Linux Integration Services 3.1 for Hyper-V

For all my skeptism for Twitter, I did come across this announcement on Twitter: the release of Linux Integration Services 3.1 for Hyper-V.

The updates primarily add support for:

• Red Hat Enterprise Linux (RHEL) 6.0 and 6.1 x86 and x64 (Up to 4 vCPU)
• CentOS 6.0 x86 and x64 (Up to 4 vCPU)

The features of V3.1 of the Linux Integration Services are:

• “Driver support: Linux Integration Services supports the network controller and the IDE and SCSI storage controllers that were developed specifically for Hyper-V.
• Fastpath Boot Support for Hyper-V: Boot devices now take advantage of the block Virtualization Service Client (VSC) to provide enhanced performance.
• Timesync: The clock inside the virtual machine will remain synchronized with the clock on the virtualization server with the help of the pluggable time source device.
• Integrated Shutdown: Virtual machines running Linux can be shut down from either Hyper-V Manager or System Center Virtual Machine Manager by using the “Shut Down” command.
• Symmetric Multi-Processing (SMP) Support: Supported Linux distributions can use up to 4 virtual processors (VP) per virtual machine.  SMP support is not available for 32-bit Linux guest operating systems running on Windows Server 2008 Hyper-V or Microsoft Hyper-V Server 2008.
• Heartbeat: Allows the virtualization server to detect whether the virtual machine is running and responsive.
• KVP (Key Value Pair) Exchange: Information about the running Linux virtual machine can be obtained by using the Key Value Pair exchange functionality on the Windows Server 2008 virtualization server”.

…and something else that I have long wished for…the ability to install the drivers using rpm! No more Perl scripts to run! The benefit of this (I think?) is that it should allow a far easier deployment of Linux VMs.

There is a PDF ReadMe to accompany the installer (containing an ISO of the drivers), that has details on how to do the install. It mentions how Linux VMs must have static MAC addresses set in the VM settings for each NIC if used in a Hyper-V cluster, because of the way Linux handles MAC addresses. From a automation perspective, this could be an issue – certainly something I need to look in to.

I am glad this came out now, as I wanted to build a CentOS VM to act as a proxy/firewall, and was going to use CentOS v6.0 x64, but reverted back to v5.6 because the 2.1 version of the Integration Components wasn’t supported.

I am very encouraged by the speed at which these drivers came out, as CentOS v6.0 was realised only a few weeks ago, so this is very promising. I think the next step for Microsoft is to get the drivers built in to the OS, much like Ubuntu. I did an Ubuntu 11.04 install yesterday on Hyper-V, and enabling the drivers is done by simply adding four lines of code to a file and running an update command afterwards!

Building A Hyper-V Cluster On The Cheap

I don’t intend to re-invent the wheel with this post, nor do I quite have the expertise of others to provide a real detailed step-by-step guide (not yet anyway, but I am working on it!).

To help me as well, I am going to use this page to dump a whole lot of links and resources on how to deploy Hyper-V hosts in to a cluster, with a mixture of shared storage options.

The point of this article and it’s links is to provide information to either lab setups or startups that can’t afford a few Dell R710 servers, EMC storage and Cisco switches.  The info below should help lay out basic architecture design, and simple setups as well as some basic principles that can be applied to increase performance.

Utilizing SAN Storage with Windows Failover Clusters

All for SAN and SAN for All

Creating a SAN using Microsoft iSCSI Software Target 3.3

Rough Guide To Setting Up A Hyper-V Cluster

How to Build a Hyper-V Cluster Using the Microsoft iSCSI Software Target v3.3

UPDATED: How to Build a Hyper-V Cluster Using the Microsoft iSCSI Software Target v3.3

Hyper-V Cluster: Be Careful With Your Protocol Bindings

To be honest, just follow this blog: http://www.aidanfinn.com/!

I will also try and get some other links up regarding the use of other SAN software such as Solarwinds and Openfiler when I get a chance.

The Cloud Will Be Won With Management Not Hypervisors

VMware is the virtualisation leader. I have limited experience with VMware, and have mostly worked on Hyper-V, but I am not ignorant enough to defend Hyper-V yet. I think Hyper-V has its place, and I think is giving VMware some nice competition to ensure this segment does not get scale; Red Hat and Citrix are also not also-rans just yet either.

Hypervisors will continue to mature, but they will soon reach a point where their rate of growth in features will slow, and stability will be a core focus. Outside of the hypervisor, is the management systems, that create, deploy, maintain, manage, live migration/V-move, update and control the virtual machines running on the hosts.

With Microsoft’s latest beta release of System Center Virtual Machine Manager 2012, it has the ability to manage different hypervisors, deploying them to bare metal hardware. I think a single hypervisor environment will be a strategy for small players, with the big guys looking to maintain real HA VMS on VMware, and possibly less important virtual systems running across Hyper-V, Red Hat or Citrix. A number of VPS hosts already provide a number of hypervisor options to customers.

What you won’t find, is multi-management systems, and the key to the virtualisation war will be which vendor can offer a management system to control the data centre and the hypervisors. No one wants to control different systems in different places, and management systems are expensive whereas the hypervisors are free.

VMware have already started to look at XVP, and Veeam have also started to work on Hyper-V compatibility.

I also think Microsoft know: they CAN’T beat VMware in the hypervisor and its features. VMware are just too stable, too good, and too mainstream. I think Microsoft’s tactic will be to fight them in the management space, offering a management system that can control BOTH Hyper-V and VMware and Citrix. That way, they make up ground via licence costs in SCVMM, and hopefully push other tools such as SCCM and SCOM; maybe even Opalis.

This has turned in to a little bit of a topsy-turvy post, probably not making much sense – so I hope you can sort of make sense of it all. Just keep an eye out for VMware’s behaviour over the next few years. They have normally behaved in a sort of “we are the best, and don’t care about the rest”, however I expect this to change as they try to fight out a number of strong competitors.

Run Hyper-V Management Tools with Alternate Credentials

If you ever wanted to run Hyper-V Manager from your Desktop, but use a different account that might have the required permissions on the Hyper-V hosts, then take a look at the short tutorial below on how to achieve this.

Ensure you have the latest Remote Server Administration Tools installed, you can get them here (for Windows 7 SP1).

Run the following command in a Command Prompt to save the credentials of your alternate user account

• C:\Windows\System32\cmd.exe /s /c “runas /savecred /user:<DOMAIN\UserAccount> “mmc \”C:\Program Files\Hyper-V\virtmgmt.msc\”"”
• Enter the password for the alternate user account
• Close Hyper-V Manager when it opens

Now we need to create a shortcut that you can leave on your Desktop or pin to your Start Menu and/or your Taskbar:

• Right click your Desktop and select New –> Shortcut
• Enter the above command for the location of the item, and name the shortcut Hyper-V Manager

Now you have your shortcut, we need to give it the Hyper-V Manager icon:

• Right click the shortcut and select Properties
• Select the Shortcut tab and select Change Icon…
• Set the icon path to %ProgramFiles%\Hyper-V\SnapInAbout.dll

Your shortcut is now complete, and you can now place it where you want!

This is a short break down of how to do it, pinching the core detals from this post on Virtual PC Guy’s Blog. If you are serious about Hyper-V then you should definaltey subscribe to this blog as there is a lot of useful information coming out of it.

Integrated Microsoft Hyper-V Server 2008 R2 SP1

The Hyper-V 2008 R2 with SP1 integrated is now available for download. This includes the latest features of Hyper-V, which supports both Dynamic Memory (DM) and RemoteFX.

Download details: Integrated Microsoft Hyper-V Server 2008 R2 SP1:

http://www.microsoft.com/downloads/en/details.aspx?familyId=92E2C4BA-6965-4F8E-ABBE-CBB40556B680&displaylang=en

Enable Windows Server Backup on Hyper-V 2008 R2

It took me a while to find the answer to this, so I thought I would share for everyone else – as well as myself! And it has also been a while since I posted anything technical.

If you want to run a local instance of Hyper-V and don’t want to pay out for an backup solution to backup your virtual machines, then you can make use of Windows Server Backup. It is not enabled by default, and therefore needs to be installed. As Hyper-V has no GUI, you will need to run the following commands via the Command Prompt:

• DISM /Online /Enable-Feature /FeatureName:WindowsServerBackup

This will enable Windows Server Backup, but you will need to type the following commands to create Registry Keys that allow Windows Server Backup to recognize the Hyper-V VSS writer:

• reg add “HKLM\Software\Microsoft\Windows
  NT\CurrentVersion\WindowsServerBackup\Application
  Support\{66841CD4-6DED-4F4B-8F17-FD23F8DDC3DE}”
• reg add “HKLM\Software\Microsoft\Windows
  NT\CurrentVersion\WindowsServerBackup\Application
  Support\{66841CD4-6DED-4F4B-8F17-FD23F8DDC3DE}” /v “Application
  Identifier” /t REG_SZ /d Hyper-V

No reboot is necessary.

Once done, you can schedule backups by accessing the Task Scheduler from a remote machine and running a script with the following command:

• WBADMIN START BACKUP -backupTarget:”\\RemoteServer\ShareName” -include:C:,D: -allCritical -vssFull -quiet -user:ShareUserName -password:SharePassword

This will backup the C: and D: partitions as well as the System State and all other system-critical partitions. It will use a set username and password to connect to the remote share if it is password protected.

You can create the scheduled task on the Hyper-V server itself, using the following commands in the Command Prompt:

• WBADMIN ENABLE BACKUP -addtarget:”\\RemoteServer\ShareName” -schedule:hh:mm,h2:m2 -include:C:,D: -allCritical -vssFull -quiet -user:ShareUserName -password:SharePassword

Remote Server Administration Tools for Windows 7 SP1

The Remote Server Administration Tools (RSAT) for Windows 7 SP1 are now available for download. These include the latest version of Hyper-V Manager which supports both Dynamic Memory (DM) and RemoteFX.

Download details: Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1):

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3a+MicrosoftDownloadCenter

Configuring CentOS v5 x86/64-bit on Hyper-V 2008 R2

I have already posted the three part mini series on how to create a VM on Hyper-V 2008 R2, install CentOS on the VM and install the Hyper-V 2008 R2 Integration Components.

Now that we a CentOS VM up and running, it’s now time to configure the base OS, before we start installing any applications. The purpose of this task is to further secure the OS as well as provide basic remote monitoring and connectivity tools.

The following instructions will go cover:

• Creating home directories
• Installing the APF Firewall
• Disabling unnecessary services
• Installing SNMP for remote monitoring
• Forwarding the daily Logwatch emails
• Create a local user
• Configuring SSH

1. Creating home directories is for storing scripts, backups and other useful tools in the root home directory.

mkdir /home/backups

mkdir /home/scripts

mkdir /home/software-library

Backups is for application/configuration backups. Scripts is for any scheduled scripts we wish to run on the machine. Software-Library is for storing any application installers – I normally remove the installers once I am done with them.

2. Installing the APF Firewall will provide a much more feature reach software firewall than the built-in CentOS offering.

cd /home/software-library

wget http://www.rfxn.com/downloads/apf-current.tar.gz

tar -zxvf apf-current.tar.gz

cd apf-9.7-1

sh ./install.sh

cd -

rm  -rf apf-9.7-1

You may see an error during the install, saying that it can’t findeth0 – this is not an issue as the default configuration file for APF specifies the default NIC as eth01; we will be changing this below. Now that we have installed APF and removed it’s installer, we can configure it (I am basing the current setup on a BIND DNS server I run, with SNMP monitoring):

vi /etc/apf/conf.apf

• DEVEL_MODE=”0”
• IFACE_IN=”seth0”
•  IFACE_OUT=”seth0”
• SET_TRIM=”0”
• TOS_8=”53”
• IG_TCP_PORTS=”22,53”
• IG_UDP_PORTS=”53, 161”
• EGF=”1”
• EG_TCP_PORTS=”21,25,53,80,443”
• EG_UDP_PORTS=”20,21,53,162”

The above bulletpoints indicate the following:

• DEVEL_MODE = When set to 1, the firewall starts based on the configuration and runs for 5 minutes then turns itself off – incase you lock yourself out! Set this to 0 when you are satisfied with your configuration
• IFACE_IN = The name of your external NIC, where traffic comes in
• IFACE_OUT = The name of your external NIC, where traffic goes out
• SET_TRIM = Controls the max allowed entries in the deny trust system, defaults to 50 lines with older entries
• TOS_8 = Ports for maximum throughput and minimum delay
• IG_TCP_PORTS = Incoming TCP ports to open
• IG_UDP_PORTS = Incoming UDP ports to open
• EGF = When set to 1, allows the firewall to lock outbound traffic. Set this to 0 if you want to allow all outbound traffic
• EG_TCP_PORTS = Outgoing TCP ports to open
• EG_UDP_PORTS = Outgoing UDP ports to open

Now, we have started out configuration, we need to start APF:

/usr/local/sbin/apf –s

You will see APF generate all the rules – now it is a good time to test.

3. Disabling unnecessary services can be done either via the commandline or via Setup. Seeing as we installed the base package, setup is a quicker process. Type setup to enter the Firstboot/Setup wizard

• Select System services
• Use the spacebar to unselect the following services:
  • anacron
  • atd
  • autofs
  • avahi-daemon
  • bluetooth
  • cups
  • firstboot
  • gpm
  • hidd
  • mdmonitor
  • netfs
  • nfslock
  • pcscd
  • portmap
  • rpcgssd
  • rpcidmapd
  • smartd

Here is a list of services (daemons) to help you decide what to disable. Here is another list. Even if you do disable a service from startup, the system can still start it if need be. If you chose not to install base, you can use the following command lines to disable a service, using chkconfig <ServiceName> off:

chkconfig anacron off

It is worth doing a reboot soon afterwards to make sure the system starts up without all the unnecessary services still running.

4. Installing SNMP for remote monitoring is a simple process using yum:

yum install net-snmp net-snmp-utils

Now we need to configure SNMP:

mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.orig

vi /etc/snmp/snmpd.conf

• rocommunity public
• syslocation MyDataCentre
• syscontact me@email.com

Once we have finished our configuration, we need to set the service to auto start, and start it up:

chkconfig –level 2345 snmpd on

service snmpd start

 5. Forwarding the daily Logwatch emails is a very simple process:

vi /etc/aliases

• root      me@email.com

/usr/bin/newaliases

The next lines will send any messages that are currently in the root mail spool (if any), and then delete the mail spool for root.

cat /var/spool/mail/root | mail -s “Old Root Emails” me@email.com

rm /var/spool/mail/root

6. Create a local user and set a password, so that we can disable remote root access:

adduser username

passwd username

• <Password>

7. Configure SSH for remote access if terminal access is not available or you need to remote work. We will also be disabling root from logging in via SSH and locking down SSH to only allow logins, using the username we created above:

vi /etc/ssh/sshd_config

• AllowUsers     username
• DisableRootLogin    yes

service sshd restart

That’s now CentOS configured, and ready for setting to a specific role. I normally do a reboot right about now, and take a snapshot of the VM or backup the VHD so that I have a pre-configured base layer to work from.

Installing Integration Components 2.1 in CentOS v5 x86/64-bit on Hyper-V 2008 R2

In Part One of this mini-series, I described how to correctly configure a VM to install CentOS v5 x86/64-bit. Part Two documented the process to install a minimal install of CentOS. By now, you should have CentOS updated and running on your Hyper-V box, ready to install the Integration Components – this will allows the VM to make full use of the the hardware resources available.

Before we get started with the actual Integration Components installation, we need to install a few additional extras.

1. First off, we need some useful tools to work with, and to compile the Integration Components.

yum install kernel-devel

yum install gcc

yum install make

yum install vim-enhanced.x86_64

2. As our version of Linux is 64-bit, we also need to install adjtimex. This is used to counter systematic drift in the system clock. You won’t need this if you installed the i386 version of CentOS.

yum install adjtimex

3. We need to download and install dkms – this allows us to update the linux kernel without the need to recompile it with the Integration Component modules. If you run a yum update kernel* after installing the Integration Components (without dkms installed), then the VM will boot up with the error:

“Unable to mount root file system”

You would need to boot in to the previous kernel to get the VM up. This Microsoft Support article will give a much clearer run down.

wget http://linux.dell.com/dkms/permalink/dkms-2.1.1.2-1.noarch.rpm

rpm -ivh dkms-2.1.1.2-1.noarch.rpm

4. With dkms installed, we need to download the Integration Components 2.1 ISO from Microsoft and load it into the VM.

mkdir –p /mnt/cdrom

mount /dev/cdrom /mnt/cdrom

cp –rp /mnt/cdrom /usr/src/linuxic-2.1

umount /mnt/cdrom

cp /usr/src/linuxic-2.1/scripts/dkms.conf /usr/src/linuxic-2.1/

5. Edit modprobe.conf to load Integration Component modules. Open /etc/modprobe.conf, and add the following lines:

 alias scsi_hostadapter1 vmbus

 alias scsi_hostadapter2 blkvsc

alias scsi_hostadapter3 storvsc

alias scsi_hostadapter4 netvsc

6. Compile and install the Integration Components

dkms add -m linuxic -v 2.1

dkms build -m linuxic -v 2.1

dkms install –force -m linuxic -v 2.1

shutdown –h now

7. With the VM now shutdown, we can remove our Legacy Network Card and install a fully integrated Network Card. We can also increase the processor count if we wish.

• Open Hyper-V Manager
• Right click your VM and select Settings
• Select Processor and set this to the value of logical processors you require
• Select DVD Drive under IDE Controller 1 and eject the Integration Components ISO
• Select Legacy Network Adapter and select Remove
• Select Add Hardware, highlight Network Adapter and select Add
• Select the new Network Adapter, and set the Virtual Network that the VM will be connecting to. I have read that Dynamic MAC Addresses can cause confusion on Linux VMs when Live Migrating in a cluster – so I always set the MAC Address to a static value
• Select Apply to make sure all new changes are applied then select OK to get started
• Select the Start button

Your VM should now start up, and you will see the modules loading, before any of the services start. You will see the startup status of seth0 flag as “Failed” – ignore this as it doenst have any details configured – unless you are running a DHCP server.

If the CentOS doesn’t detect seth0, do a further reboot. I find that I have to close the VM terminal window, and access the VM’s settings direct from Hyper-V Manager to avoid the this.

8. Once the server has started up, we can remove the backup file of the Legacy Network Adapter.

rm /etc/sysconfig/network-scripts/ifcfg-eth0.bak

9. Now we need to configure our new synthetic network adapter. Type setup to enter the Firstboot/Setup wizard

• Select Network configuration
• Select Edit Devices
• Select seth0 (seth0)
• Enter the IP address and Prefix (Netmask), the Gateway
• Select OK
• Select Save
• Select Save & Quit

10. Final step is to now restart the network service to bring up seth0 with the new settings.

service network restart

And that is it. It is a bit of a long process, but it does the job! When you next update the kernel, you will see some warnings about vmbus, storvsc, blkvsc and netvsc not being loaded as the new kernel is being installed – just ignore them.

Installing CentOS v5 x86/64-bit on Hyper-V 2008 R2

In Part One of this mini-series, I described how to correctly configure a VM to install CentOS v5 x86/64-bit. The next part will explain how to install CentOS and get it ready for installing the Hyper-V Integration Components. I always choose to install the least minimal amount, and install additional features later on, using yum.

Minimal installs are essential to increasing security, as it reduces the attack surface to the outside world. Logistically, minimal installs cut down the bandwidth used and time taken to run a yum update directly after the install; as well as their being less packages to maintain and update in future. I will provide How-Tos on installing Web Servers, DNS Servers and MySQL Database Servers later on, so we don’t need to install those packages just yet.

Install CentOS:

• Open Hyper-V Manager, right click your new VM and select Connect
• Select the Start button
• Type  linux text to To install or upgrade in text mode
• Select Skip to testing the CD media
• Select OK to Welcome screen
• Select English for Language Selection
• Select us for Keyboard Selection
• Select Yes to initialize this drive
• Select Remove all partitions on selected drives and create default layout
• Select No to Review and modify partitioning layout
• For eth0, select Activate on boot and select Enable IPv4 support
• Select Manual address configuration, and enter the IP address and Prefix (Netmask)
• Enter the Gateway and Primary DNS and/or Secondary DNS
• Select Manually for Hostname Configuration, and enter a computer name
• Select Africa/Johannesburg for Time Zone Selection and unselect System clock uses UTC
• Enter the root password
• For Package selection, unselect Desktop – Gnome and select Customise software selection
• In Package Group Selection, select only Base and unselect Dialup Networking Support, Editors, and Text-based Internet
• Select OK for Installation to begin
• Select Reboot when the installation completes

Depending on your (virtual) hardware, the install will take around 10-15 minutes to complete. THe VM will now reboot and startup all the system services (some of which we will be disabling later, to increase performance).

Now that CentOS is installed, we need to initially configure it:

• When CentOS starts for the first time, you will see the Firstboot/Setup wizard
• Select Firewall configuration – for SELinux, select Permissive and then select Customise to close ALL firewall ports (we have terminal access so we don’t need SSH open just yet!)
• Select Exit to return to the login prompt. Login using root and the password provided during the install
• In the Hyper-V window, select Media and Eject the CentOS ISO if it is still mounted
• Type yum update to update all kernel and all system packages
• Once the download and installation is complete, type reboot to restart the system and load up the latest kernel and system packages
• Check all system services start up after the reboot

CentOS is now updated and locked off for us to safely work on. Next post will describe how to do install the Hyper-V Integration Components.