Some notes I’ve made whilst studying for 70-414. I’ve tried to keep them as concise as possible. Some of the screenshots are from older versions of windows but are included to show specific settings.
System Center 2012r2
Orchestrator – A workflow management solution for the data center that lets you automate the creation, monitoring and deployment of resources in your environment.
Service Provider Foundation – This enables service providers and hosters to design and implement multi-tenant self-service portals that integrate IaaS capabilities.
- Stamp – a concept introduced in Service Provider Foundation, a stamp is a logical unit of a SCVMM, a HyperV host and a VM. As they must be monitoring SCOM is required also. For example a hosting company may have a “stamp” for each customer.
- Service Manager – A platform for automating and adapting your organizations best practises (e.g. ITIL). Provides processes for change control, problem resolution, asset management etc.
- App Controller provides a common self-service experience that can help you easily configure, deploy, and manage virtual machines and services across private and public clouds.
System Center Global Service Monitor (GSM) provides capability to monitor externally facing web sites and web services from geo-distributed location. There are two monitoring types
- Web Application Availability
Monitoring that monitors single URLs
- Visual Studio Web Tests Monitoring that lets you to run multi-step, authenticated web tests from Microsoft-provided agents in the cloud.
- Web Application Availability
- The Self-Service Portal provides web-based access to the features of System Center 2012. It can be used by users to reset their own passwords.
System Center Configuration Manager (SCCM) –
- Configuration Manager integrates with Windows Deployment Services to allow you to perform OS deployment and image capture.
- Configuration baselines contain predefined configuration items and optionally, other configuration baselines. After a configuration baseline is created, you can deploy it to a collection so that devices in that collection download the configuration baseline and assess their compliance with it.
- You can have primary sites, secondary sites and distribution points. For sites with less than 500 nodes use distribution points. Each primary site can support up to 10 management points. A secondary site supports 1.
System Center Operations Manager (SCOM) –
- A cross platform management and monitoring solution for PCs, Servers and Hypervisors (including VMWare).
- Can be used in conjunction with SCVMM for reporting
- Audit Collection Services – a means to collect records generated by an audit policy and store them in a centralized database
- Gateway server – Used as a local hub for authenticating and communicating with clients.
Management Packs – contain the settings for monitoring applications and services as well as tasks, views, reports, run as profiles etc.
- Overrides – allow you to change the default values – e.g. the severity of an alert
To setup email notification subscriptions, go to administration – notifications – subscriptions and create a subscription task
You can monitor Distribution Applications with Service Level Tracking
System Center Virtual Machine Manager (SCVMM)
To integrate VMM with SCOM you need to
- Install powershell v3
- Install an Operations Manager Operations console on the VMM management server
- Install Operations Manager agents on the VMM management server and all hosts under management by VMM (managed hosts).
- Import the necessary management packs
- Host Groups – can be used to group Hyper-V hosts. You can then assign permissions to host groups.
VMM uses a number of architectural components
Logical network – e.g. LAN, WAN, DMZ, VLAN1, VLAN2 etc
- Network Sites – allow the same logical network to have a difference address when in another site. E.g. the LAN for London may be different to Norwich.
Port Profiles – there are 2 types
- Virtual Port Profiles – for use with VMs. You can specify offload settings, DHCP guard, guest teaming, QoS etc
- Uplink Port Profiles – The connectivity of the virtual switch to the logical (actual) network
- Port Classifications – a label that can be used to identify different classes of connection (.e.g “Gold” for fast fibre SAN, “Bronze” for NAS”)
- Internal – Communication between the host and the VMs only
- External – Communication between the VMs and other systems (via a physical adaptor)
- Private – Communication only between VMs
- A Virtual IP (VIP) template – can be used for hardware load balancers. These contain load-balancer-related configuration settings for a specific type of network traffic.
Integration with other Hypervisors
You can manage VMWare and Citrix XenServer hypervisors from SCVMM.
- To manage citrix servers you must install the system center integration pack.
You can assign the below roles within VMM –
- Administrator – full rights to all objects
- Fabric Administrator – a delegated administrator role, can perform all administrative tasks within their assigned host groups, clouds or library servers.
- Read-Only Administrator – view only rights
- Tenant Administrator – can manage self-service users and VM networks. Tenant administrators can create, deploy, and manage their own virtual machines and services by using the VMM console or a web portal. Tenant administrators can also specify which tasks the self-service users can perform on their virtual machines and services. Tenant administrators can place quotas on computing resources and virtual machines.
- Application Administrator – Members of the Self-Service User role can create, deploy, and manage their own virtual machines and services by using the VMM console or a Web portal.
Automatic Virtual Machine Placement
- VMM Availability sets – can be used to specify VMs that should be kept on different hosts (e.g. DCs). Aka anti-affinity.
- Custom Properties – can be used to customize placement via your own criteria. E.g. create a value called costcenter
- Preferred Owner – Selected first where possible, Possible Owner – VMs can only be migrated to possible owners
P2V. As of System Center 2012 R2, you can no longer perform P2V conversions in VMM. You can use System Center 2012 SP1 as long as the source system:-
- Have more than 512MB RAM
- Have volumes smaller than 2040 G
- Does not have encrypted volumes
Service Template – Contains the information required to create an instance of a service (e.g. multi—tier application).
A tier can contain up to 4 components
- VIP template – a virtual IP address used with NLB
- VM template
- Application profile – reference application code or scripts
- SQL profile – schema definitions and other SQL info
- Each service template has a release number.
- Each VM created from a service template maintains its connection to the template. Therefore if you update the template, the release number of the template is raised and the changes are pushed out to all VMs created from the template.
Dynamic Optimisation – migrates virtual machines to improve load balancing among hosts and to correct any placement constraint violations for virtual machines.
- You can specify Dynamic Optimization settings for: CPU, memory, disk I/O, and network I/O.
- Can be configured on a host group
- Aggressiveness – determines the amount of load imbalance required to initiate a migration. VMs are migrated every 10 mins with the default (medium) aggressiveness.
- Power Optimisation – turns off hosts when not needed to save power. They can then be turned back on when required
- Host reserve – Set aside CPU, Memory, Disk I/O and Network I/O for the host OS.
- The Replica Broker role must be installed if attempting to replica VMs that are in a cluster
Windows Powershell Desired State Configuration (DSC)
Installed as a feature, DSC is a new management platform in Powershell that can be used to:-
- Enabling or disabling server roles and features
- Managing registry settings
- Managing files and directories
- Starting, stopping, and managing processes and services
- Managing groups and user accounts
- Deploying new software
- Managing environment variables
- Running Windows PowerShell scripts
- Fixing a configuration that has drifted away from the desired state
- Discovering the actual configuration state on a given node
Use the cmds Set-DscLocalConfigurationManager and Get-DscLocalConfigurationManager
- Cluster Aware Updating (CAU) – a new feature in windows 2012r2 to enable the update of Clustered servers
- Data-duplication – Now supports VDI virtual machines on Cluster Shared Volumes (CSV)
When there are multiple networks Win2012r2 uses the below criteria when deciding what network to use for CSV traffic.
- These are automatically calculated based on speed and whether features such as RDMA and RSS are supported.
- However, SMB multichannel takes precedence over network calculated metrics. To just rely on metrics you must disable SMB Multichannel.
- A File Share Witness (FSW) is a file share that you may create on a completely separate server from the cluster to act like a disk for tie-breaker scenarios when quorum needs to be established. You would typically use a FSW as a tie-breaker when there are an even number of clustered servers.
- DHCP failover – A new feature in Windows 2012r2 that allows multiple DHCP servers to be setup in an active/passive configuration. Should the active fail, the passive server will take over.
A cloud management solution aimed at SMEs. Allows administrators to deploy updates, malware protection and manage inventory.
Network Load Balancing
- Multiple host – traffic will be handled by multiple nodes
- Single host – single host
- Single – Used in most instances when clients originate from many different locations
- None – If clients originate from the same IP (e.g. behind a NAT router).
- Network – Request originating from the same class C network are directed to the same node
You will need to enable MAC address spoofing on the virtual adaptor of a VM in order to use NLB
The below network services can be load balanced by NLB:-
- SQL server 2012 reporting services
- Sharepoint Server 2010 front-end web server
Microsoft Desktop Optimization Pack
Contains a number of utiliies
- Asset Inventory Service – helps you determine what software and hardware you have in your organization compared to your licensing agreements.
Resiliency Settings – When creating a virtual disk you have the following resiliency options
- 2-way mirror – requires at least 2 disks
- 3-way mirror – requires at least 5 disks
- Parity – requires at least 3 disks
Email Encryption –
For 2 companies to encrypt emails sent between them you should
- Exchange and install root CA certificates
- Duplicate the enrolment certificate and install a template based on the new certificate
- Request cross certification authorities
Constraints can be applied during the cross-certification process by using a policy.inf file. CApolicy.inf is used to apply constraints during the installation of a CA
Recovery of a CA
To restore certificate revocation checking in the event of a failed CA
- Restore a copy of the CA’s private key and then retrieve a copy of the CRL
- Use certutil to resign the CRL and extend the validity period of the CRL
- Republish the CRL using Certutil
- Certificate Enrollment Policy Web Service is an Active Directory Certificate Services (AD CS) role service that enables users and computers to obtain certificate enrollment policy information. When used with the Certificate Enrollment Web Service, this enables policy-based certificate enrollment when the client computer is not a member of a domain or when a domain member is not connected to the domain.
- Online Responder – Unlike certificate revocation lists (CRLs), which are distributed periodically and contain information about all certificates that have been revoked or suspended, an Online Responder receives and responds only to individual requests from clients for information about the status of a certificate.
- Certificate Authority Web Enrollment – Provides a web interface to the CA role service
WAN bandwidth optimization technology that is included in Windows 2008R2 and Win7 and higher. To optimize WAN bandwidth when users access content on remote servers, BranchCache copies content from the remote servers and caches it locally for clients at branch offices to access.
- In hosted mode data is cache on a local “server”
- In distributed mode no server is required. Content is distributed amongst the client computers.
- Autonomous mode: An upstream WSUS server shares updates with its downstream server or servers during synchronization, but not update approval status or computer group information. Downstream WSUS servers must be administered separately.
- Replica mode: An upstream WSUS server shares updates, approval status, and computer groups with its downstream server or servers. Downstream replica servers inherit update approvals and cannot be administered apart from their upstream WSUS server.
Active Directory Rights Management Servicies (AD RMS)
An information protection technology that works with AD RMS-enabled applications to help safeguard digital information from unauthorized use. Content owners can define who can open, modify, print, forward, or take other actions with the information.
- Designed for the data center, Windows Azure Pack integrates with System Center and Windows Server to help provide a self-service portal for managing services such as websites, Virtual Machines, and Service Bus; a portal for administrators to manage resource clouds; scalable web hosting; and more. Available for free.
Azure Site Recovery
Use Azure Site Recovery to protect virtual machines running on Hyper-V hosts located in System Center Virtual Machine Manager (VMM) clouds. To setup site recovery
- Get a certificate uploaded to the vault and set up on the source VMM server, and generate a vault key.
- Set up VMM servers—Install the Azure Site Recovery Provider on the source and target VMM server.
- Configure the VMM clouds—Configure protection settings for VMM clouds.
- Enable virtual machines—Enable protection for virtual machines.
Scale-Out File Server
Designed to provide continuously available file shares by sharing the same folder from a number of servers. Ideal for use where there is no SAN. It can be used in 2 scenarios
- Application data – e.g. HyperV VMs
- File Server – e.g. clustered file server
Top deploy bitlocker you need to setup one account with permission to decrypt encrypted drivers
- Install Bitlocker on a DC
- Copy, modify and publish the basic EFS template
- Request a new certificate for the user with “basic EFS”. Save as a .cer
- Deloy the data recovery agent in GPO
To have certificates automatically renew you need to edit the autoenrollment template
Then edit the GPO
- Windows Server Gateway – like RRAS. Use it to connect to different networks
- RDMA – aka SMB direct – SMB CPU processing if offloaded to the NIC
- Receive-side scaling (RSS) – Enables a network adapter to distribute its network processing load across multiple virtual processors in multi-core virtual machines.
- VHDX disks can store over 2TB of data.
When creating virtual disks:-
- A 2 way mirror requires 2 disks
- Parity requires 3 disks
- A 3 way mirror requires 5 disks
To audit changes to active directory objects in an OU you must:-
- From the Default Domain Controllers policy, enable the Audit directory service access setting and enable directory service changes.
- Modify the audit settings on the OU