Вы находитесь на странице: 1из 13

Building a Hyper-V virtual Lab environment

Introduction

This guide give step-by-step instructions to create a Hyper-V Virtual Lab with its own unique network that is isolated from the production network the physical machine is connected to. This guide is also a good tutorial for Microsoft Hyper-V including creating virtual machines and virtual networks. These concepts are relatively straight-forward in Hyper-V, but the actual act of creating a Hyper-V Virtual Lab provides real world experience working with Hyper-V. This lab assumes you have a server with a default installation for Windows Server 2012. This Hyper-V Virtual Lab can be used a baseline for testing many small business scenarios, learning new technology, or simply demonstrating solutions to clients or co-workers. Its possible to add application servers to test out collaboration software such as Microsoft SharePoint, Messaging software like Exchange, etc. Another great use of this Hyper-V Virtual Lab is testing client deployment scenarios. For example, you could test new group policy configurations for a Windows 8 client update.

Hyper-V Role and Virtual Network

2.1 Add Hyper-V Role to Windows Server 2012


The Windows Server 2012 Hyper-V role enables you to create a virtualized server computing environment. This type of environment is useful because you can create and manage virtual machines, which allows you to run multiple operating systems on one physical computer and isolate the operating systems from each other. As a result, you can use a virtualized computing environment to improve the efficiency of your computing resources by utilizing more of your hardware resources. Before we start provisioning virtual machines on Server 2012 edition we need to add Hyper-V role on the Server first. Please follow the step by step instructions on how to install install Hyper-V role. The Hyper-V role can be installed through powershell, server manager command line and GUI. In this guide we will use GUI.

1. 2. 3. 4. 5. 6.

Start Server Manager by clicking on the Server Manager icon in the task bar. In the Server Manger, click Manage in the top bar and select Add Roles and Features. In the wizard, select Role based or feature based installation on the second page. On the Select Destination Server page, make sure the current server is selected. Select the Hyper-V role and accept its companion features. Finish the wizard.

Now we have Hyper-V role installed and the server needs to reboot.

2.2 Create Hyper-V Virtual LANs


Now that you have a physical host with a Windows Server 2012 and Hyper-V enabled, its important to make sure the networks in Hyper-V are setup properly for our virtual lab. The first LAN that we need to confirm is the LAN that this physical Hyper-V host participates in. This LAN basically participates in the LAN that this computer is connected to. Well use this LAN as our connection to the outside world for the virtual lab environment. Well also create a Hyper-V Virtual Network for our Hyper-V Lab environment. All network traffic for the lab will stay within this private network.

2.3 Create/Verify Hyper-V External LAN


Typically this LAN is already setup, but its important to make sure we know the name and configuration for this virtual LAN. 1. Open the Hyper-V Manager 2. Select Virtual Network Manager. 3. Verify you have an external network setup. Its important to have a good descriptive name for the external network that includes information telling the administrator thats its an external LAN, shared with the management OS, and which physical network port its associated with. In this case its named: LAN External Shared Intel Pro 1. If you followed the earlier instructions for adding the Hyper-V role, rename the HyperVNetwork to LAN External Shared Intel Pro 1 for this guide. 4. Rename the network in the physical host. Control Panel -> Network and Internet -> Network Connections. Right-Click on the LAN External and name this network connection to the same name LAN External Shared Intel Pro 1

2.4 Create Hyper-V Private LAN for LAB Environment


Now that the external LAN name and configuration is verified, its time to create a new private LAN that will be used by the Hyper-V Lab. This will LAN will have a unique network IP address space so that all network traffic is contained within it. This network will have a descriptive name that describes the address space that it is using. 1. Select Virtual Network Manager again.

2.

Create a new Private Network: Its important to name your Hyper-V virtual network something meaningful so its easy to identify it in various configurations. I recommend being very descriptive by including the term private and identify the IP address range this network is using.

3. Rename the new LAN adapter on the host machine to something meaningful so that its easy to distinguish in later steps. 1. Start->Right Click Network->Properties 2. Click Change Adapter Settings 3. Right Click new adapter and select rename and name it the same name as the adapter we created.

Hyper-V Lab Internet Connectivity

3.1 Create Hyper-V NAT Using RRAS


Now that the Hyper-V Virtual Networks are setup, its time to create the NAT that will connect the new virtual Lab LAN with the external LAN. Windows Server 2012 includes this software NAT function with the Remote Access Service role. Well now create a new Hyper-V virtual machine that will provide this service. This may be a little overkill, but it helps create a nice encapsulated Hyper-V Virtual Lab environment. Well create a relatively powerful virtual machine to support the setup process that includes 4GB of RAM and four processors. After weve created the VM, we can scale back the VM to 1GB of memory and 2 Virtual Processors.

3.2 Create New Virtual Machine


1. Create new VM named VMNAT 1. 4GB New Hard drive 20GB 2. Dont install OS 2. Edit Virtual Machine 1. Edit Virtual Machine 4 procs. 2. Network Adapter #1: LAN Exernal Shared Intel Pro 1 3. Network Adapter #2: Internal(LAN) 4. Attach Install ISO Windows Server 2012 (downloaded from MSDN, Technet, or BizSpark) After making these changes the Virtual Machine Settings will look something like:

3.3 Create Hyper-V RRAS Server Install Base Windows Server 2008 R2
In this step its time to install the base Windows Server 2012 configuration. 1. Start the virtual machine created above.

2. Run through the default Full Installation 3. Choose custom installation and select the new disk we created above.

3.4 Create Hyper-V RRAS Server Configure LAN Adapters


The default names that Windows Server 2012 gives to adapters under Hyper-V arent very useful. So now is the time to name them something meaning that will make further configuration much more understandable. 1. Open the explorer and right click Network -> Properties There will be two adapters listed , both with not very meaningful names. Notice that one of the networks says Unidentified and the other says Network. If you click on the Network one and choose Details, youll notice that it has a valid IP address within your physical LAN. This adapter is connected the External(WAN) virtual network. So lets name it that. 2. Click Change adapter settings in the menu at right. 3. Right Click the connection identified above and select Rename. Type in External(WAN) to match the network name. 4. Right Click the other connection and name it Internal(LAN) 5. Right Click the Internal(LAN) adapter and select Properties. 6. Select the Internet Protocol Version 4 (TPC/IPv4) item (dont uncheck it) and click properties. 7. Click Use the following IP address: 8. Click on the IP Address: field and enter 192.168.100.1. 9. Hit Tab and windows will fill in the subnet mask of 255.255.255.0. 10. Leave the default gateway and DNS Server entries blank and Click OK.

3.5 Create Hyper-V RRAS Server Rename Server


The default name that Hyper-V gives a new virtual machine isnt very descriptive. So in this step we rename this Hyper-V Virtual Machine W2k12-ROUTER. Its important that the machine match the Routing and Remote Access function that this Hyper-V VM is running. These may be the simplest steps outlined, but here they are: 1. 2. 3. 4. 5. 6. 7. Start-Right Click Computer -> Properties Click Change Settings Change Description to W2k12-ROUTER Click Change Change Computer Name to W2k12-ROUTER Run Windows Update (Optional) Restart the computer.

3.6 Create Hyper-V RRAS Server Add RRAS Role


RRAS Routing and Remote Access Service provides multiprotocol LAN-to-LAN, LAN-to-WAN, virtual private network (VPN), Dial-up and NAT (network address translation) services. In this configuration, we use a very simple configuration to provide a NAT for our Hyper-V Virtual Lab to access the host networking environment to access the internet. The RRAS server will connect to both the private lab network (Internal(LAN)) and the external network (LAN External Shared Intel Pro 1). All machines connected to our internal network will be able to access this Hyper-V RRAS Server to connect to the internet. To add the RRAS Role to our Hyper-V NAT we use the following steps: 1. Click on Start > Administrative Tools > Server Manager 2. Click Manage, Click on Add Roles and Features, Select Remote Access and accept the features, Click Next 3. On the Select Role Services, Select Routing. Click Next on Information Page and Select Routing and Remote Access Services 4. It will now give a warning that sources are not found. Click specify an alternative source path and type: <DVD>:\sources\sxs\ for path, where <DVD> is the drive where the 2012 install medium is mounted/inserted. 5. Windows will now install roles and features and reboot to finish the installation.

6. In Server Manager, Click Tools > Routing and Remote Access. This will bring RRAS console 7. Select the server W2k12-ROUTER (local). Notice that Server has red down arrow which means that RRAS is not enabled and configured. 8. Right click on W2k12-ROUTER (Local) and select Configure and Enable Routing and Remote Access to launch the Routing and Remote Access Server Setup Wizard. Click on Next to start the wizard. 9. Select Network address translation (NAT) and click Next. The Windows Server 2012 Routing and Remote Access Server Network address translation (NAT) feature allows the clients on our internal private to share the same internet connection. 10. Select Use this public interface to connect to the Internet: and then choose the External(WAN) from the Network Interfaces list. Click Next. 11. Select Enable basic name and address services and click Next. This option causes Routing and Remote Access to assign addresses automatically and forward name resolution requests to a DNS server on the Internet. 12. Select Next to accept the Address Assignment Range and Finish to actually configure the Routing and Remote Access Server. Were now finished creating the Routing and Remote Access Server to provide NAT access to our internal clients within our Hyper-V Virtual lab. Since this VM only runs NAT services, its most efficient to edit the VM to only allocate 1GB of RAM and 2 processors to this service.

Now its time to create the first server in our Hyper-V Virtual Lab, which will be our Windows Server 2012 domain controller.

Hyper-V Lab Domain Controller

4.1 Create Hyper-V Virtual Lab Domain Controller


The first server we create in our Hyper-V Virtual is the domain controller. This server will host the primary roles needed for any domain environment. For our simplified Hyper-V Virtual Lab, these are Active Directory Domain Services, DNS Server, and DHCP Server roles. Well create a relatively powerful virtual machine to support the setup process that includes 4GB of RAM and four processors. After weve created the VM, we can scale back the VM memory and processors depending on what else were doing within this Hyper-V Virtual Lab.

4.2 Create New Hyper-V Virtual Machine


1. Create new VM named VMDC a. 4GB New Hard drive 30GB b. Dont install OS 2. Edit Virtual Machine a. Edit Virtual Machine 4 procs. b. Network Adapter #1: Internal(LAN) c. Attach Install ISO Windows Server 2012 (downloaded from MSDN, Technet, or BizSpark)

4.3 Build Hyper-V Domain Controller Install Base Windows Server 2008 R2
In this step its time to install the base Windows Server 2008 R2 configuration. 1. Start the virtual machine created above. 2. Run through the default Full Installation 3. Choose custom installation and select the new disk we created above.

4.4 Hyper-V Domain Controller Configure LAN Adapter


This server is our Domain Controller, DHCP Server, and DNS so it will need a static IP address. So in this step well rename the LAN Adapter to something meaningful and setup the static IP address for this adapter. 1. 2. 3. 4. 5. Start->Right click Network -> Properties. Select Change adapter settings. There is only one adapter, so right click and choose to Rename and name it Internal(LAN) Right Click the other connection and name it Internal(LAN) Right Click the Internal(LAN) adapter and select Properties.

6. 7. 8. 9. 10. 11.

Select the Internet Protocol Version 4 (TPC/IPv4) item (dont uncheck it) and click properties. Click Use the following IP address: Click on the IP Address: field and enter 192.168.100.10. Hit Tab and windows will fill in the subnet mask of 255.255.255.0. Set the Default gateway to 192.168.100.1 Set the Preferred DNS Server to 192.168.100.10. This server will be the DNS for our Hyper-V Virtual Lab, so the DNS should point to itself.

4.5 Hyper-V Domain Controller Rename Server


Now, lets rename this new virtual machine to a more meaningful name. 1. 2. 3. 4. 5. 6. Start-Right Click Computer -> Properties Click Change Settings Change Description to VM Lab DC Click Change Change Computer Name to VMLABDC Restart the computer.

Note that this server still wont have network access until weve added and configured the DNS Server role below.

4.6 Hyper-V Domain Controller Add Active Directory Domain Services Role
Now that we have the basic server setup, its time to add the DC and DNS roles so that this server can be the hub of our Hyper-V Virtual Lab environment. 1. Start->Administrative Tools -> Server Manager to launch the Windows Server 2012 Server Manager utility. 2. Click on Roles under Server Manager (VMLABDC). 3. Click Add roles to launch the Add Roles Wizard. This step provides some standard warnings to make sure that this system is secure. Youve already set a strong password when installing the OS, we configured the static IP above, and well run Windows Update once we have network connectivity. 4. Click Next. 5. Check the Active Directory Domain Services box. This will bring up a warning saying that the .Net Framework 3.5.1 Features need to be installed. 6. Select Add Required Features 7. Select Next > to start configuring Active Directory Domain Services. Windows Server 2012 Add Roles Wizard will display an overview of adding the domain services. 8. Select Next > to advance past this step. 9. Select Install to begin the Active Directory Domain Services installation. The wizard will then display a progress bar as it installs both the Domain Services and the .NET Framework 3.5.1 features. 10. Select Close to clear the Installation Results screen.

11. Select Go to Active Directory Domain Services from the Server Manager Active Directory Domain Services pane. 12. Select Run the Active Directory Domain Services Installation Wizard (dc promo.exe). This will launch the DCPROMO wizard that will allow this server to operate as a domain controller. 13. This will launch the Active Directory Domain Services Installation Wizard that will make this server a domain controller. Dont check Use advanced mode installation. 14. Click Next and the wizard will display an Operating System Compatibility warning. 15. Click Next to advance to the Deployment Configuration step. 16. Select Create a new domain in a new forest and Next. We will create a new forest specifically for our lab environment. 17. Enter VMLAB.Local and select Next. VMLAB.Local is the name of our Hyper-V Test lab domain. Microsoft recommends using local as the top level domain, however, if youre using Macintoshes to connect to the test network, then its best to use a different top level domain (like lan) so that Mac clients dont require additional configuration. 18. Select Windows Server 2012 for the Forest functional level. This means this test lab can only contain domain controllers that are Windows Server 2012, but since we want to test the features new to 2012, this makes sense. If your test lab will include other versions of Windows Server, then pick the appropriate level. 19. Click Next. To add a DNS server. Its recommended that the first domain controller include a DNS Server service, so we want to install that with this server. 20. The Active Directory Domain Services Installation Wizard will now display an error stating: A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain VMLAB.local. Otherwise, no action is required. Our Hyper-V Virtual Lab uses its own address space and then uses the RRAS NAT to connect to the internet, we dont need to worry about this error and can continue. Choose Yes to continue. 21. Choose Next to accept the default locations for the active directory database, log files, and SYSVOL. For our lab, well accept the defaults. For a production domain controller, you would want to create a separate volume that would contain these directories. 22. Enter a strong password for the Directory Services Restore Mode Administrator account. This account is different than the the Administrator account and is used when when the domain controller is started in Directory Services Restore Mode. After entering the password twice, click Next. 23. Click Next to continue the Active Directory Domain Services Installation Wizard past the summary screen. 24. The wizard will now display a status screen as it configures all of the services of the services associated with the Active Directory Domain Services Installation.

25. Click Finish to close out this wizard. 26. Select Restart Now to reboot the server. When the server VM restarts it will have network connectivity to the internet via the VMNAT VM that is running RRAS. You can now run Windows Update if you would like.

4.7 Hyper-V Domain Controller Add DHCP Server Role


Add DHCP Server for local LAB environment. 1. Roles -> Add Role > DHCP Server 2. Next to start Add DHCP Role wizard 3. Next to clear Introduction to DHCP Server step. The Dynamic Host Configuration Protocol allows servers to assign, or lease, IP addresses to computers and other devices that are enabled as DHCP clients. Deploying a DHCP server on the network provides computers and other TCP/IP-based network devices with valid IP addresses and the additional configuration paramaters these devices need, called DHCP options. This allows computers and devices to connect to other network resources such as DNS servers and routers. There are a few notes on this introduction screen also: You should configure at least one static IP address on this computer. This server has a static IP address that we configured earlier in this guide. Before you install DHCP Server, you should plan your subnets, scopes, and exclusions. Make a record of the plan in a safe place for later reference. This lab has a very simple networking topology that we document in this guide. 4. Click Next to accept continue past the Select Network Connection Bindings step. There is only one network connection in our lab environment and it is selected by default. Notice the Details section at the bottom of that lists the Name and Network Adapter for this setting. Our descriptive names Internal(LAN) are shown. 5. The next step for adding the DHCP Role is to Specify IPv4 DNS Server Settings. The Parent domain is prepopulated with VMLAB.local which is correct. For the Preferred DNS server IPv4 address, the wizard is suggesting using the loopback IP address. Since this server is the DNS server for our Hyper-V lab environment, we use the static IP for this server here. Enter 192.168.100.10 in the Preferred DNS server IPv4 address field. Leave the Alternate DNS server IPv4 address field blank. Click Next to advance to the Specify IPv4 WINS Server Settings step. 6. Click Next to advance past the Specify IPv4 WINS Server Settings step. WINS servers are needed for legacy applications and Windows networking environments. Our lab doesnt need this service. If you need WINS for this Hyper-V lab environment, then youd add that role on this server and enter its static IP address 192.168.100.10 in the Preferred WINS server IP address

field. The Alternate WINS server IP address field would be left blank. The DHCP server will then supply this IP address to clients it assigns IP address to. 7. The next step is to Add or Edit DHCP Scopes. A DHCP scope is a pool of IP addresses, such as 192.168.100.100 to 192.168.100.250, that the DHCP server can lease to clients. This range must be continuous. Click Add.. to add the DHCP scope for this Hyper-V Lab networking environment. 8. Enter the following into the Add Scope dialog: 1. Scope Name: VMLAB Private Network 2. Starting IP address: 192.168.100.100 3. Ending IP address: 192.168.100.250 4. Subnet type: Wired (lease duration will be 8 days) this is the default. 5. Activate this scope: checked this is the default. 6. Subnet mask: 255.255.255.0 this is the default. 7. Default gateway (optional): 192.168.100.1 These options tell the DHCP server to assign addresses in this range. Addresses below 100 are excluded so we can use these for static IP addresses or other uses (possibly wireless IP addresses). Click OK to continue. 9. Verify the summary looks correct and click Next > to advance to the next step. 10. Click Next > to accept the default settings for DHCPv6 Stateless Mode. Were not configuring this lab environment for IPv6 clients, so the default works here. 11. Click Next > to accept the default IPv6 DNS Server Settings. 12. The next step is to Authorize the DHCP Server. Active Directory Domain Services (AD DS) maintains a list of authorized DHCP servers to service clients. Specifically authorizing the server prevents rogue servers from being introduced into the environment. The default setting Use current credentials is correct since were logged in as an Administrator. Click Next > to advance to the Confirmation step. 13. Click Install to Confirm the Installation Selections for the DHCP Server Role. 14. The DCHP Server role has now been added to this this Windows Server 2012 domain controller server in our Hyper-V lab environment. Click Close. 15. Restart the server.

Hyper-V Lab Configuration Validation

5.1 Hyper-V Domain Controller Review Settings and Event Logs


Now that the Active Directory Domain Services, DHCP Server, and DNS Server roles have been added to our Hyper-V Lab server, lets look through some of the event logs and verify that everything is working properly. There will be some errors and warnings in the event viewer, so lets look at those. 1. The Server Manager should already be up, but if not, run it with Start->Administrative Tools>Server Manager. The status screen looks a little scary with yellow explamation points and red Xs. Lets look at each individual error to see what is really going on. 2. Click Active Directory Domain Services. This will display a list of Events and running System Services. Notice the events since the last time you restarted this machine. There should be a few information messages, and one Warning. The warning should be Event ID 2886. Double Click on it. This warning is Windows Server 2012 giving a strong recommendation for increasing security. This isnt critical for our lab environment, so this warning is expected here. Click Close. 3. Click DHCP Server in the Roles section under Server Manager. This will also display a list of Events. There should be one warning (Event ID 10020) since the last time we restarted this server. Double click on it. This warning says this server has a dynamic IPv6 address. As with IPv4 IP addresses, a domain controller should have a static IPv6 address. This lab isnt configured for IPv6, so we can ignore this warning also. Click Close. 4. Click DNS Server in the Roles section under Server Manager. This will display a list of events and system services associated with the DNS Server. There should be one warning (Event ID 4013) since the last time this server was restarted. Double click on it. This error states that the DNS server is waiting for Active Directory Domain Services (AD DS) to signal that initial directory synchronization has occurred. This error will be repeated every two minutes until its completed. Simply put, one instance of this error is fine. It takes a bit of time for the initial synchronization to occur.

5.2 Hyper-V Domain Controller Best Practice Analyzer


Now that the lab is functional, lets go through some of the basic tools to look at the services and improve their configuration. To do this well take advantage of Windows Server 2012s Best Practice Analyzer feature for roles that support it.

5.3 Active Directory Domain Services Best Practices Analyzer


1. Click Active Directory Domain Services in the Roles section under Server Manager.

2. Scroll down and click Scan This Role in the Best Practices Analyzer section. Windows Server 2008 R2 will take some time scanning the role and display the results. 3. The results above show one error and a number of warnings. Double click on the error. This error states that this domain controller isnt configured to have an authoritative time source. A time source is critical for a domain environment to insure accurate database synchronization. Our lab environment only has a single domain controller, so this isnt critical, however, lets set one up so it will work properly if we do. 4. This Domain Controller will be the authoritative time source for its domain, so it needs to be configured to get its time from an external reliable source. In addition, the virtual machine needs to be configured to not synchronize its time with the physical host. Well configure this server to use the pool of NTP servers maintained by ntp.org. This pool balances the load across many authoritative time sources and will use servers physically close to this server. 5. Open a command prompt by using Start -> Accessories -> Command Prompt. 6. Type (or cut and paste) the following (all on one line):
w32tm /config /syncfromflags:manual /manualpeerlist:0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org

7. Rerun the Active Directory Domain Services Best Practices Analyzer and this error will no longer be there. The remaining warnings indicate that this domain should have multiple domain controllers, hasnt been backed up recently, and is running as a virtual machine. All of these are OK for our Hyper-V Virtual Lab environment. 8. Now we should disable time synchronization for this VM. On the Host machine run the Hyper-V Manager (Start -> Administrative Tools -> Hyper-V Manager). 9. Right Click on the VMLABDC virtual machine in the Virtual Machines list and select Settings. 10. Select Integration Services under the Management section, and unselect the Time synchronization option and then select OK.

5.4 DNS Server Best Practices Analyzer


1. Click DNS Server in the Roles section under Server Manager. 2. Scroll down and click Scan This Role in the Best Practices Analyzer section. Windows Server 2008 R2 will take some time scanning the role and display the results. 3. The DNS Server Best Practices Analyzer will show the following error: DNS: DNS servers on Internal(LAN) should include the loopback address, but not as the first entry. Microsoft does recommend that DNS servers include the loopback address in the list of DNS servers. Lets go fix that. Click Close.

4. 5. 6. 7. 8. 9.

Click Start -> Right Click Network -> Properties to open the Network and Sharing Center. Click Internal(LAN) in the Active networks section. Click Properties. Select Internet Protocol Version 4 (TCP/IPv4) (dont uncheck it) and click Properties. Enter 127.0.0.1 in the Alternate DNS server field. Click OK to save the entry.