Hyper-V:Install: Difference between revisions
m (→Dell OMSA) |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 23: | Line 23: | ||
Rename the computer. | Rename the computer. | ||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Rename-Computer}} {{white|-NewName}} NATASHA}} | {{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Rename-Computer}} {{white|-NewName}} {{cyanBold|"NATASHA"}}}} | ||
Join the local workgroup. | |||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Add-Computer}} {{white|-WorkGroupName}} {{cyanBold|"AH42"}}}} | |||
List the current network adapters. | List the current network adapters. | ||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Get-NetAdapter}} {{white|-Physical}}}} | {{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Get-NetAdapter}} {{white|-Physical}}}} | ||
| Line 47: | Line 49: | ||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Get-NetAdapter}} {{white|-InterfaceAlias}} {{cyanBold|"Management"}} {{!}} {{yellowBold|Remove-NetIPAddress}}}}<br/> | {{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Get-NetAdapter}} {{white|-InterfaceAlias}} {{cyanBold|"Management"}} {{!}} {{yellowBold|Remove-NetIPAddress}}}}<br/> | ||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Get-NetAdapter}} {{white|-InterfaceAlias}} {{cyanBold|"Hyper-V Team"}} {{!}} {{yellowBold|Remove-NetIPAddress}}}} | {{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Get-NetAdapter}} {{white|-InterfaceAlias}} {{cyanBold|"Hyper-V Team"}} {{!}} {{yellowBold|Remove-NetIPAddress}}}} | ||
Put both of the network adapters on Private networks. | |||
{{console|prompt=false|powershell=true|1=PS C:\> {{greenBold|$Profile1}} {{=}} {{yellowBold|Get-NetConnectionProfile}} {{white|-InterfaceAlias}} {{cyanBold|"Management"}}}} | |||
{{margin}} | |||
{{console|prompt=false|powershell=true|1=PS C:\> {{greenBold|$Profile2}} {{=}} {{yellowBold|Get-NetConnectionProfile}} {{white|-InterfaceAlias}} {{cyanBold|"Hyper-V Team"}}}} | |||
{{margin}} | |||
{{console|prompt=false|powershell=true|1=PS C:\> {{greenBold|$Profile1}}.NetworkCategory {{=}} {{cyanBold|"Private"}}}} | |||
{{margin}} | |||
{{console|prompt=false|powershell=true|1=PS C:\> {{greenBold|$Profile2}}.NetworkCategory {{=}} {{cyanBold|"Private"}}}} | |||
{{margin}} | |||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Set-NetConnectionProfile}} {{white|-InputObject}} {{greenBold|$Profile1}}}} | |||
{{margin}} | |||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Set-NetConnectionProfile}} {{white|-InputObject}} {{greenBold|$Profile2}}}} | |||
Set the IP information for both adapters. | Set the IP information for both adapters. | ||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|New-NetIPAddress}} {{white|-InterfaceAlias}} {{cyanBold|"Management"}} {{white|-IPAddress}} 10.0.42.10 {{white|-AddressFamily}} IPv4 {{white|-PrefixLength}} 24 {{white|-DefaultGateway}} 10.0.42.1}}<br/> | {{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|New-NetIPAddress}} {{white|-InterfaceAlias}} {{cyanBold|"Management"}} {{white|-IPAddress}} 10.0.42.10 {{white|-AddressFamily}} IPv4 {{white|-PrefixLength}} 24 {{white|-DefaultGateway}} 10.0.42.1}}<br/> | ||
| Line 83: | Line 97: | ||
Make sure {{mono|Allow management operating system to share this network adapter}} is enabled. | Make sure {{mono|Allow management operating system to share this network adapter}} is enabled. | ||
== {{Icon|notebook}} Secure Boot == | |||
While the virtual machine is in the OFF state, run the following command on the physical Hyper-V host to disable secure boot. | |||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Set-VMFirmware}} {{cyanBold|'VMNAME'}} {{white|-EnableSecureBoot}} off}} | |||
== {{Icon|notebook}} Nested Virtualization == | |||
While the virtual machine is in the OFF state, run the following command on the physical Hyper-V host to enable nested virtualization. | |||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Set-VMProcessor}} {{white|-VMName}} {{cyanBold|"VMNAME"}} {{white|-ExposeVirtualizationExtensions}} {{greenBold|$True}}}} | |||
= {{Icon24|sitemap}} Dell OMSA = | = {{Icon24|sitemap}} Dell OMSA = | ||
| Line 99: | Line 121: | ||
Once installed a firewall rule will be needed to access OMSA from another computer. | Once installed a firewall rule will be needed to access OMSA from another computer. | ||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|New-NetFirewallRule}} {{white|-Name}} Dell_OMSA {{white|-DisplayName}} {{cyanBold|"Dell OMSA"}} {{white|-Description}} {{cyanBold|"Dell OMSA Web Management"}} {{white|-Protocol}} TCP {{white|-Enabled}} True {{white|-Profile}} Any {{white|-Action}} Allow {{white|-LocalPort}} 1311}} | {{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|New-NetFirewallRule}} {{white|-Name}} Dell_OMSA {{white|-DisplayName}} {{cyanBold|"Dell OMSA"}} {{white|-Description}} {{cyanBold|"Dell OMSA Web Management"}} {{white|-Protocol}} TCP {{white|-Enabled}} True {{white|-Profile}} Any {{white|-Action}} Allow {{white|-LocalPort}} 1311}} | ||
= {{Icon24|sitemap}} NFS = | |||
Install the NFS Server feature. | |||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Install-WindowsFeature}} FS-NFS-Service {{white|-IncludeManagementTools}}}} | |||
Create the shares. | |||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|New-NfsShare}} {{white|-Name}} {{cyanBold|'ftp'}} {{white|-Path}} {{cyanBold|'D:\NFS\FTP'}} {{white|-EnableUnmappedAccess}} {{greenBold|$True}} {{white|-Authentication}} sys}} | |||
{{margin}} | |||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|New-NfsShare}} {{white|-Name}} {{cyanBold|'www'}} {{white|-Path}} {{cyanBold|'D:\NFS\WWW'}} {{white|-EnableUnmappedAccess}} {{greenBold|$True}} {{white|-Authentication}} sys}} | |||
Set IP restrictions | |||
{{console|prompt=false|powershell=true|1=PS C:\> {{yellowBold|Grant-NfsSharePermission}} {{white|-Name}} {{cyanBold|'www'}} {{white|-ClientName}} {{cyanBold|'10.0.42.30'}} {{white|-ClientType}} {{cyanBold|'Host'}} {{white|-Permission}} {{cyanBold|'readwrite'}} {{white|-AllowRootAccess}} {{greenBold|$True}}}} | |||
= {{Icon24|sitemap}} Conclusion = | = {{Icon24|sitemap}} Conclusion = | ||
Latest revision as of 01:08, 11 November 2018
 | UNDER CONSTRUCTION: The document is currently being modified! |
Back to Category:Windows
Introduction
IntroductionThe Server Core option is a minimal installation option that is available when you are deploying the Standard or Datacenter edition of Windows Server. Server Core includes most but not all server roles. Server Core has a smaller disk footprint, and therefore a smaller attack surface due to a smaller code base.[1] Most notably, no Windows Explorer shell is installed. All configuration and maintenance is done entirely through command-line interface windows, or by connecting to the machine remotely using Microsoft Management Console (MMC), remote server administration tools, and PowerShell.[2]
Microsoft Hyper-V, codenamed Viridian and formerly known as Windows Server Virtualization, is a native hypervisor; it can create virtual machines on x86-64 systems running Windows.[3]
Testing was done on my Dell PowerEdge R620, the following image was used:
 en_windows_server_version_1803_x64_dvd_12063476.iso |
Installation
Insert the Server 2016 boot media into the machine and reboot (or power on) the machine, booting from the inserted media. Follow the instructions on the screen to install and reboot.
 | A Hyper-V Server only requires ~32GB of hard drive space. Perform a "Custom" install, partitioning the C: drive accordingly, then assign the rest to D: for virtual machines. |
Upon reboot you will be prompted to set an Administrator password, doing so will log into the machine finalizing the installation.
Use the command prompt provided to launch Windows PowerShell.
| C:\> powershell |
Networking
NetworkingBefore Hyper-V itself can be setup, a strong networking backbone needs to be setup.
Rename the computer.
| PS C:\> Rename-Computer -NewName "NATASHA" |
Join the local workgroup.
| PS C:\> Add-Computer -WorkGroupName "AH42" |
List the current network adapters.
| PS C:\> Get-NetAdapter -Physical |
The Dell R620 comes with a built-in quad-port NIC, one will be assigned to management while the other three will be teamed together for VMs.
First create the NIC team.
| PS C:\> New-NetLbfoTeam -Name "Hyper-V Team" -TeamMembers "Ethernet 2", "Ethernet 3", "Ethernet 4" |
Verify it created the team correctly.
| PS C:\> Get-NetLbfoTeam |
| If you need to specify a VLAN for the NIC team, use Set-NetLbfoTeamNic -Team "Hyper-V Team" -VlanID 123. |
Rename the original adapters for consistency.
| PS C:\> Rename-NetAdapter -Name "Ethernet" -NewName "Management" |
| PS C:\> Rename-NetAdapter -Name "Ethernet 2" -NewName "Ethernet Team 1" |
| PS C:\> Rename-NetAdapter -Name "Ethernet 3" -NewName "Ethernet Team 2" |
| PS C:\> Rename-NetAdapter -Name "Ethernet 4" -NewName "Ethernet Team 3" |
Static IP
In order to setup a static IP address DHCP has to be disabled, the current IPs have to be removed, then new IPs can be assigned.
Remove DHCP from both adapters.
| PS C:\> Set-NetIPInterface -InterfaceAlias "Management" -Dhcp Disabled |
| PS C:\> Set-NetIPInterface -InterfaceAlias "Hyper-V Team" -Dhcp Disabled |
Remove the current IP addresses from both adapters (use A to choose Yes to All when removing).
| PS C:\> Get-NetAdapter -InterfaceAlias "Management" | Remove-NetIPAddress |
| PS C:\> Get-NetAdapter -InterfaceAlias "Hyper-V Team" | Remove-NetIPAddress |
Put both of the network adapters on Private networks.
| PS C:\> $Profile1 = Get-NetConnectionProfile -InterfaceAlias "Management" |
| PS C:\> $Profile2 = Get-NetConnectionProfile -InterfaceAlias "Hyper-V Team" |
| PS C:\> $Profile1.NetworkCategory = "Private" |
| PS C:\> $Profile2.NetworkCategory = "Private" |
| PS C:\> Set-NetConnectionProfile -InputObject $Profile1 |
| PS C:\> Set-NetConnectionProfile -InputObject $Profile2 |
Set the IP information for both adapters.
| PS C:\> New-NetIPAddress -InterfaceAlias "Management" -IPAddress 10.0.42.10 -AddressFamily IPv4 -PrefixLength 24 -DefaultGateway 10.0.42.1 |
| PS C:\> New-NetIPAddress -InterfaceAlias "Hyper-V Team" -IPAddress 10.0.42.11 -AddressFamily IPv4 -PrefixLength 24 -DefaultGateway 10.0.42.1 |
Also add DNS servers for both.
| PS C:\> Set-DnsClientServerAddress -InterfaceAlias "Management" -ServerAddress 10.0.42.1 |
| PS C:\> Set-DnsClientServerAddress -InterfaceAlias "Hyper-V Team" -ServerAddress 10.0.42.1 |
Remote Management
In order to use RSAT and Windows Admin Center remotely a few changes need to be made.
Enable WinRM.
| PS C:\> Enable-PSRemoting -Force |
Enable remote authentication acceptance.
| PS C:\> Enable-WSManCredSSP -Role server |
Enable firewall rules for remote management.
| PS C:\> Set-NetFirewallRule -DisplayGroup 'Windows Management Instrumentation (WMI)' -Enabled true -PassThru |
| PS C:\> Set-NetFirewallRule -DisplayGroup 'Remote Event Log Management' -Enabled true -PassThru |
Housekeeping
Remove Windows Defender.
| PS C:\> Uninstall-WindowsFeature -Name Windows-Defender |
Finally reboot the machine to commit the machine name and IP changes.
| PS C:\> Restart-Computer |
Hyper-V
Return to PowerShell and use the following command to install Hyper-V and required pre-requisites.
| PS C:\> Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart |
Hyper-V Configuration
You should now be able to connect to the machine remotely from Hyper-V Manager.
Be sure to run through the Hyper-V Settings, I typically setup a VM and VHD directory (eg. D:\VMs\, D:\VHDs\) and then enable Enhanced Session Mode Policy.
Next open Virtual Switch Manager and create a new External virtual switch bound to the Microsoft Network Adapter Multiplexor Driver.
Make sure Allow management operating system to share this network adapter is enabled.
Secure Boot
While the virtual machine is in the OFF state, run the following command on the physical Hyper-V host to disable secure boot.
| PS C:\> Set-VMFirmware 'VMNAME' -EnableSecureBoot off |
Nested Virtualization
While the virtual machine is in the OFF state, run the following command on the physical Hyper-V host to enable nested virtualization.
| PS C:\> Set-VMProcessor -VMName "VMNAME" -ExposeVirtualizationExtensions $True |
Dell OMSA
If you are running this on a Dell server, you might also want to install OMSA. At this point you should be able to access the administrative shares for windows.
Copy the OMSA installer onto the Hyper-V Server using the admin shares (eg. \\NATASHA\d$).
Run the EXE from the command prompt or PowerShell to extract to C:\OpenManage.
Run the pre-requisite checker.
| PS C:\> C:\OpenManage\windows\PreReqChecker\RunPreReqChecker.exe /s |
Provided no errors are seen, install OMSA.
| PS C:\> msiexec /i C:\OpenManage\windows\SystemsManagementx64\SysMgmtx64.msi |
During the installation it might be beneficial to choose Custom and then add the Remote Manager.
Once installed a firewall rule will be needed to access OMSA from another computer.
| PS C:\> New-NetFirewallRule -Name Dell_OMSA -DisplayName "Dell OMSA" -Description "Dell OMSA Web Management" -Protocol TCP -Enabled True -Profile Any -Action Allow -LocalPort 1311 |
NFS
Install the NFS Server feature.
| PS C:\> Install-WindowsFeature FS-NFS-Service -IncludeManagementTools |
Create the shares.
| PS C:\> New-NfsShare -Name 'ftp' -Path 'D:\NFS\FTP' -EnableUnmappedAccess $True -Authentication sys |
| PS C:\> New-NfsShare -Name 'www' -Path 'D:\NFS\WWW' -EnableUnmappedAccess $True -Authentication sys |
Set IP restrictions
| PS C:\> Grant-NfsSharePermission -Name 'www' -ClientName '10.0.42.30' -ClientType 'Host' -Permission 'readwrite' -AllowRootAccess $True |
Conclusion
The server should now be completely setup for VMs.
References
