directory Domain (sample PowerShell below)
· Any other company-specific required tailoring
As these are not unique to the private cloud, they are not covered in this document.
It is easier to join the server to the fabric management domain. This requires configuring the management NIC in order to enable access to the domain.
Note: These steps are not required if you have DHCP configured to provision a routable address on the Mgmt network. However, it is a good practice to assign fixed IP addresses to management servers.
From a PowerShell window, issue the following cmdlet: Get-NetAdapter |
|
In UCS Manager, navigate to the service profile of the server you are running and expand the vNICs. Match the MAC address for the Mgmt vNIC to the network adapter from the previous step. |
|
From the PowerShell window, issue the command ncpa to launch the Network Connections window. Right-click the network adapter determined in the previous step and select properties. Note: Do not rename the NIC at this point. A sample PowerShell script is provided to automatically rename the NICs to correspond with the vNICs in the associated service profile. |
|
Select the Internet Protocol Version 4 (TCP/IPv4) item and click Properties. |
|
Configure the IP address, mask, and gateway. Make sure the DNS servers have entries for the fabric management Active Directory domain that is to be joined. Click OK. |
Issue the following PowerShell cmdlet to capture the domain credentials needed to join the computer to the domain. $creds = Get-Credential Enter the appropriate domain\username and password into the credential window and click OK. |
|
Issue this PowerShell cmdlet to rename the computer and join it to the domain using the credentials entered in the previous step. Restart the computer to effect the changes. Note: You can remotely manage the computer for several of the following steps. |
Add-Computer –DomainName <’domain.com’> -Credential $creds –NewName <’servername’>
|
It is recommended that you rename the network adapters from the Windows default values of “Ethernet #x” to match the vNIC name from the UCS Service Profile. You can use the manual procedure to find the associated NIC defined earlier in the document, or you can use the sample PowerShell script that follows. This script requires that the target machine is domain-joined and the script is run from a configuration workstation in the same domain that has the Cisco UCS PowerTool installed. The script makes use of a variable to define the address of the Cisco UCS Manager console; modify it to reflect the customer environment.
# Import required modules
If ((Get-Module |where {$_.Name -ilike "CiscoUcsPS"}).Name -ine "CiscoUcsPS")
{
Write-Host "Loading Module: Cisco UCS PowerTool Module"
Import-Module CiscoUcsPs
}
$trash = set-ucspowertoolconfiguration -supportmultipledefaultucs $false
###### Variables to be tailored to customer environment ###
$UcsmAddress = "192.168.10.100"
# Connect to UCSM
Write-Host -ForegroundColor DarkYellow "`nEnter credentials for UCS Manager`n"
$ucsCreds = Get-Credential
$UCSMHandle = Connect-Ucs $UcsmAddress $ucsCreds
# Get Name of server to work on
Write-Host "Enter server on which to rename default NIC names"
Write-Host "The name of the server and the name of the UCS Service Profile must be the same"
$Srvr = Read-Host "`nNOTE: Case must be EXACTLY the same as the UCS Service Profile"
$Org = Read-Host "`nEnter Sub-Organization name of Service Profile, or 'root'"
If ($org.Length -eq 0) {$org = "root"}
$OrgLevel = Get-UcsOrg -Name $Org
$SrvrProfile = $OrgLevel.DN + "/" + $Srvr
# Retrieve table of NICs from the UCS Profile
$ucsAdapters = Get-UcsVnic -ServiceProfile $SrvrProfile
$remAdapters = Invoke-Command -ComputerName $srvr {Get-NetAdapter}
ForEach ($ucsA in $ucsAdapters) {
$ucsMac = $ucsA.Addr -replace ":", "-"
ForEach ($remA in $remAdapters) {
If ($ucsMac -eq $($remA.MacAddress))
{
If ($ucsA.Name -ne $remA.name)
{
$tmp = $($remA.ifDesc).Contains("Hyper-V Virtual Ethernet")
If ($tmp -eq $false)
{
$old = $remA.Name; $new = $ucsA.Name
Write-Host "Changing NIC $old to be named $new - MAC $($remA.MacAddress)"
Invoke-Command -ComputerName $srvr {param($old, $new)Rename-NetAdapter -Name $old -NewName $new} -args $old,$new
break
}
}
}
}
}
Disconnect-Ucs
You should make the management network, the network on which domain communications occur, the first network in the network binding order. This procedure is run locally on each server.
Note: If using a Windows Server 2012 R2 Core installation, either use the nvspbind tool to change the order with this command line tool, or temporarily add the GUI to the 2012 R2 installation in order to use the following steps.
On the Server Manager console, click one of the networks to launch the Network Connections control panel.
|
|
On the Network Connections window, depress the Alt key to bring up the menu. Select Advance > Advanced Settings… |
|
Select the network you want to be first in the binding order and use the up arrow key on the right to move the network to the top of the list. Click OK to continue. |
This document assigns static IP addresses to all NICs, but Microsoft products will work with all systems using DHCP addresses. Only the management network should be configured with a default gateway and be registered with DNS (this was done earlier in this document). Though it is possible to configure static IP parameters remotely, due to the variability of customer configurations, it is easily performed from the console of the server rather than providing a script that would require extensive editing.
Launch the Network Connections utility by entering ncpa within a PowerShell window. Right-click the network to be configured and select Properties. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. |
|
Enter just the IP address and Subnet mask. Click the Advanced button. |
|
Select the DNS tab and clear the check box by Register this connection’s addresses in DNS. Click through the OK buttons to accept the settings. Repeat for the other non-management interfaces. |
Hyper-V virtual switches can be configured either through the Hyper-V Manager console or by using PowerShell. The following PowerShell script assumes that you have previously renamed all the vNICs to match the names in the service profile. It is also designed to be executed from the configuration workstation, so it asks for the system which will be targeted.
$srvr = Read-Host “Enter name of host on which to create virtual switches”
New-VmSwitch –Name “SC-database” –NetAdapterName “SC-database” –AllowManagementOS $False –Computername $srvr
New-VmSwitch –Name “SC-SMB” –NetAdapterName “SC-SMB” –AllowManagementOS $False –Computername $srvr
New-VmSwitch –Name “SC-access” –NetAdapterName “SC-access” –AllowManagementOS $False –Computername $srvr
Use the Hyper-V Manager console to create virtual switches. These instructions assume you are running the from the configuration workstation.
Determine the network adapter name and descriptions on the target computer by executing the following PowerShell cmdlets: Invoke-Command –ComputerName <servername> {Get-NetAdapter} |
|
Launch the Hyper-V Manager console. Right-click Hyper-V Manager and select Connect to Server… Add the hosts on which you will be creating virtual switches. |
|
Select the server for which you have previously executed the Get-NetAdapter cmdlet. Select Virtual Switch Manager… under Actions. |
|
On the Virtual Switch Manager window, Make sure you have select New virtual network switch under Virtual Switches and External under Create Virtual Switch. Click the Create Virtual Switch button. |
|
On the Properties of the virtual switch, enter a Name – recommended to name it the same as the vNIC name. Make sure the radio button for External network is selected. From the drop-down list, select the description of the vNIC on which you are creating this virtual switch. Uncheck the box for Allow management operating system to share this network adapter. Perform these steps for the SC-SMB, SC-access, and SC-database virtual switches. When complete, click OK to create all the switches. Note: The SC-access virtual switch will be re-created after the Cisco Nexus 1000V virtual machines are created. Creating the switch now simply prevents some warnings in the cluster validation. |
Each system should have EMC PowerPath installed for enhanced multi-pathing capabilities. EMC PowerPath for Windows version 6.0 or higher should be used. This process must be performed on each host.
u Perform this installation on each Hyper-V host server. |
|
Launch the EMC PowerPath installer, EMCPower.X64.signed.6.0.b401.exe. Click Next to continue. Click Next on the Welcome window, which follows. |
|
Accept the default feature installation options and click Next. |
|
On the Ready to install EMC PowerPath window leave the check box selected by the Persist path information option. Click Install. |
|
On the EMC PowerPath Licensing Tool window, enter the appropriate license key for your environment and Add. Click OK. If an appropriate license is not installed, PowerPath should not be installed and Microsoft’s MPIO should be used. Note: If no license key is entered, PowerPath will be unlicensed and will run in a “basic failover” mode, which allows two storage port connections to one HBA. The other HBA will be marked as unlicensed. |
|
On the completion window, click Finish to complete the installation. |
|
Select Yes to reboot the server and complete the installation. |
The Unisphere Host Agent allows for host specific information to be sent to management applications, like Unisphere, for ease of administration. LUN mapping and Operating System information as well as initiator information can be forwarded from a server to the VNX through the agent. Follow the procedure below to install the Unisphere Host Agent on either a physical Windows Server 2012 R2 server.
Note: Unisphere can also be installed within virtual machines that are using the virtual HBA capability of Hyper-V. This solution does not use virtual HBA, so this notice is for information purposes.
u Perform this installation on each Hyper-V host server. |
|
Run the following PowerShell cmdlet from an elevated PowerShell window to open the required firewall port for the Unisphere host agent. |
New-NetFirewallRule –Name UniAgent-TCP –DisplayName UniAgent-TCP –Action Allow –Direction Inbound –Protocol TCP –LocalPort 6389
|
Right-click the Unisphere Host Agent installer UnisphereHostAgent-Win-32-x86-en_US-1.3.6.1.0096-1.exe and select Properties Go to the Compatibility tab and choose to run the installer in a Compatibility mode of Windows 7. Select OK. Launch the installation program. |
|
The Microsoft iSCSI initiator is installed by default when Windows Server is installed. As it is not used in this solution, click No to continue. |
|
On the Introduction windows click Next to continue. |
|
Accept the default installation location. Click Next to continue. |
|
Enter the IP address of each block service processor (SPA and SPB). Click Next to continue. |
|
Review the summary information and click Next to continue. Click Finish on the Installation Complete window. |
|
The Unisphere Host Agent will bind to the first NIC within the binding order on the host. This needs to be a NIC, which can communicate with the VNX SP IP addresses. If this ends up being the incorrect NIC, use the agentID.txt file to set the correct interface. In the installation directory for Unisphere Host Agent (default = C:\Program Files (x86)\EMC\Unisphere Host Agent) create a file called agentID.txt. Within the file, place the server name on the first line, press enter, and then place the IP address of the desired management interface on the second line. |
After you complete the build of four servers to boot from SAN in a multipath IO environment, have all the network adapters configured the same on each host, all hosts are joined to the Active Directory domain, and you have created the appropriate shares for storing the virtual hard disks, you will create the cluster on which all the System Center 2012 R2 infrastructure virtual machines will be deployed. It is recommended that the Fabric Management cluster remain a separately managed cluster and that it not be used for tenant VMs. Windows does provide enough security to isolate different VMs, so it is acceptable to use the nodes of the Fabric Management cluster for running VMs, if that is desired, but not recommended. This document demonstrates two clusters – one for Fabric Management and the other for Tenant virtual machines.
Microsoft Failover Clusters use SMB storage on the EMC VNX storage array for storing the VMs. Most virtual hard disks will be stored in the SMB 3.0 shares created previously. However, there are three FC LUNs that need to be presented to the cluster.
· Cluster disk witness – it is recommended to utilize the disk witness instead of a file share witness, because the disk witness will always have a backup of the cluster database.
· SQL Server Analysis Services – does not yet support storing its databases and log files on SMB shares. A single LUN with sufficient space for the database and log files needs to be presented to the failover cluster.
· System Center Virtual Machine Manager library – SCVMM is installed as a highly available service. This requires its library to be stored on a file share served by a Windows Server host. A single with sufficient space for the library needs to be presented to the failover cluster.
These LUNs were created earlier. They have to be added to the Unisphere storage groups assigned to the four hosts that will be used to form the Fabric Management cluster. When the same LUN is added to multiple storage groups, the VNX will display an error message cautioning about the possibility of corrupting data. The clustering software controls access to the LUNs, so that is acceptable.
Within EMC Unisphere navigate to Hosts > Storage Groups. Select the storage group for one of the servers and click Connect LUNs. |
|
In the Show LUNs drop-down list, select Not in other Storage Groups for the first server. Select each of the LUNs individually and click the Add button to add them to the storage group. |
|
When the three LUNs have been selected and added, click OK to add the LUNs to the storage group. |
|
Repeat the previous steps for each of the other storage groups for the cluster nodes. In the Show LUNs drop-down list, select All. This will cause a warning about including in storage in multiple groups. Click OK on the warning. Select the same three LUNs in the previous steps and add to each storage group. |
Before you can test and form the cluster, it is necessary to format the shared LUNs as NTFS volumes. Perform the following steps on only one node of the cluster to format the LUN.
u Perform these steps on only ONE of the Hyper-V servers that will be part of the cluster or from the configuration workstation. |
|
From the Server Manager window, right-click All Servers and select Add Servers. |
|
On the Add Servers window, enter the prefix of the name of the Hyper-V hosts into Name (CN) and click Find Now. Select the servers and click the arrow in the middle of the screen to move them to the Selected portion of the screen. Click OK to continue. |
|
Click the arrow at the end of File and Storage Services and click Disks. |
|
Working on only a single server, right-click each disk that is listed as Offline and select Bring Online. You will receive a warning message about potential data loss if this disk is online on another server. Click Yes to acknowledge the warning and bring the disk online. |
|
Right-click the first Unknown disk and select Initialize. You will receive a warning message about initialization erasing all data. Click Yes to acknowledge the warning and start the initialization. Repeat for all the disks labeled Unknown. When complete, all disks should show a Partition of GPT. |
|
Right-click the first disk and select New Volume. Click Next on the New Volume Wizard splash screen. |
|
On the Select the server and disk window, first click the server owning the disk and then click a disk. Click Next to continue. |
|
On the Specify the size of the volume, accept the default (maximum) and click Next to continue. |
|
On the Assign to a drive letter or folder window, select Don’t assign to a drive letter or folder radio button. Due to the nature of how these disks will be used, none should have a drive letter. Click Next to continue. |
|
On the Select file system settings window, leave File system as NTFS. For Allocation unit size leave as Default. Enter a meaningful Volume label for the selected volume, which can be useful in debugging. Click Next to continue. |
|
On the Confirm selections window, review the settings to Make sure they are correct. Click Create to create the volume. |
|
On the Completion window, click Close when the creation is complete. Repeat the volume creation steps for all disks. |
|
When volumes have been created on all the disks, right-click each data disks and select Take Offline. |
After the disks have been initialized and formatted, it is a good practice to go through each server that will be part of the cluster to make sure the disks can be brought online on each node. If you cannot bring the disks online on every server that will be part of the cluster, check your zoning and masking. After bringing the disk online, take it offline before creating the cluster.
Run the Cluster Validation Wizard by issuing the following PowerShell cmdlet: Test-Cluster VMHost-Mgmt01, VMHost-Mgmt02, VMHost-Mgmt03, VMHost-Mgmt04 |
|
It is not uncommon to have errors or warnings. The first run in the screen shot at the right shows a message of HadFailures. Failures must be fixed before creating the cluster. The second run shows a test run with no failures, but there were some warnings. Upon investigation, it was determined that the warnings were expected and the cluster can be created. In both cases, the last line of the report shows the name of the file that contains the complete output from the validation wizard. The third run shows a test run with no warnings or errors. |
From Server Manager, launch the Failover Cluster Manager from Tools > Failover Cluster Manager. Alternatively, from PowerShell, issue the command Cluadmin. |
Alternatively, the cluster can be created with the following PowerShell cmdlet: New-Cluster –Name <ClusterName> -Node <node1>, <node2>, <node3>, <node4> -StaticAddress <clusterIP> |
In the Management section of the Failover Cluster Manager, select Create Cluster… This launches the Create Cluster Wizard. On the Before You Begin window, click Next to continue. |
|
On the Select Servers window, enter either the FQDN or NetBIOS names of the servers to form the cluster. Click Next to continue. |
|
On the Access Point for Administering the Cluster window, enter a name in the Cluster Name field. (The name must be 15 characters or less in length). If you are not using DHCP for address assignment, you will be prompted to enter an IP address for the Cluster Name Object. The cluster name and IP address will be registered in DNS and the cluster name will be registered in Active Directory. Click Next to continue. |
|
Check your answers on the Confirmation window. Make sure the check box by Add all eligible storage to the clusters checked. Click Next to create the cluster. Click Finish on the Summary window. If any errors occurred, they would be listed on the Summary window. They would need to be resolved before continuing. |
|
After the cluster is formed, you will most likely see a warning. Click the warning and it will list an Event ID 1222. When you create a cluster, a Cluster Name Object (CNO) is created in Active Directory. By default, this object is not protected from accidental deletion. Cluster Computer objects that are not protected from accidental deletion have no adverse effect on the functionality of the cluster. If you are not concerned about the unintentional deletion of Cluster Computer objects, you can safely ignore this warning. If you wish to protect the object from accidental deletion, see the listed article. |
http://support.microsoft.com/kb/2770582 |
The cluster automatically selects the smallest disk and assigns it the role of Disk Witness. The other disks are added into the cluster as Available Storage, meaning they have not been assigned to any specific role or resource group within the cluster. Additionally, the disks have generic names of Disk 1, Disk 2, Disk 3, etc. Using the Failover Cluster Manager console, the disk names can be changed to something meaningful and the data disks can be assigned as Cluster Shared Volumes for use by the virtual machines.
From the Failover Cluster Manager console, expand the cluster, expand the Storage, and click Disks. |
|
Click the first disk. Under the list of disks, you will see information about the selected disk, including the name you assigned when you formatted the disk. |
|
Right-click the disk and select Properties. Change the name to reflect the name you assigned when you formatted the disk. Click OK to continue. Repeat on all other disks to rename them. |
|
Right-click the first disk that is shows in the Assigned To column as Available Storage and select Add to Cluster Shared Volumes. Repeat for the other Available Storage volumes. |
Multiple networks have been defined for specific usage within the cluster – Mgmt, CSV, SMB, and Live Migration. The cluster has different capabilities that can be assigned to each network, and during the creation of the cluster, the cluster assigns certain capabilities. However, those do not always match what we want. We need to make sure the capabilities are properly assigned.
The cluster build process assigns default names to the NICs. For documentation and debugging purposes, it is recommended to assign meaningful names to the NICs.
There are several defaults assigned by the cluster build process.
· The network that was assigned during the configuration is used for cluster communication and client access. This is what we want.
· All networks are available for Live Migration. We want to make sure the network we defined for Live Migration is the only one configured.
· All networks, except the one assigned during the configuration, are defined to allow cluster communication. We do not want cluster communication on the Live Migration and SMB networks.
The desired changes can be handled through the Failover Cluster Manager console or through PowerShell. The following sample script shows how to take care of all the above steps using a few PowerShell cmdlets. Names and IP addresses will need to be changed to reflect the customer environment.
# Rename cluster NICs based upon IP address
(Get-ClusterNetwork –Cluster VMHost-Clus01 | ? {$_.Address -like "192.168.10.*"}).Name = "Mgmt"
(Get-ClusterNetwork –Cluster VMHost-Clus01 | ? {$_.Address -like "192.168.11.*"}).Name = "LiveMigration"
(Get-ClusterNetwork –Cluster VMHost-Clus01 | ? {$_.Address -like "192.168.12.*"}).Name = "CSV"
(Get-ClusterNetwork –Cluster VMHost-Clus01 | ? {$_.Address -like "192.168.17.*"}).Name = "SMB"
# Set cluster network roles based on cluster NIC names set in previous step
(Get-ClusterNetwork –Cluster VMHost-Clus01 -Name "Mgmt").Role = 3
(Get-ClusterNetwork –Cluster VMHost-Clus01 -Name "LiveMigration").Role = 0
(Get-ClusterNetwork –Cluster VMHost-Clus01 -Name "CSV").Role = 1
(Get-ClusterNetwork –Cluster VMHost-Clus01 -Name "SMB").Role = 0
# Set the Live Migration network by excluding all other networks
Invoke-Command –Computer VMHost-Mgmt01 {Get-ClusterResourceType -Name "Virtual Machine" | Set-ClusterParameter -Name MigrationExcludeNetworks -Value ([String]::Join(";",(Get-ClusterNetwork | Where-Object {$_.Name -ne "LiveMigration"}).ID))}
The following steps show how to perform the changes through the Failover Cluster Manager console.
Navigate to Networks. Click a network in the Networks pane. In the information pane below you will see the subnet assigned to the selected network. This is used to determine what changes need to be made. |
|
Right-click a network and select Properties. |
|
Change the Name of the network to reflect its purpose. Set the usage to the following: · Mgmt – Allow cluster and client communication · CSV – Allow cluster communication · SMB – Do not allow cluster communication · LiveMigration – Do not allow cluster communication Click OK to continue. Repeat for each network. |
|
In the Actions pane, click Live Migration Settings… |
|
In the Live Migration Settings window, clear the check box for all networks except the Live Migration network. Click OK to continue. |
There are three defaults Hyper-V settings that need to be changed. The following PowerShell script makes the changes. Note that the virtual hard disk path and virtual machine path use the share created earlier.
Set-VMHost –ComputerName VMHost-Mgmt01 -EnableEnhancedSessionMode $true -VirtualHardDiskPath \\VNX5400-SMB\FabMgmtVMs -VirtualMachinePath \\VNX5400-SMB\FabMgmtVMs
Set-VMHost –ComputerName VMHost-Mgmt02 -EnableEnhancedSessionMode $true -VirtualHardDiskPath \\VNX5400-SMB\FabMgmtVMs -VirtualMachinePath \\VNX5400-SMB\FabMgmtVMs
Set-VMHost –ComputerName VMHost-Mgmt03 -EnableEnhancedSessionMode $true -VirtualHardDiskPath \\VNX5400-SMB\FabMgmtVMs -VirtualMachinePath \\VNX5400-SMB\FabMgmtVMs
Set-VMHost –ComputerName VMHost-Mgmt04 -EnableEnhancedSessionMode $true -VirtualHardDiskPath \\VNX5400-SMB\FabMgmtVMs -VirtualMachinePath \\VNX5400-SMB\FabMgmtVMs
The same setting can be performed by individually selecting each host in Hyper-V Manager and altering the Enhanced Session Mode Policy, Virtual Hard Disks, and Virtual Machine settings.
It is also necessary to configure the access rights to the SMB share on which the VMs will be stored.
Launch Computer Management. Right-click the top of the navigation tree and select Connect to another computer …
|
|
In the Select Computer dialog window, enter the name of the VNX SMB server. Click OK.
|
|
Navigate to System Tools > Shared Folders > Shares. Right-click the SMB share for VM storage and select Properties.
|
|
On the Properties dialog window click Add …
|
|
In the selection dialog window, click the Object Types… button.
|
|
In the Object Types dialog window, check the box by Computers. Click OK.
|
|
Back in the selection window enter the prefix for the fabric management hosts. Click OK.
|
|
A window will display showing all the computers found, including the cluster name (if you named it similarly). Select all the computer names and the cluster name and click OK.
|
|
Back on the Properties dialog window, select each principal added and click the Full Control box. Continue by adding the VSPEX\Domain Admins security group and granting them Full Control. Click OK.
|
Cluster Aware Updating (CAU) allows you to update clustered servers with little or no loss in availability during the update process. During an Updating Run, CAU does the following:
· Transparently puts each node of the cluster into node maintenance mode
· Temporarily fails over the clustered roles off it to other nodes
· Installs the updates and any dependent updates on the first node
· Performs a restart if necessary
· Brings the node back out of maintenance mode
· Fails back the original clustered roles back onto the node
· Proceeds to update the next node
CAU is one of the Failover Clustering tools that are installed with the Failover Clustering feature. After you have configured the cluster, all that is left is to configure CAU. Configuration can be accomplished either through the GUI or through PowerShell. The following steps illustrate how to configure the tool through the GUI. The last step shows the PowerShell command.
For this example, the CAU is configured to be self-updating, meaning that it will automatically update itself based on the schedule created. Since Microsoft publishes patches on the second Tuesday of each month, this schedule is being configured to run on the third Tuesday of each month, providing time for the patches to be tested before they are automatically applied.
From Server Manager start by selecting Tools > Cluster Aware Updating. |
|
On the Connect to a failover cluster window, enter the name of the infrastructure cluster and click the Connect button. It will list the nodes of the cluster and show that none of the nodes has run CAU. Click Configure cluster self-updating options. Click Next on the Getting Started window. |
|
On the Add CAU Clustered Role with Self-Updating Enabled window, click the check box by Add the CAU clustered role, with self-updating mode enabled to this cluster. Click Next to continue. |
|
On the Specify self-updating schedule window, select the radio button by Monthly. Enter a Starting date that begins on a third Tuesday of the month sometime in the future. You can leave the other default entries unless you want to change them. Click Next to continue. |
|
On the Advanced Options window you have the option to alter how to apply patches. Click Next to continue. |
|
On the Additional Update Options window, select the check box by Give me recommended updates the same way that I receive important updates if that is the policy in your organization. Click Next to continue. |
|
On the Confirmation window, review your entries. When satisfied with the entries, click Apply to continue. The clustered role will be added to the cluster with the settings you provided. On the Completion window, click Close upon successful completion. |
|
This PowerShell command accomplishes the same steps as shown above. Add-CauClusterRole -ClusterName VMHost-MgmtClus -Force -CauPluginName Microsoft.WindowsUpdatePlugin -MaxRetriesPerNode 3 -CauPluginArguments @{ 'IncludeRecommendedUpdates' = 'True' } -StartDate "2/10/2015 3:00:00 AM" -DaysOfWeek 4 -WeeksOfMonth @(3) -EnableFirewallRules; |
Delegation is a feature that allows one computer to act on behalf of another computer. By default, many such functions are disallowed for security reasons. If you perform actions on a given computer, it is acting on its behalf and those functions will work.
In order for the cluster nodes to perform file functions on the EMC VNX5400, it is necessary to configure the hosts to delegate certain functions to the file service of the VNX. In addition, if you plan to continue managing the environment from a management workstation instead of moving from host to host to perform functions, it will be necessary to configure Constrained Delegation. If you try to use a remote management tool, such as the Remote Server Administration Toolkit (RSAT), to perform the same function, you have another computer initiating an action that is performed on another computer. Some of those functions will generate an access violation. Constrained Delegation allows for selecting specific functions (the ‘constrained’ part) to be delegated.
In the following example, a management workstation (Mgmt) also serves as a file server to hold ISO files for software installation. Mgmt is configured with RSAT, so it can run the Failover Cluster Manager console and the Hyper-V Manager console, among others. Constrained delegation needs to be configured on both the Hyper-V hosts and on the Mgmt workstation to allow for the remote management.
On your domain controller (or a system that has the proper Remote Server Administration Tools installed), launch Active Directory Users and Computers. Expand your domain and expand Computers. Right-click one of the Hyper-V nodes and select Properties. |
|
On the Delegation tab, click the radio button by Trust this computer for delegation to specified service only. Select the radio button by Use any authentication protocol. Click the Add… button. |
|
On the Add Services window, click the Users or Computers… button. Select the VNX SMB file server in the Select Users or Computers window. Click OK to show the list of services available for the selected server. Select the cifs service and click OK to continue.
|
|
If you are using any other file server, for example, a share used to store ISO images for building systems, is defined on the Mgmt workstation. Repeat these steps for the file server, with results as shown in the screenshot. Repeat these steps for each node of the cluster.
|
|
The management workstation requires a slightly different configuration. Following the above steps, delegate the following: · Cluster Name and each node of the cluster – cifs · Each node of the cluster – Microsoft Virtual Console Service Additionally, configure the management workstation to use any authentication protocol. |
One of the features of Hyper-V is the ability to asynchronously replicate virtual machines to another Hyper-V server. In order to replicate from a Failover Cluster it is necessary to configure a Hyper-V Replica Broker on the cluster.
Navigate to the cluster in the Failover Cluster Manager console. Right-click the cluster and select Configure Role… Click Next on the Before You Begin window.
|
|
On the Select Role window, select Hyper-V Replica Broker. Click Next.
|
|
On the Client Access Point window, enter a name for the client access point and an IP address. Click Next. |
|
On the Confirmation window, review your inputs. Click Next.
|
|
On the Summary window, click Finish.
|
The PLA patterns at a high level include the concept of a compute, storage, and network Fabric. This is logically and physically independent from components such as System Center, which provide Fabric Management.
Figure 6 Components of the Microsoft Private Cloud
The Fabric is typically the entire compute, storage, and network infrastructure, consisting of one or more capacity clouds (sometimes referred as Fabric resource pools) that carry characteristics like delegation of access and administration, SLAs, and cost metering. The Fabric is usually implemented as Hyper-V host clusters or stand-alone hosts managed by the System Center infrastructure.
For private cloud infrastructures, a Fabric capacity cloud constitutes of one or more scale units. In a modular architecture, the concept of a scale unit refers to the point to which a module in the architecture can be consumed (for example, scale) before another module is required. A scale unit can be as small as an individual server because it provides finite capacity, and CPU and random access memory (RAM) resources can be consumed up to a certain point. However, when it is consumed up to its maximum capacity, an additional server is required to continue scaling.
Each scale unit also has an associated amount of physical installation and configuration labor. With larger scale units, like a preconfigured full rack of servers, the labor overhead can be minimized. Thus, larger scale units may be more effective from the standpoint of implementation costs. However, it is critical to know the scale limits of all components, both hardware and software, when determining the optimum scale units for the overall architecture.
Scale units allow the documentation of all the requirements (for example, space, power, heating, ventilation and air conditioning (HVAC), and connectivity) that are needed for implementation.
Fabric management is the concept of treating discrete capacity clouds as a single Fabric. Fabric Management allows centralizing and automating complex management functions that can be carried out in a highly standardized, repeatable fashion to increase availability and lower operational costs.
In order to properly size Fabric Management host systems, the following table outlines the virtual machines (and their default configurations) that are deployed to compose the fabric management component architecture. These virtual machines are hosted on a dedicated four-node Hyper-V failover cluster.
These virtual machines serve as the basis for fabric management operations. The following table summarizes the fabric management virtual machine requirements by the System Center component that supports the product or operating system role.
Note: All VMs except the Service Manager Portal are Windows Server 2012 R2 and the Cisco Nexus 1000V VMs. Service Manager Portal is Windows Server 2008 R2 SP1. Cisco Nexus 1000V is Cisco’s Nx-OS.
Additional information about preferred host to run the VM for load balancing purposes, start priority of the VM when the cluster starts, and anti-affinity (make sure two VMs do not run the same node) are also included to show the settings of a sample PowerShell script that can be used to build the VMs.
Table 15 VM Configuration Summaries
Component Roles |
VM Name |
vCPU |
RAM (GB) |
VHD (GB) |
vNICs |
Preferred Hosts |
Start Priority |
Anti-Affinity |
SQL Server Cluster Node 1 |
SQL01 |
16 |
32 |
60 |
SC-database SC-SMB |
Node1 Node2 |
High |
SQL01 |
SQL Server Cluster Node 2 |
SQL02 |
16 |
32 |
60 |
SC-database SC-SMB |
Node2 Node3 |
High |
SQL02 |
SQL Server Cluster Node 3 |
SQL03 |
16 |
32 |
60 |
SC-database SC-SMB |
Node3 Node4 |
High |
SQL01 |
SQL Server Cluster Node 4 |
SQL04 |
16 |
32 |
60 |
SC-database SC-SMB |
Node4 Node1 |
High |
SQL02 |
Virtual Machine Manager |
SCVMM01 |
4 |
8 |
60 |
SC-access SC-database |
Node1 Node2 |
High |
SCVMM |
Virtual Machine Manager |
SCVMM02 |
4 |
8 |
60 |
SC-access SC-database |
Node3 Node4 |
High |
SCVMM |
App Controller |
SCAC01 |
4 |
8 |
60 |
SC-access SC-database |
Node1 Node3 |
Low |
$null |
Operations Manager Management Server |
SCOM01 |
8 |
16 |
60 |
SC-access SC-database |
Node1 Node2 |
Medium |
SCOM |
Operations Manager Management Server |
SCOM02 |
8 |
16 |
60 |
SC-access SC-database |
Node3 Node4 |
Medium |
SCOM |
Operations Manager Reporting Server |
SCOM03 |
8 |
16 |
60 |
SC-access SC-database |
Node2 Node4 |
Low |
$null |
Orchestrator Runbook / Deployment Server |
SCO01 |
4 |
8 |
60 |
SC-access SC-database |
Node1 Node2 |
Low |
SCO |
Orchestrator supplemental Runbook Server |
SCO02 |
4 |
8 |
60 |
SC-access SC-database |
Node3 Node4 |
Low |
SCO |
Service Provider Foundation Server |
SCSPF01 |
2 |
4 |
60 |
SC-access SC-database |
Node3 Node1 |
Low |
SCSPF |
Service Provider Foundation Server |
SCSPF02 |
2 |
4 |
60 |
SC-access SC-database |
Node4 Node2 |
Low |
SCSPF |
Service Management Automation Server |
SCSMA01 |
2 |
4 |
60 |
SC-access SC-database |
Node3 Node1 |
Medium |
SCSMA |
Service Management Automation Server |
SCSMA02 |
2 |
4 |
60 |
SC-access SC-database |
Node4 Node2 |
Medium |
SCSMA |
Service Manager Management Server |
SCSM01 |
4 |
16 |
60 |
SC-access SC-database |
Node1 Node2 |
Low |
$null |
Service Manager Data Warehouse |
SCSM02 |
8 |
16 |
60 |
SC-access SC-database |
Node3 Node4 |
Low |
$null |
Service Manager Portal (Windows Server 2008 R2) |
SCSM03 |
8 |
16 |
60 |
SC-access SC-database |
Node2 Node4 |
Low |
$null |
Server Reporting Server |
SCRS01 |
4 |
16 |
60 |
SC-access SC-database |
Node4 Node1 |
Low |
$null |
WAP management portal for Tenants |
WAP01 |
2 |
4 |
60 |
SC-access SC-database |
Node1 Node3 |
Low |
WAP01 |
WAP management portal for Tenants |
WAP01b |
2 |
4 |
60 |
SC-access SC-database |
Node2 Node4 |
Low |
WAP01 |
WAP Tenant Authentication |
WAP02 |
2 |
4 |
60 |
SC-access SC-database |
Node1 Node3 |
Low |
WAP02 |
WAP Tenant Authentication |
WAP02b |
2 |
4 |
60 |
SC-access SC-database |
Node2 Node4 |
Low |
WAP02 |
WAP Tenant public API |
WAP03 |
2 |
4 |
60 |
SC-access SC-database |
Node1 Node3 |
Low |
WAP03 |
WAP Tenant public API |
WAP03b |
2 |
4 |
60 |
SC-access SC-database |
Node2 Node4 |
Low |
WAP03 |
WAP Tenant API |
WAP04 |
2 |
4 |
60 |
SC-access SC-database |
Node1 Node3 |
Low |
WAP04 |
WAP Tenant API |
WAP04b |
2 |
4 |
60 |
SC-access SC-database |
Node2 Node4 |
Low |
WAP04 |
WAP Admin API |
WAP05 |
2 |
4 |
60 |
SC-access SC-database |
Node1 Node3 |
Low |
WAP05 |
WAP Admin API |
WAP05b |
2 |
4 |
60 |
SC-access SC-database |
Node2 Node4 |
Low |
WAP05 |
WAP management portal for Admins |
WAP06 |
2 |
4 |
60 |
SC-access SC-database |
Node3 Node1 |
Low |
$null |
WAP Admin Authentication |
WAP07 |
2 |
4 |
60 |
SC-access SC-database |
Node4 Node2 |
Low |
$null |
Infrastructure (SMI-S Agent) |
SCInfra01 |
2 |
4 |
60 |
SC-access |
Node2 Node4 |
Low |
$null |
Hyper-V Network Virtualization Gateway |
HNVGW01 |
2 |
8 |
60 |
SC-access |
Node3 Node4 |
High |
HNVGW |
Hyper-V Network Virtualization Gateway |
HNVGW02 |
2 |
8 |
60 |
SC-access |
Node4 Node1 |
High |
HNVSW |
Cisco Nexus 1000V VSM 1 |
N1KV-VSM01 |
1 |
4 |
4 |
Mgmt |
Node2 Node3 |
High |
N1KV |
Cisco Nexus 1000V VSM 2 |
N1KV-VSM02 |
1 |
4 |
4 |
Mgmt |
Node4 Node1 |
High |
N1KV |
|
|
|
|
|
||||
Totals |
|
172 |
372 GB |
2108 GB |
|
|
|
|
One of the features of Windows Server 2012 R2 Failover Clustering is dynamic quorum. This gives the administrator the ability to automatically manage the quorum vote assignment for a node, based on the state of the node. When a node shuts down or crashes, the node loses its quorum vote. When a node successfully rejoins the cluster, it regains its quorum vote. By dynamically adjusting the assignment of quorum votes, the cluster can increase or decrease the number of quorum votes that are required to keep running. This enables the cluster to maintain availability during sequential node failures or shutdowns.
It is critical the Fabric Management cluster be available at all times. Therefore, this design includes a minimum of four nodes for the Fabric Management cluster. This helps ensure that even if a node is down for maintenance, for example, applying a patch, the remaining nodes will continue to provide a highly available environment with the remaining three nodes. Therefore, should an unexpected hardware or software failure occur while one node is down due to planned maintenance, the remaining components of the cluster will continue their operations. The following picture shows a typical configuration of the cluster just before taking the fourth node down for maintenance.
Figure 7 Management Cluster
Following the steps in the previous chapter, you created a four-node Windows Server Failover Cluster using the EMC VNX5400 for shared storage.
When creating a master image for the virtual machines, a timesaving process is to make copies of this image to build each of the required infrastructure servers running as virtual machines. Therefore, additional virtual machines can be created by making copies of this master image. Either the Failover Cluster Manager console or PowerShell can be used to create the additional virtual machines.
The following instructions detail how to create the first VM that will be sysprepped for use in creating all the VMs.
Note: If you are using the management workstation, configure Constrained Delegation according to the instructions of this guide,
Open the Failover Cluster Manager console. Right-click Roles, select Virtual Machines…, and then select New Virtual Machine… |
|
Select one of the nodes as the target for the VM. Click Next to continue, and click Next on the Before You Begin page. |
|
On the Specify Name and Location page, enter a Name for the master virtual machine. Even if you changed the default storage location, select the check box for Store the virtual machine in a different location. If you did not previously change the default storage location, in the Location field, enter the share name for storing the VM’s files. Checking this box helps ensure each VM and its related files are stored in its own directory sub-tree. Click Next to continue. |
|
On the Specify Generation page, select the radio button by Generation 2. Click Next to continue. |
|
On the Assign Memory page, enter 2048 as the amount of memory. Click Next to continue. |
|
On the Configure Networking page, select the appropriate network that will allow access to the network for updating. Click Next to continue. |
|
On the Connect Virtual Hard Disk page, enter 60 as the size of the virtual hard disk. Click Next to continue. |
|
On the Installation Options page, select the radio button by Install an operating system from a bootable image file. Browse to the location where you have stored the Windows installation media and select it. Click Next to continue. |
|
On the Completing the New Virtual Machine Wizard, review your entries. If satisfied, click Finish to create the VM. Click Finish on the Summary page that appears after successful completion. |
|
In the Failover Cluster Manager console, right-click the virtual machine and select Settings… |
|
On the Settings page, click Network Adapter under Hardware. Select the check box for VLAN ID and enter the appropriate VLAN tag. Click Apply to save the change. |
|
Click the Firmware selection. Under Boot order, make sure the DVD Drive is at the top of the list. Click Apply to save the change. |
|
Optional. The build process will run faster if you increase the number of virtual processors to 2. Click Processor and change the number of virtual processors to 2. Click OK to save the changes. |
|
In the Failover Cluster Manager console, right-click the virtual machine and select Connect… |
|
In the Connection window, click the Start icon to start the installation. |
|
When the Press any key to boot from CD or DVD . . . . . . message appears, press any key to have the system boot.
Note: The virtual machine is created as a Generation 2 VM, which means that it is going to perform a UEFI boot. The Press any key message does not display very long; you have to get it quickly. If you miss, stop and start the VM again. |
|
The installation of Windows Server 2012 R2 will begin. Perform the installation. |
|
When the installation completes, you should follow procedures similar to those provided earlier for the physical host, including updating with latest patches, configuring for remote management, and installing any customer-specific utilities and tools. This machine does not have to be joined to the domain. Sysprepping removes domain information.
Many of the infrastructure servers require the .NET Framework 3.5 Features. The following steps demonstrate how to add this feature to the image before sysprepping it. This will save time while configuring the VMs that require this feature as you will not have to install it each time it is needed. This is not required, but it is a time-saver.
From the Failover Cluster Manager console, make sure the Windows installation media is still mounted to the VM. Log into the VM. |
|
Issue the PowerShell cmdlet as seen to the right. Alternatively, the feature can be installed through Server Manager, as follows. |
Install-WindowsFeature –Name Net-FrameWork-Core –Source D:\Sources\sxs |
From the Server Manager console, select Manage > Add Roles and Features. Click Next on the Before You Begin page. |
|
On the Select installation type page, click the radio button to select Role-based or feature-based installation. Click Next to continue. Click Next on subsequent pages until you get to the Select Features page. |
|
On the Select Features page, select the check box by .NET Framework 3.5 Features. Click Next to continue. |
|
On the Confirm installation selections page, click Specify and alternate source path. |
|
On the Specify Alternate Source Path page, enter the path to the location on the Windows installation media where the sources for .NET Framework 3.5 can be found. These are found in the \Sources\SXS directory on the installation media. Click OK when the proper path has been entered. |
|
Back on the Confirm installation selections page; click the check box for Restart the destination server automatically if required. Click OK on the informational window that display. Click Install to in |
|
An Installation progress page will display to show the progress. Click the Close button when the installation is complete. |
When the above preparations have been completed, eject the Windows Server installation media, and sysprep the VM. The VM hard disk file can be copied and used as the basis for configuring the rest of the infrastructure server VMs (except for the Service Manager Portal, which requires Windows Server 2008 R2 SP1).
To sysprep the VM enter the following command in an elevated PowerShell or command window:
\Windows\System32\sysprep\sysprep /generalize /oobe /shutdown
This will sysprep the image and shut it down so the virtual hard disk can be copied for new machines.
To minimize the time required to copy the sysprepped VHDX file, it can be optimized with the following sample PowerShell cmdlets. This optimizes the allocation of space used by virtual hard disk files, except for fixed virtual hard disks.
Mount-VHD -Path "<path>GoldMasterVM-2012R2.vhdx" -NoDriveLetter -ReadOnly
Optimize-VHD -Path "<path>GoldMasterVM-2012R2.vhdx" -Mode Full
Dismount-VHD -Path "<path>GoldMasterVM-2012R2.vhdx"
Below are abbreviated instructions, very similar to above, for creating the infrastructure virtual machines by using the Failover Cluster Manager console. Following these instructions for creating a virtual machine from the sysprepped image are the PowerShell commands that perform the same function.
Follow the above steps for creating a virtual machine within the Failover Cluster Manager console. Use the memory, NIC, and CPU values from the table to configure the VMs correctly. On the Connect Virtual Hard Disk page, select the radio button by Attach a virtual hard disk later. Click Finish to create the virtual machine. Click Finish on the Summary page when the machine is built. |
|
In Windows Explorer, open the directory of the newly created VM. Create a new directory and name it Virtual Hard Disks. |
|
Copy the sysprepped virtual hard disk into the Virtual Hard Disks directory and rename it to be the same as the name of the VM you are creating. |
|
In the Failover Cluster Manager console, open the Settings… of the VM. Under Management click Integration Services. Check the box by Guest Services. Click Apply to accept the change. |
|
Under Hardware click SCSI Controller. From the right-hand side, select Hard Drive and click Add. |
|
Click the newly created Hard Drive. Browse to the location you just saved and renamed the copy of the sysprepped image and select the file. Click Apply. |
|
Click Firmware. Under Boot order, select the Hard Drive and move it to the top using the Move up button. Click OK to apply the changes. |
|
Modify the Memory and Processor settings to reflect the values from the earlier table. |
|
In the Failover Cluster Manager console, right-click the newly create virtual machine and select Connect. Start the virtual machine. Strike the Enter key to boot into the sysprep mini-setup. |
|
When the mini-setup completes, you have a virtual machine to be used for the infrastructure servers. Repeat to complete all required VMs. |
|
Instead of using the GUI to create all infrastructure VMs, PowerShell can perform the same tasks. The following script can be used to create infrastructure VMs in a cluster. It must be modified to reflect each customer’s environment. The script is supplied as a sample. Neither support nor warranty is implied.
<#
Build the VM definitions for the Private Cloud VMs
W A R N I N G
W A R N I N G
W A R N I N G
This script MUST be run from an elevated PowerShell environment.
The variables in this script should be modified to reflect the customer environment.
The VMs are built onto the cluster to the node designated as the first preferred node.
Input values for each VM include:
- Name / name of VM; also used to construction the VM's directory tree
- Memory / amount of memory to allocate to VM
- vCPUs / number of virtual CPUs to allocate to VM
- vNIC1 / first virtual NIC to assign to VM
- vLANtag1 / VLAN to associate with vNIC1
- vNIC2 / second virtual NIC to assign to VM
- vLANtag2 / VLAN to associate with vNIC2
- VMhostName1 / initial host to which the VM is deployed. First of two preferred owners.
- VMhostName2 / Second preferred owner
- VM location / path to storage root
- Start priority / NoAutoStart, Low, Medium, High
- Anti-affinity / character string to set anti-affinity between two VMs (simplistic implementation)
There are some special values associated with vNIC and vLANtag entries.
$vNICnull -- Do not assign a vNIC
$vLANnull -- do not assign a VLAN tag to the vNIC
$vNoSwitch -- used in place of the vLANtag entry to mean to create the vNIC but do not assign to a virtual switch
#>
# Static values – DO NOT ALTER
$noAutoStart = 0
$low = 1000
$medium = 2000
$high = 3000
# Variables to be edited for the customer environment
# Virtual Switch Names and VLAN IDs
$vNIC1 = "SC-access"
$vNIC2 = "SC-database"
$vNIC3 = "SC-SMB"
$vNIC4 = “T1-access”
$vNICnull = $null
$vLAN1 = "20"
$vLAN2 = "22"
$vLAN3 = "17"
$vLAN4 = “1000”
$vLANnull = $null
$vNoSwitch = "NoSwitch" # Create vNIC but do not assign to vSwitch
$smb = "\\VNX5400-SMB\FabMgmtVMs\"
$csv = “C:\ClusterStorage\Volume2\"
$templateSource = "\\VNX5400-SMB\FabMgmtVMs\GoldMasterVM-2012R2\Virtual Hard Disks\GoldMasterVM-2012R2.vhdx"
$VHD = "\Virtual Hard Disks\"
$vmHost1 = "VMHost-Mgmt01"
$vmHost2 = "VMHost-Mgmt02"
$vmHost3 = "VMHost-Mgmt03"
$vmHost4 = "VMHost-Mgmt04"
$vmCluster = "VMHost-MgmtClus"
# Since good practice would have the sysprepped disk read-only,
# this variable is used to reset the file after copying.
New-Variable -Name read_only -Value 1 -Option readonly
# Virtual Machine information
# Name, Memory, vCPUs, vNIC1, vLANtag1, vNIC2, vLANtag2, VMhostName1, VMHostName2, destination, start priority, anti-affinity)
$VMArray = @()
# Guest Clustering
$VMArray +=, ("SQL01", 32768MB, 16, $vNIC2, $vLAN2, $vNIC3, $vLAN3, $vmHost1, $vmHost2, $smb, $high, "SQL01")
$VMArray +=, ("SQL02", 32768MB, 16, $vNIC2, $vLAN2, $vNIC3, $vLAN3, $vmHost2, $vmHost3, $smb, $high, "SQL02")
$VMArray +=, ("SQL03", 32768MB, 16, $vNIC2, $vLAN2, $vNIC3, $vLAN3, $vmHost3, $vmHost4, $smb, $high, "SQL01")
$VMArray +=, ("SQL04", 32768MB, 16, $vNIC2, $vLAN2, $vNIC3, $vLAN3, $vmHost4, $vmHost1, $smb, $high, "SQL02")
$VMArray +=, ("SCVMM01", 8192MB, 4, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost1, $vmHost2, $smb, $high, "SCVMM")
$VMArray +=, ("SCVMM02", 8192MB, 4, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost3, $vmHost4, $smb, $high, "SCVMM")
$VMArray +=, ("HNVGW01", 8096MB, 2, $vNIC1, $vNoSwitch, $vNIC4, $ vNoSwitch, $vmHost2, $vmHost3, $smb, $high, "HNVGW")
$VMArray +=, ("HNVGW02", 8096MB, 2, $vNIC1, $vNoSwitch, $vNIC4, $ vNoSwitch, $vmHost4, $vmHost1, $smb, $high, "HNVGW")
# Native Application HA
$VMArray +=, ("SCOM01", 16384MB, 8, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost1, $vmHost2, $smb, $medium, "SCOM")
$VMArray +=, ("SCOM02", 16384MB, 8, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost3, $vmHost4, $smb, $medium, "SCOM")
$VMArray +=, ("SCO01", 8192MB, 4, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost1, $vmHost2, $smb, $medium, "SCO")
$VMArray +=, ("SCO02", 8192MB, 4, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost3, $vmHost4, $smb, $medium, "SCO")
#Load Balanced
$VMArray +=, ("WAP01", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost1, $vmHost3, $smb, $low, "WAP01")
$VMArray +=, ("WAP01b", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost2, $vmHost4, $smb, $low, "WAP01")
$VMArray +=, ("WAP02", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost1, $vmHost3, $smb, $low, "WAP02")
$VMArray +=, ("WAP02b", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost2, $vmHost4, $smb, $low, "WAP02")
$VMArray +=, ("WAP03", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost1, $vmHost3, $smb, $low, "WAP03")
$VMArray +=, ("WAP03b", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost2, $vmHost4, $smb, $low, "WAP03")
$VMArray +=, ("WAP04", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost1, $vmHost3, $smb, $low, "WAP04")
$VMArray +=, ("WAP04b", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost2, $vmHost4, $smb, $low, "WAP04")
$VMArray +=, ("WAP05", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost1, $vmHost3, $smb, $low, "WAP05")
$VMArray +=, ("WAP05b", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost2, $vmHost4, $smb, $low, "WAP05")
$VMArray +=, ("SCSPF01", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost3, $vmHost1, $smb, $low, "SCSPF")
$VMArray +=, ("SCSPF02", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost4, $vmHost2, $smb, $low, "SCSPF")
$VMArray +=, ("SCSMA01", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost3, $vmHost1, $smb, $medium, "SCSMA")
$VMArray +=, ("SCSMA02", 4096MB, 2, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost4, $vmHost2, $smb, $medium, "SCSMA")
# Host Clustering
$VMArray +=, ("SCAC01", 8192MB, 4, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost1, $vmHost3, $smb, $low, $null)
$VMArray +=, ("SCOM03", 16384MB, 8, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost2, $vmHost4, $smb, $low, $null)
$VMArray +=, ("SCRS01", 16384MB, 4, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost4, $vmHost1, $smb, $low, $null)
$VMArray +=, ("SCSM01", 16384MB, 4, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost1, $vmHost2, $smb, $low, "SCSM")
$VMArray +=, ("SCSM02", 16384MB, 8, $vNIC1, $vNoSwitch, $vNIC2, $vLAN2, $vmHost3, $vmHost4, $smb, $low, "SCSM")
$VMArray +=, ("WAP06", 4096MB, 2, $vNIC1, $vNoSwitch, $vNICnull, $vLANnull, $vmHost3, $vmHost1, $smb, $low, $null)
$VMArray +=, ("WAP07", 4096MB, 2, $vNIC1, $vNoSwitch, $vNICnull, $vLANnull, $vmHost4, $vmHost2, $smb, $low, $null)
$VMArray +=, ("SCInfra01", 4096MB, 2, $vNIC1, $vNoSwitch, $vNICnull, $vLANnull, $vmHost1, $vmHost3, $smb, $medium, $null)
#Import required modules
if ((Get-Module | Where {$_.Name -ilike "FailoverClusters"}).Name -ine "FailoverClusters")
{
Write-Host "Loading Module: FailoverClusters"
Import-Module FailoverClusters
}
if ((Get-Module | Where {$_.Name -ilike "ServerManager"}).Name -ine "ServerManager")
{
Write-Host "Loading Module: ServerManager"
Import-Module ServerManager
}
if ((Get-Module | Where {$_.Name -ilike "Hyper-V"}).Name -ine "Hyper-V")
{
Write-Host "Loading Module: Hyper-V"
Import-Module Hyper-V
}
################
# Process all VMs in array
################
For ($i = 0; $i -lt $VMArray.length; $i++)
{
$element = $VMArray[$i]
$vmName = $element[0]
$vmMem = $element[1]
$vmCpu = $element[2]
$vmVnic1 = $element[3]
$vmVlan1 = $element[4]
$vmVnic2 = $element[5]
$vmVlan2 = $element[6]
$vmHostOwner1 = $element[7]
$vmHostOwner2 = $element[8]
$vmPath = $element[9]
$vmStartPriority = $element[10]
$vmAntiAffinity = $element[11]
$vmHost1VMs = Get-VM -Computer $vmHost1
$vmHost2VMs = Get-VM -Computer $vmHost2
$vmHost3VMs = Get-VM -Computer $vmHost3
$vmHost4VMs = Get-VM -Computer $vmHost4
################
# Check for existing VM already running on a host
################
Foreach ($vm in $vmHost1VMs)
{
If ($vm.Name -eq $vmName)
{
Write-Host "Duplicate VM Name - $vmName. Skipping creation"
Break
}
}
Foreach ($vm in $vmHost2VMs)
{
If ($vm.Name -eq $vmName)
{
Write-Host "Duplicate VM Name - $vmName. Skipping creation"
Break
}
}
Foreach ($vm in $vmHost3VMs)
{
If ($vm.Name -eq $vmName)
{
Write-Host "Duplicate VM Name - $vmName. Skipping creation"
Break
}
}
Foreach ($vm in $vmHost4VMs)
{
If ($vm.Name -eq $vmName)
{
Write-Host "Duplicate VM Name - $vmName. Skipping creation"
Break
}
}
Write-Host "`n*********`n* Creating:" $vmName "at" (Get-Date) "`n*********"
$vhdDir = $vmPath + $vmName + $VHD
$dest = $vhdDir + $vmName + ".vhdx"
$vmInfo = New-VM -Name $vmName -Path $vmPath -MemoryStartupBytes $vmMem -NoVhd -Generation 2 -ComputerName $vmHostOwner1
$trash = New-Item -Path $vhdDir -ItemType Directory
copy $templateSource $dest
Get-ChildItem -Path $dest | Where-Object { $_.attributes -match 'readonly' } |
ForEach-Object {$_.attributes = $_.attributes -Bxor $read_only }
$vmInfo | Add-VMHardDiskDrive -ControllerType SCSI -ControllerNumber 0 -Path $dest
$vmInfo | Remove-VMNetworkAdapter -Name "Network Adapter"
$vmInfo | Set-VM -ProcessorCount $vmCpu –AutomaticStopAction Shutdown –AutomaticStartAction Start
$vmInfo | Set-VMProcessor -CompatibilityForMigrationEnabled $true
$vmInfo | Add-ClusterVirtualMachineRole -Cluster $vmCluster
$vmInfo | Enable-VMIntegrationService -Name 'Guest Service Interface'
$vmInfo | Set-VM -AutomaticStopAction ShutDown
$vmClusGrp = Get-ClusterGroup $vmName -Cluster $vmCluster
$vmClusGrp | Set-ClusterOwnerNode -Owners $vmHostOwner1,$vmHostOwner2
$vmClusGrp.AutoFailbackType = 1
$vmClusGrp.Priority = $vmStartPriority
$aaTmp = New-Object System.Collections.Specialized.StringCollection
$aaTmp.Add($vmAntiAffinity) | Out-Null
$vmClusGrp.AntiAffinityClassNames = $aaTmp
If ($vmVlan1 -eq "NoSwitch")
{
$vmInfo | Add-VMNetworkAdapter -Name $vmVnic1
}
Else
{
$vmInfo | Add-VMNetworkAdapter -Name $vmVnic1 -SwitchName $vmVnic1
If ($vmVlan1 -ne $null)
{
$vmInfo | Set-VMNetworkAdapterVlan -Access -VlanId $vmVlan1 -VMNetworkAdapterName $vmVnic1
}
}
If ($vmVlan2 -eq "NoSwitch")
{
$vmInfo | Add-VMNetworkAdapter -Name $vmVnic2
}
Else
{
If ($vmVnic2 -ne $null)
{
$vmInfo | Add-VMNetworkAdapter -Name $vmVnic2 -SwitchName $vmVnic2
If ($vmVlan2 -ne $null)
{
$vmInfo | Set-VMNetworkAdapterVlan -Access -VlanId $vmVlan2 -VMNetworkAdapterName $vmVnic2
}
}
}
}
Write-Host "Completed at:" (Get-Date)
The fabric management components have some machines that back up each other. For example, there are at least four SQL virtual machines and two SCVMM machines. These machines also happen to be configured in failover cluster configurations for high availability. For machines that have a relationship like this, you will want to make sure they are running on separate nodes in the cluster. If all nodes of the SQL cluster were running on a single node of the Hyper-V cluster, and that node failed, SQL would become temporarily unavailable while the VMs are restarted on a surviving node of the cluster. If each VM of the SQL cluster is running on different nodes in the Hyper-V cluster, the loss of a Hyper-V node will have a lesser impact on SQL’s availability because there will be a surviving SQL VMs to continue serving the SQL instances.
To implement this capability requires that you assign preferred owners to those VMs you want to keep separated. It is not required that all VMs be configured with preferred owners, primarily those that are serving the same role. Setting preferred owners is accomplished from within the Failover Cluster Manager console.
In addition, it is possible to help ensure that some VMs are started before others by assigning a priority to those VMs. For example, many of the other VMs use SQL. Therefore, it makes sense that SQL be given a higher priority when it is starting. Other applications, such as a report server, most likely will not be needed as quickly, so it can be configured with a lower priority. Since the settings for preferred owners and priority are located in the same window, examples will be provided here for setting some priorities.
The table at the beginning of this section shows a sample configuration for preferred nodes. The sample PowerShell script for automatically creating the VMs will automatically assign the preferred nodes.
If you did not use the sample PowerShell script to create the Fabric Management VMs, the following steps illustrate the configuration of preferred owners and priority within the Failover Cluster Manager console.
Right-click a virtual machine and select Properties. In the Properties page, select the appropriate preferred owners by clicking the check box by the preferred owner’s name. Select the appropriate priority by making a selection from the drop-down list when you click Priority. Click OK to accept the changes. |
While each System Center 2012 R2 component installation section in this document outlines the individual accounts and groups required for each installation and operation, a short summary is provided in the tables below.
The following Active Directory user accounts are required for the Fast Track System Center 2012 R2 installation:
Table 16 Active Directory User Accounts
Component |
User account |
Suggested name |
Description |
System Center |
Component installation account |
FT-SCInstall |
This optional account is used to install all System Center components. |
SQL Server |
SQL Server instance service account |
FT-SQL-SVC |
This account is used as the service account for all instances of SQL Server used in System Center. |
Operations Manager |
Management server action account |
FT-SCOM-Action |
This account is used to carry out actions on monitored computers across a network connection. |
Operations Manager |
System Center Operations Manager configuration service and data access service account |
FT-SCOM-SVC |
This account is one set of credentials that is used to update and read information in the operational database. Operations Manager verifies that the credentials used for the System Center Operations Manager configuration service and data access service account are assigned to the sdk_user role in the operational database. |
Operations Manager |
Data Warehouse write account |
FT-SCOM-DW |
The Data Warehouse write account writes data from the management server to the reporting Data Warehouse and reads data from the operational database. |
Operations Manager |
Data reader account |
FT-SCOM-DR |
The data reader account is used to define which account credentials Microsoft SQL Server® Reporting Services uses to run queries against the Operations Manager reporting Data Warehouse. |
Virtual Machine Manager |
Virtual Machine Manager service account |
FT-SCVMM-SVC |
This account is used to run the Virtual Machine Manager service. |
Service Manager |
Service Manager services account |
FT-SCSM-SVC |
This account becomes the operational system account. It is assigned to the logon account for all Service Manager services on all Service Manager servers. This account becomes a member of the sdk_users and configsvc_users database roles for the Service Manager database as part of installation. This account also becomes the Data Warehouse system Run As account. |
Service Manager |
Service Manager workflow account |
FT-SCSM-WF |
This account is used for all workflows and is made a member of the Service Manager workflows user role. |
Service Manager |
Service Manager reporting account |
FT-SCSM-SSRS |
This account is used by SQL Server Reporting Services (SSRS) to access the DWDataMart database to get data for reporting. The account becomes a member of the db_datareader database role for the DWDataMart database. Becomes a member of the reportuser database role for the DWDatamart database. |
Service Manager |
Microsoft SQL Server® Analysis Services account for OLAP cubes |
FT-SCSM-OLAP |
This account is used by SQL Server Analysis Services (SSAS) for Service Manager reports. |
Service Manager |
Operations Manager alert connector |
FT-SCSM-OMAlert |
This account is used for Service Manager Operations Manager Alert connector operations. |
Service Manager |
Operations Manager CI connector |
FT-SCSM-OMCI |
This account is used for Service Manager Operations Manager continuous integration (CI) connector operations. |
Service Manager |
Active Directory connector |
FT-SCSM-ADCI |
This account is used for Service Manager Active Domain connector operations. |
Service Manager |
Virtual Machine Manager CI connector |
FT-SCSM-VMMCI |
This account is used for Service Manager Virtual Machine manager connector operations. |
Service Manager |
Orchestrator CI Connector |
FT-SCSM-OCI |
This account is used for System Center Orchestrator connector operations. |
Orchestrator |
Orchestrator services account |
FT-SCO-SVC |
This account is used to run the Orchestrator Management Service, Orchestrator Runbook Service, and Orchestrator Runbook Server monitor service. |
App Controller |
App Controller service account |
FT-SCAC-SVC |
This account is used to run all App Controller services. |
Service Manager Automation |
Service Manager Automation service account |
FT-SCSMA-SVC |
This account is used to run Service Manager Automation services |
Service Provider Foundation |
Service Provider Foundation service account |
FT-SCSPF-SVC |
This account is used for Service Provider Foundation services |
Windows Azure Pack |
Windows Azure Pack service account |
FT-WAP-SVC |
This account is used for Windows Azure Pack services |
The following Active Directory security groups are required for the Fast Track System Center 2012 R2 installation:
Table 17 Active Directory Domain Security Groups
Component |
Group |
Name |
Group notes |
App Center |
AppCenter Administrators |
FT-SCAC-Admins |
This group’s members are administrators for the AppCenter installation. |
System Center 2012 |
System Center Administrators |
FT-SC-Admins |
This group’s members are full Admins on all System Center components. |
SQL Server |
SQL Server Administrators |
FT-SQL-Admins |
This group’s members are sysadmins on all SQL Server instances and local administrators on all SQL Server nodes. |
Operations Manager |
Operations Manager Administrators |
FT-SCOM-Admins |
This group’s members are administrators for the Operations Manager installation and hold the Administrators role in Operations Manager. |
Operations Manager |
Operations Manager Advanced Operators |
FT-SCOM-AdvOperators |
This group’s members are not full administrators but do have advanced operational privileges within Operations Manager. |
Operations Manager |
Operations Manager Operators |
FT-SCOM-Operators |
This group’s members are not full administrators but do have operational privileges within Operations Manager. |
Virtual Machine Manager |
Virtual Machine Manager Administrators |
FT-SCVMM-Admins |
This group’s members are administrators for the Virtual Machine Manager installation and hold the Administrators role in Virtual Machine Manager. |
Virtual Machine Manager |
Virtual Machine Manager Delegated Administrators |
FT-SCVMM-FabricAdmins |
This group’s members are delegated administrators for the Virtual Machine Manager installation and hold the Fabric Administrators role in Virtual Machine Manager. |
Virtual Machine Manager |
Virtual Machine Manager Read Only Admins |
FT-SCVMM-ROAdmins |
This group’s members are read-only administrators for the Virtual Machine Manager installation and hold the Read-Only Administrators role in Virtual Machine Manager. |
Virtual Machine Manager |
Virtual Machine Manager Tenant Administrators |
FT-SCVMM-TenantAdmins |
This group’s members are administrators for Virtual Machine Manager Self-Service users and hold the Tenant Administrators role in Virtual Machine Manager. |
Virtual Machine Manager |
Virtual Machine Manager Self-Service users |
FT-SCVMM-AppAdmins |
This group’s members are self-service users in the Virtual Machine Manager and hold the Application Administrators role in Virtual Machine Manager. |
Orchestrator |
Orchestrator Administrators |
FT-SCO-Admins |
This group’s members are administrators for the Orchestrator installation. |
Orchestrator |
Orchestrator Operators |
FT-SCO-Operators |
This group’s members gain access to Orchestrator through membership in the Orchestrator Operators group. Any user account added to this group is granted permission to use the Runbook Designer and Deployment Manager tools. |
Service Manager |
Service Manager Users |
FT-SCSM-Users |
|
Service Manager Automation |
Service Manager Automation Administrators |
FT-SCSMA-Admins |
This group’s members are administrators of the Service Manager Automation of the Windows Azure Pack. |
Service Manager |
Service Manager Admins |
FT-SCSM-Admins |
This group is added to the Service Manager Administrators user role and the Data Warehouse Administrators user role. |
Service Provider Foundation |
Service Provider Foundation Administrators |
FT-SCSPF-Admins |
|
Service Provider Foundation |
Service Provider Foundation Provider |
FT-SCSPF-Provider |
|
Service Provider Foundation |
Service Provider Foundation Usage |
FT-SCSPF-Usage |
|
The following sample PowerShell script will add the required accounts and groups to Active Directory. The script reads an XML file that contains the users and groups and details the group memberships. The XML file follows the script file. Modify the XML file if you wish to use a different naming convention.
<# NOTE: Does not handle groups of format aaa/bbb
FTUsersGroups.ps1 Version=0.1
11-February-2015
Created by Tim Cerling
tcerling@cisco.com
Execution string: .\FTUsersGroups.ps1 -path <path> -validateOnly -toConsole
<path> - location of input file FTUsersGroups.xml
-toConsole - output log file to console instead of log file
/#>
Param
(
[Parameter(Mandatory=$false,Position=0)]
[String]$path = (Get-Location),
[Parameter(Mandatory=$false)]
[Switch]$toConsole = $false
)
#
# Function Definitions
#
# ------------------------------------------------------------------------------
# Function to write log information to either log file or console
Function Write-Log ($content, $type)
{
$n = (get-pscallstack).Length - 2
$lineNum = ((get-pscallstack)[$n].Location -split " line ")[1]
switch ($type)
{
Normal
{
If ($ToConsole)
{
Write-Host -ForegroundColor Green "$lineNum $(Get-Date -Format "HH:mm:ss") - $content"
}
Else
{
Add-Content -Path $logFilePath -Value "$lineNum - $(Get-Date -Format g): $content"
}
}
Error
{
If ($ToConsole)
{
Write-Host -ForegroundColor Red -BackgroundColor Black "ERROR at line $lineNum `n$content"
}
Else
{
Add-Content -Path $logFilePath -Value "ERROR at line $lineNum - $(Get-Date -Format g): $content"
}
}
Warning
{
If ($ToConsole)
{
Write-Host -ForegroundColor Yellow -BackgroundColor Black "Warning at line $lineNum `n$content"
}
Else
{
Add-Content -Path $logFilePath -Value "Warning at line $lineNum - $(Get-Date -Format g): $content"
}
}
}
}
#
# Definition of constants
#
# ------------------------------------------------------------------------------
$startTime = Get-Date
$originalPath = Get-Location
$errTag = $False
$logFile = "FTUsersGroups.log"
$domain = "DC=VSPEX,DC=com"
################################################################################
################################################################################
#
# Start of Code
#
# ------------------------------------------------------------------------------
# Change to path entered on command line
If (Test-Path $path -PathType Container)
{
Set-Location $path
}
Else
{
$errTag = $True
Write-Host "Invalid path" -ForegroundColor Red
}
# Read input file
If (Test-Path "$path\FTUsersGroups.xml")
{
try {$FTUsersGroups = [XML] (Get-Content "$path\FTUsersGroups.xml") }
catch {$errTag = $True; Write-Host "Invalid FTUsersGroups.xml" -ForegroundColor Red}
}
Else
{
$errTag = $True
Write-Host "Missing FTUsersGroups.xml" -ForegroundColor Red
}
# Create a log file in the same directory from which the script is running
If (!$errTag)
{
If (!$toConsole)
{
$localPath = Split-Path (Resolve-Path $MyInvocation.MyCommand.Path)
$logFilePath = Join-Path $localPath $logFile
If (Test-Path($logFilePath))
{
Write-Host "Deleting existing log file"
Remove-Item $logFilePath
}
Write-Host "Creating new log file $logfilePath"
$trash = New-Item -Path $localPath -Name $logFile -ItemType "file"
}
}
# Import required modules
if ((Get-Module |where {$_.Name -ilike "ActiveDirectory"}).Name -ine "ACtiveDirectory")
{
Write-Host "Loading Module: Microsoft Active Directory Module"
Import-Module ActiveDirectory
}
# Test whether to continue processing
If ($errTag)
{
Set-Location $originalPath
$endTime = Get-Date
$elapsedTime = New-TimeSpan $startTime $endTime
Write-Host -ForegroundColor Yellow -BackgroundColor Black "`n`n-----------------------------------------------------------`n"
Write-Log "Elapsed time: $($elapsedTime.Hours):$($elapsedTime.Minutes):$($elapsedTime.Seconds)" "Normal"
Write-Log "End of processing.`n" "Normal"
Exit
}
#Process the Organizational Unit (if present)
$xOrgUnit = $FTUsersGroups.FastTrack4.OrgUnit.trim()
If ($xOrgUnit -eq $null) {$xOrgUnit = "Users"}
$ou = "OU=$xOrgUnit,"
$ouPath = $ou + $domain
Write-Log "OrgUnit: $xOrgUnit Path: $domain" "Normal"
New-ADOrganizationalUnit -Name $xOrgUnit -Path $domain -ProtectedFromAccidentalDeletion $true
# Process Users
$FTUsersGroups.FastTrack4.Users | ForEach-Object {$_.Var} | ForEach-Object {
$xUserName = $_.Name.trim()
$xUserPwd = $_.Pwd.trim()
$xUserDescr = $_.Descr.trim()
$secureStringPwd = ConvertTo-SecureString $xUserPwd -AsPlainText -Force
$userID = "CN=" + $xUserName + "," +$ouPath
Write-Log "Name: $xUserName Descr: $xUserDescr Path: $ouPath" "Normal"
New-ADUser -Name $xUserName -Description $xUserDescr -Path $ouPath -Type "user"
Set-ADUser -Identity $xUserName -DisplayName $xUserName -GivenName $xUserName -SamAccountName $xUserName
$secureStringPwd = ConvertTo-SecureString $xUserPwd -AsPlainText -Force
Set-ADAccountPassword -Identity $userID -NewPassword $secureStringPwd
Enable-ADAccount -Identity $userID
Set-ADAccountControl -Identity $userID -PasswordNeverExpires $true
}
Write-Log "-------" "Normal"
# Process Groups
# First ensure all groups are added to ensure a group can be added to a group
$FTUsersGroups.FastTrack4 | ForEach-Object {$_.Group} | ForEach-Object {
$xGrpName = $_.Name.trim()
$xGrpDescr = $_.Descr.trim()
If ($xGrpName.Contains("/"))
{
$tmpOU = $xGrpName -split '/', 2
$grpID = "CN=" + $tmpOU[1] + ",OU=" + $tmpOU[0] + "," + $domain
Write-Log "NOT adding group ... $grpID" "Warning"
}
Else
{
$grpID = "CN=" + $xGrpName + "," + $ouPath
New-ADGroup -Name $xgrpName -Path $ouPath -GroupCategory "Security" -GroupScope "Global" -SamAccountName $xGrpName -Description $xGrpDescr
Write-Log "adding group ... $grpID" "Normal"
}
Write-Log "Group: $xGrpName Descr: $xGrpDescr ID: $grpID" "Normal"
}
# Add members to group
$FTUsersGroups.FastTrack4 | ForEach-Object {$_.Group} | ForEach-Object {
$xGrpName = $_.Name.trim()
$xGrpDescr = $_.Descr.trim()
$xGrpMembers = $_.Members
If ($xGrpName.Contains("/"))
{
Write-Log "must manually add these members ... $xGrpMembers to $xGrpName" "Warning"
}
Else
{
$grpID = "CN=" + $xGrpName + "," + $ouPath
If ($xGrpMembers -ne $null)
{
$xGrpMembers | ForEach-Object {$_.Var} | ForEach-Object {
$xMemberName = $_.Name.trim()
$xMemberType = $_.Type.trim()
$memberID = "CN=" + $xMemberName + "," + $ouPath
If ($xMemberType -ne "Computer")
{
Add-ADPrincipalGroupMembership -Identity $memberID -Memberof $grpID
Write-Log " Member: $xMemberName Type: $xMemberType memID: $memberID Grp: $grpID" "Normal"
}
}
}
}
}
Set-Location $originalPath
$endTime = Get-Date
$elapsedTime = New-TimeSpan $startTime $endTime
If ($toconsole)
{
Write-Host -ForegroundColor Yellow -BackgroundColor Black "`n`n-----------------------------------------------------------`n"
Write-Host "Elapsed time: $($elapsedTime.Hours):$($elapsedTime.Minutes):$($elapsedTime.Seconds)"
Write-Host "End of processing."
}
Else
{
Write-Log "Elapsed time: $($elapsedTime.Hours):$($elapsedTime.Minutes):$($elapsedTime.Seconds)" "Normal"
Write-Log "End of processing." "Normal"
}
<?xml version="1.0" encoding="utf-8"?>
<!--
FTUsersGroups Version=0.1
11-February-2013
Created by Tim Cerling
tcerling@cisco.com
NOTE: FT-SCO-Admins needs to be manually added to Builtin/Distributed COM Users
-->
<FastTrack4>
<OrgUnit>VSPEX</OrgUnit>
<!-- Users -->
<Users>
<Var Name='FT-SCInstall' Pwd='P@55w0rd' Descr='Optional for SC 2012 install' />
<Var Name='FT-SQL-SVC' Pwd='P@55w0rd' Descr='SQL service account' />
<Var Name='FT-SCOM-Action' Pwd='P@55w0rd' Descr='OM monitoring' />
<Var Name='FT-SCOM-SVC' Pwd='P@55w0rd' Descr='OM service account' />
<Var Name='FT-SCOM-DW' Pwd='P@55w0rd' Descr='OM Data warehouse' />
<Var Name='FT-SCOM-DR' Pwd='P@55w0rd' Descr='OM data reader for SQL SRS' />
<Var Name='FT-SCVMM-SVC' Pwd='P@55w0rd' Descr='VMM service account' />
<Var Name='FT-SCSM-SVC' Pwd='P@55w0rd' Descr='SM service account' />
<Var Name='FT-SCSM-WF' Pwd='P@55w0rd' Descr='SM workflows' />
<Var Name='FT-SCSM-SSRS' Pwd='P@55w0rd' Descr='SM SQL SRS for datamart' />
<Var Name='FT-SCSM-OLAP' Pwd='P@55w0rd' Descr='SM SQL Analysis Services' />
<Var Name='FT-SCSM-OMAlert' Pwd='P@55w0rd' Descr='SM-OM alert connector' />
<Var Name='FT-SCSM-OMCI' Pwd='P@55w0rd' Descr='SM-OM connector' />
<Var Name='FT-SCSM-ADCI' Pwd='P@55w0rd' Descr='SM-AD connector' />
<Var Name='FT-SCSM-VMMCI' Pwd='P@55w0rd' Descr='SM-VMM connector' />
<Var Name='FT-SCSM-OCI' Pwd='P@55w0rd' Descr='SM-Orchestrator connector' />
<Var Name='FT-SCSM-Users' Pwd='P@55w0rd' Descr='SM users' />
<Var Name='FT-SCO-SVC' Pwd='P@55w0rd' Descr='Orchestrator service account' />
<Var Name='FT-SCAC-SVC' Pwd='P@55w0rd' Descr='AppController service account' />
<Var Name='FT-SCSMA-SVC' Pwd='P@55w0rd' Descr='Service Manager Automation Service Account' />
<Var Name='FT-SCSPF-SVC' Pwd='P@55w0rd' Descr='Service Provider Foundation Service Account' />
<Var Name='FT-WAP-SVC' Pwd='P@55w0rd' Descr='Windows Azure Pack Service Account' />
</Users>
<!-- Group Memberships -->
<Group Name='FT-SC-Admins' Descr='System Center Administrators'>
</Group>
<Group Name='FT-SCAC-Admins' Descr='AppCenter Administrators'>
<Members>
<Var Name='FT-SCAC-SVC' Type='User' />
<Var Name='FT-SCVMM-Admins' Type='Group' />
</Members>
</Group>
<Group Name='FT-SQL-Admins' Descr='SQL Server Administrators'>
<Members>
<Var Name='FT-SQL-SVC' Type='User' />
<Var Name='FT-SCSM-OLAP' Type='User' />
<Var Name='FT-SCSM-SSRS' Type='User' />
</Members>
</Group>
<Group Name='FT-SCOM-Admins' Descr='Operations Manager Administrators'>
<Members>
<Var Name='FT-SCOM-Action' Type='User' />
<Var Name='FT-SCOM-SVC' Type='User' />
<Var Name='FT-SCOM-DR' Type='User' />
<Var Name='FT-SCOM-DW' Type='User' />
<Var Name='FT-SCVMM-SVC' Type='User' />
<Var Name='OM01' Type='Computer' />
<Var Name='OM02' Type='Computer' />
</Members>
</Group>
<Group Name='FT-SCOM-Operators' Descr='Operations Manager Operators'>
<Members>
<Var Name='FT-SCSM-OMCI' Type='user' />
</Members>
</Group>
<Group Name='FT-SCOM-AdvOperators' Descr='Operations Manager Advanced Operators'>
</Group>
<Group Name='FT-SCVMM-Admins' Descr='Virtual Machine Manager Administrators'>
<Members>
<Var Name='FT-SCVMM-SVC' Type='User' />
<Var Name='FT-SCSM-VMMCI' Type='User' />
<Var Name='FT-SCO-SVC' Type='User' />
<Var Name='FT-SCAC-SVC' Type='User' />
</Members>
</Group>
<Group Name='FT-SCVMM-FabricAdmins' Descr='VMM Fabric Administrators'>
</Group>
<Group Name='FT-SCVMM-ROAdmins' Descr='VMM Read-only Administrators'>
</Group>
<Group Name='FT-SCVMM-TenantAdmins' Descr='VMM Tenant Administrators'>
</Group>
<Group Name='FT-SCVMM-AppAdmins' Descr='VMM Application Administrators'>
</Group>
<Group Name='FT-SCO-Admins' Descr='Orchestrator Administrators'>
<Members>
<Var Name='FT-SCO-SVC' Type='User' />
</Members>
</Group>
<Group Name='FT-SCO-Operators' Descr='Orchestrator Operators'>
<Members>
<Var Name='FT-SCSM-OCI' Type='User' />
</Members>
</Group>
<Group Name='FT-SCSM-Admins' Descr='Service Manager Administrators'>
<Members>
<Var Name='FT-SCSM-OMAlert' Type='User' />
<Var Name='FT-SCSM-OMCI' Type='User' />
<Var Name='FT-SCSM-SSRS' Type='User' />
<Var Name='FT-SCSM-SVC' Type='User' />
<Var Name='FT-SCSM-WF' Type='User' />
</Members>
</Group>
<Group Name='FT-SCSPF-Admins' Descr='Service Provider Foundation Administrators'>
<Members>
<Var Name='FT-SCSPF-SVC' Type='User' />
</Members>
</Group>
<Group Name='FT-SCSPF-Provider' Descr='SPF Provider Web Service access'>
<Members>
<Var Name='FT-SCSPF-SVC' Type='User' />
</Members>
</Group>
<Group Name='FT-SCSPF-VMM' Descr='SPF VMM Web Service access'>
<Members>
<Var Name='FT-SCSPF-SVC' Type='User' />
</Members>
</Group>
<Group Name='FT-SCSPF-Usage' Descr='SPF Usage Web Service'>
<Members>
<Var Name='FT-SCSPF-SVC' Type='User' />
</Members>
</Group>
<Group Name='FT-SCSMA-Admins' Descr=’Service Manager Automation administrators'>
</Group>
</FastTrack4>
This four-node SQL Server failover cluster contains all the databases for each System Center product in discrete instances by product and function. This separation of instances allows for division by unique requirements and scale-over time as the needs of each component scales higher.
Not all features are supported for failover cluster installations, some features cannot be combined on the same instances, and some allow configuration only during the initial installation. Specifically this applies to database engine services and analysis services. As a rule, database engine services and analysis services are hosted in separate instances within the failover cluster. SQL Server Reporting Services (SSRS) is not a cluster aware SQL Server service and if deployed within the cluster, it can only be deployed to the scope of a single node. For this reason, SSRS will be installed on the respective System Center component server (virtual machine). This installation is “files only”, and the SSRS configuration provisions reporting services databases to be hosted on the component’s corresponding database instance in the SQL Server failover cluster. The exception to this is the System Center Operations Manager Analysis Services and Reporting Services configuration. For this instance, Analysis Services and Reporting Services must be installed with the same server and with the same instance to support Virtual Machine Manager and Operations Manager integration. Similarly, SQL Server Integration Services is also is also not a cluster-aware SQL Server service and if deployed within the cluster, it can only be deployed to the scope of a single node. For this reason the Service Reporting SQL services functionality will be installed on the Service Reporting virtual machine.
Note: All instances are required to be configured with Windows authentication.
In System Center 2012 R2, the App Controller and Orchestrator components can share an instance of SQL Server with a SharePoint farm, which provides additional consolidation of the SQL Server instance requirements. That shared instance can be considered as a general System Center instance, while other instances are dedicated per individual System Center component.
The SQL Server 2012 SP2 failover cluster installation process includes the high-level steps shown in the following figure.
Figure 8 SQL: Server Failover Cluster Installation Steps
There is a decision in the SQL Server architecture that must occur prior to deployment. There are multiple valid SQL Server deployment scenarios, as follows.
· Architecture
- Physical servers
- Virtual machines
· Storage
- Shared VHDX
- iSCSI
- Fibre Channel
From these choices described, the standard IaaS PLA architecture recommends a minimum two-node virtualized SQL Server guest cluster that is scaled accordingly for your deployment. The subsequent sections of this document contain guidance for deploying a four-node cluster, a configuration large enough to support a large enterprise environment.
A high-level walkthrough on how to install SQL Server 2012 SP2 is provided below. The following assumptions are made prior to installation:
· Four base virtual machines running Windows Server 2012 R2 have been provisioned for SQL Server.
· Cluster storage has been configured
- One VHDX file for disk witness (1 GB)
- One VHDX file for SSAS database and log files (15 GB)
- SMB 3.0 file share for storage of all other database and log files
As discussed in the Infrastructure-as-a-Service Fabric Management Architecture Guide, virtual machines running SQL Server are deployed as a guest failover cluster to contain all the databases for each System Center product in discrete instances by product and function. In cases that require SQL Server Reporting Services, SQL Server Reporting Services is installed on the hosting System Center component server (for example, the Operations Manager reporting server). However, this installation is “Files only,” and the SQL Server Reporting Services configuration configures remote Reporting Services databases that are hosted on the component instance on the SQL Server cluster. All instances are required to be configured with Windows Authentication. The following table outlines the options required for each instance.
Table 18 Storage Requirements
Share |
Component(s) |
Instance Name |
Purpose / Size |
Collation |
..\SCSMDB |
Service Manager Management |
SCSMDB |
Database / 145 GB Logs / 70 GB |
Latin1_General_100_CS_AS |
..\SCSMDW |
Service Manager Data Warehouse |
SCSMDW |
Database / 1 TB Logs / 500 GB |
Latin1_General_100_CS_AS |
Shared VHDX |
Service Manager Analysis Service |
SCSMAS |
Database / 8 GB Logs / 4 GB |
Latin1_General_100_CS_AS |
..\SCDB |
Service Manager SharePoint Farm, Orchestrator, App Controller |
SCDB |
Database / 10 GB Logs / 5 GB |
Latin1_General_100_CS_AS |
..\SCVMMDB |
Virtual Machine Manager, Windows Server Update Services |
SCVMMDB |
Database / 6GB Logs / 3GB |
Latin1_General_100_CS_AS |
..\SCOMDB |
Operations Manager |
SCOMDB |
Database / 130 GB Logs / 65 GB |
Latin1_General_100_CS_AS |
..\SCOMDW |
Operations Manager Data Warehouse |
SCOMDW |
Database / 1 TB Logs / 500 GB |
Latin1_General_100_CS_AS |
..\WAP |
Windows Azure Pack |
WAP |
Database / 20 GB Logs / 10 GB |
Latin1_General_100_CS_AS |
Shared VHDX |
Disk Witness |
N/A |
1 GB |
NA |
TOTAL |
|
|
~3.5 TB |
|
The following environment prerequisites must be met before proceeding with installation.
Verify that the following accounts have been created:
Table 19 SQL Server Accounts
User name |
Purpose |
Permissions |
<DOMAIN>\FT-SQL-SVC |
SQL Server service account |
Needs full administrator permissions on all target SQL Server systems and serves as the service account for all instances. This account must also be added to the local Administrators group on each node; the FT-SQL-Admins group, and be a sysadmin in all instances. |
Verify that the following security groups have been created:
Table 20 SQL Server Security Groups
Security group name |
Group scope |
Members |
<DOMAIN>\FT-SQL-Admins |
Universal |
All SQL Server Administrators for the fabric management solution. |
From the Failover Cluster Manager console, select Roles, right-click a SQL VM, and select Connect…
|
|
On the Virtual Machine connection window, click the Ctrl+Alt+Delete icon. Log into the VM with the previously established credentials. |
|
From a PowerShell window type ncpa to bring up the Network Connections window. Then issue the Get-NetAdapter cmdlet to list the relationship between the NIC names and their MAC addresses. |
|
From the Virtual Machine Connection window, click File and select Settings…
|
|
Expand one of the NICs and select Advanced Features. Match the MAC address from this display with the output from the Get-NetAdapter PowerShell cmdlet. Rename the NICs in Network Connections and configure their IP address information. For the SQL VMs, the SC-database NIC needs to be configured with default gateway and DNS. The SC-SMB NIC simply needs an IP address. |
|
Back in Server Manager, click Computer Name to bring up the System Properties window.
|
|
Click the Change… button. |
|
Enter the new Computer Name. Click the radio button my Domain and enter the domain name to join. Provide credentials that allow joining the domain in the credentials window that displays. Reboot the VM. Repeat for each of the SQL VMs. |
u Perform the following steps on all fabric management SQL Server virtual machines. |
|
It is possible to accomplish the management functions from the management workstation by using the proper RSAT tool. Launch the Computer Management console. Right-click Computer Management and select Connect to another computer … Enter the name of the computer you want to manage and click OK. Similar to above, you can manage the cluster from the management workstation. The following steps assume you are logging into each server, but the same steps can be handled remotely in the exact same manner. |
|
Navigate to System Tools > Local Users and Groups > Groups.
|
|
Verify that the following accounts and/or groups are members of the local Administrators group of the first SQL Server VM: · SQL Server service account · SQL Server Admins group · Virtual Machine Manager computer accounts · Service Manager OLAP account · Service Manager SSRS account · Service Manager workflow account · Service Manager service account · Operations Manager action account · Virtual Machine Manager service account Repeat on the other nodes of the SQL Server cluster. |
|
From the Failover Cluster Manager console, expand Storage > Disks. Select the SSAS volume and note what host is the current Owner Node. On the lower part of the window, record which cluster storage volume SSAS is mounted to. Three VHDX files need to be created: SSASDB.VHDX, SSASlog.VHDX, and SQL-Disk-Witness.VHDX |
|
From the Hyper-V Manager console’s Action pane, select the Owner Node from the previous step, and click New > Hard Disk … Click Next on the Before You Begin page. |
|
On the Choose Disk Format page, select the radio button by VHDX. Click Next. |
|
On the Choose Disk Type page, select the radio button by Fixed Size. Click Next.
|
|
On the Specify Name and Location page, enter a Name for the VHDX file. Retain the VHDX extension. Enter the full path of the ClusterStorage volume into Location. Click Next.
|
|
On the Configure Disk page, specify a Size. · SSASDB.VHDX – 8 GB · SSASlog.VHDX – 4 GB · SQL-Disk-Witness.VHDX – 1 GB Click Next.
|
|
Review the summary page to make sure you have entered the proper values. Click Finish. Repeat the process to create a 4 GB VHDX for the SSAS log files and a 1 GB VHDX, to be used as the cluster disk witness on the same cluster shared volume. |
|
Open Failover Cluster Manager, click Roles, right-click SQL01, and select Shut Down. When the VM has halted, right-click SQL01 and select Settings. Select Add Hardware. Make sure SCSI Controller is selected and click Add. |
|
Select SCSI Controller, click Hard Drive, and click Add.
|
|
Select Virtual Hard Disk, and click Browse. |
|
Browse to the location you previously created the VHDX files. Select the SQL-Disk-Witness.VHDX file and click Open. |
|
Expand the newly added disk and select Advanced Features. Check the box by Enable virtual hard disk sharing.
|
|
Repeat the process of adding a disk to the SCSI controller, this time selecting the SSASDB.VHDX and SSASlog.VHDX disks and enabling virtual hard disk sharing. Click OK. Repeat on each SQL VM. Start all the SQL VMs when they all have access to the VHDX files. |
From your management workstation, start Server Manager, right-click All Servers, and select Add Servers.
|
|
Enter ‘sql’ into the Name field and click Find Now. It will find all the SQL VMs. Select them all and click the arrow to move them into the Selected column. Click OK.
|
|
Click File and Storage Services. |
|
Select Disks. Find one of the SQL VMs and select the first disk that is marked as Offline. Right-click the disk and select Bring Online. Click Yes on the warning box that displays. Repeat to bring the other offline disks online. |
|
Right-click the 16 GB disk and select New Volume… Click Next on the Before Your Begin window that displays. |
|
On the Select the server and disk page, select one of the SQL VMs and select the 8 GB SSASDB disk. Click Next. Click OK on the warning window that displays.
|
|
For Volume size, accept the maximum size. Click Next.
|
|
For the SSAS disk, Assign to a drive letter and record it. For the disk witness, select Don’t assign to a driver letter or folder. Click Next. |
|
On the Select file system settings page, leave the defaults for File system and Allocation unit size. Enter an appropriate Volume label. Click Next.
|
|
On the summary page, review your settings. Click Create. Repeat for the SSAS log, assigning a drive letter. For the disk witness do not assign a drive letter. These steps to initialize and format the disks are performed on only one of the SQL VMs. |
From the management workstation, issue the shown PowerShell cmdlet for each SQL Server VM. This will install the Failover Clustering feature on each node. Install-WindowsFeature -Name Failover-Clustering -ComputerName <SQL01> –IncludeManagementTools |
|
After all SQL VMs has the Failover Clustering feature installed, run the following command to validate the cluster configuration: Test-Cluster SQL01,SQL02,SQL03,SQL04 The Test-Cluster cmdlet provides a validation report that can be opened in a local browser from the location reported. Correct any errors. If there are any warnings, validate they are acceptable or correct them. |
|
The next step is to create the cluster. From the same elevated Windows PowerShell prompt, run the following command to create the cluster: New-Cluster -Node <Node1>, <Node2>, <Node3>, <Node4> -Name <ClusterName> -StaticAddress <ClusterIPAddress> Note: If you are using Dynamic Host Configuration Protocol (DHCP) for the cluster nodes, the –StaticAddress parameter should not be used. |
|
In the Failover Cluster Manager console right-click the top element and select Connect to Cluster…
|
|
In the Select Cluster window, enter the name of the cluster you just created. Click OK.
|
|
Within the Failover Cluster Manager console navigate to SQL-Clus01 > Storage > Disks. Select one of the disks and notice volume id you had previously assigned. Right-click the disk and select Properties.
|
|
Set the Name of the disk to the same value as the volume label. Click OK. Repeat for the other disks.
|
|
If the disks are not on SQL01, move the storage to SQL01. In the Action pane click Move Available Storage and click Select Node… |
|
Select SQL01 and click OK. |
|
Expand Networks. Click the network that shows Cluster Use as Cluster and Client. This should be your SC-database network. Right-click and select Properties. |
|
Set the Name of the network to be equal to the NIC’s name. Click OK. Repeat for the other network. |
The VNX5400 account and the SQL Server Admins security group need full permission to the share that will be used for SQL Server. To configure proper access permissions to the SQL share, complete the following steps:
From the Computer Management console, right-click the top of the tree and select Connect to another computer ...
|
|
In the Select Computer dialog window, enter the name of the VNX5400 SMB server. Click OK.
|
|
Navigate to System Tools > Shared Folders > Shares. Right-click the SQL share and select Properties.
|
|
On the share properties dialog window, click Add… |
|
As was done for the Fabric Management cluster, add the following with Full Control: · VSPEX\Domain Admins group · SQL Server service account · SQL Server admins group · SQL Server VM names · SQL Server cluster name Click OK. If you are using a separate account for installation, that is you are not running under the administrator account, you need to add that account, too.
|
The account used for installation of SQL Server needs the SeSecurity privilege on the VNX. By default, no Windows account has this access to the VNX.
While still in the Computer Management console from the previous steps, expand Local Users and Groups. Select Groups. |
|
Double-click Administrators to open its properties. Add the SQL Server administrators group and Domain Admins group. If you are using an account to install SQL that is not a member of one of these groups, add that account, too. Click OK. |
|
Double-click Replicator to open its properties. Add the SQL Server service account to this group. Click OK. |
All SQL Server instances can be installed on the first node of the cluster before moving on to install on subsequent nodes. The following table can be tailored to the customer environment to provide answers to configuration items that are needed for the installation and configuration of each SQL instance.
Table 21 Sample System Center Component Database Worksheet
SQL Server Component |
Service Manager management server |
Service Manager data warehouse server |
Service Manager analysis server |
App Controller, Orchestrator, SharePoint Services farm, and WSUS |
Virtual Machine Manager |
Operations Manager |
Operations Manager data warehouse |
Windows Azure Pack |
Instance Name |
SCSMDB |
SCSMDW |
SCSMAS |
SCDB |
SCVMMDB |
SCOMDB |
SCOMDW |
WAPDB |
Instance Install |
..\SMSMDB\DB * |
..\SCSMDW\DB |
E:\SCSMAS\DB |
..\SCDB\DB |
..\SCVMMDB\DB |
..\SCOMDB\DB |
..\SCOMDW\DB |
..\WAPDB\DB |
Instance DATA |
..\SMSMDB\DB |
..\SCSMDW\DB |
E:\SCSMAS\DB |
..\SCDB\DB |
..\SCVMMDB\DB |
..\SCOMDB |
..\SCOMDW\DB |
..\WAPDB\DB |
Instance LOG |
..\SMSMD\log |
..\SCSMDW\log |
F:\SCSMAS\Log |
..\SCDB\log |
..\SCVMMDB\log |
..\SCOMDB\log |
..\SCOMDW\log |
..\WAPDB\log |
Instance TEMPDB |
..\SMSMDB\log |
..\SCSMDW\log |
F:\SCSMAS\Log |
..\SCDB\log |
..\SCVMMDB\log: |
..\SCOMDB\log |
..\SCOMDW\log |
..\WAPDB\log |
Instance IP Address |
192.168.22.115 / 24 |
192.168.22.116 /24 |
192.168.22.117 /24 |
192.168.22.118 /24 |
192.168.22.119 /24 |
192.168.22.120 /24 |
192.168.22.121 /24 |
192.168.22.122 /24 |
Network Interface Name |
SC-database |
SC-database |
SC-database |
SC-database |
SC-database |
SC-database |
SC-database |
SC-database |
Instance Listening TCP/IP Port |
22115 |
22116 |
22117 |
22118 |
22119 |
22120 |
22121 |
22122 |
Instance Preferred Owners |
Node2, Node3 |
Node3, Node4 |
Node4, Node1 |
Node2, Node3 |
Node1, Node2 |
Node3, Node4 |
Node1, Node2 |
Node4, Node1 |
* ..\ represents \\VNX5400-SMB\FabMgmtSQL |
The IaaS PLA installation requires separate instances for each System Center product. The instances associated with these products are:
· SCSMDB (Service Manager database)
· SCSMDW (Service Manager data warehouse)
· SCSMAS (Service Manager SQL Analysis Services)
· SCDB (Shared App Controller, Orchestrator, Service Provider Foundation, Services Management Automation, Service Manager self-service portal, Microsoft SharePoint® Foundation 2010 services, and WSUS database)
· SCVMMDB (Virtual Machine Manager database and optional WSUS database)
· SCOMDB (Operations Manager database)
· SCOMDW (Operations Manager data warehouse)
· WAPDB (Windows Azure Pack database)
For multi-instance failover clusters, installation of SQL Server 2012 SP2 must be performed for each instance. As such, these steps must be performed for each instance sequentially.
u Perform the following steps on the first fabric management SQL Server node virtual machine with an account that has both local Administrator rights and permissions in AD DS to create the SQL Server CNOs. |
|
From the SQL Server 2012 SP2 installation media source, right-click setup.exe and click Run as administrator to begin setup. The SQL Server Installation Center will appear. Click Installation in the left pane. |
|
Click New SQL Server failover cluster installation. |
|
The SQL Server Setup Wizard will appear. On the Setup Support Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click OK to continue. |
|
If the View detailed report link is selected, the following report is available. |
|
On the Product Key page, select the Enter the product key option and enter the associated product key in the provided text box. Click Next to continue. Note: If you do not have a product key, select the Specify a free edition option, and then click Evaluation from the drop-down list for a 180-day evaluation period. |
|
On the License Terms page, select the I accept the license terms check box. Select or clear the Send feature usage data to Microsoft check box, based on your organization’s policies, and click Next to continue. |
|
On the Install Setup Files page, click Install Setup Files and allow the files to install.
|
|
On the Setup Support Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click Next to continue. Note: Common issues include MSDTC, MSCS, and Windows Firewall warnings. The use of MSDTC is not required for the System Center 2012 R2 environment. |
|
On the Setup Role page, select SQL Server Feature Installation, and click Next to continue. |
|
On the Feature Selection page, features for the various instances will be selected. · SCDB - Database Engine Services · SCOMDB - Database Engine Services · SCOMDW - Database Engine Services · SCSMAS - Analysis Services · SCSMDB - Database Engine Services · SCSMDW - Database Engine Services · SCVMMDB - Database Engine Services · WAPDB – Database Engine Services Select the Management Tools – Basic check box and Management Tools – Complete check box for at least one instance installation pass. |
Database Engine Services (all instances except SCSMAS): Analysis Services (SCSMAS instance only): |
On the Feature Rules page, click Next to continue. Show details and View detailed report can be viewed if required. |
|
On the Instance Configuration page, make the following selections (refer to the worksheet that you created earlier): · SQL Server Network Name – Specify the cluster network name of the failover cluster instance being installed. Select the Named instance option. In the provided text box, specify the instance name being installed: · Instance ID – Specify the instance name being installed. Verify that it matches the Named instance value. · Instance root directory – Accept the default location of %ProgramFiles%\Microsoft SQL Server. Click Next to continue. |
|
On the Disk Space Requirements page, verify that you have sufficient disk space, and click Next to continue.
|
|
On the Cluster Resource Group page, in the SQL Server cluster resource group name drop-down list, accept the default value of SQL Server (<InstanceName>). Click Next to continue.
|
|
Depending on what and when you are installing, the Cluster Disk Selection window will show things differently. If you have not yet installed the Analysis Services instance, the two disks provisioned for SQL Server Analysis Services will show as available. Make sure that the check boxes are cleared for any instance installation except the Analysis Services installation. ONLY for the Analysis Services installation should both disks be selected. After you have installed the Analysis Services instance, the disks will no longer show in the top part of the window and the bottom part will reflect that fact that the disks have already been assigned. |
|
On the Cluster Network Configuration page, refer to the worksheet that you created earlier to assign the correct IP address for each instance. Clear the DHCP check box if you are using static addressing, and enter the IP address in the Address field text box. Click Next to continue.
|
|
On the Server Configuration page, click the Service Accounts tab. Specify the SQL Server Service account and associated password for the SQL Server Agent and SQL Server Database Engine services. Note: The SQL Server Service Account will also be used for the SQL Server Analysis Services service for instances where these feature are selected.
|
|
On the same Server Configuration page, click the Collation tab. Click the Customize… button to change the collation. |
|
Select the radio button by Windows collation designator and sort order. From the drop-down list, select Latin1_General_100. Check the box by Accent-sensitive. This sets the value to Latin1_General_100_CI_AS. Do this for all instances. Click OK to continue. Then click Next back on the Server Configuration page to continue. Note: If it is required to use a collation other than English, please contact Microsoft for assistance in properly configuring collation.
|
|
On the Database Engine Configuration page, Server Configuration tab, in the Authentication Mode section, select the Windows authentication mode option. In the Specify SQL Server administrators section, click the Add Current User button to add the current installation user. Click the Add… button to select the previously created SQL Server Admins group and the SQL service account from the object picker. You can also add any application specific service accounts and groups at this point or add them later. |
|
On the same Database Engine Configuration page, click the Data Directories tab. Enter the string for the appropriate file share in the Data root directory text box. Change the subdirectory in the User databaselog directory and Temp DB log directory text boxes to point to a location for the log files. It is also recommended to change the Backup Directory to a separate location such as the log location. Do not change the folder structure unless your organization has specific standards for this. Click Next. Note: It may be necessary to relocate the Temp DB files to a dedicated location if performance is not adequate using a single share location. |
|
Because you are using file shares instead of drive letters for storage, you will received a warning message telling you to make sure the SQL Server Service account has full control to the shares. This was configured in an earlier step. Click Yes. |
|
In instances that contain Analysis Services, on the Analysis Services Configuration page, click the Server Configuration tab. In the Specify which users have administrative permissions for Analysis Services section, click Add Current User to add the current installation user. Click Add… to select the following groups: Service Manager instance: · SQL Server Admins group · SQL Server Service account · SM Admins group · SM OLAP account On the Data Directories tab, use the following configuration Set the Data directory, and Temp directory to the cluster disk that is configured for the database files. Set the Log file directory and the Backup directory to the cluster disk that is configured for the log files. Do not change the folder structure unless your organization has specific standards for this. Click Next to continue. |
|
On the Error Reporting page, select or clear the Send Windows and SQL Server Error Reports to Microsoft or your corporate report server check box, based on your organization’s policies, and click Next to continue. |
|
On the Cluster Installation Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click Next to continue.
|
|
On the Ready to Install page, verify all of the settings that were entered during the setup process and click Install to begin the installation of the SQL Server instance.
|
|
On the Installation Progress page, the installation progress will be displayed.
|
|
When the installation is complete, the Complete page will appear. Click Close. |
|
Repeat these steps for each associated SQL Server instance that is required for the IaaS PLA fabric management installation (seven instances total). |
|
Verify the installation by inspecting the instances in Failover Cluster Manager and in SQL Server 2012 Management Studio prior to moving to the next step of installation. NOTE: The default value for Analysis Services is SCSMAS\SCSMAS and needs to be changed to SCSMAS |
After the creation of all required SQL Server instances on Node 1 is complete, additional nodes (Node 2 is required and additional nodes are optional) can be added to each instance of the cluster. Follow these steps to begin the installation of additional nodes of the cluster.
u Perform the following steps on each additional fabric management SQL Server node virtual machine. |
|
From the SQL Server 2012 SP2 installation media source, right-click setup.exe and click Run as administrator to begin setup. The SQL Server Installation Center will appear. |
|
From the SQL Server Installation Center, click the Add node to a SQL Server failover cluster link. |
|
The SQL Server 2012 Setup Wizard will appear. On the Setup Support Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click OK to continue. |
|
On the Product Key page, select the Enter the product key option and enter the associated product key in the provided text box. Click Next to continue. Note: If you do not have a product key, select the Specify a free edition option, and select Evaluation from the drop-down list for a 180-day evaluation period. |
|
On the License Terms page, select the I accept the license terms check box. Select or clear the Send feature usage data to Microsoft, based on your organization’s policies, and click Next to continue. |
|
On the Product Updates page, select the Include SQL Server product updates check box, and click Next to continue. |
|
On the Install Setup Files page, click Install, and allow the support files to install. |
|
On the Setup Support Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click Next to continue. Note: Common issues include MSDTC, MSCS, and Windows Firewall warnings. The use of MSDTC is not required for the System Center 2012 R2 environment. |
|
On the Cluster Node Configuration page, select the desired instance name from the SQL Server instance name drop-down list. Each instance is listed along with the nodes that are currently assigned to each instance. Click Next to continue. |
|
On the Cluster Network Configuration page, the network configuration values are displayed and set based on the existing failover cluster instance values from the first node. They cannot be modified. Click Next to continue. |
|
On the Service Accounts page, specify the SQL Server Service Account and an associated password for the SQL Server Agent and SQL Server Database Engine services. Click Next to continue. Note: For the SCSMAS instance only, an additional password must be supplied for the SQL Server Analysis Services service account. |
|
On the Error Reporting page, select or clear the Send Windows and SQL Server Error Reports to Microsoft or your corporate report server check box, based on your organization’s policies, and click Next to continue. |
|
On the Add Node Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click Next to continue.
|
|
On the Ready to Add Node page, verify that all of the settings were entered during the setup process, and click Install to begin the installation of the second SQL Server node for the selected instance.
|
|
The Add Node Progress screen will display real-time progress for the operation.
|
|
When the installation is complete, the Complete page will appear. Click Close to complete the installation of this SQL Server database instance. Repeat these steps for each associated SQL Server instance that is required for IaaS PLA fabric management installation (seven instances total). |
|
Verify the installation by inspecting the instances in Failover Cluster Manager and in SQL Server 2012 Management Studio prior to moving to the next step of installation. Move all instances to the node. NOTE: The default value for Analysis Services is SCSMAS\SCSMAS and needs to be changed to SCSMAS |
|
When complete, install the latest cumulative update for SQL Server 2012 SP2 on each node of the SQL cluster. To avoid warnings during the installation, move all instances off the node being patched. Note that at the time of writing, the latest is Cumulative Update 8. Integration with initial install can be achieved using the following command line during setup: \Setup.exe /Action=Install /UpdateSource=[PATH] |
Earlier in this document, reference was made to the PowerShell Deployment Toolkit (PDT). It is beyond the scope of this document to explain its capabilities and use. However, it is a very useful tool. As the deployment of the shared SQL Server databases required for the Microsoft Private Cloud requires eight instances across four nodes, this requires performing the SQL Server installation process 32 times. It is possible to create Variable.xml and Workflow.xml files to be used by the Installer.ps1 script from PDT to install all instances of SQL Server on the four node cluster.
Generally, the Workflow.xml is never modified. When PDT was originally written, it was written to use the SQL collation values for the SQL Server database installations. Since then Microsoft has changed its recommendation to use the Windows collation values. This change can be accomplished by replacing all occurrences of <Collation>Default</Collation> with <Collation>Locale</Collation> within the Workflow.xml file. No other changes are made to the Workflow.xml file.
The following represents a sample Variable.xml file that has been used to successfully install all the SQL Server database instances. Note that it must be changed to match the customer environment. The following changes must be made:
· Variables at the beginning of the file.
· Security Groups in the <Components> section
· Values in each <SQL> section.
By default, Installer.ps1 looks for the Variable.xml and Workflow.xml files to be in the same directory. The directory structure used by the two XML files for finding installation components is the directory structure created by the Downloader.ps1 file mentioned earlier in this document. Installer.ps1 can be run with a –ValidateOnly switch in order to check that the modified Variable.xml file is properly formatted and the proper values are set.
When you have a clean validation, you can run the Installer.ps1 file from the installation workstation or another domain member. It cannot be run from any of the SQL Server cluster nodes.
This information is provided as sample only. No warranty or support is implied in the use of this sample file.
<?xml version="1.0" encoding="utf-8"?>
<!--
********************
********************
This file has been modified to enable the just the installation of the eight SQL instances on the SQL Server cluster.
Ensure this file is tailored to the specific environment in which it is to be used. The following must be changed.
Variables at the beginning of the file.
Security Groups in the <Components> section
Values in each <SQL> section.
********************
********************
==============================================================================================
Copyright (c) Microsoft Corporation. All rights reserved.
File: Variable
Purpose: PDT Scenario file
Version: 2.65.1.0.0
==============================================================================================
.SYNOPSIS
PDT Scenario file
.DESCRIPTION
This scenario file deploys the following roles
• System Center 2012 R2 Virtual Machine Manager Database Server
• System Center 2012 R2 Service Provider Foundation Database Server
• System Center 2012 R2 Operations Manager Database Server
• System Center 2012 R2 Operations Manager Datawarehouse Server
• System Center 2012 R2 Service Manager Database Server
• System Center 2012 R2 Service Manager Datawarehouse Server
• System Center 2012 R2 Service Manager Analysis Server
• Windows Azure Pack 2013 Database Server
• SQL Server 2012 Management Tools
.EXAMPLE
Default:
Variable.xml
==============================================================================================
-->
<Installer version="2.0">
<Variable Name="RegisteredUser" Value="Fast Track" />
<Variable Name="RegisteredOrganization" Value="VSPEX" />
<Variable Name="InstallerServiceAccount" Value="VSPEX\Administrator" />
<Variable Name="InstallerServiceAccountPassword" Value="password.1" />
<Variable Name="SourcePath" Value="\\Mgmt\Installer" />
<Variable Name="Download" Value="\\Mgmt\Installer" />
<Variable Name="SQLServer2012ProductKey" Value="" />
<Components>
<Component Name="System Center 2012 R2 Service Provider Foundation">
<Variable Name="SystemCenter2012R2ServiceProviderFoundationVMMSecurityGroupUsers" Value="VSPEX\FT-SPF-Admins" />
<Variable Name="SystemCenter2012R2ServiceProviderFoundationAdminSecurityGroupUsers" Value="VSPEX\FT-SPF-Admins" />
<Variable Name="SystemCenter2012R2ServiceProviderFoundationProviderSecurityGroupUsers" Value="VSPEX\FT-SPF-Admins" />
<Variable Name="SystemCenter2012R2ServiceProviderFoundationUsageSecurityGroupUsers" Value="VSPEX\FT-SPF-Admins" />
</Component>
<Component Name="System Center 2012 R2 Service Management Automation">
<Variable Name="SystemCenter2012R2ServiceManagementAutomationAdminGroup" Value="VSPEX\FT-SMA-Admins" />
</Component>
<Component Name="System Center 2012 R2 Operations Manager">
<Variable Name="SystemCenter2012R2OperationsManagerManagementGroupName" Value="SCOM_MG01"/>
</Component>
<Component Name="System Center 2012 R2 Service Manager">
<Variable Name="SystemCenter2012R2ServiceManagerManagementGroupName" Value="SCSM_MG01"/>
<Variable Name="SystemCenter2012R2ServiceManagerDatawarehouseManagementGroupName" Value="SCSMDW_MG01"/>
<Variable Name="SystemCenter2012R2ServiceManagerPortalUsers" Value="VSPEX\Domain Users"/>
</Component>
</Components>
<Roles>
<Role Name="System Center 2012 R2 Virtual Machine Manager Database Server" Server="SCVMMDB.VSPEX.com" Instance="SCVMMDB" SQLCluster="True" />
<Role Name="System Center 2012 R2 Service Management Automation Database Server" Server="SCDB.VSPEX.com" Instance="SCDB" SQLCluster="True" />
<Role Name="System Center 2012 R2 Operations Manager Database Server" Server="SCOMDB.VSPEX.com" Instance="SCOMDB" SQLCluster="True" />
<Role Name="System Center 2012 R2 Operations Manager Datawarehouse Server" Server="SCOMDW.VSPEX.com" Instance="SCOMDW" SQLCluster="True" />
<Role Name="System Center 2012 R2 Service Manager Database Server" Server="SCSMDB.VSPEX.com" Instance="SCSMDB" SQLCluster="True" />
<Role Name="System Center 2012 R2 Service Manager Datawarehouse Server" Server="SCSMDW.VSPEX.com" Instance="SCSMDW" SQLCluster="True" />
<Role Name="System Center 2012 R2 Service Manager Analysis Server" Server="SCSMAS.VSPEX.com" Instance="SCSMAS" SQLCluster="True" />
<Role Name="Windows Azure Pack 2013 Database Server" Server="WAPDB.VSPEX.com" Instance="WAPDB" SQLCluster="True" />
<Role Name="SQL Server 2012 Management Tools" Server="SQL01.VSPEX.com"/>
</Roles>
<SQL>
<Cluster Cluster="SCVMMDB.VSPEX.com" Instance="SCVMMDB" Version="SQL Server 2012" Port="22119" >
<Variable Name="SQLAdmins" Value="VSPEX\FT-SQL-Admins" />
<Variable Name="SQLAgtServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLAgtServiceAccountPassword" Value="password.1" />
<Variable Name="SQLServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLServiceAccountPassword" Value="password.1" />
<Variable Name="SQLInstallSQLDataDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCVMMDB\DB"/>
<Variable Name="SQLUserDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCVMMDB\DB\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLUserDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCVMMDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCVMMDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCVMMDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLClusterIPAddress" Value="192.168.22.119" />
<Variable Name="SQLClusterNetwork" Value="SC-database" />
<Variable Name="SQLClusterIPSubnet" Value="255.255.255.0" />
<Node Server="SQL01.VSPEX.com" Preferred="1" ></Node>
<Node Server="SQL02.VSPEX.com" Preferred="2" ></Node>
<Node Server="SQL03.VSPEX.com" ></Node>
<Node Server="SQL04.VSPEX.com" ></Node>
</Cluster>
<Cluster Cluster="SCDB.VSPEX.com" Instance="SCDB" Version="SQL Server 2012" Port="22118" >
<Variable Name="SQLAdmins" Value="VSPEX\FT-SQL-Admins" />
<Variable Name="SQLAgtServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLAgtServiceAccountPassword" Value="password.1" />
<Variable Name="SQLServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLServiceAccountPassword" Value="password.1" />
<Variable Name="SQLInstallSQLDataDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCDB\DB"/>
<Variable Name="SQLUserDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCDB\DB\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLUserDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLClusterIPAddress" Value="192.168.22.118" />
<Variable Name="SQLClusterNetwork" Value="SC-database" />
<Variable Name="SQLClusterIPSubnet" Value="255.255.255.0" />
<Node Server="SQL01.VSPEX.com" ></Node>
<Node Server="SQL02.VSPEX.com" Preferred="1"></Node>
<Node Server="SQL03.VSPEX.com" Preferred="2"></Node>
<Node Server="SQL04.VSPEX.com" ></Node>
</Cluster>
<Cluster Cluster="SCOMDB.VSPEX.com" Instance="SCOMDB" Version="SQL Server 2012" Port="22120" >
<Variable Name="SQLAdmins" Value="VSPEX\FT-SQL-Admins" />
<Variable Name="SQLAgtServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLAgtServiceAccountPassword" Value="password.1" />
<Variable Name="SQLServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLServiceAccountPassword" Value="password.1" />
<Variable Name="SQLInstallSQLDataDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCOMDB\DB"/>
<Variable Name="SQLUserDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCOMDB\DB\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLUserDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCOMDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCOMDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCOMDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLClusterIPAddress" Value="192.168.22.120" />
<Variable Name="SQLClusterNetwork" Value="SC-database" />
<Variable Name="SQLClusterIPSubnet" Value="255.255.255.0" />
<Node Server="SQL01.VSPEX.com" ></Node>
<Node Server="SQL02.VSPEX.com" ></Node>
<Node Server="SQL03.VSPEX.com" Preferred="1"></Node>
<Node Server="SQL04.VSPEX.com" Preferred="2"></Node>
</Cluster>
<Cluster Cluster="SCOMDW.VSPEX.com" Instance="SCOMDW" Version="SQL Server 2012" Port="22121" >
<Variable Name="SQLAdmins" Value="VSPEX\FT-SQL-Admins" />
<Variable Name="SQLAgtServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLAgtServiceAccountPassword" Value="password.1" />
<Variable Name="SQLServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLServiceAccountPassword" Value="password.1" />
<Variable Name="SQLInstallSQLDataDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCOMDW\DB"/>
<Variable Name="SQLUserDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCOMDW\DB\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLUserDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCOMDW\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCOMDW\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCOMDW\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLClusterIPAddress" Value="192.168.22.121" />
<Variable Name="SQLClusterNetwork" Value="SC-database" />
<Variable Name="SQLClusterIPSubnet" Value="255.255.255.0" />
<Node Server="SQL01.VSPEX.com" Preferred="1"></Node>
<Node Server="SQL02.VSPEX.com" Preferred="2"></Node>
<Node Server="SQL03.VSPEX.com" ></Node>
<Node Server="SQL04.VSPEX.com" ></Node>
</Cluster>
<Cluster Cluster="SCSMDB.VSPEX.com" Instance="SCSMDB" Version="SQL Server 2012" Port="22115" >
<Variable Name="SQLAdmins" Value="VSPEX\FT-SQL-Admins" />
<Variable Name="SQLAgtServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLAgtServiceAccountPassword" Value="password.1" />
<Variable Name="SQLServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLServiceAccountPassword" Value="password.1" />
<Variable Name="SQLInstallSQLDataDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCSMDB\DB"/>
<Variable Name="SQLUserDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCSMDB\DB\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLUserDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCSMDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCSMDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCSMDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLClusterIPAddress" Value="192.168.22.115" />
<Variable Name="SQLClusterNetwork" Value="SC-database" />
<Variable Name="SQLClusterIPSubnet" Value="255.255.255.0" />
<Node Server="SQL01.VSPEX.com" ></Node>
<Node Server="SQL02.VSPEX.com" Preferred="1"></Node>
<Node Server="SQL03.VSPEX.com" Preferred="2"></Node>
<Node Server="SQL04.VSPEX.com" ></Node>
</Cluster>
<Cluster Cluster="SCSMDW.VSPEX.com" Instance="SCSMDW" Version="SQL Server 2012" Port="22116" >
<Variable Name="SQLAdmins" Value="VSPEX\FT-SQL-Admins" />
<Variable Name="SQLAgtServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLAgtServiceAccountPassword" Value="password.1" />
<Variable Name="SQLServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLServiceAccountPassword" Value="password.1" />
<Variable Name="SQLInstallSQLDataDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCSMDW\DB"/>
<Variable Name="SQLUserDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCSMDW\DB\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLUserDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCSMDW\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCSMDW\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\SCSMDW\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLClusterIPAddress" Value="192.168.22.116" />
<Variable Name="SQLClusterNetwork" Value="SC-database" />
<Variable Name="SQLClusterIPSubnet" Value="255.255.255.0" />
<Node Server="SQL01.VSPEX.com" ></Node>
<Node Server="SQL02.VSPEX.com" ></Node>
<Node Server="SQL03.VSPEX.com" Preferred="1"></Node>
<Node Server="SQL04.VSPEX.com" Preferred="2"></Node>
</Cluster>
<Cluster Cluster="SCSMAS.VSPEX.com" Instance="SCSMAS" Version="SQL Server 2012" Port="22117" >
<Variable Name="SQLAdmins" Value="VSPEX\FT-SQL-Admins" />
<Variable Name="SQLAgtServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLAgtServiceAccountPassword" Value="password.1" />
<Variable Name="SQLServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLServiceAccountPassword" Value="password.1" />
<Variable Name="SQLInstallSQLDataDir" Value="E:\SCSMAS\DB"/>
<Variable Name="SQLUserDBDir" Value="E:\SCSMAS\DB\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLUserDBLogDir" Value="F:\SCSMAS\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBDir" Value="F:\SCSMAS\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBLogDir" Value="F:\SCSMAS\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLClusterIPAddress" Value="192.168.22.117" />
<Variable Name="SQLClusterNetwork" Value="SC-database" />
<Variable Name="SQLClusterIPSubnet" Value="255.255.255.0" />
<Node Server="SQL01.VSPEX.com" Preferred="2"></Node>
<Node Server="SQL02.VSPEX.com" ></Node>
<Node Server="SQL03.VSPEX.com" ></Node>
<Node Server="SQL04.VSPEX.com" Preferred="1"></Node>
</Cluster>
<Cluster Cluster="WAPDB.VSPEX.com" Instance="WAPDB" Version="SQL Server 2012" Port="22122" >
<Variable Name="SQLAdmins" Value="VSPEX\FT-SQL-Admins" />
<Variable Name="SQLAgtServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLAgtServiceAccountPassword" Value="password.1" />
<Variable Name="SQLServiceAccount" Value="VSPEX\FT-SQL-SVC" />
<Variable Name="SQLServiceAccountPassword" Value="password.1" />
<Variable Name="SQLInstallSQLDataDir" Value="\\VNX5400-SMB\FabMgmtSQL\WAPDB\DB"/>
<Variable Name="SQLUserDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\WAPDB\DB\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLUserDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\WAPDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBDir" Value="\\VNX5400-SMB\FabMgmtSQL\WAPDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLTempDBLogDir" Value="\\VNX5400-SMB\FabMgmtSQL\WAPDB\Log\MSSQL11.$Instance\MSSQL\Data"/>
<Variable Name="SQLClusterIPAddress" Value="192.168.22.122" />
<Variable Name="SQLClusterNetwork" Value="SC-database" />
<Variable Name="SQLClusterIPSubnet" Value="255.255.255.0" />
<Node Server="SQL01.VSPEX.com" Preferred="2"></Node>
<Node Server="SQL02.VSPEX.com" ></Node>
<Node Server="SQL03.VSPEX.com" ></Node>
<Node Server="SQL04.VSPEX.com" Preferred="1"></Node>
</Cluster>
</SQL>
</Installer>
When the installation is complete, the following tasks must be performed to complete the installation of SQL Server. If you used PDT to deploy the SQL Server installations, these steps should have been completed, but you may want to validate that it worked in your environment.
To support the multi-instance cluster, you must configure each SQL Server instance to use a specific TCP/IP port for the database engine or analysis services. The default instance of the database engine uses port 1433, and named instances use dynamic ports. To configure the firewall rules to allow access to each named instance, static listening ports must be assigned.
Use the following procedure to configure the TCP/IP port. For more information, see Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager) [1].
u Perform the following steps on each fabric management SQL Server node virtual machine. |
|||||||||||||||||||
Open an administrative Command Prompt by searching for and selecting CMD.EXE, then right-click and select Run as Administrator. Within the command prompt type the following command: The existing dynamic ports used by the SQLSERVER.EXE sessions will appear.
|
|||||||||||||||||||
On the first SQL Server node, open SQL Configuration Manager.
|
|
||||||||||||||||||
In the SQL Server Configuration Manager console pane, expand the SQL Server Network Configuration node and then click Protocols for the <instance name>. Double-click TCP/IP from the available protocol names to observe its properties. |
|||||||||||||||||||
On the TCP/IP Properties page, click the IP Addresses tab. Several IP addresses appear in the format IP1, IP2, up to IPAll. Each address will include several values: · Active - Indicates that the IP address is active on the computer. Not available for IPAll. · Enabled - If the Listen All property in TCP/IP Properties (on the Protocol tab) is set to No, this property indicates whether SQL Server is listening on the IP address. If the Listen All property in TCP/IP Properties (on the Protocol tab) is set to Yes, the property is disregarded. Not available for IPAll. · IP Address - View or change the IP address used by this connection. Lists the IP address that is used by the computer and the IP loopback address, 127.0.0.1. Not available for IPAll. The IP address can be in IPv4 or IPv6 format. · TCP Dynamic Ports - Blank if dynamic ports are not enabled. To use dynamic ports, set to 0. For IPAll, displays the port number of the dynamic port used. · TCP Port - View or change the port on which SQL Server listens. By default, the default instance of Database Engine listens on port 1433. SQL Server Database Engine can listen on multiple ports on the same IP address. List the ports separated by commas in the format 1433, 1500, 1501. This field is limited to 2047 characters. To configure a single IP address to listen on multiple ports, the Listen All parameter must also be set to No in the TCP/IP Properties on the Protocols tab. |
For more information see How to: Configure the Database Engine to Listen on Multiple TCP Ports. |
||||||||||||||||||
Within the dialog box, browse to each IP address section for the instance, and delete the numerical value (0) from the TCP Dynamic Ports field.
|
|||||||||||||||||||
Scroll down to the IPAll section, and delete the existing dynamic port value from TCP Dynamic Ports property. Assign a static port value under TCP Port that is appropriate for the instance. For this example, port 10437 was specified. Click Apply to save the changes. |
|
||||||||||||||||||
A warning message will appear stating that the settings will not take effect until the SQL Server service has been restarted for that instance. Click OK. All databases will be restarted in a later step. |
|
||||||||||||||||||
Repeat these steps to set a static port for each database service instance. Reference the SQL Server settings table at the beginning of this section for the default values that are used in this guide. When all of the database instances are configured, close SQL Server Configuration Manager and continue to the next steps to change the SSAS instance listening port. |
|
||||||||||||||||||
Open SQL Server Management Studio.
|
|
||||||||||||||||||
On the Connect to Server page, input the connection values for the SSAS instance. Connect to connect to the instance.
|
|||||||||||||||||||
When you are connected to the instance in SQL Management Studio, right-click the SSAS instance and click Properties.
|
|
||||||||||||||||||
On the Analysis Server Properties page, click the General tab, and in the Name column, click Port. By default the value will be set to “0” (zero) to specify a dynamic port.
|
|
||||||||||||||||||
On the same page, in the Value column, specify an appropriate static port value, then click OK to save the changes.
|
|||||||||||||||||||
A message will appear outlining that a restart is required. Click OK and close SQL Management Studio. |
|
||||||||||||||||||
Open Failover Cluster Manager and expand the Roles node.
|
|
||||||||||||||||||
To apply the new port settings, in Failover Cluster Manager, select each SQL Server instance (this must be repeated per instance). In the Action pane, select Stop Role to stop the service for each instance. Restart each instance by selecting Start Role from the Action pane. Close the Failover Cluster Manager console.
|
|
||||||||||||||||||
To verify that the port settings are properly assigned, open Task Manager and click the Services tab. Review the list of services and note the PID numbers for each of the SQL Services.
|
|||||||||||||||||||
Open an administrative Command Prompt by searching for and selecting CMD.EXE, then right-click and select Run as Administrator. Within the command prompt, type the following command: netstat –ano to export the output to a CSV file. |
|
||||||||||||||||||
Import the CSV file into Excel to format the data into a spreadsheet. Locate the PIDs you documented from the Task Manager previously. Then filter on the state column to identify the listening and blank values. The resulting table should confirm that all of the SQL instances are listening on only the static ports assigned previously. In addition to the static ports for each instance, the 2382 TCP/UDP and 1434 TCP/UDP ports for the SQL Server Browser are also listed. You must open them in the firewall settings to support the Analysis and Database Engine instances. |
|
||||||||||||||||||
When completed, configure the Windows Firewall rule for the SQL Server Browser. To perform this action, on each node in the Windows Failover Cluster that will host SQL Server instances, open the Windows Firewall with Advanced Security MMC console. |
|
||||||||||||||||||
In the Windows Firewall with Advanced Security MMC console, click the Inbound Rules node, and click New Rule… in the Action pane. |
|
||||||||||||||||||
In the New Inbound Rule Wizard, on the Rule Type page, select the Port button, and click Next to continue.
|
|||||||||||||||||||
On the Protocol and Ports page, select the UDP button. Select the Specific local ports button and type 1434 in the text box. This enables access to the SQL Server Browser for Database Engine instances. Click Next to continue.
|
|||||||||||||||||||
On the Action page, select the Allow the connection button, and click Next to continue.
|
|||||||||||||||||||
On the Profile page, leave the Domain, Private, and Public check boxes selected, and click Next to continue. Note: Allowing the Private and Public network types enables this rule to support other scenarios such as the SQL Server AlwaysOn Multisite Failover Cluster Instance for database availability groups when replication may take place on a network other than the domain network. |
|||||||||||||||||||
Specify a name for the new rule, such as SQL Server Browser Service for Database Engine, and click Finish.
|
|||||||||||||||||||
Note the new rule listed in under Inbound Rules. Click New Rule again from the Action pane to create the SQL Browser Service for Analysis Server rule.
|
|
||||||||||||||||||
On the Protocol and Ports page, select the TCP and the Specific local ports buttons. In the Specific local ports text box, type 2382 to enable access to the SQL Server Browser for the Analysis Server instance. |
|||||||||||||||||||
Note the additional new rule listed in the Inbound Rules pane. Next, create and configure the inbound Windows Firewall rule for each SQL Server instance. In the same window, click New Rule in the Action pane to create the firewall rule for the first named instance. |
|
||||||||||||||||||
In the New Inbound Rule Wizard, on the Rule Type page, select the Port button, and click Next to continue.
|
|||||||||||||||||||
On the Protocol and Ports page, select the TCP button. Select the Specific local ports button and type the specific local TCP/IP port to enable access to the first named SQL Server instance. In this example, to enable access to the SQL Server instance, SCDB, the port specified is 10433. Click Next to continue. |
|||||||||||||||||||
On the Action page, select the Allow the connection button and click Next to continue.
|
|||||||||||||||||||
On the Profile page, leave the Domain, Private, and Public check boxes selected, and click Next to continue. Note: Allowing the Private and Public network types enables this rule to support other scenarios such as the SQL Server AlwaysOn Multisite Failover Cluster Instance for database availability groups when replication may take place on a network other than the domain network. |
|||||||||||||||||||
Specify a name for the new rule, such as SQL Server Named Instance SCDB, and click Finish. |
|||||||||||||||||||
Create an additional rule for each SQL Server instance. This screenshot provides an example for how the rule set for the SQL Server architecture and instances would be configured.
|
|
||||||||||||||||||
Alternatively, firewall rules can be created through Windows PowerShell on the local server as shown in this example. Be sure to replace the port number value with the correct value for your environment. |
New-NetFirewallRule -DisplayName "SQL Server Browser Service for Database Engine" -LocalPort 1434 -Protocol UDP -Action Allow
|
||||||||||||||||||
The following commands provide an example for using Windows PowerShell to create rules on remote nodes. |
|
$RemoteSession = New-CimSession –ComputerName SQL04
New-NetFirewallRule -DisplayName "SQL Server Browser Service for Database Engine" -LocalPort 1434 -Protocol UDP -Action Allow –Group VSPEX –CimSession $RemoteSession
New-NetFirewallRule -DisplayName "SQL Server Browser Service for Analysis Server" -LocalPort 2382 -Protocol TCP -Action Allow –Group VSPEX –CimSession $RemoteSession
New-NetFirewallRule -DisplayName "SQL Server Named Instance SCDB" -LocalPort 22118 -Protocol TCP -Action Allow –Group VSPEX –CimSession $RemoteSession
New-NetFirewallRule -DisplayName "SQL Server Named Instance SCVMMDB" -LocalPort 22119 -Protocol TCP -Action Allow –Group VSPEX –CimSession $RemoteSession
New-NetFirewallRule -DisplayName "SQL Server Named Instance SCOMDB" -LocalPort 22120 -Protocol TCP -Action Allow –Group VSPEX –CimSession $RemoteSession
New-NetFirewallRule -DisplayName "SQL Server Named Instance SCOMDW" -LocalPort 22121 -Protocol TCP -Action Allow –Group VSPEX –CimSession $RemoteSession
New-NetFirewallRule -DisplayName "SQL Server Named Instance SCSMDB" -LocalPort 22115 -Protocol TCP -Action Allow –Group VSPEX –CimSession $RemoteSession
New-NetFirewallRule -DisplayName "SQL Server Named Instance SCSMDW" -LocalPort 22116 -Protocol TCP -Action Allow –Group VSPEX –CimSession $RemoteSession
New-NetFirewallRule -DisplayName "SQL Server Named Instance SCSMAS" -LocalPort 22117 -Protocol TCP -Action Allow –Group VSPEX –CimSession $RemoteSession
New-NetFirewallRule -DisplayName "SQL Server Named Instance WAPDB" -LocalPort 22122 -Protocol TCP -Action Allow –Group VSPEX –CimSession $RemoteSession
To support the proper distribution of SQL Server instances across the multi-instance SQL Server cluster, you must configure failover clustering in Windows to assign preferred owners for each SQL Server instance. The following steps are provided to assist with this configuration. One node is specified as the primary and different node as the secondary preferred owner. This does not prevent the SQL instance from failing over to a different node than those specified in the preferred owner list, but it does make sure the instances remain balanced when preferred nodes are available.
u Perform the following steps on one fabric management SQL Server node virtual machine. |
|||||||||||||||||||
On any SQL Server cluster node, open Failover Cluster Manager and expand the Roles node.
|
|
||||||||||||||||||
During the installation of SQL Server, all instances were installed on the first failover cluster node and then added to each additional node. By default, every failover cluster node is now a Possible Owner and a Preferred Owner of every SQL Server instance. To better control failover behavior and distribution of the instances, the Preferred Owners list must be modified and the owner node must be assigned by failing over the SQL Server instance to that node. To start this process, you need the list that you created previously. To perform this configuration, select the first SQL Server instance under the Roles node, then click the Any Node link next to Preferred Owners.
|
|
||||||||||||||||||
On the SQL Server Properties page, click the General tab, and select the two preferred nodes for the instance. The order will be automatically adjusted when the process is completed.
|
|||||||||||||||||||
On the SQL Server Properties page, click the Failover tab. In the Failback section, select the Allow failback and Immediately buttons. Click OK to save the changes.
|
|||||||||||||||||||
Note: The value for the Preferred Owners link now displays a value of User Settings if all nodes are not selected as preferred owners. If all available nodes are selected for the VM, the value will remain as Any node. Repeat this process for each SQL Server instance. |
|||||||||||||||||||
After all instances have been configured correctly for Preferred Owners, you must initiate a planned failover to balance the SQL Server instances across nodes. In Failover Cluster Manager, select the roles for each of the SQL Server instances that should not run on Node1 (In this example, these are: SCOMDB, SCOMDW, SCSMDB, SCSMDW, SCSMAS). Right-click the selection of SQL Server instances, click Move, and then click Best Possible Node. |
|
||||||||||||||||||
When the moves are complete, all instances should be distributed across Node1, Node2, Node3, and Node4. Note: With all nodes configured as Possible Owners, failover to nodes not listed as a Preferred Owner can still occur when the preferred owners are not available. However, with failback enabled, the SQL Server instances should always be reassigned on their preferred node when availability returns. This configuration supports a primary dedicated passive node plus two additional active or passive nodes in the case of a failure of two nodes. It is important to note that failback only applies to automatic failover events and not to user-initiated moves. |
|
Two servers running Virtual Machine Manager Management Server role are deployed and configured in a failover cluster that uses a dedicated SQL Server instance in the virtualized SQL Server cluster.
One library share is used for the Virtual Machine Manager library. Provisioning the Library Share on a File Server cluster instead of a stand-alone server is recommended. Additional library servers can be added as needed.
Note: In this deployment, the library file share is created on the SQL Server cluster. This was done from a convenience standpoint to avoid setting up a clustered file service for a single share. If the customer already has a highly available file service available, it can be used for the VMM library.
Virtual Machine Manager and Operations Manager integration is configured during the installation process.
The installation process for System Center 2012 R2 Virtual Machine Manager includes the high-level steps shown in Figure 9.
Figure 9 Virtual Machine Manager Installation Process
This section provides a high-level walkthrough for deploying Virtual Machine Manager into the IaaS PLA fabric management architecture. The following assumptions are made prior to the installation:
- The selected operating system installation type must be Full Installation.
- At least two shared storage LUNs or one shared storage LUN and a file share witness disk.
- A dedicated virtual network adapter for cluster communication.
- At least one dedicated virtual network adapter for iSCSI communications (if using iSCSI).
- Virtual Machine Manager can use a WSUS root server or a downstream WSUS server. Virtual Machine Manager does not support using a WSUS replica server. The WSUS server can be dedicated to Virtual Machine Manager or it can be a WSUS server that is already in use.
- The Virtual Machine Manager SQL Server instance must be case-insensitive (this is the default in SQL Server 2012).
- The SQL Server name must not exceed 15 characters.
- The account used to install Virtual Machine Manager must have the rights needed to connect to the remote SQL Server instance and create databases.
The following environment prerequisites must be met before prceeding.
Verify that the following service accounts have been created:
Table 22 Virtual Machine Manager Accounts
User name |
Purpose |
Permissions |
<DOMAIN>\FT-VMM-SVC |
Virtual Machine Manager Service Account |
This account needs full administrator permissions on the Virtual Machine Manager server virtual machine and runs the Virtual Machine Manager service. |
Verifty that the following security groups are created:
Table 23 Virtual Machine Manager Security Groups
Security group name |
Group scope |
Members |
<DOMAIN>\FT-SCVMM-Admins |
Global |
FT-SCVMM-SVC |
<DOMAIN>\FT-SCVMM-FabricAdmins |
Global |
Virtual Machine Manager delegated administrators |
<DOMAIN>\FT-SCVMM-ROAdmins |
Global |
Virtual Machine Manager Read-only administrators |
<DOMAIN>\FT-SCVMM-TenantAdmins |
Global |
Virtual Machine Manager tenant administrators who manage self-service users |
<DOMAIN>\FT-VMM-AppAdmins |
Global |
Virtual Machine Manager self-service users |
For more information, see Creating User Roles in VMM on Microsoft TechNet.
From the Failover Cluster Manager console, select Roles, right-click a SCVMM VM, and select Connect…
|
|
On the Virtual Machine connection window, click the Ctrl+Alt+Delete icon. Log into the VM with the previously established credentials. |
|
From a PowerShell window type ncpa to bring up the Network Connections window. Then issue the Get-NetAdapter cmdlet to list the relationship between the NIC names and their MAC addresses. |
|
From the Virtual Machine Connection window, click File and select Settings…
|
|
Expand one of the NICs and select Advanced Features. Match the MAC address from this display with the output from the Get-NetAdapter PowerShell cmdlet. Rename the NICs in Network Connections and configure their IP address information. For the SCVMM VMs, the SC-database NIC needs to be configured with default gateway and DNS. The SC-access NIC does not need configuration at this time. This NIC will be configured to use the Cisco Nexus 1000V. It will be configured after the N1KV is integrated into SCVMM. |
|
Back in Server Manager; click Computer Name to bring up the System Properties window.
|
|
Click the Change… button. |
|
Enter the new Computer Name. Click the radio button my Domain and enter the domain name to join. Provide credentials that allow joining the domain in the credentials window that displays. Reboot the VM. Repeat for the other SCVMM VM. |
The Virtual Machine Manager installation requires that the Windows Assessment and Deployment Kit (ADK) is installed on the Virtual Machine Manager management server. To download this kit, see Windows Assessment and Deployment Kit for Windows 8 in the Microsoft Download Center.
During installation, only the Deployment Tools and the Windows Pre-installation Environment features will be selected. This installation also assumes the Virtual Machine Manager servers have Internet access. If that is not the case, an offline installation can be performed. For more information for this installation option and complete installation details, see Installing the Windows ADK.
The ADK downloads as an installer with two options. One option assumes that the system on which the download is executed has access to the internet for downloading all the installation files. The second option is used to create a distribution point to be used for installing the ADK on systems that do not have access to the internet for downloading the files. If you used the PDT to copy the distribution files, you do not need to perform the following steps that perform the second option. You can access the installation media from the PDT download directory.
From the Windows ADK installation media source, right-click adksetup.exe and select Run as administrator to begin setup. If prompted by User Account Control, click Yes to allow the installation to make changes to the computer. |
|
Select the radio button to Download the kit. Enter a directory to which to store the downloaded files. Click Next. |
|
Make the appropriate selection regarding participation in the Customer Improvement Program. Click Next. Click Accept on the following window to accept the License Agreement.
|
|
A status window showing the progress of the download will display. When it completes click Close. |
The following steps outline how to install the Windows ADK on the Virtual Machine Manager management server using the extracted files.
u Perform the following steps on both Virtual Machine Manager virtual machines. |
|
From the Windows ADK installation media source, right-click adksetup.exe and select Run as administrator to begin setup. If prompted by User Account Control, click Yes to allow the installation to make changes to the computer. |
|
The Assessment and Deployment Kit Wizard appears On the Specify Location page, accept the default folder location of %ProgramFiles%\Windows Kits\8.1\, and click Next to continue. |
|
On the Join the Customer Experience Improvement Program (CEIP) page, choose to participate or to not participate by providing selected system information. Click Next to continue. |
|
On the License Agreement page, click Accept to continue. |
|
On the Select the features you want to install page, select the following option check boxes: · Deployment Tools · Windows Preinstallation Environment (Windows PE) Make sure all other option check boxes are cleared. Click Install to begin the installation. |
|
After the installation is complete, clear the Launch the Getting Started Guide check box, and click Close. |
The Virtual Machine Manager installation requires the WSUS Administration Tools to be installed on the Virtual Machine Manager management servers. In addition, the Failover Clustering Feature must be installed. Follow the steps below to install the pre-requisite roles and features on the Virtual Machine Manager management servers.
u Perform the following steps on each Virtual Machine Manager virtual machine. |
|
Although this installation can be performed interactively, the installation of roles and features can be automated by using the Server Manager module for Windows PowerShell. Either use the PowerShell cmdlets to the right, or use the GUI with the following instructions. |
Add-WindowsFeature -Name Failover-Clustering -IncludeManagementTools Add-WindowsFeature -Name UpdateServices-RSAT |
Open Server Manager and navigate to the Dashboard node. In the main pane, under Configure this local server, click Add roles and features. |
|
The Add Roles and Features Wizard appears. On the Before You Begin page, click Next to continue.
|
|
On the Select Installation Type page, you are presented with two options: · Role-based or feature-based installation. This is a traditional installation of roles and features to enable discrete functionality on the operating system. · Remote Desktop Services installation. This installs a predetermined combination of roles, features, and configurations to support a Remote Desktop (Session Virtualization) or VDI scenario. Select the Role-based or feature-based installation button, and click Next to continue. |
|
On the Select destination server page, you are presented with two options: · Select a server from the server pool. This option allows you to select a server from the managed pool of systems defined within Server Manager. · Select a virtual hard disk. This option allows for roles to be installed to staged VHD files for offline servicing purposes. For this installation, click the Select a server from the server pool button, select the local server, and click Next to continue. Note: Although many servers may be presented in the Select a server from the server pool option, only one can be selected at a time for role and feature installation operations. To enable installations across multiple hosts, the configuration can be saved at the end of the wizard and applied to multiple systems by using the Server Manager module for Windows PowerShell. |
|
On the Select Server Roles page, do not make any additional selections, and click Next to continue. |
|
On the Features page, select Failover Clustering. |
|
The Add features that are required for Failover Clustering? window appears. Select the Include management tools (if applicable) check box, then click the Add Features button. |
|
Expand Remote Server Administration Tools, then expand Role Administration Tools, and select the Windows Server Update Services Tools features. Click Next to continue. |
|
On the Confirm installation selections page, verify that the Windows Server Update Services Tools and Failover Clustering features are selected. Make sure that Restart each destination server automatically if required is selected. This is especially important for remote role and feature installation. Click Install to begin installation. Note: The Export Configuration Settings option is available as a link on this page to export the options selected to XML. When exported, they can be used in conjunction with the Server Manager module for Windows PowerShell to automate the installation of roles and features. |
|
The Installation Progress page will show the progress of the feature installation. Click Close when the installation process completes. |
The Virtual Machine Manager installation requires that the command-line utilities and management tools in SQL Server 2012 with SP2 are installed on the Virtual Machine Manager management server. Use the following procedure to install the command-line utilities and management tools on the Virtual Machine Manager management server.
u Perform the following steps on each Virtual Machine Manager virtual machine. |
|
From the SQL Server 2012 with SP2 installation media source, right-click setup.exe, and select Run as administrator to begin setup. |
|
The SQL Server Installation Center appears. In the left pane, click Installation. |
|
Click the New SQL Server stand-alone installation or add features to an existing installation link. |
|
The SQL Server 2012 Setup Wizard appears. On the Setup Support Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click OK to continue. |
|
On the Product Key page, select the Enter the product key option and type the associated product key in the text box. Click Next to continue.
Note: If you do not have a product key, select the Specify a free edition option, and select Evaluation from the drop-down list for a 180-day evaluation period. |
|
On the License Terms page, select the I accept the license terms check box. Select or clear the Send feature usage data to Microsoft, based on your organization’s policies, and click Next to continue. |
|
On the Product Updates page, leave the Include SQL Server product updates, selection selected, and click Next. |
|
On the Install Setup Files page, the update and installation process will be displayed.
|
|
On the Setup Support Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click Next to continue.
|
|
On the Setup Role page, select the SQL Server Feature Installation option, and click Next to continue. |
|
On the Feature Selection page, select the Client Tools Connectivity, Management Tools – Basic, and Management Tools – Complete check boxes, then click Next to continue. |
|
On the Installation Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click Next to continue.
|
|
On the Disk Space Requirements page, verify that the installation has enough space on the target drive, and click Next to continue. |
|
On the Error Reporting page, select or clear the Send Windows and SQL Server Error Reports to Microsoft or your corporate report server check box, based on your organization’s policies, and click Next to continue. |
|
On the Installation Configuration Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click Next to continue. |
|
On the Ready to Install page, verify all of the settings that were entered during the setup process, and click Install to begin the installation of the SQL Server instance.
|
|
When the installation completes, the Complete page will appear. Click Close to complete the installation of command-line tools in SQL Server. |
The Virtual Machine Manager Failover cluster installation requires a quorum model. That model can be a disk witness or a file share witness. This installation assumes the use of a disk witness quorum model.
Log into one of the Fabric Management Hyper-V hosts and launch the Computer Management MMC. Expand Storage. Right-click Disk Management and select Create VHD. Note: Due to limitations in this MMC, it must be performed locally, not from the configuration workstation. |
|
On the Create and Attach Virtual Hard Disk window, enter the location of the Cluster Shared Volume of the SCVMM-Library. Append a name for the virtual hard disk being created as the disk witness for a failover cluster. Specify 1 GB as the Virtual hard disk size. Select the radio button VHDX. Select the radio button Fixed size. Click OK. |
|
Repeat the process to create a second virtual hard disk that will eventually hold the SCVMM library contents. Select Dynamically expanding disk. Click OK. |
|
Right-click one of the newly created VHD files and select Initialize Disk.
|
|
The Initialize Disk window will display with both new disks selected. Leave both selected. Select the radio button GPT. Click OK.
|
|
Right-click the first disk (the smaller disk) and select New Simple Volume… Click Next. |
|
On the Specify Volume Size window accept the defaults by clicking Next.
|
|
On the Assign Drive Letter or Path window, select the radio button Do not assign a drive letter or drive path. Click Next.
|
|
On the Format Partition window enter a descriptive value for Volume label. Accept the other default values. Click Next. On the following summary page, click Finish. Repeat for the other disk, assigning a descriptive value for Volume label to reflect the SCVMM library disk. |
|
Right-click the first VHDX file and select Detach VHD.
|
|
On the Detach Virtual Hard Disk window, click OK. Repeat for the other VHDX file. |
u Perform the following steps on the both Virtual Machine Manager virtual machine. |
|
From the Failover Cluster Manager, select the first SCVMM VM. Right-click and select Settings… |
|
Select SCSI Controller. Select Hard Drive and click Add. |
|
Under Virtual hard disk click Browse.
|
|
Expand the tree; <Node> > Local Disk (C:) > ClusterStorage > Volume1. Select the SCVMM-witness VHDX file. Click Open. |
|
Return to the Settings window. Expand the new Hard Drive. Click Advanced Features. Select the check box Enable virtual hard disk sharing. Click OK to accept the change. Repeat these steps for the second SCVMM virtual machine. |
During the provisioning process, two virtual machines were built to the specifications outlined in the IaaS PLA Fabric Management Architecture Guide to support a high availability Virtual Machine Manager for fabric management. After the shared storage was created, it was configured within each virtual machine to make them accessible to each candidate cluster node.
u Perform the following steps on the first Virtual Machine Manager virtual machine with an account that has both local Administrator rights and permissions in AD DS to create the Virtual Machine Manager CNOs. |
|
From an elevated command prompt in Windows PowerShell on the configuration workstation or one of the nodes, run the following cmdlet to test the cluster configuration: Test-Cluster <SCVMM01>, <SCVMM02> Because only the SC-database NIC is connected at this time, you will get a warning message. This is expected. View the report to check for any other warnings or errors. The report location is listed in the warning message.
|
|
Navigate to %TEMP% and review the Failover Cluster Validation Report for errors and warnings. Perform any required remediation and re-run the cluster test as required. |
|
From the same elevated command prompt in Windows PowerShell, run this command to create the cluster: If successful, the cluster name will be displayed as output when the process is complete. Note: If you are using DHCP for the cluster nodes, do not use the |
New-Cluster -Node <SCVMM01>, <SCVMM02>
|
Right-click Failover Cluster Manager in the Failover Cluster Manager and select Connect to Cluster…
|
|
Enter the name of the newly created cluster and click OK. |
|
Expand the cluster and select the Networks node. Right-click the network and select Properties.
|
|
In the Network Properties window, change the Name of the network to reflect the NIC names in the nodes. Click OK.
|
The Virtual Machine Manager installation requires that an Active Directory container be created to house the distributed key information for Virtual Machine Manager.
For more information, see Configuring Distributed Key Management in VMM.
Note: If Virtual Machine Manager will be deployed by using an account with rights to create containers in AD DS, you can skip this step.
Use the following procedure to create an AD DS container to house the distributed key information. These instructions assume that a domain controller running at least Windows Server 2008 R2 functional level is in use.
u Perform the following steps on a domain controller in the domain where Virtual Machine Manager is to be installed. |
|
Log on to a domain controller with a user that has Domain Admin privileges, and run adsiedit.msc.
|
|
Right-click the ADSI Edit node, and click Connect to… |
|
In the Connections Settings dialog box, in the Connection Point section, select the Select a well known Naming Context option. Select Default naming context from the drop-down list, and click OK. |
|
On the ADSI Edit page, click Default naming context [<computer fully qualified domain name>], expand <distinguished name of domain>, right-click the root node. Click New, and then click Object… |
|
On the Create Object page, click container, and then click Next. |
|
In the Value text box, type VMMDKM, and then click Next. |
|
Click Finish to create the container object. |
|
Within ADSI Edit, right-click the new CN=VMMDKM object, and then click Properties.
|
|
On the VMMDKM Properties page, click the Security tab. Click Add to add the VMM Service account and VMM Admins group. Grant the security principles Full Control permissions. Click OK and close ADSI Edit. |
u Perform the following steps on the first Virtual Machine Manager virtual machine. |
|
Log on to Virtual Machine Manager virtual machine as a user with local Administrator rights. Verify that the following accounts or groups are members of the local Administrators group on the Virtual Machine Manager virtual machine: · Orchestrator service account · Operations Manager action account · Virtual Machine Manager Admins group · Virtual Machine Manager service account · SQL Server service account
|
|
From the Virtual Machine Manager installation media source, right-click setup.exe and click Run as administrator to begin setup. If prompted by User Account Control, select Yes to allow the installation to make changes to the computer. |
|
The Virtual Machine Manager installation wizard will appear. Click Install to begin the Virtual Machine Manager server installation. |
|
Selecting the VMM Management server feature will cause a Microsoft System Center VMM Setup message to appear. Click Yes to switch to the high availability Virtual Machine Manager Setup Wizard. |
|
On the Select features to install page, verify that the VMM management server installation option check box is selected. When it is selected, the VMM console installation option check box is selected by default. Click Next to continue.
|
|
On the Product registration information page, type the following information in the provided text boxes: · Name – Specify the name of the primary user or responsible party within your organization. · Organization - Specify the name of the licensed organization. · Product key – Provide a valid product key for installation of Virtual Machine Manager. If no key is provided, Virtual Machine Manager will be installed in evaluation mode. Click Next to continue. |
|
On the Please read this license agreement page, verify that the I have read, understood and agree with the terms of the license agreement installation option check box is selected and click Next to continue. |
|
On the Join the Customer Experience Improvement Program (CEIP) page, select the option to participate or not participate in the CEIP by providing selected system information to Microsoft. Click Next to continue. |
|
On the Select installation location page, specify a location or accept the default location of %ProgramFiles%\Microsoft System Center 2012 R2\Virtual Machine Manager for the installation. Click Next to continue. |
|
Note: The Virtual Machine Manager Setup Wizard automatically checks for prerequisites. If for any reason a prerequisite is not met, the setup UI will notify you of the discrepancy. This screenshot provides an example of a discrepancy warning. If the system passes the prerequisite check, no screen will be displayed and the Setup Wizard will proceed to the Database configuration page. |
|
On the Database configuration page, type the following information in the provided text boxes: · Server name – Specify the name of the SQL Server cluster created in the steps above. · Port - Specify the TCP port used for the SQL Server, as configured in the steps above. Verify that the Use the following credentials check box is clear. In the Instance name drop-down list, select the Virtual Machine Manager database instance deployed earlier in the SQL Server cluster. In the Select an existing database or create a new database option, select New database, and accept the default database name of VirtualManagerDB. Click Next to continue. |
|
On the Cluster Configuration page, in the Name field, provide a name for the Virtual Machine Manager cluster service. Note: If the cluster node you are installing is configured with static IP addresses, you also need to provide an IP address for the Virtual Machine Manager cluster service. If the cluster node is configured to use DHCP, no additional information is required. |
|
On the Configure service account and distributed key management page, in the Virtual Machine Manager Service account section, select Domain account. Enter the following information in the provided text boxes: · User name and domain – Specify the Virtual Machine Manager service account identified in the previous section in the following format: <DOMAIN>\<USERNAME>. · Password – Specify the password for the Virtual Machine Manager service account identified earlier. In the Distributed Key Management section, select the Store my keys in Active Directory check box. In the provided text box, type the distinguished name (DN) location created earlier within Active Directory: cn=VMMDKM,DC=domain,… Click Next to continue. |
|
On the Port configuration page, accept the default values in the provided text boxes: · Communication with the VMM console: 8100 · Communication to agents on hosts and library servers: 5985 · File transfers to agents on hosts and library servers: 443 · Communication with Windows Deployment Services: 8102 · Communication with Windows Preinstallation Environment (Windows PE) agents: 8101 · Communication with Windows PE agent for time synchronization: 8103 Click Next to continue. |
|
On the Library configuration page, no options are available for a high availability installation. The Library will be configured separately and it should point to a high availability file share. Click Next to continue. |
|
The Installation summary page will appear and display the selections you made in the Setup Wizard. Review the options selected and click Install to continue. |
|
The wizard will display the progress while installing features. |
|
When the installation completes, the wizard will display the Setup completed successfully page. Uncheck the boxes to check for updates and launch the console. Click Close to complete the installation. |
|
When the installation is complete, open the Virtual Machine Manager console to verify that it installed properly. · Set the Server name value to match the name that was provided for the Cluster Resource name during setup (for example, SCVMM-HA: 8100). · Verify that the console opens and connects to the Virtual Machine Manager instance installed. |
Apply the latest Update Rollup to the installation to make sure the latest fixes are applied to the installation.
u Perform the following steps on the second Virtual Machine Manager virtual machine. |
|
Log on to the second Virtual Machine Manager virtual machine as a user with local Administrator rights. Verify that the following accounts or groups are members of the local Administrators group on the Virtual Machine Manager virtual machine: · Orchestrator service account · Operations Manager action account · Virtual Machine Manager Admins group · Virtual Machine Manager service account · SQL Server service account |
|
From the Virtual Machine Manager installation media source, right-click setup.exe and select Run as administrator to begin setup. If prompted by User Account Control, select Yes to allow the installation to make changes to the computer. |
|
The Virtual Machine Manager installation wizard will begin. Click Install to begin the Virtual Machine Manager server installation. |
|
Selecting the VMM management server feature will cause the Microsoft System Center VMM Setup message to appear. Click Yes to switch to the high availability Virtual Machine Manager Setup Wizard and add the second node. Note: Virtual Machine Manager can be deployed on up to 16 cluster nodes but only a single node can be active at any time. |
|
On the Select features to install page, verify that the VMM management server installation option check box is selected. When it is selected, the Virtual Machine Manager console installation option check box is selected by default. Click Next to continue.
|
|
On the Product registration information page, type the following information in the provided text boxes: · Name – Specify the name of the primary user or responsible party within your organization. · Organization – Specify the name of the licensed organization. · Product key – Provide a valid product key for installation of Virtual Machine Manager. If no key is provided, Virtual Machine Manager will be installed in evaluation mode. Click Next to continue. |
|
On the Please read this license agreement page, verify that the I have read, understood and agree with the terms of the license agreement check box is selected, and click Next to continue. |
|
On the Join the Customer Experience Improvement Program (CEIP) page, select the option to participate or not participate in the CEIP by providing selected system information to Microsoft. Click Next to continue. |
|
On the Installation location page, specify a location or accept the default location of %ProgramFiles%\Microsoft System Center 2012 R2\Virtual Machine Manager for the installation. Click Next to continue. |
|
Note: The Setup Wizard automatically checks for prerequisites. If for any reason a prerequisite is not met, the setup UI will notify you of the discrepancy. This screenshot provides an example of a discrepancy warning. If the system passes the prerequisite check, no screen will be displayed and the Setup Wizard will proceed to the Database configuration page. |
|
On the Database configuration page, all options are unavailable when adding an additional node to an existing Virtual Machine Manager cluster. Click Next to continue. |
|
On the Configure service account and distributed key management page, when deploying additional nodes to a Virtual Machine Manager cluster, all fields other than Password are unavailable. · Password – Specify the password for the Virtual Machine Manager service account identified earlier. Click Next to continue. |
|
On the Port configuration page, when deploying additional nodes to a Virtual Machine Manager cluster, all fields are unavailable. Click Next to continue. |
|
On the Library configuration page, no options are available for a high availability installation. The Library will be configured separately and should point to a high availability file share. Click Next to continue. |
|
The Installation summary page will appear and display the selections you made during the Setup Wizard. Review the options selected and click Install to continue. |
|
The wizard will display the progress while installing features. |
|
When the installation completes, the wizard will display the Setup completed successfully page. Click Close to complete the installation. |
|
When complete, open the Virtual Machine Manager console to verify that the installation occurred properly. Set the Server Name value to match the name that was provided for the Cluster Resource name during setup (for example, SCVMM-HA: 8100). Verify that the console opens and connects to the Virtual Machine Manager instance installed. |
|
In the Virtual Machine Manager Console, select Fabric node, then select Servers, and then select Infrastructure, and then select VMM Server. In the Role column, verify that both cluster nodes are listed as VMM Servers. In the Agent Status column, verify that both nodes are listed as Responding. |
Apply the latest Update Rollup to the installation to make sure the latest fixes are applied to the installation.
In a highly available installation of Virtual Machine Manager, the Virtual Machine Manager Library must reside on a Windows Server file share outside the Virtual Machine Manager cluster infrastructure; it is not a supported configuration to reside on the Virtual Machine Manager cluster or its nodes.
In addition, creating a highly available Virtual Machine Manager Library is a recommended practice given that the Virtual Machine Manager servers are highly available servers.
The Private Cloud IaaS PLA physical architecture makes no recommendations for where the Virtual Machine Manager Library resides, other than that it should have the same high availability as other aspects of the installation. Although any file server cluster will suffice, this document details the steps required to host the Virtual Machine Manager Library on the SQL Server Cluster created in earlier portions of this document as an example.
Note: In general, it is recommended to only run SQL instances on a SQL cluster. In this case, in order to simplify the installation, the share was placed on the SQL cluster rather than creating cluster for this single use. It is expected that customer installations will have highly available file share clusters in their environment for hosting this share.
On the configuration workstation open a Windows PowerShell session as an administrator. |
|
Run the following command once for each SQL Server cluster node, and change the ComputerName value each time to that of a different SQL Server cluster node. Add-WindowsFeature -Name FS-FileServer –ComputerName SQL01 |
|
Previous steps created, initialized, and formatted another VHDX file to be used as the SCVMM library shared storage. The following steps present that VHDX to the SQL Server cluster and configure the File Service role on the cluster. Repeat the following steps on each of the SQL Server nodes. |
|
From the Failover Cluster Manage console, right-click a SQL Server VM and select Settings…
|
|
Select the second SCSI Controller. Select Hard Drive and click Add. |
|
Under Virtual hard disk click Browse…
|
|
In the Open window expand VMHost-Mgmtxx > Local Disk (C:) > ClusterStorage > Volume1. Select the previously created and formatted SCVMM library VHDX. Click Open.
|
|
Back on the Settings window expand the newly added Hard Drive and click Advanced Features. Check the box Enable virtual hard disk sharing. Click OK. Repeat for each SQL Server node in the SQL Server cluster.
|
u Perform the following steps on the first SQL Server cluster node. |
|
Within Failover Cluster Manager, expand the SQL Server cluster > Storage. Right-click Disks and click Add Disk.
|
|
On the Add Disks to a Cluster window make sure the box is checked by the disk added in the previous steps. Click OK. |
|
Right-click the newly added disk and select Properties.
|
|
It is recommended to rename the disk to reflect the name used when the disk was formatted. Click OK.
|
|
To be used for files services, the disk must have a drive letter. Notice which SQL Server node owns the disk. |
|
Log into the SQL Server node that owns the disk and launch the Computer Management MMC. Right-click the SCVMM library disk and select Change Drive Letter and Paths…
|
|
On the Change Drive Letter and Paths window click Add…
|
|
On the Add Drive Letter or Path window select an appropriate drive letter from the drop down list. Click OK.
|
|
Within Failover Cluster Manager, right-click Services and applications and select Configure Role… |
|
The High Availability Wizard appears. On the Before You Begin page, click Next to begin the wizard. |
|
On the Select Role window, from the available services and applications, click File Server, and click Next to continue. |
|
On the File Server Type window, select the File Server for general use button, and click Next to continue. |
|
On the Client Access Point window, type a unique name for the clustered file server in the Name text box. Additionally, for static IP configurations, select the appropriate network and assign a unique IP address to the service. Click Next to continue. |
|
On the Select Storage window, from the available storage, select the cluster disk that will be used for the Virtual Machine Manager Library, and click Next to continue. |
|
On the Confirmation page, verify the options selected, and click Next to continue. |
|
When complete, the Summary page will show a report of the actions taken by the wizard. Verify success, and click Finish to complete the wizard. |
|
Note: The high availability file server is available as a service in Failover Cluster Manager. |
|
Within Failover Cluster Manager, right-click the newly created file server, and click Add File Share. |
|
The New Share Wizard appears. On the Select Profile page, select SMB Share – Quick, and click Next to continue. |
|
On the Shared the server and path for this share page, in the Server pane, select the File Server cluster role object name created earlier. In the Share location pane, select the Select by volume button and click Next to continue. |
|
On the Share Name page, type the name you wish in the Share name field, and then click Next to continue.
|
|
On the Other Settings page, select only the Enable continuous availability option, and then click Next.
|
|
On the Permissions page, click Customize Permissions… |
|
Click the Customize Permissions button, and then click Add. Add the following accounts with NTFS Full Control permissions: · VMM service account · VMM Admins group · Both VMM computer accounts · VMM cluster name object computer account · VMM library computer account Click OK to save the changes, and click Next to continue the wizard. |
|
On the Confirmation page, review the settings, and then click Create.
|
|
On the Results page, verify that the shared folder was provisioned properly, and click Close.
|
u Perform the following steps on the Virtual Machine Manager virtual machine. |
|
In the Virtual Machine Manager console, click the Library node. Click the Home tab, and then click Add Library Server from the ribbon. |
|
The Add Library Server Wizard appears. On the Enter Credentials page, select the Enter a user name and password option. In the User name and Password text boxes, type credentials that have administrative rights over each of the target servers where the new highly-available Virtual Machine Manager Library share will reside. For example, if you placed the share on the SQL cluster, this must be an account with local administrator privileges on those cluster nodes. Click Next to continue. |
|
On the Select Library Servers page, in the Domain text box, specify the FQDN of the target domain. In the Computer name text box, type the name of the newly created highly-available File Server cluster name object, and click Add. |
|
The cluster object will appear In the Specified Servers pane. Click Next to continue. |
|
On the Add Library Shares page, select the check box associated with the VMMLibrary share created earlier. Verify that the Add Default Resources check box is selected, and click Next to continue. |
|
Review the Summary page, and click Add Library Servers to continue.
|
|
The Jobs page will appear showing the progress of the Add Library Server action. Verify that all steps have completed. |
|
In the Virtual Machine Manager console, click Fabric Resources, and then click Library Servers in the left pane. Verify that all cluster nodes are listed with the cluster object name and that all servers are listed as Responding under Agent Status.
|
|
In the Virtual Machine Manager console, click Library Servers in the left pane, and verify that all of the correct objects are created. |
SCVMM has implemented a role-based access capability to allow for different individuals to have different levels of access to the functions available within SCVMM. To assign different levels of access, you need to create Run As Accounts. At a minimum, you should create a Run As Account for full administration of the SCVMM installation and start using it for any further configuration of the environment.
In the Virtual Machine Manager console, click Settings. From the ribbon, click Create Run As Account. |
|
On the Create Run As Account page, enter a Name for the Run As account. Enter an Active Directory User Name with the privileges to accomplish the functions to be done. Enter and confirm the password. Make sure the box by Validate domain credentials and click OK to continue. |
|
Back in the SCVMM console, expand Security and select Run As Accounts. You will see the newly created account. |
Select Fabric and expand Servers. Right-click All Hosts and select Create Host Group.
|
|
Create a name for a group in which you will place the Fabric Management hosts. |
|
With Fabric still selected, click the down arrow on Add Resources in the menu ribbon. Select Hyper-V Hosts and Clusters. |
|
On the Resource Location window, select the radio button Windows Server computers in a trusted Active Directory domain. Click Next to continue. |
|
On the Credentials window enter either the Run As account previously created or manually enter appropriate credentials. In either case, the underlying account must be a local administrator on the host machines being added. Click Next to continue. |
|
On the Discovery Scope window you can either enter the server names manually or you can create an Active Directory query. After entering the server names, cluster name, or the Active Directory query, click Next to continue. |
|
On the Target Resources window, click the check box by the cluster name. Click Next to continue. |
|
On the Host Settings window, select the host group you created earlier. If the hosts have ever been associated with a VMM instance in the past, click the check box by Reassociate this host with this VMM environment. Click Next to continue. |
|
Review your selections on the Summary window. Click Finish to accept. |
|
When the job to add the hosts completes, you are likely to see a warning message in regards to MPIO. You can either reboot the servers now, or schedule them for a reboot. |
|
Now that the Hyper-V hosts are managed by SCVMM, you can manage the reboot from the SCVMM console. Right-click the server you wish to restart and select Start Maintenance Mode from the menu. |
|
On the Select the action to perform … window select the radio button to Move all virtual machines … option to live migrate all the VMs to another node in the cluster. Click OK to continue. |
|
In the Virtual Machine Manager console, select the host that was placed in maintenance mode. When no VMs are left on that host (Job Status will show Completed), right-click the host and select Restart. A warning message about what will happen to VMs on the host will display. Since you have already evacuated the host, click Yes to continue. |
|
When the host restarts, right-click the host and select Stop Maintenance Mode so it will be able to accept VMs being moved to it. Restart the other hosts. |
Complete the following steps to register the VNX file share to VMM.
From the configuration workstation, open the Computer Management MMC and connect to the VNX. Open the Properties of the file share used for storing the virtual machine hard disks. |
|
In the Share Permissions tab add the computer accounts for each SCVMM server, the cluster, and the SCVMM service account, granting them Full Control. Click OK. |
|
In the SCVMM console, navigate to Fabric > Servers > All Hosts > Fabric Management. Right-click Management Cluster and select Properties. |
|
Select File Share Storage and click Add. |
|
Enter the UNC path to the file share that stores the cluster VHDs and click OK. |
|
Click Browse to add a Run As account.
|
|
Select the Run As account and click OK. Note: The Active Directory account to which the Run As Account is associated must have Full Access to the VNX file share.
|
|
Click OK to register the file share. |
Navigate to Fabric > Networking > Logical Networks. Double-click one of the networks, except SC-access or T1-access, to open the Properties. |
|
On the Properties window, click Network Site. Click Add to start the configuration of the network site. Select the Hyper-V hosts that will be able to offer this network site through a virtual switch definition. Click Insert Row and enter the VLAN tag value for this network. Enter the IP subnet definition in CIDR notation for this network. Optionally, rename the site name. Click OK to continue. Repeat for all networks except SC-access and T1-access. Those networks are for use with the Cisco Nexus 1000V and will be configured later. Note: For any network that is defined as Native on UCS, enter the VLAN as 0. |
Having a library as part of VMM provides a handy location for storage of many items that are used regularly in the management and maintenance of the cloud. It can be helpful to create subdirectories within the standard SCVMM library share for storage of items, such as distribution media in the form of ISO files.
In the Virtual Machine Manager console, click Library. Right-click the previously created library and select Explore. |
|
A Windows Explorer window will display allowing you to create whatever directories you may find useful, such as a Software directory to be used for storing ISO files, or a PowerShell directory to store re-usable PowerShell scripts. After the directories are created, they can be used as regular UNC paths under the share created previously, allowing you to copy information into them from any location, as long as the user performing the copy has the proper privileges. Note: The subdirectories will not show in SCVMM until a recognized file is placed into the subdirectory. |
By default, when SCVMM is creating a virtual machine, and you are using an ISO file from the library for installation purposes, the ISO file is copied and made part of the virtual machine’s definition. This wastes time copying the file and it takes extra space. It also means that different versions of installation media may end up getting stored all over. Sharing ISO items across nodes requires additional configuration of the SCVMM hosts and any system that runs the SCVMM console. This is called constrained delegation which allows the SCVMM host to operate on behalf of the virtual machine being created.
This is a security change to a default installation, so it should be reviewed with your security department before deployment.
On your domain controller (or a system that has the proper Remote Server Administration Tools installed), launch Active Directory Users and Computers. Expand your domain and expand Computers. Right-click your SCVMM host and select Properties. |
|
On the Delegation tab, click the radio button Trust this computer for delegation to specified service only. Select the radio button Use any authentication protocol. Click the Add button. |
|
On the Add Services page, click Users or Computers... Select the SCVMM library server in the Select Users or Computers window. Click OK to show the list of services available for the selected server. Select the cifs service and click OK to continue. Click OK on the server Property page to update the services Repeat for each SCVMM server or any server from which you plan to run the SCVMM console, such as your remote management workstation. |
The Cisco Nexus 1000V for Microsoft Hyper-V package (a zip file) is available at the download URL location provided with the software. Complete the following steps to download the Cisco Nexus 1000V for Microsoft Hyper-V package. Extract the contents of the zip file and find the location of these components:
· Virtual Supervisor Module (VSM) ISO located in VSM\Install subdirectory
· Virtual Ethernet Module (VEM) MSI package located in VEM subdirectory
· Cisco VSEM Provider MSI package located in VMM subdirectory
Cisco Nexus 1000V for Hyper-V can be downloaded at the following link:
Determine the node of the SCVMM cluster that is hosting the cluster resource and work from that node. |
|
Find the VSEMProvider installation package in the VMM subdirectory and install it. |
|
Click the check box for I accept the terms in the License Agreement and click Install. |
|
A status screen will show the progress of the installation. When you receive the completion screen, click Finish to complete the installation. The installation will restart the VMM service, so you will lose the connection to the service. Just wait and you will be reconnected to the VMM console. |
|
In the SCVMM console navigate to Settings > Configuration Providers to validate the installation of the Cisco Nexus 1000V. |
|
From the SCVMM Console launch a PowerShell window. This must be launched from the SCVMM Console in order for the proper PowerShell modules to be loaded. Be patient – it takes a little time for the modules to load. By default the execution policy for execution of scripts is too strict to all for the execution of a script downloaded from the web. To allow execution of the next installation script, run this PowerShell cmdlet. |
Set-ExecutionPolicy Bypass -Force
|
Within the PowerShell window navigate to C:\Program Files\Cisco\Nexus1000V\Nexus1000V-VSMTemplate. When there execute this PowerShell cmdlet. Notice it starts with a period(.). |
.\Register-Nexus1000VVSMTemplate.ps1
|
Verify the success by looking in the VMM Library. You should see a new sub-directory name Nexus1000V-VSM and two elements stored in it. |
|
u Perform this copy on each SCVMM management server. DO NOT EXECUTE – ONLY COPY. |
|
The destination directory is a hidden directory, so unless you have configured your system to show hidden directories, you need to type its location in the top of the Windows Explorer window. |
|
The Cisco Nexus1000V-VEM-5.2.1.SM1.5.2c.0.msi file is located in the \VEM subdirectory of the expanded files. Copy it to the Switch Extension Driver directory. |
|
u Perform this copy on one SCVMM management server. |
|
Copy the VSM ISO file to the SCVMM Library. The VSM ISO file is found in the \VSM\Install subdirectory of the expanded files. The SCVMM library is a standard file share, so you just have to copy the file to the appropriate file share location. |
The Cisco Nexus 1000V is deployed as a pair of highly available virtual machines. Each machine will have its own unique management IP address, and the highly available service will have its own virtual IP address separate from the individual machines. It is necessary to add, at a minimum, the virtual IP address to DNS. SCVMM uses the virtual IP address for communication.
From the VMM console, select VMs and Services. Select Create Virtual Machine from the menu ribbon, and select Create Virtual Machine. |
|
On the Select Source window, select the radio button Use an existing virtual machine, VM template, or virtual hard disk. Click Browse. |
|
On the Select Virtual Machine Source window, scroll to the bottom to find the Type: VM Template. Select the Nexus1000v-VSM-Template. Click OK to continue. Click Next on the Select Source page. |
|
On the Identity window, enter a name for the virtual machine you are creating. Click Next to continue. |
|
On the Configure Hardware window, under Compatibility, select the check box Hyper-V. Everything should be configured from the template. However, you must assign the ISO file for installation. Click Virtual DVD drive. |
|
The right-hand side of the page will change to allow you to configure the Virtual DVD Drive. Select the radio button Existing ISO image. Click Browse. Note: If you have configured your systems for Constrained Delegation, you can also select the check-box Share file instead of copying it. |
|
On the Select ISO window, select the Nexus-1000V.5.2.1.SM1.5.2c.iso file. Click OK to continue. |
|
Scroll down to the Advance objects in the middle pane and select Availability. Check the box Make this virtual machine highly available. |
|
Scroll to the Network Adapters objects in the middle pane and select the first network adapter. In the right pane select the radio button Connected to a VM network and click Browse. |
|
Select the management network shared between hosts and VMs and click OK. Repeat for all three network adapters; all three network adapters are on the same VM network. |
|
Click Next to proceed. |
|
Select the default placement option to place the virtual machine on Fabric Management and click Next. |
|
In the Select Host window select the second node for the first VM and the fourth node for the second VM. Click Next. |
|
Review the path to store the virtual machine configuration and VHD. Click Next to proceed. |
|
As the Cisco Nexus 1000V is critical to the operation of the overall network, select the option to Always turn on the virtual machine when the server starts and set a startup delay of 30 seconds. Set the option to Turn off virtual machine when the server stops. In the Add Properties window select Exclude virtual machine from optimization actions. Click Next to proceed. |
|
Review the summary and click Create.
|
|
Verify that virtual machine is created successfully. |
|
Repeat this procedure to create the second VSM virtual machine. |
|
Using the Failover Cluster Manager, open the Properties of each VM and set the Preferred Nodes to nodes 2 and 3 for the first VM and nodes 4 and 1 for the second VM. The following PowerShell script will set the anti-affinity group on the two VMs to ensure they are not running on the same host: $vmClusGrp = Get-ClusterGroup "SCVMM N1KV-VSM01 Resources" -Cluster VMHost-MgmtClus $aaTmp = New-Object System.Collections.Specialized.StringCollection $aaTmp.Add("N1KV") | Out-Null $vmClusGrp.AntiAffinityClassNames = $aaTmp $vmClusGrp = Get-ClusterGroup "SCVMM N1KV-VSM02 Resources" -Cluster VMHost-MgmtClus $aaTmp = New-Object System.Collections.Specialized.StringCollection $aaTmp.Add("N1KV") | Out-Null $vmClusGrp.AntiAffinityClassNames = $aaTmp |
u Perform the following configuration operation on the server running Domain Name Service. |
|
Open DNS Manager and navigate the forward lookup zone for the domain. Right-click the forward lookup zone and select New Host (A or AAAA) … |
|
Enter the VMS host name and IP address. Click Add Host. Click OK to acknowledge the DNS record creation. Click Done to close the New Host window. |
u Perform the following configuration operation on the first VSM virtual machine. |
|
In SCVMM power on the first N1KV VSM and connect to it.
|
|
There are three questions asked, all of which have short timers on them. If you do not answer, they automatically continue using the defaults. Keep the defaults. |
|
The installation asks for a password for the admin account. Enter the password and confirm it. If the password is not considered ‘strong’, you will be prompted for a different password. The next question is the HA role. Enter primary. The next question is the domain ID. Enter a value between 1-1023. |
|
Enter Y to enter the basic configuration. Enter N to creating another login account. Enter the switch name : N1KV-Switch Enter Y to configure Out-of-Band management interface. Enter the Mgmt0 IPv4 address: 192.168.10.244 Enter the IPv4 netmask: 255.255.255.0 Enter Y to configure the default gateway. Enter the IPv4 gateway address: 192.168.10.1 Enter Y to configure advance options. Enter Y to configure advanced IP options. Enter N not to configure a static route. Enter N not to configure the default network. Enter Y to configure DNS IP Address: 192.168.20.240 Enter Y to configure default domain name: VSPEX.com Enter N not to configure read-only SNMP community string. Enter N not to configure read-write SNMP community string. Enter Y to enable telnet service. Enter Y to enable ssh service. Enter rsa as the type of ssh key. Enter 1024 for the number of rsa key bits. Enter Y to configure NTP server address: 192.168.20.93. Enter N to reconfigure option. Enter N not to edit the configuration. Enter Y to save the configuration and use it. |
|
Remove the ISO from the first VSM VM. |
|
u Perform the following configuration operation on the second VSM virtual machine. |
|
In SCVMM or Failover Cluster Manager console, connect to the second VSM VM and power it on. Again, there are three questions at the beginning of the process; keep the defaults.
|
|
Enter the admin password. Select secondary for the role. Enter Y to the prompt on the reboot. Enter the domain id entered on the primary node.
|
|
Log into the VSM and verify the redundancy status: Show redundancy status
|
|
Remove the ISO from the second VSM VM. |
Enter the following configuration commands on the primary VSM:
configure terminal
nsm logical network FastTrack
exit
nsm network segment pool Mgmt-Fabric
member-of logical network FastTrack
exit
nsm ip pool template N1KV-SC-access-IP-Pool
ip address 192.168.20.100 192.168.20.199
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
exit
nsm network segment N1KV-SC-access
member-of network segment pool Mgmt-Fabric
switchport access vlan 20
ip pool import template N1KV-SC-access-IP-Pool
publish network segment
exit
port-profile type vethernet SCAccess1
no shutdown
state enabled
publish port-profile
exit
port-profile type ethernet N1KV-Uplink-Policy-FastTrack channel-group auto mode on mac-pinning
no shutdown
state enabled
exit
nsm network uplink N1KV-SC-Uplink
import port-profile N1KV-Uplink-Policy-FastTrack
allow network segment pool Mgmt-Fabric
system network uplink
publish network uplink
exit
copy running-config startup-config
Navigate to Fabric > Networking > Network Service. Right-click and select Add Network Service. |
|
Enter a name for the network service. Optionally enter a description. Click Next to continue. |
|
Accept Cisco as the Manufacturer and Nexus 1000V as the Model. Click Next to continue. |
|
On the Credentials window, click Browse. |
|
Click Create Run As Account. |
|
Enter the Run As account name and description. Enter the user name with rights to manager the Nexus 1000V VSM. This is the account and password configured during Nexus 1000V VSM installation. Clear the check box for validating the domain credentials. Click OK to continue. |
|
Select VSM-Admin account and click OK. Back on the Credentials window, click Next to continue. |
|
On the Connection String window enter the URL to access the created VSM. In this example that is http://N1KV-Switch. Click Next to continue. |
|
On the Provider window click Test to run basic validation. Check the test results to make sure the test run passed. Click Next to continue. |
|
On the Host Group window select All Hosts group. Click Next to continue. |
|
Review the contents of the Summary window and click Finish. |
|
From within the VMM console, validate that the Network Service is installed. |
In the left pane of Virtual Machine Manager select Fabric > Networking > Logical Switches. Click Create Logical Switch. |
|
On the Getting Started window click Next. |
|
Enter a logical switch name for the Nexus 1000V. Click Next to continue. |
|
Uncheck Microsoft Windows Filtering Platform. Check N1KV-Switch forwarding extension type. Click Next to continue. |
|
Select the Team Uplink mode in the dropdown text box. Click Add to add the uplink port profile. |
|
Select the Port Profile and click OK. |
|
Review the added uplink port profile and click Next to continue. |
|
On the Virtual Port window click Add to add the virtual port classification. |
|
On the Configure the virtual port window click Browse.
|
|
On the Select a Port Profile Classification click Create Port Classification. |
|
Enter the port classification Name and Description. Click OK. |
|
Select the new Management Fabric port classification and click OK. |
|
Check N1KV-Switch and select the port profile from the dropdown text box. Click OK. |
|
From the Virtual Port window click Next to continue. |
|
Confirm the configuration setting and click Finish to create the logical switch. |
|
Within the VMM console validate the Nexus 1000V virtual switch is created. |
u Perform the following procedure on each Management Fabric Cluster node. |
|
In the active Virtual Machine Manager instance, select Fabric. Expand All Hosts and the Fabric Management Cluster. |
|
Select the first management fabric host and click Properties. |
|
Select Virtual Switches. Select the SC-access network. Click the drop down box to record the interface number for this NIC. Click Delete. Click OK. Note: When Hyper-V was configured on the servers at the beginning, a virtual switch was defined for SC-access even though we knew we would be replacing the definition with an N1KV definition. This prevents some warning messages from appearing in the cluster validation wizard. |
|
A warning window will display. Click OK. Repeat for all hosts. Monitor the jobs to ensure completion before continuing. |
|
Navigate to Properties > Virtual Switches on a host. Click New Virtual Switch and select New Logical Switch. |
|
Select the N1KV-SC-access virtual switch and from the drop down list select the adapter that was just deleted. Click OK.
|
|
Click OK to invoke the configuration change.
|
|
Click Jobs and monitor the job progress. The job will complete with a Status of Completed w/ Info until the logical switch is installed on all of the hosts in the cluster. The last job should complete with a Status of Completed. Repeat this procedure on all cluster nodes. |
|
Open the VMHost-MgmtClus01 properties and verify that the N1KV-SC-access switch is in the list of switches installed on all cluster nodes. |
Navigate to VMs and Services > VM Networks. Right-click VM Networks and click Create VM Network. |
|
Enter the network name. Verify that the logical network FastTrack is selected and click Next. |
|
In the Isolation window, select Network manager and select the network manager created previously. Click Next to continue. |
|
In the Isolation Options window select Specify an externally supplied VM network and select the N1KV-SC-access (name configured within the Nexus 1000V) external network. Click Next to continue. |
|
In the Summary window click Finish to create the VM network. |
u Perform the following steps on the Virtual Machine Manager virtual machine. |
|
Log into the first Virtual Machine Manager virtual machine. Using Failover Cluster Manager identify the owner of the highly available Virtual Machine Manager instance. Move the Virtual Machine Manager instance to the second node, if it is owned by the first node. |
|
Shutdown the first Virtual Machine Manager virtual machine by running following PowerShell command: Stop-Computer |
|
Log into the second Virtual Machine Manager virtual machine and start the Virtual Machine Manager console. Select VMs and Services. Click All Hosts. Right-click the first Virtual Machine Manager virtual machine that is in a stopped state and select properties. |
|
Select Hardware Configuration in the left pane and scroll down to the Network adapters in the middle pane. Note: The screen shots to the right show a virtual machine that was created with the automated procedure that created a VM with two adapters – one connected and assigned and the other not connected. If you manually created the VMs with a single VM follow the next steps to create another adapter and assign it to the proper network. Select the network adapter that is not connected. Select the radio button Connected to a VM network and select the N1KV network. Under Logical Switch select the Management Fabric classification. Click OK to continue. |
|
Click Add and select Network Adapter to create the second network adapter. |
|
Select the radio button Connect to a VM Network and select the N1KV network. Under Logical Switch select the Management Fabric classification. Click OK to continue. |
|
Select Jobs and monitor the job completion progress. |
|
You may receive a job completion stating Completed w/ info. The information may indicate that the virtual switch is not compliant. If this happens, execute the following remedial steps. |
|
Navigate to Fabric > Networking > Logical Switches and select Hosts from the ribbon. Scan through the list of hosts and their associated logical switches and select the N1KV-SC-access switch. Right-click and select Remediate. Repeat for all the hosts in the cluster. |
|
Start the Virtue Machine Manager virtual machine. |
|
Log into the first Virtual Machine Manager virtual machine. Using Failover Cluster Manager move the Virtual Machine Manager instance to the first node. |
|
Wait until the VMM instance is migrated to SCVMM01 and then shut down SCVMM02 virtual machine with the shown PowerShell cmdlet. Repeat the above steps to configure the second SCVMM server. |
Stop-Computer -ComputerName SCVMM02 -Force
|
Log into the Cisco Nexus 1000V VSM and verify that the virtual adapters are connected to the Virtual Machine Manager virtual machines. Show interface virtual |
u Perform the following operation on both Virtual Machine Manager virtual machines. |
|
Connect to the SCVMM VM through the Failover Cluster Manager. The network connection will be dropped during this change and connecting through Failover Cluster Manager ensures continued connection. Open Network Connections. |
|
Rename the new network interface to match the network interface connection. |
|
Right-click the previously created SC-Databases network interface, select Properties and click Advanced. |
|
Select the DNS tab. Uncheck Register this connection’s address in DNS. Click OK to save the configuration. |
|
In the general IPv4 TCP/IP properties clear the default gateway and preferred DNS entries. Click OK to save the changes. |
|
Right-click the new network interface, select Properties. Select the TCP/IPv4 item and click Properties. |
|
Configure the TCP/IP properties. Specify the IP Address, Subnet mask, Default gateway, and Preferred DNS servers. Click OK to save changes. |
|
Open a command prompt. Run the following command: ipconfig /registerdns |
|
In Network Connections press the ALT key to bring up the menu. Click Advanced and select Advanced Settings from the drop-down list. |
|
Move SC-access to the top of the list. Click OK. Repeat for the other SCVMM server. |
u Perform the following operation on one Virtual Machine Manager virtual machines. |
|
Open Failover Cluster Manager. Select the Virtual Machine Manager Cluster and expand the Networks object. |
|
Right-click Cluster Network 2 and open Properties. |
|
Rename the network name to match the connected network. Click OK to save changes. |
|
Select Roles in the left pane and select the highly available Virtual Machine Manager instance in the top middle pane. |
|
In the middle lower pane click the Resources tab and double-click the IP address to open its properties page. |
|
Update the Name, Network, and static IP address to use the SC-access network. |
|
Click Yes to take the IP Address resource offline, apply the changes. Click OK to bring the IP Address resource back online. |
|
The highly available Virtual Machine Manager cluster resource IP address is now configured on the SC-access network. |
|
Open a command prompt. Run the following command: ipconfig /registerdns |
|
Select the Virtual Machine Manager cluster in the top left pane and double-click the cluster core resource IP Address to open its property page. |
|
Update the Network and static IP address to use the SC-access network. |
|
Click Yes to take the IP Address resource offline, apply the changes. Click OK to bring the IP Address resource back online. |
|
Allow the IP Address resource to be brought offline. Bring the IP Address resource back online. Open a command prompt. Run the following command: ipconfig /registerdns |
|
u Perform the following operation on the following all System Center virtual machines. |
|
Depending on how you built your VMs, with or without a virtual NIC to be used by SC-access, you need to assign the N1KV SC-access VM network to each VM. Instructions provided earlier for configuring the SCVMM machines to use this network can be used on each VM to add or assign through the SCVMM console. When you have added/assigned the SC-access network through SCVMM, use the following steps to configure the properties of the VM’s NICs. |
|
Using the SCVMM Manager console, connect to a VM and login. From PowerShell list the network adapters and their MAC addresses. Get-NetAdapter
|
|
From SCVMM open the Properties of the VM and select Hardware Configuration. |
|
Match the MAC addresses from the PowerShell cmdlet and the Hardware Configuration and rename to the appropriate name. |
Rename-NetAdapter "Ethernet 2" -NewName "SC-access" Rename-NetAdapter "Ethernet" -NewName "SC-database" |
Open Network Connections. Open the Properties of the SC-access network. Select the TCP/IPv4 item and click Properties. |
|
Configure the TCP/IP properties. Specify the IP Address, Subnet mask, Default gateway, and Preferred DNS servers. Click OK to save changes. |
|
Open the Properties window for the SC-database network interface, select the TCP/IPv4 item, and click Properties. Configure just the IP address and subnet mask. Click Advanced. |
|
Select the DNS tab. Uncheck Register this connection’s address in DNS. Click OK to save the DNS configuration. Click OK on the general window to save all changes. |
|
Change the network binding order to ensure the SC-access network is first. Within Network Connections, press the ALT key, select Advanced Settingsfrom the drop down menu. |
|
Adjust the order of the NICs by using the up/down arrows to ensure the SC-access NIC appears first. Click OK to continue. |
|
Open a command prompt and run the following command: ipconfig /registerdns |
|
Open the System Properties for the VM. Click Change.
|
|
Provide a computer name. Click the radio button Domain. Click OK. Provide credentials of an account that can add the system to the domain. After entering the credentials, restart the system. Repeat for all VMs. |
The Cisco UCS Add-in for Microsoft System Center 2012 R2 Virtual Machine Manager enables management of Cisco UCS from within SCVMM.
Installation of this add-in requires that Cisco UCS PowerTool is already installed on the servers to which the UI extensions add-in will be added. The add-in needs to be installed on any SCVMM console from which you want to use the extensions.
The latest add-in can be downloaded from https://software.cisco.com/download/release.html?mdfid=286282669&flowid=72562&softwareid=284574016&release=1.1.1&relind=AVAILABLE&rellifecycle=&reltype=latest.
Launch the SCVMM console and navigate to Settings. Click Import Console Add-in. |
|
On the Select an Add-in page, browse to the location where you have downloaded the add-in installation zip file and select the zip file. Click Next to continue. |
|
On the Summary page, verify you are installing the proper version. Click Next to continue. |
|
The Jobs page will display showing a successful completion of the installation. |
|
Navigate to VMs and Services and you will see the Cisco UCS Add-in on the tool bar ribbon. |
From the VMs and Services panel, click Cisco UCS in the tool bar ribbon. It will process for a short time and return with UCSAddIn in the working pane. Note: The All Hosts option must be selected within VMs and Settings to enable configuration of Cisco UCS. |
|
Click UCS Domains and select Add UCS Domain from the drop down menu. |
|
On the Add UCS Domain page, enter the DNS name or the IP address of your UCS Manager in the UCS field. Enter the appropriate username and password in the Username and Password fields. If you are communicating on other than port 80, enter that in the Port field. If you are using SSL, check the Use Secure Connection box. Click Add to add the connection to the UCS Manager. Note: If you have integrated UCSM credentials into Active Directory, these can be Active Directory credentials. |
|
When the connection is made, you should be able manage several components of Cisco UCS Manager. Repeat this installation and configuration for each server running the SCVMM console if you plan on managing Cisco UCS from that console. Note: If you plan on using the KVM Console feature available in this add-in, you need to install the Java runtime onto the server. |
SCVMM storage integration requires an SMI-S provider instance to communicate with the VNX storage array. The following sections outline the minimum requirements for configuring the SMI-S provider and VMM environment to allow for SCVMM to manage VNX storage and perform rapid virtual machine deployment. At a high level the required steps include:
· Installing the EMC SMI-S Provider
· Registering the VNX with the Provider
· Creating the SMI-S user for the SCVMM run as account
· Creating the run as account within SCVMM
· Registering the EMC SMI-S provider with SCVMM
· Creating classifications and choosing storage pools for management
· Allocating Storage Pools to Host Groups
· Configuring the Library Server
· Creating a San Copy Capable Template
· Selecting the Rapid Provisioning Deployment Method
Additional information can be found in the document titled “Storage Automation with System Center 2012 and EMC Storage Systems using SMI-S” available at https://support.emc.com.
Note: The EMC SMI-S provider must be installed on a server that has access to the EMC VNX control station IP addresses, not just the VNX SMB file server.
u Perform the following steps on the EMC SMI-S provider virtual machine. |
|
From an elevated PowerShell session run these commands to open the ports required for the SMI-S provider:
|
New-NetFirewallRule –DisplayName “SLP-udp” –LocalPort 427 –Protocol UDP –Action Allow –Direction Inbound New-NetFirewallRule –DisplayName “SLP-tcp” –LocalPort 427 –Protocol TCP –Action Allow –Direction Inbound New-NetFirewallRule –DisplayName “CIM-XML” –LocalPort 5988-5989 –Protocol TCP –Action Allow –Direction Inbound |
If the ESI Service is installed it should be stopped prior to installing the provider. Run the se76226-WINDOWS-x64-SMI.exe installer. If prompted install the required Visual C++ runtime components. |
|
Select Next to begin installation. |
|
Install to the desired location. Click Next.
|
|
Make sure Array Provider is selected and click Next.
|
|
Accept the default service list and click Next.
|
|
Click Install to start the installation. Select Finish to close the installer on completion.
|
u Perform the following steps on the EMC SMI-S provider virtual machine. |
|
From a command or PowerShell prompt, change directory to C:\Program Files\emc\ECIM\ECOM\bin. Run the TestSmiProvider.exe command and accept all defaults by pressing Enter when prompted.
|
|
At the (localhost:5988) ? prompt, run the addsys command. · For Add System enter y · For ArrayType enter 1 · For IP address or hostname enter the IP for SPA and hit enter · For IP address or hostname 2 enter the IP for SPB and hit enter · For Address Type enter 2 for each entry Enter the appropriate User and Password with access to run privileged commands to the array. Resulting output should be 0. Press q to quit. |
u Perform the following steps on the EMC SMI-S provider virtual machine. |
|
From a web browser go to https://localhost:5989/ecomconfig If certificates have not been configured, you will get the warning about the website’s certificate. Click Continue to this website (not recommended). |
|
Log in as:
|
|
Select Add User.
|
|
Insert the desired User Name and Password. For Role choose administrator. For Scope choose Local. If Password never expires is set to false the password for this user will expire in 90 days. Select Add User. |
u Perform the following steps on the SCVMM virtual machine. |
|
From within the Virtual Machine Manager console, go to Settings > Security > Run As Accounts. Select Create Run As Account.
|
|
Enter the appropriate information, including the User name and Password used when creating the account on the SMI-S provider host. Clear the checkbox by Validate domain credentials. Click Finish. |
From within the Virtual Machine Manager console, go to Fabric > Storage > Providers. Right-click Providers and select Add Storage Devices.
|
|
Select SAN and NAS devices discovered and managed by a SMI-S provider. Click Next.
|
|
Enter the following information: · Protocol: · Provider IP address or FQDN: · TCP/IP port: · Use SSL: · Run As account: Click Next. If SSL was selected, import the certificate when prompted. |
|
Verify the storage device following a successful discovery operation. Click Next.
|
|
Select Create classification and create one or multiple classifications based on the storage types in your environment.
|
|
After creating new classifications, click Add. |
|
Select the pools to be managed within SCVMM and assign the previously created Classification(s). Click Next. |
|
Confirm the settings and click Finish. |
From within the Virtual Machine Manager console, go to Fabric > Servers. Expand the Servers folder. Right-click the appropriate host folder and select Properties.
|
|
Navigate to the Storage menu and select Allocate Storage Pools.
|
|
Select the desired storage pools and click Add. Select OK to commit and exit. |
From within the Virtual Machine Manager console, go to Library > Templates. Select Create VM Template.
|
|
Select Use an existing VM template or a virtual hard disk stored in the library and click Browse. Select the San Copy Capable virtual hard disk and click OK. Click Next. |
|
Name the template and select Next.
|
|
Select the appropriate hardware customizations. If the template is intended for cluster deployment, go to Advanced > Availability and select Make this virtual machine highly available. Select Next. |
|
Choose the desired operating system customization and select Next.
|
|
Choose optional application deployments and select Next. |
|
Optionally choose the SQL Server configuration for the template and choose Next. |
|
Click Create to start the Create template job and complete the wizard. |
SCVMM supports both clones and snapshots for SAN Copy-based deployments. The copy method can be changed through PowerShell or from the GUI. The following steps detail how to change this setting using either method.
From within the Virtual Machine Manager console, go to Fabric > Storage > Arrays. Right-click the VNX entry and select Properties.
|
|
Navigate to the Settings menu. From the Settings menu select Use snapshots to use VNX Snapshots, where up to 256 snapshots can be taken per template LUN. Alternatively, select Clone logical units to do full copy clones of the template LUN. Select OK to change the setting. |
|
For scripting purposes, the storage array setting for choosing snapshots or clones can be modified for a particular job. Use the following command to set either “snapshot” or “clone” for the copy method: $array = Get-SCStorageArray -name VNX5400 #For Snapshots Set-SCStorageArray -StorageArray $array -LogicalUnitCopyMethod "snapshot" #For Clones Set-SCStorageArray -StorageArray $array -LogicalUnitCopyMethod "clone" |
Starting with SCVMM 2012 R2, you can use ODX when deploying virtual machines from templates. When using the “network” transfer type, SCVMM 2012 R2 automatically attempts to use ODX to perform the virtual machine deployments. The VNX supports ODX when copies are performed across LUNs within the same storage array and within a LUN on the storage array. For the purposes of this document, only block based VNX support for ODX is discussed. The following steps can be used to verify if ODX is enabled on the VNX.
From Unisphere: Navigate to System > System Properties.
|
|
Navigate to the Software tab and make sure ODXCopy is listed and active.
|
A minimum of two Operations Manager servers are deployed in a single management group that is using a dedicated SQL Server instance in the virtualized SQL Server cluster. An Operations Manager agent is required to be installed on every management host and each scale unit cluster node to support health monitoring functionality. Additionally, agents may be installed on every guest virtual machine to provide guest level monitoring capabilities.
Operations Manager gateway servers and additional management servers are supported for custom solutions; however, for the base reference implementation these additional roles are not implemented. Additionally, if there is a requirement to monitor agentless devices in the solution, such as data center switches, additional management servers should be deployed to handle the additional load. These additional management servers should be configured into an Operations manager Resource Pool dedicated to this task (http://technet.microsoft.com/library/hh230706.aspx). Deployment of these additional servers is beyond the scope of this CVD.
The Operations Manager installation uses a dedicated SQL Server instance in the virtualized SQL Server cluster. The installation follows a split SQL Server configuration: SQL Server Reporting Services and Operations Manager Management Server components reside on the Operations Manager virtual machines, and the SQL Server Reporting Services and Operations Manager databases utilize a dedicated instance on the virtualized SQL Server cluster. Note that for the IaaS PLA implementation, the Data Warehouse is sized for 90-day retention instead of the default retention period.
The Operations Manager installation process includes the high-level steps shown in Figure 10.
Figure 10 Operations Manager Installation Process
This section provides a high-level walkthrough for deploying Operations Manager into the fabric management architecture. The following assumptions are made:
· Two base virtual machines running Windows Server 2012 R2 have been provisioned for Operations Manager.
· A SQL Server 2012 SP1 cluster with dedicated instances has been established in previous steps.
- The default SQL Server collation settings are SQL_Latin1_General_CP1_CI_AS.
- SQL Server full text search is required.
· The installation will follow a remote SQL Server configuration with multiple SQL Server instances:
- SQL Server Reporting Services and SQL Server Analysis Services are installed in one SQL instance locally on the Operations Manager reporting server. The reporting services databases will run on the remote Operations Manager data warehouse SQL FCI and the Analysis Services data will reside locally on the Operations manager reporting server.
- The Operations Manager databases on will run on a separate SQL Server instance in the Fabric Management SQL Server cluster.
The following environment prerequisites must be met before proceeding.
Verify that the following domain accounts have been created:
Table 24 Operations Manager Accounts
User name |
Purpose |
Permissions |
<DOMAIN>\FT-SCOM-SVC |
System Center Configuration service and System Center Data Access service account (sdk_user role) |
Domain account with local Administrator permissions on all Operations Manager management servers and all SQL Server nodes, in addition to System Admin rights on all Operations Manager SQL Server instances. |
<DOMAIN>\FT-SCOM-Action |
Operations Manager action account |
This account needs full Administrator permissions on all target systems that will be managed by using the action account. |
<DOMAIN>\FT-SCOM-DR |
Operations Manager data reader account |
Domain account with local Administrator permissions on all Operations Manager management servers and all SQL Server nodes. |
<DOMAIN>\FT-SCOM-DW |
Operations Manager, data warehouse write account |
Domain account with local Administrator permissions on all Operations Manager management servers and all SQL Server nodes. |
Note: Specific requirements for Operations Manager are outlined in the Before You Begin section of Deploying System Center 2012 R2 - Operations Manager in the TechNet Library.
Verify that the following security groups have been created.
Table 25 Operations Manager Security Groups
Security group name |
Group scope |
Members |
<DOMAIN>\FT-SCOM-Admins |
Global |
<DOMAIN>\FT-SCOM-Action <DOMAIN>\FT-SCOM-SVC <DOMAIN>\FT-SCOM-DR <DOMAIN>\FT-SCOM-DW Operations Manager Administrators privileged admin account Operations Manager computer account <DOMAIN>\FT-SCVMM-SVC |
<DOMAIN>\FT-SCOM-Operators |
Global |
Operations Manager Operators privileged admin accounts |
<DOMAIN>\FT-SCOM-AdvOperators |
Global |
Operations Manager Advanced Operators privileged admin accounts |
The Operations Manager installation requires that .NET Framework 3.5 is enabled to support installation. Use the following procedure to enable .NET Framework 3.5.
If you created your VMs from a sysprepped image that had this installed, you can skip this step.
u Perform the following steps on all Operations Manager virtual machines. |
|
If you do not have access to the internet to contact Microsoft Update, you will need to have the Windows Installation files mounted locally or on an accessible file share. |
|
The .NET Framework 3.5 feature can be installed with a PowerShell cmdlet, or the following instructions can be followed for using the GUI. If the VM has access to the internet, the –Source parameter should not be needed. |
Install-WindowsFeature -Name NET-Framework-Core -Source "E:\Sources\sxs"
|
Open Server Manager and navigate to the Dashboard node. In the main pane, under Configure this local server, select Add roles and features. |
|
The Add Roles and Features Wizard appears. On the Before You Begin page, click Server Selection in the left pane. (Do not click Next.) |
|
On the Select destination server page, select the Select a server from the server pool button, select the local server and then click Features in the left pane. (Do not click Next.)
|
|
On the Select Features page, in the Features pane. Select the .NET Framework 3.5 Features and .NET Framework 3.5 (includes .NET 2.0 and 3.0) check boxes only. Leave all other check boxes clear. Click Next to continue. |
|
On the Confirm installation selections page, verify that.NET Framework 3.5 Features is listed. Make sure that the Restart each destination server automatically if required is not selected. Click Install to begin installation. Note: The Export configuration settings option is available as a link on this page to export the options selected to XML. When exported, they can be used in conjunction with the Server Manager module for Windows PowerShell to automate the installation of roles and features. Note: The Specify an alternate source path is required if the VM is not connected to the internet to download this specific feature. |
|
Optional: If you need to specify the source for a feature, enter the path to obtain the binaries for the feature to be installed. If the Windows installation media is mounted locally, the path would be something like E:\Sources\sxs. If it is available on a share, it would be something like \\server\share\sources\sxs. |
|
The Installation Progress page will show the progress of the feature installation. Click Close when the installation process completes. |
|
The Operations Manager installation requires SQL Server Reporting Services and SQL Server Analysis Services to be installed to support the Operations Manager reporting features and integration with Virtual Machine Manager. Perform the following procedure to install SQL Server Reporting Services and SQL Server Analysis Services to support the Operations Manager reporting features.
u Perform the following steps on only the Operations Manager reporting server virtual machine. (SCOM03 in this installation) |
|
Log on to the Operations Manager reporting server virtual machine as a user with local Admin rights. Verify that the following accounts or groups are members of the local Administrators group on the Operations Manager reporting server virtual machine: · Orchestrator service account · Operations Manager action account · Operations Manager Admins group · Operations configuration service and data access service account · SQL Server service account · SQL Server Admins group |
|
From the SQL Server 2012 R2 SP2 installation media source, right-click setup.exe and select Run as administrator to begin setup. |
|
The SQL Server Installation Center will appear. Click Installation in the left pane. |
|
From the SQL Server Installation Center, click the New SQL Server stand-alone installation or add features to an existing installation link. |
|
The SQL Server 2012 Setup Wizard will appear. On the Setup Support Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click OK to continue. |
|
Note: If the View detailed report link is selected, the following report is available. |
|
On the Product Key page, select the Enter the product key option, and type the associated product key in the provided text box. Click Next to continue. Note: If you do not have a product key, select the Specify a free edition option, and select Evaluation from the drop-down list for a 180-day evaluation period. |
|
On the License Terms page, select the I accept the license terms check box. Select or clear the Send feature usage data to Microsoft check box, based on your organization’s policies, and click Next to continue. |
|
On the Install Setup Files page, click Install and allow the support files to install.
|
|
On the Setup Support Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Note: Common issues include Windows Firewall warnings. If installing on an isolated network, you will receive an application security warning. Click Next to continue. |
|
On the Setup Role page, select the SQL Server Feature Installation button, and click Next to continue. |
|
On the Feature Selection page, select the following check boxes: · Analysis Services · Reporting Services - Native · Management Tools – Basic · Management Tools – Complete When all selections are made, click Next to continue. |
|
On the Installation Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click Next to continue.
|
|
On the Instance Configuration page, select the Named instance option. In the provided text box, specify the name of the instance being installed. · Instance ID – Select the Named instance option and specify OMASRS in the provided text box. Verify that the Instance ID is listed as OMASRS in the associated text box. · Instance root directory – Accept the default location of C:\Program Files\Microsoft SQL Server. Click Next. Note: A post-installation configuration process will occur to configure the reporting server database to leverage the Operations Manager data warehouse SQL Server instance database engine. |
|
On the Disk Space Requirements page, verify that you have sufficient disk space, and click Next to continue.
|
|
On the Server Configuration page, click the Service Accounts tab. For SQL Server Analysis Service account name and password values, provide the domain SQL Server service account used previously for the SQL Failover Cluster instances. For this example the account is VSPEX\FT-SQL-SVC. For SQL Server Reporting Services, in the Account Name drop-down list, enter the NT AUTHORITY\Network Service account. Click Next. |
|
On the Analysis Services Configuration page, add the necessary accounts to the administrative users list. Click Next. For the reference architecture deployment the accounts are: · FT-SQL-Admins · FT-SQL-SVC · FT-SCVMM-SVC · FT-SCOM-Action · FT-SCOM-Admins · FT-SCOM-DR · FT-SCOM-DW |
|
On the Reporting Services Configuration page, select the Install only option. Note: Other options should not be available because the database engine was not selected as a feature for installation. Click Next to continue. |
|
On the Error Reporting page, select or clear the Send Windows and SQL Server Error Reports to Microsoft or your corporate report server check box, based on your organization’s policies, and click Next to continue. |
|
On the Installation Configuration Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click Next to continue. |
|
On the Ready to Install page, verify all of the settings that were entered during the setup process, and click Install to begin the installation of the SQL Server instance.
|
|
When complete, the Complete page will appear. Click Close to complete the installation of this SQL Server database instance. |
|
Open SQL Server Management Studio and connect to Analysis Services at ServerName\InstanceName. |
|
By default, named instances will use dynamic ports. For better compatibility with firewalls, the instance port should be set to static. To do so, right-click the SQL Server Analysis Services instance and click Properties.
|
|
On the Properties page, click the General tab. Scroll down to the Port value in the Name column. Click the value and change the value of 0 (zero) to 2383 or a port value of your choice. Click OK to continue. |
|
When prompted by the Restart Required message, click OK.
|
|
Within SQL Server Management Studio, in Object Explorer, right-click the SSAS instance, and click Restart.
|
|
On the confirmation screen, click Yes. Close SQL Server Management Studio. |
|
By default, the Windows Firewall will not allow traffic for SQL Server services or for the SSRS Web Service. You need to create firewall exceptions if the Windows Firewall is enabled. To do so, open an administrative session of Windows PowerShell. |
|
Run these PowerShell commands to create the needed firewall rules:
Adjust the display names and ports based on organizational requirements. |
New-NetFirewallRule -DisplayName "SQL Analysis Services Browser Service" -Protocol TCP -LocalPort 2382
New-NetFirewallRule -DisplayName "SQL Analysis Services OMASRS Instance" -Protocol TCP -LocalPort 2383
New-NetFirewallRule -DisplayName "SQL Reporting Services" -Protocol TCP -LocalPort 80 |
Open the Windows Firewall with Advanced Security MMC console to verify the results. When verified, close the MMC console. |
|
To verify that SQL Server Reporting Services installed properly, on the Start menu, click the Reporting Services Configuration Manager tile. |
|
The Reporting Services Configuration Connection page will appear. · In the Server Name text box, specify the name of the Operations Manager server. · In the Report Server Instance text box, select the default value OMASRS from the drop-down list. Click Connect. |
|
The Reporting Services Configuration Manager will appear. |
|
Click Database in the left pane, and then in the Current Report Server Database section, click the Change Database button. |
|
The Reporting Services Database Configuration Wizard will appear. In the Action section, select Create a new report server database. Click Next to continue. |
|
In the Database Server section, specify the following values: · Server Name – Specify the name of the remote SQL Server failover cluster name and the database instance name created for the Operations Manager installation. For the reference architecture deployment the name is SCOMDW\SCOMDW · Authentication Type – Specify Current User – Integrated Security from the drop-down list. Click the Test Connection button to verify the credentials and database connectivity. When verified, click Next to continue. |
|
In the Database section, specify the following values: · Database Name – Accept the default value of ReportServer. · Language – Specify the desired language option from the drop-down list. Click Next to continue. |
|
In the Credentials section, for Authentication Type, select Service Credentials from the drop-down list. The User name value should show NT Authority\Network Service. Click Next to continue. |
|
In the Summary section, review the selections that you made, and click Next to create the SQL Server Reporting Services database on the remote SQL Server cluster instance supporting the Operations Manager Data Warehouse. |
|
The Progress and Finish section will display the progress of the database creation. Review the report to verify successful creation and click Finish. |
|
In Reporting Services Configuration Manager, the Database option will now display the database and report server database credentials that you specified in the wizard. |
|
In Reporting Services Configuration Manager, click Web Service URL in the left pane. Specify the following values: · In the Report Server Web Service Virtual Directory section, set the Virtual Directory value to ReportServer_OMASRS in the provided text box. This default value must be used for VMM and SCOM integration to function properly. · In the Report Server Web Service Site Identification section, set the following values: - IP Address – Select All Assigned from the drop-down list. - TCP Port – Specify the desired TCP Port (the default is 80). - SSL Certificate – Select the available certificate or choose the default of (Not Selected). Click the Apply button to save the settings and create the Web Service URL. |
|
In Reporting Services Configuration Manager, click Report Manager URL in the left pane. Specify the following value: · In the Report Manager Site Identification section, set the Virtual Directory value to Reports_OMASRS in the provided text box. This default value must be used for VMM and SCOM integration to function properly. Click the Apply button to save the settings and create the Report Manager URL. |
|
Note: To test the URL directory from the Operations Manager server, Internet Explorer Enhanced Security Configuration (ESC) needs to be temporarily disabled. |
|
Connect to the Report Manager URL within a web browser to verify the SQL Server Reporting Services portal is operating properly. |
|
Connect to the Web Service URL within a web browser to verify the SQL Server Reporting Services web service is operating properly.
|
|
Close the Reporting Server Configuration Manager. |
|
The Operations Manager installation requires that Microsoft Report Viewer 2012 is installed prior to installing Operations Manager. Use the following procedure to install Microsoft Report Viewer 2012.
u Perform the following steps on the Operations Manager management server virtual machines (SCOM01 and SCOM02). |
|
From the installation media source, double-click SQLSysClrTypes.msi to begin setup. |
|
On the Welcome to the Installation… page click Next. |
|
On the License Agreement page, select the I accept the license terms check box and click Next to continue. |
|
On the Ready to Install the Program page click Install. |
|
On the Completing the Microsoft System…Installation page click Finish. |
|
From the installation media source, right-click ReportViewer.exe and select Run as administrator to begin setup. |
|
On the Microsoft Report Viewer 2012 Runtime setup wizard Welcome to the Installation… page click Next. |
|
On the License Agreement page, select the I accept the license terms check box and click Next to continue. |
|
On the Ready to Install the Program page click Install. |
|
On the Completing the Microsoft Report Viewer 2012 Runtime Installation page click Finish. |
The following prerequisite steps must be completed prior to the installation of Operations Manager roles.
Note: Specific requirements for Operations Manager are outlined in the Before You Begin section of Deploying System Center 2012 R2 - Operations Manager in the TechNet Library.
u Perform the following steps on the Operations Manager management server virtual machines (SCOM01 and SCOM02). |
|
Log on to the Operations Manager virtual machine as a user with local Admin rights. Verify that the following accounts or groups are members of the local Administrators group on the Operations Manager virtual machine: · Orchestrator service account · Operations Manager action account · Operations Manager Admins group · Operations configuration service and data access service account · VMM service account |
u Perform the following step on an Active Directory domain controller in the target environment. |
|
In the domain where Operations Manager will be installed, verify that the Operations Manager computer account and the groups outlined in the previous table are members of the SCOM Admins group that you created earlier. |
u Perform the following steps on the primary SQL Server cluster node. |
|
Using Administrative credentials, log on to the first SQL Server and open SQL Server 2012 Management Studio. Connect to the Operations Manager SQL Server instance by using the values specified earlier. Expand Security, right-click Logins, and click New Login… In the Login – New dialog box, select the Operations Manager Admins group created earlier as the new Login name. |
|
While still in the Login – New dialog box, click the Server Roles page. Select the sysadmin role, and click OK to create and add this login to the sysadmin role of the instance. |
The demonstration installation assumes the Operations Manager servers are in an isolated network with no access to the internet. If the servers have internet access, some steps can be made more automatic. The PDT provides a copy routine that will automatically copy all the required software for an installation that is not connected to the internet.
The following steps must be completed to install and configure the Operations Manager database and server roles.
u Perform the following steps on the first Operations Manager management server virtual machine (SCOM01). |
|
From the Operations Manager installation media source, right-click setup.exe, and select Run as administrator to begin setup. |
|
The Operations Manager Setup Wizard will appear. Select the Download the latest updates… option and then Click Install to begin the Operations Manager management server installation. (If the server has internet access, check the box to download latest updates.) |
|
On the Select features to install window, verify that the Management server and Operations console check boxes are selected. Click Next to continue. |
|
On the Select installation location window, specify a location or accept the default location of C:\Program Files\System Center 2012 R2\Operations Manager for the installation. Click Next to continue. |
|
The wizard will verify that all system prerequisites are met. If any prerequisites are not met, they will be displayed on the Proceed with Setup window. After you verify that the prerequisites are met, click Next to continue. |
|
On the Specify an installation option window, select the Create the first Management server in a new management group option, and type a unique name in the Management group name text box. Note that this name must be unique across System Center products. Click Next to continue.
|
|
On the Please read the license terms window, verify that the I have read, understood and agree with the terms of the license agreement installation option check box is selected. Click Next to continue. |
|
On the Configure the operational database window, specify the following information in the provided text boxes: · Server name and instance name – Specify the name of the SQL Server cluster network name (cluster name object) and the database instance created for the Operations Manager installation. · SQL Server port – Specify the TCP port used for SQL Server connectivity. Port 1433 is the default; however, this may be different based on instance requirements outlined earlier. As long as the browser service is enabled the correct port will be detected even if 1433 is selected as the port value for setup. Alternatively you may simply provide the correct port assignment. For the reference deployment the static port is 22120. · Database name – Specify the name of the Operations Manager database. In most cases, the default value of OperationsManager should be used. · Database size (MB) – Specify the initial database size.[2] The following values can be used as a general guideline: - Up to 500 agents: 12 GB - Up to 1000 agents: 24 GB · Data file folder – Specify the drive letter associated in the SQL Server cluster data files for the Operations Manager database. This should be detected by the setup process, however it should be cross-checked with the worksheet identified earlier. · Log file folder – Specify the drive letter associated in the SQL Server cluster for the log files for the Operations Manager database. This should be detected by the setup process, however it should be cross-checked with the worksheet identified earlier. Click Next to continue. |
|
On the Configure the Data warehouse database window, specify the following information in the provided text boxes: · Server name and instance name – Specify the name of the SQL Server cluster network name (cluster name object) and the database instance created for the Operations Manager installation. · SQL Server port – Specify the TCP port used for SQL Server connectivity. Port 1433 is the default; however, this may be different based on instance requirements outlined earlier. As long as the browser service is enabled the correct port will be detected even if 1433 is selected as the port value for setup. Alternatively you may simply provide the correct port assignment. For the reference deployment the static port is 10486. · Database name – Specify the name of the Operations Manager data warehouse database. In most cases the default value of OperationsManagerDW should be used. · Database size (MB) – Specify the initial database size. The following values can be used as a general guideline: - Up to 500 agents: 356 GB - Up to 1000 agents: 720 GB · Data file folder – specify the drive letter associated in the SQL Service cluster for the log files for the Operations Manager data warehouse database. This should be cross-checked with the worksheet identified earlier. · Log file folder – Specify the drive letter associated in the SQL Server cluster for the log files for the Operations Manager data warehouse database. This should be cross-checked with the worksheet identified earlier. Click Next to continue. |
|
On the Configure Operations Manager accounts page, for each of the following accounts, specify the appropriate Domain Account name and password: · Management server action account (reference deployment: FT-SCOM-Action) · System Center Configuration service and System Center Data Access service (reference deployment: FT-SCOM-SVC) · Data reader account (reference deployment: FT-SCOM-DR) · Data writer account (reference deployment: FT-SCOM-DW) Domain Accounts are specified as <DOMAIN>\<USERNAME. When completed, click Next to continue. |
|
The Help Improve System Center 2012 - Operations Manager window provides options for participating in various product feedback mechanisms. These include: Customer Experience Improvement Program Error Reporting Select the appropriate option based on your organization’s policies Click Next to continue. |
|
On the Microsoft Update window, it is recommended to select the radio button by ON. Click Next to continue. |
|
The Installation Summary window will appear and display the selections you made during the Setup Wizard. Review the options selected, and click Install to continue. Note: Make sure that you set the database sizes appropriately for your particular deployment. Both databases will be fully allocated at deployment time as operations manager databases are not set to auto grow by default. |
|
The wizard will display the progress while installing features. The time it takes for installation is dependent upon the size databases you requested. |
|
When the installation completes, the wizard will display the Setup is complete page. Verify that the Start the Operations console when the wizard closes check box is selected, and click Close to complete the installation. |
|
The Operations Manager console will open. Validate the installation by reviewing the configuration and make sure that the console operates properly. |
Installation of the second Operations Manager management server is almost identical to installing the first server. The following steps show which setup entries are different during installation.
u Perform the following altered steps on the second Operations Manager management server virtual machine (SCOM02). |
|
On the Configuration/Specify an installation option window, select the Add a Management server to an existing management group radio button. Click Next to continue. |
|
On the Configuration/Configure the operational database window, specify the CNO and database instance name of the Operations Manager database. Specify the port number that you assigned to this instance. From the dropdown list of the Database name field, select the OperationsManager database. Click Next to continue. |
|
On the Configuration/Configure Operations Manager accounts window, specify the Management server action account and Configuration service and data access accounts with the appropriate passwords. Click Next to continue. |
The following steps must be completed to install and configure the Operations Manager reporting server role.
u Perform the following steps on the Operations Manager reporting server virtual machine. (SCOM03) |
|
From the Operations Manager installation media source, right-click setup.exe and select Run as administrator to begin setup. |
|
The Operations Manager installation wizard will begin. Click Install to begin the Operations Manager management server installation. (If the server has internet access, check the box to download latest updates.) |
|
On the Select features to install window, verify that the Reporting server check box is selected. Click Next to continue. |
|
On the Select installation location window, specify a location or accept the default location of C:\Program Files\System Center 2012 R2\Operations Manager for the installation. Click Next to continue. |
|
The wizard will verify that all system prerequisites are met. If any prerequisites are not met, they will be displayed on the Proceed with Setup window. Click Next to continue. |
|
On the Please read the license terms window, select the I have read, understood and agree with the license terms check box. Click Next to continue. |
|
On the Specify a Management server window, type the name of the previously installed management server in the Management server name text box. Click Next to continue. |
|
On the SQL Server instance for reporting services window, select the SQL Server instance that hosts the local SQL Server Reporting Services and SQL Server Analysis Services from the drop-down list created earlier. Click Next to continue. |
|
On the Configure Operations Manager accounts window, specify whether the following account is a Local System or Domain Account by using the available options: · Data reader account If the use of a Domain Account is specified, enter the user account information as <DOMAIN>\<USERNAME>, and enter the appropriate password. Click Next to continue. |
|
The Help Improve Operations Manager 2012 window provides options for participating in various product feedback mechanisms. This includes: · Operational Data Reporting (ODR) Select the appropriate option based on your organization’s policies, and click Next to continue. |
|
On the Microsoft Update window, select the appropriate update setting for your organization. Click Next. |
|
The Installation Summary window will appear and display the selections made during the installation wizard. Review the options selected. Click Install to continue. |
|
The wizard will display the progress while installing features. |
|
When the installation completes, the wizard will display the Setup is complete window. Verify that the Launch Microsoft Update when the wizard closes check box is selected. Click Close to complete the installation. |
|
Open the Operations Manager console from the first management server. From this console, the installation can be validated by noting that the Reporting node is now visible in the console. |
After the installation is complete, the following tasks must be performed to complete Operations Manager and Virtual Machine Manager integration.
The following steps must be performed on a domain controller or on one of the Operations Manager servers by using a domain admin account or an account with permissions to create service principal names.
u Perform the following steps on a domain controller in the domain where Operations Manager is installed. |
|
The Operations Manager Health Service service principal names should be set automatically by the management server’s computer account. To confirm that the service principal names are set correctly, open an administrative command prompt and run the following command: SETSPN –L <DOMAIN>\<SERVERNAME> Where <DOMAIN> is the Active Directory domain name where the Operations Manager management server is installed and <SERVERNAME> is the name of the Operations Manager management server. |
|
The Data Access Service account runs under a domain user account context, and it is not able to create the appropriate service principal names in Active Directory. The following command must be run from a domain admin account or from an account with delegated permissions to user objects. To set the service principal name, run the following commands from an administrative command prompt: SETSPN.exe –A MSOMSdkSvc/<ManagementServerFQDN> <domain>\<SDKServiceAccount> SETSPN.exe –A MSOMSdkSvc/<ManagementServerNetBIOS> <domain>\<SDKServiceAccount> Where <ManagementServerFQDN> is the name of the Operations Manager management server and <SDKServiceAccount> is the name of the Operations Manager service account. If there is more than one management server being deployed, these commands must be run for each management server. |
setspn -A MSOMSdkSvc/SCOM01.VSPEX.com VSPEX\FT-SCOM-SVC setspn -A MSOMSdkSvc/SCOM02.VSPEX.com VSPEX\FT-SCOM-SVC setspn -A MSOMSdkSvc/SCOM01 VSPEX\FT-SCOM-SVC setspn -A MSOMSdkSvc/SCOM02 VSPEX\FT-SCOM-SVC |
When complete, the service principal names can be confirmed with the following command: SETSPN –L <DOMAIN>\<SDKServiceAccount> |
u Perform the following steps on the Operations Manager management server virtual machine. (SCOM01) |
|
From the Operations Console Monitoring or Administration view, select the Configure computers and devices to manage task item link. |
|
The Computer and Device Management Wizard will appear. On the Discovery Type window, select Windows computers from the available options. Click Next to continue. |
|
On the Auto or Advanced window, select the Advanced discovery option. Click Next to continue. |
|
On the Discovery Method window, under Browse for, or type-in computer names, input the names of both Virtual Machine Manager servers. Click Next to continue. |
|
On the Administrator Account window, if the account you are logged in with is a local administrator on the SCVMM server then leave the default selection in place, if not then select the Other user account option, and provide the credentials that are required to access Active Directory and perform discovery in your environment. Verify that the This is a local computer account, not a domain account check box is clear. Click Discover to continue. |
|
On the Select Objects to Manage window, review the Discovery Results. In the Select the devices you want to manage dialog box, select the Virtual Machine Manager servers. From the Management Mode drop-down list, select Agent. Click Next to continue. |
|
On the Summary window, accept the default Agent installation directory as %ProgramFiles%\System Center Operations Manager. In the Agent Action Account section, select the Local System option. Click Finish to perform the agent installation. |
|
On the Agent Management Task Status page, verify that the agent installation completes successfully. Click Close to complete the operation. |
|
The next step is to enable the Operations Manager agent that is deployed on the Virtual Machine Manager management server to be a proxy agent. In the Operations Manager console, navigate to the Administration workspace, expand the Device Management node, and select the Agent Managed view. Note: It can take several minutes for the Health State to transition from Not Monitored to Healthy. |
|
In the Agent Managed pane, select the agent that is associated with the Virtual Machine Manager management server, and click Properties in the task pane. |
|
On the Agent Properties page, click the Security tab. Verify that the Allow this agent to act as a proxy and discover managed objects on other computers check box is selected, then click OK to save the changes. Repeat this process for each Virtual Machine Manager agent-managed system. Note: When hosts are brought into SCVMM to be managed they must also have the SCOM agent installed for SCVMM to and SCOM integration to continue functioning properly. |
Make sure the SCOM Action account is a member of the local Administrators group on each of the Hyper-V hosts.
|
|
In the Operations Manager console, navigate to Administration and select Discovery Wizard…
|
|
On the What would you like to manage window, select Windows Computers. Click Next.
|
|
On the Auto or Advance window, select Advanced discovery. Click Next.
|
|
On the Discovery Method windows select the radio button by Browse for, or type-in computer names. Enter the names of the Hyper-V hosts. Click Next. |
|
On the Administrator Account window select the radio button by Use selected Management Server Action Account. Click Discover.
|
|
On the Select Objects to Manage window select all the discovered machines. Click Next.
|
|
On the Summary window accept the defaults. Click Finish.
|
|
Verify that the agent was successfully deployed to each Hyper-V host. |
u Perform the following steps on each Virtual Machine Manager virtual machine. (SCVMM01 and SCVMM02) |
|
From the Operations Manager installation media source, right-click setup.exe and select Run as administrator to begin setup. |
|
The Operations Manager installation wizard will begin. Click Install to begin the Operations Manager console installation. (If internet connection is available, click the check box to download latest updates.) |
|
On the Select features to install window, verify that the Operations console check box is selected. Click Next to continue. |
|
On the Select installation location window, specify a location or accept the default location of C:\Program Files\System Center 2012 R2\Operations Manager for the installation. Click Next to continue. |
|
The wizard will verify that all system prerequisites are met. If any prerequisites are not met, they will be displayed on the Proceed with Setup page. Verify the prerequisites are met. Click Next to continue. |
|
On the Please read the license terms window, verify that the I have read, understood and agree with the license terms check box is selected. Click Next to continue. |
|
The Help Improve Operations Manager window provides options for participating in various product feedback mechanisms. These include: · Customer Experience Improvement Program · Error Reporting Select the appropriate option based on your organization’s policies. Click Next to continue. |
|
The Microsoft Update window provides the option to automatically check for updates. Make your selection. Click Next to continue. |
|
The Installation Summary window will appear and display the selections made during the installation wizard. Review the options selected. Click Install to continue. |
|
The wizard will display the progress while performing the installation. |
|
After the installation completes, the wizard will display the Setup is complete window. Verify that the start the Management console when the wizard closes check box is selected. Click Close to complete the installation. |
|
The Operations Manager console will open. Enter the Server name of the primary SCOM server, click Connect, and ensure the console operates properly. Repeat for the second SCVMM management server. |
This demonstration installation assumes the Fabric Management servers are in an isolated network without access to the internet. Use of the PDT copy routine will automate the download of the required management packs into a share that is accessible by this process.
u Perform the following steps on one of the Operations Manager server virtual machines. (SCOM01 or SCOM02) |
|
In the Operations Manager console, navigate to the Administration > Management Packs. Right-click and select Import Management Packs… |
|
On the Select Management Packs page, click the Add button, and click Add from disk… in the drop-down list. (With internet connection, you would select Add from catalog). |
|
A warning window will appear because you are selecting from disk. Click No. |
|
Navigate to the directory that contains the downloaded management packs. Select all the management packs. Click Open.
|
|
On the Select Management Packs page, click Install to import the selected management packs. |
|
Back on the Select Management Packs window, click Install.
|
|
Upon completion, click Close. |
|
In the Operations Manager console, navigate to the Administration workspace and verify that the previously selected management packs are installed. |
After all prerequisite configurations and installations are performed, the integration of Virtual Machine Manager and Operations Manager can be completed.
u Perform the following steps on the Virtual Machine Manager virtual machine. |
|
In the Virtual Machine Manager console, navigate to the Settings pane, and select System Center Settings. Right-click Operations Manager Server and select Properties. |
|
The Add Operations Manager Wizard will appear. On the Introduction page, verify that the prerequisites have been met. Click Next to continue. |
|
On the Connection to Operations Manager window: Type the FQDN of the Operations Manager server in the Server name text box. Select Use the VMM server service account. Select Enable Performance and Resource Optimization (PRO). Select Enable maintenance mode integration with Operations Manager. Click Next to continue. |
|
On the Connection to VMM page, specify the Virtual Machine Manager service account credentials in the User name and Password text boxes. Click Next to continue. |
|
On the Summary page, verify the options selected, and click Finish to begin the Operations Manager integration process. |
|
The Jobs pane will appear. Before moving forward, wait for the job to complete successfully. |
|
In the Virtual Machine Manager console, navigate back to Settings > System Center Settings, and double-click Operations Manager Server. The Operations Manager Settings page will appear. In the Details pane, click the Test PRO button. Note: The PRO test will not succeed immediately. Some synchronization needs to complete from previous steps. This can take up to an hour or more. You will need to simply keep trying until it succeeds. |
|
As part of the test, the PRO page appears and briefly displays a diagnostics alert. |
|
After a few minutes it will be possible to determine that the PRO test completed by navigating to the Jobs pane and verify that the PRO jobs completed successfully. |
|
Double-click the Operations Manager Server in the SCVMM console to bring up the settings window. Select Management Packs and verify that all Virtual Machine Manager Management Packs were successfully installed. |
|
Select SQL Server Analysis Services and provide the following information. Select the Enable SSAS check box. Provide the following information in the text boxes provided: · SSAS server – Specify the Operations Manager reporting server. · SSAS Instance – Specify the SSAS instance name that you created earlier on the Operations Manager reporting server. · Port – Leave the default value of 0. In the Provide credentials with administrative rights on the SSAS instance section, select the Enter a user name and password option, and provide the supplied credentials for the Operations Manager data reader account. Click OK to save these settings. |
|
In the Operations Manager console, navigate to the Monitoring > Microsoft System Center Virtual Machine Manager PRO > PRO Object State. Verify that the Virtual Machine Manager is listed with a health state other than Not Monitored. |
The Cisco UCS SCOM (System Center Operations Manager) Management Pack is a plug-in for System Center Operations Manager. It is used to monitor the health of the Cisco UCS system in the data center. With this plug-in, you can monitor chassis, blades, and service profiles across multiple Cisco UCS systems. Additionally, the Cisco UCS SCOM management pack enables correlation of faults and events between the Cisco UCS infrastructure and both bare-metal and virtualized operating systems already managed by SCOM.
u Perform the following steps on the first Operations Manager management server virtual machine. (SCOM01) |
|
Exit the Operations Manager management console. Launch the management pack installer Cisco.Ucsm.MP.2012.v3.1.1-x64.msi. Click Next on the splash window. |
|
On the End User License Agreement window, select the I accept the terms of the License Agreement radio button. Click Next to continue. |
|
On the Product Registration window, enter an optional Username and Organization. Click Next to continue. |
|
On the Setup Type window, click the Complete box. |
|
On the Select Installation Folder window it is recommended to accept the default location. Click Next to continue. Click Install on the following window to start the installation process. |
|
The Installing Cisco UCS Management Pack (v3.1) window will track the progress of the installation. |
|
After successful installation, you will receive the Completing the Cisco UCS Management Pack (v3.1) Setup Wizard window. Make sure the checkbox for Launch Operations Manager Console is selected. Click Finish to continue. |
After you have installed the Cisco UCS management pack, you must add firewall exceptions for port 8732 on every Operations Manager management server hosting the Cisco UCS Management Service. Issue the following PowerShell commands to create the inbound and outbound rules.
New-NetFirewallRule –Name Cisco-UCS-inbound –DisplayName "Operations Manager Cisco UCS Management Service" –Action Allow –Direction Inbound –Protocol TCP –LocalPort 8732
New-NetFirewallRule –Name Cisco-UCS-outbound –DisplayName "Operations Manager Cisco UCS Management Service" –Action Allow –Direction Outbound –Protocol TCP –LocalPort 8732
Set-NetFirewallRule –Name “FPS-ICMP4-ERQ-In” –Enabled True -Profile Any -RemoteAddress Any
Set-NetFirewallRule –Name “FPS-ICMP6-ERQ-In” –Enabled True -Profile Any -RemoteAddress Any
Set-NetFirewallRule –Name “RemoteSvcAdmin-In-TCP” –Enabled True -Profile Any
Set-NetFirewallRule –Name “RemoteSvcAdmin-RPCSS-In-TCP” –Enabled True -Profile Any
There are multiple combinations of how you may want to deploy the Cisco UCS management pack when deploying within an environment with multiple Operations Manager management servers. You can just deploy on the first management server, or you can deploy on both. These instructions provide the steps to deploy to the first management server.
In the Operations Manager management console navigate to Authoring > Management Pack Templates > Cisco Unified Computing Systems. Select Add Monitoring Wizard… |
|
On the Select Monitoring Type window of the Add Monitoring Wizard, select Cisco Unified Computing Systems. Click Next to continue. |
|
On the Specify IP Address, Port and Connection Mode page, enter the IP address or DNS name of the UCS management console. Specify 443 for the Port Number and check the box for Secure on the Connection Mode. From the Machine Type drop down list select Management Server. From the Service Machine drop down list select the SCOM server you want to operate as the service machine. Click Test Connection to test the connection to UCS Manager. |
|
You will receive a security alert due to an unrecognized certificate. Click View Certificate. |
|
On the Certificate window click Install Certificate…
|
|
On the Welcome to the Certificate Import Wizard window click the radio button by Local Machine. Click Next. |
|
On the Certificate Store window ensure the radio button by Automatically select the certificate store based on the type of certificate is selected. Click Next. Click Finish on the summary window that follows.
|
|
Click OK on the displayed windows to get back to the CertificateInfoDialog window. Click Yes. |
|
An Authentication page will appear from clicking on the Test Connection. Enter the Username and Password to access your UCS Manager console. Click OK to continue. If the username and password entered are correct, you will receive an information window informing of a successful connection. Click OK to continue. Click Next on the Add Monitoring Wizard page to continue. |
|
On the Cisco UCS Instance Name window, the instance name is set by default to the name of the UCS domain. It is recommended that the default instance name is not modified. Optionally enter a description. Click Next to continue. |
|
On the Add Run As Account window check the box by Associate Run As Account and click the Add… icon. |
|
On the Add Run As Account window click New.
|
|
On the Specify general properties for the Run As Account window enter a descriptive Display Name. Optionally, enter a description. Under Provide account credentials enter the user name and password for accessing the UCS domain to be monitored. Click Create. |
|
Back on the Add Run As Account window click OK.
|
|
On the Run As Account Summary window click Next.
|
|
Review the configuration summary and click the Create button to complete the Add Monitoring wizard. |
|
Upon completion, the newly created management pack will show in the Operations Manager console. |
Operations Manager uses Run As accounts to establish a connection to a Cisco UCS domain. The Run As account must be an administrator account.
In the Operations Manager console, select the Administration section. Scroll down and expand Run as Configuration and select Accounts. Right-click and select Create Run As Account… Click Next on the Introduction page to continue. |
|
On the General Properties window, select Simple Authentication from the Run As account type drop-down list. Enter a descriptive name for this account in the Display Name field. Click Next to continue. |
|
On the Credentials window, enter the UCS Manager credentials for accessing the UCS domain. Click Next to continue. |
|
On the Distribution Security window, select the radio button by Less secure. Click Create to create the UCS Run As account. Note: Cisco UCS does not run on a Windows operating system. The More secure option is intended for management packs that target systems running a Windows operating system. |
|
Click Close on the successful completion window. In the Operations Manager console, select Profiles (right below the previous Accounts selection). Scroll through the profiles to find the profile you just created. Right-click the profile and select Properties. Click Next on both the Introduction and the General Properties windows. |
|
On the Run As Accounts window select the UCS profile and click the Edit… icon. |
|
On the Add a Run As Account window, select the run as account you just created for communicating with UCS. Select the radio button by All targeted devices. Click OK to continue. |
|
Back on the Run As Accounts page, click Save to continue. On the successful completion page, click Close. |
In the Operations Manager console, select Administration. Scroll to the bottom of the list and select Settings. Right-click Alerts in the center pane and select Properties. |
|
On the Global Management Group Settings – Alerts page, click New… |
|
On the Add Alert Resolution State page, enter a name for the Resolution State. From the Unique ID drop-down list, select an available identifier. Click OK to return to the Global Management Group Settings window. Click OK to continue. |
|
Back in the Operations Manager console, within Administration, scroll up to select Notifications and then Channels. Under Tasks click New and select Command… from the drop-down list. |
|
On the Command Notification Channel page, enter a name for Channel Name. Click Next to continue. |
|
On the Command Notification Channel page, enter the following for the Full path of the command line. C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe In the Command line parameters enter: -Command "& 'C:\ProgramData\Cisco\UCSM\Script\AcknowledgeFault.ps1'" -getDescription '$Data[Default='Not Present']/Context/DataItem/AlertDescription$' -getAlertSource '$Data[Default='Not Present']/Context/DataItem/ManagedEntityPath$\$Data[Default='Not Present']/Context/DataItem/ManagedEntityDisplayName$' In the Startup Folder for the command line enter: C:\ProgramData\Cisco\UCSM\Script Click Finish to continue, and Close upon successful completion. Note: The installation of the Cisco UCS management pack places the AcknowledgeFault.ps1 file into the C:\ProgramData\Cisco\UCSM\Script directory. You can change that location, but be sure to change the values in this setting to reflect any changes. |
|
The installation and configuration of ESI and the SCOM management pack includes several steps outlined below:
· Prepare ESI infrastructure
· Install the ESI components
· Register the VNX array with the ESI Service
· Create an ESI Service user for the SCOM Management Pack Run As Account
· Install the ESI SCOM Management Packs
· Import the ESI SCOM Management Packs
· Create an ESI Run As Account and associating the account with a Profile
· Set Overrides for the EMC SI Service Discovery
Additional information can be found in the EMC Storage Integrator online help file, specifically the “ESI Service and ESI SCOM Management Packs” section.
The ESI Service is recommended to be installed on a separate virtual machine. This separate virtual machine was earlier used for installing the EMC SMI-S provider.
To prepare the environment for using ESI the following steps need to be completed.
· Create ESI service account for SCOM management pack Run As account
· Assign Permissions to ESI service account
· Create and configure Active Directory objects
It is also required to assign monitoring capabilities to this created account. It requires the ESI PowerShell module to assign that capability, so that step will be provided after ESI PowerShell is installed.
Launch the Active Directory Administrative Center and navigate to the VSPEX Organizational Unit. Select the option to create a new user. |
|
In the Create User window provide a First Name for this user. Enter the same value into User UPN logon. Enter and confirm a Password. Select the radio button by Other password options and select the check box by Password never expires. Optionally you can enter a Description by scrolling down to that field. Click OK. |
The account that monitors the ESI Service does not need administrative access to the host running the ESI Service but it must have the following access permissions:
· Allow log on locally permission enabled – use Local Security Policy (secpol.msc) at Security Settings > Local Policies > User Rights Assignment > Allow log on locally
· Read access to the Application Event log – use Computer Management (compmgmt.msc) to add the account to the Event Log Readers group
· Use WMI (Windows Management Instrumentation) to query the status of the service – use the WMI Control Console (wmimgmt.msc) to add the account under the Security tab.
Alternatively, the service account can be added to the Administrators group on the ESI Host system, if this is acceptable. This will provide all the permissions necessary for the integration to work.
To configure the minimum permissions required, follow the steps outlined here:
u Perform the following steps on EMC Management virtual machine. (SCmgmt) |
|
At the PowerShell or command prompt, type secpol.msc and press Enter to open the Local Security Policy Console. Navigate to Security Settings > Local Policies > User Rights Assignment > Allow log on locally. Right-click and select Properties.
|
|
Click Add User or Group… and add the ESI Service account just created. Click OK.
|
|
At the PowerShell or command prompt, type compmgmt.msc and press Enter to open the Computer Management console. Navigate to Computer Management > System Tools > Local Users and Groups > Groups > Event Log Readers. Right-click and select Properties.
|
|
Click Add… and add the ESI service account just created. Click OK.
|
|
At the PowerShell or command prompt, type wmimgmt.msc and press Enter to open the WmiMgmt console. Navigate to Console Root > WMI Control (Local). Right-click and select Properties.
|
|
Select the Security tab. Select Root and click on the Security button. |
|
Click Add… and add the ESI service account just created. Ensure the ESI service account has all permissions enabled. Click OK. Click OK on the Properties window to close it. Close the three management consoles that were opened. |
u Perform the following steps on ESI Management virtual machine. (SCmgmt) |
|
Add the SCOM Action account to the local Administrators security group. |
|
u Perform the following steps on a SCOM server virtual machine. (SCOM01) |
|
Navigate to Administration. Click Discovery Wizard…
|
|
On the What would you like to manage? window select Windows computers. Click Next.
|
|
On the Auto or Advanced? window select Advanced discovery. Click Next.
|
|
On the Discovery Method window select the radio button by Browse for, or type-in computer names. Type in the name of the ESI Service virtual machine. Click Next.
|
|
On the Administrator Account window ensure the radio button by Use selected Management Server Action Account is selected. Click Discover. |
|
On the Select Objects to Manage window click the check box by the found server. Click Next. On the Summary window click Finish. Click Close on the status window that displays. |
u Perform the following steps on ESI Management virtual machine. (SCmgmt) |
|
Launch ESI.3.7….Setup.x64.exe to start the installation. |
|
On the Welcome window click Next.
|
|
On the License Agreement window select the radio button by I accept the terms in the license agreement. Click Next.
|
|
On the Prerequisites for ESI window click Next. Selections for specific capabilities will be made in the next window. |
|
On the Setup window, ensure the following options are selected for installation on local hard drive. · Core · EMC VNX Adapter · ESI PowerShell Toolkit · ESI Service Note: Selection of other options may require prerequisite software installations. |
|
On the Publish Connection Information window select the radio button by Local Server. Click Next.
|
|
On the Ready to Install the Program window click Install. A progress window will display as different components are installed.
|
|
On the InstallShield Wizard Completed window click Finish.
|
|
When the installation completes restart the computer by issuing this PowerShell cmdlet. |
Restart-Computer |
u Perform the following steps on the EMC Management virtual machine. (SCmgmt) |
|
When the system restarts, log in and open a PowerShell command window. Run these PowerShell cmdlets to give the ESI Service account “Monitor” access. Ensure the value for the –Name parameter reflects the proper domain and service account name. |
Set-EmcServiceUrl http://localhost:54500 Add-EmcUser –Name "VSPEX\FT-ESI-SVC" –Role Monitor |
u Perform the following steps on the EMC Management virtual machine. (SCmgmt) |
|
The installation of the ESI service installed an icon on the desktop for launching the ESI console. Click the icon to launch the console. "C:\Program Files\EMC\EMC Storage Integrator\ESIx64.msc" |
|
In the ESI console click Add Storage System.
|
|
Choose VNX-Block from the System Type drop down menu. Enter the credentials and IP address information. Click Test Connection to ensure connectivity.
|
|
Click OK following the test connection results. Click Add to register the VNX storage array with the ESI Service. |
u Perform the following steps on the first SCOM virtual machine. (SCOM01) |
|
From the SCOM host run the ESI SCOM Management Packs installer and select Next
|
|
On the License Agreement window select the radio button by I accept the terms in the license agreement. Click Next. |
|
On the Customer Setup window click Next.
|
|
On the Ready to Install the Program window click Install. When the installation completes click Finish.
|
Navigate to Administration > Management Packs. Right-click Management Packs and select Import Management Packs.
|
|
On the Select Management Packs window click Add and then Add from disk … Select No when prompted to search the online catalog for dependencies. |
|
Browse to C:\Program Files (x86)\EMC\ESI SCOM Management Packs and select the 5 .MP and 1 .XML file in that directory. Select Open.
|
|
On the Select Management Packs window select all the management packs and click Install.
|
|
Follow the progress of the importation on the Import Management Packs window. When all management packs are successfully imported click Close.
|
Navigate to Administration > Run As Configuration > Accounts Right-click Accounts and select Create Run As Account… Click Next on the Introduction window.
|
|
Select Next
|
|
On the General Properties window select Windows for the Run As account type. Enter the desired Display Name and Description. Select Next.
|
|
On the Credentials window enter the account details for the domain account created in the previous steps that was assigned “Monitor” access to the ESI Service. Select Next. |
|
On the Distribution Security window choose the desired security option. The More secure option is recommended. Click Create. When the account is created click Close. |
|
Navigate to Administration > Run As Configuration > Profiles > EMC SI Monitoring Account. Right-click and select Properties. Click Next on the Introduction window. |
|
On the General Properties window click Next. |
|
On the Run As Accounts window click Add…
|
|
On the Add a Run As Account window select the previously created ESI Run As account from the drop down list. Click OK. |
|
Back on the Run As Accounts window click Save.
|
|
If the Less secure security option was selected earlier, click Close. If the More secure security option was selected earlier, click the More-secure Run As account.
|
|
The Run As Account Properties window displays with the Distribution tab selected. Click Add…
|
|
On the Computer Search window click Search to get a list of the available hosts running the SCOM agent which can be used to communicate with the ESI Service. Select the Hyper-V hosts to be monitored from the Available items list. Click Add. The selected hosts will show in the Selected objects list. Click OK. |
|
Back on the Distribution tab click OK to save the change to the run as account.
|
|
Back on the Completion window click Close.
|
|
Select the run as account created in the previous steps and click OK |
From within the Operations Manager console go to Authoring > Management Pack Objects > Object Discoveries. Right-click EMC SI Service Discovery and select Properties.
|
|
Select the Overrides tab. Click Override… and select For a specific object of class: Windows Computer.
|
|
Select the desired host that will be used to communicate with the ESI Service. If the “more secure” run as account option was selected in the previous steps, ensure to use the host where the credentials were distributed. Select OK.
|
|
Within the override properties the following parameters are required to be changed: · Parameter Name: Enabled · Parameter Name: ESI Service Host · For Select destination management pack choose “EMC Storage Integrator Customizations” Select OK. For more details on additional parameters that can optionally be modified, see the ESI SCOM Management Pack online help. |
The Service Manager Management Server is installed on a pair of virtual machines. A third virtual machine hosts the Management Server for the Service Manager Data Warehouse and a fourth virtual machine hosts the Service Manager Self Service Portal.
The Service Manager environment will be supported by four separate SQL instances on the virtual SQL Cluster:
· Service Manager Management Server database (CMDB);
· Service Manager Data Warehouse databases;
· Service Manager Data Warehouse Analysis database and
· SharePoint foundation database (used by the Service Manager portal).
For the IaaS PLA implementation, the Change request and Service requests are sized for 90-day retention instead of the default retention period of 365 days. The following virtual machine configurations are used.
The Service Manager installation process includes the high-level steps shown in Figure 11.
Figure 11 Service Manager Installation Process
This section provides a high-level walkthrough for deploying Service Manager into the fabric management architecture. The following requirements are necessary to deploy the management, data warehouse, and self-service portal servers:
· A base virtual machine running Windows Server 2012 R2 has been provisioned for the Service Manager management server role
· A multi-node, SQL Server 2012 SP2 cluster with dedicated Service Manager instances has been established in previous steps for Service Manager
- SCSMDB - instance for Service Manager management database.
· .NET Framework 3.5 SP1 is installed
· Microsoft Report Viewer 2008 Service Pack 1 Redistributable is installed. To install, see article 971119 in the Microsoft Knowledge Base
· Microsoft SQL Server 2012 Native Client is installed. To install, see SQL Server 2012 Native Client
· The Microsoft SQL Server 2012 Analysis Management Objects are installed. To install, see SQL Server Analysis Management Objects
· A base virtual machine running Windows Server 2012 R2 has been provisioned for the Service Manager management server role
· A multi-node, SQL Server 2012 SP2 cluster with a dedicated instance has been established in previous steps for Service Manager, which includes:
- SCSMAS – instance for SQL Server 2012 SP2 Analysis Services and SQL Server Reporting Services databases
- SCSMDW – instance for Service Manager data warehouse databases
- .NET Framework 3.5 SP1 is installed
· Microsoft Report Viewer 2008 Service Pack 1 Redistributable is installed. To install, see article 971119 in the Microsoft Knowledge Base
· Microsoft SQL Server 2012 Native Client is installed. To download, see SQL Server 2012 Native Client
· Microsoft SQL Server 2012 Analysis Management Objects are installed. To install, see SQL Server Analysis Management Objects
· Microsoft SQL Server 2012 Reporting Services (split configuration) is installed. Microsoft SQL Server 2012 management tools are installed
· A base virtual machine running Windows Server 2008 R2 (x64) has been provisioned for the Service Manager management server role
· A multi-node, SQL Server 2012 SP2 cluster with a dedicated instance has been established in previous steps for Service Manager
· .NET Framework 3.5 SP1 is installed
· SharePoint Foundation 2012 SP2 is installed. SharePoint Foundation has a number of prerequisites. If the self-service portal server has internet connectivity, the instructions show how to automatically install them. If the server does not have internet connectivity, the following components must be manually downloaded and installed in this order.
- SQL Server 2008 Native Client – http://go.microsoft.com/fwlink/?LinkId=123718&clcid=0x409
- WCF fix for Win2008 R2 (KB976462) – http://go.microsoft.com/fwlink/?LinkID=166231
- Windows Identity Framework (KB974405) – http://go.microsoft.com/fwlink/?LinkID=166363
- Microsoft Sync Framework Runtime v1.0 (x64) – http://go.microsoft.com/fwlink/?LinkID=141237&clcid=0x409
- Microsoft Chart Controls for the Microsoft .NET Framework 3.5 – http://go.microsoft.com/fwlink/?LinkID=141512
- Microsoft Filter Pack 2.0 – http://www.microsoft.com/en-us/download/details.aspx?id=17062
- Microsoft SQL Server 2008 Analysis Services ADOMD.NET – http://go.microsoft.com/fwlink/?LinkID=160390&clcid=0x409
- Microsoft Server Speech Platform Runtime – http://go.microsoft.com/fwlink/?LinkID=166378
- Microsoft Server Speech Recognition Language - TELE(en-US) http://go.microsoft.com/fwlink/?LinkID=166371
- SQL 2008 R2 Reporting Services SharePoint 2010 Add-in – http://go.microsoft.com/fwlink/?LinkID=166379
The following environment prerequisites must be met before proceeding.
Verify that the following service accounts have been created:
Table 26 Service Manager Accounts
User name |
Purpose |
Permissions |
<DOMAIN>\ FT-SCSM-SVC |
SCSM services account |
Add the account to the local Administrators group on the all SCSM servers Must be a local Admin on all SQL Server nodes |
<DOMAIN>\ FT-SCSM-WF |
SCSM workflow account |
Must have permissions to send email and must have a mailbox on the SMTP server (required for the Email Incident feature) Must be member of local Users security group on all SCSM servers Must be a member of the Service Manager Administrators user role for email Must be a local Admin on all SQL Server nodes |
<DOMAIN>\ FT-SCSM-SSRS |
SCSM reporting account |
Must be a local Admin on all SQL Server nodes |
<DOMAIN>\ FT-SCSM-OMCI |
SCSM Operations Manager CI connector account |
Must be a member of the local Users security group on all SCSM servers. Must be an Operations Manager operator |
<DOMAIN>\ FT-SCSM-ADCI
|
SCSM Active Directory CI connector account |
Must be a member of the local Users security group on the Service Manager management server Must have permissions to bind to the domain controller that the connector will read data from Needs generic Read rights on the objects that are being synchronized to the Service Manager database from Active Directory |
<DOMAIN>\ FT-SCSM-OMAlert |
SCSM Operations Manager alert connector account |
Must be a member of the local Users security group on the Service Manager management server Must be a member of FT-SCSM-Admins |
DOMAIN>\ FT-SCSM-VMMCI |
Virtual Machine Manager CI connector account |
Must be a member of the VMM Admin domain group and be in the Service Manager Advanced Operator role |
DOMAIN>\ FT-SCSM-OCI |
Orchestrator CI connector |
Must be a member of SCO Operators (Users) domain group and be in the Service Manager Advanced Operator role |
<DOMAIN>\ FT-SCSM-OLAP |
Service Manager Analysis Services account |
Must be a local Admin on all SQL Server nodes |
Verify that the following security groups have been created:
Table 27 Service Manager Security Groups
Security group name |
Group scope |
Members |
Member of |
<DOMAIN>\ FT-SCSM-ADMINS |
Global |
DOMAIN\ FT-SCSM-SVC |
Must be added to the Service Manager Administrators user role, added to the Operations Manager Administrators role in Operations Manager, and be a member of the Administrators group on each SQL Server |
Complete the following procedures to install the Service Manager roles correctly.
u Perform the following steps on all Service Manager Servers virtual machines. (SCSM01, SCSM02, and SCSM03) |
|
Log on to each Service Manager virtual machine as a user with local Admin rights. Verify that the following accounts or groups are members of the local Administrators group on each Service Manager virtual machine: · Operations Manager action account · Service Manager workflow account · Service Manager service account · Service Manager Admins group · Orchestrator service account On the self-service portal server, also add the following account: · SQL Server service account
|
|
Verify that the following accounts or groups are members of the local Users group on each Service Manager virtual machine: · Service Manager Active Directory CI connection account · Service Manager Orchestrator CI connection account · Service Manager Operations Manager alert connection account · Service Manager Operations Manager CI connection account · Service Manager service account · Service Manager users group · Service Manager Virtual Machine Manager CI connection account · Service Manager workflow account |
u Perform the following step on an Active Directory domain controller in the target environment. |
|
In the domain where Service Manager will be installed, verify that the Service Manager Operations Manager alert connectors and the Service Manager service accounts are members of the Service Manager Admins group that you created earlier. |
|
In the domain where Service Manager will be installed, verify that the FT-SCSM-OLAP and the Service Manager reporting accounts are members of the SQL Server Admins group that you created earlier. |
u Perform the following steps on the Operations Manager virtual machine. |
|
Log on to the Operations Manager server as an Administrator. In the Operations Manager console, navigate to Administration pane, and click the Security node. Under User Role name, right-click Operations Manager Administrators, select Properties, and add SCSM Admins. Click OK to save the changes. |
|
While still in the Security node under User Roles, right-click Operations Manager Operators, select Properties, and add SCSM OMCI. Click OK to save the changes. |
The Service Manager installation requires that .NET Framework 3.5 be enabled to support installation. Use the following procedure to enable.NET Framework 3.5.
u Perform the following steps on the Service Manager management server and the data warehouse virtual machines. (SCSM01 and SCSM02) |
|
If you do not have access to the internet to contact Microsoft Update, you will need to have the Windows Installation files mounted locally or on an accessible file share. |
|
The .NET Framework 3.5 feature can be installed with a PowerShell cmdlet, or the following instructions can be followed for using the GUI. If the VM has access to the internet, the –Source parameter should not be needed. |
Install-WindowsFeature -Name NET-Framework-Core -Source "E:\Sources\sxs"
|
Open Server Manager and navigate to the Dashboard node. In the main pane, under Configure this local server, click Add roles and features. |
|
The Add Roles and Features Wizard will appear. On the Before You Begin page, click Server Selection in the left pane to continue. |
|
On the Select destination server page, select the Select a server from the server pool button, select the local server, and then, click Features in the left pane to continue.
|
|
To add .NET Framework 3.5, On the Select Features page, in the Features pane, select the .NET Framework 3.5 Features and .NET Framework 3.5 (includes .NET 2.0 and 3.0) check boxes only. Leave all other check boxes clear. Click Next to continue. |
|
On the Confirm installation selections page, verify that.NET Framework 3.5 Features is listed. Make sure that the Restart each destination server automatically if required is not selected. Click Install to begin installation. Note: The Export Configuration Settings option is available as a link on this page to export the options selected to XML. When exported, they can be used in conjunction with the Server Manager module for Windows PowerShell to automate the installation of roles and features. Note: If the server does not have Internet access, an alternate source path can be specified by clicking the Specify an alternate source path link. |
|
For servers without Internet access, or if the .NET Framework 3.5 source files already exist on the network, an alternate source location be specified here for the installation.
|
|
The Installation Progress page will show the progress of the feature installation. Click Close when the installation process completes. |
|
u Perform the following steps on the Service Manager Self-Service Portal virtual machine running Windows Server 2008 R2. (SCSM03) |
|
To add .NET Framework 3.5.1, from Server Manager, click the Features node, and then click Add Features. The Add Features Wizard will appear. On the Select Features page, select .NET Framework 3.5.1 Features, and then select the .NET Framework 3.5.1 check box only. Leave WCF Activation check box clear. |
|
On the Confirm Installation Selections page, review the choices that you made during the wizard, and click Install to add the feature. |
|
The Installation Progress page will show the progress of the feature installation. |
|
When complete, the Installation Results page will appear. Verify that the .NET 3.5.1 Feature installed correctly. When verified, click Close to complete the installation of.NET Framework 3.5.1. |
The Server Manager management server and the data warehouse server installations also require the Microsoft Report Viewer 2008 SP1 Redistributable. Use the following procedure to install the Microsoft Report Viewer 2008 SP1 Redistributable.
u Perform the following steps on the Server Manager management server and on data warehouse server virtual machines. (SCSM01 and SCSM02) |
|
From the installation media, right-click ReportViewer.exe and click Run as administrator to begin setup. Note: You can find the Report Viewer 2008 SP1 Redistributable as follows: In the Prerequisites folder of the Service Manager 2012 R2 installation media In the Microsoft Download Center: Report Viewer Redistributable 2008 Service Pack 1 GDIPLUS.DLL Security Update |
|
The Setup Wizard will appear. Click Next to continue. |
|
On the License Terms page, select the I have read and accept the license terms check box. Click Install to begin the installation. |
|
When the setup is complete, click Finish. |
The Server Manager management server and data warehouse server installations also require that SQL Server 2012 Native Client is installed prior to installation. Use the following procedure to install SQL Server 2012 Native Client.
u Perform the following steps on the Server Manager management server and on the data warehouse server virtual machines. (SCSM01 and SCSM02) |
|
From the installation media source, right-click SQLNCLI.MSI and select Install to begin setup. Note: Download SQL Server 2012 SP1 Native Client installer, 1033\x64\sqlncli.msi, from the Microsoft Download Center: Microsoft SQL Server 2012 SP1 Feature Pack. |
|
The setup wizard will appear. Click Next to continue. |
|
On the License Terms window, select the I accept the terms in the license agreement check box. Click Next to continue. |
|
On the Feature Selection window, verify that Client Components is selected for installation. Click Next to continue. |
|
On the Ready to Install the Program window, click Install to begin the installation. |
|
When complete, click Finish. |
|
The Server Manager management server and data warehouse server installations also require SQL Server 2012 SP2 Analysis Management Objects. Use the following procedure to install the SQL Server 2012 SP2 Analysis Management Objects.
u Perform the following steps on the Server Manager management server and on the data warehouse server virtual machines. (SCSM01 and SCSM02) |
|
From the SQL Server 2012 Analysis Management Objects installation media source, double-click SQL_AS_AMO.MSI to begin setup. Note: Download the SQL Server 2012 Analysis Management Objects installer, SQL_AS_AMO.MSI, from the Microsoft Download Center: Microsoft SQL Server 2012 Feature Pack. |
|
The Setup Wizard will appear. On the Welcome page, click Next to continue.
|
|
On the License Agreement page, review the license agreement, and select the I accept the terms in the license agreement button. Click Next to continue.
|
|
On the Ready to Install the Program page, click Install to begin the installation.
|
|
The installation process may take several minutes to complete. The progress is displayed in the status bar.
|
|
On the Completing the SQL Server 2012 Analysis Management Objects installation page, click Finish.
|
|
The Service Manager data warehouse installation requires that SQL Server Reporting Services is installed to support the Service Manager reporting features. Use the following procedure to install SQL Server Reporting Services.
u Perform the following steps on the Service Manager data warehouse virtual machine. (SCSM02) |
|
From the SQL Server 2012 R2 installation media, right-click setup.exe and select Run as administrator to begin setup. |
|
The SQL Server Installation Center will appear. Select the Installation menu option. |
|
From the SQL Server Installation Center, click the New SQL Server stand-alone installation or add features to an existing installation link. |
|
The SQL Server 2012 Setup Wizard will appear. On the Setup Support Rules page, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click OK to continue. |
|
If you click the View detailed report link, the following report is available. |
|
On the Product Key window, select the Enter the product key option and type the associated product key in the provided text box. Click Next to continue. Note: If you do not have a product key, select the Specify a free edition option, and select Evaluation from the drop-down list for a 180-day evaluation period. |
|
On the License Terms window, select the I accept the license terms check box. Select or clear the Send feature usage data to Microsoft check box, based on your organization’s policies. Click Next to continue. |
|
The Install Setup Files window shows the progression of setup file installation.
|
|
On the Setup Support Rules window, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Note: Common issues include Windows Firewall warnings. If disconnected from the internet, you will receive an application security warning. Click Next to continue.
|
|
On the Setup Role window, select the SQL Server Feature Installation button. Click Next to continue. |
|
On the Feature Selection page, select the following check boxes: · Reporting Services - Native · Management Tools – Basic · Management Tools – Complete When all selections are made, click Next to continue. |
|
On the Installation Rules window, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click Next to continue.
|
|
On the Instance Configuration window, select the Default instance option, and accept the default options for Instance ID and Instance root directory values. Click Next to continue. Note: A post-installation configuration process will occur to configure the reporting server database within the Service Manager data warehouse SQL Server instance. |
|
On the Disk Space Requirements window, verify that you have sufficient disk space. Click Next to continue.
|
|
On the Server Configuration window, select the Service Accounts tab. In the Account Name drop-down list, enter the NT AUTHORITY\NETWORK SERVICE account for the SQL Server Reporting Services service. Click Next to continue.
|
|
On the Reporting Services Configuration window, select the Install only option. Note that other options should not be available because the database engine was not selected as a feature for installation. Click Next to continue.
|
|
On the Error Reporting page, select or clear the Send Windows and SQL Server Error Reports to Microsoft or your corporate report server check box, based on your organization’s policies. Click Next to continue. |
|
On the Installation Configuration Rules window, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click Next to continue. |
|
On the Ready to Install window verify all of the settings were entered during the setup process. Click Install to begin the installation of the SQL Server instance.
|
|
When the Complete window appears, click Close to complete the installation of this SQL Server database instance. |
|
By default, Windows Firewall does not allow traffic for SQL Server services or for the SSRS Web Service. Firewall exceptions need to be created if the Windows Firewall is enabled. To create exceptions, open an administrative session of Windows PowerShell. |
|
Run the following commands to create the needed firewall rules: New-NetFirewallRule -DisplayName "SQL Reporting Services" -Protocol TCP -LocalPort 80 Adjust the display names and ports based on organizational requirements. |
|
Open the Windows Firewall with Advanced Security MMC console to verify the results. When verified, close the MMC console. |
|
Verify that SQL Server Reporting Services installed properly by opening the console: on the Start screen, click the Reporting Services Configuration Manager tile. |
|
The Reporting Services Configuration Connection window will appear. In the Server Name text box, specify the name of the Service Manager server. In the Report Server Instance text box, use the default MSSQLSERVER value from the drop-down list. Click Connect. |
|
The Reporting Services Configuration Manager will appear. |
|
In Reporting Services Configuration Manager, click the Database option in the left pane. In the Current Report Server Database section, click the Change Database button. |
|
The Reporting Services Database Configuration Wizard will appear. In the Action section, select Create a new report server database. Click Next to continue. |
|
In the Database Server section, specify the following values: · Server Name – Specify the name of the SQL Server Cluster SCSMDW instance cluster name object and the database instance created for the Service Manager data warehouse installation. · Authentication Type – Specify Current User – Integrated Security from the drop-down list. Click the Test Connection button to verify the credentials and database connectivity. When verified, click Next to continue. |
|
In the Database section, specify the following values: · Database Name – Accept the default value of ReportServer. · Language – Specify the desired language option from the drop-down list. Click Next to continue. |
|
In the Credentials section, specify the Authentication Type as Service Credentials from the drop-down list. Click Next to continue. |
|
In the Summary section, review the selections made. Click Next to create the SQL Server Reporting Services database. |
|
The Progress and Finish section will display the progress of the database creation. Review the report to verify successful creation. Click Finish. |
|
In Reporting Services Configuration Manager, the Database option will now display the database and report server database credentials specified in the wizard. |
|
In Reporting Services Configuration Manager, click the Web Service URL option from the toolbar. Specify the following values: · In the Report Server Web Service Virtual Directory section, set the Virtual Directory value to ReportServer in the provided text box. · In the Report Server Web Service Site Identification section, set the following values: - IP Address – Select All Assigned in the drop-down list. - TCP Port – Specify the desired TCP port (default is 80). - SSL Certificate – Select the available certificate or choose the default (Not Selected). Click Apply to save the settings and create the Web Service URL. |
|
In Reporting Services Configuration Manager, click the Report Manager URL option in the toolbar. Specify the following value: In the Report Manager Site Identification section, keep the default Virtual Directory value, Reports, in the provided text box. Click Apply to save the setting and create the Report Manager URL. |
|
Connect to the Report Manager URL from a web browser to verify that the SQL Server Reporting Services portal is operating properly. |
|
Connect to the Web Service URL from a web browser to verify that the SQL Server Reporting Services web service is operating properly. |
|
Close the Reporting Server Configuration Manager. |
|
SharePoint Foundation 2010 Service Pack 2 (SP2) must be installed to configure SharePoint with the SQL Server 2012 SP2 installation. Use the following procedure to install SharePoint Foundation 2010 SP2 on the Service Manager self-service portal server only.
SharePoint Foundation has a number of prerequisites. If the self-service portal server has internet connectivity, the instructions show how to automatically install them. If the server does not have internet connectivity, the following components must be manually downloaded and installed in this order. These are installations that require accepting the defaults, so individual instructions are not provided.
· SQL Server 2008 Native Client – http://go.microsoft.com/fwlink/?LinkId=123718&clcid=0x409
· WCF fix for Win2008 R2 (KB976462) – http://go.microsoft.com/fwlink/?LinkID=166231
· Windows Identity Framework (KB974405) – http://go.microsoft.com/fwlink/?LinkID=166363
· Microsoft Sync Framework Runtime v1.0 (x64) – http://go.microsoft.com/fwlink/?LinkID=141237&clcid=0x409
· Microsoft Chart Controls for the Microsoft .NET Framework 3.5 – http://go.microsoft.com/fwlink/?LinkID=141512
· Microsoft Filter Pack 2.0 – http://www.microsoft.com/en-us/download/details.aspx?id=17062
· Microsoft SQL Server 2008 Analysis Services ADOMD.NET – http://go.microsoft.com/fwlink/?LinkID=160390&clcid=0x409
· Microsoft Server Speech Platform Runtime – http://go.microsoft.com/fwlink/?LinkID=166378
· Microsoft Server Speech Recognition Language - TELE(en-US) http://go.microsoft.com/fwlink/?LinkID=166371
· SQL 2008 R2 Reporting Services SharePoint 2010 Add-in – http://go.microsoft.com/fwlink/?LinkID=166379
u Perform the following steps on the Service Manager self-service portal virtual machine. (SCSM03) |
|
Log on to the Service Manager self-service portal server (not the Service Manager management server or the data warehouse server). Locate the SharePoint Foundation 2010 installation file. Right-click SharePoint_SP2_en-us.exe, and click Run as administrator to begin setup. |
|
The SharePoint Foundation 2010 setup page will appear. In the Install section, click Install software prerequisites. This installs and configures the Web Server role.
|
|
The Microsoft SharePoint 2010 Products Preparation Tool will open. Click Next to continue. |
|
On the License Terms for software products window, verify that the I accept the terms of the License Agreement installation option check box is selected. Click Next to continue. |
|
After the prerequisites install, the Installation Complete window will appear. Review the list to make sure all components were properly installed. Click Finish to complete the installation. Restart the system.
|
|
After the system restart, log on with an account with administrative privileges, and restart the SharePoint Foundation 2010 installation. In the Install section, click Install SharePoint Foundation.
|
|
On the Read the Microsoft Software License Terms window, verify that the I accept the terms of this Agreement installation option check box is selected. Click Continue. |
|
On the Choose the installation you want window, click the Server Farm button. |
|
On the Server Type window, select the Complete option. Click Install Now. |
|
After installation, the Run Configuration Wizard will appear. Verify that the Run the SharePoint Products Configuration Wizard now check box is selected. Click Close.
|
|
It takes a little time, but the SharePoint Products Configuration Wizard will appear. Click Next to continue. |
|
A message will appear that states some services require a restart as part of the installation. Click Yes to restart the services. |
|
On Connect to a server farm window, select Create a new server farm. Click Next to continue. |
|
On the Specify Configuration Database Settings window, specify the following information in the provided text boxes: · Database server – Specify the name of the SQL Server cluster name object and the database instance created for the Service Manager installation. · Database name – Specify the name of the SharePoint database. In most cases, use the default value of SharePoint_Config. In the Specify Database Access Account section, specify the Username in the form (<DOMAIN>\<USERNAME>) and the associated password for the SQL Server service service account. Click Next to continue. |
|
On the Specify Farm Security Settings window, enter a unique passphrase in the Passphrase text box. Retype the passphrase in the Confirm passphrase text box. Click Next to continue. |
|
On the Configure SharePoint Central Administration Web Application window, click the Specify port number check box, and provide a port number in the provided text box. In the Configure Security Settings section, select the NTLM option. Click Next to continue. |
|
On the Completing the SharePoint Products Configuration Wizard window, review your settings. Click Next. |
|
The wizard will display the progress while performing the SharePoint configuration. When the Configuration Successful page appears, click Finish to complete the configuration of SharePoint Foundation 2010 Service Pack 2. |
|
The Central Administration - Configure your SharePoint farm is automatically launched into a browser window. Click the Start the Wizard button to begin the SharePoint configuration. |
|
In the Service Account section, select Use existing managed account, and select the SQL Service account from the drop-down list. In the Services section, select the Business Data Connectivity Services and Usage and Health data collection check boxes. Click Next to continue. |
|
On the website configuration page, click the Skip button to continue without configuring these settings. |
|
The SharePoint farm configuration is now complete. Click the Finish button to exit the wizard. |
|
The SharePoint Central Administration portal will open. Verify that SharePoint is operating properly by opening the Central Administration portal prior to proceeding to the Service Manager self-service portal installation. |
Additionally, the Service Manager self-service portal installation requires that the .NET Framework 4 package is installed. Use the following procedure to install .NET Framework 4 on the self-service portal.
u Perform the following steps on the Service Manager self-service portal virtual machine. (SCSM03) |
|
From the installation media source, right-click dotNetFx40_Full_x86_x64.exe and select Run as administrator to begin setup. |
|
On the Microsoft .NET Framework 4 Setup page, select the I have read and accept the license terms check box. Click Install to begin the installation. |
|
The wizard will display the installation progress. |
|
When the installation is complete, click Finish. |
|
Additionally, the Service Manager self-service portal installation requires a secure socket layer (SSL) certificate to enable SSL on the portal website. If you are installing the self-service portal without SSL, you can skip this section. There are several ways to request an SSL certificate. The following procedure describes how to request the certificate through the IIS Manager console when you have an in-house CA.
u Perform the following steps on the Service Manager self-service portal virtual machine. (SCSM03) |
|
Log on to the Service Manager virtual machine with a user with local admin rights. In the Server Manager console navigate to Roles > Web Server (IIS) > Internet Information Server. Under Connections click the server node and double-click Server Certificates. |
|
The Server Certificates pane will expand. In the Actions pane, click Create Domain Certificate … |
|
The Create Certificate Wizard will appear. On the Distinguished Name Properties page, complete the information as prompted. Click Next to continue. Note: The Common Name field must equal the exact name of the server, as it will be accessed from the web browser. |
|
On the Online Certificate Authority page, specify the name of your online certificate authority and a friendly name for the certificate. Click Finish to continue. |
|
In the IIS Manager, you will see the newly issued certificate. |
Complete the following procedure to install the Service Manager management server role.
u Perform the following steps on the first Service Manager management server virtual machine. (SCSM01) |
|
Log on to the Service Manager management server (not the Service Manager data warehouse server or the self-service portal server). From the Service Manager installation media source, right-click setup.exe and select Run as administrator to begin setup.
|
|
The Service Manager Setup Wizard will appear. In the Install section, click Service Manager management server to begin the installation. |
|
On the Product registration window, enter the following information in the provided text boxes: · Name – Specify the name of the primary user or responsible party within your organization. · Organization – Specify the name of the licensed organization. · Product key – Provide a valid product key for installation of Service Manager. If no key is provided, select the Install as an evaluation edition (180-day trial) check box. In the License terms section, select the I have read, understood, and agree with the terms of the license terms check box. Click Next to continue. |
|
On the Installation location window, specify a location or accept the default location of C:\Program Files\Microsoft System Center 2012 R2\Service Manager for the installation. Click Next to continue. |
|
On the System check results window, the wizard will verify that all system prerequisites are met. If any prerequisites are not met, they will be displayed on this page. Click Next to continue. |
|
On the Configure the Service Manager database window, specify the following information: · Database server – Specify the name of the SQL Server cluster name object created for the Service Manager installation. · SQL Server instance – Specify Default as the name of the SQL Server database instance created for the Service Manager installation. Select the Create a new database option, and specify the following information: · Database name – Specify the name of the Service Manager database. In most cases, use the default value ServiceManager. · Size (MB) – Specify the initial database size. The default value can be used.. · Data file folder – Specify the storage location associated in the SQL Server cluster data files for the Service Manager database. Cross-check this with the worksheet created earlier. · Log file folder – Specify the storage location associated in the SQL Server cluster for the log files for the Service Manager database. By default, both data and log files point to the same location. You should change to your worksheet location. Click Next to continue. |
For more information, see Planning for Performance and Scalability in System Center 2012 - Service Manager |
On the Configure the Service Manager management group window, specify a unique name in the Management group name text box. This value must be unique across the System Center 2012 R2 products, such as the Service Manager data warehouse and Operations Manager installations. In the Management group administrators text box, specify the Service Manager Administrators group. Click Next to continue. |
|
On the Configure the account for Service Manager services window: · Verify that the Domain account option is selected. · In the User name text box, specify the Service Manager service account. · In the Password text box, type an appropriate password. · In the Domain text box, select a domain from the drop-down list. Before proceeding, click the Test Credentials button to verify the credentials provided. When successful, click Next to continue. |
|
On the Configure the account for Service Manager workflow account window: · Verify that the Domain account option is selected. · In the User name text box, specify the Service Manager workflow account. · In the Password text box, type an appropriate password. · In the Domain text box, select a domain from the drop-down list. Before proceeding, click the Test Credentials button to verify the credentials provided. When successful, click Next to continue. |
|
On the Help improve Microsoft System Center 2012 R2 Service Manager window, select the option to participate or not participate in the CEIP by providing selected system information to Microsoft. Click Next to continue.
|
|
Depending on your system’s configuration, the Use Microsoft Update to help keep your computer secure and up-to-date window may appear. Select the appropriate option to participate or not participate in automatic updating. Select the Initiate machine wide Automatic Update check box. Click Next to continue. |
|
The Installation summary page will appear and display the selections made during the Setup Wizard. Review the options selected. Click Install to continue. |
|
The wizard will display the progress while installing features. |
|
When the installation completes, the wizard will display the Setup completed successfully window. When all steps show successful installation, Make sure the Open the Encryption Backup or Restore Wizard after Setup closes check box is selected to open the wizard after setup. Click Close to complete the installation. |
|
When the installation completes, the Encryption Key Backup or Restore Wizard will appear. On the Introduction window, click Next to continue. |
|
On the Select Action window, select the Backup the Encryption Key option, and click Next to continue. |
|
On the Specify the Location of the Backup File window, in the Path text box select the desired backup file name and path. Note the instructions about suggested location. The destination directory must exist. Click Next to continue. |
|
On the Provide a Password page, type a desired password in the Password text box. Re-type the password in the Confirm Password text box. Click Next to begin the backup process. |
|
Click Finish to exit the wizard. Note: If you receive an error and need to rerun the backup, the backup program is located on the Service Manager installation media at \amd64\Tools\SecureStorageBackup\SecureStorageBackup.exe. |
|
When installed, verify that the Service Manager management server installed properly by opening the console. On the Start screen, click the Service Manager Console tile. |
|
On the Connect to Service Manager Server window, type the Service Manager management server name in the Server name text box. Click Connect to start the console. |
|
The Service Manager Console will open. Validate the installation by reviewing the configuration and making sure that the console operates properly. |
Repeat the installation process if installing a second Service Manager Server. The installation is shorter in subsequent installations because the Service Manager database has already been created, so this installation will make use of that database.
When you reach the Configure the Service Manager database window, select the radio button for Use and existing database. In the Database dropdown list, select ServiceManager. Click Next to continue. |
|
On the Configure the Service Manager management group window, accept the defaults. Click Next to continue. |
|
On the Configure the account for Service Manager services window: · Verify that the Domain account option is selected. · In the User name text box, specify the Service Manager service account. · In the Password text box, type an appropriate password. · In the Domain text box, select a domain from the drop-down list. Before proceeding, click the Test Credentials button to verify the credentials provided. When successful, click Next to continue. |
|
Follow previous instructions for the next pages that appear. When the installation finishes, make sure the check box is cleared for starting the Encryption backup, as it was backed up earlier. Click Finish to complete the installation. |
The following steps must to be completed to install the Service Manager data warehouse server role.
u Perform the following steps on the Service Manager data warehouse server virtual machine. (SCSM02) |
|
Log on to Service Manager data warehouse server (not the Service Manager management server or the self-service portal server). From the Service Manager installation media source, right-click setup.exe and select Run as administrator to begin setup.
|
|
The Service Manager Setup Wizard will appear. In the Install section, click Service Manager data warehouse management server to begin the Service Manager server installation. |
|
On the Product registration window, enter the following information in the provided text boxes: · Name – Specify the name of the primary user or responsible party within your organization. · Organization - Specify the name of the licensed organization. · Product key – Provide a valid product key for installation of Service Manager. If no key is provided, select the Install as an evaluation edition (180-day trial) check box. In the License terms section, select the I have read, understood, and agree with the terms of the license terms check box. Click Next to continue. |
|
On the Installation location page, specify a location or accept the default location of C:\Program Files\Microsoft System Center 2012 R2\Service Manager for the installation. Click Next to continue. |
|
The wizard will verify that all system prerequisites are met on the System check results window. If any prerequisites are not met, they will be displayed on this page. Click Next to continue. |
|
On the Configure the data warehouse databases window, each subcategory will appear with an error message until each of the following sections are configured: · Staging and Configuration · Repository · Data Mart |
|
On the Configure the data warehouse databases window, supply the following information to configure the Staging and Configuration and Repository sections: · Database server – Specify the name of the SQL Server cluster name object that was created for the Service Manager installation data warehouse. · SQL Server instance – Specify Default as the name of the SQL Server database instance. Select the Create a new database option and specify the following information in the provided text boxes: · Database name – Specify the name of the Server Manager data warehouse database. In most cases, use the default value of DWStagingAndConfig for the Staging and Configuration section, and use DWRepository for the Repository section. · Size (MB) – Specify the initial database size. See your worksheets for sizing. · Data file folder – Specify the storage location associated in the SQL Server cluster for the database data files for the Service Manager data warehouse. Check your installation worksheet. · Log file folder – As above. Check your installation worksheet. By default, both data and log files point to the same location. You should change to your worksheet location. · Click Data Mart to continue. |
|
On the Configure the data warehouse databases page, supply the following information in the provided text boxes to configure the Staging and Configuration and Repository sections: · Database server – Specify the name of the SQL Server cluster name object created for the Service Manager installation data warehouse. (This should be the same name that you used earlier for the Staging and Configuration and Repository sections). · SQL Server instance – Specify Default as the name of the SQL Server database instance. Select the Create a new database option and specify the following information in the provided text boxes: · Database name – Specify the name of the Service Manager data warehouse. In most cases, use the default value of DWDataMart. · Size (MB) – Specify the initial database size. · Data file folder – As above. Check your installation worksheet. · Log file folder – As above. Check your installation worksheet. By default, both data and log files point to the same location. You should change to your worksheet location. Click Next to continue. |
|
On the Configure additional data warehouse datamarts window, each subcategory will appear with an error message until each of the following sections are configured: · OM Data mart · CM Data mart
|
|
On the Configure additional data warehouse datamarts window, supply the following information in the provided text boxes to configure the OM Data Mart section: · Database server – Specify the name of the SQL Server cluster name object created for the Service Manager installation data warehouse. (This should be the same name you used earlier for the Staging and Configuration and Repository sections.) · SQL Server instance – Specify Default as the name of the SQL Server database instance. Select the Install Database option, and specify the following information in the provided text boxes: · Database name – Specify the name of the Service Manager OM Data mart database. In most cases, use the default value of OMDWDataMart. · Size (MB) – Specify the initial database size. · Data file folder – As above. Check your installation worksheet. · Log file folder – As above. Check your installation worksheet. By default, both data and log files point to the same location. You should change to your worksheet location. Click Next to continue. |
|
A CM Data mart is created for Configuration Manager integration. To complete this, on the Configure additional data warehouse datamarts window, supply the following information in the provided text boxes to configure the CM Data Mart section: · Database server – Specify the name of the SQL Server cluster name object created for the Service Manager installation data warehouse. (This should be the same name you used earlier for the Staging and Configuration and Repository sections.) · SQL Server instance – Specify Default as the name of the SQL Server database instance. Select the Install Database option and specify the following information in the provided text boxes: · Database name – Specify the name of the Service Manager CM Data mart database. In most cases, use the default value of CMDWDataMart. · Size (MB) – Specify the initial database size. · Data file folder – As above. Check your installation worksheet. · Log file folder – As above. Check your installation worksheet. By default, both data and log files point to the same location. You should change to your worksheet location. Click Next to continue. |
|
On the Configure the data warehouse management group window, specify a unique name in the Management group name text box. This value must be unique across the System Center 2012 R2 products such as the Service Manager management server and Service Manager Operations Manager installations. In the Management group administrators section, select the SCSM Administrators group from the Browse button. Click Next to continue. |
|
On the Configure the reporting server for the data warehouse window, specify the data warehouse server in the Report server text box. In the Report server instance drop-down list, select Default. In the Web service URL drop-down list, select the default reporting server URL. Click Next to continue. |
|
On the Configure the account for Service Manager services window: · Verify that the Domain account option is selected. · Specify the Server Manager service account in the User name text box. · Type the appropriate Password in the provided text box. · Select the appropriate Domain from the drop-down list. Before proceeding, click the Test Credentials button to verify the credentials provided. When successful, click Next to continue. |
|
On the Configure the reporting account window: · Specify the SCSM SQL Server Reporting Services Account in the User name text box. · Type the appropriate Password in the provided text box. · Select the appropriate Domain from the drop-down list. Before proceeding, click the Test Credentials button to verify the credentials provided. When successful, click Next to continue. |
|
On the Configure Analysis Services for OLAP cubes window, select the Create a new database option and specify the following information in the provided text boxes: · Database server – Specify the name of the SQL Server cluster name object created for the Service Manager installation SQL Server Analysis Services. · SQL Server instance – Specify Default as the name of the SQL Server database instance. · Database name – Specify the name of the SQL Server Analysis Services database. In most cases, use the default value of DWASDataBase. Confirm that the Change database storage directory check box is clear, and click Next to continue. |
|
On the Configure Analysis Services Credential window: · Specify the SM OLAP Account in the User name text box. · Type the appropriate Password in the provided text box. · Select the appropriate Domain from the drop-down list. Before proceeding, click the Test Credentials button to verify the credentials provided. When successful, click Next to continue. |
|
On the Help improve Microsoft System Center 2012 R2 Service Manager page, select the option to participate or not participate in the CEIP and provide selected system information to Microsoft. Click Next to continue. |
|
Depending on your system’s configuration, the Use Microsoft Update to help keep your computer secure and up-to-date page may appear. Select the appropriate option to participate or not participate in automatic updating. Choose to invoke checking for updates by selecting the Initiate machine wide Automatic Update check box. Click Next to continue. |
|
The Installation summary window will appear and display the selections made during the Setup Wizard. Review the options selected and click Install to continue. The wizard will display the progress while installing features. |
|
When the installation completes, the wizard will display the Setup completed successfully page. Make sure the Open the Encryption Backup or Restore Wizard after Setup closes check box is selected to open the wizard after setup. Click Close to complete the installation. |
|
When the installation completes, the Encryption Key Backup or Restore Wizard will appear. On the Introduction page, click Next to continue. |
|
On the Select Action page, select the Backup the Encryption Key option, and click Next to continue. |
|
On the Specify the Location of the Backup File page, in the Path text box, select the desired backup file name and path from the drop-down list. Click Next to continue. |
|
On the Provide a Password page, type a desired password in the Password text box. Retype the password in the Confirm Password text box, and click Next to begin the backup process. |
|
Click Finish to exit the wizard. |
u Perform the following steps on the Service Manager management server virtual machine to register the Service Manager data warehouse and enable reporting in the Service Manager instance. (SCSM01) |
|
Log on to the Service Manager management server by using an account with Administrator permissions. From the Windows Start screen, click the Service Manager Console tile.
|
|
In the Service Manager Console, click the Administration node, and in the Register with Service Manager’s Data Warehouse section, click Register with Service Manager Data Warehouse to enable reporting. Note: If the console was opened from the previous installation, close it and re-open the console. |
|
The Data Warehouse Registration Wizard will appear. Click Next to begin registration. |
|
On the Specify the data warehouse management server name window, enter the Service Manager data warehouse server name into Server name. Click the Test Connection button to validate connectivity between the Service Manager management server and the data warehouse server. Click Next to continue. |
|
On the Provide credentials for the data warehouse window, click Next to continue. |
|
A Credentials window will appear and prompt you for the password for the SCSM service account. Enter the password. Click OK to continue. |
|
The Summary window will appear. Review the information that was provided. Click Create to begin the registration process. |
|
The Completion window will show the successful registration of the data warehouse. Click Close to exit the wizard. |
|
Note: The data warehouse registration process can take several hours to complete. During this time, several management packs are imported into the data warehouse, and several data warehouse jobs run. |
|
After a few minutes, the Data Warehouse button will be added to the Service Manager Console. |
|
To check the status of the management pack imports, in the Data Warehouse pane, click Management Packs. Deployment is complete when all listed management packs show a deployment status of Completed. |
|
In the Data Warehouse pane, click Data Warehouse Jobs. In the Data Warehouse Jobs pane, click MPSyncJob. In the MPSyncJob section, in the Synchronization Job Details list, scroll to the right to view the Status column, and then click Status to alphabetically sort the status column. Scroll through the Status list. The management pack deployment process is complete when the status for all of the management packs is Associated or Imported. Confirm that there is no status of Pending Association or Failed in the status list. In the Data Warehouse Jobs pane, the status of the MPSyncJob will change from Running to Not Started when the registration process is complete. |
|
The following steps must to be completed to install the Service Manager self-service portal server role.
u Perform the following steps on the System Center Service Manager self-service portal virtual machine. This system must be running Windows Server 2008 R2. (SCSM03) |
|
Log on to Service Manager self-service portal server (not the Service Manager management server or the data warehouse server). From the Service Manager installation media source, right-click setup.exe and select Run as administrator to begin setup.
|
|
The Service Manager Setup Wizard will appear. In the Install section, click Service Manager web portal to begin the Service Manager self-service portal server installation. |
|
On the Portal Parts window, select the Web Content Server and SharePoint Web Parts check boxes. Click Next to continue. |
|
On the Product registration window, enter the following information in the provided text boxes: · Name – Specify the name of the primary user or responsible party within your organization. · Organization – Specify the name of the licensed organization. In the License terms section, select the I have read, understood, and agree with the terms of the license terms check box. Click Next to continue. |
|
On the Installation location page, specify a location or accept the default location of C:\inetpub\wwwroot\System Center Service Manager Portal for the installation. Click Next to continue. |
|
On the System check results window, the wizard will verify that all system prerequisites are met. If any prerequisites are not met, they will be displayed on this page. Click Next to continue. |
|
On the Configure the Service Manager Self-Service Portal name and port window, specify the following information in the provided text boxes: · Website name – Specify the name of the website used for the self-service portal. In most cases, use the default name of SCSMWebContentServer. · Port – Specify the TCP port used for the Service Manager self-service portal server. The default value is 443. In most cases, this value should be changed to 444. Select the appropriate Server Authentication certificate from the SSL certificate drop-down list. The certificate CN field must match the name of the server. Click Next to continue. |
|
On the Select the Service Manager database window, specify the following information in the provided text boxes: · Database server – Specify the name of the SQL Server cluster name object created for the Service Manager management server. · SQL Server instance – Specify Default as the SQL Server database instance. · Database – Specify the name of the Service Manager database configured earlier. In most cases, use the default value of ServiceManager. Click Next to continue. |
|
On the Configure the account for the Self-Service Portal window: · Verify that the Domain account option is selected, and · Specify the SM Service Account in the User name text box. · Type the appropriate Password in the provided text box. · Select the appropriate Domain from the drop-down list. Before proceeding, click the Test Credentials button to verify the credentials provided. When successful, click Next to continue. |
|
On the Configure the Service Manager SharePoint Web site window, provide the following information: · In the SharePoint site section, specify the following information in the provided text boxes: · Website name – Specify the name of the website used for the self-service portal. In most cases, use the default name of Service Manager Portal. · Port – Specify the TCP port used for the Service Manager self-service portal server. The default value is 443. In most cases, this value should remain at 443. · Select the appropriate server authentication certificate from the SSL certificate drop-down list. This will be the same certificate used for the content server in the previous step. In the SharePoint database section, specify the following information in the provided text boxes: · Database server – Specify the name of the SQL Server cluster network name created for the Service Manager installation SharePoint farm. · SQL Server instance – Specify Default as the SQL Server database instance. · Database server – Specify the database name for the portal. In most cases, use the default value of SharePoint_SMPortalContent. Click Next to continue. |
|
On the Configure the account for Service Manager SharePoint application pool window: · Specify the SM service account in the User name text box. · Type the appropriate Password in the provided text box. · Select the appropriate Domain from the drop-down list. Before proceeding, click the Test Credentials button to verify the credentials provided. When successful, click Next to continue. |
|
On the Help improve Microsoft System Center 2012 window, select the option to participate or not participate in the CEIP and provide selected system information to Microsoft. Click Next to continue. |
|
Depending on your system’s configuration, the Use Microsoft Update to help keep your computer secure and up-to-date window may appear. Select the appropriate option to participate or not participate in automatic updating. Choose to invoke checking for updates by selecting the Initiate machine wide Automatic Update check box. Click Next to continue. |
|
The Installation summary page will appear and display the selections made during the Setup Wizard. Review the options selected and click Install to continue. |
|
The wizard will display the progress while installing features. |
|
When completed, the Service Manger Setup Wizard will display the Setup completed successfully page. Click Close to finish the installation. Note the SMPortal link provided on the page. |
|
From a system with Silverlight® installed, open the Service Manager self-service portal from Microsoft Internet Explorer at https://<servername>/SMPortal. Verify that the page loads completely and that all sections display as expected. |
Two Orchestrator Runbook servers are deployed for high availability purposes. Orchestrator provides built-in failover capabilities. By default, if the primary Runbook server fails, any runbooks that were running on that server will be started from their beginning on the standby Runbook server. In addition, the use of multiple Runbook servers supports Orchestrator scalability. By default, each Runbook server can run a maximum of 50 simultaneous runbooks. To run larger number of simultaneous runbooks, additional Runbook servers are recommended to accommodate scale environments.
Orchestrator Web service is a REST-based service that enables Orchestration Console and various custom applications, for example, System Center Service Manager, to connect to Orchestrator in order to start and stop runbooks and retrieve information about jobs. If the Web service is unavailable, it is not possible to stop and start new runbooks. For high availability and additional capacity there are two IIS servers with Orchestrator Web service role installed and configured for load balancing. For the PLA, those two servers are the same as Runbook servers.
Domain accounts are used for Orchestrator services and a domain group for the Orchestrator Users group.
The Orchestrator installation process includes the high-level steps shown in Figure 12.
Figure 12 Orchestrator Installation Process
This section provides the procedure to set up Orchestrator in the fabric management architecture. The following requirements are necessary for the setup:
· Base virtual machines running Windows Server 2012 R2 have been provisioned.
· A multinode, SQL Server 2012 SP2 cluster with a dedicated instance has been established for Orchestrator in previous steps.
· .NET Framework 3.5 is required
The following environment prerequisites must be met before proceeding.
Verify that the following service accounts have been created:
Table 28 Orchestrator Accounts
User name |
Purpose |
Permissions |
<DOMAIN>\FT-SCO-SVC |
Orchestrator service account |
This account needs: Full Administrator permissions on all target systems to be managed Log on As a Service rights (user rights) Sysadmin on the SQL Server, or dbo rights to the Orchestrator database after its created Member of FT-SCVMM-Admins
|
Verify that the following security groups have been created:
Table 29 Orchestrator Security Groups
Security group name |
Group scope |
Members |
Member of |
<DOMAIN>\FT-SCO-Operators |
Global |
Any user account added to this group is granted permission to use the Runbook Designer and Deployment Manager tools. |
|
<DOMAIN>\FT-SCO-Admins |
Global |
<DOMAIN>\FT-SCO-SVC |
Local Administrators Target Active Directory domain BUILTIN\Distributed COM Users |
The Orchestrator installation requires that .NET Framework 3.5 and HTTP Activation for .NET 4.5 are enabled. Use the following procedure to enable these features.
u Perform the following steps on the Orchestrator virtual machine. |
|
If you do not have access to the internet to contact Microsoft Update, you will need to have the Windows Installation files mounted locally or on an accessible file share. |
Install-WindowsFeature -Name NET-Framework-Core -Source "E:\Sources\sxs" |
The .NET Framework 3.5 feature can be installed with a PowerShell cmdlet, or the following instructions can be followed for using the GUI. If the VM has access to the internet, the –Source parameter should not be needed. |
|
Open Server Manager and navigate to the Dashboard node. In the main pane, under Configure this local server, click Add roles and features from the available options. |
|
The Add Roles and Features Wizard will appear. On the Before You Begin window, click Server Selection in the left pane. |
|
On the Select destination server window, select the Select a server from the server pool button, select the local server, and then click Features in the left pane to continue.
|
|
To add .NET Framework 3.5, on the Select Features window in the Features pane, expand and select the .NET Framework 3.5 Features and .NET Framework 3.5 (includes .NET 2.0 and 3.0) check boxes only. Leave all other check boxes clear. |
|
Expand .NET Framework 4.5 Features item and then expand the WCF item. Select HTTP Activation and then select Add Features on the Add features that are required for HTTP activation window. |
|
The following items should now show as enabled for the .NET Framework features: · .NET Framework 3.5 Features - .NET Framework 3.5 (includes .NET 2.0 and 3.0) · .NET Framework 4.5 Features - .NET Framework 4.5 - ASP.NET 4.5 - WCF Services ù HTTP Activation ù TCP Port Sharing Click Next to continue. |
|
On the Web Server Role (IIS) window click Next to continue. |
|
On the Select role services window, confirm that only Web Server, Common HTTP Features and Default Document are selected and then click Next. |
|
On the Confirm installation selections window, verify that.NET Framework 3.5 Features and .NET Framework 4.5 Features are listed. Make sure that the Restart each destination server automatically if required is not selected. Click Install to begin installation. Note: The Export Configuration Settings option is available as a link on this page to export the options selected to XML. When exported, they can be used in conjunction with the Server Manager module for Windows PowerShell to automate the installation of roles and features. If the server does not have Internet access, an alternate source path can be specified by clicking the Specify an alternate source path link. For servers without Internet access or if the .NET Framework 3.5 source files already exist on the network, an alternate source location be specified here for the installation |
|
The Installation Progress window will show the progress of the feature installation. Click Close when the installation process completes. |
u Perform the following steps on the Orchestrator virtual machine. |
|
From the installation media source, right-click Silverlight.exe and select Run as administrator to begin setup. |
|
On the Install Silverlight window, click Install Now. |
|
On the Enable Microsoft Update window, select or clear the Enable Microsoft Update check box based on organizational preferences, and click Next to continue. |
|
On the Installation Successful window, click Close. |
|
Complete the following steps to install all Orchestrator components.
u Perform the following steps on the Orchestrator virtual machine. (SCO01) |
|
Log on to the Orchestrator virtual machine as a user with local Admin rights. Verify that the following accounts or groups are members of the Local Administrators group on the Orchestrator virtual machine: · Orchestrator service account · Orchestrator Admins group · Operations Manager action account
|
|
Log on to System Center Orchestrator server. From the System Center Orchestrator installation media source, right-click setuporchestrator.exe and select Run as administrator to begin setup.
|
|
The Orchestrator Setup Wizard will appear. Click Install to begin the Orchestrator server installation. |
|
On the Product registration information window, enter the following information in the provided text boxes: · Name – Specify the name of the primary user or responsible party within your organization. · Organization – Specify the name of the licensed organization. · Product Key – Provide a valid product key for installation of Orchestrator. If no key is provided, Orchestrator will be installed in evaluation mode. Click Next to continue. |
|
On the Please read this License Terms window, verify that the I accept the license terms installation option check box is selected, and click Next to continue. |
|
On the Select Features to install window, select the following check boxes: · Management Server (default selected) · Runbook server · Orchestration console and web service · Runbook Designer Click Next to continue. |
|
The Checking for required hardware and software window will appear to verify the installation prerequisites. Click Next to continue. |
|
The Orchestrator Setup Wizard will identify any prerequisite software required for the installation to complete. The Setup will install these missing software prerequisites window will attempt to perform the installation of missing prerequisites. Select the radio button by the missing components and click Next to continue. |
|
When the installation of the missing prerequisites is completed, click Next to continue. |
|
On the Configure the service account window: · Specify the Orchestrator service account in the Username text box. · Type the appropriate Password in the provided text box. · Select the appropriate Domain from the drop-down list. Before proceeding, click the Test button to verify the credentials provided. Click Next to continue. |
|
On the Configure the database server window, enter the following information in the provided text boxes: · Server – Specify the SQL Server cluster name and instance name created earlier. For the reference deployment the server and instance value is SCDB\SCDB. · Port – Specify the TCP port used for the SQL Server, if not the default. For the reference deployment, the SCDB instance port is 10433. In the Authentication Credentials section, select the Windows Authentication option, and click the Test Database Connection button. When successful, click Next to continue. |
|
On the Configure the database window in the Database section, select the New Database option. Accept the default database name of Orchestrator. Click Next to continue. |
|
On the Configure Orchestrator users group window, select the Orchestrator Operators group created earlier from the Browse… button and select to search the domain. Verify that the Grant remote access to the Runbook Designer check box is selected. Click Next to continue. |
|
On the Configure the ports for the web services window, enter the following information in the provided text boxes: · Web service port – Specify the TCP port used for the Orchestrator Web Service. The default value of 81 is recommended. · Orchestration console port – Specify the TCP port used for the Orchestrator console port. The default value of 82 is recommended. Click Next to continue. |
|
On the Select the installation location window, specify a location or accept the default location of C:\Program Files (x86)\Microsoft System Center 2012 R2\Orchestrator for the installation. Click Next to continue. |
|
On the Microsoft Update window, select the appropriate radio button for your environment. Click Next to continue. |
|
The Help Improve Microsoft System Center Orchestrator window provides options for participating in various product feedback mechanisms. These include: · Customer Experience Improvement Program (CEIP) · Error Reporting Select the appropriate options based on your organization’s policies. Click Next to continue. |
|
The Installation summary window will display the selections made during the Setup Wizard. Review the options selected and click Install to continue. |
|
The Installing features window will show the installation progress. |
|
The Setup completed successfully window will appear when all portions of the setup complete successfully. Verify that all check boxes are cleared. Click Close to finish the installation. |
|
Verify that the Orchestrator roles installed properly by opening the consoles: on the Start screen, click the Orchestration Console tile. Note: To run the Orchestration Console on the Orchestrator server, Internet Explorer Enhanced Security must be disabled or configured to function with the console. |
|
Validate that the Orchestration console performs properly in Internet Explorer. |
|
On the Start Menu, click the Runbook Designer tile. |
|
Open the Runbook Designer console, and verify that it performs properly. |
|
On the Start Menu, click the Deployment Manager tile. |
|
Open the Deployment Manager console, and verify that it performs properly. |
|
On the Start Screen, click the Windows Firewall tile. Configure Windows Firewall for the first Orchestrator runbook server.[3] If you want to leave Windows Firewall enabled, you must first enable the following rules in Windows Firewall: · Windows Management Instrumentation (WMI-In) · Windows Management Instrumentation (DCOM-In) · Windows Management Instrumentation (ASync-In) Right-click each rule and click Enable Rule. |
|
Alternatively, the following Windows PowerShell commands can be run to allow the firewall rules: Enable-NetFirewallRule -DisplayName "Windows Management Instrumentation (WMI-In)"
Enable-NetFirewallRule -DisplayName "Windows Management Instrumentation (DCOM-In)"
Enable-NetFirewallRule -DisplayName "Windows Management Instrumentation (ASync-In)" |
|
In Windows Firewall, create a new Program rule. Select the following path from The program path drop-down list: · %SystemRoot%\SysWOW64\orchestratorRemotingService.exe Name the rule SCO – Orchestrator Remoting Service (x64) and click Next. Alternatively, run the following Windows PowerShell command: New-NetFirewallRule -DisplayName "SCO – Orchestrator Remoting Service (x64)" -Program “C:\Windows\SysWOW64\OrchestratorRemotingService.exe”
|
|
In Windows Firewall, create a new Program rule. Select the following path from The program path drop-down list: · %Program Files (x86)%\Microsoft System Center 2012 R2\Orchestrator\Management Server\ManagementService.exe Name the rule SCO – Orchestrator Management Service (x64) and click Next. Alternatively, run the following Windows PowerShell command: New-NetFirewallRule -DisplayName "SCO – Orchestrator Management Service (x64)" -Program “C:\Program Files (x86)\Microsoft System Center 2012 R2\Orchestrator\Management Server\ManagementService.exe”
|
|
Since the first server runs the Orchestration console and web service, two additional ports (TCP 81 and 82) must be opened in Windows Firewall. Follow the preceding step to create and enable two additional firewall Program rules and name them as follows: · SCO – Orchestration Console (TCP 81) · SCO – Web Service (TCP 82) Alternatively, run the following Windows PowerShell commands: New-NetFirewallRule -DisplayName "SCO - Orchestration Console (TCP-In 81)"
New-NetFirewallRule -DisplayName "SCO - Web Service (TCP-In 82)" |
|
Restart the Orchestrator server. |
|
Complete the following steps to install the Orchestrator Runbook components on a second server.
u Perform the following steps on the second Orchestrator virtual machine. (SCO02) |
|
Log on to the Orchestrator virtual machine as a user with local Admin rights. Verify that the following accounts or groups are members of the Local Administrators group on the Orchestrator virtual machine: · Orchestrator service account · Orchestrator Admins group · Operations Manager action account |
|
Log on to System Center Orchestrator server. From the System Center Orchestrator installation media source, right-click setuporchestrator.exe and select Run as administrator to begin setup. |
|
The Orchestrator Setup Wizard will appear. Click Install to begin the Orchestrator Runbook server installation. |
|
On the Product registration information window, enter the following information in the provided text boxes: · Name – Specify the name of the primary user or responsible party within your organization. · Organization – Specify the name of the licensed organization. · Product Key – Provide a valid product key for installation of Orchestrator. If no key is provided, Orchestrator will be installed in evaluation mode. Click Next to continue. |
|
On the Please read this License Terms window, verify that the I accept the license terms installation option check box is selected. Click Next to continue. |
|
On the Select features to install window, Make sure only the Runbook Server is checked. Management Server is selected by default. Click Next to continue. |
|
The Checking for required hardware and software window will appear to verify the installation prerequisites. When validation completes, click Next to continue. |
|
On the Configure the service account window: · Specify the Orchestrator service account in the Username text box. · Type the appropriate Password in the provided text box. · Select the appropriate Domain from the drop-down list. Before proceeding, click the Test button to verify the credentials provided. When successful, click Next to continue. |
|
On the Configure the database server window, enter the following information in the provided text boxes: · Server – Specify the SQL Server cluster name and instance name created earlier. For the reference deployment the server and instance value is SCDB\SCDB. · Port – Specify the TCP port used for the SQL Server, if not the default. For the reference deployment the SCDB instance port is 10433. In the Authentication Credentials section, select the Windows Authentication option, and click the Test Database Connection button. When successful, click Next to continue. |
|
On the Configure the database window, make sure you have selected Existing database and that the appropriate database is selected. The default is Orchestrator. Click Next to continue. |
|
On the Configure Orchestrator users group window, select the Orchestrator Operators group created earlier from the Browse… button and select to search the domain. Verify that the Grant remote access to the Runbook Designer check box is not selected since that option is not being installed. Click Next to continue. |
|
On the Select the installation location window, specify a location or accept the default location of C:\Program Files (x86)\Microsoft System Center 2012 R2\Orchestrator for the installation. Click Next to continue. |
|
On the Microsoft Update window, select the appropriate radio button for your environment. Click Next to continue. |
|
The Help Improve Microsoft System Center Orchestrator window provides options for participating in the error reporting feedback mechanisms. Select the appropriate option based on your organization’s policies. Click Next to continue. |
|
The Installation summary window will display the selections made during the Setup Wizard. Review the options selected. Click Install to continue. |
|
The Installing features window will show the installation progress. |
|
The Setup completed successfully window will appear when all portions of the setup complete successfully. Verify that all check boxes are cleared, and click Close to finish the installation. |
|
Some additional firewall rules are required. Enter the PowerShell cmdlets at the right to enable and add the required rules.
|
Enable-NetFirewallRule -DisplayName "Windows Management Instrumentation (WMI-In)"
Enable-NetFirewallRule -DisplayName "Windows Management Instrumentation (DCOM-In)"
Enable-NetFirewallRule -DisplayName "Windows Management Instrumentation (ASync-In)"
New-NetFirewallRule -DisplayName "SCO – Orchestrator Management Service (x64)" -Program “C:\Program Files (x86)\Microsoft System Center 2012 R2\Orchestrator\Management Server\ManagementService.exe”
New-NetFirewallRule -DisplayName "SCO – Orchestrator Remoting Service (x64)" -Program “C:\Windows\SysWOW64\OrchestratorRemotingService.exe” |
After the installation is complete, install and configure Orchestrator Integration Packs on the target runbook servers.
Additionally, Orchestrator requires the Operations Manager console, but prior to installing it, you must install the Microsoft Report Viewer 2012 package.
Use the following procedure to install the Microsoft Report Viewer 2012 package.
u Perform the following steps on all Orchestrator virtual machines. (SCO01 and SCO02) |
|
From the installation media source, double-click SQLSysClrTypes.msi to begin setup. |
|
On the Welcome to the Installation… window click Next. |
|
On the License Agreement window, select the I accept the license terms check box. Click Next to continue. |
|
On the Ready to Install the Program window click Install. |
|
On the Completing the Microsoft System…Installation window click Finish. |
|
From the installation media source, right-click ReportViewer.exe and select Run as administrator to begin setup. |
|
On the Microsoft Report Viewer 2012 Runtime setup wizard Welcome to the Installation… window click Next. |
|
On the License Agreement window, select the I accept the license terms check box. Click Next to continue. |
|
On the Ready to Install the Program window click Install. |
|
On the Completing the Microsoft Report Viewer 2012 Runtime Installation window click Finish. |
u Perform the following steps on all Orchestrator virtual machines. (SCO01 and SCO02) |
|
From the Operations Manager installation media source, right-click setup.exe and select Run as administrator to begin setup. |
|
The Operations Manager installation wizard will begin. Click Install to begin the Operations Manager console installation. |
|
On the Select features to install window, verify that the Operations console check box is selected. Click Next to continue. |
|
On the Select installation location window, specify a location or accept the default location of C:\ProgramFiles\System Center 2012 R2\Operations Manager for the installation. Click Next to continue. |
|
The wizard will verify that all system prerequisites are met. If any prerequisites are not met, they will be displayed on the Proceed with Setup window. After you verify that the prerequisites are met, click Next to continue. |
|
On the Please read the license terms window, verify that the I have read, understood and agree with the license terms check box is selected. Click Next to continue. |
|
The Help Improve Operations Manager window provides options for participating in various product feedback mechanisms. These include: · Customer Experience Improvement Program · Error Reporting Select the appropriate option based on your organization’s policies. Click Next to continue. |
|
On the Microsoft Update window, select the update options for your environment. Click Next to continue. The Installation Summary window will appear and display the selections made during the installation wizard. Review the options selected. Click Install to continue. |
|
The wizard will display the progress while performing the installation. |
|
After the installation completes, the wizard will display the Setup is complete window. Verify that the start the Management console when the wizard closes check box is selected Click Close to complete the installation. |
|
The Operations Manager console will open. Validate the installation by reviewing the configuration and make sure the console operates properly.
|
u Perform the following steps on the Orchestrator virtual machines. (SCO01 and SCO02) |
|
Log on to the Orchestrator server as a user with Administrator privileges. From the Virtual Machine Manager installation media source, right-click setup.exe and select Run as administrator to begin setup. |
|
The Virtual Machine Manager Setup Wizard will appear. Click Install to begin the Virtual Machine Manager server installation. |
|
You will receive a message stating the prerequisite software was installed and the system will need to be restarted. Reboot the system and restart the installation. |
|
On the Select features to install window, verify that the VMM console installation option check box is selected. Click Next to continue. |
|
On the Please read this license agreement window, verify that the I have read, understood and agree with the terms of the license agreement installation option check box is selected. Click Next to continue. |
|
On the Customer Experience Improvement Program window, click Next to continue. |
|
Depending on the current configuration of the server, the Microsoft Update window may appear. Select the option to allow or not allow Virtual Machine Manager to use Microsoft Update to check for and perform Automatic Updates, based on your organization’s policies. Click Next to continue. |
|
On the Select installation location window, specify a location or accept the default location of C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager for the installation. Click Next to continue. |
|
On the Port Configuration window, specify the port used for communication with the VMM management server in the provided text box. If no modifications were made during Virtual Machine Management installation, the default port would be 8100. Click Next to continue. |
|
The Installation summary window will appear and display the selections made during the Setup Wizard. Review the options selected. Click Install to continue. |
|
When the installation completes, the wizard will display the Setup completed successfully window. Clear the box to check for VMM updates. Make sure the box is checked to open the VMM console to validate it is properly working. Click Close to complete the installation. |
Complete the following steps to register the Orchestrator Integration Packs.
u Perform the following steps on all Orchestrator runbook server virtual machines. (SCO01 and SCO02) |
|
Download the System Center 2012 R2 – Orchestrator Component Add-ons and Extensions from the Microsoft Download Center. Expand the Orchestrator Integration Pack files. |
|
On the Start screen, click the Deployment Manager tile. |
|
In the Runbook Designer console on the selected runbook server, right-click the Integration Packs node, and click Register IP with the Orchestrator Management Server… |
|
The Integration Pack Registration Wizard will appear. Click Next to continue. |
|
On the Select Integration Packs or Hotfixes page, click Add. Navigate to the expanded integration packs folder created earlier. Select the following integration packs from the File name drop-down list, and click Open: · System Center 2012 Configuration Manager · System Center 2012 Data Protection Manager · System Center 2012 Operations Manager · System Center 2012 Service Manager · System Center 2012 Virtual Machine Manager |
|
When all the integration packs are open click Next to continue. |
|
The Completing the Integration Pack Wizard window will appear with a summary of selections. Verify the selections, and click Finish to begin the integration pack installation. |
|
During the installation, each integration pack will display Microsoft Software License Terms. Click Accept to continue with the installation. |
|
When complete, each integration pack will be displayed in the Orchestrator Deployment Manager interface. |
Complete the following steps to deploy the Orchestrator Integration Packs.
u Perform the following steps on Orchestrator virtual machine with the Runbook Designer role. (SCO01 and SCO02) |
|
On the Start screen click the Deployment Manager tile. |
|
In the Runbook Designer console on the selected runbook server, right-click the Integration Packs node and select Deploy IP to Runbook Server or Runbook Designer… |
|
The Integration Pack Deployment Wizard will appear. Click Next to continue. |
|
On the Deploy Integration Packs or Hotfixes page, select the check boxes for the following integration packs: · System Center 2012 Configuration Manager · System Center 2012 Data Protection Manager · System Center 2012 Operations Manager · System Center 2012 Service Manager · System Center 2012 Virtual Machine Manager Click Next to continue. |
|
On the Computer Selection Details window, type the names of the Orchestrator management servers and click Add. When all servers are added click Next to continue. |
|
On the Installation Configuration window, in the Advanced Options section, select Stop all running Runbooks before installing the Integration Packs or Hotfixes. Click Next to continue. |
|
The Completing the Integration Pack Deployment Wizard will appear with a summary of selections. Click Finish to begin the integration pack installation. |
|
When complete you will be able to see in the log file the success of the deployment. |
|
On the Start screen of the Runbook Designer server, click the Runbook Designer tile. |
|
Verify that each integration pack is displayed in the Runbook Designer interface. |
|
To complete the configuration of the integration packs, open the Orchestrator Runbook Designer Console, click the Options menu, and click SC 2012 Virtual Machine Manager. |
|
On the Prerequisite Configuration window, click Add. |
|
On the Add Configuration window fill in the Name of the SCVMM highly available service. Click … for Type and select System Center Virtual Machine Manager. Click OK. Back on the Prerequisite Configuration window click Finish to save the changes. |
|
While still in the Orchestrator Runbook Designer Console, click the Options menu, and click SC 2012 Operations Manager. |
|
On the Microsoft System Center Operations Manager Connections window, click Add. |
|
On the MS System Center Operations Manager Connection Settings window, fill in the required information for the Operations Manager management server, and click Test Connection. When connectivity is verified, click OK. Back on the Prerequisite Configuration window click Finish to save the changes. |
|
In the Orchestrator Runbook Designer console, click the Options menu, and click SC 2012 Service Manager. |
|
On the Connections window, click Add. |
|
On the Connection window, fill in the required information for the Service Manager management server. Click Test Connection. When connectivity is verified, click OK. Back on the Prerequisite Configuration window click Finish to save the changes. |
The Cisco UCS OIP (Orchestrator Integration Pack) is a plug-in for System Center 2012 Orchestrator. It is used to develop runbooks for automating processes that need to read and modify information within Cisco UCS Manager.
After downloading the Cisco UCS OIP, extract the installation file from the zip file. Then perform the following steps on all Orchestrator management servers to register the integration pack.
u Make sure that Cisco UCS PowerTool has been installed on all Orchestrator management servers. (SCO01 and SCO02) |
|
Close any instances of the Runbook Designer. |
|
Launch the System Center 2012 R2 Orchestrator Deployment Manager. |
|
Right-click Integration Packs and select Register IP with the Orchestrator Management Server. Click Next on the Welcome window. |
|
On the Select Integration Packs or Hotfixes window, click Add. Browse to the location where you extracted the OIP file and select the file. Click Next to continue. Click Finish on the Completing the Integration Pack Wizard window. |
|
Click Accept on the End User License Agreement window to complete the installation. |
From the Deployment Manager, right-click Integration Packs and select Deploy IP to Runbook Server or Runbook Designer… Click Next on the Welcome screen. |
|
On the Deploy Integration Packs or Hotfixes window, select the Cisco UCS Integration Pack. Click Next to continue. |
|
On the Computer Selection Details window, enter the names of the Runbook Servers. Click Next to continue. |
|
On the Installation Configuration window make sure the radio button by Stop all running Runbooks before installing the Integration Packs or Hotfixes is selected. Click Next to continue. Click Finish on the Summary page that comes up. Status windows will display for each server previously entered. |
|
In the Deployment Manager console, expand Runbook Servers. Make sure the server is listed. Select the server to validate the integration pack is deployed. Repeat for each Runbook Server. |
On each system running the Orchestrator Runbook Designer, configure the Cisco UCS OIP.
Launch the Runbook Designer. Select Options and then Cisco UCS. Note: If you do not see Cisco UCS under Options, make sure you have installed Cisco UCS PowerTool. |
|
On the Prerequisite Configuration window, click Add… |
|
On the Add Configuration page, enter a Name for this configuration. Click the … at the end of the Type field and select PsModulePath. Click OK on the Item Selection window. |
|
In the Properties field of PsModulePath field, enter the location where the Cisco UCS PowerTool PowerShell module is installed. By default, this is located at C:\Program Files (x86)\Cisco\Cisco UCS PowerTool\Modules\CiscoUcsPS\CiscoUcsPS.psd1. Click OK to continue. |
|
On the Prerequisite Configuration window, click Finish to complete the configuration. |
Cisco provides a small set of sample runbooks that assist in learning how to use the various activities available in their Integration Pack. Download the zip file and extract its contents. Perform the import of the sample runbooks on any Runbook Designer system.
In the Runbook Designer, right-click Runbooks, then click New… and select Folder to create a new folder in which to store the sample runbooks. Provide a name for the new folder. Note: Creating a new folder is optional. By default, the sample runbooks will import into a folder named Sample Runbooks under whatever level you import it. |
|
Right-click the newly created folder and select Import… |
|
On the Import Options window browse to the File Location where you extracted the contents of the sample runbooks zip file. Click Finish to complete the import. When the process is complete, click OK on the successful completion window. |
|
Open the newly create folder to view the sample runbooks. |
The App Controller installation process includes the high-level steps shown in Figure 13.
Figure 13 App Controller Installation Process
This section provides a high-level walkthrough for how to set up App Controller. The following requirements are necessary for the setup:
· A base virtual machine running Windows Server 2012 R2 has been provisioned for App Controller.
· A SQL Server 2012 SP2 cluster with dedicated instance has been established in previous steps for App Controller.
· The System Center Virtual Machine Manager console is installed.
· .NET Framework 3.5 is installed.
· Microsoft Silverlight Runtime is installed.
· A Trusted Server Authentication (SSL) Certificate (the CN field of the certificate must match the server name) is installed.
The following environment prerequisites must be met before proceeding.
Verify that the following service accounts have been created:
Table 30 App Controller Accounts
User name |
Purpose |
Permissions |
<DOMAIN>\ FT-SCAC-SVC |
App controller service account |
This account needs to be a member in the following groups: · FT-SCAC-Admins · FT-SCVMM-Admins |
Verify that the following security groups have been created:
Table 31 App Controller Security Groups
Group name |
Purpose |
Members |
<DOMAIN>\ FT-SCAC-Admins |
App Controller Admin group |
<DOMAIN>\ FT-SCAC-SVC <DOMAIN>\ FT-SCVMM-Admins |
The App Controller installation requires that .NET Framework 3.5 is enabled to support installation. Use the following procedure to enable.NET Framework 3.5.
u Perform the following steps on the App Controller virtual machine. |
|
If you do not have access to the internet to contact Microsoft Update, you will need to have the Windows Installation files mounted locally or on an accessible file share. |
|
The .NET Framework 3.5 feature can be installed with a PowerShell cmdlet, or the following instructions can be followed for using the GUI. If the VM has access to the internet, the –Source parameter should not be needed. |
Install-WindowsFeature -Name NET-Framework-Core -Source "E:\Sources\sxs"
|
Open Server Manager and navigate to the Dashboard. In the main pane, under Configure this local server, click Add roles and features. |
|
The Add Roles and Features Wizard will appear. On the Before You Begin window, click Server Selection in the left pane to continue. |
|
On the Select destination server window, select the Select a server from the server pool button, select the local server, and then click Features in the left pane to continue.
|
|
To add .NET Framework 3.5, on the Select Features window, in the Features pane select the .NET Framework 3.5 Features and .NET Framework 3.5 (includes .NET 2.0 and 3.0) check boxes only. Leave all other check boxes clear. Click Next to continue. |
|
On the Confirm installation selections window, verify that.NET Framework 3.5 Features is listed. Make sure that the Restart each destination server automatically if required is not selected. Click Install to begin installation. Note: The Export Configuration Settings option is available as a link on this page to export the options selected to XML. When exported, they can be used in conjunction with the Server Manager module for Windows PowerShell to automate the installation of roles and features. If the server does not have Internet access, an alternate source path can be specified by clicking the Specify an alternate source path link. |
|
For servers without Internet access or if the .NET Framework 3.5 source files already exist on the network, an alternate source location be specified here for the installation.
|
|
The Installation Progress window will show the progress of the feature installation. Click Close when the installation process completes. |
u Perform the following steps on the App Controller virtual machine. (SCAC01) |
|
From the installation media source, right-click Silverlight.exe and select Run as administrator to begin setup. |
|
On the Install Silverlight window, click Install now. |
|
On the Enable Microsoft Update window, select or clear the Enable Microsoft Update check box, based on organizational preferences, and click Next to continue. |
|
On the Installation Successful window, click Close. |
|
Complete the following steps install the Virtual Machine Manager console on the target App Controller virtual machines.
u Perform the following steps on the App Controller virtual machines. |
|
Log on to the App Controller server as a user with Administrator privileges. From the Virtual Machine Manager installation media source, right-click setup.exe and select Run as administrator to begin setup. |
|
The Virtual Machine Manager Setup Wizard will appear. Click Install to begin the Virtual Machine Manager server installation. |
|
On the Select features to install window, verify that the VMM console installation option check box is selected. Click Next to continue. |
|
On the Please read this license agreement window, verify that the I have read, understood and agree with the terms of the license agreement installation option check box is selected. Click Next to continue. |
|
On the Customer Experience Improvement Program window, click Next to continue. |
|
Depending on the current configuration of the server, the Microsoft Update window may appear. Select the option to allow or not allow Virtual Machine Manager to use Microsoft Update to check for and perform Automatic Updates, based on your organization’s policies. Click Next to continue. |
|
On the Select installation location window, specify a location or accept the default location of C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager for the installation. Click Next to continue. |
|
On the Port Configuration window, specify the port used for communication with the VMM management server in the provided text box. If no modifications were made during Virtual Machine Management installation, the default port would be 8100. Click Next to continue. |
|
The Installation summary window will appear and display the selections made during the Setup Wizard. Review the options selected. Click Install to continue. |
|
When the installation completes, the wizard will display the Setup completed successfully window. Click Close to complete the installation. |
Complete the following steps to install the App Controller portal server.
u Perform the following steps on the App Controller virtual machine. (SCAC01) |
|
Log on to the App Controller virtual machine as a user with local Admin rights. Verify the following accounts or groups are members of the local Administrators group on the App Controller portal virtual machine: · Operations Manager action account · App Controller service account · App Controller Admins group
|
|
Log on to the System Center App Controller server. From the System Center App Controller installation media source, right-click setup.exe and select Run as administrator to begin setup.
|
|
The App Controller Setup Wizard will appear. Click Install to begin the App Controller server installation. |
|
On the Enter your product registration information window, provide a valid product key for the Orchestrator installation. If no key is provided, App Controller will be installed in evaluation mode. Click Next to continue. |
|
On the Review the software license terms window, verify that the I have read, understood and agree with the terms of this license agreement installation option check box is selected. Click Next to continue. |
|
On the Install missing software window, the wizard will detect missing roles and software and attempt installation of missing prerequisites. Click Install to enable missing roles and features. |
|
The wizard will display the progress while installing features. |
|
On the Select the installation path window, accept the default installation location of C:\Program Files\Microsoft System Center 2012 R2\App Controller, or click the Browse button to specify a different location. Click Next to continue. |
|
Before proceeding with the following steps, install a certificate on this system. Earlier, steps were provided to request and install a certificate from a third party. Active Directory also has a Certificate Services component. If your organization has its own Certificate Authority and it is set up for auto-enrollment, these following steps can be followed. It happens now because IIS is now installed on this system. |
|
From the Start menu, launch the Internet Information Services Manager. |
|
Click the Application Controller home window in the Connections pane. From the IIS section in the middle double-click Server Certificates. |
|
From the Actions pane, click Create Domain Certificate … |
|
Fill in the contents of the Create Certificate window. Make sure that Common Name is the same as the name of the Applications Controller server. Click Next to continue. |
|
Click the Select… button to obtain a drop-down list of available certificate servers. Select the one appropriate to your environment. Enter the name of the Application Controller server as the Friendly name. Click Finish to install the certificate. When the certificate is installed, return to the installation of the Application Controller server software. |
|
On the Configure the services window, verify that the Domain account option is selected, and specify the App Controller service account in the Domain and user name text box. Provide the associated Password in the supplied text box. In the Port text box, accept the default TCP port of 18622, or change the port to meet your organization’s requirements. In most cases, keep the default port selection. Click Next to continue. |
|
On the Configure the website window provide the following information: In the Type: HTTPS, in the IP address text box, select All unassigned from the drop-down list. Set the Port value to 443. Verify that the Use existing certificate option is selected and select the proper Server Authentication certificate that installed within the virtual machine from the drop-down list. Click Next to continue. Note: Although not recommended, if a Server Authentication certificate cannot be obtained and installed on the App Controller server, you may choose the Generate self-signed certificate option to satisfy installation requirements. |
|
On the Configure the SQL Server database window make the following selections to install the App Controller database in the SCO instance (refer to the worksheet created earlier): · Server Name – Specify the cluster network name of the SQL Server failover cluster hosting the instance. For the reference installation, the server name is SCDB. · Port – Specify the TCP port used for SQL Server connectivity. For the reference installation, the port value is 22118. · Instance name - Specify the instance name where the AppController database will be installed (the SCDB instance). . For the reference installation, the instance name is SCDB. · Database name – Specify the name of the App Controller database. In most cases, use the default value of AppController. Click Next to continue. |
|
The Help Improve App Controller for System Center 2012 window provides options for participating in various product feedback mechanisms. These include: · Customer Experience Improvement Program (CEIP) · Microsoft Update Select the appropriate options, based on your organization’s policies. Click Next to continue. |
|
On the Confirm the settings window, verify the settings provided during the Setup Wizard. Click Install to begin the installation. |
|
The wizard will display the progress while installing features |
|
When complete, the Setup completed successfully window will appear with progress of each component. Verify that each component installed successfully. Verify that the Start the App Controller website when Setup closes check box is not selected. Click Finish. |
|
Open a browser and enter the URL for the web site – https://SCAC01/. The System Center 2012 App Controller website will appear. Because no users have been created in SCVMM, enter in the administrative account used to install Virtual Machine Manager (which has been assigned an admin role in SCVMM). Click Sign in. |
|
The App Controller portal will appear. After validating the functionality, the App Controller installation is considered complete. |
Service Management Automation is included in the System Center 2012 R2 release as an add-on component of Windows Azure Pack allowing for the automation of various tasks, similar to those performed using Orchestrator runbooks.
Service Management Automation also incorporates the concept of a runbook for developing automated management sequences, but rather than use activities to piece together the tasks, Service Management Automation relies on PowerShell workflows. PowerShell workflows are based on Windows Workflow Foundation and allow for asynchronous task management of multiple devices in IT environments.
Service Management Automation is made up of three roles: the runbook worker(s), web service(s), and the Service Management Automation PowerShell module. The Web Service provides an endpoint to which Windows Azure Pack connects. It is also responsible for assigning runbook jobs to runbook workers and delegating access user rights to Service Management Automation. Runbook workers actually initiate runbook jobs and can be deployed in a distributed fashion for redundancy purposes. A Service Management Automation PowerShell module is also included which provides a set of additional cmdlets.
The Service Management Automation installation process includes the high-level steps shown in Figure 14:
Figure 14 Service Manager Automation Installation Process
Service Management Automation is a set of tools that is integrated as the Automation extension in Windows Azure Pack for Windows Server. IT pros and IT developers can use Automation to construct, run, and manage runbooks to integrate, orchestrate, and automate IT business processes. Automation runbooks run on the Windows PowerShell workflow engine.
The following environment prerequisites must be met before proceeding.
Verify that the following service accounts have been created:
Table 32 Service Manager Automation Accounts
User name |
Purpose |
Permissions |
<DOMAIN>\ FT-SCSMA-SVC |
Service Manager Automation service account |
|
Verify that the following security groups have been created:
Table 33 Service Manager Automation Groups
Group name |
Purpose |
Members |
<DOMAIN>\ FT-SCSMA-Admins |
Service Manager Automation Admin group |
|
The Service Management Automation installation requires the Web Server Role and several additional role features. Use the following procedure to add this role and features to the server.
u Perform the following steps on the each Server Management Automation virtual machine. (SCSMA01 and SCSMA02) |
|
Open Server Manager and navigate to the Dashboard node. In the main pane, under Configure this local server, select Add roles and features. |
|
The Add Roles and Features Wizard window appears. On the Before You Begin window, click Server Selection in the left pane. (Do not click Next.) |
|
On the Select destination server window, select the Select a server from the server pool button, select the local server and then click Features in the left pane. (Do not click Next.) |
|
On the Select Server roles window, select the Web Server (IIS) role. In the window that displays asking to add features that are required for this role, click Add Features. Click Next to continue.
|
|
In the Select features section, expand .NET Framework 4.5 Features item and then expand the WCF Services item. Select HTTP Activation. In the window that displays asking to add features that are required for this feature, click Add Features. Click Next to continue. |
|
On the Web Server Role (IIS) window click Next to continue. |
|
On the Select role services window, expand Security and select the Request Filtering, Basic Authentication, URL Authorization, and Windows Authentication checkboxes. Click Next. |
|
On the Confirm installation selections window verify that the previously selected roles and features are listed. Make sure that the Restart each destination server automatically if required is selected. In the window that displays asking if you want the automatic restart, click Yes. Click Install to begin installation. |
|
The Installation Progress window will show the progress of the feature installation. Click Close when the installation process completes. |
There are several ways to request an SSL certificate. The following procedure describes how to request the certificate through the IIS Manager console. This procedure assumes that you are running a Certificate Authority within your environment. If you are using externally requested certificates, your procedure will be different.
u Perform the following steps on the each Server Management Automation virtual machine. (SCSMA01 and SCSMA02) |
|
Log on to the virtual machine as a user with local administrator rights. From the Server Manager Tools menu, click Internet Information Services (IIS) Manager.
|
|
In the Internet Information Services (IIS) Manager console, click the server node, and in the IIS section double-click Server Certificates. |
|
The Server Certificates pane will expand. In the Actions pane, click Create Domain Certificate … |
|
The Create Certificate Wizard will appear. On the Distinguished Name Properties page, complete the information as prompted. Click Next to continue. Note: The Common Name field must equal the exact name of the server, as it will be accessed from the web browser. |
|
On the Online Certificate Authority page, click Select… to find the name of your online certificate authority and enter a friendly name for the certificate. Click Finish to continue.
|
|
In the IIS Manager, you will see the newly issued certificate. |
Complete the following steps to install the Web Service.
u Perform the following steps on the each Server Management Automation virtual machine. (SCSMA01 and SCSMA02) |
|
From the System Center Orchestrator installation media source, right-click setupOrchestrator.exe and select Run as administrator to begin setup. |
|
The Orchestrator Setup Wizard will appear. Under Automation, click Web Service to begin the SMA Web Service installation Wizard. |
|
The Service Management Automation Wizard will appear. Click Install to begin the SMA Web Service installation. |
|
On the Product registration information window, type the following information in the provided text boxes: · Name – Specify the name of the primary user or responsible party within your organization. · Organization - Specify the name of the licensed organization. · Product key – Provide a valid product key for installation of Virtual Machine Manager. If no key is provided, Virtual Machine Manager will be installed in evaluation mode. Click Next to continue. |
|
On the License Terms window, verify that the I have read, understood and agree with the terms of this license agreement installation option check box is selected. Click Next to continue. |
|
On the Prerequisites window, the wizard will verify that all system prerequisites are met. If any prerequisites are not met, they will be displayed on the page. Click Next to continue. |
|
On the Configure the database server window, specify the following information in the provided text boxes: · Server – Specify the name of the database instance created for the shared System Center SQL instance. · Port Number – Specify number of the SCDB port recorded earlier in the installation (found in the section on building the SQL Server cluster in the previous CVD) · Database name – Specify the name of the database. In most cases, use the default value. Under Authentication Credentials, select Windows Authentication. Click Next to continue. |
|
On the Configure the web service window, specify the following accounts in the Domain Security groups or users with access box: · SMA Admins Group · SMA Service Account In the Application pool credentials section, specify the SMA Service Account and password Click Next to continue. |
|
On the Configure the web service window, specify the following information in the provided text boxes: · Port Number – Accept the default of 9090. Under Server Certificate, select Use existing certificate and select the previously installed certificate. Click Next to continue. Note: While a self-signed certificate can be used, it is recommended in production scenarios to use a valid certificate issued from a trusted certification authority. |
|
On the Specify a location for the web service files window, accept the default path. Click Next to continue. |
|
On the Help improve Microsoft System Center 2012 R2 Service Management Automation window, select the option to participate or not participate in the CEIP by providing selected system information to Microsoft. Under the Microsoft Update portion of the window, select the appropriate option to participate or not participate in automatic updating. Click Next to continue. |
|
The Installation summary window will appear and display the selections made during the Setup Wizard. Review the options selected. Click Install to continue. |
|
When the installation completes, the wizard will display the Finished page. Click Close to complete the installation. |
Complete the following steps to install the Runbook Worker.
u Perform the following steps on the each Server Management Automation virtual machine. (SCSMA01 and SCSMA02) |
|
From the System Center Orchestrator installation media source, right-click setupOrchestrator.exe and select Run as administrator to begin setup. |
|
The Orchestrator Setup Wizard will appear. Under Automation, click Runbook Worker to begin the SMA Runbook Worker installation Wizard. |
|
The Service Management Automation Wizard will appear. Click Install to begin the SMA Runbook Worker installation. |
|
The On the Product registration information window, type the following information in the provided text boxes: · Name – Specify the name of the primary user or responsible party within your organization. · Organization - Specify the name of the licensed organization. · Product key – Provide a valid product key for installation of Virtual Machine Manager. If no key is provided, Virtual Machine Manager will be installed in evaluation mode. Click Next to continue. |
|
On the License Terms page, verify that the I have read, understood and agree with the terms of this license agreement installation option check box is selected, and click Next to continue. |
|
On the Prerequisites window, the wizard will verify that all system prerequisites are met. If any prerequisites are not met, they will be displayed on the page. Click Next to continue. |
|
On the Configure the database server window, specify the following information in the provided text boxes: · Server – Specify the name of the Service Reporting Server. · Port Number – Specify number of the SCDB port recorded earlier in the installation · Database name – Specify the name of the database. In most cases, use the default value. · Under Authentication Credentials, select Windows Authentication. Click Next to continue. |
|
On the Configure the service account window, specify the following information in the provided text boxes: · Service account credentials – Specify the SMA Service account. Click Next to continue. |
|
On the Specify a location for the runbook worker files window, accept the default path. Click Next to continue. |
|
On the Help improve Microsoft System Center 2012 R2 Service Management Automation window, select the option to participate or not participate in the CEIP by providing selected system information to Microsoft. Under the Microsoft Update portion of the page. Select the appropriate option to participate or not participate in automatic updating. Click Next to continue. |
|
The Installation summary window will appear and display the selections made during the Setup Wizard. Review the options selected and click Install to continue. |
|
When the installation completes, the wizard will display the Finished window. Click Close to complete the installation. |
Complete the following steps to install the PowerShell Automation Module.
u Perform the following steps on the each Server Management Automation virtual machine. (SCSMA01 and SCSMA02) |
|
From the System Center Orchestrator installation media source, right-click setupOrchestrator.exe and select Run as administrator to begin setup. |
|
The Orchestrator Setup Wizard will appear. Under Automation, click PowerShell Module to begin the SMA PowerShell Module installation. |
|
The Install will run silently to install the PowerShell Module. This takes only a few moments to run. |
In System Center 2012 R2, Service Provider Foundation (SPF) provides web service API that integrates with Virtual Machine Manager. Its primary purpose is to provide service providers and third party vendors with the ability to develop portals that seamlessly front end the infrastructure components of System Center.
The SPF architecture allows for compute resource management through a REST API that facilities communication with a web service through the OData protocol. Claims-based authentication can be used to verify authorized tenant resources assigned by the service provider. These resources are housed in a database.
The System Center Service Provider Foundation (SPF) 2012 R2 installation process includes the high-level steps shown in Figure 15:
Figure 15 Service Provider Foundation Installation Process
Service providers can use Service Provider Foundation technology to offer infrastructure as a service (IaaS) to their clients. If a service provider has a front-end portal for clients to interact with, Service Provider Foundation makes it possible for the clients to access the resources on their hosting provider’s system without making changes to the portal.
This section provides a high-level walkthrough for how to set up Service Provider Foundation. The following requirements are necessary for the setup:
· A base virtual machine running Windows Server 2012 R2 has been provisioned for Service Provider Foundation.
· A SQL Server 2012 SP2 cluster has been established in previous steps with a dedicated instance for Service Provider Foundation.
· The System Center Virtual Machine Manager console is installed.
· A Trusted Server Authentication (SSL) Certificate (the CN field of the certificate must match the server name) is installed.
The following environment prerequisites must be met before proceeding.
Verify that the following service accounts have been created:
Table 34 Service Provider Foundation Accounts
User name |
Purpose |
Permissions |
<DOMAIN>\ FT-SCSPF-SVC |
Service Provider Foundation service account. Account used to run the SPF service, the identity for the four SPF IIS application pools and the account used for VMM access and integration. |
This domain account needs to be a member in the following groups: FT-SCVMM-Admins FT-SCSPF-Admins FT-SCSPF-Provider FT-SCSPF-VMM FT-SCSPF-Usage <SPF Server>\Administrators <SPF Server>\SPF_Admin <SPF Server>\SPF_Provider <SPF Server>\SPF_Usage <SPF Server>\SPF_VMM |
<SPF Server>\Local-SPF-SVC |
Service Provider Foundation local account used as the integration account for Windows Azure Pack. |
This local account needs to be a member in the following groups: <SPF Server>\Administrators <SPF Server>\SPF_Admin <SPF Server>\SPF_Provider <SPF Server>\SPF_Usage <SPF Server>\SPF_VMM |
Verify that the following security groups have been created:
Table 35 Service Provider Foundation Groups
Group name |
Purpose |
Members |
<DOMAIN>\ FT-SCSPF-Admins |
Service Provider Admin domain group used to provide domain accounts admin rights to all SPF components and web services. |
<DOMAIN>\ FT-SCSPF-SVC |
<DOMAIN>\ FT-SCSPF-Provider |
Service Provider domain group used to provide domain accounts access to the SPF Provider web service. |
Appropriate domain accounts to be delegated permissions to services. |
<DOMAIN>\ FT-SCSPF-VMM |
Service Provider domain group used to provide domain accounts access to the SPF VMM web service. |
Appropriate domain accounts to be delegated permissions to services. |
<DOMAIN>\ FT-SCSPF-Usage |
Service Provider domain group used to provide domain accounts access to the SPF Usage web service. |
Appropriate domain accounts to be delegated permissions to services. |
<SPF Server>\SPF_Admin |
Local group created by SPF setup process to provide access to the Admin web service. Domain groups and accounts must be added after setup completes. |
This local group should contain the following members: <SPF Server>\Local-SPF-SVC <DOMAIN>\FT-SCSPF-Admins
|
<SPF Server>\SPF_Provider |
Local group created by SPF setup process to provide access to the Admin web service. Domain groups and accounts must be added after setup completes. |
<SPF Server>\Local-SPF-SVC <DOMAIN>\FT-SCSPF-Admins <DOMAIN>\ FT-SCSPF-Provider
|
<SPF Server>\SPF_VMM |
Local group created by SPF setup process to provide access to the Admin web service. Domain groups and accounts must be added after setup completes. |
<SPF Server>\Local-SPF-SVC <DOMAIN>\FT-SCSPF-Admins <DOMAIN>\ FT-SCSPF-VMM
|
<SPF Server>\SPF_Usage |
Local group created by SPF setup process to provide access to the Admin web service. Domain groups and accounts must be added after setup completes. |
<SPF Server>\Local-SPF-SVC <DOMAIN>\FT-SCSPF-Admins <DOMAIN>\ FT-SCSPF-Usage
|
The Service Provider Foundation installation requires the Web Server Role and several additional role features. Use the following procedure to add this role and features to the server.
u Perform the following steps on the each Server Management Automation virtual machine. (SCSPF01 and SCSPF02) |
|
Open Server Manager and navigate to the Dashboard node. In the main pane, under Configure this local server, select Add roles and features. |
|
The Add Roles and Features Wizard appears. On the Before You Begin window, click Server Selection in the left pane. (Do not click Next.) |
|
On the Select destination server window, select the Select a server from the server pool button, select the local server. Click Next. |
|
On the Select Server Roles window, in the Roles pane, scroll down and select the Web Server (IIS) check box. In the window that displays asking to Add features that are required for Web Server (IIS), click Add Features. Click Next to continue. |
|
On the Select features window, expand .NET Framework 4.5 Features > WCF Services. Select HTTP Activation. In the window that displays asking to Add features that are required for HTTP Activation, click Add Features. Also, select Management OData IIS Extension and accept its required features. Click Role Services (not Next) to continue. |
|
After clicking Role Services window, select the following services. Click Next. · Web Server - Common HTTP Features o Default Document o Directory Browsing o HTTP Errors o Static Content · Health and Diagnostics - HTTP Logging - Request Monitoring - Tracing · Performance - Static Content Compression · Security - Request Filtering - Basic Authentication - Windows Authentication · Application Development · Management Tools - IIS Management Console - IIS Management Scripts and Tools - Management Service |
|
On the Confirm installation selections window, verify that the previously selected roles and features are listed. Make sure that the Restart each destination server automatically if required is selected. Clicking the restart option displays a verification window; click Yes on this window. Click Install to begin installation. |
|
The Installation Progress page will show the progress of the feature installation. Click Close when the installation process completes. |
u Perform the following steps on the each Server Management Automation virtual machine. (SCSPF01 and SCSPF02) |
|
Right-click the AspNetMVC4Setup.exe file and select Run as administrator.
|
|
In the Setup window, check the box by I agree to the license terms and conditions, and select Install.
|
|
The Setup Progress window will launch and show the progress of the installation. |
|
On the Setup Successful window, select Close. |
u Perform the following steps on the each Server Management Automation virtual machine. (SCSPF01 and SCSPF02) |
|
Right-click the WcfDataServices.exe file and select Run as administrator.
|
|
In the Setup window, check the box by I agree to the license terms and conditions, and select Install. |
|
The Setup Progress window will launch and show the progress of the installation. |
|
On the Setup Successful window, select Close. |
Complete the following steps to install the Virtual Machine Manager console on the target Service Provider Foundation virtual machine.
u Perform the following steps on the each Server Management Automation virtual machine. (SCSPF01 and SCSPF02) |
|
Log on to the Service Provider Foundation server as a user with Administrator privileges. From the Virtual Machine Manager installation media source, right-click setup.exe and select Run as administrator to begin setup. |
|
The Virtual Machine Manager Setup Wizard will appear. Click Install to begin the Virtual Machine Manager server installation. |
|
On the Select features to install window, verify that the VMM console installation option check box is selected. Click Next to continue. |
|
On the Please read this license agreement window, verify that the I have read, understood and agree with the terms of the license agreement installation option check box is selected. Click Next to continue. |
|
On the Customer Experience Improvement Program window, click Next to continue. |
|
Depending on the current configuration of the server, the Microsoft Update window may appear. Select the option to allow or not allow Virtual Machine Manager to use Microsoft Update to check for and perform Automatic Updates, based on your organization’s policies. Click Next to continue. |
|
On the Select installation location window, specify a location or accept the default location of C:\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager for the installation. Click Next to continue. |
|
On the Port Configuration window, specify the port used for communication with the VMM management server in the provided text box. If no modifications were made during Virtual Machine Management installation, the default port would be 8100. Click Next to continue. |
|
The Installation summary window will appear and display the selections made during the Setup Wizard. Review the options selected. Click Install to continue. |
|
When the installation completes, the wizard will display the Setup completed successfully window. Click Close to complete the installation. |
There are several ways to request an SSL certificate. The following procedure describes how to request the certificate through the IIS Manager console. This procedure assumes that you are running a Certificate Authority within your environment. If you are using externally requested certificates, your procedure will be different.
u Perform the following steps on the each Server Management Automation virtual machine. (SCSPF01 and SCSPF02) |
|
Log on to the virtual machine as a user with local administrator rights. From the Server Manager Tools menu, click Internet Information Services (IIS) Manager.
|
|
In the Internet Information Services (IIS) Manager console, click the server node, and in the IIS section, double-click Server Certificates. |
|
The Server Certificates pane will expand. In the Actions pane, click Create Domain Certificate … |
|
The Create Certificate Wizard will appear. On the Distinguished Name Properties window, complete the information as prompted. Click Next to continue. Note: The Common Name field must equal the exact name of the server as it will be accessed from the web browser. |
|
On the Online Certificate Authority window, click Select… to find the name of your online certificate authority and enter a friendly name for the certificate. Click Finish to continue.
|
|
In the IIS Manager you will see the newly issued certificate. |
Complete the following steps to install Service Provider Foundation 2012 R2.
u Perform the following steps on the each Server Management Automation virtual machine. (SCSPF01 and SCSPF02) |
|
From the System Center Orchestrator installation media source, right-click setupOrchestrator.exe and select Run as administrator to begin setup. |
|
The Orchestrator Setup Wizard will appear. Under Standalone Installations, click Service Provider Foundation to begin the SPF installation Wizard. |
|
The Service Provider Foundation Wizard will appear. Click Install to begin the Service Provider Foundation installation. |
|
On the License Terms window, verify that the I have read, understood and agree with the terms of this license agreement installation option check box is selected. Click Next to continue. |
|
On the Prerequisites window, the wizard will verify that all system prerequisites are met. If any prerequisites are not met, they will be displayed on the window. After you verify that the prerequisites are met, click Next to continue. |
|
On the Configure the database server window, specify the following information in the provided text boxes: · Server – Specify the name of the database instance created for the shared System Center SQL instance. · Port Number – Specify number of the SCDB port recorded earlier in the installation · Database name – Specify the name of the database. In most cases, use the default value. Under Authentication Credentials, select Windows Authentication. Click Next to continue. |
|
On the Specify a location for the SPF files window, specify the following information in the provided text boxes: · Install in folder – Accept the default of C:\inetpub. · Website name – Accept the default name of SPF · Port Number – Accept the default of 8090. Under Server Certificate, select Use existing certificate and select the installed certificate. Note: While a self-signed certificate can be used, it is recommended in production scenarios to use a valid certificate issued from a trusted certification authority. Click Next to continue. |
|
On the Configure the Admin web service window, specify the following accounts in the Domain Security groups or users with access box: · Administrator · SPF Admins group In the Application pool credentials section, specify the SPF Service Account and password Click Next to continue. |
|
On the Configure the Provider web service window, specify the following accounts in the Domain Security groups or users with access box: · Administrator · SPF Provider group In the Application pool credentials section, specify the SPF Service Account and password Click Next to continue. |
|
On the Configure the VMM web service window, specify the following accounts in the Domain Security groups or users with access box: · Administrator · SPF VMM group In the Application pool credentials section, specify the SPF Service Account and password Click Next to continue. |
|
On the Configure the Usage web service window, specify the following accounts in the Domain Security groups or users with access box: · Administrator · SPF Usage group In the Application pool credentials section, specify the SPF Service Account and password Click Next to continue. |
|
On the Help improve Microsoft System Center 2012 R2 Service Provider Foundation window, select the option to participate or not participate in the CEIP by providing selected system information to Microsoft. Under the Microsoft Update portion of the page. Select the appropriate option to participate or not participate in automatic updating. Click Next to continue. |
|
The Installation summary window will appear and display the selections made during the Setup Wizard. Review the options selected. Click Install to continue. |
|
When the installation completes, the wizard will display the Finished window. Click Close to complete the installation. |
Introduced in System Center 2012 R2, Service Reporting offers cloud administrators the ability to view resource consumption and operating system inventory amongst tenants. It also provides a chargeback model to report on usage expenses.
Data for Service Reporting is collected from both Operations Manager and Windows Azure Pack, and the Service Reporting component itself is configured using PowerShell. In order for Service Reporting to obtain information from Virtual Machine Manager, Operations Manager agents must be installed on all VMM management servers, and the VMM Operations Manager Connector must be configured. Service Provider Foundation (SPF) is required to pass data from Operations Manager to Windows Azure Pack. Windows Azure Pack is then used to collect data from service providers and VMM Clouds.
Excel can be used to connect to SQL Server Analysis Services to analyze the collected data. Reports are generated to show usage and capacity data from virtual machines, along with an inventory of used tenant operating systems.
The Service Reporting installation process includes the high-level steps shown in Figure 16:
Figure 16 Service Reporting Installation Process
Service Reporting in System Center 2012 R2 enables administrators at IT hosting providers to view tenant consumption of virtual machines, resources (computation, network, and storage), and operating system inventory in their infrastructure.
This section provides a high-level walkthrough for how to set up Service Reporting. The following requirements are necessary for the setup:
· A base virtual machine running Windows Server 2012 R2 has been provisioned for Service Reporting.
· .NET Framework 3.5 is installed.
No specific environment prerequisites must be met before proceeding.
No specific service accounts are required for this component
No specific groups are required for this component.
The Reporting Services installation requires that .NET Framework 3.5 is enabled to support installation. Use the following procedure to enable .NET Framework 3.5.
Open Server Manager and navigate to the Dashboard node. In the main pane, under Configure this local server, select Add roles and features. |
|
The Add Roles and Features Wizard starts. On the Before You Begin window, click Server Selection in the left pane. (Do not click Next.) |
|
On the Select destination server window, select the Select a server from the server pool button, select the local server. Click Features in the left pane. (Do not click Next.)
|
|
On the Select Features window, in the Features pane. Select the .NET Framework 3.5 Features and .NET Framework 3.5 (includes .NET 2.0 and 3.0) check boxes only. Leave all other check boxes clear. Click Next to continue. |
|
On the Confirm installation selections window, verify that.NET Framework 3.5 Features is listed. Make sure that the Restart each destination server automatically if required is not selected. Click Install to begin installation. Note: Unlike other roles and features, the source for .NET 3.5 is not stored locally. If your system is connected to the internet, the installation will find the source from Microsoft’s web site. Otherwise, you need to specify a location where the \sources\sxs directory from the installation media is available. |
|
The Installation Progress window will show the progress of the feature installation. Click Close when the installation process completes. |
|
Although this installation was performed interactively, the installation of roles and features can be automated by using the Server Manager module for Windows PowerShell. If the system does not have access to the internet, it will need to use the –Source parameter |
Install-WindowsFeature -Name NET-Framework-Core -Source E:\Sources\sxs
|
From the SQL Server 2012 SP2 installation media source, right-click setup.exe and click Run as administrator to begin setup. The SQL Server Installation Center will appear. Click Installation in the left pane. Then click New SQL Server stand-alone installation or add features to an existing installation.
|
|
The Setup Support Rules Wizard will appear. Click Ok to continue.
|
|
On the Product Key window, select the Enter the product key option and enter the associated product key in the provided text box. Click Next to continue. Note: If you do not have a product key, select the Specify a free edition option, and then click Evaluation from the drop-down list for a 180-day evaluation period. |
|
On the License Terms window, select the I accept the license terms check box. Select or clear the Send feature usage data to Microsoft check box based on your organization’s policies. Click Next to continue. |
|
The setup files will be installed. No action required. |
|
The Setup Support Rules Wizard will appear. Click Ok to continue.
|
|
On the Setup Role window, select SQL Server Feature Installation, and click Next to continue. |
|
On the Feature Selection window, make the following selections: · Database Engine Services · Analysis Services · Integration Services · Management Tools-Basic · Management Tools- Complete Click Next to continue. |
|
On the Installation Rules window, verify that each rule shows a Passed status. If any rule requires attention, remediate the issue and rerun the validation check. Click Next to continue. |
|
On the Instance Configuration window, select the Named instance option. In the provided text box, specify the instance name being installed: · Instance ID – Specify the instance name being installed. Verify that it matches the Named instance value. · Instance root directory – Accept the default location of C:\Program Files\Microsoft SQL Server. Click Next to continue. |
|
On the Disk Space Requirements window, verify that you have sufficient disk space. Click Next to continue. |
|
On the Server Configuration window, click the Service Accounts tab. Specify the SQL Server Service Account and an associated password for the SQL Server Agent, SQL Server Database Engine, SQL Server Analysis Services and SQL Server Integration Services 11.0 services. Note: For the SQL Server Agent set the Startup Type to Automatic. |
|
On the Database Engine Configuration window, click the Server Configuration tab. In the Authentication Mode section, select the Windows authentication mode option. In the Specify SQL Server administrators section, click the Add… button to add SQL Server Service Account. Click the Add Current User to add the installation account. Click Next to continue. |
|
On the Analysis Services Configuration window, click the Server Configuration tab. In the Specify which users have administrative permissions for Analysis Services section, click Add… to add the SQL Server Service account. Click Next to continue. |
|
On the Error Reporting window, select or clear the Send Windows and SQL Server Error Reports to Microsoft or your corporate report server check box, based on your organization’s policies. Click Next to continue. |
|
The installation configuration rules check will be run. Click Next to continue. |
|
On the Ready to Install window, verify all of the settings that were entered during the setup process. Click Install to begin the installation of the SQL Server instance. |
|
On the Installation Progress window, the installation progress will be displayed. |
|
When the installation is complete, the Complete window will appear. Click Close. |
Complete the following steps to install Service Reporting.
Log on to the Service Reporting virtual machine as a user with local administrator rights. Verify the following accounts or groups are members of the local Administrators group on the App Controller portal virtual machine: · SQL service account · SQL Admins group |
|
From the System Center Orchestrator installation media source, right-click setupOrchestrator.exe and select Run as administrator to begin setup. |
|
The Orchestrator Setup Wizard will appear. Under Standalone Installation, click Service Reporting to begin the Service Reporting server installation Wizard. |
|
The Service Reporting Setup Wizard will appear. Click Install to begin the Service Reporting server installation. |
|
On the License Terms window, verify that the I have read, understood and agree with the terms of this license agreement installation option check box is selected. Click Next to continue. |
|
On the Prerequisites window, the wizard will verify that all system prerequisites are met. If any prerequisites are not met, they will be displayed on the page. Click Next to continue. |
|
On the Installation location window, specify a location or accept the default location of C:\Program Files\Microsoft System Center 2012 R2\Service Reporting for the installation. Click Next to continue. |
|
On the Configure Service Reporting Data Warehouse window, specify the following information in the provided text boxes: · Database server – Specify the name of the Service Reporting Server. · SQL Server instance – Specify the name of the SQL Server database instance created for the Service Reporting installation. Select the Create a new database option, and specify the following information in the provided text boxes: · ETLRepository DB – Specify the name of the ETL Repository database. In most cases, use the default value. · Staging DB – Specify the name of the Staging database. In most cases, use the default value. · Data Warehouse DB – Specify the name of the Data Warehouse database. In most cases, use the default value. Click Next to continue. |
|
On the Configure Analysis Server window, specify the following information in the provided text boxes: · Database server – Specify the name of the Service Reporting Server. · SQL Server instance – Specify the name of the SQL Server database instance created for the Service Reporting installation. Select the Create a new database option, and specify the following information in the provided text boxes: · Analysis DB – Specify the name of the Analysis database. In most cases, use the default value. Click Next to continue. |
|
On the Help improve Microsoft System Center Service Reporting window, select the option to participate or not participate in the CEIP by providing selected system information to Microsoft. Under the Microsoft Update portion of the page. Select the appropriate option to participate or not participate in automatic updating. Click Next to continue. |
|
The Installation summary window will appear and display the selections made during the Setup Wizard. Click Install to continue. |
|
When the installation completes, the wizard will display the Finished window. Check the Initiate machine wide Automatic Update box. Click Close to complete the installation. |
The Windows Azure Pack installation process includes the high-level steps shown in Figure 17.
Figure 17 Windows Azure Pack Installation Process
Windows Azure Pack (WAP) for Windows Server is a collection of Windows Azure technologies, available to Microsoft customers at no additional cost for installation into your data center. It runs on top of Windows Server 2012 R2 and System Center 2012 R2 and, using the Windows Azure technologies, enables you to offer a rich, self-service, multi-tenant cloud, consistent with the public Windows Azure experience.
WAP is designed to be very scalable. It comprises seven modules:
· Administration Site – A portal for administrators to configure and manage resource clouds, user accounts, tenant plans, quotas, and pricing. In this portal, administrators create Web Site clouds, virtual machine private clouds, create plans, and manage user subscriptions.
· Administration Authentication Site – By default, Windows Azure Pack uses Windows authentication for the administration portal. You also have the option to use Windows Azure Active Directory Federation Services (AD FS) to authenticate users.
· Administration API – exposes functionality to complete administrative tasks from the management portal for administrators or using Windows PowerShell cmdlets.
· Tenant Site – A customizable self-service portal to provision, monitor, and manage services, such as Windows Azure Pack: Web Sites, Windows Azure Virtual Machines, and Windows Azure Pack: Service Bus. In this portal, users sign up for services and create services, virtual machines, and databases.
· Tenant Authentication Site – uses an ASP.NET Membership provider to provide authentication for the management portal for tenants.
· Tenant Public API – enables end users to manage and configure cloud services that are included in the plans to which they are subscribed. The Tenant Public API is designed to serve all the requirements of end users that subscribe to the various services that a hosting service provider provides.
· Tenant API – enables users, or tenants, to manage and configure cloud services that are included in the plans in which they are subscribed.
All modules can be installed into a single VM, in separate VMs, or in combinations of VMs. As need for capacity increases, additional VMs can be deployed with the same combination of modules in a network load balanced configuration.
This deployment guide show five modules deployed in pairs of load balanced VMs and two, the Administration Site and the Administration Authorization Site, deployed as single VMs. These two administration sites generally do not require scaling.
· Tenant Site – WAP01, WAP01b
· Tenant Authentication Site – WAP02, WAP02b
· Tenant Public API – WAP03, WAP03b
· Tenant API – WAP04, WAP04b
· Administration API – WAP05, WAP05b
· Administration Site – WAP06
· Administration Authentication Site – WAP07
The following environment prerequisites must be met before proceeding.
Verify that the following service accounts have been created:
Table 36 Windows Azure Pack Service Accounts
User name |
Purpose |
Permissions |
<DOMAIN>\ FT-WAP-SVC |
Windows Azure Pack service account. Account used to run Web Sites and Portal services. |
N/A |
No specific groups are required for this component.
u Perform the following steps on a SQL Server cluster virtual machine. |
|
Open the SQL Server Management Studio. |
|
On the Connect to Server page, input the connection values for the WAPDB instance. Select Connect to connect to the instance. |
|
Right-click the WAPDB instance, and select Properties. |
|
In the Server Properties window, select Security. Make sure that the SQL Server and Windows Authentication radio button is selected. Click OK. |
|
Expand Security > Logins. Right-click the sa account and select Properties. |
|
In the Login Properties window, select Status on the left-hand side. Under Login, make sure Enabled is selected. |
|
Select General. Enter a password and confirm it. Click OK to continue. |
WAP can be installed either through an online GUI or through command line. These instructions assume the use of the command line. Using the command line requires that you first create an offline cache of the components that will be installed. A Windows Server 2012 or 2012 R2 server with internet connectivity is required for obtaining these files. All files should be copied to the same parent directory as they share a subdirectory structure. For easy installation, this should be a file share accessible by all WAP virtual machines. The PDT copy routine documented at the beginning of this document will download all the components for off-line installation.
u Perform the following steps on a Windows Server 2012 or 2012 R2 server with internet connectivity. |
|
Open Internet Explorer and navigate to -http://www.microsoft.com/web/downloads/platform.aspx Click Free Download. When the “Do you want to run or save” windows pops up, click Run.
|
|
When the installation completes, you will be presented with a window from which you can chose installation options. Click Exit to continue. |
|
Connect to the directory C:\Program Files\Microsoft\Web Platform Installer. Download the .NET 4.5 Extended with ASP.NET files with this command: .\WebPiCmd-x64.exe /Offline /Products:NetFx4Extended-ASPNET45 /Path:<offline cache directory> |
|
These are the commands to download the other required files to the offline cache directory. For more information about downloading to the offline cache, see www.iis.net/learn/install/web-platform-installer/web-platform-installer-v4-command-line-webpicmdexe-rtw-release
|
.\WebPiCmd-x64 /Offline /Products:IIS7 /Path:<offline cache directory> .\WebPiCmd-x64 /Offline /Products:WAP_AdminSite /Path:<offline cache directory> .\WebPiCmd-x64 /Offline /Products:WAP_WindowsAuthSite /Path:<offline cache directory> .\WebPiCmd-x64 /Offline /Products:WAP_AdminAPIAndServiceProviders_Bundle /Path:<offline cache directory> .\WebPiCmd-x64 /Offline /Products:WAP_TenantSite /Path:<offline cache directory> .\WebPiCmd-x64 /Offline /Products:WAP_AuthSite /Path:<offline cache directory> .\WebPiCmd-x64 /Offline /Products:WAP_Tenant_PublicAPI /Path:<offline cache directory> .\WebPiCmd-x64 /Offline /Products:WAP_TenantAPI /Path:<offline cache directory> |
u Perform the following steps on all WAP virtual machines. |
|
From an elevated PowerShell window, enter this command: ."<offline cache directory>\bin\WebpiCmd-x64.exe" /Install /Products:NetFx4Extended-ASPNET45 /AcceptEula /XML:<offline cache directory>\feeds\latest\webproductlist.xml Make sure the component successfully installed. |
u Perform the following steps on all WAP virtual machines. |
|
From an elevated PowerShell window, enter this command: ."<offline cache directory>\bin\WebpiCmd-x64.exe" /Install /Products:IIS7 /AcceptEula /XML:<offline cache directory>\feeds\latest\webproductlist.xml Make sure all components successfully installed. |
|
On Service Manager, change the IE Enhanced Security Configuration for the Administrator from on to off by clicking On. |
|
Under Administrators click the radio button by Off. Click OK to continue. |
You can install the components in any order, although you will not be able to open the management portal for administrators or tenants until you have installed and configured the Service Management API and authentication sites. The recommended installation order is:
1. Service Management APIs
2. Authentication Sites
3. Management Portals
u Perform the following steps on each Administration API virtual machine (WAP05, WAP05b). |
|
From an elevated PowerShell window, enter this command: ."<offline cache directory>\bin\WebpiCmd-x64.exe" /Install /Products:WAP_AdminApiAndServiceProviders_Bundle /AcceptEula /XML:<offline cache directory>\feeds\latest\webproductlist.xml |
|
Internet Explorer will automatically launch and attempt to open the configuration page. Click Continue to this website (not recommended).
|
|
On the Database Server Setup page enter the following information: Server Name – SQL Server and database instance name for the WAP database Authentication Type – select SQL Server Authentication Database Server Admin Username – enter sa as the user name. Database Server Admin Password – enter appropriate password Passphrase – enter and confirm a passphrase Click the right arrow to continue. |
|
On the Customer Experience Improvement Program page, select the radio button according to your willingness to participate. Click the right arrow to continue. |
|
On the Feature Setup page review your entries and click the check mark to start the configuration. |
|
All features will show a check mark upon successful installation. Click the check mark to complete the installation process.
|
|
A warning window will display. Click Yes to continue. Repeat for additional Administration API virtual machines. |
u Perform the following steps on each Tenant API virtual machine (WAP04, WAP04b). |
|
From an elevated PowerShell window, enter this command: ."<offline cache directory>\bin\WebpiCmd-x64.exe" /Install /Products:WAP_TenantAPI /AcceptEula /XML:<offline cache directory>\feeds\latest\webproductlist.xml |
|
From Server Manager launch Manage > Add Roles and Features. Accept the default responses until you get to Server Roles. Scroll down to Web Server (IIS) and expand it. |
|
Expand Web Server. Expand Security. Make sure the check box by Windows Authentication is selected. If it is selected, you can exit. Otherwise, click Next until you reach the Confirmation page. |
|
On the Confirmation page, click Install. |
|
Upon successful installation, click Close. Repeat for any other Tenant API VMs.
|
|
Perform the Database Server Setup steps. |
|
u Perform the following steps on each Tenant Public API virtual machine (WAP03, WAP03b). |
|
From an elevated PowerShell window, enter this command: ."<offline cache directory>\bin\WebpiCmd-x64.exe" /Install /Products:WAP_TenantPublicAPI /AcceptEula /XML:<offline cache directory>\feeds\latest\webproductlist.xml |
|
Perform the Database Server Setup steps. |
|
u Perform the following steps on the Administration Authentication Site virtual machine (WAP07). |
|
From an elevated PowerShell window, enter this command: ."<offline cache directory>\bin\WebpiCmd-x64.exe" /Install /Products:WAP_WindowsAuthSite /AcceptEula /XML:<offline cache directory>\feeds\latest\webproductlist.xml |
|
Complete the Database Server Setup. |
|
u Perform the following steps on each Tenant Authentication Site virtual machine (WAP02, WAP02b). |
|
From an elevated PowerShell window, enter this command: ."<offline cache directory>\bin\WebpiCmd-x64.exe" /Install /Products:WAP_AuthSite /AcceptEula /XML:<offline cache directory>\feeds\latest\webproductlist.xml |
|
Make sure that Windows Authentication is enabled in the Security section of the Web Server role. |
|
Complete the Database Server Setup. |
|
u Perform the following steps on the Administration Site virtual machine (WAP06). |
|
From an elevated PowerShell window, enter this command: ."<offline cache directory>\bin\WebpiCmd-x64.exe" /Install /Products:WAP_AdminSite /AcceptEula /XML:<offline cache directory>\feeds\latest\webproductlist.xml |
|
Complete the Database Server Setup. |
|
u Perform the following steps on each Tenant Site virtual machine (WAP01, WAP01b). |
|
From an elevated PowerShell window, enter this command: ."<offline cache directory>\bin\WebpiCmd-x64.exe" /Install /Products:WAP_TenantSite /AcceptEula /XML:<offline cache directory>\feeds\latest\webproductlist.xml |
|
Make sure that Windows Authentication is enabled in the Security section of the Web Server role. |
|
Complete the Database Server Setup. |
|
These instructions need to be followed on the following VMs:
· Tenant API – WAP04, WAP04b
· Tenant Public API – WAP03, WAP03b
· Administration Authentication – WAP07
· Tenant Authentication – WAP02, WAP02b
· Administration Site – WAP06
· Tenant Site – WAP01, WAP01b
After the respective WAP product has been installed, perform the following steps to configure the connection from the VM to the WAP database.
Navigate to the Installers subdirectory of the offline cache directory. Expand the WAP_ConfigurationSite subdirectory and expand its only subdirectory, which is represented by a GUID. Right-click MgmtSvc-ConfigSite.msi and select Install. |
|
On the license agreement window select the check box by I accept the terms in the License Agreement. Click Install. |
|
When the installation completes, click Finish. |
|
Repeat the above steps for the MgmtSvc-PowerShellApi.msi file located at <offline cache directory>\installers\WAP_PowerShellAPI\<GUID>\MgmtSvc-PowerShellAPI.msi. |
|
Launch the Internet Information Server (IIS) Manager console. Expand the connection and select Sites. Click the MgmtSvc-ConfigSite. Under Actions select Browse :30101 (https). |
|
Internet Explorer will open and a web page saying There is a problem with this website’s security certificate. Click Continue to this website (not recommended). Proceed to the steps to configure the admin web site. |
|
On the Database Server Setup page enter the following information: Server Name – SQL Server and database instance name for the WAP database Authentication Type – select SQL Server Authentication Database Server Admin Username – enter sa as the user name. Database Server Admin Password – enter appropriate password Passphrase – enter and confirm a passphrase Click the right arrow to continue. |
|
On the Customer Experience Improvement Program page, select the radio button according to your willingness to participate. Click the right arrow to continue. |
|
On the Feature Setup page review your entries and click the check mark to start the configuration. |
|
All features will show a check mark upon successful installation. Click the check mark to complete the installation process.
|
|
A warning window will display. Click Yes to continue. Repeat for additional WAP virtual machines. |
Microsoft has several recommended practices that should be followed when installation of the WAP components are completed. They can be found here - http://msdn.microsoft.com/en-us/library/jj902594.aspx.
Additionally, the solution as presented in this document creates multiple VMs for WAP components. A network load balancing solution must be implemented to load balance the components. The deployment of a load balancing solution is beyond the scope of this document.
The process required to deploy a tenant cluster is very similar to the process used to deploy the Fabric Management cluster. Most of the instructions for building the Fabric Management cluster can be used for building a tenant cluster. The following steps are required.
· Build tenant servers
- Create tenant Service Profile Template and Server Profiles within UCSM
- Clone the sysprepped MasterBood2012R2 LUN for each tenant host
- Complete tenant server configuration
· Build tenant Hyper-V cluster
- Create cluster shared storage
- Run cluster validation wizard
- Create tenant cluster
- Configure cluster aware updating
- Configure constrained delegation
- Change Hyper-V default settings
· Configure Cisco Nexus 1000V for Tenant NIC
- Configure network segment
- Configure logical switch in SCVMM
- Create VM network
- Create Logical switch on Hyper-V
Only the steps that vary significantly from the previously provided instructions are presented in this guide. For all other steps, refer to the instructions presented for deploying the Fabric Management cluster substituting appropriate naming conventions for the tenant environment.
These steps provide details for creating a service profile template by cloning the previously created service profile template and then modifying it. The original Service Profile Template will be modified to reflect a sample network configuration for a tenant.
The following is an example. If you require more than the single NIC for tenant VMs, you will need to adjust your procedure accordingly.
In UCS Manager, select the Servers tab at the top left window. Select Servers > Service Profile Templates > root > Sub-Organizations > <suborg> Service Template VMHost-Mgmt. Right-click and select Create a Clone. |
|
Enter VMHost-T01 for the Clone Name and select the Organization. Click OK to create the new Service Profile Template. |
|
Expand the new template. Expand vNICs. Right-click SC-SMB and select Delete. Repeat for the SC-access and SC-database vNICs. |
|
Select Modify vNIC/vHBA Placement. |
|
On the Modify vNIC/vHBA Placement window, select AssignedOnly from the drop-down menu. |
|
Select the newly created Placement Policy. Select vCon1 in the Virtual Network Interface Policy. From the VNICs tab select each vNIC and click Assign. Place the vNICs in this order: · Mgmt · SMB · LiveMigration · CSV · T1-access Select the vHBAs tab and assign FCoE-A and FCoE-B. Click OK. |
These steps provide details for creating a service profile from a template.
In UCS Manager navigate to Servers > Service Profile Templates > root > Sub-Organizations > FabMgmt > Service Template VMHost-T01. Right-click and select Create Service Profile From Template. |
|
Enter VMHost-T01_ for the service profile prefix. Enter 1 for the Name Suffix Starting Number. Enter 4 for the number of service profile instances to create. Click OK to create the service profiles. |
The Service Profiles should automatically associate with a physical blade server from the FabMgmt pool specified in the Service Profile Template. If not, select the unassigned Service Profile and associate it with a server. Association with a physical blade server causes the blade to power on.
Detailed steps for cloning the boot LUN from the MasterBoot2012R2 LUN are provided in the instructions for the deployment of the Fabric Management cluster. Follow those steps using naming convention appropriate for the tenant environment.
When the Cisco UCS service profiles have been created, the tenant blades in the environment each have a unique configuration. To proceed with the VSPEX deployment, specific information must be gathered from each Cisco UCS blade.
Table 37 Tenant HBA WWPNs for Fabric A and Fabric B
Cisco UCS Service Profile Name |
WWNN |
Fabric-A-1 WWPN |
Fabric-B-1 WWPN |
VMHost-T01-01 |
|
|
|
VMHost-T01-02 |
|
|
|
VMHost-T01-03 |
|
|
|
VMHost-T01-04 |
|
|
|
Note: To gather the information in the table above, launch the Cisco UCS Manager GUI, and in the left pane select the Servers tab. From there, expand Servers > Service Profiles > root > Sub-Organization. Click each service profile and then click the Storage tab on the right. While doing so, record the WWNN and WWPN information in the right display window for both vHBA Fabric-A-1 and vHBA Fabric-B-1 for each service profile in the table above.
After the four boot LUNs have been cloned from the MasterBoot2012R2 LUN, the LUNs must be masked to the appropriate Service profile using the WWN information gathered earlier. Detailed steps for associating the boot LUN to a service profile are provided in the instructions for the deployment of the Fabric Management cluster. Follow those steps using naming convention appropriate for the tenant environment.
Use the UCS Manager KVM to connect to each tenant server and boot each server. Complete the mini-setup for each server. When the mini-setup has been completed for each server, complete the configuration for the tenant servers. In general, this will require performing at least the following steps. These steps are similar to the steps performed when building the Fabric Management servers.
· Rename and configure networks (remember this is an example installation – your network configuration may vary for VM NICs)
- Assign fixed IP addresses on the host networks
- Just rename, do not assign IP information, to the VM NICs
- Make sure the binding order places the Mgmt NIC first.
· Rename the server and join to the Active Directory domain
· Make sure it is up-to-date on patches
· Install and configure EMC PowerPath and Unisphere agent
Using instructions presented in the section on creating the Fabric Management Cluster, create the Hyper-V cluster for use by the tenant.
· Create cluster shared storage
- Create EMC VNX SMB share for tenant VMs
- Add to Storage Group for each server
- Initialize and format from one server
· Run cluster validation wizard
· Create tenant cluster
- Rename cluster NICs
- Rename disk witness
· Assign full control on the share
- Domain administrator account
- SCVMM service account
- Cluster computer account
- Individual cluster node computer accounts
· Configure Cluster Aware Updating
· Configure constrained delegation
· Change Hyper-V default settings
- Set Enhanced Session Mode
- Set default VM virtual hard disk path to EMC VNX SMB share
- Set default VM path to EMC VNX SMB share
During the configuration performed for the Fabric Management environment, a LUN was created in advance for use as the disk witness for the tenant cluster. A storage pool was also created for use by the file systems used for SMB shares. If it was not created with enough storage to handle the requirements of both the Fabric Management and tenant environments, it will need to be expanded. The following instructions use existing space for the creation of a tenant file system share.
In Unisphere navigate to Storage > Storage Configuration > File Systems. Click the File Systems tab and select Create. |
On the Create File System window, enter a File System Name for the area to be used for storing the virtual machine hard disks. Assign a value to Storage Capacity. The rest of the defaults are acceptable. Click OK to continue. You can monitor the progress of the creation at System > Monitoring and Alerts > Background Tasks for File. When the task is complete, proceed to the next step. |
Navigate to Storage > Storage Configuration > File Systems. Select the Mounts tab. Right-click a Path you just created and select Properties. |
On the Mount Properties window make sure the following are selected: · Access-Checking Policy: NT – CIFS · Set Advanced Options · Direct Writes Enabled · CIFS Sync Writes Enabled Note: Check your selections before clicking OK as the Access-Checking Policy will be reset when you select Set Advanced Options. |
The Continuous Availability option needs to be enabled for file shares targeted for Hyper-V or SQL Server use. To enable Continuous Availability, using an SSH client (like PuTTY) connect to the VNX control station as nasadmin. |
Using a utility such as PuTTY, connect to the EMC VNX control station and issue the following commands. Substitute the name of the file system created earlier for all occurrences of <T01VMs> in the following instructions. server_mount server_2 server_mount server_2 –o smbca <T01VMs> server_export server_2 –P cifs –n <T01VMs> –o type=CA,netbios /<T01VMs> server_export server_2 |
Navigate to Storage > Shared Folders > CIFS. Right-click the share and select Properties. |
Check the box for CIFS Servers. Optionally, enter a description for the share’s use. Click OK. |
During the initial configuration of the EMC VNX storage, a LUN was created to be used as the disk witness for the tenant cluster. Add that LUN to the storage group for each node in the tenant Hyper-V cluster. From one node, initialize and format the disk.
Complete the rest of the steps listed above to complete the creation of the tenant Hyper-V cluster.
In the SCVMM console, navigate to Fabric > Servers > All Hosts. Right-click and select Create Host Group. Enter an appropriate name for the host group to contain tenant hosts.
|
|
Right-click the newly created host group and select Add Hyper-V Hosts and Clusters.
|
|
On the Resource Location window, make sure the radio button by Windows Server computers in a trusted Active Directory domain is selected. Click Next.
|
|
On the Credentials window, select the radio button by Use an existing Run As account. Browse and select the previously created SCVMM administrative account. Click Next. |
|
On the Discovery Scope window, enter the name of the tenant cluster in the Computer name box. Click Next. |
|
On the Target resources window check the box by the cluster name. Click Next.
|
|
On the Host Settings window, make sure the proper host group is selected and that the box by Reassociate this host with this VMM environment is checked. Click Next. Click Finish on the Summary window. |
From the configuration workstation, open the Computer Management MMC and connect to the VNX. Open the Properties of the file share used for storing the virtual machine hard disks for the tenant cluster. |
|
In the Share Permissions tab add the following: · computer accounts for each SCVMM server and the SCVMM cluster · computer accounts for each tenant node and the tenant cluster · SCVMM service account · Domain administrator account Grant Full Control to each. Click OK.
|
|
In the SCVMM console, navigate to Fabric > Servers > All Hosts > Fabric Management. Right click the Management Cluster and select Properties. |
|
Select File Share Storage and click Add. |
|
Enter the UNC path to the file share that stores the cluster VHDs. Click OK. |
|
The VMM-Admin Run As account created during the initial installation will default as the selected Run As account. That is the recommended account. If that is not acceptable, click Browse… to select a different account. Click OK to register the file share.
|
Following the deployment of the tenant cluster, you may want to perform additional processes similar to those performed on the Fabric Management cluster
· Change Hyper-V default settings
· Configure constrained delegation
· Configure Cluster Aware Updating
· Configure Hyper-V Replica Broker
Instructions for these steps can be found earlier in this deployment guide in the section detailing the deployment of the Fabric Management cluster.
Connect to the primary Cisco Nexus 1000V VSM and enter the following configuration commands. The following example is setting up subnet 192.168.100.0/24 on VLAN 1000 for use by the tenant VMs.
configure terminal
nsm network segment pool T01-Fabric
member-of logical network FastTrack
exit
nsm ip pool template N1KV-T01-access-IP-Pool
ip address 192.168.100.240 192.168.100.249
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
exit
nsm network segment N1KV-T01-access
member-of network segment pool T01-Fabric
switchport access vlan 1000
ip pool import template N1KV-T01-access-IP-Pool
publish network segment
exit
nsm network uplink N1KV-T01-Uplink
import port-profile N1KV-Uplink-Policy-FastTrack
allow network segment pool T01-Fabric
system network uplink
publish network uplink
exit
copy running-config startup-config
To configure the logical switch in SCVMM follow the steps presented in the instructions for configuring the Cisco Nexus 1000V for the Fabric Management environment. The following differences should be noted.
· Substitute T01-Fabric for SC-Fabric as the name of the logical switch
· Substitute N1KV-T01-Uplink for N1KV-SC-Uplink as the uplink port profile
· Provide a unique name when creating the Port Classification
To create the logical switch in each Hyper-V host follow the steps presented in the instructions for configuring the Cisco Nexus 1000V for the Fabric Management environment. The following differences should be noted:
· Substitute T01-access for SC-access as the name of the network
· Substitute N1KV-T01-access for N1KVSC-access as the name of the logical switch
u Perform the following procedure on each Tenant cluster node and for each Fabric Management cluster node. |
|
In the active Virtual Machine Manager instance, select Fabric. Expand All Hosts and the tenant cluster. |
|
Select the first tenant host and click Properties. |
|
Select Virtual Switches on the Properties window. Click New Virtual Switch and select New Logical Switch. |
|
On the Logical Switch drop-down menu, select N1KV-T1-access.
|
|
From the drop-down list of Physical adapters, select the adapter associated with the T1-access switch. Click OK. A warning window will display warning of possible loss of network connectivity. Click OK. Repeat for each node of the cluster. |
To create a VM network in SCVMM follow the steps presented in the instructions for configuring the Cisco Nexus 1000V for the Fabric Management environment. The following differences should be noted:
· Substitute T01-access for SC-access as the name of the network
Tim Cerling, Technical Marketing Engineer, Cisco
Tim Cerling is a Technical Marketing Engineer with Cisco's Datacenter Group, focusing on delivering customer-driven solutions on Microsoft Hyper-V and System Center products. Tim has been in the IT business since 1979. He started working with Windows NT 3.5 on the DEC Alpha product line during his 19-year tenure with DEC, and he has continued working with Windows Server technologies since then with Compaq, Microsoft, and now Cisco. During his twelve years as a Windows Server specialist at Microsoft, he co-authored a book on Microsoft virtualization technologies - Mastering Microsoft Virtualization. Tim holds a BA in Computer Science from the University of Iowa.
For their support and contribution to the design, validation, and creation of this Cisco Validated Design, we would like to thank:
Mike Mankovsky, Technical Leader Engineering, Cisco Systems, Inc.
Mike Mankovsky is a Cisco Unified Computing System architect, focusing on Microsoft solutions with extensive experience in Hyper-V, storage systems, and Microsoft Exchange Server. He has expert product knowledge in Microsoft Windows storage technologies and data protection technologies.
David Feisthammel, Consulting Solutions Engineer, EMC
Dave is a consulting solutions engineer with EMC Corporation based in Bellevue, Washington, just blocks from the Microsoft headquarters campus. As a member of EMC's Microsoft Partner Engineering team, he focuses on Microsoft's enterprise hybrid cloud technologies, including Windows Server, Hyper-V, and System Center. Dave is an accomplished IT professional with progressive international and domestic experience in the development, implementation, and market launch of IT solutions and products. With nearly three decades of experience in Information Technology, he has presented, lectured, taught, and written on various topics related to systems management.
[1] Additional information for configuring the Windows Firewall to support SQL Server can be found at http://technet.microsoft.com/library/cc646023.aspx and http://technet.microsoft.com/library/ms174937.aspx.
[2] For general guidance for database sizing, see System Center 2012 - Operations Manager Component Add – On.
[3] Orchestrator guidance is provided by the following TechNet resources: Using Windows Firewall with Orchestrator and TCP Port Requirements.