Browsed by
Month: February 2016

Manage Virtual Machines Using Windows PowerShell Direct

Manage Virtual Machines Using Windows PowerShell Direct

Coming with Windows Server 2016, PowerShell Direct is a new feature which gives you a way to run Windows PowerShell commands in a VM from the host. Windows PowerShell Direct runs between the host and the VM. This means it doesn’t require networking or firewall requirements, and it works regardless of your remote management configuration.

Windows PowerShell Direct works much like remote Windows PowerShell except that you do not need network connectivity. To connect to the VM from a host, use the Enter-PSSession cmdlet.

You will be prompted for credentials and then you can manage the VM from this PSSession. The Invoke-Command cmdlet has been updated to perform similar tasks; for example, you can execute a script from the host against the VM.

To enter into a PowerShell direct session, you must be logged onto the host as a Hyper-V administrator. The VM must be running locally and already booted to the OS.


Delegate Virtual Machine Management in Hyper-V

Delegate Virtual Machine Management in Hyper-V

The most simple and effective method of enabling others to manage Hyper-V and virtual machines is to add them to the Hyper-V Administrators local security group for each of the Hyper-V hosts to which you plan to delegate management. However, this might not be the most secure method because doing so gives the new administrators permissions to change virtual switch and host settings in addition to VMs.

To delegate access to individual VMs, you need to modify the Hyper-V Authorization Manager store. This enables you to create task and role definitions to which you can delegate access. Find below the general steps to modifying the Hyper-V services authorization.

In order to accomplish this, launch an MMC (Microsoft Management Console) session, and add the Authorization Manager to the console.

Then right-click the Authorization Manager, and click Open Authorization Sore. In the window, ensure that XML File is selected and browse to %systemroot%\ProgramData\Microsoft\Windows\Hyper-V\ to select InitialStore.xml.

Expand Authorization Manager, Initial Store, Hyper-V services, Role Assignments. Note that by default, the only role assignment is an Administrator. To create new role assignment, expand Definitions and then right-click Task Definitions. Select New Task Definition.

Name the task definition “VM Operator” for example. And select operations that you would want the custom role to do.

Now that you have created a group of tasks, you can create the role that can use these tasks. For this, right-click Role Definitions, and then select New Role Definition. Name the Role Definition such as VM Operator role, and then click OK. There are now two role definitions.

Next, you can create the Role Assignment, which is what user accounts are linked to for the permissions. Right-click Role Assignments, and click New Role Assignment. Select the VM Operator Role, and then click OK.

Right-click the new role assignment, select Assign Users and Groups, and then click From Windows and Active Directory. Select a user or group that you plan to delegate the permissions to, and then click OK.

Deploying VMware Veeam MP for SCOM

Deploying VMware Veeam MP for SCOM

This article covers the installation of the SCOM Veeam MP for VMware (version 8). If you are not aware, the Veeam Management Pack for System Center provides integration, monitoring, advanced reporting, and detailed topology features for virtualized systems and their hosts, and the associated network and storage fabric. This allows the virtual environment to be integrated into multiple System Center components, including System Center Operations Manager, Orchestrator, Virtual Machine Manager and Service Manager.

At this time, the Veeam MP for VMware solution utilizes the following components but I guess that these prerequisites will handle the new version of SCOM or VMware solutions.

  • SCOM 2012 SP1/SCOM 2012 R2
  • ESXi 4.x, 5.x, 6.0
  • vCenter Server 4.x, 5.x, 6.0

Additionally, the Veeam MP for VMware includes the following components.

  • Veeam VMware Collector (Collector) — gathers topology, event and performance data from VMware systems.
  • Veeam Virtualization Extensions Service (VE Service) — is used for centralized configuration of Veeam VMware Collectors, failover and load balancing control, and license distribution.
  • Veeam Virtualization Extensions UI (Veeam UI) — web-based (IIS) UI for configuration of the VE Service and the managed Collectors.
  • Veeam Management Pack (Veeam MP) — provide rich and flexible capabilities for VMware management, natively integrated with System Center. Advanced monitors, dashboards, and reports are included out-of-box.

For this deployment, we will install the solution based on this architecture.

We will deploy both Extensions UI and Extensions Service on a dedicated Management Server which is also used for SCOM Web Console. Note that Extensions Service component can only be installed on a Management Server.
Then we will deploy multiple collectors to handle the load of connections and workflows. These collectors will either be Management Server or Gateways depending on the existing SCOM infrastructure. To help us on the sizing of the architecture based on our VMware infrastructure, Veeam is providing a calculator through an Excel file.EXCEL CALCULATOR Before deploying the solution, I suggest you dedicate two GWs or MSs for VMware monitoring jobs. If you are using Management Servers, you should remove them from the All Management Servers Resource Pool (cf. previous article). In order to deploy Veeam MP solution in our environment, we will first install the Extensions UI and Extensions Service component by choosing this option on the installer screen.

You would need to provide a license during the installation. You can ask for a trial license directly on Veeam website.

Then, we will be asked to provide a specific user account to run Veeam Virtualization Extension service. And you need that this account is a member of local Administrators group on the server.

Note that this part of the setup will also import Veeam Management Packs in your SCOM environment.

Once setup is finished, it will ask to log off from the server. It will permit to apply Logon as server right to specified service account during installation.

You can then relog to the server and open UI Web console. Note that if you are installing the solution on Windows Server 2012 or above it will create a Metro IE shortcut. I never had any issues with this, so you can use it or choose your own browser as this console can be opened from other location such as your computer.

Besides, you can check that all Veeam Management Packs were successfully imported.

Then, we need to install the collectors. In this article, we will only deploy one collector on a SCOM Management Server. Note that you will need to add the collector’s computer account to the local group Veeam Virtualization Extensions Users (on VE server).

As for Virtualization Extensions service, we need to provide a service account to handle Veeam collector service. Note that this account must be a local administrator.

Finally, you need to fulfill the name and the port of the Veeam Virtualization Extensions Server (depending on what you configured previously).

Once the installation is done, you should see your collector in your web console.

Then, in order to enable monitoring of our VMware infrastructure, we will configure a connection to a VMware vCenter server. Note that the account used for this connection must have the following rights on VMware solution.

When the connection is successful, the console will display some recommendation to handle the load associated with the monitoring of this VMware infrastructure (Hosts, Datastores, VMs, etc.).

Once you finished to install all your collectors and configured your connections, you will need to wait some time (depending on your infrastructure) to retrieve all discovered objects and their health in SCOM console. For example, it took around 8 hours to discover 20 clusters, 100 hosts, 300 datastores and 2500 VMs.

Automatic and Manual Resource Pool Membership in SCOM

Automatic and Manual Resource Pool Membership in SCOM

One of the new features in System Center 2012 – Operations Manager was the Resource Pool. A resource pool is a collection of management servers and/or gateway servers used to distribute work amongst themselves and take over work from a failed member. And by default, there are three resource pools.

  • AD Assignment Resource Pool
  • All Management Servers Resource Pool
  • Notifications Resource Pool

But from experience, Gateways and Management Servers should not be mixed in pools. Besides, in some situations, you will need to modify the membership of SCOM Resource pools and especially the All Management Servers Resource Pool. Most of these situations are listed below.

  • Network Monitoring:
  • UNIX/Linux Monitoring: Management Servers in charge of UNIX/Linux monitoring should be removed from the default pools and added to a custom one.
  • Web Application Availability
  • Veeam MP
  • Custom Workflow

For all of these situations, Management Servers in charge of this monitoring should be removed from the default pools and added to a custom one. But by default, these default pools are in automatic membership and cannot be changed directly from the console as it is in read-only. To accomplish this, you will need to use this PowerShell command.

Then you will be able to add/remove Management Servers and Gateways from your Resource Pool. But if you remove some Management Servers from the All Management Servers Resource Pool, you will need to adjust distribution configuration of the Data Warehouse Account and Data Warehouse Report Deployment Account. Otherwise, these Management Servers will become grayed out and won’t function properly.