Managing Hyper-V
-
@scottalanmiller said in Managing Hyper-V:
@dafyre said in Managing Hyper-V:
@scottalanmiller said in Managing Hyper-V:
This shows some promise.
https://cloudbase.it/using-freerdp-to-connect-to-the-hyper-v-console/
This looks quite interesting. I didn't realize the OpenStack Compute bits could control Hyper-V. I may have to give that a go at work next week. I have a couple of Hyper-V servers this could work well on.
Oh yes, all four hypervisors are available and work under OpenStack. Although once going OpenStack, is there a compelling reason to use Hyper-V over KVM?
Because your bosses said you had to use hyper-V for some project or another? lol.
-
@dafyre said in Managing Hyper-V:
@scottalanmiller said in Managing Hyper-V:
@dafyre said in Managing Hyper-V:
@scottalanmiller said in Managing Hyper-V:
This shows some promise.
https://cloudbase.it/using-freerdp-to-connect-to-the-hyper-v-console/
This looks quite interesting. I didn't realize the OpenStack Compute bits could control Hyper-V. I may have to give that a go at work next week. I have a couple of Hyper-V servers this could work well on.
Oh yes, all four hypervisors are available and work under OpenStack. Although once going OpenStack, is there a compelling reason to use Hyper-V over KVM?
Because your bosses said you had to use hyper-V for some project or another? lol.
I see. OpenStack there would be the letter of the law but not the intent of it. This would be the loophole situation we talked about the other day. 99% of the time when someone says something like that, they don't actually mean the hypervisor but the ecosystem. This is essentially a KVM ecosystem (or a third party one at least) that just happens to allow Hyper-V to be used. But Hyper-V as a product will be "gone". It's like telling someone that they have to run Windows, not Linux, and so you find a way (MS did this) to replace the Linux kernel with a Windows kernel plus an API to make it act exactly like Linux. It is Windows kernel under the hood? Yes. It is Linux? No. Does it quack like a duck though, yes.
-
basically if you enable winrm with an Enter-PSSession you can control the host from enywhere (firewall must be setup) in powershell.
what I do not find is a central management tool to have an overview of all hosts and their loading conditions.
-
@Dashrender said in Managing Hyper-V:
Now we come to my question.
Is there any reason to not put all the Hyper-V Hosts into a single domain to ease management?
For security and stability I've always seen at any real scale you run a Management domain. Also, given cases of Cyrtolocker hitting Hyper-V hosts I'd be damned careful with separate accounts/domains for Hyper-V hosts as someone encrypting your VM's can bypass a LOT of your protections.
-
@scottalanmiller said in Managing Hyper-V:
ecosystem
Also dropping Nano from being a supported path sucks for people who were hoping for it to be a true small secure embedded install (Core requires a 32GB DISK!)
-
@scottalanmiller said in Managing Hyper-V:
@dbeato said in Managing Hyper-V:
@scottalanmiller You need a Windows 8.1 or Windows 10 computer, and like I said on my post before you can go to the c$ of that HyperV enter the username and password and then connect using the Hyperv console.
Okay, having him try that. What about if you are not on a LAN and not willing to expose SMB over the WAN?
Wouldn't you never put a hypervisor on the public internet directly on any port?
-
@John-Nicholson said in Managing Hyper-V:
@scottalanmiller said in Managing Hyper-V:
ecosystem
Also dropping Nano from being a supported path sucks for people who were hoping for it to be a true small secure embedded install (Core requires a 32GB DISK!)
Holy crap. I didn't realize it was that big.
-
@Tim_G that you get triple redundant, or more, secure web remote management plus no open port remote assistance all automatic and out of the box and that almost no one else offers that
No open port remote assistance is a commodity (I can throw a rock and hit a vendor who does this). If your talking phone home support The top 3-4 HCI appliance vendors fit the bill here.
-
@stacksofplates said in Managing Hyper-V:
@John-Nicholson said in Managing Hyper-V:
@scottalanmiller said in Managing Hyper-V:
ecosystem
Also dropping Nano from being a supported path sucks for people who were hoping for it to be a true small secure embedded install (Core requires a 32GB DISK!)
Holy crap. I didn't realize it was that big.
Hyper-V's dependency on a DOM0 style Windows VM in the IO path means it's impossible to shrink the install that small. Xen isn't quite as bad (You can build a damn small DOM0) KVM is next in size (You can shrink it quite a bit) and then ESXi being the smallest (few hundred MB is all the VMkernel takes up with the rest being log, crash dumps, and VMTools that technically you can redirect).
This is why a Hyper-V environment should require monthly patching while a shrunk and reasonably hardened KVM or ESXi environment can easily go quarterly or farther to maintain compliance requirements.
-
@stacksofplates said in Managing Hyper-V:
@John-Nicholson said in Managing Hyper-V:
@scottalanmiller said in Managing Hyper-V:
ecosystem
Also dropping Nano from being a supported path sucks for people who were hoping for it to be a true small secure embedded install (Core requires a 32GB DISK!)
Holy crap. I didn't realize it was that big.
my hyper-v server 2016 is around 8GB including the altaro agent.
-
@Dashrender ok, this is what I've done accordingly to my notes:
on the hyperv host:
winrm quickconfig (yes to all questions) net user /add <USERNAMEHERE> net <USERNAMEHERE> <PASSWORDHERE> net localgroup Administrators /add <USERNAMEHERE>on the control machine
winrm quickconfig (yes to all questions) net user /add <USERNAMEHERE> net <USERNAMEHERE> <PASSWORDHERE> winrm set winrm/config/client @{TrustedHosts=”<IP-OR-FQDN-OF_HOST>”}Do not promote user to admins in the control machine: it is uneeded.
you have then to adjust win firewall rules but you can control any host from the mmc snap-in if you have an adequately recent version of win (win ver >= hyper-v ver)
the trick is to run the snap-in as the dedicated user. I've made a bat with the following contents:
runas /user:<USERNAMEHERE> "%windir%\System32\mmc.exe %windir%\System32\virtmgmt.msc" -
@John-Nicholson said in Managing Hyper-V:
@scottalanmiller said in Managing Hyper-V:
ecosystem
Also dropping Nano from being a supported path sucks for people who were hoping for it to be a true small secure embedded install (Core requires a 32GB DISK!)
Why would anyone use that for a Hyper-V Host? I certainly wouldn't, unless 2016 Full Datacenter edition is needed at the host level for some reason. If you need to use Hyper-V, Hyper-V Server 2016 or Nano Server is the way to go.
-
@John-Nicholson said in Managing Hyper-V:
@scottalanmiller said in Managing Hyper-V:
ecosystem
Also dropping Nano from being a supported path sucks for people who were hoping for it to be a true small secure embedded install (Core requires a 32GB DISK!)
Also, dropping Nano support from what?
-
@John-Nicholson said in Managing Hyper-V:
@Dashrender said in Managing Hyper-V:
Now we come to my question.
Is there any reason to not put all the Hyper-V Hosts into a single domain to ease management?
For security and stability I've always seen at any real scale you run a Management domain. Also, given cases of Cyrtolocker hitting Hyper-V hosts I'd be damned careful with separate accounts/domains for Hyper-V hosts as someone encrypting your VM's can bypass a LOT of your protections.
This is always how I feel about it. Separate everything for platform.
-
@John-Nicholson said in Managing Hyper-V:
@scottalanmiller said in Managing Hyper-V:
@dbeato said in Managing Hyper-V:
@scottalanmiller You need a Windows 8.1 or Windows 10 computer, and like I said on my post before you can go to the c$ of that HyperV enter the username and password and then connect using the Hyperv console.
Okay, having him try that. What about if you are not on a LAN and not willing to expose SMB over the WAN?
Wouldn't you never put a hypervisor on the public internet directly on any port?
Depends on what you call directly. Any why not? We used to feel this way about servers in general, then cloud came along and now it's the standard. You want your platform pretty tight and locked down. But one way or another all systems need to be managed. Every enterprise cloud's platform management is directly on the Internet (Amazon, Azure, etc.) There is no getting around it. So yes, I would definitely put my platform management on the Internet.
-
@stacksofplates said in Managing Hyper-V:
@John-Nicholson said in Managing Hyper-V:
@scottalanmiller said in Managing Hyper-V:
ecosystem
Also dropping Nano from being a supported path sucks for people who were hoping for it to be a true small secure embedded install (Core requires a 32GB DISK!)
Holy crap. I didn't realize it was that big.
Isn't that only the "role" install, not a proper one?
-
@JaredBusch said
Are you not paying any attention to what you are reading?? Remote access is not console access.
I rarely pay attention. Makes things too boring.
-
StarWind is currently working on the new product - a flexible and customizable web-based platform which will allow users get the full control over their IT infrastructures from a single HTML5 graphical interface including S2D, Failover Clustering and Hyper-V. More information to be found in a nearby thread: https://mangolassi.it/topic/14114/help-starwind-to-pick-the-name-for-the-upcoming-product
-
@Oksana said in Managing Hyper-V:
StarWind is currently working on the new product - a flexible and customizable web-based platform which will allow users get the full control over their IT infrastructures from a single HTML5 graphical interface including S2D, Failover Clustering and Hyper-V. More information to be found in a nearby thread: https://mangolassi.it/topic/14114/help-starwind-to-pick-the-name-for-the-upcoming-product
Very cool - but the big question - will it allow the launching of a console connection to a VM?
-
@Tim_G said in Managing Hyper-V:
Also dropping Nano from being a supported path sucks for people who were hoping for it to be a true small secure embedded install (Core requires a 32GB DISK!)
I think he means nano is available only for those with a datacenter licence. maybe he was hoping in an hyper-v server 2016 based on nano rather than on core.
anyway MY core is just around 8GB, small enough. Also microsoft has some issues with "no-gui". you go from core, which is something like linux cmd line + xserver + fluxbox, to something with no local management at all! ASAP nano can be managed only by remote powershell. No local login.
