Managing Hyper-V
-
@dashrender No worries, maybe I'm not explaining myself very well.
- Sure, so this means logging out of the domain and logging into the PC as a local user with the same username/password as you have setup on the Hyper-V host - what a PITA.
I only ever log into my management PC with this user. There's no logging in or out of anything...
- Why do you have multiple domains, and how would you manage them all from a single PC if the domains aren't trusted, etc?
It was mentioned earlier in the thread how you would manage Hosts that were domain connected if you had multiple domains in your environment. Some had mentioned even if Trusts were in place that Hyper-V Manager would ignore this, unless i misunderstood. I was simply offering this as an alternative since you're managing with local admin creds on the Hosts you don't have this issue.
- I suppose I could build an account on the Hyper-V host that has the same creds as my user account on my PC, but damn, each time I change my password on my domain account (granted not frequent) I'd have to change it on the Hyper-V host.
This would be correct, however I don't regularly change passwords as it's not necessary or even inherently beneficial, and even if I do it takes less than 5 minutes for a complete update.
No offense taken, thanks for allowing me to clarify, hope this better explains my preferences.
-
@jaredbusch said in Managing Hyper-V:
@r3dpand4 said in Managing Hyper-V:
@jaredbusch Because I have never needed the very thing supporting my infrastructure to be dependent on one of the vms inside of it.
Joining it to the domain does not mean that a local login no longer exists. Why would you think that it requires the guest VM with AD to be running? First your credentials are cached, so you will likely be able to log in anyway. Second, if they are not, you only have to log in with the local account and do whatever you need to reboot the AD VM to regain AD auth.
I'm aware of local logins and AD. I'm not sure why you'd ever want to rely on cached credentials on your Hosts, but sure it'll work for a time.
" you only have to log in with the local account and do whatever you need to reboot the AD VM to regain AD auth."
This is literally my point....why add steps unnecessarily? This is literally my management preference from default so why am I wrong for removing a step? Again, if you're relying on cached creds to authenticate with a domain joined Host in order for you to manage your vms I don't see that as remotely ideal.
-
@r3dpand4 said in Managing Hyper-V:
@jaredbusch said in Managing Hyper-V:
@r3dpand4 said in Managing Hyper-V:
@jaredbusch Because I have never needed the very thing supporting my infrastructure to be dependent on one of the vms inside of it.
Joining it to the domain does not mean that a local login no longer exists. Why would you think that it requires the guest VM with AD to be running? First your credentials are cached, so you will likely be able to log in anyway. Second, if they are not, you only have to log in with the local account and do whatever you need to reboot the AD VM to regain AD auth.
I'm aware of local logins and AD. I'm not sure why you'd ever want to rely on cached credentials on your Hosts, but sure it'll work for a time.
" you only have to log in with the local account and do whatever you need to reboot the AD VM to regain AD auth."
This is literally my point....why add steps unnecessarily? This is literally my management preference from default so why am I wrong for removing a step? Again, if you're relying on cached creds to authenticate with a domain joined Host in order for you to manage your vms I don't see that as remotely ideal.
You are missing the point. It is not adding a step because it will normally never happen. The guests normally boot with no action required from the host. So day to day management is never impacted by this.
-
@r3dpand4 said in Managing Hyper-V:
@jaredbusch said in Managing Hyper-V:
@r3dpand4 said in Managing Hyper-V:
@jaredbusch Because I have never needed the very thing supporting my infrastructure to be dependent on one of the vms inside of it.
Joining it to the domain does not mean that a local login no longer exists. Why would you think that it requires the guest VM with AD to be running? First your credentials are cached, so you will likely be able to log in anyway. Second, if they are not, you only have to log in with the local account and do whatever you need to reboot the AD VM to regain AD auth.
I'm aware of local logins and AD. I'm not sure why you'd ever want to rely on cached credentials on your Hosts, but sure it'll work for a time.
" you only have to log in with the local account and do whatever you need to reboot the AD VM to regain AD auth."
This is literally my point....why add steps unnecessarily? This is literally my management preference from default so why am I wrong for removing a step? Again, if you're relying on cached creds to authenticate with a domain joined Host in order for you to manage your vms I don't see that as remotely ideal.
But you aren't relying on cached credentials. You're using a domain joined account to manage it and have a backup local account just in case of emergencies.
Your process adds several additional steps that don't exist if you managed Hyper-V as part of the domain.
-
@r3dpand4 said in Managing Hyper-V:
I only ever log into my management PC with this user. There's no logging in or out of anything...
What is a management PC? You actually have a whole other computer (or local VM) that's entire purpose is only servicing the Hyper-V host? seems like $300+ for a Windows license, pretty expensive.
It was mentioned earlier in the thread how you would manage Hosts that were domain connected if you had multiple domains in your environment. Some had mentioned even if Trusts were in place that Hyper-V Manager would ignore this, unless i misunderstood. I was simply offering this as an alternative since you're managing with local admin creds on the Hosts you don't have this issue.
That's true, I had forgotten about that bit, but your solution is instead of having separation, you'd have all Hyper-V hosts have the same single account, managed by your one PC that has that - that's not an enterprise solution. And I'll agree that MS hasn't given us one either.
-
@dashrender said in Managing Hyper-V:
And I'll agree that MS hasn't given us one either.
MS has given an enterprise solution. Use Active Directory to manage user permissions and logon rights for your Hyper-V hosts. If you need to go further then that look at SCVMM to manage the hosts that will for the most part have to be added to the domain to get all the functionality.
-
@coliver said in Managing Hyper-V:
@dashrender said in Managing Hyper-V:
And I'll agree that MS hasn't given us one either.
MS has given an enterprise solution. Use Active Directory to manage user permissions and logon rights for your Hyper-V hosts. If you need to go further then that look at SCVMM to manage the hosts that will for the most part have to be added to the domain to get all the functionality.
Well, Wired discovered that a PC in a child domain could not manage a Hyper-V host in a parent domain (or other child domain) without tons of issues. I suppose SCVMM might solve this, but with general Hyper-V manager on Windows 10, it's a problem.
-
@dashrender said in Managing Hyper-V:
@r3dpand4 said in Managing Hyper-V:
I only ever log into my management PC with this user. There's no logging in or out of anything...
What is a management PC? You actually have a whole other computer (or local VM) that's entire purpose is only servicing the Hyper-V host? seems like $300+ for a Windows license, pretty expensive.
It was mentioned earlier in the thread how you would manage Hosts that were domain connected if you had multiple domains in your environment. Some had mentioned even if Trusts were in place that Hyper-V Manager would ignore this, unless i misunderstood. I was simply offering this as an alternative since you're managing with local admin creds on the Hosts you don't have this issue.
That's true, I had forgotten about that bit, but your solution is instead of having separation, you'd have all Hyper-V hosts have the same single account, managed by your one PC that has that - that's not an enterprise solution. And I'll agree that MS hasn't given us one either.
I mean I suppose the first bits a matter of opinion, it's baked into our solution so there is no added cost per say.
Regarding whether this is an Enterprise Solution or not, to be fair I never claimed it to be. I also don't work in the Enterprise market and in that space I'm not sure how much Hyper-V you're really coming across. Others would probably have better insight on that in all honesty, I'd only be speculating.
-
@dashrender said in Managing Hyper-V:
@coliver said in Managing Hyper-V:
@dashrender said in Managing Hyper-V:
And I'll agree that MS hasn't given us one either.
MS has given an enterprise solution. Use Active Directory to manage user permissions and logon rights for your Hyper-V hosts. If you need to go further then that look at SCVMM to manage the hosts that will for the most part have to be added to the domain to get all the functionality.
Well, Wired discovered that a PC in a child domain could not manage a Hyper-V host in a parent domain (or other child domain) without tons of issues. I suppose SCVMM might solve this, but with general Hyper-V manager on Windows 10, it's a problem.
Wired also had a crazy AD setup. I don't know if that was part of the problem or if it was Hyper-V. Very well could have been Hyper-V.
-
@r3dpand4 said in Managing Hyper-V:
I mean I suppose the first bits a matter of opinion, it's baked into our solution so there is no added cost per say.
Baked in? So let's assume you have a full second PC that's solely used for managing this Hyper-V host. That's probably $800 (or more). One thing ML really tries to get across to sysadmins/generalist IT personal is that we are part of the business process, and a major goal of the business process is to do things cost effectively. As such, I'm not sure this is considered cost effective.
-
@coliver said in Managing Hyper-V:
@dashrender said in Managing Hyper-V:
@coliver said in Managing Hyper-V:
@dashrender said in Managing Hyper-V:
And I'll agree that MS hasn't given us one either.
MS has given an enterprise solution. Use Active Directory to manage user permissions and logon rights for your Hyper-V hosts. If you need to go further then that look at SCVMM to manage the hosts that will for the most part have to be added to the domain to get all the functionality.
Well, Wired discovered that a PC in a child domain could not manage a Hyper-V host in a parent domain (or other child domain) without tons of issues. I suppose SCVMM might solve this, but with general Hyper-V manager on Windows 10, it's a problem.
Wired also had a crazy AD setup. I don't know if that was part of the problem or if it was Hyper-V. Very well could have been Hyper-V.
I recall finding MS docs that specifically stated this problem as known.
-
@dashrender said in Managing Hyper-V:
@coliver said in Managing Hyper-V:
@dashrender said in Managing Hyper-V:
@coliver said in Managing Hyper-V:
@dashrender said in Managing Hyper-V:
And I'll agree that MS hasn't given us one either.
MS has given an enterprise solution. Use Active Directory to manage user permissions and logon rights for your Hyper-V hosts. If you need to go further then that look at SCVMM to manage the hosts that will for the most part have to be added to the domain to get all the functionality.
Well, Wired discovered that a PC in a child domain could not manage a Hyper-V host in a parent domain (or other child domain) without tons of issues. I suppose SCVMM might solve this, but with general Hyper-V manager on Windows 10, it's a problem.
Wired also had a crazy AD setup. I don't know if that was part of the problem or if it was Hyper-V. Very well could have been Hyper-V.
I recall finding MS docs that specifically stated this problem as known.
Ok. Good to know I'll keep that in mind.
-
@dashrender said in Managing Hyper-V:
@r3dpand4 said in Managing Hyper-V:
I mean I suppose the first bits a matter of opinion, it's baked into our solution so there is no added cost per say.
Baked in? So let's assume you have a full second PC that's solely used for managing this Hyper-V host. That's probably $800 (or more). One thing ML really tries to get across to sysadmins/generalist IT personal is that we are part of the business process, and a major goal of the business process is to do things cost effectively. As such, I'm not sure this is considered cost effective.
@dashrender I'm not sure where you're grabbing these prices from, so this whole statement is a bit of a straw man. I can grab a laptop for $150-200, you're overthinking this.
-
Can you install and run RSAT on Windows home?
-
@dashrender said in Managing Hyper-V:
Can you install and run RSAT on Windows home?
Windows 10 Pro, Enterprise, and Education only.
-
@dashrender said in Managing Hyper-V:
Can you install and run RSAT on Windows home?
I'm not sure, I don't use Home edition at work or home. Who is using Windows Home?
-
@r3dpand4 said in Managing Hyper-V:
@dashrender said in Managing Hyper-V:
Can you install and run RSAT on Windows home?
I'm not sure, I don't use Home edition at work or home. Who is using Windows Home?
Anyone with $150 laptops
-
I mostly use Windows Home these days, with AD not making sense like it used to, Windows Home often ends up making more business sense in smaller businesses.
-
@r3dpand4 said in Managing Hyper-V:
@dashrender said in Managing Hyper-V:
Can you install and run RSAT on Windows home?
I'm not sure, I don't use Home edition at work or home. Who is using Windows Home?
You found a laptop with Windows 10 Pro on it for $150-200? Nice find then. If you didn't, then you'll need to toss $50-100 on top of that price to upgrade to Pro. that's where I was driving too.
But it's still weird to me to have this single computer sitting in the corner of my desk to manage a Hyper-V host when I have a decent (I assume) desktop/laptop on my desk for all of the other management I do.
-
@scottalanmiller said in Managing Hyper-V:
@r3dpand4 said in Managing Hyper-V:
@dashrender said in Managing Hyper-V:
Can you install and run RSAT on Windows home?
I'm not sure, I don't use Home edition at work or home. Who is using Windows Home?
Anyone with $150 laptops
Hey hey hey now don't judge Newegg
