Exam Ref 70-417 Upgrading Your Skills to Windows Server 2012 R2 (2014)
Chapter 3. Configure Hyper-V
If you were to name the one server role that has seen the most changes between Windows Server 2008 R2 and Windows Server 2012, you’d have to say Hyper-V. To begin with, Hyper-V now has its own Windows PowerShell module, so the role is completely manageable at the Windows PowerShell prompt. Beyond this new command-line manageability, there are new improvements in memory configuration, storage, Resource Metering, security, extensibility, and other areas (such as fault tolerance) that aren’t even covered in this domain.
In Windows Server 2012 R2, the changes from the first release of Windows Server 2012 are more incremental but still significant. One highly visible change is that “snapshots” are now called “checkpoints,” so don’t be surprised when you see that word on the exam. Other important new features in Windows Server 2012 R2 Hyper-V include enhanced session mode, which improves the usability of VMs, and generation 2 VMs, which offer improved installation and startup times.
The good news is that none of these new features is particularly difficult to understand, at least at the level they will be tested on for the 70-417 exam. Your studying efforts in this area should therefore pay off well.
Objectives in this chapter:
Objective 3.1: Create and configure virtual machine settings
Objective 3.2: Create and configure virtual machine storage
Objective 3.3: Create and configure virtual networks
Objective 3.1: Create and configure virtual machine settings
Of the features mentioned by Microsoft in the description of this exam objective, three are at least partially new to Windows Server 2012 (Dynamic Memory, Smart Paging, and Resource Metering) and two are new to Windows Server 2012 R2 (generation 2 virtual machines and enhanced session mode). A sixth topic, RemoteFX, was introduced in Windows Server 2008 R2 but has only recently been added to the objectives.
Beyond learning about these six topics, though, you should also know that all new and old settings in Hyper-V can now be configured at the Windows PowerShell prompt. From that perspective, every virtual machine setting is new; any configuration option could be covered on the exam. You should be sure, therefore, to supplement your study of the new features in Windows Server 2012 and Windows Server 2012 R2 Hyper-V with a review of the new cmdlets related to virtual machine (VM) configuration in the Hyper-V module.
This section covers the following topics:
Hyper-V module in Windows PowerShell
Generation 1 and generation 2 virtual machines
Enhanced session mode
Dynamic Memory
Smart Paging
Resource Metering
Non-uniform memory access (NUMA) topology
Hyper-V Module in Windows PowerShell
As you’ve already learned, Windows PowerShell in Windows Server 2012 and Windows Server 2012 R2 includes a new module called Hyper-V that provides a command-line administration interface for almost all VM settings. It’s uncertain how many cmdlets will appear on the 70-417 exam, and there are too many of them (more than 150) to document here.
Instead, you can use Get-Command to review the names of these cmdlets so that you can at least recognize the most important ones. You can sort the output by the cmdlet nouns to make it easier to understand. (The noun portion of a cmdlet represents the object that is configured.)
For example, to see a list of all cmdlets in the module and group them by cmdlet noun, type the following:
Get-Command -Module Hyper-V | Sort Noun,Verb
If you want to see cmdlets that contain the string *VM* (and are likely to relate specifically to VM management and configuration), type the following:
Get-Command *VM* | Sort Noun,Verb
To further filter your results, you can use the wildcard character twice or more, as in the following example:
Get-Command *VM*adapter* | Sort Noun,Verb
You can then use Update-Help and Get-Help, optionally with the –Examples or –Full option, to get the latest documentation about any particular cmdlet that interests you.
Generation 1 and generation 2 virtual machines
Beginning with Windows Server 2012 R2, the New Virtual Machine Wizard now includes a Specify Generation page, shown in Figure 3–1.
FIGURE 3-1 Choosing the generation of a new VM
The concept of a VM generation is new to Windows Server 2012 R2, and you’ll likely see one or more questions about this topic on the 70-417 exam. Generation 1 VMs, as they are now called, are the familiar VMs that have existed in all versions of Hyper-V since it was first introduced. Generation 2 VMs are a new option available only when the host system is running Windows Server 2012 R2.
Here are the changes in generation 2 VMs that you need to understand:
Removal of legacy emulated hardware devices Generation 1 VMs emulate a set of legacy hardware devices, including two IDE controllers, two COM ports, and a floppy disk drive. These emulated devices have been removed from generation 2 VMs. The advantage of removing support for emulated devices is faster boot times (by about 20 percent) and faster installations (by about 50 percent).
Figure 3-2 and Figure 3-3 show the difference in the number of default hardware devices in generation 1 and 2 virtual machines. Each figure displays the complete list of hardware devices in a default VM of each generation.
FIGURE 3-2 Default hardware devices for a generation 1 VM
FIGURE 3-3 Default hardware devices for a generation 2 VM
The generation 2 VM lacks both IDE controllers, COM ports, and the diskette drive.
UEFI vs. BIOS Generation 1 VMs use Basic Input Output System (BIOS) as a firmware interface to initiate the boot process and begin loading the operating system. Generation 2 VMs use Unified Extensible Firmware Interface (UEFI) for the same purpose. The main advantage of UEFI is that it allows Secure Boot, an option that you can enable on the Firmware page of a VM’s settings, as shown in Figure 3-4. Secure Boot ensures that no malicious code is installed beneath the operating system and that the UEFI has not been altered from an approved version.
FIGURE 3-4 Enabling Secure Boot on a generation 2 VM
SCSI boot In generation 1 VMs, you can boot from IDE devices only. In generation 2 VMs, there are no IDE controllers, and you can boot from SCSI devices, including ISO files.
PXE boot-compatible network adapters In generation 1 VMs, only legacy network adapters are PXE-boot compatible. In generation 2 VMs, there are no more legacy network adapters, and normal network adapters are PXE-boot compatible.
Limited operating system support Generation 2 VMs support only the following guest operating systems:
Windows 8 (64-bit)
Windows Server 2012
Windows 8.1 (64-bit)
Windows Server 2012 R2
No RemoteFX support Generation 2 VMs do not support RemoteFX.
No Physical CD/DVD support Generation 2 VMs do not support physical CDs or DVDs. You must use ISO files instead.
No VHD support Generation 2 VMs do not support VHD files. You must use VHDX files. (The VM’s operating system must also be installed originally on a VHDX file, not on a VHDX that has been converted from VHD.)
No virtual floppy disk support Generation 2 VMs do not support VFD files.
Exam Tip
To perform a network boot on a VM from a PXE-compatible adapter, select BIOS in a generation 1 VM’s settings, and Firmware in a generation 2 VM’s settings. Then adjust the Startup Order (for BIOS) or the Boot Order (for Firmware) so that the desired adapter is listed at the top.
Enhanced session mode
Enhanced session mode is a new feature in Windows Server 2012 R2 that improves the connectivity between a guest operating system and the host operating system. In short, enhanced session mode provides the VM connection window with most of the benefits of a Remote Desktop connection window, including the ability to copy and paste between the host operating system desktop and the guest VM.
Enhanced session mode isn’t enabled by default, and it’s available only when the guest is running Windows 8.1 or Windows Server 2012 R2. To enable enhanced session mode, you have to enable two options in Hyper-V Settings of the host computer: First, as shown in Figure 3-5, navigate to Enhanced Session Mode Policy in the Server menu on the left and then select Allow Enhanced Session Mode in the right pane. Second, as shown in Figure 3-6, navigate to Enhanced Session Mode in the User menu on the left and then select Use Enhanced Session Mode.
FIGURE 3-5 Step one in enabling enhanced session mode
FIGURE 3-6 Step two in enabling enhanced session mode
After you enable these two options, your next VM connection to a Hyper-V guest running Windows 8.1 or Windows Server 2012 R2 will open the window shown in Figure 3-7.
FIGURE 3-7 Enhanced session mode options
Clicking the down arrow next to Show Options reveals a Local Resources tab, which is similar to the tab of the same name available in a Remote Desktop Connection window. By default, remote audio on the VM is configured to be played on the host operating system, and the local printers and Clipboard data are shared through the VM connection. (The Clipboard allows copying and pasting between the host and guest machines.) Smart card readers in the host operating system are also redirected to the VM by default.
You can also use the Local Resources tab to configure the following resources in the VM connection window:
Drives Makes local drives on the host operating system available from within the VM. Drives can be selected individually
Other Supported Plug and Play (PnP) Devices Redirects PnP devices on the host, such as USB drives to the VM
Dynamic Memory
Dynamic Memory was introduced in Windows Server 2008 R2 Service Pack 1. Just one new configuration setting (Minimum RAM) has been added in Windows Server 2012 and Windows Server 2012 R2, but you should be prepared to be tested on any or all of the feature’s settings on the 70-417 exam.
If you haven’t had the chance to learn about this feature, remember the following point: Dynamic Memory pools the available RAM on a Hyper-V host for all running VMs for which Dynamic Memory is enabled. Using this pool, Dynamic Memory automatically modifies on the fly the amount of RAM assigned to each running VM as the need increases or decreases. The biggest benefit of Dynamic Memory is that it allows you to use your RAM resources in a highly efficient manner, dramatically increasing the number of VMs you can run on that Hyper-V host. (Marketing materials talk about the benefit Dynamic Memory offers in “improving consolidation ratios” on your virtualization servers. It’s good to know that phrase because you might find it on the exam.)
The second most important concept you need to remember about Dynamic Memory is that starting a VM often requires more memory than does running the VM after it starts, and dynamic RAM assignment in Windows Server 2012 naturally mirrors these changing needs. If, for example, you have 6 GB of RAM on a server and try to start 10 VMs at once, you might get an error message regardless of whether Dynamic Memory is enabled. However, only if Dynamic Memory is enabled might you be able to get them all up and running if you start them one at a time. The prototypical example that illustrates low memory usage after startup is with virtual desktop infrastructure (VDI), where you might have a pool of unused virtual machines available in case several people happen to need a desktop all at once. (If you see a scenario on the exam about VDI and desktop pools, expect Dynamic Memory to play a part in the solution somehow.)
Now let’s take a look at Dynamic Memory settings. They appear where you’d expect, which is in the Memory section of a VM’s settings in Hyper-V Manager, as shown in Figure 3-8. You also can enable and configure Dynamic Memory with Windows PowerShell by using the Set-VM cmdlet, which can be used to configure the various properties of a VM. Note that you can enable or disable Dynamic Memory only when the VM is in a stopped state. (Dynamic Memory does not mean you can manually adjust RAM settings while a VM is running.)
FIGURE 3-8 Configuring Dynamic Memory settings
The settings here affect how memory is assigned dynamically. You need to understand the implications of these settings on behavior and performance.
Startup RAM This value existed before Windows Server 2012, but it used to have a slightly different meaning. Before Windows Server 2012, the Startup RAM was both the amount of RAM used at startup and the minimum amount of RAM ever assigned to the VM.
In Windows Server 2012 and Windows Server 2012 R2, the Startup RAM setting is now only the amount of RAM assigned at startup and is no longer the minimum RAM. If a running VM uses less RAM after startup, some of that RAM can now be reclaimed by other running VMs.
Here is another important point to remember about Startup RAM: The more RAM you assign to a VM when it starts up, the faster it will be able to start up (of course). But don’t forget the flip side: If you set this level too high, you might temporarily (during startup) deprive other VMs of the RAM they need to perform at an acceptable level.
Minimum RAM This is the only new setting that has been added in Windows Server 2012 and Windows Server 2012 R2, so make sure you understand it. If you have enabled Dynamic Memory on a VM running on a Windows Server 2012 or Windows Server 2012 R2 host, by default this value is the same as the Startup RAM value. However, you can lower Minimum RAM to allow the amount of RAM allocated to the VM to decrease after startup.
Why would you want to manually lower the Minimum RAM level? One reason is that by allowing unused physical memory of a running VM to be reclaimed, you can make sure that physical memory is available to other VMs that might need it. On the other hand, by keeping the value higher, you can ensure that enough is available to the same VM when it restarts.
Maximum RAM This is the maximum amount of memory that can ever be dynamically assigned to the VM. There’s always a balancing act here. If you don’t set this value high enough, the VM’s performance could suffer. However, for a RAM-intensive workload, setting this value too high could deprive other VMs of needed RAM.
Memory Buffer This is the preferred amount of extra RAM (defined as a percentage) that is assigned to the system beyond what is determined to be needed to run the active workload at any given point. The default is set at 20 percent. You don’t normally have to change this setting, but if memory usage spikes intermittently on a VM, you might want to increase this percentage to help ensure that enough RAM is available when needed.
Memory Weight This parameter determines how available memory on the host is allocated among the different VMs running on the host. If you want to prioritize the performance and memory allocation of a given VM relative to other VMs, you would raise the memory weight setting on that VM.
To review and configure Dynamic Memory settings in Windows PowerShell, use Get-VMMemory and Set-VMMemory.
Smart Paging
What if, with Dynamic Memory enabled, you have just enough RAM to start your VMs but not enough to restart a particular VM once they are all up and running? Maybe, for example, you used the last 256 MB of available RAM to start a VM running Microsoft Windows XP, and now you can’t restart a VM running Windows 8, which requires 512 MB of RAM to start. To prevent this kind of scenario from happening, Hyper-V in Windows Server 2012 and Windows Server 2012 R2 introduces a new feature called Smart Paging. Smart Paging allows a VM that’s being restarted to use disk resources temporarily on the host as a source for any additional memory needed to restart a VM. Then, once the VM has started successfully and its memory requirements decrease, Smart Paging releases the disk resources. The downside of Smart Paging, as you probably have guessed, is that performance is compromised. VMs restart, but slowly, with Smart Paging.
To minimize the performance impact of Smart Paging, Hyper-V uses it only when all of the following are true:
The VM is being restarted.
There is no available physical memory.
No memory can be reclaimed from other VMs running on the host.
Smart Paging is not used in the following cases:
A VM is being started from an “off state” (instead of a restart).
Oversubscribing memory for a running VM is required.
A VM is failing over in Hyper-V clusters.
Smart Paging is a new feature that is specifically mentioned in the objectives for the 70-417 exam, so don’t be surprised if it appears as an important element in a test question. With this in mind, be aware that the only configuration option for Smart Paging relates to the storage location for the Smart Paging file. Why would the location of the Smart Paging file ever matter in a test question? Well, if the disk on which the Smart Paging file is stored nears its capacity, there might not be enough disk space to allow a VM to restart. If this happens, the way to solve the problem would be to move the Smart Paging file to a disk with more space. (That’s assuming you can’t add more RAM to the host server, of course.)
Exam Tip
If you create a checkpoint (formerly called a snapshot) of a live VM, the checkpoint will save the running memory. If you create a checkpoint of a stopped VM, no data in RAM needs to be saved. Therefore, if you want to reduce the size of your checkpoint file, shut down the VM before creating the checkpoint.
Resource Metering
Resource Metering is a new feature of Windows Server 2012 and Windows Server 2012 R2 that is designed to make it easy to build tools that measure VM usage of CPU, memory, disk space, and network. This feature was primarily designed for hosting VMs for a customer. In such a scenario, you need to know how much of your computing resources are used so that you can charge the customer accordingly.
You can use Resource Metering in Windows Server 2012 and Windows Server 2012 R2 to collect and report on historical resource usage of the following seven metrics:
Average CPU usage by a VM
Average physical memory usage by a VM
Minimum physical memory usage by a VM
Maximum physical memory usage by a VM
Maximum amount of disk space allocated to a VM
Total incoming network traffic for a virtual network adapter
Total outgoing network traffic for a virtual network adapter
You can view this functionality in Windows PowerShell even though it is intended to be used primarily with additional tools.
To enable Resource Metering on a VM, use the Enable-VMResourceMetering cmdlet on the host server. For example, to enable Resource Metering on a VM named VSrv1, type the following at a Windows PowerShell prompt:
Enable-VMResourceMetering -VMName VSrv1
At this point, the Resource Metering counters start running. To view all Resource Metering statistics on the VM since you ran the last command, use the Measure-VM cmdlet. For example, type the following to display the Resource Metering data on VSrv1 for all seven metrics:
Measure-VM -VMName VSrv1
Alternatively, you could save the usage statistics into a report with this command:
$UtilizationReport = Get-VM VSrv1 | Measure-VM
You could then the display the contents of the report at a later time with the following command:
Write-Output $UtilizationReport
To reset the counters to start counting usage again from zero, you use the following command:
Reset-VMResourceMetering -VMName VSrv1
To stop the counters from running on VSrv1, type the following:
Disable-VMResourceMetering -VMName VSrv1
These metrics can be collected even when the VMs are moved between hosts using live migration or when their storage is moved using storage migration.
For the 70-417 exam, what’s most important to remember about Resource Metering is that it allows you to measure CPU, memory, disk, and network usage on a particular VM. You should also know the general steps required to configure Resource Metering, but you won’t have to know the specific syntax used in Windows PowerShell cmdlets.
If you want to measure Internet traffic as opposed to network traffic in general, you can use network metering port access control lists (ACLs), which are described later in this chapter.
Exam Tip
Remember that Resource Metering doesn’t let you measure current resource usage. You can, however, use Task Manager to view current CPU and memory usage for individual VMs. To do so, open a Virtual Machine Connection to each VM, and then view the Processes tab in Task Manager. Each VM will appear as a separate instance of Virtual Machine Connection along with the current CPU and memory usage for that VM.
You can also use counters in Performance Monitor on the host server to track VM resource usage over time. For example, to measure CPU usage in one or more particular VMs, use the Hyper-V Hypervisor Virtual Processor counter set. To measure Dynamic RAM usage in on or more particular VMs, use the Hyper-V Dynamic Memory VM counter set.
More Info
For an overview of Resource Metering in Windows Server 2012, see the topic “Hyper-V Resource Metering Overview” in the TechNet Library at http://technet.microsoft.com/en-us/library/hh831661.aspx. Also search for the specific Windows PowerShell cmdlets onhttp://technet.microsoft.com.
Non-uniform memory access (NUMA)
Non-uniform memory access (NUMA) is a new configuration node beneath the Processor node in a VM’s settings. NUMA is a technology that improves system scalability by optimizing memory and memory bus usage in multi-processor systems. In Windows Server 2012 and Windows Server 2012 R2, VMs are NUMA-aware, which means that multi-processor VMs can access memory resources in a more optimal and scalable way. Generally speaking, you don’t need to change the default settings in the NUMA topology configuration area because they are automatically configured correctly based on the host server’s hardware. On rare occasions, however, it might be necessary to modify these settings if you have moved a VM between two physical hosts with different NUMA topologies. Configuring these settings is beyond the scope of the 70-417 exam, but you should know that the Use Hardware Topology button resets NUMA settings to the default settings.
Exam Tip
Be sure to review VM settings that have not changed since Windows Server 2008. For example, you should know that Integration Services enable VM features such as time synchronization, host-backup awareness, and system shutdown awareness. Also review VM settings such as Resource Control, which allows you to prioritize CPU resources for certain VMs.
RemoteFX is a set of technologies that improves video rendering, graphics, and overall user experience over the RDP protocol. RemoteFX can work only if a RemoteFX-compatible graphics processing unit (GPU) is available on the remote server to which clients are connecting over RDP.
RemoteFX can be used with Hyper-V. In this case, clients connect to remote VMs over RDP. All VMs on a physical host can share the GPU of that host, and each VM is configured with a virtual GPU (vGPU) that points to the physical GPU.
Here are the requirements for running RemoteFX with Hyper-V:
Windows Server 2008 R2 SP1 or later
DX11 vGPU with WDDM v1.2 driver
SLAT-capable processor
Remote Desktop Virtualization Host component of the Remote Desktop Services role must be installed (to enable RemoteFX vGPU)
GPU or GPUs must be enabled for use with RemoteFX in Hyper-V Settings
VMs must have the “RemoteFX 3D Video Adapter” hardware component added
VMs must be generation 1
More Info
For more information about configuring RemoteFX in Windows Server 2012, search for “RemoteFX vGPU Setup and Configuration Guide for Windows Server 2012” on http://technet.microsoft.com.
Objective summary
In Windows Server 2012 and Windows Server 2012 R2, almost all VM settings can be configured in Windows PowerShell.
Windows Server 2012 R2 introduces the option to create generation 2 virtual machines. Generation 2 virtual machines drop support for legacy hardware devices, but they boot faster and perform operating system installations faster. Generation 2 VMs also allow the option for Secure Boot, which ensures that no malicious software is installed beneath the operating system.
Enhanced session mode is a new feature in Windows Server 2012 R2. It provides a VM connection with many of the benefits of a Remote Desktop connection, including the ability to share features with the host operating system such as printers, Clipboard data, and drives.
Dynamic Memory pools all the memory available on a host server for all VMs hosted on that server. Because computers tend to use more memory when they are starting than when they are running, Dynamic Memory allows you to use available RAM much more efficiently.
Important Dynamic Memory settings include Startup RAM, Minimum RAM, and Maximum RAM.
Smart Paging allows VMs to use virtual (paged) memory to complete a restart operation when insufficient physical memory is available.
With the Resource Metering feature in Windows Server 2012 and Windows Server 2012 R2, you can use the Enable-VMResourceMetering cmdlet to start metering the CPU, memory, disk, and network usage of a VM. To display usage statistics, use the Measure-VM cmdlet. To reset usage counters to zero, use Reset-VMResourceMetering. To disable Resource Metering, use Disable-VMResourceMetering.
RemoteFX improves graphics over RDP and can be used with Hyper-V to improve Remote Desktop connections to individual VMs. The physical host requires a compatible GPU, and you have to select this GPU in Hyper-V Settings and enable it for RemoteFX. You then need to add a RemoteFX 3D Video Adapter in each chosen VM. RemoteFX is not compatible with generation 2 VMs.
Objective review
Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of the chapter.
1. A server named HYPV1 is running Windows Server 2012 R2 and has been configured with the Hyper-V role. HYPV1 has 20 GB of RAM and is hosting 12 VMs. All VMs are running Windows Server 2012 R2 and have Dynamic Memory enabled.
One of the VMs hosted on HYPV1 is named VM1. VM1 is hosting a web application. VM1 averages five concurrent user connections to this web application and its performance is considered acceptable by users.
VM1 has the following memory settings:
Startup Memory: 1024 MB
Minimum Memory: 384 MB
Maximum Memory: 4096 MB
Memory Weight: Medium
You need to perform a scheduled restart of VM1 once per week. You have noticed during past scheduled restarts of VM1 that restarts have sometimes occurred only with the help of Smart Paging and have required several minutes to complete. You want to minimize downtime associated with restarting VM1 and reduce the likelihood that any restart operation will rely on Smart Paging. What should you do?
A. Increase the Startup Memory on VM1.
B. Increase the Minimum Memory setting on VM1.
C. Decrease the Maximum Memory on other VMs.
D. Change the Memory Weight setting on VM1 to High.
2. A server named HYPV2 is running Windows Server 2012 R2 and has been configured with the Hyper-V role. HYPV2 has 16 GB of RAM and is hosting 10 VMs. All VMs are running Windows Server 2012 R2 and have Dynamic Memory enabled.
One of the VMs on HYPV2 is named VM2. VM2 hosts a little-used application that is used for testing only and is not used for any other purposes. You attempt to restart VM2 but receive an error message indicating that there is insufficient memory to perform the operation.
You want to restart VM2 successfully. What should you do? (Choose all that apply.)
A. Increase the Startup Memory setting on VM2.
B. Decrease the Maximum Memory on other VMs.
C. Increase the Memory Buffer % setting on VM2.
D. Move the Smart Paging file to a disk with more space.
3. A server named HYPV3 is running Windows Server 2012 R2 and has been configured with the Hyper-V role. HYPV3 hosts a VM named VM3. You have been measuring the CPU, memory, network, and disk space usage of VM3 for the past 24 hours. You would now like to display the collected usage data at the Windows PowerShell prompt.
Which of the following commands should you type at an elevated Windows PowerShell prompt?
A. Enable-VMResourceMetering -VMName VM3
B. Disable-VMResourceMetering -VMName VM3
C. Measure-VM -VMName VM3
D. $UtilizationReport = Get-VM VSrv1 | Measure-VM
Objective 3.2: Create and configure virtual machine storage
There are three topics in this objective that are most likely to be tested: VHDX, virtual Fibre Channel, and storage Quality of Service (QoS). Of these three, VHDX is the one feature you’re pretty much guaranteed to see on the 70-417 exam. Fortunately, though, all three topics are easy to understand.
This section covers the following topics:
New VHDX disk format
Virtual Fibre Channel adapter
Storage Quality of Service (QoS)
New VHDX disk format
Virtual hard disk (VHD) files have a size limit of 2 TB, which can prevent you from virtualizing some workloads such as extra-large databases. To fix this problem, Windows Server 2012 and Windows Server 2012 R2 introduce a new VHDX file format, which has a 64 TB limit.
Size is the biggest advantage of the VHDX, so if it appears in a test question, it will most likely be in the context of a scenario in which you need to support files that are larger than 2 TB. What is the disadvantage of VHDX? Backward compatibility. If you need to migrate storage to servers running Windows Server 2008 R2 or earlier, use VHD. Also note that the larger size of VHDX applies only to non-boot volumes. VHDX boot disks are also limited to 2 TB because of limitations found in the legacy AMI BIOS used in Hyper-V virtual machines.
Remember that VHDX is the default selection for a new VHD file, as shown in Figure 3-9, but you can opt to create a VHD just as easily.
FIGURE 3-9 Creating a new VHDX
You can also convert a disk from a VHDX to a VHD and vice versa, as long as the disk isn’t bigger than 2 TB. To do so, just select the virtual disk in the VM settings and click Edit, as shown in Figure 3-10.
FIGURE 3-10 Converting a virtual hard disk
Exam Tip
Aside from Hyper-V Manager, you can also use Computer Management or the New-VHD cmdlet to create a new VHD or VHDX. (Note that New-VirtualDisk is different: That cmdlet is used to create a new virtual disk in a specific storage pool.) To convert a virtual hard disk between the VHD and VHDX formats in Windows PowerShell, use the Convert-VHD cmdlet.
Exam Tip
Remember the purpose of the Physical Hard Disk option shown in Figure 3-10. This option is often called a “pass-through disk” and has been available since Windows Server 2008. With a pass-through disk, you add a physical disk (as opposed to a VHD or VHDX) to a VM. As stated in the description of the feature in Figure 3-10, you need to take a physical disk offline before you can attach it to a VM as a pass-through disk.
Then, in the Edit Virtual Hard Disk Wizard, choose the Convert option, shown in Figure 3-11.
FIGURE 3-11 Converting a virtual hard disk to VHD or VHDX
To convert a VHD to a VHDX file in Windows PowerShell, use the Convert-VHD cmdlet.
Although size is the biggest advantage of a VHDX, it isn’t the only advantage. VHDX files also offer the following benefits:
Improved resiliency from power failure, thanks to a new disk log.
Support for new low-cost storage options thanks to 4 KB sector disks.
Better performance thanks to large block sizes.
Support for user-defined file metadata. You could use metadata, for example, to include information about the service pack level of the guest operating system on the VM.
Any of these advantages could appear as requirements in a scenario question, so be sure to remember them.
More Info
For more information about the new VHDX format in Windows Server 2012, see the article titled “Hyper-V Virtual Hard Disk Format Overview” in the TechNet Library at http://technet.microsoft.com/en-us/library/hh831446.aspx.
Virtual Fibre Channel adapter
Before Windows Server 2012, you could provision storage from a Fibre Channel storage area network (SAN) and then use that storage in a guest VM. However, you had to prepare everything in the host operating system so that the source of the storage was transparent to the guest.
What’s new in Windows Server 2012 and later is that you can create a Fibre Channel adapter for your VM and then provision storage from your Fibre Channel SAN from within the guest operating system. This might be useful, for example, if you want to migrate to a virtual environment application that is already connected to specific logical unit numbers (LUNs) in your Fibre Channel SAN. Another advantage of the Fibre Channel adapter is that it allows you to cluster guest operating systems to provide high availability for VMs.
To configure virtual Fibre Channel, first use the Virtual SAN Manager option in the Actions pane of Hyper-V Manager to create a new virtual Fibre Channel SAN. Virtual Fibre Channel SANs are connected to one or more physical host bus adapters (HBAs). Then add a new Fibre Channel adapter to the VM. To add a new Fibre Channel adapter to a VM, first open the settings of the VM and select Add Hardware from the menu on the left. Lastly, select Fibre Channel Adapter and click Add, as shown in Figure 3-12.
FIGURE 3-12 Adding a new virtual Fibre Channel adapter
Exam Tip
To configure a VM to connect to a Fibre Channel SAN, first create a virtual Fibre Channel SAN that connects to one or more physical HBAs.
You configure virtual Fibre Channel adapter settings by specifying a virtual SAN. Port addresses are supplied automatically, but you can edit them by clicking Edit Addresses. The port addresses include hexadecimal values representing the World Wide Node Name (WWNN) and World Wide Port Name (WWPN), as shown in Figure 3-13.
FIGURE 3-13 Configuring Fibre Channel settings
The Fibre Channel adapter in Hyper-V includes a few limitations you need to be aware of. First, the drivers for your HBAs must support virtual Fibre Channel. Second, you can’t use virtual Fibre Channel to connect to boot media for your VMs. Finally, you can’t use the Fibre Channel adapter with just any guest operating system. The guest has to be running Windows Server 2008 or later.
The cmdlets used for creating, configuring, and managing virtual Fibre Channel adapters are Add-VMFibreChannelHba, Set-VMFibreChannelHba, Remove- VMFibreChannelHba, and Get-VMFibreChannelHba.
More Info
For more information about the Fibre Channel adapter in Hyper-V, see the topic “Hyper-V Virtual Fibre Channel Overview,” at http://technet.microsoft.com/en-us/library/hh831413.aspx.
Storage Quality of Service (QoS)
Storage Quality of Service (QoS) is a new feature in Windows Server 2012 R2 that allows you to define a minimum and maximum level of I/O throughput for a virtual disk in Hyper-V. The throughput is defined as an input/output per second (IOPS) value, where each IO is considered to be 8 KB of data. The IOPS limits you set apply only to an individual disk, not to a VM in general.
To configure storage QoS, open the settings of a VM, expand the desired virtual disk in the Hardware menu on the left and then select Advanced Features. In the Advanced Features configuration area on the right, click Enable Quality Of Service Management, and then define a minimum and maximum level for the IOPS. You may leave one value set to zero to accept the system defaults. (Note that the minimum setting does not ensure that this minimum IOPS will be met. The minimum value merely defines a threshold that will trigger an event-based notification.)
Figure 3-14 shows the configuration settings for storage QoS.
FIGURE 3-14 Configuring storage QoS settings
Why would you need to define storage QoS? One potential application would be to honor different levels of service-level agreements (SLAs) for different clients or for different areas of your organization. For example, your organization might provide three levels of service to clients corresponding to three different ranges of IOPS.
More Info
For more information storage QoS, see “Storage Quality of Service for Hyper-V” at http://technet.microsoft.com/en-us/library/dn282281.aspx.
Objective summary
Windows Server 2012 and Windows Server 2012 R2 introduce VHDX files, which have a 64 TB size limit. (VHD files have a 2 TB limit.) Other advantages of the VHDX file format are improved resiliency from power failures, user-defined metadata, and better performance.
You can convert a VHD to a VHDX and vice versa.
Hyper-V in Windows Server 2012 and Windows Server 2012 R2 allows you to create virtual Fibre Channel adapters for virtual machines. If you have a Fibre Channel SAN and compatible HBA drivers, you can then provision SAN storage from within a guest VM.
Storage Quality of Service (QoS) is a new feature in Windows Server 2012 R2 that allows you to define an acceptable range of IOPS for a selected virtual disk in Hyper-V. Each IO is defined as 8 KB.
Objective review
Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of the chapter.
1. You have a VHD that is stored on a server running Windows Server 2012 R2. The VHD is 1.5 TB in size and stores a rapidly growing database file that is 1.0 TB. You want to provide at least 4 TB of space for the database file. What should you do?
A. Use the Edit Virtual Hard Disk Wizard and choose the Convert option.
B. Use the Edit Virtual Hard Disk Wizard and choose the Expand option.
C. Move the contents of the VHD to a new dynamically expanding disk.
D. Move the contents of the VHD to a new differencing disk.
2. You work as a network administrator for Fabrikam.com. Fabrikam.com has a server room that includes 20 servers, 10 of which are virtualized on a server named HYPV4 running Windows Server 2012 R2.
The Fabrikam.com office recently experienced a power outage. After the power outage, the universal power supply connected to HYPV4 did not gracefully shut down HYPV4 or its 10 hosted virtual servers. Some VHDs were corrupted, which required you to restore the VHDs from backup, resulting in a loss of data.
You want to help ensure that future power outages do not corrupt data on your virtualized servers. What should you do?
A. Configure NIC teaming for every VM.
B. Convert the VHDs on your VMs to VHDX files.
C. Create Fibre Channel adapters for each VM and move the VHDs to shared storage.
D. Enable data deduplication on HYPV4.
3. You work as a network administrator for Fabrikam.com. One of your servers, named HYPV5, is running Windows Server 2012 R2 and has been configured with the Hyper-V role. HYPV5 hosts five VMs running Windows Server 2008 R2.
You want to attach new VHDs to the VMs hosted on HYPV5 to increase storage space to these VMs. Until now, the VMs have relied on locally attached storage on HYPV5 to store VHDs attached to the VMs. However, adequate storage space is no longer available on HYPV5 for any new VHDs.
Your network includes a Fibre Channel SAN, from which HYPV5 can already provision storage. You want to provision new storage from the Fibre Channel SAN and use it for the new VMs, and you want to achieve this with the least amount of administrative effort. What should you do? (Choose all that apply.)
A. Upgrade the VM operating systems to Windows Server 2012 R2.
B. From within the host operating system, provision new storage from the SAN.
C. From within the guest operating system, provision new storage from the SAN.
D. Convert the VHD files to VHDX files.
Objective 3.3: Create and configure virtual networks
This objective covers the bulk of the new features in Windows Server 2012 and Windows Server 2012 R2 Hyper-V, but it’s unclear which of these many features will actually appear on the 70-417 exam. Some, such as virtual switch extensions, are difficult to write questions about for an exam on Windows Server, as opposed to System Center Virtual Machine Manager or Windows development. Others are almost too easy: They can’t be set up in a question without giving the answer away, as is the case with bandwidth management, DHCP guard, and router advertisement guard. Still others, such as port ACLs, are constrained by a relative lack of documentation compared to other features. SR-IOV stands out as a feature for which questions suitable to this exam can be written without too much difficulty, but even it is not currently mentioned by name as a topic in the objective description provided by Microsoft.
As a result, it’s difficult to predict what questions you will see on the exam for this objective, so you can only learn the salient points about each of these features and expect to be surprised by any question you might see on the exam.
This section covers the following topics:
Virtual switch extensions
Network isolation
Single-root I/O virtualization (SR-IOV)
Bandwidth management
Advanced features for virtual network adapters
Virtual switch extensions
The “virtual networks” that appeared in the Windows Server 2008 and Windows Server 2008 R2 interface have been replaced in Windows Server 2012 and Windows Server 2012 R2 by elements called virtual switches. From an administration point of view, virtual networks appear simply to have been renamed. Network adapters now connect to virtual switches instead of virtual networks, and just like the old virtual networks, virtual switches can be external, internal, or private.
But there is more to virtual switches than meets the eye at first glance. One of the key innovations in Windows Server 2012 and Windows Server 2012 R2 Hyper-V is that the functionality of these new virtual switches can be expanded through extensions provided by Microsoft or independent software vendors. You add these new extensions as you would install any new software.
Windows Server 2012 and Windows Server 2012 R2 allow allows for the following kinds of virtual switch extensions:
Capturing extensions, which can capture packets to monitor network traffic but cannot modify or drop packets
Filtering extensions, which are like capturing extensions but also can inspect and drop packets
Forwarding extensions, which allow you to modify packet routing and enable integration with your physical network infrastructure
Once installed, extensions are made available to all switches but are enabled and disabled on a per-switch basis. To manage installed extensions for a virtual switch, from the Actions pane in Hyper-V Manager, select Virtual Switch Manager, as shown in Figure 3-15.
FIGURE 3-15 Opening the new Virtual Switch Manager
Then, in the Virtual Switch Manager dialog box that opens, expand the desired switch and select Extensions, as shown in Figure 3-16. In the Switch Extensions box, you can enable, disable, and rearrange the order of installed extensions.
FIGURE 3-16 Managing virtual switch extensions
By default, each switch has two extensions: Microsoft NDIS Capture, which is disabled, and Microsoft Windows Filtering Platform, which is enabled.
You can also use PowerShell to create, delete, and configure extensible switches on Hyper-V hosts. Use the Get-VMSwitchExtension cmdlet to display details concerning the extensions installed on a specific switch. To see the full list of cmdlets available to manage virtual switches in general, type Get-Command *VMSwitch* at a Windows PowerShell prompt.
If any questions about virtual switch extensions appear on the 70-417 exam, they will most likely involve fictional or hypothetical extensions. One possible scenario could involve two extensions that you need to enable but that don’t work well together. If such a problem were to occur and you wanted the functionality of both extensions, you could create two separate virtual switches, with one of these extensions enabled on each. Then you could connect chosen VMs to the appropriate switch, as needed.
To manage virtual switch extensions in Windows PowerShell, you can use Enable-VMSwitchExtension, Disable-VMSwitchExtension, and Get-VMSwitchExtension cmdlets. For a complete list, use Get-Command to search for the string *VMSwitchExtension*.
Network isolation
You can isolate VMs from unwanted network traffic by using the Add-VMNetworkAdapterAcl cmdlet in Windows PowerShell. The feature is sometimes called port ACLs in Microsoft documentation, but on the 70-417 exam, it’s possible you will see this feature mentioned only by its associated cmdlets.
Each port ACL is like a firewall rule that allows or denies traffic associated with a Media Access Control (MAC) or IP address. If you configure the port ACL on a Hyper-V host running Windows Server 2012 or later, it remains in effect even if you move the VM to another host server.
For example, to deny both inbound and outbound traffic between the remote address and the VM named Server12, type the following at an elevated Windows PowerShell prompt on the Hyper-V host:
Add-VMNetworkAdapterAcl-VMName Server12 -RemoteIPAddress -Direction Both
-Action Deny
You can then review the effects of this last action by using the Get-VMNetworkAdapterACL cmdlet. The specific command for this example and its associated output would be as follows:
Get-VMNetworkAdapterACL -VMName Server12
VMName: Server12
VMId: eefb383d-5070-4a74-a16b-3e46a5d2b90c
AdapterName: Network Adapter
AdapterId: Microsoft:EEFB383D-5070-4A74-A16B-3E46A5D2B90C\C3F8188F-EF58-480E-A00F-
Direction Address Action
--------- ------- ------
Inbound Remote Deny
Outbound Remote Deny
To remove the port ACL and the associated traffic restriction, use the Remove-VMNetworkAdapterACL cmdlet. For instance, following our example, you would type the following:
Remove-VMNetworkAdapterACL -VMName Server12 -RemoteIPaddress -Direction
Both -Action Deny
Resource Metering through port ACLs
You can use the same Add-VMNetworkAdapterAcl cmdlet to meter traffic to or from a specific address. To achieve this, use the Meter action instead of Allow or Deny, as in the following example:
Add-VMNetworkAdapterAcl-VMName Server12 -RemoteIPaddress -Direction Both
-Action Meter
You would then use the Get-VMNetworkAdapterACL cmdlet to view the metered usage. The following shows the command used with the same example and the associated output:
Get-VMNetworkAdapterACL -VMName Server12
VMName: Server12
VMId: eefb383d-5070-4a74-a16b-3e46a5d2b90c
AdapterName: Network Adapter
AdapterId: Microsoft:EEFB383D-5070-4A74-A16B-3E46A5D2B90C\C3F8188F-EF58-480E-A00F-
Direction Address Action
--------- ------- ------
Inbound Remote Meter (1 Mbytes)
Outbound Remote Meter (0 Mbytes)
Metering usage through port ACLs might seem like an obscure feature, but don’t be surprised if it shows up on an exam question. In a way, it’s actually a showcase feature of Windows Server 2012 and Windows Server 2012 R2 because it allows virtual hosting providers to meter Internet usage (traffic to the default gateway) specifically as opposed to network usage in general. Like the Resource Metering feature, this base functionality is intended to be leveraged through scripts and programs.
Single-root I/O virtualization (SR-IOV)
Single-root I/O virtualization (SR-IOV) is an extension to the PCI Express (PCIe) standard that can improve network performance. SR-IOV support in Hyper-V is new to Windows Server 2012 and Windows Server 2012 R2. In Hyper-V, SR-IOV enables network traffic to bypass the software switch layer of the Hyper-V virtualization stack and reduce I/O overhead. If you assign only SR-IOV–enabled virtual network adapters and switches to a VM, the network performance of the VM can be nearly as good as that of a physical machine. In addition, the processing overhead on the host is reduced.
To enable SR-IOV, you first need to create a new virtual switch. (You cannot enable SR-IOV on any existing switch, such as the default virtual switch.) In Hyper-V Manager, from the Actions pane, select Virtual Switch Manager. In the Virtual Switch Manager window that opens, choose the option to create a new external virtual switch. Then, in the Virtual Switch Properties pane, in the Connection Type area (shown in Figure 3-17), select the Enable Single-Root I/O Virtualization (SR-IOV) check box. Supply a Name and any Notes for the new virtual switch and then click OK.
FIGURE 3-17 Enabling SR-IOV on a new virtual switch
To create a new switch enabled for SR-IOV in Windows PowerShell, use the New-VMSwitch cmdlet with the -EnableIOV $True parameter.
After you create an SR-IOV–enabled virtual switch, open the settings of the VM for which you want to enable the adapter for SR-IOV and connect the network adapter to the new virtual switch you have just created. Then expand the Network Adapter settings in the Hardware pane, select Hardware Acceleration, and select the Enable SR-IOV check box, shown in Figure 3-18.
FIGURE 3-18 Enabling SR-IOV on a virtual network adapter
Finally, depending on your hardware configuration, you might need to install drivers within the guest operating system to fully enable SR-IOV. You can check the status of SR-IOV by clicking the Networking tab for a particular VM in Hyper-V Manager. If SR-IOV is active, this information is displayed as shown in Figure 3-19.
FIGURE 3-19 A status message indicating the SR-IOV is active
Exam Tip
Remember that single-root I/O virtualization improves network performance on a VM by allowing a VM’s network traffic to bypass virtual switches.
More Info
For more information about SR-IOV in Hyper-V, search for “Everything you wanted to know about SR-IOV in Hyper-V. Part 1” on http://blogs.technet.com or visit http://blogs.technet.com/b/jhoward/archive/2012/03/12/everything-you-wanted-to-know-about-sr-iov-in-hyper-v-part-1.aspx..
Bandwidth management
Bandwidth management is a new feature in Windows Server 2012 and Windows Server 2012 R2 Hyper-V that lets you set both a minimum and maximum Mbps of throughput for any virtual network adapter. In Windows Server 2008 R2, you could configure a maximum bandwidth but not a minimum. Now you can configure both a minimum and maximum for each virtual network adapter.
You enable and configure bandwidth management on a virtual network adapter in the settings of a VM, as shown in Figure 3-20. For either the Minimum Bandwidth setting or the Maximum Bandwidth setting, configuring a value of 0 leaves that setting unrestricted.
FIGURE 3-20 Enabling bandwidth management
You can also use the Set-VMNetworkAdapter to configure minimum and maximum bandwidth on a virtual network adapter. As an alternative to specifying a value for Mbps, you can use this cmdlet to specify a relative bandwidth weight between 0 and 100 relative to other virtual network adapters. To ensure that all virtual network adapters are ensured an equal minimum or maximum bandwidth, you can assign the same bandwidth weight to all adapters. For example, by specifying a bandwidth weight of 1 to all network adapters on servers named Srv1, Srv2, and Srv3, the following command ensures that the same minimum bandwidth is assigned to those network adapters:
Get-VMNetworkAdapter -VMName Srv1,Srv2,Srv3 | Set-VMNetworkAdapter
-MinimumBandwidthWeight 1
Exam Tip
Bandwidth management is not available as an option on legacy network adapters. Bandwidth management is available only on standard network adapters in Hyper-V.
More Info
For more information about bandwidth management (also called Quality-of-Service for Hyper-V) in Windows Server 2012, visit http://technet.microsoft.com/en-US/library/hh831511.
Advanced features for virtual network adapters
A number of new features can be enabled for virtual network adapters in Hyper-V. These options appear when you select Advanced Features after you expand a Network Adapter in the Hardware menu, as shown in Figure 3-21. The new features in this area are defined next.
DHCP Guard Helps safeguard against Dynamic Host Configuration Protocol (DHCP) man-in-the-middle attacks by dropping DHCP server messages from unauthorized VMs pretending to be DHCP servers.
Router Guard Helps safeguard against unauthorized routers by dropping router advertisement and redirection messages from unauthorized VMs pretending to be routers.
Port Mirroring Enables monitoring of a VM’s network traffic by forwarding copies of destination or source packets to another VM being used for monitoring purposes.
NIC Teaming In Windows Server 2012 and Windows Server 2012 R2, the NIC teaming feature can be configured for virtual network adapters as well as for physical network adapters.
FIGURE 3-21 Configuring advanced features for a virtual network adapter
Exam Tip
You need to remember the names and functions of these four features for the 70-417 exam.
To configure settings for a virtual network adapter (including those for SR-IOV, bandwidth management, DHCP guard, router advertisement guard, port mirroring, and NIC teaming), use the Set-VMNetworkAdapter cmdlet. Use Get-Help to learn about the specific syntax used to configure each feature.
Objective summary
The functionality of virtual networks in previous versions of Windows Server has been replaced by virtual switches in Windows Server 2012 and Windows Server 2012 R2. Virtual switch features can be enhanced or expanded through extensions, which can be managed in the Hyper-V Manager interface.
Port ACLs are like firewall rules that allow or deny traffic to a VM based on MAC or IP address. You can also use a port ACL to meter traffic between a VM and a specific address.
SR-IOV is a way to optimize network performance between a Hyper-V guest and a physical network. To configure SR-IOV, you must create a new virtual switch enabled for SR-IOV, connect a VM’s network adapter to that switch, and then enable SR-IOV on the adapter. You might also have to install drivers within the guest operating system.
Windows Server 2012 and Windows Server 2012 R2 include many new configurable options for network adapters, such as bandwidth management, DHCP guard, router advertisement guard, port mirroring, and NIC teaming.
Objective review
Answer the following questions to test your knowledge of the information in this objective. You can find the answers to these questions and explanations of why each answer choice is correct or incorrect in the “Answers” section at the end of the chapter.
1. You work as a network administrator for Fabrikam.com. Fabrikam.com includes its own cloud infrastructure, which is used to provide virtual hosting services to external customers. Customer servers are hosted as VMs on your servers running Windows Server 2012 R2.
You want to block all traffic to and from the customer virtual servers except for communication with the default gateway.
Which of the following cmdlets should you use on the host servers to isolate the guest VMs?
A. Add-VMNetworkAdapterACL
B. Set-VMNetworkAdapterVLAN
C. Set-VMSwitchExtensionPortFeature
D. New-NetFirewallRule
2. You install the Hyper-V role on a server running Windows Server 2012 R2 and then create a new VM. You now want to optimize network performance for the VM by enabling SR-IOV. What should you do? (Choose all that apply.)
A. Create a new private switch.
B. Enable SR-IOV on the virtual switch.
C. Create a new external switch.
D. Enable SR-IOV on the virtual network adapter.
3. You want to maximize security on a VM and help prevent man-in-the-middle attacks. Which of the following settings will help achieve this goal? (Choose all that apply.)
A. Enable MAC Spoofing
B. DHCP Guard
C. Router Guard
D. Port Mirroring
Thought experiment: Configuring Hyper-V at Fabrikam
In this thought experiment, apply what you’ve learned about this objective. You can find answers to these questions in the “Answers” section.
You work as a network administrator for Fabrikam.com, a hosting provider that uses a private cloud infrastructure to provide virtual hosting services to external customers.
Your cloud infrastructure is composed of 20 physical servers running Windows Server 2012 R2 with the Hyper-V role installed. Customer servers are hosted as VMs on these physical servers. Each physical server is equipped with 64 GB of RAM. Shared storage is provided by a Fibre Channel SAN.
Your goals are to use your physical resources as efficiently as possible and to provide a high level of security and performance for customers.
1. You are working with an in-house developer to create a tool that measures CPU, disk, and Internet usage for each customer VM. The developer wants to know how to access this raw information in Windows Server 2012 R2 so that he can build a tool around it. Which method should you show the developer to retrieve the desired usage information?
2. A customer has a database application hosted in your cloud. The application is running in a VM that is running Windows Server 2008 R2 and SQL Server 2008. The database is stored on a VHD drive (stored on the host server) whose size is fixed at 2 TB, but it will soon outgrow the space available. How can you provide more storage space for the database application in a way that minimizes the effort required for all stakeholders?
3. Your IT department has purchased two virtual switch extensions from independent software vendors. The first switch extension is a filtering extension that enables customers to search incoming packets for specific strings or patterns that are useful for security or market research. The second switch extension is a forwarding extension that forwards all incoming traffic received on a switch to any chosen IP address.
You want to be able to use these extensions to provide customers with the ability to search packets on the wire without significantly degrading network performance for services hosted on the customer VM. How can you achieve this goal?
This section contains the answers to the Objective Reviews and the Thought Experiment.
Objective 3.1: Review
1. Correct answer: B
A. Incorrect: Increasing the Startup Memory value will only increase the likelihood that Smart Paging will be used during startup.
B. Correct: Increasing the Minimum Memory setting will help ensure that more physical memory remains allocated to VM1 when a restart begins.
C. Incorrect: This isn’t the best option because it could deprive other important applications of needed RAM.
D. Incorrect: This setting would prioritize memory allocation to VM1 when needed. It wouldn’t ensure that more memory is allocated to VM1 at the time of a restart operation.
2. Correct answer: D
A. Incorrect: Increasing the Startup Memory setting would decrease the possibility that VM2 will be able to start successfully because it will require HYPV2 to find more RAM to allocate to the startup operation. In addition, the fact that Smart Paging is not helping VM2 start indicates most likely that the drive that stores the Smart Paging file has run out of space.
B. Incorrect: Decreasing the Maximum Memory on other VMs would have an unpredictable effect on the availability of RAM for VM2 during a restart operation. In addition, the other running VMs might host high-priority applications that need the memory. Finally, the fact that Smart Paging is not helping VM2 start most likely indicates that the drive that stores the Smart Paging file has run out of space.
C. Incorrect: Increasing the Memory Buffer % setting would allocate more RAM to VM2 while it is running and would likely make some more memory available at the time of a restart. However, VM2 hosts only low-priority applications that are rarely used. Allocating RAM to VM2 while it is running would deprive other VMs of the RAM they might need to support good performance in higher priority applications. In addition, the fact that Smart Paging is not helping VM2 start most likely indicates that the drive that stores the Smart Paging file has run out of space.
D. Correct: Both the host server and the guest VM are running Windows Server 2012 R2, which supports Smart Paging. If insufficient RAM is available for a restart operation, the Smart Paging feature will normally rely on disk storage as virtual memory to help perform the restart. If a guest VM cannot restart in this scenario, it is most likely because not enough free space is available on the disk that currently stores the Smart Paging file.
3. Correct answer: C
A. Incorrect: This command would enable Resource Metering on the VM. However, according to the question, Resource Metering is already enabled.
B. Incorrect: This command would stop the metering of resources on VM3 but would not display any usage statistics.
C. Correct: This command would display usage statistics on VM3 because Resource Metering was enabled or reset.
D. Incorrect: This command would save the resource data into a stored variable, not display it on the screen.
Objective 3.2: Review
1. Correct answer: A
A. Correct: VHDs have a size limit of 2 TB. The Convert option allows you to change the disk type to a VHDX, which has a size limit of 64 TB.
B. Incorrect: VHDs have a size limit of 2 TB; you need a VHD file that is larger than 4 TB. Choosing the Expand option would allow you to expand the size of the VHD from 1.5 TB to 2.0 TB.
C. Incorrect: Creating a dynamically expanding VHD would not allow you to move beyond the 2 TB limit for VHD files. You need to convert the disk to a VHDX file.
D. Incorrect: Creating a differencing VHD would not allow you to move beyond the 2 TB limit for VHD files. You need to convert the disk to a VHDX file.
2. Correct answer: B
A. Incorrect: NIC teaming will help ensure against network outages, but it will not help ensure against data corruption after a power failure.
B. Correct: VHDX files—unlike VHD files—contain a log that helps these virtual disks avoid corruption resulting from a power outage.
C. Incorrect: Moving the VHDs to shared storage will not make them more resilient to power outages.
D. Incorrect: Data deduplication allows data to be stored more efficiently, but it doesn’t help prevent corruption from power outages.
3. Correct answer: B
A. Incorrect: You don’t need to upgrade. You can currently provide new storage for the VMs simply by provisioning new storage for the host server. You would need to upgrade to Windows Server 2012 or later only if you needed to provision storage directly from the guest operating system.
B. Correct: You can provision storage from the SAN in the host operating system running Windows Server 2012 R2. Then you can configure new volumes on the host server and then store new VHDs for the VMs on those new volumes.
C. Incorrect: You don’t need to provision new storage from the SAN from the guest operating system. To do this would require you to upgrade the guest operating systems to Windows Server 2012 or later. You would then need to create and configure virtual Fibre Channel ports. This set of actions would not allow you to achieve your goal with the least amount of administrative effort.
D. Incorrect: Converting the VHD files to VHDX files would require you to upgrade the guest operating systems to Windows Server 2012 or later. In addition, converting to VHDX would not help you attach more available storage to your VMs.
Objective 3.3: Review
1. Correct answer: A
A. Correct: You can use Add-VMNetworkAdapterAcl to create a port ACL and allow or deny traffic between a VM and any specified addresses.
B. Incorrect: This cmdlet allows you to associate a VLAN ID with a network adapter. It does not isolate network traffic in a way that would be useful in this specific scenario.
C. Incorrect: This cmdlet allows you to configure a feature on a virtual network adapter. It doesn’t allow you to restrict network traffic in a way that would be helpful in this scenario.
D. Incorrect: This cmdlet allows you to restrict traffic between any address and the host server, not the guest VMs.
2. Correct answers: B, C, D
A. Incorrect: You can enable SR-IOV only on an external switch.
B. Correct: You need to enable SR-IOV on a new external virtual switch.
C. Correct: You can enable SR-IOV only on a new switch. The switch must be external.
D. Correct: You need to enable SR-IOV on the virtual network adapter connected to the new virtual switch.
3. Correct answers: B, C
A. Incorrect: MAC spoofing enables you to choose a MAC address manually. It doesn’t prevent man-in-the-middle attacks.
B. Correct: DHCP guard prevents man-in-the-middle attacks from unauthorized VMs pretending to be legitimate DHCP servers.
C. Correct: Router guard prevents man-in-the-middle attacks from unauthorized VMs pretending to be legitimate routers.
D. Incorrect: Port mirroring is used to forward traffic to a remote VM. It is not used to prevent man-in-the-middle attacks.
Thought experiment
1. To measure CPU and disk usage, use the Enable-VMResourceMetering, Measure-VM, and Reset-VMResourceMetering cmdlets. To measure Internet usage, create a port ACL that measures traffic specifically between a VM and the default gateway by using the Add-VMNetworkAdapterAcl cmdlet with the –Meter action.
2. Back up the VHD. Convert the VHD to a VHDX. Expand the new VHDX to a desired size up to 64 TB. (Only the host needs to be running Windows Server 2012 or later to support VHDX files. You don’t need to upgrade the guest operating system to Windows Server 2012 or later.)
3. Enable only the forwarding extension on the virtual switch currently used by the services hosted on the VM. Create a second virtual switch that enables only the filtering extension.