ptg6432687
200
6 Managing, Administering, and Maintaining a Hyper-V Host Server
Manager. To check for an update to the device driver for the network adapter, follow
these steps:
1. Expand the Network Adapters node in Device Manager.
2. Select the network adapter to check.
3. Select Action, Update Driver Software from the menu.
4. Click Search Automatically for Updated Driver Software.
5. Click Yes, Always Search Online (Recommended).
6. Install the update if found.
7. Click Close to exit the wizard.
NOTE
Many times, the latest version of the driver will already be installed. In these cases,
the message “The best driver for your device is already installed” will be shown.
Server Manager Configuration Page
The Configuration page in Server Manager is somewhat misleading. This is not the page
from which you would configure the server. The Configuration node in Server Manager is
just a container for the following four snap-ins:
. Task Scheduler
. Windows Firewall with Advanced Security
. Services
. WMI Control
These snap-ins allow the administrator to control some elements of the server configura-
tion and are covered in the next four sections.
Task Scheduler
One of the greatly expanded features of Windows 2008 is the Task Scheduler. In earlier
versions of Windows, this was an anemic service with limited options and auditing
features. The Task Scheduler features in Windows 2008 have been expanded into a more
sophisticated tool. The scheduler can start based on a variety of triggers, can take a
number of predefined actions, and can even be mitigated by conditions and the settings.

Download at www.wowebook.com
ptg6432687
201
Performing Management Tasks with Server Manager
6
NOTE
A creative way of using Task Scheduler in Hyper-V is to set up a task that pauses a vir-
tual guest session, takes a snapshot of the session, copies the session image files off
to an external storage system, and then restarts the session. This is a cheap and sim-
ple way to take static backups of guest images and copy images off a Hyper-V host
system to an external storage system.
There are several elements to the Task Scheduler, as follows:
. Triggers—Tasks run when the trigger criteria are met. This could be a scheduled time,
logon, startup, idle, log event, user session connect or disconnect, or workstation
lock or unlock. These various triggers give the administrator a wide range of options
on when to start a task.
. Actions—The actions are the work that the task will perform. This can be executing
a program, sending an email via SMTP, or displaying a message on the desktop.
. Conditions—Conditions allow the task trigger criteria to be filtered. Conditions
include if the computer is idle, on battery power, or connected to a network. This
allows administrators to prevent tasks from running if the computer is busy, on
battery, or disconnected from the network.
. Settings—The settings control how a task can be executed, stopped, or deleted. In
the settings of a task, the administrator can control if the task can be launched man-
ually, if it runs after a missed schedule start, if it needs to restart after a failure, if it
needs to run multiple tasks in parallel, or to delete it if it is not set to run in the
future.
Also included with Windows 2008 Task Scheduler is the Task Scheduler Library, which
includes approximately 20 different predefined tasks. These tasks include the following:
. ScheduledDefrag—This task runs every week and uses the command

defrag.exe –c
–i –g to defragment all the volumes on the server. This is a major improvement of
earlier versions of Windows, which required this command to be run manually.
However, the trigger for this task is disabled by default, so it will not run as shipped.
. ServerManager—This task runs at user logon and runs the ServerManagerLauncher
to launch the Server Manager console whenever a user logs on.
Both these tasks demonstrate the capabilities of the Task Scheduler to automate routine
tasks or to ensure that certain tasks run at logon.
The Task Scheduler has a new feature that goes hand in hand with the library, namely the
ability to create folders to store the tasks. This helps organize the tasks that are created.
The scheduler includes a Microsoft folder for the tasks that ship with the operating
system. Administrators can create other folders to organize and store their tasks.
Selecting the Task Scheduler folder in the System Manager configuration shows the Task
Scheduler Summary (shown in Figure 6.23). This window has two sections: Task Scheduler
Download at www.wowebook.com
ptg6432687
202
6 Managing, Administering, and Maintaining a Hyper-V Host Server
FIGURE 6.23 Ta s k Sche d u l er Su mma r y wi ndo w .
and Active Tasks. The Task Scheduler section shows the status of tasks within a time frame,
by default the past 24 hours. The time frame can be set to the last hour, last 24 hours, last
7 days, or last 30 days. For each task that has run within the time frame, it shows the Task
Name, Run Result, Run Start, and Run End. The section also summarizes the task status;
Figure 6.23 shows 51 total tasks have run with 1 running and 50 succeeded. The figure
also shows that it is the ScheduledDefrag task that is running.
The Active Tasks name is somewhat misleading because it shows tasks that are enabled
and their triggers. It does not show tasks that are running. For the scheduled tasks, it
shows the Next Run Time. This section is useful for seeing which tasks will run on a given
server in response to a trigger, either a schedule or an event. If the task does not appear in
this section, it will be run only if executed manually.

A quick review of the Active Tasks shows that the ScheduledDefrag task is not in the list.
This is because the trigger for the task is disabled by default, so the task will not run and
so does not show in the Active Tasks list.
To enable the ScheduledDefrag task, execute the following steps:
1. Open the Server Manager console.
2. Expand the Configuration folder.
3. Expand the Task Scheduler folder.
4. Expand the Task Scheduler Library folder.
Download at www.wowebook.com
ptg6432687
203
Performing Management Tasks with Server Manager
6
TABLE 6.5 Firewall Profiles
Profile Description
Domain
Profile
Applied when the server is connected to its Active Directory domain.
Private
Profile
Applied when the server is connected to a private network but not to the
Active Directory domain.
Public
Profile
Applied when the server is connected to a public network.
5. Expand the Microsoft, Windows folder and select the Defrag folder.
6. Select the ScheduledDefrag task and select Action, Properties.
7. Select the Triggers tab.
8. Select the Weekly trigger and click the Edit button.
9. At the bottom of the Edit Trigger window, check the Enabled box.

10. Click OK.
11. Click OK to close the Properties of the task.
Going back to the Task Scheduler Summary window, you will now find the
ScheduledDefrag task listed with a Next Run Time of the following Wednesday at
1:00 a.m.
Windows Firewall with Advanced Security
The Windows Firewall with Advanced Security feature provides access to the combined
Windows Firewall and Connection Security features of Windows 2008. These technologies
work in tandem to provide protection from network-based attacks to the server. The fire-
wall rules determine what network traffic is allowed or blocked to the server. The connec-
tion security rules determine how the allowed traffic is secured.
The Windows Firewall with Advanced Security folder shows a summary of which profile is
active (Domain, Private, or Public), the profile’s high-level configuration, and links to the
other components of the snap-in.
The other components of the Windows Firewall with Advanced Security snap-in are for
configuration and monitoring the features. These components are as follows:
. Inbound rules
. Outbound rules
. Connection Security rules
. Monitoring
The inbound and outbound rules control what traffic is allowed in to an out of the server.
Several hundred rules govern what traffic is allowed. These are organized into profiles for
ease of application. Table 6.5 shows these profiles.
Download at www.wowebook.com
ptg6432687
204
6 Managing, Administering, and Maintaining a Hyper-V Host Server
FIGURE 6.24 Security associations monitoring.
Clearly, the vast majority of services will have the Domain Profile active, because they will
likely be on a network with Active Directory. Each of the profiles has a set of rules associ-

ated with them. In addition, a number of rules apply to all profiles, which are designated
as Any. Some of the rules are disabled by default.
Connection Security rules are stored in the likewise named folder. The rules specify how
the computers on either side of a permitted connection authenticate and secure the
network traffic. This is essentially the IPsec policy from previous versions of Windows,
albeit with a much-improved interface. By default, there are no Connection Security rules
created in Windows 2008. Rules can be created and reviewed in this portion of the snap-in.
The Monitoring folder is somewhat limited in scope. It has a Firewall folder and a
Connection Security Rules folder. These two folders simply show what rules are active, but
show no traffic details or whether the rules have blocked or allowed anything. In effect,
they show the net result of the profile that is active.
More useful in monitoring is the Security Associations folder. This folder lists the security
associations (shown in Figure 6.24) with the local and remote IP addresses, authentication
methods, encryption, integrity, and key exchange. In the figure, you can see that the local
address of the server is 172.16.1.101 and the other server is 172.16.1.100. The computers
are authenticating using Kerberos, and the user is also authenticating at the connection
level using Kerberos. Finally, the network traffic confidentiality is protected with the AES-
128 encryption algorithm, and the network traffic is protected from modification by the
SHA-1 integrity algorithm. Multiple security associations are listed, reflecting various
connections that have been established between the two servers.
Download at www.wowebook.com
ptg6432687
205
Performing Management Tasks with Server Manager
6
Services
The Services snap-in in the Configuration container in Server Manager is essentially
unchanged from the previous version of Windows. All the services are listed, along with
their status, startup type, and logon credentials.
From the Services snap-in, administrators can control services on the server, including

the following:
. Start or stop the services
. Change the startup type to set the service to start automatically, be started manually,
or even prevent the service from starting at all
. Change the account the service runs under
. Set up recovery actions if the service stops, such as restarting the service or even
restarting the server
. View the configuration details of the service, such as what the executable is, what
the service name is (which is shown in the Task Manager window), and what depen-
dencies it has
A new feature is the Automatic (Delayed Start) startup type. This is a setting used to
reduce the crunch of services starting all at once during boot of the server. All the services
with the Automatic (Delayed Start) setting will be started after the services with the auto-
matic setting. This allows all the services to come up automatically, but allows essential
services to start first.
WMI Control
The last snap-in in the Configuration container of the Server Manager is the WMI Control
tool. This is a new tool that allows administrators to maintain the Windows Management
Instrumentation (WMI) configuration on the server. With this tool, an administrator can
accomplish the following tasks:
. Back up the WMI repository
. Change the default scripting namespace (root\cimv2)
. Manage access to the WMI via the Security tab
Before the introduction of the WMI Control tool, these tasks were difficult to accomplish.
To back up the WMI repository, you just need to complete the following steps:
1. Open the Server Manager console.
2. Expand the Configuration folder.
3. Select the WMI Control folder.
4. Select the Action menu and then Properties.
5. Select the Backup/Restore tab.

6. Enter a filename with a full path. The file type will be a WMI Recovery File (REC).
Download at www.wowebook.com
ptg6432687
206
6 Managing, Administering, and Maintaining a Hyper-V Host Server
7. Click Save to save the file.
8. Click OK to exit the tool.
Interestingly, the tool is not an integrated snap-in, but rather a separate tool.
Summary
Although administrators can easily get caught up in daily administration and firefighting,
it’s important to structure system management and maintenance of the Hyper-V host
servers and guest sessions to help prevent unnecessary amounts of effort. Windows 2008
provides many tools that allow administrators to more effectively manage their servers.
The Hyper-V Manager tool provides key components in setting up virtual network
switches, managing guest disk images, and configuring host services. The Windows 2008
Server Manager is a one-stop shop for the management and monitoring Hyper-V servers
and is the parent operating system of the host system.
Administration of Hyper-V hosts does not need to be done at the console of each Hyper-V
host because there are several different ways of connecting to a remote host server and the
guest sessions running on the Hyper-V host system.
Security is also extremely important in a Hyper-V environment, being that the compro-
mise of a single Hyper-V host server opens up the door for unauthorized access to many
running host servers. Common practices can be applied to minimize the risk footprint of a
Hyper-V host system.
Systems management and maintenance is not just about the cool technologies, but also
about how those technologies are used. Following a management and maintenance
regimen reduces administration, maintenance, and business expenses while at the same
time increasing reliability, stability, and security.
The chapter covered a multitude of processes and procedures that help organizations
better manage, administer, and maintain their Hyper-V host systems and the guest

sessions running on the virtual host server.
Best Practices
The following are best practices from this chapter:
. The Hyper-V Administration console is the first tool to use in managing Hyper-V
configurations and operations.
. Use System Manager as a centralized tool for all Windows 2008 and Hyper-V admin-
istrative tasks.
. Try to maintain the network environment’s systems periodically to avoid any ineffi-
ciency.
Download at www.wowebook.com
ptg6432687
207
Best Practices
6
. Remotely manage systems using Remote Server Administration tools, Remote Desktop
for Administration, Windows Remote Management, and command-line utilities.
. Use System Center Operations Manager 2007 to proactively manage Hyper-V hosts
and guest sessions.
. Identify tasks that are important to the system’s overall health and security.
. Install the appropriate service packs and updates on each production server and
guest sessions to keep all systems consistent.
. Use the Offline Virtual Machine Servicing tool to keep virtual guest templates and
offline images up-to-date with the latest patches and updates.
. Test and evaluate service packs and updates in a lab environment before installing
them on production servers.
. Use the snapshot capability in Hyper-V as a rollback strategy to recovery from a
service pack or patch installation failure.
. Use Windows Software Update Services to minimize administration, management, and
maintenance associated with keeping up with the latest service packs and updates.
. Categorize and document daily maintenance activities such as checking server func-

tionality, verifying that backups were successful, and monitoring Event Viewer events.
. Categorize and document weekly maintenance processes and procedures such as
checking disk space, verifying hardware operation, and archiving event logs.
. Categorize and document monthly maintenance processes and procedures such as
maintaining system integrity, testing UPS functionality, validating backups, and
updating documentation.
. Categorize and document quarterly maintenance processes and procedures such as
checking storage limits and changing administrative passwords.
. Use Windows Server Backup to back up Hyper-V hosts and guest images, but rely on
backing up guest images to take advantage of VSS recovery mechanisms and the
proper flushing of application transaction logs.
. Perform management tasks such as reviewing reliability and performance monitor to
ensure the Hyper-V host server and guest sessions are running properly.
Download at www.wowebook.com
ptg6432687
This page intentionally left blank
Download at www.wowebook.com
ptg6432687
7
Optimizing the Hyper-V
Host Server and Guest
Sessions
IN THIS CHAPTER
. Defining Capacity Analysis
. Using Capacity-Analysis Tools
. Optimizing the Performance of
Hyper-V Host Servers and
Guest Sessions
. Monitoring System
Performance

. Optimizing Performance by
Server Roles
Capacity analysis and performance optimization is a criti-
cal part of deploying and managing Hyper-V host servers.
Capacity analysis and performance optimization ensures
that resources and applications are available, uptime is
maximized, and systems scale well to meet the growing
demands of business. Windows 2008 includes some new
and some refreshed tools to assist IT administrators and
staff with properly assessing server capacity and perfor-
mance—before and after Windows 2008 is deployed on the
network. If you invest time in these processes, you will
spend less time troubleshooting or putting out fires, thus
making your life less stressful and also reducing business
costs.
Defining Capacity Analysis
The majority of capacity analysis is working to minimize
unknown or immeasurable variables, such as the number of
gigabytes or terabytes of storage the system will need in the
next few months or years, to adequately size a system. The
high number of unknown variables is largely because
network environments, business policy, and people are
constantly changing. As a result, capacity analysis is an art
as much as it involves experience and insight.
If you’ve ever found yourself having to specify configura-
tion requirements for a new server or having to estimate
whether your configuration will have enough power to
sustain various workloads now and in the foreseeable
future, proper capacity analysis can help in the design and
configuration. These capacity-analysis processes help weed

out the unknowns and assist you while making decisions as
Download at www.wowebook.com