Virtual Private Server – Windows 2008 R2 SP1 Hyper-V

 

Virtual Private Server – Windows 2008 R2 SP1 Hyper-V

Pre requisites

Pre requisite Description
Control Panel Server The server component of the control panel is required to be deployed on the Hyper-V server. 

The used AD Account requires to be member of the domain admins or in case the Hyper-V host is not part of the domain the locate account should be part of the local Administrators group

Service Configuration

Active Directory Settings
Item Information
Security Mode None

 

Virtual Private Server Settings

Select the following provider: “Microsoft Hyper-V” from the “Virtual Private Servers” group.

Category Item Information
Server Settings
Hyper-V Server Local/Remote Select the local mode to indicate that the Hyper-V role is installed on this server
General Settings VPS root folder This is the root folder for virtual machines created by hypervisor. Make sure the folder patter uses enough number of substitution variables to avoid collisions between different user accounts. For example to place every VPS in its own folder and additionally group all VPS of particular user under his folder you can use the following pattern %SYSTEMDRIVE%\Hyper-V\VirtualMachines\[USERNAME]\[VPS_HOSTNAME]. In the most cases the default pattern %SYSTEMDRIVE%\Hyper-V\VirtualMachines\[VPS_HOSTNAME] will work well
OS Templates path Folder that contains .vhd files with pre-installed OS along with index XML file
Exported VPS path Folder where VPS are exported. This value is used as a default value in Delete VPS, Re-install VPS, Repair VPS wizards
Processor Resource Settings Virtual machine reserve Reserve of the total resources available to a virtual machine, specifies the percentage that is reserved for the virtual machine. This setting guarantees that the percentage you specify will be available to the virtual machine. This setting can also affect how many virtual machines you can run at one time. Default value is 0
Virtual machine limit Limit of the total resources available to a virtual machine, specifies the maximum percentage that can be used by the virtual machine. This setting applies regardless of whether other virtual machines are running. Default value is 100
Relative weight Specifies how Hyper-V allocates resources to this virtual machine when more than one virtual machine is running and the virtual machines compete for resources. Default value is 100
DVD Media Library DVD Library path Folder that contains .iso files with DVD and CD images along with index XML file. See Creating DVD Media Library
Virtual Hard Drive Disk Type Specifies the type of Virtual Hard Drive (VHD): either Dynamic or Fixed. VHD of fixed size immediately occupies allocated size on the physical hard disk, but virtual machines with fixed VHD demonstrate better performance 

Please be aware that creating VHD with a fixed size could take significant time to complete depending on the internal size of volume(s) inside VHD. For example if the maximum allowed internal size of template VHD is 100 GB then resulting VHD will be 100 GB in size on physical hard drive or network storage

External Network Connect to Network Select external virtual network. VPS “External network” card (NIC) will be connected to this network. IP addresses are assigned from “VPS External Network” pool
Preferred Name Server IP address that will be set in “Preferred name server” field of TCP/IP protocol properties
Alternate Name Server IP address that will be set in “Alternate name server” field of TCP/IP protocol properties
Management Network Connect to Network Select external virtual network. VPS “Management network” card (NIC) will be connected to this network
Network Card Configuration IP Addresses Pool– assign IP addresses from “VPS Management Network” pool. 

DHCP – do not assign IP addresses from the pool and set “Assign IP addresses and DNS servers automatically (DHCP)” on “Management network” card

Preferred Name Server IP address that will be set in “Preferred name server” field of TCP/IP protocol properties
Alternate Name Server IP address that will be set in “Alternate name server” field of TCP/IP protocol properties
Private Network IP Addresses Format Custom– allows specify initial IP address and network mask. 

192.168.0.1/16 – generates IP addresses starting from 192.168.0.1 and with net mask 255.255.0.0;

 

172.16.0.1/12 – generates IP addresses starting from 172.16.0.1 and with net mask 255.240.0.0;

 

10.0.0.1/8 – generates IP addresses starting from 10.0.0.1 and with net mask 255.0.0.0

IP Address / CIDR Allows specifying custom initial IP address and subnet mask
Default Gateway IP address that will be set in “Default gateway” field of TCP/IP protocol properties
Preferred Name Server IP address that will be set in “Preferred name server” field of TCP/IP protocol properties
Alternate Name Server IP address that will be set in “Alternate name server” field of TCP/IP protocol properties
VPS Host Name Host name pattern This pattern used in VPS integration API web methods to generate VPS name if it is not specified in method call
Automatic Start Action The option specifies what to do with VPS machines when Hyper-V virtualization server starts.
Automatic Stop Action The option specifies what to do with VPS machines when Hyper-V virtualization server shut downs.

Preparing Hyper-V VPS Templates with Windows 2008 R2 SP1

The process of deployment of Virtual Private Servers (VPS) to end customers is very similar to deployment of dedicated servers.

Installing guest Operating System on every purchased VPS from scratch is time-consuming process which leads to order delivery delays (some hosting companies may setup new VPS up to 48 hours) and potentially leads to security breaches as a result of configuration errors and human factor.

The goal of every VPS hosting company is to minimize VPS provisioning time (up to several minutes if possible!), reduce administrative overhead and exclude human factor. This could be achieved by creating a new VPS from “operating system template” (OS template) once prepared by highly-skilled personnel.

In Control Panel VPS solution OS template represents a set of Virtual Hard Disk (VHD) file containing “generalized” image of installed OS (and other applications) and a meta-information describing template supported features as well as provisioning options.

This guide will describe how to prepare OS template ready for completely automated provisioning of customer VPS with Windows Server 2008 R2 SP1. Provided guidance could be used as a good starting point for creation your own OS templates based on Windows Server 2008 R2 SP1, but with additional pre-installed software and deployment scenarios

Overview

The process of creating a new VPS template for WSP solution could be outlined by the following table

Step Description
Create “Master” Virtual Machine Create a new “master” virtual machine. Its’ Virtual Hard Drive (VHD) with pre-installed operating system and other software will be used as a template for customer virtual machines
Install and Configure Guest Operating System Install desired operating system on “master” virtual machine. Configure operating system settings, services and install additional applications
Sysprep “Generalize” pass Generalize “master” operating system with Sysprep utility and prepare it for multi-copying
Replace Unattended answer file with template Copy “master” VHD to the Templates library, mount it and replace unattended Setup answer file with template. Setup other installation scripts if required
Deploy VHD to CP Templates Library Add a new template “item” into Template library index file, describe template supported features and provisioning options

 

Create Master Virtual Machine

You have to create a “master” virtual machine which will be used to work with template VHD.

To install guest OS on master virtual machine you need .ISO file or physical DVD media with operating system distributive. You can download DVD ISO files from MSDN subscriptions.

Open “Hyper-V Manager” and click “New -> Virtual Machine…” from action menu to start virtual machine creation wizard.

  • Give new VM some meaningful name helping to distinguish it from others, for example “Master – Windows 2008 Standard x64”. We recommend to establish some VM naming conventions, such as “Master – <OS_NAME> <OS_EDITION> <BITNESS> [(INSTALLED_APP_1, INSTALLED_APP_2, …)], for example to indicate that particular VM is a master VM with Windows Server 2008 Enterprise x64, IIS, SQL Server and WSP installed you could use the following name: “Master – Windows 2008 Enterprise x64 (IIS, SQL, WSP)”.
  • Select VM location. It is recommended to store virtual machines on a separate hard disk volume. It would simplify their backup procedure (VM backup procedure is described in a separate WSP VPS solution guide). For example, in our case the system volume is C: and Hyper-V virtual machines are created on M: volume. Again, we recommend here to define some folders structure, for example customer virtual machines are stored in M:\VPS\Customers folder and master VMs are in M:\VPS\Master folder

  • Give new VM enough virtual memory to run Windows Server 2008 R2 SP1(at least 1024MB).
  • Connect VM to valid external network
  • Create a new virtual hard disk with the minimum space, just enough to install Windows 2008 R2 SP1 and other optional applications.
  • Select “Install an operating system from a boot CD/DVD-ROM” option and select DVD image file (.ISO) or pass-through physical DVD drive on Hyper-V machine
  • On the last wizard step select “Start the virtual machine after it is created” option and click “Finish”.
  • Finalize the last stage of the deployment of the operating system
Setting up Guest OS Services and Applications

Configure the following components in preparation of the Guest OS Services:

Component Additional Information
Hyper-V Integration Services
Change Computer Name Using “Initial Configuration Tasks” wizard change computer name, make it a member of some workgroup or join to Active Directory domain. We recommend selecting meaningful computer name easily distinguishing it from others, for example in our case it might be “MASTER-W2K8-STD”. Note that NetBIOS name is limited to 15 symbols. 

Restart computer after changing its name

Configure Network Connection On “Server Manager” home page click “View Network Connections”: 

Change connection properties to connect network. You might need access to your LAN or Internet to download software distributives and other remote files.

Enable Remote Desktop On “Server Manager” home page click “Configure Remote Desktop”:

  • Select “Allow connections from computers running any version of Remote Desktop” as it will allow you to connect from Windows XP, Remote Desktop Web Connection and other RDC-enabled clients.
  • Allow RDC exception on the Firewall.
  • Click OK
Set Password Policy It is recommended policy. You can choose another policy, but anyways Control Panel Virtual Private Servers Policy should be correlated with those settings. 

Open Administrative tools > Local Security Policy > Account Policies > Password Policy

 

Set “Enforce password history” and choose 0.

Set “Maximum password age” and choose 0.

Set “Minimum password age” and choose 0.

Set “Minimum password length” and choose some desired values. Do not forget to adjust Control Panel Virtual Private Servers Policy to the same value.

Set “Password must meet complexity requirements” and choose Disabled.

Keep “Store passwords using reversible encryption” with default Disable settings.

Backup Master VHD Before moving to the next steps backup your master VHD:

  • Shut down virtual machine (do not “Turn off” it!).

 

  • Locate its .VHD and copy it to some safe location, say to “M:\VPS\Master\Backups” folder. You can see the exact location of VHD file by opening VM properties dialog

 

Important note: Do not make system snapshots as it leads to creating differential virtual hard drives (you may check this article for more info about Hyper-V Snapshotting: http://blogs.msdn.com/virtual_pc_guy/archive/2008/03/11/virtual-machine-snapshotting-under-hyper-v.aspx) and as a result master template will be broken into several parts.

 

After making VHD backup start VM again.

Install CP Virtual Machine Configuration Service Control Panel Virtual Machine Configuration Service (CP VmConfig) is a Windows Service that runs in guest operating system and performs the following functions:

  • Executes provisioning modules to configure guest operating system.
  • Gathers real-time statistics (RAM, HDD) that is displayed on the control panel user interface (UI).

 

CP VmConfig includes the following provisioning modules:

  • Change computer name
  • Change administrator password
  • Change network adapter configuration

 

CP VmConfig service communicates with host Hyper-V machine through “Hyper-V Data Exchange” integration component, so make sure its service is up and running

 

Installation instructions:

 

  • Extract the contents of the zip file to the destination directory, e.g. “C:\WebsitePanel\VmConfig”.
  • Install VmConfig service using installation batch: •In Windows Explorer the destination directory in which WSP.VmConfig.exe executable file is located.
  • Run “install.bat”.
  • Open “Services” snap-in by clicking “Start -> Administrative Tools -> Services”. You should see “WebsitePanel Virtual Machine Configuration Service” in the list.
  • Start “WebsitePanel Virtual Machine Configuration Service”.
  • Open WSP.VmConfig.log file and make sure it doesn’t contain any errors. Normally, immediately after service start it must contain the following text (X.X.X.X represents a version of the tool):

 

 

 

 

Preparing VPS Template for Deployment

It may probably seem that once we have a ready master VHD the most straightforward way to create another virtual machine would be just copying this VHD instead of creating it from scratch. But if you do that, the duplicated VHD will contain the same Computer Security Identifier (SID) as the master VHD. If you try to join new system to the domain, you won’t be able to login with the following error message: “The system cannot log you on due to the following error: The name or security ID (SID) of the domain specified is inconsistent with the trust information for that domain.”

Computers running the Windows operating system use a Security ID (SID) to uniquely identify themselves. When you use disk-duplicating approach for new VMs deployment, it is important to take steps to ensure the uniqueness of these Security IDs:

Step Description
Sysprep Utility Sysprep prepares a computer for disk imaging or delivery to a customer by configuring the computer to create a new computer security identifier (SID) when the computer is restarted. In addition, Sysprep cleans up user- and computer-specific settings and data that must not be copied to a destination computer. 

Sysprep.exe utility is a part of Windows Server 2008 R2 SP1 and it is located in %windir%\system32\sysprep folder (in our case it is c:\windows\system32\sysprep).

Creating Answer File for Sysprep After running Sysprep utility on Master VPS all user- and computer-specific information will be deleted from the operating system. On the next VPS restart operating system will behave much like a fresh OS in the middle of setup process, i.e. it will run “specialize” and then “oobeSystem” (OOBE – out-of-the-box experience) passes. User will be asked to select computer locale and regional settings, specify computer name and set administrator password. But our goal is to hide this process from VPS customers and specify (“answer”) all these parameters on their behalf. 

To automate Windows Setup we provide Sysprep utility with an “answer file” to configure unattended Setup settings for various passes. Answer file represents an XML file with clear and well-documented structure. This file could be conveniently edited in Windows System Image Manager (WSIM) tool that is a part of Windows Automated Installation Kit (WAIK).

 

You can download WAIK from Microsoft Downloads or MSDN Subscription Downloads. We recommend downloading WAIK from MSDN as it perfectly works on 64-bit systems

Generalize Master Image We are going to prepare a very basic answer file just for “generalize” pass which is initiated in the time of Sysprep execution. Later, we will create another answer file with settings for “specialize” and “oobeSystem” phases that will be used by Windows Setup on the first run of new customer VPS. 

For “generalize” phase we are disabling auto-starting “Server Manager” application and disabling “Initial Configuration Tasks” dialog

 

Save answer file as “unattend-generalize.xml” in “c:\WSIM\Windows Server 2008 x64” folder (where install.wim is located).

 

Connect to “master” VPS using Remote Desktop or Hyper-V Virtual Machine Connection and copy “unattend-generalize.xml” file to “%windir%\system32\sysprep” folder of guest OS as “unattend.xml”:

 

Before running sysprep please switch all network adapters of master VM to “Obtain an IP address automatically”.

 

Open command line interface:

Start -> Run… -> cmd + Enter

 

Switch to c:\Windows\System32\sysprep directory:

cd c:\Windows\System32\sysprep

 

Run sysprep with the following parameters:

sysprep /generalize /oobe /shutdown /unattend:unattend.xml

 

When “master” virtual machine is shut down VPS template is almost ready.

 

Do not start “master” virtual machine yet!

 

Deploying VPS Template to Library

Copy master VHD file from its original location (in our example it is “M:\VPS\Master\Master – Windows 2008 Standard x64”) to WSP VPS solution “Templates” folder (in our example it is C:\VPS\Templates”) and rename it to “Windows 2008 Standard x64.vhd”.

Mount the vhd and replace contents of “unattend.xml” file in “Windows\System32\sysprep” folder of mounted disk with the earlier created “unattend-template.xml”. Dismount the vhd once completed.

OS Templates folder (in our example “C:\VPS\Templates”) with template .VHD files must contain “index.xml” file which contains the list of all available templates and has the following structure:

<?xml version=”1.0″?>

<items>

<item path=”vhd-filename-without-extension” diskSize=”internal-vhd-size-in-GB”

legacyNetworkAdapter=”true|false” remoteDesktop=”true|false”>

<name>template name shown in the dropdown</name>

<description>template description</description>

<provisioning>

<sysprep file=”path-inside-vhd-1″/>

<sysprep file=”path-inside-vhd-1″/>

<sysprep file=”path-inside-vhd-N”/>

<vmconfig computerName=”true|false” administratorPassword=”true|false”

networkAdapters=”true|false” />

</provisioning>

</item>

<item path=”item2″>

</item>

</items

 

  • path – is the name of VHD file without .VHD extension, for example “Windows Server 2008 x64”. This attribute is mandatory.
  • diskSize – the internal size in gigabytes of VHD (the size the first disk volume inside VHD). This value is used during VPS creation. If “HDD” quota allocated to VPS less then specified VHD size then VPS won’t be created and error will be displayed. However, this attribute is optional and if it is not specified or equal to 0 (“zero”) disk size will not be verified during VPS creation.
  • legacyNetworkAdapter – specifies the type of network adapter that will be created in virtual machine: synthetic (for new Microsoft operating systems where “Intergration Services” exist) or legacy (for Microsoft operating systems prior Windows XP and non-Microsoft operating systems like Linux). If “legacyNetworkAdapter” attribute is not specified it is “synthetic” by default.
  • remoteDesktop – specifies whether remote desktop is enabled in guest OS and VPS could be access with Remote Desktop Web Connection (RDWC). If remoteDesktop is “true” a link with RDWC will appear on “General” tab of VPS properties. If this attribute is not specified RDWC link will be hidden by default
  • name – display name of OS template. This is the value that will be shown in the dropdown on VPS creation wizard.
  • description – description of OS template. Currently it is not used.
  • provisioning – optional element including provisioning options.
  • sysprep – allows to specify a file inside VHD that must be processed during VPS provisioning. The file may contain DNP template variables and instructions. The “file” attribute must specify relative path (without drive letter) to the file inside VHD as DNP accesses only the first VHD volume, for example “\Windows\System32\sysprep\unattend.xml”. There can be any number of “sysprep” elements to process several files.
  • vmconfig – optional element specifying which VmConfig service modules will be executed during VPS provisioning. Using VmConfig on provisioning stage could be helpful if it is hard or even impossible to configure some settings in unattended setup answer file. Windows Server 2008 onwards can be completely configured with answer file (explained in this guide), so this section could be omitted.
  • computerName – specifies whether “Change computer name” VmConfig task must be executed during VPS provisioning or not. “true” means task will be executed;
  • administratorPassword – specifies whether “Change administrator password” VmConfig task must be executed during VPS provisioning or not. “true” means task will be executed;
  • networkAdapters – specifies whether “Setup network adapters” VmConfig task must be executed during VPS provisioning or not. “true” means task will be executed

When creating index.xml file pay attention to:

  • File extension that must be “.xml”. When you are creating a new .txt file in Windows it may hide known extension, so it might be confusing.
  • File encoding. UTF-8 is recommended to allow various national characters in template names and descriptions. You may choose encoding on “Save as…” dialog of Notepad.
VPS Guest OS Provisioning

The following diagram outlines VPS guest OS provisioning and it helps to better understand what’s happening when CP creates a new VPS:

Step Description
Copy VHD from Templates Library CP copies template VHD to customer VPS folder. If required destination VHD is converted either to dynamic or fixed type and then expanded if its size must be greater that OS template
Process Unattended setup answer template VHD is mounted and all specified templates are processed by CP
Create Customer Virtual Machine CP creates a new virtual machine and attaches copied and processed VHD. New virtual machine is starting
Windows runs “Specialize” pass During first run of operating system Windows Setup process configuration settings from “specialize” pass
Windows runs “Welcome” pass Right after “specialize” pass Windows Setup process configuration settings from “oobeSystem” pass
CP VmConfig configures the rest of OS parameters CP VmConfig service is starting and executing specified provisioning tasks.

Creating DVD Media Library

DVD Media Library folder stores ISO images of CD and DVD disks that customers could choose from and insert into DVD drives of their VPS. The folder with .ISO files must contain index.xml file which contains the list of all available library disks and has the following structure:

<?xml version=”1.0″?>

<items>

<item path=”iso-filename-WITH-EXTENSION”>

<name>disk title</name>

<description>disk description</description>

</item>

<item path=”item2″>

</item>

</items>

 

For example:

<?xml version=”1.0″?>

<items>

<item path=”en_windows_web_server_2008_x86_dvd_X14-26678.iso”>

<name>Windows Server 2008 Web Edition x86</name>

<description>Windows Server 2008 helps IT professionals to increase the flexibility and reliability of their server infrastructure while offering developers a more robust web and applications platform for building connected applications and services.</description>

</item>

<item path=”VS2008ExpressENUX1397868.iso”>

<name>Visual Studio 2008 Express Collection</name>

<description>This DVD contains all the Express products as well as optional components in a single image (ISO) file.</description>

</item>

</items>

 

If there are any national characters in this XML do not forget to save the file in UTF-8 encoding. You can select encoding on “Save As…” dialog in Notepad