Results for category "Priviate Cloud"

Building Private Cloud – Part 6

Now we are almost ready with the Private Cloud. We have the HyperV cluster ready with fabric configured with VM Networks for each subsidiary group. We have the VM templates, Hardware Profiles and Gust OS Profiles ready. We have the Private cloud for each subsidiary group.

In this part, We will delegate the access for IT Admins of each subsidiary using User Roles.

Create a security group for each cloud.

From SCVMM ->  Settings -> User Roles

Create User Roles

Creating User Role - Name

Creating User Role – Name

 

On the Profile page, select the appropriate role profile. We have four per-defined roles available.

Fabric Administrator: Members of the Delegated Administrator user role can perform all administrative tasks within their assigned host groups, clouds, and library servers, except for adding XenServer and adding WSUS servers. Delegated Administrators cannot modify VMM settings, and cannot add or remove members of the Administrators user role.

 

Read-Only Administrator: Read-only administrators can view properties, status, and job status of objects within their assigned host groups, clouds, and library servers, but they cannot modify the objects. Also, the read-only administrator can view Run As accounts that administrators or delegated administrators have specified for that read-only administrator user role.

 

Tenant Administrator:  Members of the Tenant Administrator user role can manage self-service users and VM networks. Tenant administrators can create, deploy, and manage their own virtual machines and services by using the VMM console or a web portal. Tenant administrators can also specify which tasks the self-service users can perform on their virtual machines and services. Tenant administrators can place quotas on computing resources and virtual machines.

 

Application Administrator: Members of the Self-Service User role can create, deploy, and manage their own virtual machines and services by using the VMM console or a Web portal.

 

For our requirement, I prefer “Tenant Administrator” role.

Creating User Role - Setting the delegated Role

Creating User Role – Setting the delegated Role

 

In the Members page, add the user/security group which should get access through this role. I am using a security group for this purpose. Members in this security group will get the access through this role.

Creating User Role - Defining Security Group

Creating User Role – Defining Security Group

 

In the Scope page, we need to define the scope where this user role gets access. Scope is defined through the Cloud.

Creating User Role - Defining Cloud

Creating User Role – Defining Cloud

 

In the next page, we may define the quota. On the cloud, we have defined a  quota which is the maximum a cloud can have. However, it doesnt means that the entire resources should be utilized by a single user role. We can have multiple user role and have different quotas for the user roles, however the quota will be within the total quota allocated for cloud.

 

Creating User Role - Allocating compute resources

Creating User Role – Allocating compute resources

 

In the next page, we will allocate the VM Networks which will be used along with the VM Deployment. As we have dedicated VM networks for each groups, select the appropriate network for S1 IT.

Creating User Role - Allocating VM Networks

Creating User Role – Allocating VM Networks

 

In the resources page, Add the VM template, Hardware profiles and OS Profiles which will be allocated for this group.

 

Creating User Role - Adding Profiles and templates

Creating User Role – Adding Profiles and templates

 

In the permission page, we can adjust the available permissions to some extend. However, this is not an RBAC based delegation.

 

Creating User Role - Delegating the tasks

Creating User Role – Delegating the tasks

 

 

In the next page, select the run as accounts which will be used along with the VM Templates or OS profiles.

Creating User Role - RunAs Accounts

Creating User Role – RunAs Accounts

 

On the next screen, review the changes and proceed with the User Role creation.

 

 

 

Building Private Cloud – Part 4

Now we have the basic setup ready. We have the HyperV cluster ready with fabric configured with VM Networks for each subsidiary group. In this part, We will cover on creating a VM teamplate, creating hardware profiles and finally the GUST OS Profile.

 

VM Template 

For each version of operating system, We need to create a template with a baseline configuration. The template can be created from a fresh VM or we can create from a existing defined template. The same template can be shared with multiple subsidiaries (S1, S2 and S3).

  1. Create a Gen 1 VM on any of  the Hyper-V Host which is added on SCVMM – I will name it as Golden Image
  2. Windows Patch Updates
  3. Install HyperV Integration Component
  4. Antivirus/Agents or any of the custom software required on all servers deployed using this image
  5. Enable RDP
  6. Set Administrator password blank
  7. Do any other customization if required
  8. Export the VM – This is required if we need to update template on a later stage
  9. SysPrep and Shutdown

Now from SCVMM -> VM And Services, Identify the VM which is created for the template.

Right Click on the VM -> Select “Create VM Template”

Create Template

 

 

Read the warning and Click “Yes” if you are OK to proceed. 😀

Create Template - Warning - Source VM Destroy

 

 

The next screen is to select a hardware profile.

We can goahead with the Default setting. No need to select anything here.. Just click on Next.

Creating template - Hardware profile

Creating template – Hardware profile

 

The next screen is for Gust OS Profile. You can choose an OS profile which matches the operating system of this VM.

Create Template - OS Profile

However, Please dont choose “No Customization Required” from the drop-down menu. This will disable the option to link Gust OS Profile on the template.

OS Customization - NONE

 

 

Select the Library Server and then select the PATH to be used inside the Library Share.

Review the Summary and proceed with the template creation.

 

Hardware Profile

Hardware Profiles will define the hardware configuration and will be attached while creating a VM from a template. The usual pattern is to create with a naming convention (Gold, Silver, Bronze) or something similar which is easy to relate.

In our specific scenario, We need to define Hardware Profiles for each group. Here is the naming standards and the details.

HW Profiles

 

Make a table as above. Then create the template for the first group (S1). For creating profiles from the other groups (S2 and S3), Right click on the one which is created for S1 and click “Copy”. This will create copy the existing template and create a new one. You just need to adjust the name and the VM Network.

So lets create the first template – S1-Gold.

Navigate to SCVMM -> Library -> Profiles -> Hardware Profiles

Right click on Hardware Profiles and select “Create Hardware Profile”

Create Hardware Profile - Define the name

Create Hardware Profile – Define the name

Click on Hardware Profile and configure each section accordingly.

On Cloud Capability, Select Hyper-V.

Creating Hardware profile - Cloud Compatibility

Creating Hardware profile – Cloud Compatibility

On the processor page, enter the number of processors allocated for this profile.

 

Creating Hardware Profile - Processor

Creating Hardware Profile – Processor

On the Memory, Enter the memory details. Static or Dynamic and the memory allocated.

Creating Hardware Profile - Memory

Creating Hardware Profile – Memory

 

On the Network, Select the Network connectivity details. In the previous parts, We have defined the VM Networks for each group. Select the appropriate VM Network defined for this group.

 

Creating Hardware Profile - Network

Creating Hardware Profile – Network

On Availability page, Make sure that “Make this VM highly available” is selected.

Creating Hardware Profile - HA

Creating Hardware Profile – HA

Once done, Click on OK to create the S1-Gold hardware profile.

Use this same profile to create S2-Gold and S3-Gold.

For that, Right click on the newly created S1-Gold hardware profile and click on Copy.

Copy Hardware Profile

Copy Hardware Profile

 

Look for Copy of S1-Gold. Right click and select “Properties”

On General, Change the Name to “S2-Gold”

Copy Hardware Profile - Rename

On the Hardware Profile page, Adjust the VM Network.

Copy Hardware Profile - Adjust VM Network

Copy Hardware Profile – Adjust VM Network

Click on OK to make the template for S2-Gold.

Similarly make one more copy of S1-Gold and adjust it from S3-Gold.

Now, Create other profiles (Silver and Bronze) using the same method.

Gust OS Profile

The next step is to create Gust OS Profile.

Before starting, Ensure we have run as account created for “Local Administrator” and “AD Join”. Its good to have these runas accounts created, but not mandatory.

Once ready, Create the GUST OS Profile.

On Gust OS Profile, we define the OS Details, Admin Password for the newly created VM, Product Key (If not using KMS), Time Zone, Role, Feature, Domain or Workgorup etc.

One important aspect for Gust OS Profile is to specify the Organizational Unit which will be used to create a VM. This will help us to have the VMs for S1-IT getting created into the OU designated for S1-IT and VMs for S2-IT getting created into the OU designated OU for S2-IT and so on.

Lets create a Gust OS Profile for S1-IT which will be used for Windows Server 2012 R2 Std edition of OS.

Gust OS Profile for S1-IT

Gust OS Profile for S1-IT

On the OS Details page, Select the appropriate OS.

Create Gust OS Profile - OS Details

Create Gust OS Profile – OS Details

 

On the Admin Password page, select the run as account for Local Administrator. If you dont have a RunAs account, you could even save the password on this profile itself.

 

 

 

Create Gust OS Profile - Local Admin

 

And next is the Domain/Workgroup page. Specify if the VM needs to be joined to a domain or can be in a workgroup. If needs to be domain joined, The domain name and the credentials to be used for adjoin. If you dont have a run as account, you could even save the user name and password in this profile which will be used for adjoin.

 

Create Gust OS Profile - Domain Information

Create Gust OS Profile – Domain Information

 

Once done, Click on OK to create an Gust OS Profile.

Now we need to configure the OU where the computer objects should be created on the adjoin process. This can be configured only through the VMM shell.

 

Create Gust OS Profile - Configuring OU Information

Create Gust OS Profile – Configuring OU Information

Similarly, Create Gust OS Profiles for each Gust Operating System used by each group and configure the DomainJoinOrganizationalUnit parameter according to each Group.

Here is an outline how different components – VM Template, Hardware Profile and OS Profile linked together on VM Creation.

VM Template - Hardware Profile - Gust OS Profile

VM Template – Hardware Profile – Gust OS Profile

In the next part, I will detail on Creation of Private Cloud for each group and setting up the access for the IT Admins of each group.

 

 

Building Private Cloud – Part 3

Now we have the Hyper-V Clusters ready. We have the Fabric Configured to have a Logical Switch and VM Networks for each group.

The next step is to create a Cloud for each subsidiary group. The high level steps are as below.

1) Create Private Cloud for each subsidiary group with the appropriate network for each Cloud

2) Create Self Service User Role for each Group

Lets go in detail.

1) Create Private Cloud for each subsidiary group

Private Cloud will be the logical boundary for the consumer. Consumer will not be seeing anything beyond this stage. End user will create VMs on the private cloud.

Navigate to SCVMM -> VMs and Services – > Clouds

Click on Create Cloud

Create Private Cloud

Create Private Cloud

 

In the next page, Select the appropriate host group which will be used by this Cloud.

Create Private Cloud - Select host group

Create Private Cloud – Select host group

 

Create Private Cloud - Select Logical Network

Create Private Cloud – Select Logical Network

 

Proceed with the next steps and configure the optional components.

Select the Storage Classification.

Create Private Cloud - Select Storage

Create Private Cloud – Select Storage

 

In the next page, Select the Library Share which will be used by this cloud.

Create Private CLoud- Select Library

Create Private Cloud- Select Library

 

In the next page, Set the maximum capacity for the entire cloud.

Create Private Cloud - Set Capacity

Set  the maximum capacity

 

Select the appropriate capability profile.

Create Private Cloud - Set capability profile

Create Private Cloud – Set capability profile

 

Finally, Verify the summary and proceed.

Similarly, we need to create a Private Cloud for S2-IT and S3-IT. While creating S2-IT-PriviateCloud, We need to select the appropriate Logical Network we created for S2-IT and while creating S3-IT-PriviateCloud, we need to select the appropriate Logical Network we created for S3-It.

 

With this, We are done with the creation of a Private cloud. Now we need to set up the access using a Self Service User Role, allocate the templates, Hardware Profiles, Gust OS Profile etc which will be covered in the next part. The below illustration gives a brief on the different fabric components which are getting linked to form a Private Cloud.

illustration - Linking the network componet with cloud

 

 

Building Private Cloud – Part 2

I have detailed on create a Hyper-V Cluster using SCVMM 2012 R2 in one of my previous posts (Part1 and Part2). However, Don’t configure anything related with Fabric based on those posts.

The critical part of the configuration is fabric – especially Network. Hence, I would like to detail about that on this part.

At this stage, I had my Hyper-V cluster built using SCVMM 2012 R2. I will be completing the fabric configuration specific to Private Cloud now. Based on the requirement we had on the Part-1, I am allocating one VLAN per S-IT.

S-IT GROUP VLAN
S1-IT 10.0.21.0/24
S2-IT 10.0.22.0/24
S3-IT 10.0.23.0/24

Individual VLAN will give us the flexibility to have strict network level restrictions based on the requirements. Each VLAN is configured with a DHCP scope of 10 IPs, so that the VMs deployed through a template will get an IP and be joined to the domain. Once deployed, The S-IT team should be able to change the IP to a static IP with in their assigned range.

The high level steps which will be preformed are

1) Creating Logical Network for S1-IT, S2-IT and S3-IT with site/VLAN information

2) Creating UpLink Port Profile which will be used for the Logical Switch

3) Creating Logical Switch and select the UpLink Port Profile

4) Creating VM Networks for S1-IT, S2-IT and S3-IT and link with the corresponding Logical Network

5) Assigning Logical Switch for the Phyical Hosts

6) Creating Virtual Network Adapters for S1-IT, S2-IT and S3-IT on top of the Logical Switch and link them to the corresponding VM Network

Here is a quick illustration for you to relate each different components involved.

 

Network Components for building private cloud

Network Components for building private cloud

 

So lets go in detail.

1) Creating Logical Network for S1-IT, S2-IT and S3-IT with site/VLAN information

As we planned, each S-IT will be defined as an independent Logical Network.

Navigate to Fabric -> Networking -> Logical Network

Create a new Logical Network for S1-IT and define the Site with the assigned subnet and VLAN.

SCVMM 2012 R2 Fabric Configuration

LOGICAL NETWORK for S1-IT

On the Network Site page, create a new site for S1-IT , Link with the correct host group which has the HyperV Physical hosts and then enter the Subnet /VLAN details.

LOGICAL NETWORK - DEFINE SITE - SITE-S1-IT

LOGICAL NETWORK – DEFINE SITE – SITE-S1-IT

 

Click on next and Confirm after verifying the summary.

Similarly, We need a Logical Network for S2-IT.

SCVMM 2012 R2 Fabric Configuration

LOGICAL NETWORK – S2-IT

On the Network Site page, create a new site for S2-IT , Link with the correct host group which has the HyperV Physical hosts and then enter the Subnet /VLAN details.

SCVMM 2012 R2 fabric configuration

LOGICAL NETWORK – DEFINE SITE – SITE-S2-IT

Click on next and Confirm after verifying the summary. Create a similar Logical Network for S3-IT and set the right subnet/VLAN details.

2) Creating UpLink Port Profile which will be used for the Logical Switch

As you know, Uplink Port Profile will be used along with the logical switch and define the teaming mode and algorithm used.

Navigate to SCVMM -> Fabric -> Networking -> Port Profiles

Create a new Port Profile. Configure the Port Profile as an Uplink Port profile. Set the teaming mode as Switch Independent and Algorithm as Dynamic.

PortProfile-Cloud-Uplink

PortProfile-Cloud-Uplink

In the network configuration page, Select the appropriate sites where this Port Profile will be used. We need to select the Sites which has been created for S1-IT, S2-IT and S3-IT.

PortProfile-Cloud-Uplink-NetworkSites

PortProfile-Cloud-Uplink-NetworkSites

Click on Next and proceed after verifying the summary.

3) Creating Logical Switch and select the UpLink Port Profile

Logical Switch is an equivalent to HyperV switch. While Logical Switch is configured on the host, The network interfaces allocated for the logical switch will be used to create a HyperV Switch. The teaming mode of interfaces is defined in the Port Profile which will be linked with the Logical Switch.

 

SCVMM 2012 R2 Priviate Cloud

Logical Switch Creation

On the next screen, We need to add the UpLink profile. Select the one which has been created for the Private Cloud. Verify the site names and host group again.

 

LOGICAL-SWITCH-PRIVIATECLOUD-UPLINK

Proceed with further steps.

4) Creating VM Networks for S1-IT, S2-IT and S3-IT and link with the corresponding Logical Network

VM Networks will be used for to create Virtual Networks on top of the Logical Switch. Each S-IT group will need a VM Network which will be linked with the Logical Network we defined in Step 1.

Navigate to SCVMM ->VMs and Services -> VM Networks

Create a New VM Network and assign the corresponding Logical Network.

Configuring SCVMM 2012 R2 Fabric

VM Network for S1-IT

Click on NEXT and then Finish after reviewing the Summary.

Similarly, Create VM Network for S2-IT and link with the respective logical network for S2-IT.

Virtual Netowrk SCVMM 2012 R2 Fabric

Virtual Network for S2-IT

Similarly, Create one for S3-IT and link with the logical network of S3-IT.

5) Assigning Logical Switch for the Physical Hosts

On each Hyper-V host in the cluster or each stand alone host, the Logical Switch needs to be configured. Logical Switch will create a HyperV Switch with the defined Network Interfaces and also take care of teaming based on the Uplink port profile, if multiple interfaces are present.

Navigate to SCVMM -> Fabric ->Servers -> HostGroup -> Cluster ->

Select a node and navigate to Properties -> Virtual Switches

Click on New Virtual Switch -> New Logical Switch

Select the correct logical switch from the drop down list.

Select the Network Adapters which will be used for HyperV data.

Select the appropriate UpLink Profile.

 

Adding Logical Switch to HyperV host

Adding Logical Switch

Once done, Click on OK.

Do this activity on all HyperV Hosts which will be part of this Cloud.

6) Creating Virtual Network Adapters for S1-IT, S2-IT and S3-IT on top of the Logical Switch and link them to the corresponding VM Network

Next step is to Link the VM Network created for each S-IT with the Logical Switch. This is done using the option of Virtual Network Adapter which will be created on top of the logical switch.

Navigate to SCVMM -> Fabric ->Servers -> HostGroup -> Cluster ->

Select a node and navigate to Properties -> Virtual Switches

Select the Virtual Switch  and Click on New Virtual Adapter.

Enter the appropriate name for the virtual adapter.

On Connectivity – Click on Browse and select the appropriate VM Network. VLAN details will be listed by default based on the information on VM Network.

SCVMM 2012 R2 Fabric Configuration

Virtual Network Adapter

Add Virtual Network Adapter for each S-IT.

Virtual Network Adapter

Virtual Network Adapter

Similarly, Create one Virtual Network Adapter for S-IT3 and link with the appropriate VM Network.

Thats the end of Part-2.

 

 

Building a private cloud – Part 1

Its almost three months I installed SCVMM 2012 R2. I had invested atlest 10 hours a day on learning this product. And today when I look back, I am happy to see the progress which I made. I would like to share my experience how I made a private cloud. As I always say, I am still learning this product. My intention is not to say that you should do like this, but to share that this is how I made it working – though it may not be the optimal way.

The ultimate AIM I had in my mind for using SCVMM are

  • Building a private cloud
  • Make use of Network Virtualization

I am still trying to see how to get network virtualizaiton working and will post the details once I am successful.

Lets go to the first part in detail.

Definition of Cloud Computing

A computing capability that provides an abstraction between the computing resource and its underlying technical architecture (e.g., servers, storage, networks), enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.” This definition states that clouds have five essential characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Narrowly speaking, cloud computing is client-server computing that abstract the details of the server away;one requests a service (resource), not a specific server (machine).

Definition of a private cloud

Private cloud is virtualized cloud data centers inside your company’s firewall. It may also be a private space dedicated to your company within a cloud provider’s data center. An internal cloud behind the organization’s firewall. The company’s IT department provides software and hardware as a service to its customers — the people who work for the company. Vendors love the words “private cloud.”

 

Source – http://cloudtimes.org/glossary/

That being said, My goal on building a private cloud is to have the five defined characters. On-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Out of this, Measuring service will come while we plan for a charge back – which I didn’t plan. I had Microsoft Azure in my mind which gave me a feel of a Cloud. From an consumer standpoint, Its not mandatory to know where the service is hosted, what technology is behind the solution, what hardware is being used etc. Consumer should get a pool of compute resource which can be used using a self service mechanism.

 

Flow - Cloud 1

 

To visualize this, I made a scenario here. InsideVirtualization.com is a company who is into some business. Company has three subsidiaries. Management don’t want to invest on dedicated IT Infrastructure for the subsidiaries. However, the IT team in the subsidiary should be able to create/manage without depending of the main IT Team. At the same time, Management enforce that the IT team in the subsidiaries should be only accessing/managing the resources entitled to them. The Finance team would like to have the service allocated based on the budget allocated for IT Infrastructure for each subsidiary. The IT security team dont want the servers/services provisioned for subsidiaries to communicate with each other, but should be able to communicate with a minimal set of servers/services in the Core IT.

😀 , The scenario tends towards question asked in Microsoft certification.

To make this requirement working, I am building a private cloud.

Once we have a successful private cloud, here is what we can achieve.

  • S1-IT (Subsidary1 IT Team) will get a cloud name S1-Priviate-Cloud
  • S1-IT will be able to use a self service console to create/manage the VMs provisioned
  • S1-IT will only be able to manage a Virtual Server entitled to the S1-Priviate-Cloud
  • S1-IT will only be able to use the compute resources allocated for their cloud
  • S1-IT will be only seeing the components up to the Private cloud. Everything behind will be hidden.
  • S1-IT will heave the flexibility to mix and match the total resources allocated for the cloud. Based on approvals, S1-IT could request to get more resources allocated to the cloud.

Similarly, S2-IT and S3-IT will also get an private cloud.

I will come up with more details in the next part.

Keep watching my blog. If you feel that I am wrong on any of the statements, Please feel free to put a comment or use Contact page.

Cheers

 

F5 Big IP Announced NVGRE Support

F5 announced their road map on supporting network visualization for Hyper-V.

F5® BIG-IP® hardware will support NVGRE gateway functionality beginning the first quarter of calendar year 2014. Integration with Windows Azure is currently available on F5’s BIG-IP solutions.

For me, this seems to be an important move as one of the mainstream vendor will be coming soon to support the network visualization initiatives. Lets hope for the best !

Cheers,

Shaba

 

 

 

SCVMM 2012 Sp1 – Building a priviate cloud

I am very excited to let you all know that I am trying out a private cloud with SCVMM 2012 Sp1. Its almost three weeks I am playing around SCVMM 2012 Sp1. Still trying to understand the concepts and features. In the initial phase, I was in the assumption that configuration is something which I can do easily. Unfortunately, Fabric configuration made me into panic mode having sequence of issues. At-last, I landed safely by fixing all issues.

Another important note is on Roll-up 1. As you are aware, System Center 2012 Sp1 got a new Roll-up1 which got released on Jan 9th 2013. This rollup is intented to fix the below issues. I am yet to apply this roll-up, but scheduled for this weekend.

 

Virtual Machine Manager (KB2792925 – Console; KB2792926 – VMM Server)

Issue 1

When a logical unit number (LUN) is unmasked on an iSCSI array, the VMM service may crash.

Issue 2

When a node is put in maintenance mode, virtual machines in the cluster change to a status of “Unsupported Cluster Configuration.”

Issue 3

When an add-in that uses multiple DLL files is imported into the VMM console, the add-in is not imported. Additionally, you receive the following error message:

Add-in cannot be installed

Issue 4

When an add-in is imported into the VMM console on a server that is running Windows Server 2008 R2, the add-in is not imported.

Issue 5

When an add-in is imported into the VMM console, the console may crash.

Cheers !

Shaba