Private Cloud Quick Start Guide - TechNet Toolbox

rabidwestvirginiaNetworking and Communications

Oct 26, 2013 (3 years and 9 months ago)

150 views



Microsoft

Private

Cloud

Quick Start Guide

How to Profit with
Private

Cloud
Offering
s

Driven by pressure to do more with less, many of your customers
turn

increasingly to virtualization

when they need to add capacity or deliver new or scaled out services.
However
, simple consolidation of
servers

what some have called virtualization 1.0

is no longer sufficient.
Your c
ustomers want the
efficiency, simplicity, and cost
-
effectiveness of
a fu
lly virtualized and highly automated infrastructure.
M
any organizations are on a declared trajectory toward a full infrastructure
-
as
-
a
-
service (IaaS) model
made possible

by their own on
-
premises

or off
-
premise
s

private cloud.

Time is of the essence

s
ervic
e providers that delay their delivery of cloud offerings will find it difficult
to compete at a time when many organizations are looking to
expand their use of virtualization
. As a
Microsoft partner
,

you
are well positioned to

deploy and
/or

manage

a private cloud

that is

built on
Microsoft
products
your customers already

know and trust
.

With the
private

cloud and IaaS model, you can take advantage of economies of scale that deliver better
value for customers while they enjoy the benefits of greate
r agility and simplicity.
When you deploy
private clouds for customers, you expand your role as a trusted advisor and position yourself for broader
engagements with such offerings as reporting and monitoring, usage metering, chargeback, and more.

This docu
ment provides guidance into using Microsoft products to deploy and manage a private cloud
infrastructure. It is not intended as a guide for deploying or configuring the underlying hardware.



Disclaimer

This document is provided "as
-
is." Information and
views expressed in this document, including URL and
other Internet website references, may change without notice. You bear the risk of using it.

Some examples are for illustration only and are fictitious. No real association is intended or inferred.

This
document does not provide you with any legal rights to any intellectual property in any Microsoft
product. You may copy and use this document for your internal, reference purposes.


Table of Contents

HOW TO PROFIT WITH P
RIVATE CLOUD OFFERI
NGS
................................
................................
................................
...............

1

T
ABLE OF
C
ONTENTS
................................
................................
................................
................................
................................
.........

3

W
HAT
I
S THE
M
ICROSOFT
P
RIVATE
C
LOUD
?
................................
................................
................................
................................
......

4

WHY A MICROSOFT PRIV
ATE CLOUD INFRASTRUC
TURE?
................................
................................
................................
......

5

CUSTOMER
CONSIDERATIONS

................................
................................
................................
................................
.....................

5

U
NDERSTANDING
Y
OUR
C
USTOMER
S
EGMENT

................................
................................
................................
................................
..

5

CONCEPTUAL AR
CHITECTURE
................................
................................
................................
................................
.......................

6

M
ANAGEMENT
A
RCHITECTURE

................................
................................
................................
................................
.........................

6

Y
OUR
H
ARDWARE
E
NVIRONMENT
................................
................................
................................
................................
.....................

7

CONFIGURING THE MICR
OSOFT PRIVATE CLOUD
................................
................................
................................
....................

8

C
ONFIGURE
H
YPER
-
V

H
OSTS

................................
................................
................................
................................
............................

8

C
ONFIGURE
H
YPER
-
V

H
OST
C
LUSTERS

................................
................................
................................
................................
............
10

C
ONFIGURE
H
YPER
-
V

G
UESTS
................................
................................
................................
................................
.........................
11

THE MANAGEMENT ARCHI
TECTURE

................................
................................
................................
................................
.........
13

C
ONFIGURE THE
I
NFRASTRUCTURE
D
EPLOYMENT
M
ODEL
................................
................................
................................
.................
14

C
ONFIGURE THE
A
UTOMATION
L
AYER

................................
................................
................................
................................
.............
14

C
ONFIGURE THE
M
ANAGEMENT
L
AYER

................................
................................
................................
................................
...........
15

C
ONFIGURE
S
YSTEM
C
ENTER
V
IRTUAL
M
ACHINE
M
ANAGER
2008

R2

................................
................................
.............................
16

C
ONFIGURE
S
YSTEM
C
ENTER
O
PERATIONS
M
ANA
GER

................................
................................
................................
.....................
17

C
ONFIGURE
S
YSTEMS
M
AINTENANCE AND
P
ATCH
M
ANAGEMENT
................................
................................
................................
....
18

C
ONFIGU
RE
B
ACKUP AND
D
ISASTER
R
ECOVERY
................................
................................
................................
................................
19

C
ONFIGURE THE
VMM

S
ELF
-
S
ERVICE
P
ORTAL

................................
................................
................................
................................
19

C
ONFIGURE THE
O
RCHESTRATION
L
AYER

................................
................................
................................
................................
.........
20

C
ONFIGURE
S
ECURITY

................................
................................
................................
................................
................................
.....
20

C
ONFIGURE THE
S
ERVICE
M
ANAGEMENT
L
AYER

................................
................................
................................
..............................
21

SUMMARY AND CONCLUSI
ON

................................
................................
................................
................................
...................
22

A
DDITIONAL RESOURCES
BY TECHNOLOGY

................................
................................
................................
............................
22


What
I
s the
Microsoft

Private Cloud?

T
he
Microsoft private

cloud

is

a set of pooled resources and automation and manageme
nt tools

built on
Windows Server 2008 R2
,

Hyper
-
V
virtualization,
and
Microsoft
System Center
.
With the
private cloud
model
, you can
offer customers a

dedicated

on
-
premises or hosted

cloud environment to transform the
way
they

consume
IT services

or
deliver

them

to the
ir

business
es
.

T
he
Microsoft private

cloud
is composed of

the following components:

Table
1
: Components of the Microsoft
private cloud

Requi red

Opti onal

Windows Server 2008 R2 (Datacenter
e
dition
recommended due

to unlimited virtualization use
rights)

with Hyper
-
V

Microsoft Hyper
-
V Server 2008 R2

Mi crosoft Forefront

Microsoft SQL Server 2008


Microsoft
System Center Virtual Machine Manager

Self
-
Service Portal


Other
Mi crosoft
System
Center

fami l y software:



Operati ons Manager



Confi gurati on Manager

Windows PowerShell 2.0


Microsoft Deployment Toolkit 2010 (MDT)


Windows Deployment Services (WDS)



Microsoft designed
its approach to the private

cloud on a set of core architecture principles t
o help
ensure
consistent
, high
-
value

delivery of
infrastructure
-
as
-
a
-
service (
IaaS
)

now and as your customers
grow
. These core principles are as follows:



Resource pooling:

Resource pooling
helps optimize

r
esource
s
, which in turn
drives efficiency
,
higher u
tilization,

and c
ost reduction
.



Service
p
rovider’s
a
pproach to
d
elivering IT:

Cloud services
should be

provided in a manner
that is comparable to an electric utility:
C
onsumers use and pay for only what they need. This
shared resource model enables econom
ies of scale and greater agility in providing services.



Elasticity and
perception of infinite c
apacity:

C
loud services
should
appear to have infinite
capacity.

The consumer can use as much or as little of the service as needed.



Perception of
c
ontinuous
a
vailability:

C
loud services
should
appear to be available
on demand
.
The consumer should never experience an interruption of that service, even if failures occur
within the
Microsoft private

c
loud environment.



Predictability:

C
loud services should be cons
istent

they should have the same quality and
functionality
ever
y time they are used.



Multi
-
t
enancy:

T
he infrastructure
can

be logically subdivided and provisioned to different
organizations or organizational units.



Security and
i
dentity:

The
Microsoft

pr
ivate
cloud

us
es security

and identity

technologies to
help
secure

hosts, information, and applications.

Why
a
Microsoft

Private
C
loud

Infrastructure
?

O
nly
the
Microsoft
private cloud approach
delivers

a complete
IaaS

offering

that includes
the
infrastructure, application platform, and producti
vity applications.

With
a
Microsoft
private
cloud,
you
can offer an end
-
to
-
end set of services and solutions
,

and
you
r

customers
can harness
the
cloud power
they

need when they need it.

Customer Considerat
ions

The engineering decisions you make while building a Microsoft private cloud infrastructure depend
heavily on the specifics of your customer’s business

and its needs
.
If you are engaged to build an on
-
premises private cloud, you must also consider your

customer’s infrastructure and its upgrade and
refresh cycles.

Understanding Your Customer Segment

You can take more than one path to a Microsoft private cloud solution for your customers, and you can
tailor the path and the solution to your customer’s ci
rcumstances. A small to medium
-
sized

business
(SMB) require
s

different configurations and options than a large enterprise or departmental cloud
implementation.

An implementation built in your own data center for multi
-
tenant use requires yet
other consider
ations.
For example
, you can build a private cloud deployment solution using Microsoft
Deployment Toolkit and Windows Deployment services as the entry point components. Larger

implementations of a Microsoft private cloud might need an optimized deployment
solution built with
System Center.

You should ask specific and detailed questions to help uncover the information
that wi
ll help you

build a
solution
to

serve your customer’s needs now and into the future. This document includes sample
questions
to guide you
.


Questions to ask…

1.
What is the projected growth for the business in revenue, in
number of
employee
s
, and in
expected IT services in the next 12 and 24 months?

2. W
ould you consider your business to be progressive or conservative in
its

use of technology?

3.
What are business owner expectations of IT? Are they changing? If so, how?

Conceptual Architecture

The
Microsoft

private
cloud features a layered architecture in which Hyper
-
V virtualization

decouples
hardware, operating systems, data, applications, and user state
. This
virtualization layer

enables
the

wide range of
automation and management capabilitie
s
that help define a cloud infrastructure
(see
figure 1).



Figure
1
:

Conceptual architecture of the
Microsoft

private
cloud

Management Architecture

An effective cloud requires intelligent, dedicated management tools. Without them, a cloud
infrastructure is little more than a collection of virtualized computing resources. For this reason, the
Microsoft

private

cloud requires a dedicated two
-
node manage
ment cluster if the cloud includes eight
nodes or more. All management products must be deployed in high
-
availability
virtual machines (
VMs
)

on this cluster, and
the cluster

must have access to a
storage area network (
SAN
)

and storage array that
is compati
ble with Windows

Server

failover clustering
.

Your Hardware Environment

This guide is written on the assumption that the data center hardware in which the solution will reside

whether yours or your customer’s

is cloud ready. That is,

the data center
has la
te
-
generation
computing, storage, and networking resources that can be pooled, provisioned, and managed flexibly in
a highly virtualized environment. Table
2

lists some minimum hardware recommendations
, but you
should
consult your product documentation for

recommended configurations for servers, storage, and
networking hardware

in virtualized environments
.

Table
2
: Minimum
hardware

recommendations

Hardware Recommendati ons

Server layer

The
Wi ndows Server Catal og contai ns al l servers,

storage, and other hardware devi ces that are certi fi ed
for Wi ndows Server 2008 R2 and Hyper
-
V.

See

www.windowsservercatalog.com
.

See also: Installing Windows Server 2008 R2

http://technet.microsoft.com/en
-
us/library/dd379511(WS.10).aspx
.



Required:

64
-
bi t processors wi th AMD Vi rtual i zati on
(AMD
-
V)
or I ntel Vi rtual i zati on Technol ogy
(I ntel VT)
support



Required:

64 GB RAM



Required:

Mi n. 40
-
GB l ocal RAI D

1 or
RAI D
10 hard
di sk space for
operati ng system

parti ti on



Recommended:

2
-
socket to
4
-
socket servers runni ng
hi ghest or second hi ghest CPU speed wi th mul ti
-
core
processors



Mi ni mum of two gi gabi t

Etherne
t (GbE)
or 10

gi gabi t
Ethernet ports



Consi der the number and type of onboard I/O ports
and of supported I/O cards.



Be aware of
l i mi tati ons i n the
number

of I
/
O card
s

and/or supported combi nati ons.

Storage and
s
torage
c
onnectivity layer



Required:

A
SAN
that is
compatible with Windows
Server
failover clustering



Required:

iSCSI connectivity for guest clustering



L
ogical or physical isolation between storage and
Ethernet I/O



F
ully redundant, independent paths for storage I/O

Networking layer



Minimum gigabit

Ethernet (10 GbE recommended)



Use
virtual local area networks (
VLANs
)

or
IP Security
(
IPSec
)

isolation

to enable network segmentation for
multi
-
tenancy
.



Define identical virtual networks on all nodes so that
VMs can properly failover to any node.



Network
switches must support 802.1q VLAN trunks.



Network switches must support an Ethernet link
aggregation standard compatible with the rack or
blade server
network interface cards (
NICs
)

such that
NIC teams can span two or more switches.



Network switches must s
upport Ethernet link
aggregation such that multiple uplink ports can be
bonded together for high bandwidth.



The network design must
compensate

for the loss of
any swi tch modul e or swi tch wi thout droppi ng host
server connecti vi ty
.


Configuring the
Microsoft

Private

Cloud

Configur
e

Hyper
-
V Hosts

Before performing the actions in this section, ensure that

the target infrastructure meets the minimum
requirements shown in table 2.

For more information about the steps described in this section, see
Requirements a
nd Limits for Virtual
Machines and Hyper
-
V in Windows Server 2008 R2
,

available at
http://technet.microsoft.com/en
-
us/library/ee405267(WS.10).aspx

.

Install

Windows Server 2008

R2

1.

Use either the
Full

or
Server Core

installation option.

2.

The Hyper
-
V parent partition
operating system

should be domain
-
joined.

3.

Hyper
-
V server role and failover clustering are
required
.

a.

For assistance in configuring failover clusters, visit the Failover Cluster Configuration
Program website at
http://www.microsoft.com/windowsserver20
08/en/us/failover
-
clustering
-
program
-
overview.aspx

. The program
help
s

identify tested and validated
hardware configurations for your high
-
availability needs.

4.

View the Hyper
-
V Update List for Windows Server 2008 R2 (
http://technet.microsoft.com/en
-
us/library/ff394763(WS.10).aspx
)
,

and e
nsure that all relevant updates are applied.

5.

Test and apply the following recommended settings:

a.

Enable TCP
checksum offload

b.

Enable jumbo frames

c.

Enable virtual machine queue for 10 GbE networks

Configure IP
A
ddressing

1.

The cluster heartbeat network must be on a distinctly separate subnet from the host
management network.

2.

The VM network adapter should not be share
d with the host
operating system

and
,

therefore
,

should not have an IP address.

Questions to ask…

1.
What is the desired end state of the IT infrastructure?

2.
Do you have
service level agreement (
SLA
)

and
quality of service (
QoS
)

commitments? If so,
what are they? If not, are there plans to implement policies around SLA and QoS?

3.

The iSCSI network must be on a distinctly separate and isolated network, with a dedicated IP
range used only for storage.

See table
3

for example IP configurations that meet th
ese requirements.

Table
3
: Example IP addressing

Cluster Node 1

Setting

Value


Management network IP Address

10.1.0.100


Management network Subnet Mask

255.255.255.0


Management network Gateway

10.1.0.1


Management network
Pri mary DNS

10.1.0.50


Management network Secondary DNS

10.1.0.51


Cl uster network IP Address

192.168.0.100


Cl uster network Subnet Mask

255.255.255.0


Cl uster network Gateway

N/A


Cl uster network DNS

N/A


Li ve Mi gration network IP Address

192.168.1.100


Li ve Mi gration Subnet Mask

255.255.255.0


Li ve Mi gration network Gateway

N/A


Li ve Mi gration network DNS

N/A


Vi rtual Machines network IP Address

N/A


Vi rtual Machines network Subnet Mask

N/A


Vi rtual Machines network Gateway

N/A


Vi rtual Machines network DNS

N/A


ISCSI network IP Address

10.2.0.100


ISCSI network Subnet Mask

255.255.255.0


ISCSI network Gateway

10.2.0.1


ISCSI network DNS

N/A


Configure the Host Bus Adapter (HBA) for F
ibre
C
hannel (FC)

or

iSCSI

HBA configuration varies by vendor. If necessary, consult your hardware documentation for instructions
on how to configure the HBA for FC or iSCSI
connectivity, depending on the
environment.

Configure Multipath Input/Output (MPIO)

1.

Use redundant switching
infrastructure to ensure that each NIC (in the case of iSCSI) or HBA has
continued access to storage in the event of failure of a storage fabric component.

2.

Configure MPIO on all storage adapters, whether iSCSI or FC.

3.

For more information, follow MPIO bes
t practices as documented in the

MPIO white paper
,
“Windows Server High Availability with Microsoft MPIO”

(
http://www.microsoft.com/downloads/e
n/details.aspx?FamilyID=cbd27a84
-
23a1
-
4e88
-
b198
-
6233623582f3
). See
especially
Appendix B


MPIO
and

DSM Configuration and
B
est
P
ractices
.

Configure NIC Teaming (or Link Aggregation)

1.

Configure IEEE 802.3ad
-
based link aggregation to improve robustness. With link aggregation,
any

NIC, cable, or switch can sustain an outage without disrupting the host’s Ethernet traffic.

2.

The NIC manufacturer
provides
NIC
t
eaming software
, so each NIC

ha
s

its own unique set of
requirements, features,
t
eaming
m
odes, and configuration recommendations.
See your server
or NIC documentation.

Note:
NIC
t
eaming should never be used for storage traffic in conjunction with iSCSI or FCoE.
Storage n
etworking should
take advantage of

MPIO.

Configure Hyper
-
V Host Clusters

Because the host servers are critical to a cloud infrastructure, Windows Server 2008 R2 and Hyper
-
V
provide advances in failover clustering that
deliver

high availability

(HA)
.
A Hyper
-
V host cluster
is a
group of independent servers that work together to increase the availability of applications and services.
If one
node

fails, VMs and workloads automatically failover to another

node
. You can also use Hyper
-
V
live
migration

to move running VMs seamlessly from one host to another within a cluster with no
perceptible interruption to the end user. When you cluster servers, you
protect

the network against
disruptions from unplanned downtime.

The
Microsoft

private
cloud consists
of at least two clusters
:
the management cluster and host cluster(s).



The management cluster consists of at least two nodes and a SAN.
The management cluster

must be
on
a dedicated network to provide a degree of separation for security and ease of
managem
ent purposes.



Host cluster(s) may contain up to 16 nodes and must have access to shared storage (FC or iSCSI).

Perform the following actions to create
the management and host

clusters:

Implement a
D
edicated
M
anagement
N
etwork
C
ontaining at
L
east
T
wo
H
osts


1.

Ensure that all Hyper
-
V hosts have a dedicated network adapter connected to the management
network for exclusive use by the parent partition.

2.

If your server hardware supports an out
-
of
-
band

management adapter, establish a dedicated
LAN for these adapters
.

I
mplement a
D
edicated iSCSI
N
etwork or VLAN

1.

This step ensures

that storage traffic is not in contention with any other traffic. To do this,
dedicate two network adapters per host and two ports per network device to the management
network.

a.

If you are usi
ng
g
igabit Ethernet NICs, dedicate two NICs to storage traffic for
redundancy.

b.

If you are using 10

GbE NICs,
ensure a
teamed, virtual NIC
is presented
to the parent
partition for iSCSI traffic to ensure redundancy.

Implement a
D
edicated CSV/Cluster Communi
cation
N
etwork


1.

This step
ensure
s

that
a
cluster can always communicate with storage
.

a.

If
you are
using
g
igabit Ethernet

NICs, ensure that all Hyper
-
V hosts have a dedicated
network adapter connected to the
Clustered Shared Volume (
CSV
)

network for exclusive
use by the parent partition.

b.

If
you are
using 10
GbE

NICs, ensure a teamed, virtual NIC is presented to the parent
partition for CSV traffic to ensure redundancy.

Implement a
D
edicated
L
ive
M
igration

N
etwork

1.

This step
ensure
s

high
-
speed transfer of VM memory from the source to the destination node
during
live migration
.

a.

If
you are
using
g
iga
b
it

Ethernet NICs, ensure that all Hyper
-
V hosts have a dedicated
network adapter connected to
the
l
ive migration

network for exclusive use by t
he
parent partition.

b.

If
you are
using 10
GbE

NICs, ensure a teamed, virtual NIC is presented to the parent
partition for
live migration
traffic to ensure redundancy.

Recommended:

U
s
e a dedicated or shared 10 GbE connection for the
live migration

network.
Doing so

significantly reduces the time require
d

to evacuate the VMs off a host
with zero downtime during maintenance or update
s

of W
indows
.

Implement O
ne or
M
ore
D
edicated VM
N
etworks

1.

This step ensures throughput

for VM LAN traffic
.

a.

If
you are
using
g
igabit
Ethernet NICs, ensure that all Hyper
-
V hosts have two or more
dedicated network adapters connected to the VM network for exclusive use by the
guest VMs.

b.

If
you are
using 10 Gb
E

NICs, ensure a teamed, virtual NIC is presented to the guest VMs
to ens
ure redundancy.

Enable C
luster Shared Volumes (CSV) to I
ncreas
e Flexibility
W
ithin a C
luster

1.

This step increases VM and shared volume flexibility and
is required for

live migration.

Configure Hyper
-
V Guests

A standardized collection of V
M

templates can bot
h drive predictable performance and greatly improve
capacity
-
planning

capabilities.

Create VM
T
emplates

1.

Create VM templates to use as
documented, standardized
VM

configurations for all VMs,
management
,

and tenants
.
S
ee table
4

for examples
.

Table
4
: Example VM templates

Template

Specs

Network

O
perating
S
ystem

Unit
Cost

Template 1


Small

1 vCPU, 2

GB

Memory, 50
-
GB

Disk

VLAN x

Windows Server

2003 R2

1

Template 2


Med

2 vCPU, 4

GB

Memory, 100
-
GB

Disk

VLAN x

Windows Server

2003 R2

2

Template 3


Large

4 vCPU, 8

GB

Memory, 200
-
GB

Disk

VLAN x

Windows Server

2003 R2

4

Template 4


Small

1 vCPU, 2

GB

Memory, 50
-
GB

Disk

VLAN x

Windows Server

2008 R2

1

Template 5


Med

2 vCPU, 4

GB

Memory, 100
-
GB

Disk

VLAN x

Windows Server

2008 R2

2

Template 6


Large

4 vCPU, 8

GB
Memory, 200
-
GB

Disk

VLAN x

Windows Server

2008 R2

4


Configure VM S
torage

1.

Microsoft recommends fixed disk storage for VMs in production environments to

provide

better
performance and
to simplify
the monitoring of storage availability.
With fixed disks, t
he full size
of the disk is allocated upon creation.

2.

If you are using iSCSI storage
:

a.

Hyper
-
V guests feature an in
-
guest iSCSI initiator and can connect directly to iSCSI
logical
u
n
it numbers (
LUNs
)

through their virtual network adapters. However, guests cannot
boot from iSCSI LUNs unless they use a third
-
party iSCSI initiator.

b.

Use

a separate virtual network for
guest
access to the iSCSI storage. If the VM iSCSI
network is shared with Ethernet traff
ic,
use

quality
-
of
-
service (
QoS
) controls

to provide
performance guarantees to the different networks.

c.

Consider using
j
umbo
f
rames within the
g
uest to improv
e iSCSI performance.

Configure VM
N
etworking

1.

Use synthetic network adapters when possible, and
ensure that the Hyper
-
V integration
components are installed within the guest.

Note:

Though
Hyper
-
V guests also support
emulated network adapters, you should use them
only for unsupported guest
operating systems

or in special circumstances (such as if the
guest
needs to
Pre
-
Boot Execution Environment
[
PXE
]

boot).

2.

Implement one or more virtual networks per VM, such as to handle communication between a
VM and a physical network. This step requires an association to a physical network adapter on
the host serve
r.

a.

Segregate the virtual networks with VLANs and other network security infrastructure as
needed.

Configure
V
irtual
P
rocessors

1.

Configure
a virtual
-
to
-
logical processor ratio of
approximately 2.75
:1.

Hyper
-
V supports a
maximum of eight virtual processors

(VPs) per logical processor

(LP)
. However, experience has
resulted in a best practice of approximately 2.75:1 VP/LP for production server workloads.

T
he Management Architecture

If a private cloud infrastructure is to be more than a highly virtualized LAN,

it must include management
features that allow all components to be deployed and configured in an elastic, automated fashion. For
example, a properly managed cloud infrastructure
execut
es critical business scenarios wit
h little to no
intervention from
IT
staff
, such as:



VM provisioning and deprovisioning



Infrastructure monitoring



Infrastructure maintenance



Resource optimization



Backup and
disaster recovery (
DR
)



Reporting


Figure
2
: Microsoft
private cloud management
architecture

Becau
se each customer has unique needs and requirements, you can tailor the management
architecture for each on
-
premises deployment. For SMB customers, the out
-
of
-
the
-
box functionality of
MDT and WDS might provide sufficient management capability. Large enterpr
ise customers with a more
complex infrastructure will likely require the broader functionality of System Center. Make sure you
have an in
-
depth understanding of your customer’s needs so that you can build the best possible
Questions to ask…

1.
To what extent do you want to invest time and money in automation v
ersus

manual execution of
data center deployment and management processes?

2. Is entry point cost more important for you, or is feature richness more important?

management architecture.


Configu
re the Infrastructure Deployment Model

This section is based on the assumption that your Microsoft private cloud implementation will provide
an automated model to deploy Hyper
-
V hosts. Because the Microsoft private cloud strives to drive
predictability, it

should be able to deploy and configure all infrastructure components in a repeatable
and automated manner.

Deployment model choices range from manual deployment, suitable for Microsoft private cloud
implementations with just a few hosts, to fully automat
ed enterprise
-
scale deployment.
The key
components
in a deployment model
, which provide out
-
of
-
the
-
box functionality, are the Microsoft
Deployment Toolkit (MDT)
2010
and Windows Deployment Services (WDS). These are complimented by
standard Windows Server r
oles such as Active Directory Domain Services,
Domain Name System (
DNS
)
,
and
Dynamic Host Configuration Protocol
(
DHCP
)
. You can enhance these components with additional
functionality with
the
Microsoft System Center

family of products
, depending on the ci
rcumstances of
each engagement
.

You should help your customers determine whether Sy
stem Center is right for them.



If you need help installing and configuring MDT, WDS, or System Center or any of its components,
see

the following:

MDT:
http://technet.microsoft.com/en
-
us/solutionaccelerators/dd407791.aspx

WDS:
http://technet.microsoft.com/en
-
us/library/cc771670%28WS.10%29.aspx


System Center:
http://technet.microsoft.com/en
-
us/systemcenter/default.aspx


Configure the
A
utomation
L
ayer

The
a
utomation layer
consists of

the foundational automation technology plus a series of single
-
purpose
commands and scripts that perform operations such as starting or stopping a VM, rebooting a server, or
applying a software update. These units of automation are combined and executed b
y higher
-
level
management systems. The modularity of this layered approach dramatically simplifies development,
debugging, and maintenance.

Questions to ask…

1. What are your top priorities in IT purchasing decisions?

2.
How much management reporting do you use? Do you want more or less of it in the future?

The Windows Management Framework is the key technology that provides automation to virtual and
physical environments

as it delivers a

consistent management interface across various Microsoft
products.

Windows Management Framework comprise
s

the following:



Windows Management Instrumentation (WMI):

A technology that is used to access
systems
management information in an en
terprise environment.
WMI is built into the Windows family of
operating systems.



Windows PowerShell 2.0:

A command
-
line shell
that provides an interactive prompt and
scripting environment.

Using PowerShell,
administrators
can

access and automate various
aspects of a Windows
-
based infrastructure
through

scripting.



Windows Remote Management (WinRM) 2.0
:

A management protocol that provides the ability
for hardware and operating systems from different vendors to interoperate.



Background Intelligent Transf
er Service 4.0:

Used to transfer files between
Windows
-
based
machines using HTTP or HTTPS.

For more
information

on downloading, installing, and configuring these technologies
, visit

http://support.microsoft.com/kb/968929
.

Configure the
Management L
ayer

The management layer
includes

the tools and systems that are
us
ed to deploy and operate the
infrastructure. In most cases, this
layer
consists of a variety of different toolsets for
managing hardwa
re,
software, and applications and is used in conjunction with the tools in the automation layer.

Microsoft System Center solutions
for
m

the foundation of the management layer and
help IT
pro
fes
s
ionals

manage the physical and virtual envir
onments across data centers, desktops, and devices.
The
System Center family
manages
the
private
cloud
through

the following:



SQL Server 2008



System Center Virtual Machine Manager Self
-
Service Portal 2.0



Microsoft
System Center Operations Manager



Microsof
t
System Center Configuration Manager

Configure SQL Server

Microsoft System Center components are database
-
driven applications. This makes a highly

available
and well
-
performing database platform critical to the overall of management the environment.
You
s
hould install SQL Server in a virtual machine with the following configuration recommendations.

1.

Configure SQL Server as follows:



2 Non
-
HA VMs on different Hyper
-
V
H
osts



Windows Server 2008 R2 Ent
erprise



4 vCPU



8 GB
m
emory (do not use
dynamic memory
)



3
vNICs (1 client connection, 1 cluster communications, 1 iSCSI)



Storage: 1
operating system

virtual hard disk (
VHD
)
, 3 x
d
edicated iSCSI LUNs


Table
5
: SQL Server
d
ata
locations

LUN

Purpose

Size

LUN 1, CSV Volume

VM Operati ng System

30
-
GB

VHD

LUN 2, iSCSI

SQL Databases

V
aries

LUN 3, iSCSI

SQL Logging

V
aries

LUN 4, iSCSI

SQL Cluster Quorum

1

GB


Table
6
: Databases

DB Client

Instance Name

DB name

Authentication

VMM SSP

<Instance 1>

<SCVMMSSP>

Win Auth

WSUS

<Instance 1>

<WSUS_DB>

Win Auth

Ops Mgr

<Instance 1>

<Ops Mgr_DB>

Win Auth

Ops Mgr

<Instance2>

<Ops Mgr_DW_DB>

Win Auth

VMM

<Instance 1>

<VMM_DB>

Win Auth


For more information about installing SQL Server 2008

R2
, please visit
http://technet.microsoft.com/en
-
us/library/ms143219.aspx
.

Configure
System Center Virtual Machine Manager 2008 R2

With
System Center
Virtual Machine Manager
(VMM)
2008 R2
, organizatio
ns can centrally
manage
both
the
physical and virtual IT infrastructure

and
increase server utilization and dynamic resource
optimization across multiple virtualization platforms.

You should install
VMM

in a virtual machine with the following configuratio
n recommendations.



VMM 2008 R2 running on
1
highly available
VM



Windows Server 2008 R2



2
vCPU
s



4 GB m
emory



1

vNIC



VM storage

o

1
operating system

VHD

o

1

data VHD or pass
-
through volume

C
onfigure VMM with the following roles:



VMM server



Administrator
Console



Command
Shell



VMM library



Remote SQL Server database

For more information on planning your VMM deployment, please visit
http://technet.microsoft.com/en
-
us/library/cc917964.aspx
.

VMM

is also integrated with Microsoft Operations Manager 2007 to monitor the health and availability
of the hosts and virtual machines
and to
monitor the health and availability of the VMM server,
database server, library servers, and self
-
service web servers
.

For more information on integrating VMM
with Operations Manager, visit
http://technet.microsoft.com/en
-
us/library/cc956099.aspx
.

Configure S
ystem
C
enter

Operations Manager

Microso
ft System Center Operations Manager 2007 R2 is used by VMM
to monitor the health and
availability of the virtual machines and virtual machine hosts that VMM is managing. VMM also uses
Operations Manager to monitor the health and availability of the VMM ser
ver, database server, library
servers, and self
-
servi
ce
w
eb servers and to provide d
iagram views of the virtualized environment in the
VMM Administrator Console.

You should install System Center Operations Manager in a virtual machine with the following
co
nfiguration recommendations:



System Center Operations Manager running on
1
highly available

VM



Windows Server 2008 R2



2
vCPU
s



4 GB m
emory



1

vNICs



Storage:

o

1
operating system

VHD

You should also configure System Center Operations Manager with the following

roles:



Root Management Server



Reporting Server, with the database residing on a remote SQL Server instance



Data Warehouse, with the database residing on a remote SQL Server instance



Operator Console



Command Shell

Operations Manager deployed in a private c
loud environment requires the following Operations
Manager Management Packs:



Virtual Machine Manager 2008 R2



Windows Server Base Operating System



Windows Server Failover Clustering



Windows Server 2008 Hyper
-
V



Microsoft SQL Server Management Pack



Internet
Information Services (IIS)

2000/2003/2008



System Center
Management Packs
(
MPs
)



Server OEM
third
-
party MPs

For more information about installing and configuring Operations Manager 2007 R2, please visit
http://technet.microsoft.com/en
-
us/library/dd887701.aspx
.

Configure
Systems

Maintenance and
P
atch
M
anagement

Windows systems maintenance and patch management is handled through several key technologies.

These
technologies
include:



Windows Server Update Services (WSUS)



System Center Configuration Manager (SCCM)



Virtual Machine Servicing Tool (VMST)

Configure Windows Server Update Services

With
Windows Server Update Services (WSUS)
,

information technology administrators
can

deploy the

latest Microsoft product updates to computers that are running the Windows

operating system. By
using WSUS, administrators can fully manage the distribution of updates that are released through
Microsoft Update to computers in their network.

For more info
rmation about deploying WSUS, please download the

Microsoft Windows Server Update
Services 3.0 SP2 Deployment Guide
,


available at
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=113d4d0c
-
5649
-
4343
-
8244
-
e09e102f9706&displaylang=en
.

Configure
Syste
m Center Configuration Manager

System Center Configuration Manager 2007 R2 comprehensively assesses, deploys, and updates servers,
client computers, and devices

across physical, virtual, distributed, and mobile environments. Optimized
for Windows

operating

systems
,
Configuration Manager 2007 R2

is the best choice for gaining enhanced
insight into and control over IT systems.

For more information on planning and deploying System Center Configuration Manager 2007, please
visit
http://technet.microsoft.com/en
-
us/library/bb735860.aspx
.

Configure Virtual Machine Servicing Tool

Microsoft Virtual Machine Servicing Tool (VMST) 3.0 helps customers reduce IT costs by making it easier
to update
their offline virtual machines, templates, and virtual hard disks with the latest operating
system and application patches

without introducing vulnerabilities into their IT infrastructure.

Version 3.0 of the tool works with System Center Virtual Machine Ma
nager 2008 R2, System Center
Configuration Manager 2007
Service Pack 2 (
SP2
)
, and Windows Server Update Services 3.0 SP2. The
tool also supports updating the Windows 7 and Windows Server 2008 R2 operating systems.

For more information about deploying VMST,

please visit
http://technet.microsoft.com/en
-
us/library/cc501231.aspx
.

Configure
Backup and D
isaster
R
ecovery

Automated b
ackup and disaster
recovery
(DR)
are

key
component
s

of a cloud architecture.

Configure System Center
Data Protection Manager 2010

System Center Data Protection Manager (DPM)

20
10

deliver
s disk
-
based and tape
-
based data protection
and recovery for servers in and across Active Directory domains.

For more

information about configuring System Center Data Protection Manager 2010, please visit
http://technet.microsoft.com/en
-
us/library/ff399192.aspx

.

Configure
the VMM

S
elf
-
S
ervice

Portal


The tenant /user self
-
s
ervice layer pro
vides an interface for
Micros
oft private

c
loud tenants or
authorized users to request, manage, and access the services, such as virtual machines, provided by the
Microsoft private cloud

architecture.

You should not install VMM Self
-
Service Portal on a domain controller.

You should als
o install the VMM
Self
-
Service Portal on a separate computer from the VMM server.

To install the VMM Self
-
Service Portal
:

1.

On the product media or network share, right
-
click
setup.exe
, and then click
Run as
administrator
.


Note:
If you set up a network
share to install VMM components, you should apply the
appropriate security to the share to ensure that unauthorized or unauthenticated users cannot
access or alter the contents of the share.


2.

On the
Setup

menu, click
VMM Self
-
Service Portal
.

3.

On the
Microsoft Update

page, indicate whether you want to use Microsoft Update.

Note:
If you have previously chosen to use Microsoft Update on this computer, the
Microsoft
Update

page does not appear.

4.

On the
Prerequisites Check

page, review any alerts or warning
s about hardware that does not
meet the minimum or recommended requirements or

any alerts or warnings about

missing
software prerequisites. You can continue the installation if you receive warnings, but you must
resolve all alerts before you can proceed wi
th the installation. For more information about
hardware requirements, please visit
http://technet.microsoft.com/en
-
us/library/cc764309.aspx
.

5.

On the
Installation Location

page, type

an installation path for the program files or click
Next

to
use the default path.

6.

On the
Web Server Settings

page, do the following:

a.

In the
Virtual Machine Manager server

area, specify the name of the VMM server you
want the VMM Self
-
Service Portal to con
nect to and the port that you want the VMM
Self
-
Service Portal to use to communicate with the VMM server.

b.

In the
Web server

area, specify the port that you want self
-
service users to use to
connect to the Self
-
Service Portal.

Note:
If the default port (80)

for the VMM Self
-
Service Portal is being used by another
web
site, you must either use a different dedicated port or specify a host header for the
portal. Please visit
http://technet.
microsoft.com/en
-
us/library/dd548288.aspx

for more
details.

7.

On the
Summary of Settings

page, review your settings
,

and do one of the following:

a.

Click
Previous

to change any settings.

b.

Click
Install

to install the VMM Self
-
Service Portal.

8.

On the
Installati
on
page, do one of the following:

a.

To close the wizard and automatically check for the latest VMM updates, click
Close
.

b.

To close the wizard without checking for the latest updates, clear the
Check for the
latest Virtual Machine Manager updates

check box, an
d then click
Close
.

After you close the wizard, the installation of the VMM Self
-
Service Portal is complete. However, there
are additional steps that you should take to make connections to the portal more secure. For more
information,
please visit
http://technet.microsoft.com/en
-
us/library/dd548288.aspx
.

Configure the
O
rchestration
L
ayer

T
he orchestration layer provides a
means by

which complex workflows that consist of events and
activities across multiple management
-
system components can be combined

to form an end
-
to
-
end IT
business process such as automated patch management or automatic power management. The
orchestration layer
must provide the ability to design, test, implement, and monitor these IT workflows.

Windows
PowerShell 2.0 is the fundamental component of the
Microsoft private cloud
orchestration
layer.
It is included as part of the Windows Management Framework, which a
lso includes Windows
Remote Management 2.0 and Background Intelligent Transfer Service (BITS) 4.0.

Windows
PowerShell is a command
-
line shell and scripting language for system administration and
a
utomation. Built on the Microsoft .NET Framework,
Windows
Po
werShell
lets you

control and
automate the administration of
other components in the Microsoft private cloud.

For full
Windows
PowerShell configuration instructions, see
http://technet.microsoft.com/en
-
us/scriptcenter/powershell.aspx
.

Configure Security

Security for the
Microsoft private cloud
is found
ed on the following three pillars:



Protect the infrastructure
with

coordinated security technologies and controls at each

layer of
the
Microsoft

cloud architecture.



Protect application access using Active Directory to manage the identities and relationships that
make up the
Microsoft

private
cloud.



Protect network access with tools such as Windows Firewall with Advanced Sec
urity

and

Network Access Protection and logical isolation of server and domain resources.

Your customers will likely have some of the pieces already in place

that provide infrastructure security,
usch as endpoint protection
. Your role is to help them assess their security profile and to understand
any changes that will be necessary when implementing a Microsoft private cloud.


Assess

Endpoint Protection

Your customers should already have an endpoint protection solution in p
lace. You should consider
h
ow
to configure the server
-
side elements to run in the Microsoft private cloud

Consider

Microsoft Forefront

Some customers might want additional security capabilities and integration. Microsoft Forefront
delivers end
-
to
-
end secu
rity and access to information through an integrated line of protection and
access
-
management

and identity
-
management products.

Forefront Security products
integrate with the components of the Microsoft private cloud to
deliver
protection, access, and mana
gement solutions built around user identity.
It

help
s

to deliver a more
contextual and user
-
centric security solution aligned to the
threats facing businesses
.

Configure the Service Management Layer

The Service Management layer provides the means for auto
mating and adapting IT service management
best practices, such as those found in Microsoft Operations Framework (MOF) and the IT Infrastructure
Library (ITIL), to provide built
-
in processes for incident resolution, problem resolution, and change
control.

C
onfigure System Center Service Manager

System Center Service Manager 2010 delivers an integrated platform for automating and adapting IT
Service Management best practices to your customer

s requirements. It provides built
-
in processes
based on industry bes
t practices for incident and problem resolution, change control, and asset life
-
cycle
management. Through its configuration management database (CMDB) and process integration, Service
Manager automatically connects knowledge and information from System Cen
ter Operations Manager,
System Center Configuration Manager, and Active Directory Domain Services.

Questions to ask…

1. Do you have an identity
-
based access control solution? If so, does it use Active Directory? How
extensively?

2. Does your endpoint protection
solution use Active Directory on the server side?

For detailed guidance about how to deploy Service Manager, see
http://technet.micros
oft.com/en
-
us/library/ff460909.aspx
.

Summary and Conclusion

With
a

Microsoft

private
cloud, Microsoft partners can
remain competitive when they deploy hosted or
on
-
premise
s

private clouds for customers. A private cloud model
delivers

economies of scale for both
partners and their customers and allows customers to consume IT services as a utility

as much or as
little as they need, when they need it.

The
Microsoft

private

cloud is built with Microsoft products customers already know and trust, which
partners can resell at a profit
. This means that cloud engagements not only add immediate profit, but
they also
Mean
you
can

offer additional services that
expand
your

role
in
your customers’ businesses.

Additional
Resources

by Technology

Hyper
-
V


Requirements and Limits for Virtual Machines and Hyper
-
V in Windows Server 2008 R2

:

http://technet.micr
osoft.com/en
-
us/library/ee405267(WS.10).aspx

For assistance in configuring failover clusters:
http://www.microsoft.com/windowsserver2008/en/us/failov
er
-
clustering
-
program
-
overview.aspx


Hyper
-
V Update List for Windows Server 2008 R2:

http://technet.microsoft.com/en
-
us/library/ff394763(WS.10).aspx


Microsoft Deployment Tool
kit

(MDT)

Installation and configuration:
http://technet.microsoft.com/en
-
us/solutionaccelerators/dd407791.aspx

Multipath I/O

MPIO best practices:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=cbd27a84
-
23a1
-
4e88
-
b198
-
6233623582f3

Windows
PowerShell

Configuration instructions:
http://technet.microsoft.com/en
-
us/scriptcenter/powershell.aspx

SQL Server

Installation and configuration:
http://technet.mic
rosoft.com/en
-
us/library/ms143219.aspx

System Center

Installation and configuration:
http://technet.microsoft.com/en
-
us/systemcenter/default.aspx


Installing and configuring Operations Manager 2007 R2:
http://technet.microsoft.com/en
-
us/library/dd887701.aspx


Planning and deploying Configuration Manager 2007:
http://technet.microsoft.com/en
-
us/library/bb735860.aspx


Configuring
Data
Protection Manager 2010
:

http://technet.microsoft.co
m/en
-
us/library/ff399192.aspx



Deploying Service Manager
:

http://technet.microsoft.com/en
-
us/library/ff460909.aspx


Virtual Machine Manager

Planning your VMM deployment:
http://technet.microsoft.com/en
-
us/library/cc917964.aspx

Integrating VMM with System Center Operations Manager:
http://t
echnet.microsoft.com/en
-
us/library/cc956099.aspx


Virtual Machine Manager Self
-
Service Portal (VMMSSP)

VMMSSP hardware requirements:
http://technet.microsoft.com/en
-
us/library/cc764309.aspx


In case

of dedicated port conflicts:
http://technet.microsoft.com/en
-
us/library/dd548288.aspx


Securing connections to the
S
elf
-
Service Portal
:
http://technet.microsoft.com/en
-
us/library/dd548288.aspx

Virtual Machine Servicing Tool (VMST)

Deploying VMST:
http://technet.microsoft.com/en
-
us/library/cc501231.aspx

Windows Deployment Services

Installation and configuration:


http://technet.microsoft.com/en
-
u
s/library/cc771670%28WS.10%29.aspx


Windows Management Framework

Installation and configuration:
http://support.microsoft.com/kb/968929


Windows Server Update Services (WSUS)

Deployment guide:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=113d4d0c
-
5649
-
4343
-
8244
-
e09e102f9706&displaylang=en