Use VMM and Operations Manager to dynamically configure the administrator role

Running one of the world's largest System Center Configuration Manager 2007 installations, the Microsoft Operations team has nothing special than you.

However, we are witnessing the continuous development and changes of our data centers, especially after the introduction of virtualization. Configuration Manager 2007 leverages the Microsoft virtualization platform to dynamically scale its client-based services with dynamic configurations, improving flexibility. Microsoft manages more than 0.3 million clients, which forces us to think about things beyond scaling and explore ways to improve automation and efficiency. The lessons we have learned from this may also benefit you a lot.

VMM: build core

To successfully build a Configuration Manager infrastructure that can be scaled quickly and on a large scale, the first step is to break through the "server-based" model and transform it into a "service-based" model. In the service field, your expansion unit is a hardware object, such as CPU, memory, disk, and network. The physical servers of these resources are no longer so important.

The starting point of the service model is to rebuild the Virtual Machine (VM) infrastructure. However, before we further discuss this, we should first understand some basic knowledge to clear the obstacles to understanding. System Center Virtual Machine Manager 2008 (VMM) provides a series of configurable options for your data Center. VMM consists of four components, all of which have different extension units:

The introduction of basic knowledge focuses on the concept of dynamic configuration. This article describes the first three items. For more information about the VMM self-service portal, see system requirements: VMM self-service portal .)

VMM Server Installation

The VMM Server, as the system hub, depends on the VMM database, which should run on the SQL Server cluster. This cluster ensures high availability of the job engine that executes all VM host and guest tasks, such as creating and moving VMS and making storage decisions.

A vmm Server is a separate server on which the Administrator can view its physical host and virtual assets. You can transform your environment into a masterpiece of dynamic configuration by using existing hardware technologies in data centers such as directly connected storage (DAS) and storage Region network (SAN.

To install VMM for the first time, you must install two components: the VMM Server includes a database and the first instance of the VMM library. A lot of planning is required in this step; you can find useful resources in planning high availability.

Install VMM proxy

The next step is to ensure that the Windows-based virtualization server is ready for use in the VMM infrastructure. Windows Server 2008 with the Hyper-V Role and an independent Hyper-V Server are selected here. VMM provides two methods to set up virtual hosts: Active Directory-based discovery and manual installation.

We will focus on Active Directory-based discovery, as this is the most common method. This process is very simple and clear; the actual decision only involves the default VM storage location such as D: \ VMs) and whether to install the Hyper-V Role in Windows Server 2008 if it has not been enabled ).

The VMM agent is installed on each Windows-based server running as the local system. It communicates with the host through Windows Remote Management (WinRM. The Agent installation process allows WinRM to allow HTTP-based port communication between hosted hosts and VMM servers.

Once the installation is complete, the VMM Administrator console should list the available hosts in the data center.

VMM Library: dynamically configured build blocks

The core is ready. What should I do now? It's time to understand the database. The VMM Library provides the basis for dynamic configuration. Library is the main Extension Unit of VMM. The infrastructure can contain multiple database servers, but not multiple VMM servers. A database is a base block for deployment and configuration. During the installation process, the first VMM database is placed on the VMM server; other databases should be placed on other servers. In Microsoft, we install libraries as close as possible to the hosts they serve. For example, you may have a host group consisting of eight Hyper-V servers serving the Seattle data center, while the Boston-based secondary data center has only one Hyper-V host, seeFigure 1). In Seattle, you provide multiple database servers to serve the Host group, while in Boston, you only need one database server.

Figure 1Use multiple libraries for System Center Virtual Machine Manager.

These data center libraries store virtual hard disks, scripts, and images. Keeping the database close to the service host saves configuration time.

After adding the appropriate database server to the infrastructure, the next step is to learn how to configure the required services.

Do not use clone

There are multiple configuration methods using virtualization. Cloning is one of them. Cloning will store the entire computer for future use, including computer-specific information such as the computer name, IP address, and configuration file-specific data ).

Cloning is easy to use in some cases, but this method has more disadvantages than dynamic configuration. The first problem is that cloning requires that the computer be retained as part of the infrastructure in Active Directory, Operations Manager, etc.), even if the system itself is not stored in the database online. When you build a dynamic service in the data center, this situation may cause many false positives to be offline and the system is displayed as available ).

The second drawback of cloning is storage requirements. Because each expansion unit needs to be fully stored and is defined as a server as an extension unit), this leads to a high VM storage requirement. For example, a cloned Configuration Manager 2007 distribution point (DP) includes three virtual hard disks with a total size of 130 GB. This is only a single DP storage requirement; in Microsoft, only one site may need six DP. Therefore, the clone process requires 780 GB of database storage. This leads to a rapid increase in storage requirements.

In contrast, the "Basic image" configuration method is generally more desirable. This method creates the basic image of the operating system, and there is no installation except for the default service required to run the operating system. For example, Microsoft stores three basic images Windows Server 2003 R2, Windows Server 2008, and Windows Server 2008 R2 as virtual hard disks (VHD) in the library ). Each basic image is about 6 GB to 10 GB, which is much more efficient than the 130 GB required for cloning.

Use configuration files and templates

After determining the configuration method, the next step is to create a configuration file. The configuration file is an entity within the VMM range, which defines the hardware or operating system. The hardware configuration file defines items such as the number of CPUs, the number and type of hard disks, such as IDE or SCSI, and network configuration. The guest operating system configuration file defines Windows-based features related to specific roles configured. This includes computer names, product keys, and domain-related information.

Dynamic configuration depends on the hardware and guest operating system configuration files. You can create another Configuration Manager role based on the client, but all Configuration files follow the same principle. For details about creating hardware and guest operating system configuration files and templates, see my blog Virtual Machine Manager Library: There is no card directory, you are crazy library administrator.

After the configuration file is complete, you will create a template. The template defines the hardware and operating system features of the server in detail, instead of defining each computer one by one ). The main difference between the configuration file and the template is the degree of specificity: The template is very precise, but the configuration file is not. For example, the configuration file contains the network adapter type to be built, but does not contain connection-specific information about the adapter. This type of information is stored in the template.

Therefore, this step creates a hardware configuration file, a guest operating system configuration file, and a site-specific template. To apply this process to the Seattle-Boston example, start with Configuration Manager DP and its independent host groups in the Seattle and Boston data centers. First, create a hardware configuration file. Second, set the operating system information of the entire infrastructure. Finally, create a template for each site based on the configuration file. Because the Seattle and Boston networks are different, you need to get custom settings through the template.

Start to use WAIK for configuration

After completing the configuration file and template, you can start dynamic configuration of the operating system. For Microsoft, this means to use the Windows automatic installation Toolkit (WAIK). You can use this toolkit to customize Windows-based installation. For more information, seeFigure 2). In the field of dynamic configuration, complete operating system installation is not feasible, because it takes too long.

Figure 2Step by step: Break Down dynamic configurations at the operating system layer.

We use a process named sysprep that you may be familiar with. This process cleans up installed systems and user-specific information on all computers. On a typical server that has been cleaned up using sysprep, you are asked a group of questions at the first startup. You need to answer these questions. The remaining work is done by the server. You can automatically answer these questions by creating an unattended installation file. Based on different operating systems, unattended files are stored in the database and referenced as part of the guest operating system configuration file.

The interesting thing about decomposition and deployment is to learn the work that must be done before deploying a new service step by step. After confirming these steps, you can execute the policy to complete these tasks through the unattended file.

Generate unattended deployment File

In Microsoft, some key configurations we want to execute in the unattended file are as follows:

These are the required configurations for typical data centers. You can view the WAIK Reference Guide on the Windows Installation Reference to learn how to configure other options.

Figure 3Demonstrate an unattended installation file for dynamic deployment of our Configuration Manager site role. This XML code segment only includes the configurations listed above. For the complete XML file, see my blog for the SCVMM example Unattend. XML for Windows Server 2008 and R2.

Figure 3 Unattend. xml code segment copy code

<?xml version="1.0" encoding="utf-8"?><unattend xmlns="urn:schemas-microsoft-com:unattend">  <settings pass="specialize"><component name="Microsoft-Windows-TerminalServices-LocalSessionManager"           processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35"           language="neutral" versionScope="nonSxS"            xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <fDenyTSConnections>false</fDenyTSConnections></component><component name="Microsoft-Windows-IE-ESC" processorArchitecture="amd64"            publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"           xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><IEHardenAdmin>false</IEHardenAdmin></component>  </settings>  <settings pass="oobeSystem">      <UserAccounts><DomainAccounts><DomainAccountList wcm:action="add"><Domain>Contoso</Domain><DomainAccount wcm:action="add"><Name>Chris</Name><Group>Administrators</Group></DomainAccount></DomainAccountList></DomainAccounts>            <AdministratorPassword>              <Value>Pa$$w0rd!</Value>              <PlainText>true</PlainText>            </AdministratorPassword>      </UserAccounts>     </component>  </settings>  <settings pass="generalize">    <component name="Microsoft-ServerManager-SvrMgrNc" processorArchitecture="amd64"       publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"      xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">      <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>    </component>    <component name="Microsoft-Windows-OutOfBoxExperience" processorArchitecture="amd64"      publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"      xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">      <DoNotOpenInitialConfigurationTasksAtLogon>true</DoNotOpenInitialConfigurationTasksAtLogon>    </component>  </settings></unattend>

Save this code segment as your unattended file to the library sharing. To access this file, right-click the database server in the VMM Administrator console and select "refresh" to refresh your database server.

After refreshing, you can add unattend. xml to the guest operating system configuration file created earlier. Click answer file to highlight this option, and then click browse in the right pane. Find the XML file and click OK ".

Change servers to Configuration Manager site role servers within 10 minutes

We have seen how to use unattend. xml to effectively deploy a new Windows server from the basic image. Although the number of configuration options is large, few of them play a greater role than the automatic login function provided by WAIK. This feature provides high flexibility, and it implements the entire concept of runtime configuration-only provide the required content as needed.

You can use the <AutoLogon> XML element to set default logon creden。. This element uses LogonCount to determine the frequency of automatic logon, so that "GUIRunOnce event" can be triggered. These settings are stored in the guest operating system configuration file and run synchronously on the server when you log on for the first time.Figure 4Provides some sample use solutions for GUIRunOnce.

Figure 4 GUIRunOnce usage plan

Procedure	Target
Install Server Functions	Your work server may need some Windows functions, such as IIS, cluster, or other functions.
Configuration	To make certain applications run properly, you must modify or add configurations for specific functions.
Deploy applications	Some applications need to install other specific applications, such as SQL server,. NET Framework
Configure the application	Some applications require specific configurations to complete the installation and make the service online.

These are only a small part of the many possibilities. Understanding these possibilities helps to do a good job of basic work, so that administrators do not have to perform any operations, you can change a common Windows server to a Configuration Manager 2007 Site role server such as a distribution point ).

To add automatic logon to the created unattend. xml, You can activate GUIRunOnce without user intervention. insertFigure 5.

Figure 5 add the automatic logon code in the unattend. xml file

Copy code

<settings><component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64"   publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"  xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">      <AutoLogon>            <Password>              <Value>Pa$$w0rd!</Value>              <PlainText>true</PlainText>            </Password>            <Username>administrator</Username>            <LogonCount>1</LogonCount>            <Enabled>true</Enabled>      </AutoLogon></settings>

Next, you need to set the Configuration required to enable the Configuration Manager site system. The first step is to determine the operations required to fully install the specific site system. For example, to successfully create a DP, You need to perform the following tasks:

These tasks should be executed sequentially because each step depends on the successful completion of the previous step.Figure 6Provides simple guidance on how to complete each task.

Figure 6 create a Configuration Manager distribution point

Procedure	Command
Install IIS	ServerMgrCmd-install IIS-allSubFeatures
Install BITS	ServerMgrCmd-install BITS
Install WebDAV	Msiexec-qna webdav. msi
Configure WebDAV	Cmd-c \ server \ share \ scripts \ ConfigureDP. bat
Add the Site Server to the local administrator Group	Net localgroup-add domain \ siteservername $ administrators
Deploy site systems and Roles	Cmd-c \ server \ share \ scripts \ DeployDP. vbs
Deployment package	Cmd-c \ server \ share \ scripts \ DeployPackages. vbs

Figure 6NOTE: For the ConfigureDP. bat, DeployDP. vbs, and DeployPackages. vbs scripts, see my blog article using scripts to dynamically deploy the ConfigMgr site role.

Test the dynamic configuration Environment

After completing the basic work, you should make adjustments, because it is rare that all configurations will work normally for the first time. However, once it works properly, there will be almost no changes in the future.

The next step is to observe the deployment progress and learn how long it takes. It is important to know how much time it takes to complete the deployment until the service is online.

After that, use a Windows PowerShell script or the VMM console to test your deployment. The simplest way is to use the console. However, Windows PowerShell scripts are the hero of dynamic configuration. To test your configuration, perform the following operations:

Your deployment should take about 5 to 15 minutes, depending on the size of the basic image. Then, access the server through the Remote Desktop or in the management console. You can achieve this by selecting a VM in the console, right-clicking and selecting "connect to virtual machine. Check to ensure that the expected configuration is complete.

From static to dynamic

The content described so far is static configuration. Changing to dynamic means that your infrastructure should be able to monitor your application and perform the required operations as needed.

So far, we have learned that you can use VMM to effectively configure the system and role of the Configuration Manager site. The last step is to integrate VMM with System Center Operations Manager 2007 so that your VM can be scaled and shrunk as needed.

The integration of Operations Manager and VMM 2008 provides guidance on integrating Operations Manager 2007 and VMM. Through integration, You can monitor warnings in Operations Manager and use the Windows PowerShell interface of VMM to perform Operations, such as creating a server that provides services to the client.

The following describes how to implement integration for Microsoft's Configuration Manager infrastructure, which provides a blueprint for your environment.

The first step is to ensure that the Operations Manager correctly identifies the server providing the service, such as the distribution point) to locate the target. To simplify this process, we have inserted GUIRunOnce, which adds specific registry entries and values to the server. This ensures that, when the Operations Manager agent is installed, a specific type of role is watermark and can be identified. For example, we put a value named ContosoDP into HKLM \ Software \ Microsoft \ TechNetMag by using a value named ContosoDP and a value of the DWORD type of 0.

The XML code segment of the management package is located in the "example" SCOM management package to dynamically build virtual machines based on physical or virtual machine performance. This code segment is called "DynamicDP". In this example, the creation of a new DP is triggered. For ease of demonstration, we set low connection and sampling values that can be adjusted based on performance characteristics in your environment.

Our DynamicDP System Center Operations Manager management package has a discovery policy that reads the registry keys created for each Configuration Manager DP in production. After the discovery is executed, a rule is created to monitor specific performance counters, such as the number of concurrent connections of IIS Web services. An alarm is generated when the threshold is reached. This alarm changes the status of the VM from "Good" to "serious ". Then we perform the recovery operation.Figure 7.

Figure 7Dynamic Monitoring and configuration process.Click an image to view the larger image)

After that, we used the Operations Manager Console to create our own custom management packages. This management package monitors the number of concurrent IIS connections in DP. If the threshold is reached, the Service will issue an alarm.

Test and verification

To use Microsoft blueprint to test whether all configurations in your environment work as expected, add a connection on Configuration Manager DP to trigger an alarm. You should see that the status has changed from "Good" to "serious ". You can use an HTTP tool such as TinyGet to perform this test. The tool sends requests to the Web server to generate a large number of connections.

The following TinyGet script generates many 60) connections pointing to a large file named test.txt (Kb:

Copy code

time /t >>c:\temp\dplog.txtC:\WINDOWS\system32\windowspowershell\v1.0\powershell.exe -PSConsoleFile "C:\Program Files\Microsoft System Center Virtual Machine Manager 2008 R2\bin\cli.psc1" -command ".\dp_recovery.ps1 -VMMSERVER:localhost -VMNAME:mydynamicVM"

After verifying that the management package is working properly, you can start the build recovery operation. Start with a small recovery operation, such as creating a text file. The management package recovery operation settings must be corrected on the Configuration Manager RMS server integrated with VMM. In Microsoft, we created a directory named "recovery" on the Configuration Manager server, which contains two files: dp_recovery.cmd and dp_recovery.ps1. Below is an example of dp_recovery.cmd, which is integrated with Windows PowerShell script to create a VM:

Copy code

C:\>tinyget5 -h -status:200 -SRV:localhost -uri:/test.txt -x:60 -l:5000 -o 

This recovery command loads the VMM Windows PowerShell console and calls our recovery script.

The last step is to configure Configuration Manager to perform operations correctly when a fault occurs. This step uses the channel, subscription, and notification settings of Configuration Manager so that we can generate the correct action when creating the alarm. I have built an "example" SCOM management package in my blog to dynamically build virtual machines based on physical or virtual machine performance. It provides instructions on how to build correct channel, subscription, and notification settings.

Summary

The tasks for Setting physical servers and virtual servers are similar, but there are also important differences. Investment in preliminary planning and work can save a lot of time for you and your team, because the deployment of servers will become a historical one, allowing you to concentrate on expanding resources to support your services.

In Microsoft, we found a way to quickly and efficiently scale our Configuration Manager Client Services, such as management points, distribution points, and software update points, using the steps listed in this article. Dynamic configuration is a powerful method that allows the system to expand and contract as needed. This allows you and your team to focus on fine-tuning the performance and running status conditions that trigger these operations, reducing the focus on the passive methods currently commonly used in the IT department.

Chris AdamsIs a senior project leader in Microsoft management and services. He specializes in System Center Configuration Manager and System Center Virtual Machine Manager.

Source

Source: TechNet