The VMkernel port is labeled as vSAN. This port is used for intra-cluster node communication and for read and writes when one of the vSphere hosts in the cluster owns a particular virtual machine, but the actual data blocks making up the virtual machine files are located on a different vSphere host in the cluster. In this case, I/O will need to traverse the network configured between the hosts in the cluster.
In all-flash VSAN, which is where deduplication and compression are supported, data blocks are kept in the cache tier while it is active/hot for optimal performance. As soon as the data is no longer active (cold), it is destaged to the capacity tier. It is during this destaging process that VSAN does the deduplication (and compression) processing.
Deduplication on VSAN uses the SHA-1 hashing algorithm, creating a “fingerprint” for every data block. This hashing algorithm ensures that no two blocks of data result in the same hash, so that all blocks of data are uniquely hashed. When a new block arrives in, it is hashed and then compared to the existing table of hashes.
VSAN uses the LZ4 compression mechanism, and it works on 4KB blocks. If a new block is found to be unique, it also goes through compression. If the LZ4 compression manages to reduce the size of the block to less than or equal to 2KB, then the compressed version of the block is persisted to the capacity tier. If compression cannot reduce the size to less than 2KB, then the full-sized block is persisted. We do it this way (deduplication followed by compression) because if the block already exists, then we don’t have to pay the compression penalty for that block.
To be able to access the Virtual SAN datastore, an ESXi host must be a member of the Virtual SAN cluster.
Selecting Allow Reduced Redundancy, vSAN will be able to reduce the protection level of your VMs, if needed, during operations enabling Deduplication and Compression. This option is only usable if your setup is at the limit of the protection level, configured by the Storage Policy of a Specific VM.
In vSAN 6.5 overhead is [1% x (physical disk capacity) + deduplication metadata] which is highly variable and will depend on the data set stored in the vSAN datastore).
Each ESXi host participating in the Virtual SAN cluster will have a provider, but only one needs to be active to provide vSAN datastore capability information.
Some of the normal vSAN recommendations/checks that are not configured as part of the vSAN cluster wizard include:
vSphere Distributed Resource Scheduler (DRS)
vSphere Distributed Switch for vSAN Traffic
Ensuring all available disks are claimed
Appropriate host controller tools are present
Appropriate host controller firmware
To configure each of these, tasks must be performed in different parts of the vSphere Web Client. Configuration Assist allows these to be done from a single location in the UI. Previously configuring vSAN VMKernel interfaces for vSAN or vMotion traffic required creating these individually on each host or through the vSphere Distributed Switch
wizard.They are now part of Configuration Assist.
SwapThickProvisionDisabled was created to allow the VM swap option to be provisioned as a thin object. If this advanced setting is set to true, the VM swap objects will be thinly provisioned.
The RAID-5 or RAID-6 configuration is determined by the number of failures to tolerate setting. If this is set to 1, the configuration is RAID-5. If this is set to 2, then the configuration is a RAID-6.
Reserved flash capacity cannot be used by other objects.
Force Provisioning: Use this parameter in bootstrapping scenarios and during an outage when standard provisioning is no longer possible.
With launching the latest perpetual licensing, we look forward to availing more flexibility with the pricing. The Vembu BDR Suite which was earlier at the subscription pricing model will now be available at perpetual licensing, thereby helping IT environments fulfill their requirements that would cost less over time.
In the aim of setting firm footprints across the globe by catering one of the most comprehensive backup and disaster recovery solution at an affordable pricing, Vembu unfolds it’s New Service Provider Program that would provide service providers a great scope for huge benefits and discounts with the Vembu BDR Suite v3.8.0.
Ten years back I became VMware Certified Professional 3.0. Then It was Credit Suisse which has organized training for us. Over a period and policy changes, my VCP got expired. I never got intimation because my email was associated with any company I was no longer working.
Lesson Learnt: Always associate a valid email address with your my learn portal. Please note if you are vmware partner and you have mylearn account you should ensure both are synch’ed. Typically userid and email for my learn remains unchanged but when you register as partner you have choice to merge these account. Do it now.
Why VCP Again
In 2017, I choose to re-validate my VCP. I had several choices in front of me, e.g., VCP-DCV, DTM, NV. From these Network Virtualization (NSX) was more appealing for following reasons
Opportunity to learn NSX
The network is my weak link
Eagerness to learn new things Since Desktop and Server virtualization I’m very much familiar.
I will digress a bit here. Last year I focused on VCP-DTM and right in the middle of the road I dropped it. I have prepared for this exam for four months. Never de-focus. A task, A goal taken in hand must be fulfilled. I learned that in a hard way, therefore I did thorough planning for this exam.
Here was my high-level Plan
Except for the first objective, nothing went as per plan. Since 1st Nov was targetted date, I made sure everything was moving in that direction.
One fine, day I came across VMUG post by Chris Mcain here, I thought several days is it worth to spend so much money in re-validate a VCP certification. It was a tough decision.
Lesson Learnt: Don’t let your VCP expiry. A contrary blog post you can read here.
Approach to Learn NSX
One of the chief reason I purchased this package was the flexibility of attending VCP training. One of the hurdles in Attending classroom training is locating the right training slot (date, City) or making free time from your office work. I’m not the fan of online training which is mentor led. As Online training is full of distraction and least useful as there are many spaces between you and the trainer.
That being said the training I attended is nowhere near to pass the exam. I will give my full credits to Elver Sena Sosa as he has written a fantastic book. Without this book, I would never have developed any interest in NSX.
Contrary to claims by many on the efficacy of this book for 2V0-642 exam, I didn’t come across a question where I have to think if this is 6.1 or 6.2 feature.
NB: Book was released in 2016 a time when 6.2 was also released but exam on NSX 6.2 was released much later. In simple words, you will find reference to 6.2 in this book and might get mistaken. Read here for more details
When & Why I bought the VMUG NV Package
When I left VMware in 2015 NSX was a very hot topic in the industry mainly due to Cisco giving undue attention to it. I always considered unless I know which use case NSX is addressing and what are the problems of Networking I will not get bothered. While reading the book my interest in NSX grew a lot.
It is when I choose to buy the NSX package. The link above provides the details about the package. I think it is the most economical way to become VCP again. If you wish to pass the VCP-NV exam, you must read this book. I’ll repeat Training is not sufficient at all. Another exciting feature of this book, you get five practice test. This practice test is the best place to evaluate yourself. I strongly advocate you buy the premium book which includes 5 practice test.
I bought this package on 26th July 2017. In pretty much three months, I was able to cover most of the VCP-NSX. As part of this package, I also got Exam prep access. I would strongly suggest going through this at least once. It will give an idea as to what you need to read individually from lengthy Admin, Installation guide.
In spite of me being VCAP-DCD, VCP3,4 and 5 I still have to give VCA exam. I felt idiotic to give this exam. I just went online (read official certification guide for two days) and cracked it. It is to my perfect waste of time. I have requested VMware Certification to drop this request here. Please vote if you feel the heat.
You must fulfill mentioned below Three criteria to become VCP
Attend training (online/self-paced,classroom) – 1800 USD
Pass VCP-NV exam (Proctor) – 250 USD
Pass VCA exam (non-proctor) – 125 USD
Total = 2175 USD (yes, I read your mind)
Personal Lesson Learnt
It takes the reasonable amount of time to learn new technology. If I take a leave for 30 days and start preparing for it, it would not work for me. Learning new technology is slow & steady process.
There is no need to rush to learn new technologies (you have a life to live, family to take care), irrespective what rate it changes. e.g. Cisco ACI and VMware NSX. No one needs any proof NSX was and is a way ahead in solving Datacenter networking challenges. I meant if the technology is robust it will stay in the market for minimum ten years. Likewise, if K8s is stronger, it will sustain. Another example is of AWS.
A Good Book, A good Mentor, is must to learn new technologies. In the absence of both, you will either skip the technology or lose the interest. A good mentor (Jason Nash) guides you and explains you by giving Analogy while the good book makes you learn a thing as if you are reading a Novel. A another great example of Good Book is vSphere HA book by Duncan Epping and Frank Denneman and Another excellent book by Duncan Epping and Cormac Hoggan. Thanks a lot for these books.
Vembu is a leading software product development that has been focussing on Backup and Disaster Recovery software for data centers over a decade. It’s flagship offering- the BDR Suite of products consists of VMBackup for VMware vSphere and Hyper-V, Disk Image backups for Physical machines, Workstations. Backing up individual files and folders to physical servers and cloud can be performed with Vembu Network Backup and Online Backup respectively.
Moreover, it has multiple flexible deployment like on-site, off-site and to the cloud through single user interface. Another offering of the Vembu BDR Suite is to be able to configure item level backups like Microsoft Exchange Servers, Sharepoint, SQL, My SQL, Office 365, G Suite etc., This latest version of Vembu BDR Suite v3.8.0 has come out with the few notable features in two major offerings- one unlimited features for three virtual machines and the second thing being able to backup unlimited virtual machines with restricted features.
This latest Free edition of Vembu BDR Suite was designed understanding the setbacks by any common IT Administrator. Thence making Vembu an important name in the market for backup vendor for its enterprise level product for SMBs. This free edition is free forever and IT administrators can continue managing their backups with the trial version without any feature restriction. Let’s take a plunge into the detailed features of this Free edition.
Unlimited features for the Limited environment(3 VMs):
Using the Vembu BDR Suite in its trial version does not require purchasing a license. This category of the Free edition offers unlimited features and few of them are listed below:
Agentless VMware backups for multiple VMs: Configuring backups for protecting multiple VMs without physically installing any agent.
Disk Image Backups from BDR Server: Disk Image Backups can now be configured and managed via Vembu BDR Server. Relying on proxy agents is no longer required, unless it’s a distributed deployment which require individual proxy agent installation.
Full VM Backup: Will backup the entire VM including OS, applications and the data.
Storage Pooling: Storage Pools are used to aggregate the space available from different volumes and utilise them as a storage for specific backups. The hybrid volume manager of Vembu BDR Server supports scalable and extendable backup storage for different storage media such as Local drives, NAS(NFS and CIFS) and SAN(iSCSI and FC). Vembu BDR provides storage pooling option for both backup level and group level.
LAN free data transfer using SAN and Hot- Add modes:Vembu VM backup support Direct SAN, Hot-Add and network transport mode to backup the VM data.
Auto Authorization: Enabling Auto authorization in Vembu BDR allows proxy agents to get registered to backup server using unique registration key generated by respective BDR server.
Automatic Backup Scheduling: Backups can be automatically scheduled as per the user’s flexibility
Encryption Settings: Users can now provide additional security to their disk based backup jobs by assigning custom-password to backup server, such that all their backup data will be encrypted and can be restored/accessed only by providing the custom-password.
FLR from GUI (Backup & Replication): File Level Recovery(FLR) is now available for both backup and replication jobs where user can choose specific files and folders from VMware/Hyper-V/Disk Image backups and VMware replication, to be restored in a quick fashion.
All the above major features are included in this free edition for 3 virtual machines.
Let’s get to know those restricted features for unlimited virtual machines.
Restricted Features for unlimited virtual machines:
All the features mentioned above for limited business environment will be applicable for these categories with few restrictions in the features. They are:
Application-aware processing: Configuring them for a Hyper-V environment is restricted but that does not hold good with VMware vSphere Esxi(s).
Changed Block Tracking: Only the incremental blocks which are changed since the previous backup will been tracked and backed up in the successive backup schedule thereby reducing disk space and time
Retention Policies: User can retain any number of recovery points of his own choice. They come to great use when it comes to store the backup data.
Near CDP: Incremental backup can be scheduled every 15 mins to ensure the RPO < than 15 mins
Quick VM recovery to ESXi: Incremental backup can be scheduled every 15 mins to ensure the RPO < than 15 mins.
Automated Backup verification: Verify the recoverability of the backed up images and screenshot of the booted Image backup will be mailed
Backup and recovery holds good for both physical and virtual environments and makes granular recovery possible with great ease.You will able to scale out your storage, secure your individual backup jobs with in-built deduplication, encryption and compression that makes its own file system called, the VembuHIVE.
This latest Free edition thus becomes one of the most business-friendly and a complete backup solution. That being said, It can be suitable for both testing and production environments! Their out-of-the box policy- backup for all was hailed even at the recent VMworld event, Las Vegas.
Well, there is nothing left to ponder now. It’s time to make the right decision. It could be done right away with getting started with their Free edition of Vembu BDR Suite on a 30 days free trial. Click here.
It’s been while Vembu BDR version 3.8 was released. Due to other commitments, I could not cover the release. I have divided this blog into two sections. New features and Enhanced features. This version is focused on reducing management overhead and increasing efficiency of backup operation.
New Features in Vembu BDR 3.8 Release
Real Storage Pooling
Storage Pools are used to aggregate the space available from different volumes and utilize them as a storage for specific backups. The hybrid volume manager of Vembu BDR Server supports scalable and extendable backup storage for various storage media such as Local drives, NAS(NFS and CIFS) and SAN(iSCSI and FC). Vembu BDR provides storage pooling option for both backup level and group level.
Decreases management overhead as you have now single console to manage all backup storage.
Encryption of backup Jobs
Users can now provide additional security to their disk based backup jobs by assigning custom-password to the backup server, such that all their backup data will be encrypted and can be restored/accessed only by providing the custom-password.
Protection Against Ransomware is the Need of the time. Vembu backup is encrypted by default using their proprietary algorithm. With Backup Job encryption additional security layer is added to protect against Ransomware attack
Reduced Bandwidth Utilization for Initial Seeding
Storing the copy of backup data for DR requirements is now an easy task to be accomplished by seed loading backup server data to the desired offsite data center. This saves loads of time and bandwidth from being consumed.
Optimize bandwidth utilization and reduce replication window. Earlier the two sites sync, better is the chance of declaring data is protected on the DR site
FLR from GUI (Backup & Replication)
File Level Recovery(FLR) is now available for both backup and replication jobs where the user can choose specific files and folders from VMware/Hyper-V/Disk Image backups and VMware replication, to be restored quickly.
Gives the end user privileges to restore data be it replicated or backed up data. This feature reduces the service request logged by the end user to restore data. It improves IT Backup service
Reduced Installation Time
Users will now get the client agents installer as .msi format also.The installer will check for the following packages based on the OS types (32 bit or 64 bit), and it will install the following (if not installed previously),
Visual C++2008 redistributable packages x86
Visual C++ 2008 redistributable packages x64
Visual C++ 2013 redistributable packages x64
Visual C++ 2015 redistributable packages x86
This is my favorite addition to the product. I like the installation packages checked and installed without separately downloading the product and restart the installation process. Installation becomes more integrated, streamlined and reduce overall time to install the product
Enhancements in v3.8
Enhancements touch those features of the product which were either present but not used due to various clicks or which were improved to make a product more efficient. Primarily enhancements find their way into the product via customer feedback, Support teams feedback. In short, the focus is partly towards reduced troubleshooting time.
Ease of Restore Disk Management Mount(Hyper-V)
This option lets you instantly attach backup data to disk management as a VHD/VHDX file and proceed with the restore process. The VHD/VHDX file is created by virtually mounting the backup data on the Vembu virtual drive. Users can access backup data via disks attached to disk management.
Once done with the requirement, unmount backup data. This will resume the backup job so that incremental will run as scheduled.
It becomes far easier for Backup operation team to restore and explore data if end user is unaware of the location of the data
Disk level download option for VMware & Hyper-V plugins
Users can download backup data in multiple disk file formats such as VHD, VMDK, VHDX, VMDK-Flat and RAW.
Similarly, if the user needs to download individual disks in a virtual machine, he can perform disk level download by selecting the disks.
From a group of virtual machines in a host backup, multiple disks can be downloaded with same disk file format.
Virtual Machines that are present in the host will be listed in alphabetical order based on the ASCII table values, thereby making it simpler for the user to search and configure the backup. In the Review Configuration page, the Virtual machines that are chosen for backup are listed in the selected order.
Note: Virtual Machines will be listed in the following hierarchical order <special characters>, <numeric characters>, <Uppercase letters>, <lowercase letters>.
Search option for VMs in backup config page & restore list page
This option allows the user to search the Virtual machines that are available on the ESXi host. Also, the user can search VMs/ host/cluster from a vCenter server. By specifying the required VM name in the search option, you can select the VMs that are to be backed up from an ESXi host/vCenter Server.
Both the features aimed at making Backup operation simple, faster and easier. Initially, it was bit of a task to find a VM, the search eliminates scrolling task and aids in location VM quickly in Vembu Backup console
VM level reports in OffsiteDR Server
This page lists all replicated jobs configured from backup server to the offsite server where you can see a report option alongside every replicated job
New menu for consolidated VM level report in BackupServer & OffsiteDR
VM level report gives the user the centralized report page of all VMs that are configured for backup. It allows users to view the detailed backup reports of virtual machines configured from both ESXi or Hyper-V Host.
Reporting of backup job has multifaceted effects. First and foremost it helps management learn how much data is backed up and what is getting backed up. Secondly, it helps in categorizing VM per Business Units/Tenants. With this feature, an additional filtering option will allow to distinguished what is being backed and on which hypervisor. I feel this feature can be further integrated into your costing model
Enable or Disable retention for VMBackup / ImageBackup
User can enable or disable retention policy for the backups based on their requirements.
Disabling retention allows user to maintain all the backups without any merging of the incremental timestamps. This option is used when the backup size is low.
Admin\Read Only Access privileges at both Backup Server and Group Level which make Role Based Access control manageable
Email Settings in Backup Agents
Email Report for OffsiteDR
Backup Verification Email Report (Backup Server & OffsiteDR)
In the previous post, we covered basic implementation of Nano Server along with IIS Package. As the goal of our blog is to configure Website to host vSphere Update Manager repository in the Airgapped zone, we need to start focusing in that direction.
Now we have to start doing some initial work. If you refer to Vmware Installation and configuration guide, you have to add MIME types. For the beginners, we have added MIME types at IIS level and not per website. In the PowerShell script below, I have added MIME Types
Before we begin, let me open a remote session on Nano server
After the remote session is opened, paste following lines in the console which will be a session on Nano Server.
Even though it is not a requirement but the above script is enabling directory browsing at IIS level.
I have to enable it to show site is working. It is worth noting that you can enable directory browsing per site level.
Probably I have not found a way to enable it per site level. I suggest you try to get some help on it. In production, it is strongly discouraged to enable directory browsing. Another point I would like you to note is to import IIS Administration module. These are the only module loaded in Nano. While doing some online search, you might come across Web Administration module which unfortunately is not available. In the above script Line, 8,9 and 13 are adding the MIME types to the website whereas Line 16,17 and 18 are optional but advisable as they assure you that changes we have made are incorporated. Finally, don’t forget to exit the session. I keep forgetting this step and keep wondering why some cmdlets are not working.
Next section is a bit involved and needs some concentration. To make it simple, I will break my codes into several lines. First, my aim is to get signed certificate from My Internal CA. As you might be aware, you need Certificate Signing Request (CSR) generated. In GUI world CSR creation on IIS is way too simple, but in non-GUI, you will need to know how it can be achieved using the command line. My knowledge on vSphere certificates helped me a lot.
To create CSR, you have to create INF file manually. Below is how it looks.
Subject="CN=kzare.contoso.com";replace with the FQDN of the DC
If you’re planning to use my script, just change the Subject i.e. line 4 to reflect you FQDN name of the site and save with filename. This filename should be taken into account in $inifile. My site is kzare.contoso.com. For testing, you must also create a DNS record.
INF file is CSR request but in RAW format. To truly generate a CSR in the below script, you just have to type the following command stated in line:09. Line 1 -7 are the variables I have declared.
Line 9 will create a file kzare_certreq.req. Please ensure you execute this command from c:\kzare which is a working directory. Since we have a CSR, the most logically next step is to get it signed by CA. Below lines are doing that exactly
syd-dc is my CA host name, and contoso–syd-dc-ca is my CA name
The first line signs the certificate while the second line imports the certificate in default certificate store which is Personal store on my working server.
Now that certificate has got installed on the working server; we must export this certificate to Nano Server. As a first step, I have to export the certificate in PFX format which must have a password. Without the password, the private key will not get transferred to the file. All the variables I have declared at the start of the script, please to complete script at the end of this post. At the close of this script, we export the certificate along with private key in pfx format
# Step03 Following commands exports the certificates
N.B.: Right now don’t read into variables. It will be clear when you read the entire script which I have pasted below.
I have learned that you cannot open an interactive session via a line in a script and start to execute the command via script line. But instead, you must open a session, capture that in a variable and then execute the block of the script against the session. So line 1 is opening the remote session, catching it in $NanoSession and from line 2 – 19 it is the script block I’m executing in the Nano Server
You might be wondering why I’m declaring variable there again (line 4-6)? Well, the reason is, it is an entirely different session, a session which is unaware of the variables.
Line:9 I’m importing the certificate in the personal store of Nano Server.
Line:12 You must import IIS module. Without which all the subsequent commands will crash.
Line:13 I’m creating a site with default binding on port:80
Line:14 I’m capturing certificate stored in my personal store to retrieve thumbprint.
Line:15 I’m storing the thumbprint in the $thumprint variable
Line:16 I get all information from IIS Manager
Line:17 I’m filtering against the site name and adding SSL certificate
Line:18 Finally, You must commit changes
That is all for the blog post.
IIS Management tool is not available. Therefore you must use PowerShell to create and manage websites in IIS
Nano Server footprint in the enterprise is subject to the availability of a very high skilled PowerShell administrators. Nothing to scare of, PowerShell is very easy to learn, the more you find, the more you start enjoying.
You can create and manage sites on Nano server, but further delving is expected.
I was able to achieve the business requirement of optimize VM footprint and limiting the Server cost. You can add value to the organization by optimizing deployment and management cost
Below is the full script
Create IIS Site on WebServer configured on Nano
#Step01 - Create directory on working server
#Create a working directory
#New-Item -ItemType directory -Path $phypath
# Step02 create .inf file outside of this script. After .ini file is created, copy it in $phypath
# Step02a -Submit certificate for signing and import signed certificate
In case you loose data due to any reason you have to recover it from backup. Fortunately, you have more than one way to restore data and bring service back up into Production. In this post, we will discuss how to restore VM using one of the methods available.
In the previous post, I have performed the backup of FileServer. I’ll use FileServer to demonstrate how to restore Virtual Machine. I can restore fileserver in various ways. Although I’m describing you single VM restoration procedure, however, you can restore multiple VMs simultaneously. It is noteworthy to understand that you can restore VMs in following four ways
Instant VM Recovery –While VM is booted directly from the backup file on the Backup server, but you must remember to install Hyper-V role on the backup server. In the restore time, RTO is reduced to minute rather minutes it might take to uncompressed Backup data and restore it directly to Hyper-V server.
Live Recovery to Hyper-V server – I will cover this restore option in this post.
File Level Recovery (You must install agent on the file server)
In live recovery option, a Full VM is restored from the Backup server to the Hyper-V. VM is automatically registered with the Hyper-V manager. To clarify here, after the restore operation is finished, VM must be connected to VirtualSwitch and powered ON manually. To put it differently, VM is restored but not attached to the network neither is turned on automatically.
Live Recovery takes more time than Instant VM Recovery, but the most compelling reason to restore by using this method is to warranty production storage performance rather than backup storage performance.
In this section, I wish to restore FileServer from the backup. I have chosen the alternate location to restore the VM and manually powered ON the VM on the Hyper-V host. Firstly, open the browser and enter the VBDR default URL https://backupserver:6061, then select the Recovery Tab, lastly choose the Backup Job name to restore the VM by clicking on the restore button. From the following four choices, I chose Live Recovery to Hyper-V server
I have to decide the restore version. The most recent backup version, In particular, i.e. 9th Dec 2300 is an incremental backup. To repeat here, Vembu only performs Incremental Forward backup which I discussed in the previous post, a process which will complete restore from full backup and apply all incremental from the time you selected till the full backup date. In the next screen i.e. screen “Choose the restore data” I have the only fileserver listed.
In Restore Options I have to provide the UNC path to download the image file. The image file format is VHDX. I have entered my admin credentials in addition to that below I have sized the RAM. Finally, before proceeding further, I reviewed the details. When I press next button, Behind the scene UNC path is verified.
At this stage, most of the necessary recovery steps are finalized. In below screen, you review the details one final time and press Yes to confirm the restoration.
I could observe the restore progress details in the following screen noted below.
After restoration process is completed, I went back to restore screen report to see the VM name restore along with its status.
I opened my Hyper-V manager to validate the restore VM name is matching with fileserve_10DEC2016_19_36_41 reported in the below screen.
Before I power on the VM, I verified the network connectivity. VM was not connected to any network.
Furthermore, I checked the VM Generation, CPU Memory, and Harddisk. VM Generation was right, but Dynamic Memory was disabled. By default, Dynamic memory settings will not be restored in the current version of Vembu BCDR suite but in the future release, it will be incorporated.
Restoring VM is as easy, simple four step procedure. VM gets restored, but you must select the network, Memory before powering on the VM. Taking into consideration, the price point Vembu is offering these features are the true reflection of value for money.
I believe the best method to learn any technology is to teach someone or implement it. I prefer to deploy and try out for myself. Having said that I’m open to teaching if required. I have recently started exploring the feasibility of using Windows Server 2016 Nano for the Production environment. There are at least four use cases for Windows Nano one of them is using Windows IIS Server which I will describe here. Given that I know I have IIS role available on Nano I was examining to put this in right learning form. The closest and easiest I could think of Web Server is required for vSphere Update Manager (VUM) when it is configured in Air-Gapped mode.
So let’s get rolling so that we can take a look at it.
Here is the list of things we need to Build an Air Gapped VUM
Web Server in DMZ
Operating System for Web Server
Storage space for Update Repository
Optional but Strongly recommended to have Certificate Authority configured.
Installing Nano Server with IIS Package
Nano server can be deployed using two methods. The First method which is very popular is PowerShell and second method know to few is the GUI based. I’ll cover here PowerShell approach while GUI based approach is covered here
So what we need to achieve our goal. [Pre-requisites]
I will cover it in two part. In part01 I will cover how to Package, Install and Configure Nano server. In part02 I will cover how to set up IIS server.
As a first step, you must import Nano Server PowerShell package. Where is this package? Well, it is in Windows 2016 ISO. Double click ISO. It will automatically mount. Open Powershell ISE (Elevated Prompt) and run following command to import NanoServerImageGenerator Module
To confirm whether the NanoServerImageGenerator Module is imported, type the following command. Yes ! Only three commands and 99% of the time you will use only one command.
Now before you start the process of creating the image, you might need to find the package name. To find package name, you must install package provider.
Now before start the process of creating image you might need to find the package name. To find package name you must import package provider. Install-PackageProvider -name nanoserverpackage
If the above installation is successful, then you should be able to find the following command
and the output of the command will be exactly as below
Create Nano Server Image
Once our pre-requisites are ready, then we can start building Nano Image. As mentioned above, you need either Windows 10 or Windows Server 2016 to create this image and working directory. I have used Windows Server 2016.
Now let’s begin the process of creating Nano Image. I’ll be building Virtual Image. Assuming you are still in Powershell session, type the following command. Below screen capture is from Powershell and not from PowerShell ISE. I’m not aware how to create multiple lines of codes in Powershell ISE. After pressing Enter on the preceding command, you will be prompted for the Administrator password. Supply the password to begin image building process.
I have tabulated the parameter of the command below and provided explanation against each.
Standard or Enterprise a decision If you will use Hyper-V
Guest or Host. Guest is for Virtual Machine and Host is for Hyper-V. If you are going to host Hyper-V role on it, then the role is Host
The package you wish to deploy. To find out the package available, please refer to screen capture with Title ‘Find-NanoServerPackage’ above. In my case, I have to select IIS Package
You will typically deploy Server with Static IP. For IP Address, Subnet Mark, Gateway and DNS Server
Enable Remote Management. This port is a must.
Name of the server. This name is the Guest OS name
Path to ISO. It is the path of ISO image
Path where to create Image i.e. VHDX file which will be our working directory
Name of the Network Card. In all cases it is Ethernet.
There are other parameters which I have not used here as it is not required.
Now our image is ready to be deployed, So let’s deploy it. Before you do that copy .vhdx file into Hyper-V working directory.
I’m using Hyper-V manager. Detailed eight steps procedure is captured in the screen capture below.
A point to note is in Step:04 you must select Generation:02 as we have selected VHDX extension while creating NanoServer Image.
After you press Finish, Nano VM is created, and it is ready to be powered on. Why not power it on then? Power on the Virtual Machine. VM will be powered on immediately, but it will take few seconds to join to the domain and Install IIS Package. After that few seconds gap, you will be looking at the console of brand new Nano Server
There is no practical need to login to this console as we have already configured IP Address, DNS and domain join. In the below screen I have logged in using contoso.com credentials. This screen is referred as Nano Server Recovery Console. The recovery console screen is to reset Networking configuration.
As we are here, let’s take a look at our available options.
I always like to enable Ping on all Windows Server leaving firewall enabled. Click on Inbound firewall rules, press Enter scroll down till you see ICMP IPv4 shown below. Press enter to modify the rule by press F4 which will toggle Enable or Disable. It is the only rule you can change in this console. You might think, hey! Wait I can achieve similar thing from GroupPolicy. But GroupPolicy is not supported on Nano
Though I have shown how to achieve it here, it is not the requirement.
Manage Nano Server using Server Manager
Open Server Manager from our working server and follow the steps mentioned or the screen capture for the steps
Click on All Servers
Right click and Add Server
Select Find Now and choose the NanoIIS03 from the list
Move the compute
If Firewall ports are opened, the Online status will be immediately visible.
Before We conclude this post, let me walk you through the basic configuration you might have to do on the nano server.
Set Time Zone on Nano Server
Time Zone must be changed to match to your region. It is critical to check if the time of the server is matching. If the time difference is more than 5 minutes Domain, Join will fail.
Remote into nano Server using our familiar command
Enter-PSSession -ComputerName $VMName
Set-TimeZone-Name"Arabian Standard Time"
Increase the Disk Size on Nano Server
Right click on Nano server, then select settings
Find the Hard Drive and press Edit as shown below
Provide the new size. Note I have skipped few unimportant screens. In below example, I have increased the size from 4 GB to 10 GB
Enter New Size to Expand DiskPress finish which will increase the disk size. This action will increase the disk size but not at the disk level. To the extent the C:\ you need to get disk and partition details in a variable and then use max size method to increase it.
Get Partition command will give details of Partition available on Nano Server. I’m assuming you still have the remote session on nano server.
Select the right partition. In my case, it is Disk 0 and Partition 4. Capture output of this command in variable $Extvol.