10751A ENU TrainerHandbook

M I C R O S O F T
10751A
L E A R N I N G
P R O D U C T
MCT USE ONLY. STUDENT USE PROHIBITED
O F F I C I A L
Configuring and Deploying a Private Cloud

with System Center 2012
10751A: Configuring and Deploying a Private Cloud with System Center 2012
ii
Information in this document, including URL and other Internet website references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
email addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, email address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
2012 Microsoft Corporation. All rights reserved.
Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty

/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are
property of their respective owners.
Product Number: 10751A

Part Number: X18-47708
Released: 05/2013
MICROSOFT LICENSE TERMS

OFFICIAL MICROSOFT LEARNING PRODUCTS
MICROSOFT OFFICIAL COURSE Pre-Release and Final Release Versions
These license terms are an agreement between Microsoft Corporation and you. Please read them. They apply to
the Licensed Content named above, which includes the media on which you received it, if any. These license
terms also apply to any updates, supplements, internet based services and support services for the Licensed
Content, unless other terms accompany those items. If so, those terms apply.
BY DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT
THEM, DO NOT DOWNLOAD OR USE THE LICENSED CONTENT.
If you comply with these license terms, you have the rights below.
1.
DEFINITIONS.
a. Authorized Learning Center means a Microsoft Learning Competency Member, Microsoft IT Academy
Program Member, or such other entity as Microsoft may designate from time to time.
b. Authorized Training Session means the Microsoft-authorized instructor-led training class using only
MOC Courses that are conducted by a MCT at or through an Authorized Learning Center.
c. Classroom Device means one (1) dedicated, secure computer that you own or control that meets or
exceeds the hardware level specified for the particular MOC Course located at your training facilities or
primary business location.
d. End User means an individual who is (i) duly enrolled for an Authorized Training Session or Private
Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee.
e. Licensed Content means the MOC Course and any other content accompanying this agreement.
Licensed Content may include (i) Trainer Content, (ii) software, and (iii) associated media.
f.
Microsoft Certified Trainer or MCT means an individual who is (i) engaged to teach a training session
to End Users on behalf of an Authorized Learning Center or MPN Member, (ii) currently certified as a
Microsoft Certified Trainer under the Microsoft Certification Program, and (iii) holds a Microsoft
Certification in the technology that is the subject of the training session.
g. Microsoft IT Academy Member means a current, active member of the Microsoft IT Academy
Program.
h. Microsoft Learning Competency Member means a Microsoft Partner Network Program Member in
good standing that currently holds the Learning Competency status.
i.
Microsoft Official Course or MOC Course means the Official Microsoft Learning Product instructorled courseware that educates IT professionals or developers on Microsoft technologies.
j.
Microsoft Partner Network Member or MPN Member means a silver or gold-level Microsoft Partner
Network program member in good standing.
k. Personal Device means one (1) device, workstation or other digital electronic device that you
personally own or control that meets or exceeds the hardware level specified for the particular MOC
Course.
l. Private Training Session means the instructor-led training classes provided by MPN Members for
corporate customers to teach a predefined learning objective. These classes are not advertised or
promoted to the general public and class attendance is restricted to individuals employed by or
contracted by the corporate customer.
m. Trainer Content means the trainer version of the MOC Course and additional content designated
solely for trainers to use to teach a training session using a MOC Course. Trainer Content may include
Microsoft PowerPoint presentations, instructor notes, lab setup guide, demonstration guides, beta
feedback form and trainer preparation guide for the MOC Course. To clarify, Trainer Content does not
include virtual hard disks or virtual machines.
2.
INSTALLATION AND USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is
licensed on a one copy per user basis, such that you must acquire a license for each individual that
accesses or uses the Licensed Content.
2.1
Below are four separate sets of installation and use rights. Only one set of rights apply to you.
a. If you are a Authorized Learning Center:

i. If the Licensed Content is in digital format for each license you acquire you may either:
1. install one (1) copy of the Licensed Content in the form provided to you on a dedicated, secure
server located on your premises where the Authorized Training Session is held for access and
use by one (1) End User attending the Authorized Training Session, or by one (1) MCT teaching
the Authorized Training Session, or
2. install one (1) copy of the Licensed Content in the form provided to you on one (1) Classroom
Device for access and use by one (1) End User attending the Authorized Training Session, or by
one (1) MCT teaching the Authorized Training Session.
ii. You agree that:
1. you will acquire a license for each End User and MCT that accesses the Licensed Content,
2. each End User and MCT will be presented with a copy of this agreement and each individual
will agree that their use of the Licensed Content will be subject to these license terms prior to
their accessing the Licensed Content. Each individual will be required to denote their
acceptance of the EULA in a manner that is enforceable under local law prior to their accessing
the Licensed Content,
3. for all Authorized Training Sessions, you will only use qualified MCTs who hold the applicable
competency to teach the particular MOC Course that is the subject of the training session,
4. you will not alter or remove any copyright or other protective notices contained in the
Licensed Content,
5. you will remove and irretrievably delete all Licensed Content from all Classroom Devices and
servers at the end of the Authorized Training Session,
6. you will only provide access to the Licensed Content to End Users and MCTs,
7. you will only provide access to the Trainer Content to MCTs, and
8. any Licensed Content installed for use during a training session will be done in accordance
with the applicable classroom set-up guide.
b. If you are a MPN Member.

i. If the Licensed Content is in digital format for each license you acquire you may either:
1. install one (1) copy of the Licensed Content in the form provided to you on (A) one (1)
Classroom Device, or (B) one (1) dedicated, secure server located at your premises where
the training session is held for use by one (1) of your employees attending a training session
provided by you, or by one (1) MCT that is teaching the training session, or
2. install one (1) copy of the Licensed Content in the form provided to you on one (1)
Classroom Device for use by one (1) End User attending a Private Training Session, or one (1)
MCT that is teaching the Private Training Session.
ii. You agree that:
1. you will acquire a license for each End User and MCT that accesses the Licensed Content,
2. each End User and MCT will be presented with a copy of this agreement and each individual
will agree that their use of the Licensed Content will be subject to these license terms prior
to their accessing the Licensed Content. Each individual will be required to denote their
acceptance of the EULA in a manner that is enforceable under local law prior to their
accessing the Licensed Content,
3. for all training sessions, you will only use qualified MCTs who hold the applicable
competency to teach the particular MOC Course that is the subject of the training session,
4. you will not alter or remove any copyright or other protective notices contained in the
Licensed Content,
5. you will remove and irretrievably delete all Licensed Content from all Classroom Devices and
servers at the end of each training session,
6. you will only provide access to the Licensed Content to End Users and MCTs,
7. you will only provide access to the Trainer Content to MCTs, and
8. any Licensed Content installed for use during a training session will be done in accordance
with the applicable classroom set-up guide.
c. If you are an End User:
You may use the Licensed Content solely for your personal training use. If the Licensed Content is in
digital format, for each license you acquire you may (i) install one (1) copy of the Licensed Content in
the form provided to you on one (1) Personal Device and install another copy on another Personal
Device as a backup copy, which may be used only to reinstall the Licensed Content; or (ii) print one (1)
copy of the Licensed Content. You may not install or use a copy of the Licensed Content on a device
you do not own or control.
d. If you are a MCT.

i. For each license you acquire, you may use the Licensed Content solely to prepare and deliver an
Authorized Training Session or Private Training Session. For each license you acquire, you may
install and use one (1) copy of the Licensed Content in the form provided to you on one (1) Personal
Device and install one (1) additional copy on another Personal Device as a backup copy, which may
be used only to reinstall the Licensed Content. You may not install or use a copy of the Licensed
Content on a device you do not own or control.
ii.
Use of Instructional Components in Trainer Content. You may customize, in accordance with the
most recent version of the MCT Agreement, those portions of the Trainer Content that are logically
associated with instruction of a training session. If you elect to exercise the foregoing rights, you
agree: (a) that any of these customizations will only be used for providing a training session, (b) any
customizations will comply with the terms and conditions for Modified Training Sessions and
Supplemental Materials in the most recent version of the MCT agreement and with this agreement.
For clarity, any use of customize refers only to changing the order of slides and content, and/or
not using all the slides or content, it does not mean changing or modifying any slide or content.
2.2 Separation of Components. The Licensed Content components are licensed as a single unit and you
may not separate the components and install them on different devices.
2.3 Reproduction/Redistribution Licensed Content. Except as expressly provided in the applicable

installation and use rights above, you may not reproduce or distribute the Licensed Content or any portion
thereof (including any permitted modifications) to any third parties without the express written permission
of Microsoft.
2.4 Third Party Programs. The Licensed Content may contain third party programs or services. These
license terms will apply to your use of those third party programs or services, unless other terms accompany
those programs and services.
2.5 Additional Terms. Some Licensed Content may contain components with additional terms,
conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also
apply to that respective component and supplements the terms described in this Agreement.
3.
PRE-RELEASE VERSIONS. If the Licensed Content is a pre-release (beta) version, in addition to the other
provisions in this agreement, then these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content is a pre-release version. It may not contain the
same information and/or work the way a final version of the Licensed Content will. We may change it
for the final version. We also may not release a final version. Microsoft is under no obligation to
provide you with any further content, including the final release version of the Licensed Content.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or
through its third party designee, you give to Microsoft without charge, the right to use, share and
commercialize your feedback in any way and for any purpose. You also give to third parties, without
charge, any patent rights needed for their products, technologies and services to use or interface with
any specific parts of a Microsoft software, Microsoft product, or service that includes the feedback. You
will not give feedback that is subject to a license that requires Microsoft to license its software,
technologies, or products to third parties because we include your feedback in them. These rights
survive this agreement.
c. Term. If you are an Authorized Training Center, MCT or MPN, you agree to cease using all copies of the
beta version of the Licensed Content upon (i) the date which Microsoft informs you is the end date for
using the beta version, or (ii) sixty (60) days after the commercial release of the Licensed Content,
whichever is earliest (beta term). Upon expiration or termination of the beta term, you will
irretrievably delete and destroy all copies of same in the possession or under your control.
4.
INTERNET-BASED SERVICES. Microsoft may provide Internet-based services with the Licensed Content,
which may change or be canceled at any time.
a. Consent for Internet-Based Services. The Licensed Content may connect to computer systems over an
Internet-based wireless network. In some cases, you will not receive a separate notice when they
connect. Using the Licensed Content operates as your consent to the transmission of standard device
information (including but not limited to technical information about your device, system and
application software, and peripherals) for internet-based services.
b. Misuse of Internet-based Services. You may not use any Internet-based service in any way that could
harm it or impair anyone elses use of it. You may not use the service to try to gain unauthorized access
to any service, data, account or network by any means.
5.
SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some rights
to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more
rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only
allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:
install more copies of the Licensed Content on devices than the number of licenses you acquired;
allow more individuals to access the Licensed Content than the number of licenses you acquired;
publicly display, or make the Licensed Content available for others to access or use;
install, sell, publish, transmit, encumber, pledge, lend, copy, adapt, link to, post, rent, lease or lend,
make available or distribute the Licensed Content to any third party, except as expressly permitted
by this Agreement.
reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the
Licensed Content except and only to the extent that applicable law expressly permits, despite this
limitation;
access or use any Licensed Content for which you are not providing a training session to End Users
using the Licensed Content;
access or use any Licensed Content that you have not been authorized by Microsoft to access and
use; or
transfer the Licensed Content, in whole or in part, or assign this agreement to any third party.
6.
RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to you in
this agreement. The Licensed Content is protected by copyright and other intellectual property laws and
treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the
Licensed Content. You may not remove or obscure any copyright, trademark or patent notices that
appear on the Licensed Content or any components thereof, as delivered to you.
7.
EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations. You
must comply with all domestic and international export laws and regulations that apply to the Licensed
Content. These laws include restrictions on destinations, End Users and end use. For additional
information, see www.microsoft.com/exporting.
8.
LIMITATIONS ON SALE, RENTAL, ETC. AND CERTAIN ASSIGNMENTS. You may not sell, rent, lease, lend or
sublicense the Licensed Content or any portion thereof, or transfer or assign this agreement.
9.
SUPPORT SERVICES. Because the Licensed Content is as is, we may not provide support services for it.
10.
TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail
to comply with the terms and conditions of this agreement. Upon any termination of this agreement, you
agree to immediately stop all use of and to irretrievable delete and destroy all copies of the Licensed
Content in your possession or under your control.
11.
LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed Content.
The third party sites are not under the control of Microsoft, and Microsoft is not responsible for the
contents of any third party sites, any links contained in third party sites, or any changes or updates to third
party sites. Microsoft is not responsible for webcasting or any other form of transmission received from
any third party sites. Microsoft is providing these links to third party sites to you only as a convenience,
and the inclusion of any link does not imply an endorsement by Microsoft of the third party site.
12.
ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates and support services are
the entire agreement for the Licensed Content.
13.
APPLICABLE LAW.
a. United States. If you acquired the Licensed Content in the United States, Washington state law governs
the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws
principles. The laws of the state where you live govern all other claims, including claims under state
consumer protection laws, unfair competition laws, and in tort.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that
country apply.
14.
LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of
your country. You may also have rights with respect to the party from whom you acquired the Licensed
Content. This agreement does not change your rights under the laws of your country if the laws of your
country do not permit it to do so.
15.
DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS," "WITH ALL FAULTS," AND "AS
AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT CORPORATION AND ITS RESPECTIVE
AFFILIATES GIVE NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS UNDER OR IN RELATION TO
THE LICENSED CONTENT. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS
WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS,
MICROSOFT CORPORATION AND ITS RESPECTIVE AFFILIATES EXCLUDE ANY IMPLIED WARRANTIES OR
CONDITIONS, INCLUDING THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NON-INFRINGEMENT.
16.
LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. TO THE EXTENT NOT PROHIBITED BY
LAW, YOU CAN RECOVER FROM MICROSOFT CORPORATION AND ITS SUPPLIERS ONLY DIRECT
DAMAGES UP TO USD$5.00. YOU AGREE NOT TO SEEK TO RECOVER ANY OTHER DAMAGES, INCLUDING
CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES FROM MICROSOFT
CORPORATION AND ITS RESPECTIVE SUPPLIERS.
This limitation applies to

o
anything related to the Licensed Content, services made available through the Licensed Content, or
content (including code) on third party Internet sites or third-party programs; and
o
claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence,
or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this agreement
are provided below in French.
Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses dans ce
contrat sont fournies ci-dessous en franais.
EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute
utilisation de ce contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre garantie
expresse. Vous pouvez bnficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualit marchande, dadquation un usage particulier et dabsence de contrefaon sont exclues.
LIMITATION DES DOMMAGES-INTRTS ET EXCLUSION DE RESPONSABILIT POUR LES DOMMAGES. Vous
pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement
hauteur de 5,00 $ US. Vous ne pouvez prtendre aucune indemnisation pour les autres dommages, y
compris les dommages spciaux, indirects ou accessoires et pertes de bnfices.
Cette limitation concerne:
tout ce qui est reli au le contenu sous licence , aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers ; et
les rclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilit
stricte, de ngligence ou dune autre faute dans la limite autorise par la loi en vigueur.
Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel dommage.
Si votre pays nautorise pas lexclusion ou la limitation de responsabilit pour les dommages indirects,
accessoires ou de quelque nature que ce soit, il se peut que la limitation ou lexclusion ci-dessus ne sappliquera
pas votre gard.
EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits prvus
par les lois de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de votre pays
si celles-ci ne le permettent pas.
Revised December 2011
Acknowledgments
xi
Microsoft Learning would like to acknowledge and thank the following for their contribution towards
developing this title. Their effort at various stages in the development has ensured that you have a good
classroom experience.
Conan Kezema Content Developer
Conan Kezema, B.Ed, Microsoft Certified System Engineer (MCSE), Microsoft Certified Trainer (MCT), is an
educator, consultant, network systems architect, and author who specializes in Microsoft technologies. As
an associate of S.R Technical Services, Conan has been a subject matter expert (SME), instructional
designer, and author on numerous Microsoft courseware development projects.
Joel Stidley Content Developer
Joel Stidley is a Microsoft Certified IP Professional (MCITP), MCSE, and Microsoft Certified Technology
Specialist (MCTS), and a Microsoft Exchange Most Valuable Professional (MVP) with more than 13 years of
IT experience. Currently, he is a principal systems architect at Terremark Worldwide, Inc., where he works
with a variety of directory, storage, virtualization, and messaging technologies. Joel has authored several
books and courses on Microsoft Technologies, including Windows PowerShell, Microsoft Exchange
Server, and Windows Server 2008. He also manages an Exchange Server blog and forum site.
Damir Dizdarevic Content Developer
Damir Dizdarevic, MCT, MCSE, MCTS, and MCITP, is a manager and trainer of the Learning Center at
Logosoft d.o.o., in Sarajevo, Bosnia and Herzegovina. Damir has more than 17 years of experience on
Microsoft platforms and he specializes in Windows Server, Exchange Server, Security and Virtualization. He
has worked as a subject matter expert and technical reviewer on many Microsoft Official Curriculum
(MOC) courses, and has published more than 400 articles in various IT magazines, such as Windows ITPro
and INFO Magazine. He is also a frequent and highly rated speaker at Microsoft conferences in Eastern
Europe. Additionally, he is a Microsoft Most Valuable Professional for Windows Server infrastructure
management.
Byron Wright Content Developer
Byron Wright is a partner in a consulting firm, where he performs network consulting, computer systems
implementation, and technical training. Byron is also a sessional instructor for the Asper School of
Business at the University of Manitoba, teaching management information systems and networking. Byron
has authored and co-authored a number of books on Windows servers, Windows Vista, and Exchange
Server, including the Windows Server 2008 Active Directory Resource Kit.
Justin Kimber Technical Reviewer
Justin (MCTS, MCITP, MCSE, MCP, and Microsoft Certified Systems Administrator (MCSA)) has worked
in the IT industry for over 17 years in various systems management roles. For six years he worked as
technical director at Inframon. In this role, he was responsible for architecting and implementing some of
the biggest systems management roll-outs in EMEA, and he was personally involved with the roll-out of a
global, application monitoring platform for Microsoft IT. He now runs his own business specializing in
Microsoft System Center training development.
Contents
Module 1: Planning for the Private Cloud
Lesson 1: Understanding the Private Cloud
1-3
Lesson 2: Requirements for Deploying a Private Cloud
1-11
Lesson 3: Designing the Private Cloud Infrastructure
1-19
Lesson 4: Overview of System Center 2012 Components
1-27
Lesson 5: Deploying Hyper-V Clustering with VMM
1-38
Lab: Preparing the Private Cloud Infrastructure
1-43
Module 2: Configuring and Deploying the Private Cloud with Microsoft

System Center 2012 - Virtual Machine Manager
Lesson 1: Overview of VMM Architecture and Components
Lesson 2: Installing and Upgrading VMM
2-3
2-17
Lesson 3: Configuring VMM Security and Roles
2-25
Lesson 4: Understanding Host Groups
2-32
Lab: Configuring and Deploying the Private Cloud Infrastructure
2-44
Module 3: Extending and Maintaining the Private Cloud Infrastructure

Lesson 1: Overview of the PXE and Update Server Roles
3-3
Lesson 2: Deploying Bare Metal Hyper-V Host Servers
3-8
Lesson 3: Configuring the Update Server Role
3-18
Lesson 4: Creating and Using an Update Baseline
3-27
Lab: Maintaining the Private Cloud Infrastructure
3-33
Module 4: Configuring Application Delivery

Lesson 1: Dynamic Application Deployment Overview
4-3
Lesson 2: Web Deployment Packages
4-8
Lesson 3: Server Application Virtualization Overview
4-13
Lesson 4: Configuring Server App-V Components
4-23
Lesson 5: Sequencing and Deploying Virtual Applications
4-28
Lab: Configuring Virtual Application Delivery
4-34
Module 5: Creating the Private Cloud Building Blocks

Lesson 1: Configuring Guest Operating System Profiles
5-3
Lesson 2: Configuring Hardware Profiles
5-12
Lesson 3: Configuring SQL Server Using SQL Server Profiles
5-24
Lesson 4: Configuring Application Profiles
5-32
Lesson 5: Configuring Virtual Machine Templates
5-37
Lesson 6: Configuring the Self-Service User Role
5-43
Lab: Creating the Private Cloud Building Blocks
5-50
xii
Module 6: Deploying and Accessing a Private Cloud

Lesson 1: Understanding Private Cloud Computing
6-3
Lesson 2: Installing and Configuring App Controller
6-12
Lesson 3: Creating and Managing Services and Service Templates
6-21
Lab: Deploying and Accessing a Private Cloud
6-31
Module 7: Monitoring the Private Cloud Infrastructure

Lesson 1: Operations Manager Architecture and Security
7-3
Lesson 2: Upgrading Operations Manager 2007 R2
7-17
Lesson 3: Configuring Notifications
7-28
Lesson 4: Configuring Management Packs
7-34
Lesson 5: Configuring Integration with System Center 2012
7-43
Lab: Monitoring the Private Cloud Infrastructure
7-49
Module 8: Extending and Customizing Monitoring of the

Private Cloud Infrastructure
Lesson 1: Configuring the SharePoint Server Portal
8-3
Lesson 2: Monitoring Templates
8-8
Lesson 3: Distributed Application Monitoring
8-18
Lab: Extending and Customizing Monitoring
8-22
Module 9: Implementing Service Management for the Private Cloud

Lesson 1: Service Manager Architecture Overview
9-3
Lesson 2: Upgrading to System Center 2012 Service Manager
9-12
Lesson 3: Understanding Service Manager Work Items
9-17
Lesson 4: Configuring Service Manager Connectors
9-30
Lesson 5: Configuring Service Manager Notifications
9-40
Lab: Implementing Service Management for the Private Cloud
9-44
Module 10: Protecting the Private Cloud Infrastructure

Lesson 1: Planning DPM Deployment
10-3
Lesson 2: DPM Architecture and Components
10-15
Lesson 3: Upgrading DPM
10-23
Lesson 4: Configuring DPM for the Private Cloud
10-28
Lesson 5: Configuring Application Protection for the Private Cloud
10-38
Lesson 6: Restoring Applications to the Private Cloud
10-47
Lab: Protecting the Private Cloud Infrastructure
10-52
xiii
Module 11: Automating and Standardizing the Private Cloud

Lesson 1: Orchestrator Architecture and Components Overview
11-3
Lesson 2: Deploying and Configuring Core Components
11-13
Lesson 3: Managing Runbooks
11-22
Lesson 4: Configuring Integration Packs
11-35
Lab: Automating the Private Cloud
11-45
Module 12: Configuring the System Center Cloud Services Process Pack
Lesson 1: Implementing the Cloud Services Process Pack
12-3
Lesson 2: Service Level Management
12-15
Lab: Configuring the Cloud Services Process Pack
12-18
Appendix: Lab Answer Keys

Module 1 Lab: Preparing the Private Cloud Infrastructure
L1-1
Module 2 Lab: Configuring and Deploying the Private Cloud

Infrastructure
L2-5
Module 3 Lab: Maintaining the Private Cloud Infrastructure
L3-13
Module 4 Lab: Configuring Virtual Application Delivery
L4-19
Module 5 Lab: Creating the Private Cloud Building Blocks
L5-25
Module 6 Lab: Deploying and Accessing a Private Cloud
L6-35
Module 7 Lab: Monitoring the Private Cloud Infrastructure
L7-45
Module 8 Lab: Extending and Customizing Monitoring
L8-59
Module 9 Lab: Implementing Service Management for the

Private Cloud
L9-75
Module 10 Lab: Protecting the Private Cloud Infrastructure
L10-87
Module 11 Lab: Automating the Private Cloud
L11-95
Module 12 Lab: Configuring the Cloud Services Process Pack
L12-103
xiv
About This Course
About This Course
xv
This course describes private cloud configuration and deployment with Microsoft System Center 2012 Virtual Machine Manager (VMM) for data center administrators. It is suggested administrators have
prerequisite knowledge in the following areas:
Windows Server 2008 R2 operating system
Active Directory Domain Services (AD DS)
Microsoft SharePoint
Windows Server 2008 Hyper-V
VMM Service Manager
Oracle Opalis
Data Protection Manager
Operations Manager
Networking and storage experience
Familiarity with data center management processes
Previous work with IT Infrastructure Library (ITIL)
Previous work with Microsoft Operations Framework (MOF)
Course Description
This course describes private cloud configuration and deployment with Microsoft System Center 2012
Virtual Machine Manager (VMM).
Audience
Data center administrators responsible for designing, installing and configuring a private cloud
infrastructure.
Student Prerequisites
In addition to their professional experience, students who attend this training should already have the
following technical knowledge:
Windows Server 2008 R2 operating system
AD DS
Networking and storage experience
Working knowledge of VMM, Service Manager, Opalis, DPM, and Operations Manager
Microsoft SharePoint configuration
Windows Server 2008 Hyper-V
Familiarity with data center management processes
Working knowledge of ITIL and MOF
Course Objectives
After completing this course, students will be able to:
About This Course
xvi
Produce a high-level design that accounts for requirements for the private cloud environment.
Configure and deploy the application fabric.
Configure a PXE server, an update server, and a software update baseline.
Configure Microsoft Server Application Virtualization (App-V) so that it can be used to sequence and
deploy an application virtually.
Build the core components necessary for delivering services on the fabric.
Allocate resources to the private cloud and grant access to the private cloud.
Understand how to monitor the private cloud using Operations Manager.
Understand the tools necessary to extend and customize Operations Manager for a private cloud
environment.
Set up, configure, and integrate the core components of Service Manager into the private cloud
fabric.
Configure a service catalog, and then publish it to the Self-Service Portal.
Gain the knowledge necessary to deploy and configure DPM in a private cloud.
Deploy and configure Microsoft System Center 2012 - Orchestrator in a private cloud, and then
integrate it with other System Center 2012 components.
Course Outline
This section provides an outline of the course:
Module 1, Planning for the Private Cloud. In this module, you will learn the basics about the private
cloud and Microsoft cloud services.
Module 2, Configuring and Deploying the Private Cloud with Microsoft System Center 2012 - Virtual
Machine Manager. In this module, you will learn about private clouds, System Center 2012 - App
Controller, and private cloud services.
Module 3, Extending and Maintaining the Private Cloud Infrastructure." In this module, you will learn
how to monitor the private cloud using Operations Manager.
Module 4, Configuring Application Delivery." In this module, you will learn how to use the Microsoft
Web Deployment Tool and Server App-V to dynamically deploy applications in the private cloud.
Module 5, Creating the Private Cloud Building Blocks. In this module, you will learn about the profile
configurations that you can use with virtual machine deployment templates and services. You will also
learn how to configure user self-service in VMM, which allows you to delegate virtual machine
management tasks.
Module 6, Deploying and Accessing a Private Cloud. In this module, you will learn about App
Controller, private clouds, and private cloud services.
Module 7, Monitoring the Private Cloud Infrastructure. In this module, you will learn how to monitor
the private cloud using Operations Manager.
About This Course
xvii
Module 8, Extending and Customizing Monitoring of the Private Cloud Infrastructure. In this module,
you will learn how to monitor the private cloud using Operations Manager.
Module 9, Implementing Service Management for the Private Cloud. In this module, you will learn
about the Service Manager architecture, upgrade options, work items, connectors, and notifications.
Module 10, Protecting the Private Cloud Infrastructure. In this module, you will learn how to deploy
and configure DPM in a private cloud infrastructure.
Module 11, Automating and Standardizing the Private Cloud. In this module, you will learn how to use
Orchestrator to automate the VMM components and other IT systems.
Module 12, Configuring the System Center Cloud Services Process Pack. In this module, you will learn
more about how to configure a service catalog and then publish it to the Self-Service Portal.
Course Materials
The following materials are included with your kit:
Course Handbook A succinct classroom learning guide that provides all the critical technical
information in a crisp, tightly-focused format, which is just right for an effective in-class learning
experience.
About This Course
xviii
Lessons: Guide you through the learning objectives and provide the key points that are critical to
the success of the in-class learning experience.
Labs: Provide a real-world, hands-on platform for you to apply the knowledge and skills learned
in the module.
Module Reviews and Takeaways: Provide improved on-the-job reference material to boost
knowledge and skills retention.
Lab Answer Keys: Provide step-by-step lab solution guidance at your finger tips when its
needed.
Course Companion Content on the http://www.microsoft.com/learning/companionmoc/ Site:

Searchable, easy-to-navigate digital content with integrated premium on-line resources designed to
supplement the Course Handbook.
Modules: Include companion content, such as questions and answers, detailed demo steps and
additional reading links, for each lesson. Additionally, they include Lab Review questions and answers
and Module Reviews and Takeaways sections, which contain the review questions and answers, best
practices, common issues and troubleshooting tips with answers, and real-world issues and scenarios
with answers.
Resources: Include well-categorized additional resources that give you immediate access to the most
up-to-date premium content on TechNet, MSDN, Microsoft Press.
Course evaluation At the end of the course, you will have the opportunity to complete an online
evaluation to provide feedback on the course, training facility, and instructor.
To provide additional comments or feedback on the course, send email to

support@mscourseware.com. To inquire about the Microsoft Certification Program, send email to
mcphelp@microsoft.com.
About This Course
Virtual Machine Environment
xix
This section provides the information for setting up the classroom environment to support the business
scenario of the course.
Virtual Machine Configuration

In this course, you will use Hyper-V deployed on Windows Server 2008 R2 to perform the labs.
The following table displays the role of each virtual machine used in this course.
Virtual machine
Role
10751A-LON-DC1
Domain controller for the Contoso.com domain
10751A-LON-VM1
Server running VMM in the Contoso.com domain
10751A-LON-OM1
Server running Operations Manager in the Contoso.com domain
10751A-LON-SM1
Server running Service Manager in the Contoso.com domain
10751A-LON-DM1
Server running DPM in the Contoso.com domain
10751A-LON-OR1
Server running Orchestrator in the Contoso.com domain
10751A-LON-AP1
Server running SharePoint in the Contoso.com domain
10751A-LON-SQ1
Server running Microsoft SQL Server in the Contoso.com domain
10751A-LON-AP2
File Server running in the Contoso.com domain
Classroom Setup
Each classroom computer will have the same virtual machine configured in the same way.
Course Hardware Level
To ensure a satisfactory student experience, Microsoft Learning requires a minimum equipment

configuration for trainer and student computers in all Microsoft Certified Partner for Learning Solutions
(CPLS) classrooms in which Official Microsoft Learning Product courseware are taught.

1-1
Module 1
Planning for the Private Cloud
Contents:
Lesson 1: Understanding the Private Cloud
1-3
Lesson 2: Requirements for Deploying a Private Cloud
1-11
Lesson 3: Designing the Private Cloud Infrastructure
1-19
Lesson 4: Overview of System Center 2012 Components
1-27
Lesson 5: Deploying Hyper-V Clustering with VMM
1-38
1-43
Module Overview
Many information technology (IT) professionals today consider cloud computing one of the most
important technical inventions in recent years. Cloud computing can reduce IT costs by automatically
increasing the availability of servers and applications. Though cloud computing has existed for a few
years, fully utilizing its benefits requires new virtualization and management tools that enable
organizations to use cloud computing within their private networks, thus creating private cloud
infrastructures.
1-2
Planning a private cloud involves understanding these tools and technologies so that you can use them to
create an internal infrastructure that will support cloud computing within your organization.
In this module, you will learn the basics about the private cloud, and about Microsoft private cloud
services.
After completing this module, you will be able to:
Describe the private cloud.
Understand the requirements for deploying a private cloud.
Design the private cloud infrastructure.
Describe the Microsoft System Center 2012 components.
Deploy Hyper-V host clustering with Microsoft System Center 2012 - Virtual Machine Manager
(VMM).
Lesson 1
Understanding the Private Cloud
1-3
Private and public cloud computing models provide different services based on your needs. Before
moving to a cloud-computing model, you need to understand its requirements and challenges. For
greater control, security, and manageability, you can adopt a private cloud model. Although the public
cloud offers less control and functionality, it might suit your technical needs or budgetary constraints. Or,
you could choose to use a hybrid approach, in which you mix the private cloud and public cloud
technologies together. This course will only focus on the private cloud implementation.
This lesson describes the private cloud, and the infrastructure components that you can use to create a
private cloud.
After completing this lesson, you will be able to:
Describe the business problem.
Describe the difference between the private clouds and public clouds.
Describe the benefits of using the Microsoft private cloud.
Understanding the Business Problem
1-4
For many years, traditional computing involved a rapid growth of data centers with a great deal of server
inefficiency. IT professionals would purchase a significant amount of individual physical servers, and
typically assign one workload to each server. With the ability to run multiple workloads on a single server,
there was some application or hardware-based resource consolidation, but IT professionals would typically
use single workloads or functions that were deployed on servers using less than 10 percent of their
available resources. This meant that in a data center, hundreds or thousands of servers were consuming
large amounts of space and power, with low overall use.
About 10 years ago, technology improved enough to enable the data center to isolate the workload
and the operating system inside a virtual machine. IT professionals could now consolidate these virtual
machines on fewer instances of hardware. This led to a significant increase in resource use with reduced
costs and power consumption.
The Rise of Cloud Computing

The next evolution for virtual computing technology is cloud computing. Cloud computing extends
the virtualization concepts to make them even more elastic. Public and private clouds are more easily
accessible to business unit IT teams, and more accountable through features such as the cost centerbased chargeback model for billing.
The National Institute of Standards and Technology (NIST) defines cloud computing as a model for
enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing
resourcesthat is, networks, servers, storage, applications, and servicesthat you can rapidly provision and
release with minimal management effort or service provider interaction.
For example, an application owner can deploy a developed application to the private cloud infrastructure
and be assured that the infrastructure will dynamically adjust resources for the application, scale the
application, and enable the application to migrate across servers based on best resource match.
1-5
This current cloud-computing model ultimately provides elasticity, design scalability, and accountability
for the actual resource use that the application is employing. Additionally, cloud computing makes
maximum use of the resources that are available in a data center.
The Benefits of Cloud Computing

The advantages in cloud computing are:
Virtualized data center. Cloud computing provides methods to access computing services that are
independent both of your physical location, and the hardware that you use to access it. With cloud
computing, you no longer need to store data or applications on your local computer. The data center
remains a key element when adopting cloud computing; however, cloud computing emphasizes
virtualization technologies that focus on delivering applications rather than supporting the data
center infrastructure.
Reduced operational costs. Cloud computing helps mitigate issues such as low system use,
inconsistent availability, and high operational costs, by providing pooled resources, elasticity, and
virtualization technology.
Server consolidation. Cloud computing allows you to host multiple virtual machines on a
virtualization host, which enables you to consolidate servers across a data center.
Improved resilience and agility. With products such as System Center 2012, cloud computing can
reduce costs and improve efficiency.
Public Clouds and Private Clouds
There are two different types of clouds: the public cloud, and the private cloud. These terms are defined
are follows:
1-6
Public cloud. The public cloud infrastructure is made available to the public or a large industry group,
and is owned by an organization (or service provider) that sells cloud services. The organization that
signs up for the service, known as the tenant, shares cloud resources with other organizations. The
public cloud exists only off-premises.
Private cloud. The private cloud infrastructure is created and operated only for one organization, and
exists either on-premises or off-premises. A private cloud may be managed by the organization itself,
or by an outside company.
Public Cloud and Private Cloud Workloads

The key difference between a public cloud and a private cloud is the workloads that are running on the
infrastructure.
With public cloud services, the tenant organization has less management overhead than organizations
that use private clouds. This also means, however, that control of the infrastructure and services is greatly
reduced, because the service provider manages this for the tenant organization. In addition, the public
cloud hosts the infrastructure and services for multiple organizations (multi-tenant), which introduces
security implications that you need to review.
Private clouds are owned by their respective organizations. The cloud infrastructure is managed and
maintained in the organizations data center. One of the key benefits of this is that the organization has
complete control over the cloud infrastructure and services that it provides. However, the organization
also has the management overhead and costs that are associated with this model.
1-7
There are different types of private clouds. For example, hosted private clouds are private clouds that
hosting companies create specifically for your needs. This means that no other companies or applications
are running on the infrastructure other than your own.
Considerations for Choosing a Cloud Computing Model
When moving to a cloud-computing modelregardless of the cloud model that you choose to adopt
you need to consider the following factors:
Cloud service models. You can choose Infrastructure as a Service (IaaS), Software as a Service (SaaS),
or Platform as a Service (PaaS) for your cloud service model. You should understand the difference
between these models so that you can choose the model that is the best for your organization.
IaaS. IaaS is a cloud-computing model in which you manage your virtual server within your
organization. For example, creating a private cloud with System Center 2012 provides you with
the IaaS model.
SaaS. SaaS is a cloud-computing model in which you receive a service, such as email messaging.
For example, Microsoft Office 365 is a SaaS offering.
PaaS. PaaS is a cloud-computing model that lies somewhere between IaaS and SaaS. This model
provides a computing platform that you use, and upon which you manage your applications. For
example, Windows Azure is a PaaS.
Internet connection. Your Internet connection can become a single point of failure when using your
line-of-business (LOB) applications. Whether moving to a public cloud or a private cloud, you need to
ensure that the connectivity between your on-premises computers and the cloud-based applications
are always available. Network latency is also a major factor. If you spread your infrastructure across
multiple sites and site links, and over wide areas, this can have a detrimental effect on the
performance and availability of your applications.
Data protection and recovery. Although you will have methods in place already to protect and
recover your mission-critical data, you need to consider the following questions when moving to a
cloud computing model:
Are the current protection and recovery methods compatible with the virtualization technologies
that the public cloud or private cloud uses?
Is data being stored securely?
Do you need a local backup of your data in the event of an Internet connection failure? In this
case, how is the data transferred back to your organization, and how is the data restored in the
event of a catastrophic failure?
Disaster recovery. Ask yourself the following questions:
What is your current disaster recovery model?
Do you have mirrored sites? If so, how will data synchronize between the sites?
How will mirrored sites and data synchronization affect the cloud-computing model that you
choose?
Performance and availability. Application performance and availability are key factors to consider
when adopting any cloud-computing model. With a public cloud, you need to ensure that the service
provider can meet the performance and availability requirements of your applications. You need to
consider the service level agreements (SLAs) that the service provider includes with their services.
If you choose to adopt a public cloud, there are a number of additional factors to consider. When
deciding whether to adopt a private cloud or a public cloud solution, consider the questions in the
following table.
Private cloud
Public cloud
1-8
Are the virtualization technologies that you plan to

adopt compatible with your applications?
What virtualization technologies does the public

cloud vendor offer?
What guarantees can you make to your

organization that the mission-critical applications
will always be available?
Are the technologies compatible with your

applications?
What tools will you have in place to monitor

application performance, and how will they alert
you when potential issues are about to occur?
Is the vendor a reputable company that can

manage your expanding business requirements
and geographical locations?
Question: What are the benefits of moving to a private cloud instead of a public cloud?
Benefits of Using the Microsoft Private Cloud
The Microsoft private cloud business service offers four key benefits. The service:
Improves application availability
Provides cross-platform integration
Allows room for growth
Enables customization based on business needs
Improves Application Availability
1-9
Applications are vital for most businesses. The private cloud provides you with the following functionality
to improve application availability:
Implement applications quickly with service templates and the Self-Service Portal.
Improve availability and performance with application monitoring and diagnosis.
Remediate application issues faster, and improve SLAs.
Provides Cross-Platform Integration
IT environments are heterogeneous, with a wide range of operating systems, virtual machine managers,
and development tools that run together. The Microsoft private cloud allows you to:
Manage multiple hypervisors, or virtualization platforms (Microsoft, VMware, and Citrix).
Run and monitor multiple operating systems.
Drive process automation and configuration across platforms and toolsets.
Develop applications using multiple application toolsets.
Allows Room for Growth

Microsoft private cloud services allows you to:
Deliver high performance for your key Microsoft workloads.
Fully integrate management systems, from hardware resources to application services.
Enables Customization Based on Business Needs

You can distribute public cloud and private cloud computing models, depending on your business or
security requirements. You can:
1-10 Planning for the Private Cloud
Construct and manage public cloud and private cloud infrastructures across multiple data centers and
service providers.
Use common management, identity, virtualization, and development tools that span private and
public clouds.
Provide delegated authority and tools to enable self-service across environments.
Retain control across your private clouds and public clouds for compliance and security.
Question: Which benefit would be most important for your company to consider when
implementing a private cloud?
Lesson 2
Requirements for Deploying a Private Cloud
1-11
Before moving to the private cloud, you need to ensure that your systems meet the prerequisites. This
includes ensuring that you have a public key infrastructure (PKI) in place to help secure the private cloud
service. You also need to identify the services that you want to migrate to the private cloud infrastructure,
and then plan how you will manage, monitor, and protect those services.
Describe the key business requirements for moving to a private cloud.
Explain how to identify and migrate services.
Describe service management process automation.
Explain how to monitor and continuously protect services.
Key Business Requirements
There are a number of business challenges that you should consider when deciding to implement a
private cloud solution. These business challenges differ from technical challenges that typically receive
more consideration. Therefore, it is important to differentiate between the two. For example, when
discussing the redundant array of independent disks (RAID)level decision for a disk-subsystem, it would
be relevant to an engineer, but not to a chief financial officer.
The following common business requirements can induce organizations to move to a private cloud
infrastructure.
Competitive Advantage
A competitive advantage could mean the ability to perform better, faster, or at a much lower cost than
your competitors could. For example, you may not want to wait weeks for delivery of physical hardware so
that you can deploy a new service. Using cloud computing, you can respond to a service request
immediately, and provide the service in a shorter time.
Scalability
This is the ability to scale the business quickly, and with minimal cost and downtime. Scalability also
means being able to deploy or retire business applications on demand. Consider the traditional IT
environment where in many cases, new infrastructure needs to be provisioned to expand the business.
Along with the initial cost of purchasing the hardware, there would be additional costs of managing and
maintaining the infrastructure. Furthermore, there would most likely be time factors involved in
provisioning the infrastructure and bringing it online so it is ready for the business to use.
Reduced Costs
1-13
Reduced costs includes reducing IT overhead without compromising business revenue. The traditional IT
environment consists of multiple application servers, each dedicated to a single role. In many cases, the
servers that host these applications do not use all the computing power or resources that are assigned to
them. Consolidating server roles enables the consolidation of physical servers, which reduces the cost
without affecting the business revenue.
Enhanced Security and Control
Enhanced security and control means implementing a sophisticated permissions-based authorization

scheme. In a private cloud, the application administrators receive access only to the resources that they
require. Additionally, changes to the system can be logged automatically.
Improved SLA
Due to scalability and the ability to move applications quickly and without outage to other servers, no
downtime is required to update physical machines.
Controlled Resource Usage
Resource usage in a private cloud is controlled and can be shared between the virtual machines on their
host machines. Therefore, resource usage is more efficient than in a non-cloud environment.
Availability and Performance

With host clusters, you can improve the availability of virtual machines running applications that
previously were not clustered. When an application requires more performance, you can move it to a
more powerful host machine so performance is enhanced almost immediately.
Question: What other business requirements can you think of that would affect your
decision in moving to a private cloud infrastructure?
Service Identification and Migration
When planning your private cloud infrastructure, you must know which services are suitable for cloud
computing, and how you will migrate those services to the private cloud. For example, some of your
business-critical applications may not be suitable for the private cloud because of security or budget
constraints.
Identifying the Services

A service can be an application, process, function, or it can be data. During the identification process,
consider the following:
Does the application need to reside in the same location as the data?
What security implications might you encounter when moving data to the private cloud, and how
might you mitigate them?
What computer resources does the service require?
What are the services software and operating system requirements?
What are the fault-tolerance and load-balancing considerations?
What virtualization constraints might you encounter?
Are modifications required before the application is compatible?
What network bandwidth will the application require, given the users and the private cloud
infrastructure?
Which dependent resources do you also need to include in the private cloud?
Other areas of consideration may include:
How important is the service to the business?
What are the availability, confidentiality, and integrity requirements for the service, and how will
those be affected if all or part of the service is managed in the private cloud?
What data flow does the service require, and are customers accessing the data?
1-15
You should create detailed documentation for each application, process, function, and data, to assist in
making an informed decision regarding whether the service is suitable for the private cloud.
Migrating to the Private Cloud
After identifying the services that you want to migrate to the private cloud, you should consider a number
of factors to ensure a successful migration process. You should create a document with detailed steps and
checkpoints that you can track to ensure that the migration process is as fault-free as possible.
The documentation should include the answer to the following questions:
What is the application or service name?
Who is the application or service owner?
Have relevant backups taken place?
Have all the prerequisites been verified?
What are the software support details?
Has the service passed identity check, and is it ready for the private cloud?
What is the expected start and finish times of the migration process?
Will there be any downtime?
Has the migration been tested successfully in pre-production or user-acceptance testing?
Is a side-by-side migration option available?
Is there a documented method for fallback?
The migration process that you use depends on the services that you are moving to the private cloud
infrastructure. The process can include a number of functions, such as:
Creating one or more virtual machines.
Building the application server.
Updating the private cloud.
Updating the service catalog with service and offering requests.
Configuring access to the application.
Configuring networking and firewalls.
Testing access to the service or application.
Configuring the monitoring for the service or application.
Monitoring is a critical function that you configure after the service is functional. Typically, you monitor all
elements of the service, including the virtual machines, and physical infrastructure upon which they rely.
Service Management Process Automation
When you implement service management process automation for your organization, you should have a
standardized and well-defined process for requesting and managing private cloud services. Many
elements make up a successful private cloud service, including:
Self-Service Portal
Ticketing system
Notifications
Workflows
Automation
Implementing and integrating the various private cloud service elements is a complicated process. System
Center 2012 provides you with the necessary tools and services to complete this process.
For service management process automation, you must manage the people, processes, and technologies
that make up the IT Service Management discipline. Microsoft System Center management products
enable best practice support to manage the various IT service management functions as defined by the
Microsoft Operating Framework (MOF) and Information Technology Infrastructure Library (ITIL).
To implement your custom-designed service management processes, you can automate the specific
System Center components to interact with each other. For example, you can configure Microsoft System
Center 2012 - Service Manager so that it initiates a workflow that starts a Microsoft System Center 2012 Orchestrator runbook, which automatically interacts with VMM.
Service Monitoring and Continuous Service Protection
1-17
For optimum performance and availability, you should enable monitoring and protection for the private
cloud. System Center provides these functions through Microsoft System Center 2012 - Operations
Manager and Microsoft System Center 2012 - Data Protection Manager.
Consider the following scenario: As the private cloud administrator at Contoso, Ltd, you have successfully
deployed a LOB application to the private cloud. The application uses a website, a database, and an
application server. You now need to ensure that the application performs at the expected user levels, and
that it is available at all times. You also need to ensure that adequate backups occur without any
disruption to the application.
Operations Manager
To monitor the LOB application, Operations Manager must have discovered and be monitoring
technologies such as Windows Server 2008 R2, Microsoft SQL Server 2008 R2, Internet Information
Services (IIS), and Microsoft ASP.NET. You need to configure the Operations Manager to start monitoring
these technologies. After that, Operations Manager automatically starts to monitor the LOB application.
Operations Manager also includes the Application Diagnostics and Application Advisor consoles, which
provide analysis reporting and event diagnosis to help you monitor the .NET application.
Note
Operations Manager will be discussed in detail in Module 7.
Data Protection Manager
Data Protection Manager (DPM) allows you to protect your LOB applications and services. To use DPM,
you decide which technologiessuch as Windows Server 2008 R2 or SQL Serverthat you want to back
up together, and then group all the required resources for these technologies into a protection group.
This ensures that the required services are backed up at the same time so that a restore would provide
immediate service access.
Operations Manager also provides monitoring for DPM. For example, state and diagram views in
Operations Manager show the overall health of the DPM environment. Alert views give you instant
notification if a problem occurs in the environment. You can also run a number of DPM tasks in the
Operations console, such as performing a consistency check.
Note DPM will be discussed in detail in Module 11.
Lesson 3
Designing the Private Cloud Infrastructure
1-19
The first step in planning a private cloud is to evaluate your organizations current environment, and then
determine what components you can and should virtualize. You can use virtualization to address many
issues in most organizations. However, getting the maximum benefit out of virtualization requires careful
planning.
In this lesson, you will learn what you need to consider, and how to design your private cloud
infrastructure.
Assess your current data center environment.
Design for the private cloud.
Design for business continuity.
Design for disaster recovery.
Assessing the Current Data Center Environment
Before designing your private cloud infrastructure, you must assess your current data center environment.
Virtualization addresses many requirements, but you cannot virtualize all servers and applications. This
means that before implementing virtualization, you need to identify those servers and applications that
are the best candidates to run in the private cloud.
There are several factors to consider when choosing whether to virtualize a workload:
Hardware requirements. Typically, virtual machines require approximately the same resources as a
physical server. For example, if a physical server uses 1 gigabyte (GB) of memory, you should expect
the virtual machine to use the same amount of memory, assuming that it runs the same operating
system and applications as the physical server. In some cases, a server workload may require hardware
resources that make it impractical to deploy the workload on to a virtual machine. For example, if an
application requires direct access to a certain hardware part such as a special computer-aided design
(CAD) metal-cutting plotter, you cannot virtualize the server. Additionally, if the server workload
requires more than half of the hardware resources that are available on a virtualization host, there
may not be any server consolidation benefit.
Note Ensure that you are using the actual hardware utilization rather than the actual
physical hardware when evaluating the hardware requirement for the virtual machine. You
can deploy a physical server that is only using five percent of its current hardware resources
in a virtual machine with much lower hardware resources.
1-21
Compatibility. Determine whether the application can run in a virtualization environment. Business
applications range from simple executables to complex, distributed multitier applications. You need
to consider requirements for specific components of distributed applications, such as specific needs
for communication with other infrastructure components, and requirements for direct access to the
system hardware. You can virtualize some lightly used web servers easily, while the back-end
components may need to continue running on dedicated hardware. Applications and services that
have specific hardware or driver requirements generally are not well suited for virtualization. An
application may also not be a good candidate for application virtualization if it contains low-level
drivers that require direct access to the system hardware. This may not be possible through a
virtualization interface, or it may affect performance negatively.
Support. Evaluate whether the operating system and the application are supported in a virtualized
environment. Verify other vendor support policies for deployment of the operating system and the
application using the virtualization technologies.
Workload pattern. Investigate the current workload pattern of the applications that you want to
migrate to the private cloud. This is important for predicting peak times and allocating sufficient
virtual resources. Workload patterns are classified in the following four categories:
On or Off. This defines a workload where the applications are used only at specific times,
such as a lottery website where people only check the status after the drawing.
Growing Fast. This defines a workload in which the applications require more and more
computing power every day or every week, thereby requiring a continuous extension in
resources. An example could be an online news service with registered users in which the
more a user advertises or becomes known, the more computing power the user requires.
Predictable Bursting. This defines a workload with certain known peak periods (such as Tax
Services), and as such, has a few predictable resource usage "spikes" throughout the year.
Unpredictable Bursting. This is a workload that has unpredictable peaks.
Licensing. You also need to evaluate whether you can license your application for use in a virtual
environment. Reducing your licensing costs for multiple applications or operating systems could
provide significant savings and provide a strong financial case for using virtualization.
Availability requirements. Most organizations have some applications that must almost always be
available for users. Some applications provide built-in options for enabling high availability, while
other applications you cannot easily make highly available outside of a virtual machine environment.
When considering whether to virtualize a server, evaluate whether the application has high
availability options, whether those options are supported in a virtual machine environment, and
whether you can use failover clustering to make the virtual machine highly available.
Microsoft Assessment and Planning Toolkit

The Microsoft Assessment and Planning Toolkit (MAP) is the primary tool to help you identify which
applications, desktops, and servers would make ideal candidates for virtualization. MAP provides the
following functionality:
Hardware inventory. MAP uses a secure processwhich does not utilize an agentfrom a single
networked computer to collect and organize system resources and device information across your
network. Some of the examples of the information that MAP returns includes operating system
information, system memory details, installed drivers, and installed applications. MAP saves this
information in a local database, and then uses it to provide you with specific reports and
recommendations.
Data analysis. MAP performs a detailed analysis of hardware and device compatibility for migration
to Windows 7, Windows Server 2008 R2, Windows Server 2008, Microsoft Office 2010, Microsoft
Application Virtualization (App-V), and Windows Vista. The tool helps you gather performance
metrics, and generates server consolidation recommendations that identify the candidates for server
virtualization and suggests how you might place the physical servers in a virtualized environment.
MAP also includes a Microsoft Private Cloud Fast Track Consolidation Wizard, which matches your
requirements as identified in the hardware inventory to a cloud reference architecture.
Readiness reporting. MAP generates reports containing both summary and detailed assessment
results for each migration scenario. The results are provided in both Office Excel and Office Word
documents.
Question: What server workloads do you plan to virtualize in your organization? How will
you make the decisions about what to virtualize?
Designing for the Private Cloud
1-23
When designing a private cloud that is highly available, you should consider the following four design
principles: compute, network, storage, and management.
Compute
Ensure that you have sufficient computing power to satisfy your requirements such as enough processors,
cores, random access memory (RAM), and bandwidth. Consider the following:
Provide sufficient cores, processors, and memory to satisfy your applications needs.
Provide fast throughput to your storage system. You can use serial attached small computer
system interface (SCSI)known as SASor serial ATA (SATA) for direct attached disks. However, it is
recommended that you use Fibre Channel, internet SCSI (iSCSI) or Fibre Channel over Ethernet (FCoE)
for a storage system. The key consideration here is that you need to have high I/O throughput and
low latency.
Network
The network between the physical clients and the servers is crucial for the service. Thus, the network
should provide sufficient bandwidth, and should provide redundancy so a single outage of a component
(such as a network switch) does not cause a server outage. Consider the following:
Provide a network with sufficient bandwidth to satisfy all computing requirements. For example, if
you use graphic-intensive CAD applications, you might need to consider more bandwidth than you
would for a simple account application.
Each server must be highly available with multiple network interface cards (NICs) and virtual NICs. If
one NIC fails, the other can take over so failure does not affect the service.
Network redundancy throughout the existing network infrastructure is crucial. You should consider
switches, routers, load-balancers, and other components that should be configured for failover.
Storage
Provide a storage system with sufficient throughput and data redundancy. Do not use storage in which a
single disk outage can cause outage of a full service. Consider the following:
Provide a high level of disk I/O and throughput.
Make sure the storage I/O is isolated from the network I/O.
Provide redundancy for your disks such as with RAID1 and RAID5.
Provide shared disk access, such as a clustered shared volume for Hyper-V clustering.
Management
Management tools for the private cloud are crucial for a highly available virtual environment. The System
Center 2012 suite provides you with several components:
Hyper-V clustering and live migration. Hyper-V together with VMM can move virtual machines
between hosts without affecting users.
Bare-metal deployment to the private cloud infrastructure. VMM can not only boot a bare-metal
machine, but also set up and join the machine to the infrastructure so that it can be used to run
virtual machines. You can use Operations Manager to monitor resources and trigger the setup.
Provisioning and de-provisioning. VMM and Service Manager together can provide self-service for
virtual machines or services that are supplied on demand. You can use Orchestrator with VMM and
Service Manager to automate the process. Additionally, you can use Operations Manager to monitor
the process and issue alerts when a failure occurs.
Infrastructure monitoring. Operations Manager can monitor the private cloud infrastructure and,
when a failure occurs, can issue an alert that causes VMM to move the components to alternate
servers and data centers.
Resource optimization. VMM and Operations Manager together can optimize power in a virtualized
environment by turning off hosts, and by using dynamic optimizationformerly known as
Performance and Resource Optimization (PRO)to enable you to migrate virtual machines between
physical hosts when certain performance thresholds are reached.
Question: Which design principle would be the most important for your own organizations
private cloud design? Why?
Designing for Business Continuity
1-25
Business continuity ensures that your business operations can continue in the case of internal and external
threats, such as a data center loss. If you move your data center to the private cloud, you should also be
concerned about how your operations will continue if such a threat arises.
The following private cloud options provide business continuity:
On-premises private cloud. Build a private cloud infrastructure on-premises for your organization.
You can use resources such as the Hyper-V cloud deployment guides to help you plan for the private
cloud. Optionally, Microsoft can help you with assessments, proofs-of-concept, and deployments
through partners or Microsoft Services. For business continuity, you should plan and implement more
than one data center. Additionally, consider replication or backup between two or more data centers,
or consider offsite backup storage.
Preconfigured private cloud. Use a pre-validated private cloud that includes a hardware and software
configuration from Microsoft Private Cloud Fast Track original equipment manufacturers (OEM)
partner such as Dell, IBM, and HP. For business continuity, you should provide the necessary
requirements to your OEM partner. Some OEM partners also provide a mixed preconfigured and
hosted private cloud that allows you to back up your virtual machines to a hosted cloud.
Hosted private cloud. Use a hosted private cloud service provider to provide you with an off-premises
private cloud. You order what you need and you are assigned your own, dedicated private cloud. For
business continuity, this option automatically provides the highest standard of business continuity
because a hosted private cloud is already designed to overcome most threats, such as data center
outages.
Designing for Disaster Recovery
When you are planning for the private cloud, disaster recovery is a crucial design consideration. You must
ensure that you do not lose applications and data when a failure occurs. Some important considerations
for disaster recovery include:
Deciding which applications and data you need to back up. Consider how to group backups
according to the services they provide, which services and data you require, and which services do not
need to be backed up, because, for example, they are shared.
Verifying that your backup was successful. You must ensure that backups are completing successfully.
As a best practice, implement a monitoring tool that can verify the backups.
Understanding how to restore applications and data quickly when a failure occurs. Ensure that your
administrators understand how to restore applications and data. For example, you could provide a
periodic disaster recovery workshop in which your administrators perform a full restore.
You can use DPM to back up and restore applications and data in your private cloud.
Note
Performing backup and restore using DPM is described in detail in Module 11.
Lesson 4
Overview of System Center 2012 Components
1-27
To design and deploy a private cloud you require different tools to manage, monitor, and deploy virtual
machines and services. The System Center 2012 suite provides you with many tools to create a private
cloud.
This lesson provides an overview of the System Center 2012 private cloud creation and management
products.
Describe the System Center 2012 components for the private cloud.
Describe VMM.
Describe App Controller.
Describe Service Manager.
Describe Orchestrator.
Describe Operations Manager.
Describe DPM.
System Center 2012 Private Cloud Components
Microsoft private cloud solutions are built around the Hyper-V role in Windows Server 2008 R2, and
System Center 2012. System Center 2012 helps you manage your physical and virtual IT environments
from the desktop computers to the infrastructure components. These components provide the following
key capabilities: application management, service delivery and automation, and infrastructure
management.
Application Management
Application management can help your application owners deliver application services to their
business counterparts. Application management helps you manage the full application life cyclefrom
provisioning services (such as configuration), to operating them (such as monitoring or patching). The
following System Center 2012 components facilitate application management:
System Center 2012 - App Controller. App Controller provides a common self-service experience
across private and public clouds that can help application owners build, configure, deploy, and
manage new services.
System Center 2012 - Virtual Machine Manager. VMM provides virtual machine management and
services deployment that can help you deliver a flexible and cost-effective private cloud environment.
System Center 2012 - Operations Manager. Operations Manager provides deep application
diagnostics and infrastructure monitoring that can help you ensure the predictable performance and
availability of vital applications, and it offers a comprehensive view of your data center, private cloud,
and public cloud.
Service Delivery and Automation

Service delivery and process automation helps you simplify and standardize your data center. The
following System Center 2012 components facilitate service delivery and automation:
1-29
System Center 2012 - Orchestrator. Orchestrator provides orchestration, integration, and automation
of IT processes through the creation of runbooks that can help you define and standardize best
practices and improve operational efficiency.
System Center 2012 - Service Manager. Service Manager provides self-service experiences and
standardized data center processes that can help you integrate people, workflows, and knowledge
across enterprise infrastructure and applications.
Infrastructure Management
This capability provides integrated management functionality to help you configure, provision, monitor,
and operate your physical and virtual infrastructures. The following System Center 2012 components
facilitate infrastructure management:
System Center 2012 Configuration Manager. Configuration Manager provides software management
capabilities for Windows-based clients. Using Configuration Manager, you can deploy operating
systems, software applications, and updates, and monitor hardware and software inventory to ensure
that compliance settings are applied.
System Center 2012 Data Protection Manager. DPM provides unified data protection for Windowsbased servers and clients, which can help you deliver scalable, manageable, and cost-effective
protection and restore scenarios from disk, tape, and off-premise.
System Center 2012 Virtual Machine Manager
System Center 2012 Operations Manager

Note This course covers all of the System Center 2012 the components except for
Configuration Manager.
VMM Overview
VMM is a management solution for the virtualized data center. VMM enables you to configure and
manage your virtualization host, networking, and storage resources to create and deploy virtual machines
and services to private clouds.
VMM provides the following features:
Multi-host and multivendor virtual machine management support. You can host your virtual
machines on several virtual machine managers, such as Microsoft Hyper-V and VMware ESX servers.
All hardware that these virtual machine managers support is also supported for VMM virtual machine
placement.
Intelligent placement. VMM provides resources that can help you decide on the best available host
for a new virtual machine.
Dynamic optimization. Dynamic optimization allows you to react to alerts sent by Operations
Manager so that you can move virtual machines to other hosts, which allows you to maintain
performance continuity.
Physical-to-virtual machine (P2V) conversion. VMM allows you to convert a physical machine to a
virtual machine.
Microsoft Application Virtualization Server (Server App-V) support. VMM allows you to virtualize
server applications.
Live migration. In VMM, you can move virtual machines to different host machines without impacting
the users.
Delegated administration. You can delegate administrative tasks to users, and allow them to create
and manage virtual machines on their own.
1-31
Cloud, infrastructure, and services management. VMM allows you to manage your cloud and services
from a single console.
Power optimization. VMM can optimize hosts by moving virtual machines from underused hosts, and
then powering off the host machine.
Note
VMM is discussed in detail in Module 4 and Module 5.
App Controller Overview
Using App Controller, you can manage private clouds that were created with VMM, and public clouds that
are running on the Windows Azure platform.
App Controller provides role-based views that administrators can customize for the application owner.
This allows the application owner to manage the services that are deployed into the private and public
clouds. For example, the application owner can deploy a service to the private cloud. The owner can also
scale the service in or out, depending on the owners requirements. Additionally, the owner can connect
directly to virtual machines in the private cloud from the App Controller portal.
Managing Private Clouds

After the App Controller portal is connected to the VMM environment, the business unit clouds, virtual
machines, and libraries become available through the App Controller portal.
Private cloud administrators can create services and service templates from within VMM, and then deploy
them to the private cloud. Business unit IT administrators can then manage and deploy these services and
service templates through the App Controller portal.
App Controller also helps users manage the individual virtual machines that are running within a service.
All of the typical VMM management capabilitiessuch as stopping, starting, mounting an ISO image, and
opening a remote desktop connectionare available to the user. Because the App Controller functionality
is delivered under the context of the service, the user only has access to the resources within it.
Managing Public Clouds
When connecting App Controller to a Windows Azure subscription, you can delegate subscription access
to users through their Active Directory Domain Services (AD DS) credentials. This provides a common
access model across the management of private and public clouds, including the services that are running
in them.
For example, you can manage the development of a service that is running in the Windows Azure
environment while managing a production implementation of a service that is running in your private
cloud environment.
You can also use App Controller to move applications between private and public clouds, and copy
resources such as service templates between Virtual Machine Manager servers.
Note
App Controller is discussed in detail in Module 6.
1-33
Service Manager Overview
Service Manager is a comprehensive, IT service management solution that you can use to add processdriven automation and self-service infrastructure provisioning to your private cloud infrastructure.
Service Manager provides several key benefits to your organization including increased productivity,
reduced costs, swifter problem resolution, and built-in compliance management. Built-in processes in
Service Manager are based on industry best practices such as those found in ITIL and the MOF.
Service Manager comes enabled with process management packs for incident and problem resolution,
service request provisioning, change and release control, and configuration and knowledge management.
Through its integration with other System Center components and key infrastructure services such as
AD DS, Service Manager provides accurate configuration management database population and private
cloud process integration.
By using Service Manager, you can:
Reduce the mean time to resolve issues through a self-service user experience.
Improve private cloud efficiency through centralized management of incident, problem, and change
processes.
Provide self-service deployment of private cloud resources through integration with other System
Center 2012 components.
Implement effective compliance controls for the management of private cloud infrastructure
components.
Note Service Manager is discussed in detail in Module 9.
Orchestrator Overview
1-35
Orchestrator, formally known as Opalis, is an IT process automation solution for the private cloud that you
can use to automate the creation, monitoring, and deployment of key resources in your environment.
Private cloud administrators perform many critical daily tasks to ensure that their infrastructure is
highly available and reliable. They also require the ability to reduce the time it takes to provision new
infrastructure, while providing self-service capabilities to end users. Additionally, the administrators
must maintain quality standards and system efficiency. Orchestrator can combine disparate tasks and
procedures together by using the Runbook Designer to create reliable, flexible, and efficient end-to-end
solutions in the private cloud environment.
By using Orchestrator, you can:
Automate processes in your private cloud, regardless of hardware or platform.
Automate your private cloud operations and standardize best practices to improve operational
efficiency.
Connect different systems from different vendors without having to know how to use scripting and
programming languages.
Note
Orchestrator is discussed in detail in Module 12.
Operations Manager Overview
Operations Manager allows you to monitor services, devices, and operations for many computers from a
single console. Administrators can use Operations Manager to gain immediate insight into the state of the
IT environment and the IT services that are running across different systems and workloads. Numerous
views show state, health, performance information, and alerts generated for availability, performance,
configuration, and security situations.
IT departments today are responsible for ensuring the performance and availability of critical services and
applications. That means that IT departments need to know when there is a problem, identify where the
problem is, and figure out what is causing the problemideally before the users of the applications
encounter the problems. The more computers and devices in the business, the more challenging this task
becomes. Operations Manager allows you to monitor applications both in the private cloud and in the
public cloud. Additionally, Operations Manager allows you to simultaneously monitor Microsoft platforms
and non-Microsoft platforms such as UNIX, Linux, and VMware.
Operations Manager will display monitored objects that are not healthy, send alerts (such as a short text
message or e-mail) when problems are identified, and provide information to help you identify the cause
of a problem and possible solutions. Operations Manager also allows you to create reports or dashboards
from the collected data.
Note
Operations Manager is discussed in detail in Module 7 and in Module 8.
DPM Overview
1-37
DPM provides disk-based and tape-based data protection and recovery for servers such as SQL Server,
Microsoft Exchange Server, Microsoft SharePoint, virtual servers, file servers, and support for Windows
operating system desktops and laptops. DPM can also centrally manage system state and bare-metal
recovery. By using DPM, you can:
Recover bare-metal servers and desktops running Windows operating systems. This allows you to
quickly recover servers and desktops without first installing the operating system.
Back up and recover from disk or tape. Depending on the backup storage type that is available, you
can decide whether you want to store it on disk or in a tape library.
Centrally manage the DPM servers with the DPM Administrator Console. In larger environments, it is
especially beneficial to manage all the DPM servers from a central console.
Use role-based access permissions to distribute backup and restore management. You can assign
permissions to users so that they can restore the systems for which they are responsible. The benefit is
that you do not grant them full permissions, so they will not be able to access data that they do not
own.
Perform quick item-level recovery for virtual machines. To recover a specific item such as a file, you
do not need to recover the entire virtual machine. Instead, you can just recover the particular file.
Note DPM is discussed in detail in Module 11.
Lesson 5
Deploying Hyper-V Clustering with VMM
Using VMM, you can now use a Hyper-V host cluster to manage virtual machines, and to configure and
manage host machines. This is crucial for private cloud platforms, because it allows you to move virtual
machines and their applications quickly between physical hosts and data centers. Therefore, you should
consider Hyper-V clustering a basic requirement when you are planning and implementing a private
cloud.
In this lesson, you will learn about the requirements for a Hyper-V host cluster, an how to create a host
cluster using VMM.
Describe the prerequisites for cluster deployment.
Describe the cluster creation process in VMM.
Explain how to create a Hyper-V host cluster in VMM.
Explain how to verify a successful Hyper-V host cluster deployment.
Cluster Deployment Prerequisites
1-39
A cluster demands much more attention than a typical Hyper-V host. Not only does the cluster require
hardware specifications, the cluster also requires certain configuration settings on every host computer
before you can use it as a cluster node. For this reason, you should consider the following prerequisites
before deploying a cluster in VMM:
Hosts must be managed by VMM, and belong to the same Virtual Machine Manager host group. You
cannot create a cluster out of hosts that are in different host groups.
The hosts must run either Windows Server 2008 R2 Enterprise or Windows Server 2008 R2 Datacenter
editions, because these are the only two Windows Server editions that support the failover clustering
feature, which is required to configure a Hyper-V host cluster. You can also use the Server Core
version of Windows Server R2.
Hosts must belong to the same domain.
Hosts must meet all failover clustering requirements, including those for hardware, processor type,
and memory. You cannot cluster two systems that do not have the same processor type. For example,
if one server runs on Intel processors, you must ensure that the other node does not run on AMD
processors. They must be the same processor type for clustering to work.
Shared storage must be presented to all hosts in the cluster. You can preconfigure logical unit
numbers (LUNs) or use VMM to manage shared storage for the cluster.
Each host must have access to the storage array. This is a physical requirement, and you must ensure
that all hosts can access the storage array using features such as Multipath I/O (MPIO).
Hosts must belong to the same Active Directory site and the same IP subnet, and must be configured
with a static IP address.
Once all these requirements are satisfied, you should be able to install and configure the cluster
accordingly.
Creating Clusters in VMM
To create a Hyper-V host cluster, you use the Create Hyper-V Cluster Wizard. Through the wizard, you can
select which Hyper-V hosts to cluster, and configure the networking and storage resources that are used
during cluster creation. VMM then performs the following tasks:
Validate each host that meets the prerequisites, such as the required operating system and domain
membership.
Enable the failover clustering feature on each host.
Unmask the selected storage logical units to each host.
Create the configured external virtual networks.
Run the cluster validation process.
Create the cluster with a quorum, and enable clustered shared volumes.
For each LUN that is designated as a clustered shared volume, assigns the logical unit as a clustered
shared volume on the cluster.
The benefit of using VMM for creating a Hyper-V host cluster is that you can use Windows PowerShell to
script the process. This allows you to automatically create or extend a Hyper-V host cluster as needed. The
View Script function in VMM helps you by showing you the respective Windows PowerShell cmdlets that
you then can use to automate the process.
Question: Do you use the failover clustering feature in your organization? If so, do you
experience challenges when using it?
Creating a Hyper-V Host Cluster in VMM
You can create a Hyper-V host cluster directly from the Virtual Machine Manager console, as follows:
1-41
1.
Connect to the Virtual Machine Manager console.
2.
Add the System Center Virtual Machine Manager agents to all Hyper-V hosts that you want to cluster.
3.
In the Virtual Machine Manager console, in the ribbon, click Create, and then click Hyper-V Cluster
to open the Create Hyper-V Cluster Wizard.
4.
In the Create Hyper-V Cluster Wizard, configure the following:
Cluster name. The name of the Hyper-V host cluster.
Hyper-V host nodes. The nodes that you want to add to the cluster. You must define at least
two nodes, and there is a maximum of 16 nodes per cluster.
Storage disk(s). Select the disks that you want to use for the cluster.
Virtual network(s). Define the virtual network that you want to use for the cluster.
After you complete the Create Hyper-V Cluster Wizard, VMM creates a job and installs the cluster.
Verifying a Successful Hyper-V Host Cluster Deployment
During and after cluster installation, you can verify the installation status. To do this, in the Virtual
Machine Manager console, in the Jobs workspace, locate the Install cluster job. This area displays
information about each installation step, and whether the step completed successfully.
In addition, when the cluster installation completes, you can confirm successful Hyper-V host cluster
deployment by:
Checking the cluster properties. The Status page displays the status of all cluster nodes, and provides
a link to the last cluster validation report.
Running Validate Cluster manually. You will find the cluster validation report in the
%windir%\Reports\Cluster folder, or as noted in the Validate cluster job in the Jobs workspace.
The most common method for verifying the status of the cluster is to access the Status page through the
clusters properties.
Lab Setup
1-43
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1.
On LON-HOST1, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2.
In Hyper-V Manager, click 10751A-LON-DC1, and in the Actions pane, click Start.
3.
In the Actions pane, click Connect. Wait until the virtual machine starts.
4.
Log on using the following credentials:
User name: Administrator
Password: Pa$$w0rd
Domain: Contoso
5.
Repeat steps 2 to 4 for 10751A-LON-SQ1.
6.
7.
In Hyper-V Manager, click 10751A-LON-VM1, and in the Actions pane, click Start.
8.
9.
Password: Pa$$w0rd
Domain: Contoso
Lab Scenario
You have been asked by Contoso, Ltd to begin planning for the private cloud. The business requires that
the private cloud infrastructure be highly available.
Virtualization is the fundamental building block for any private cloud infrastructure and as such, you have
provisioned two Hyper-V hosts. You must now cluster those hosts for high availability.
Exercise 1: Deploying the Virtual Machine Manager Agent

Scenario
1-45
You recognize that the provisioned Hyper-V hosts are not managed using VMM. You need to add them
to VMM so that you can manage the hosts.
The main tasks for this exercise are as follows:
1.
Open the VMM console.
2.
Deploy the Virtual Machine Manager agent to the hosts.
Task 1: Open the VMM console
On LON-VM1, on the desktop, click Virtual Machine Manager Console. Configure the console to
connect automatically using the current Microsoft Windows session identity.
Task 2: Deploy the Virtual Machine Manager agent to the hosts

1.
In the VMM console, in the VMs and Services workspace, right-click All Hosts, and then click Add
Hyper-V Hosts and Clusters.
2.
In the Add Resource Wizard, add the hosts using the following options:
Windows Server computers in a trusted Active Directory domain with the following
credentials:
User name: Contoso\administrator
Password: Pa$$w0rd
Specify an Active Directory query to search for Windows Server computers:
3.
Generate an AD query with Computer name: *host*
Discovered computers: Lon-host1.contoso.com and Lon-host2.contoso.com
In the Jobs window, wait until all jobs display a status of Completed, and then close the window.
Results: After this exercise, you should have deployed the Virtual Machine Manager agent to the host
machines.
Exercise 2: Creating a Hyper-V Host Cluster Using VMM

Scenario
The two Hyper-V host machines are not yet prepared for a cluster, because they do not have iSCSI
configured properly. You need to configure iSCSI, and then create a Hyper-V host cluster with these hosts.
1.
Configure the iSCSI target software on LON-HOST1.
2.
Configure the iSCSI target software on LON-HOST2.
3.
Create a Hyper-V host cluster in VMM.
Task 1: Configure the iSCSI target software on LON-HOST1

1.
On LON-HOST1, click Start, point to Administrative Tools, and then click iSCSI Initiator.
2.
If prompted by a dialog box to start the Microsoft iSCSI service, click Yes.
3.
In the iSCSI Initiator Properties dialog box, click the Discovery tab, and then click Discover Portal.
4.
In the IP address or DNS name text box, type 10.10.0.10 with port 3260.
5.
On the Targets tab, select iqn.1991-05.com.microsoft:lon-dc1-lon-host1-target, and then click

Connect.
6.
Enable the following:
Add this connection to the list of Favorite Targets
Enable multi-path

1.
On LON-HOST2, click Start, point to Administrative Tools, and then click iSCSI Initiator.
2.
3.
In the iSCSI Initiator Properties dialog box, click the Discovery tab, and then click Discover Portal.
4.
In the IP address or DNS name text box, type 10.10.0.10 with port 3260.
5.
On the Targets tab, select iqn.1991-05.com.microsoft:lon-dc1-lon-host2-target, and then click

Connect.
6.
Enable the following:
7.
Add this connection to the list of Favorite Targets
Enable multi-path
On LON-VM1, from the VMs and Services workspace, refresh both Lon-host1 and Lon-host2.
Task 3: Create a Hyper-V host cluster in VMM

1.
On LON-VM1, in the Virtual Machine Manager console, click the Fabric workspace.
2.
In the ribbon, click Create, and then click Hyper-V Cluster.
3.
In the Create Hyper-V Cluster Wizard, configure the following:
4.
1-47
Cluster name: LON-CLUSTER01
User name: Contoso\administrator
Password: Pa$$w0rd
Hosts to cluster: lon-host1.contoso.com and lon-host2.contoso.com
Network: 10.10.0.0/16
IP Address: 10.10.0.15
Storage: Quick Format and CSV selected on all listed disks. (Note that one disk will be greyed
out as it is automatically configured as the witness disk.)
In the Jobs window, wait until Install cluster job shows Status Completed w/ Info, and then close the
window. This might take approximately 15 minutes to complete.
Results: After this exercise, you should have created a Hyper-V host cluster using VMM.
Module Review and Takeaways
Review Questions
1.
What is a private cloud?
2.
What components does System Center 2012 offer for your private cloud?
3.
How can you monitor your private cloud?

2-1
Module 2
Configuring and Deploying the Private Cloud with Microsoft

System Center 2012 - Virtual Machine Manager
Contents:
Lesson 1: Overview of VMM Architecture and Components
2-3
Lesson 2: Installing and Upgrading VMM
2-17
Lesson 3: Configuring VMM Security and Roles
2-25
Lesson 4: Understanding Host Groups
2-32
2-44
Module Overview
2-2 Configuring and Deploying the Private Cloud with Microsoft System Center 2012 - Virtual Machine Manager
Creating a private cloud infrastructure is an important part of the cloud computing concept. Private cloud
infrastructure is a collection of various components such as hardware, software, configurations, profiles,
instances, and connectivity that together run within a data center. In order to build a private cloud
infrastructure, you will need to learn about the software and technologies that are available to help you
achieve this goal.
In this module, you will learn how to build a private cloud infrastructure by using Microsoft System
Center 2012 - Virtual Machine Manager (VMM).
Describe VMM architecture and components.
Install and upgrade VMM.
Configure VMM security and roles.
Understand host groups.
Lesson 1
Overview of VMM Architecture and Components
2-3
VMM has changed significantly from System Center Virtual Machine Manager 2008. VMM has many new
components and architectural concepts. Before starting to plan and implement the VMM infrastructure,
you should understand its key components and architecture.
In this lesson, you will learn about VMM architecture, what components you can include in it, and how to
deploy virtual machines in your VMM.
Describe VMM architecture.
Describe the VMs and Services workspace in VMM.
Describe private cloud infrastructure components in VMM.
Describe VMM libraries.
Describe jobs in VMM.
Describe VMM settings.
Deploy virtual machines in VMM.
VMM Architecture
VMM is a management solution for a virtualized data center. VMM enables you to create and deploy
virtual machines and services to private clouds by configuring and managing your virtualization host,
networking, and storage resources.
VMM is a component of System Center 2012 that discovers, captures, and aggregates knowledge of the
virtualization infrastructure. VMM also manages policies and processes with automations.
VMM is a key component in enabling private cloud infrastructure, which helps transition enterprise IT
from an infrastructure-focused deployment model into a service-oriented, user-centric environment.
VMM architecture consists of several different, interrelated components. These components are:
VMM management server. The VMM management server is the computer on which the VMM service
runs. The VMM management server processes commands and controls communications with the
VMM database, the library server, and the virtual machine hosts.
VMM server. The VMM server is the hub of a VMM deployment through which all other VMM
components interact and communicate. The VMM server also connects to a Microsoft SQL Server
database (VMM database) that stores all VMM configuration information.
Database. VMM uses a SQL Server database to store the information that you view in the VMM
management console, such as managed virtual machines, virtual machine hosts, virtual machine
libraries, jobs, and other virtual machine-related data.
Management console. The management console is a program that you use to connect to a VMM
management server, to view and manage physical and virtual resources, including virtual machine
hosts, virtual machines, services, and library resources. Virtual Machine Manager library.
Library. A library is a catalog of resources (for example, virtual hard disks, templates, and profiles), that
are used to deploy virtual machines and services. A library server also hosts shared folders that store
file-based resources in the. The VMM management server is always the default library server, but you
can add additional library servers later.
2-5
Command shell. Windows PowerShell is the command-line interface into which you use cmdlets that
perform all available VMM functions. You can use these VMMspecific cmdlets to manage all the
actions in a VMM environment.
Self-Service Portal. The Self-Service Portal is a web site that users who are assigned to a self-service
user role can use to deploy and manage their own virtual machines.
All the components described in the preceding section form the VMM architecture. By mutually
interacting, they enable you to deploy your private cloud solution.
The VMs and Services Workspace in VMM
The VMM management console is divided into several parts. Each part groups similar resources that
enable you to build a virtual private cloud environment. The VMs and Services workspace enables you to
view, add, and manage virtual machine hosts, virtual machines, and services. When deploying a VMM
infrastructure, this is usually the starting point for building a private cloud.
Within the VMs and Services workspace, you can do following:
Add hosts and create host groups. You can add VMMmanaged physical hosts when you deploy
VMM. Hosts and host groups are important parts of the VMM infrastructure. A virtual machine host is
a physical computer that hosts one or more virtual machines. A host computer can run different
virtualization platforms, such as Hyper-V, Microsoft Virtual Server, XEN Server, or VMWare. Hosts and
Host Groups allow you to set various properties and settings for virtual machine deployment.
With VMM, you can create custom groups of virtual machine hosts, known as host groups, for
organizing hosts and their virtual machines. For example, you might create a host group for each of
your organizations branch offices. Alternatively, you can create a host group to organize hosts that
are part of the same private cloud. When you create a private cloud, you select which host groups will
be part of the private cloud. You can then allocate all or some of the resources from the selected host
groups to the private cloud. Be aware that several settings and resources are assigned at the host
group level, such as: custom placement rules, host reserve settings for placement, dynamic
optimization and power optimization settings, network resource inheritance, host group storage
allocation, and custom properties.
Create and manage virtual machines. When you add a host to the VMM console, you will be able to
manage existing and newly created machines.
Create and manage private clouds. A private cloud is a cloud that is provisioned and managed onpremise by an organization, or is hosted by a service provider. An organization can deploy their
private cloud using their own hardware. Through VMM, an organization can manage the private
cloud definition, access to the private cloud, and the underlying physical resources.
2-7
Create and manage services. In VMM, a service is a set of virtual machines, settings and applications
that you configure and deploy together, and that you manage as a single entity. In the VMM console,
you use the Service Template Designer to create a service template, which defines the configuration
of the service. The service template includes information about the virtual machines that are deployed
as part of the service, which applications to install on the virtual machines, and the networking
configuration necessary for the service (including using load balancing). The service template can
make use of existing virtual machine templates, or you can define the service without using any
existing virtual machine templates.
Private Cloud Infrastructure Components in VMM
The key architectural concept in VMM is private cloud infrastructure. Similar to public cloud solutions
such as in Windows Azure, private cloud infrastructure in VMM is an abstraction layer that shields the
underlying technical complexities, and provides the ability to manage defined resource pools of servers,
networking, and storage in the enterprise infrastructure.
This concept is presented explicitly in the VMM 2012 management console user interface. With VMM
2012, you can create a private cloud from Hyper-V, VMware ESX, and Citrix XenServer hosts, and benefit
from cloud computing attributes including self-servicing, resource pooling, and elasticity.
You can configure the following resources from the VMM management console Fabric workspace:
Servers. In the Servers node, you can configure and manage several types of servers. Host groups
contain virtualization hosts, which are the destinations for where to deploy virtual machines. Library
servers are the repositories of building blockssuch as images, .iso files, and templatesfor creating
virtual machines. To deploy Hyper-V hosts on bare-metal machines automatically, and to boot a
virtual machine from bare-metal remotely via networks, use Pre-Boot Execution Environment (PXE)
servers such as Windows Deployment Services to initiate the operating system installation on a
physical computer. Update servers such as Windows Server Update Services (WSUS) service virtual
machines automatically based on compliance policies. For interoperability, use the VMM console to
add VMware vCenter servers to manage VMware ESX hosts.
Networking. In the VMM management console, the Networking node is where you can: define logical
networks, assign pools of static IPs and media access control (MAC) addresses, and integrate load
balancers. Logical networks are user-defined groupings of IP subnets and virtual local area networks
(VLANs) to organize and simplify network assignments. Logical networks provide an abstraction of
the underlying physical infrastructure, and enable an administrator to provision and isolate network
traffic based on selected criteria such as connectivity properties and service level agreements (SLAs).
2-9
Storage. Using the VMM 2012 admin console, an administrator can discover, classify, and provision
remote storage on supported storage arrays. VMM uses the Microsoft Storage Management Service
(which is enabled by default during the installation of VMM), to communicate with external arrays. An
administrator must install a supported Storage Management Initiative Specification (SMI-S) provider
on an available server, and then add the provider to VMM. SMI-S is a storage standard for operating
among heterogeneous storage systems. VMM automates the assignment of storage to a Hyper-V
host or Hyper-V host cluster, and then tracks the storage that is managed by VMM.
Note
Storage automation through VMM 2012 is only supported for Hyper-V hosts.
VMM Libraries
The VMM library is one of the main components of VMM 2012, and is a resource catalog that you can use
to build virtual machines, services, and private clouds. The library contains components such as templates,
operating system profiles, and hardware profiles that the VMM database stores.
The VMM library catalogs all resources that you use when creating new virtual machines. Therefore, some
organizations may find it very important for the library to be highly available.
Library Resources
The VMM library provides access to file-based resources that you need to build virtual machines. These
file-based resources can include System Preparation Tool (Sysprep) scripts, International Organization for
Standardization (ISO) images, and virtual hard disks that your library servers store. In addition, from the
VMM library, you can manage virtual machine templates, guest operating system profiles, and hardware
profiles that reside in the VMM database. You also can store service templates in the library, and virtual
machines when you are not using them.
One of the benefits of VMM is that you can use libraries to simplify virtual machine creation by
centralizing all necessary resources in one location. You can store a variety of components in a VMM
librarysuch as virtual disks, virtual DVDs, operating system templates, and hardware profiles. Then, when
you create a virtual machine, the preconfigured components are immediately available to you. This makes
creating virtual machines much faster and simpler than if you had to create them manually every time.
The VMM library also contains templates for services deployment, profiles for applications and operating
systems, and resources being used to build private cloud solution. You can also use the VMM library to
view Updates Catalog if it is connected to a WSUS server.
Library Server and Shares
2-11
The VMM library is hosted on a VMM library server. When you install VMM, the VMM server is configured
as the default library server. The VMM server indexes files that are stored on library shares. You cannot
remove or modify the default library server that is created during the installation process. However, you
can add additional library servers, if necessary. If the VMM server is highly available, the VMM library
server must be installed separately.
Each library server can have one or more library shares. A library share is a file share that contains the
resources that you use to build virtual machines. When you add a new library share, Add Library Share
Wizard the wizard does not create the share for you; instead, you must create and configure a file share
before adding it as a new library share.
You can organize content in a library share by creating subfolders, just as you create folders in a file share.
However, the folders will not appear in the VMM management console if they do not have any content.
VMM library contents are refreshed once per hour, by default. However, you can change this setting.
Question: What is the primary purpose of the VMM library?
Jobs in VMM
VMM creates a job whenever you perform any action that changes a managed objects status in VMM.
You can track these units of work in the Jobs view.
Definition of a Job
Jobs are composed of steps performed sequentially to complete an action. Some jobs consist of only a
single step, such as when you start or stop a virtual machine or refresh the view in the VMM Administrator
Console. Other jobs, such as when you move a virtual machine from one host to another, create several
additional steps to make up the one high-level job. Most wizards that you run in the VMM Administrator
Console create jobs with multiple steps.
How VMM Performs Jobs
VMM performs and logs each job as an independent task. The steps within a job may have dependencies
on other steps within the job, but jobs are designed to be independent. A job cannot depend on another
jobs status. This means that you can start multiple jobs within the VMM Administrator Console, and the
jobs can run asynchronously.
When you start a job in the VMM Administrator Console, VMM verifies that you have the required
permissions to run the job. Additionally, the job may require credentials to perform a specific task. For
example, when you are converting a physical server to a virtual machine, you must have the required
credentials to start the job, and then the job may require credentials to perform the task on the physical
machine.
Using Jobs
2-13
You can use jobs to view detailed information about a virtual machine that experienced some kind of
failure, and then you can use this information to determine how to repair the virtual machine. You can use
the Repair action for a virtual machine to either restart the job that caused the virtual machine to fail, or
return the virtual machine to the state that it was in before the job ran.
VMM jobs provide a complete list of all changes to the VMM environment. To get detailed information
about exact changes that were made to VMM objects by a job, you can access the jobs Change Tracking
tab. Depending on the job type, the Change Tracking tab may display either very little or very detailed
information. For example, when you refresh the view in the VMM Administrator Console, if no objects in
VMM have been modified since the previous refresh, the Change Tracking tab does not display any
information. However, if you move a virtual machine from one host to another, the Change Tracking tab
displays detailed information about all of the changes that occurred during the move.
VMM Settings
You configure the VMM management server from the Settings tab in the VMM console. From here, you
can configure general settings for VMM, and Security roles and accounts. You can also configure servicing
hours for your servers, and configuration providers.
Settings groups within the Settings tab that you can configure are:
General. Click on the General node to access the General pane, where you can configure network
settings, VMM guest agent settings, and Customer Experience Improvement Program settings. You
can also manage VMM database connections, configure Library refresh intervals, define a port for
VMConnect, and define an administrative contact person for Self-service users.
Security. Security allows you to define User roles and Run As Accounts. Security is part of the Settings
pane. These features provide the ability to delegate rights to perform some tasks with hosts and
virtual machines, and to use predefined accounts (and passwords) for some tasks. User roles and Run
As accounts will be discussed later in more detail.
Servicing Windows. You can use Servicing Windows to define intervals for regular maintenance when
your servers or virtual machines are unavailable. After creating a servicing window, you can subscribe
resources for it.
Configuration Providers. In the Configuration Providers pane, you can view configuration providers
that are installed in VMMfor example, a configuration provider for Microsoft Network Load
Balancing (NLB) or for out-of-band power management. A configuration provider is a plug-in to
VMM that translates VMM Windows PowerShell commands to application programming interface
(API) calls that are specific to a type of load balancer or baseboard management controller.
System Center Settings. You can configure connections to other System Center products with System
Center Settings. For example, if you connect VMM and Operations Manager, you will be able to use
Performance and Resource Optimization (PRO) technology. This technology enables VMM to move
virtual machines automatically from one host to another based on information about resource usage
provided by Operations.
Deploying Virtual Machines in VMM
2-15
One of the advantages of using a virtualized environment that is managed by VMM is the flexibility that it
provides to create and deploy new virtual machines quickly.
Using VMM, you can manually create a new virtual machine with new configuration settings and a new
hard disk. You can then deploy the new virtual machine from one of following sources:
An existing virtual hard disk (.vhd) file (blank or preconfigured)
A virtual machine template
A VMM library
You can create new virtual machines either by converting an existing physical machine, or by cloning an
existing virtual machine.
Creating a New Virtual Machine from an Existing VHD
You can create a new virtual machine based on either a blank VHD, or on a preconfigured VHD that
contains a guest operating system. VMM provides two blank VHD templates that you can use to create
new disks:
Blank Disk Small
Blank Disk Large
You can also use a blank VHD when you want to use an operating system with a PXE. Alternatively, you
can place an ISO image on a virtual DVD-ROM, and then install an operating system on the empty drive.
This is an effective way to build a virtual machines source image, which you can then use as a future
template. To install the operating system on such a virtual machine, you can use an ISO image file from
the library or from local disk, then map a physical drive from the host machine, or initiate the guest
operating system setup through a network service boot.
If you have a library of VHDs that you want to leverage in your VMM environment, you can create a
virtual machine from an existing VHD. You also can choose existing VHDs when deploying any operating
system from which VMM cannot create a template, such as a non-Windows operating system.
When you create a new virtual machine using an existing VHD, you are essentially creating a new virtual
machine configuration that is associated with the vhd file. VMM will create a copy of the source VHD so
that you do not have to move or modify the original.
In this scenario, the source VHD must meet the following requirements:
You must leave the Administrator password blank on the VHD as part of the Sysprep process.
You must install the Virtual Machine Additions on the virtual machine.
You must use Sysprep to prepare the operating system for duplication.
Deploying from a Template
Deploying from a template creates a new virtual machine based on a template from the VMM library. The
template is a library resource, which links to a virtual hard drive that has a generalized operating system,
hardware settings, and guest operating system settings. You use the guest operating system settings to
configure operating system settings such as computer name, local administrator password, and domain
membership.
The deployment process does not modify the template, which you can reuse multiple times. If you are
creating virtual machines in the Self-Service Portal, you must use a template.
The following requirements apply if you want to deploy a new virtual machine from a template:
You must install a supported operating system on the VHD.
You must leave the Administrator password blank on the VHD as part of the Sysprep process.
However, you do not have to leave blank the Administrator password for the guest operating system
profile.
For customized templates, you must prepare the operating system on the VHD by removing
computer identity information. For Windows operating systems, you can prepare the VHD by using
Sysprep.
Deploying from the VMM Library
If you deploy a virtual machine from the library, the virtual machine is removed from the library, and then
placed on the selected host. When using this method, you must provide the following details in the
Deploy Virtual Machine Wizard:
The host for deployment. The template that you use provides a list of potential hosts and their
ratings.
The path of the virtual machine files on the host.
The virtual networks used for the virtual machine. You are presented with a list of existing virtual
networks on the host.
Lesson 2
Installing and Upgrading VMM
2-17
Installing VMM is a very important part of operating and managing your private cloud. There are several
prerequisites for installing VMM, and there are various scenarios in which you can implement VMM. If you
already have an older version of VMM installed, you can choose to upgrade your current VMM version to
the newest VMM version to utilize new features and functionalities.
In this lesson, you will learn about how to install and upgrade VMM.
Describe VMM installation prerequisites and considerations.
Upgrade VMM from previous versions.
Describe considerations for deploying a highly available VMM server.
Prerequisites for Installing VMM
Before deploying VMM and its components, you should be certain that your system meets hardware and
software requirements. While software requirements do not change based on the number of hosts that
VMM will manage, hardware prerequisites may vary. In addition, not all VMM components have the same
hardware and software requirements. However, Windows Server 2008 R2 is the only supported operating
system for VMM.
VMM Management Server
In addition to having Windows Server 2008 R2 installed, you need to ensure that the following software is
installed on the server that will run the VMM management server:
Microsoft .NET Framework 3.5 Service Pack 1 (SP1) or later
Windows Automated Installation Kit (AIK)
Windows PowerShell 2.0 (if the VMM management console will run on the same server with VMM
Management server
Windows Remote Management 2.0 (this is installed by default in Windows Server 2008 R2, so you
should just verify if the service is running)
SQL Server 2008 SP2 (Standard or Enterprise) or SQL Server 2008 R2 SP1 Standard, Enterprise or
Datacenterthis is necessary only when you install the VMM management server and SQL Server on
same machine
Hardware requirements vary depending on number of hosts, and have the following limits:
Central processing unit (CPU): Single core CPU 2 gigahertz (GHz), Dual core CPU 2.8 GHz
Random access memory (RAM): 4 8 gigabytes (GB)
2-19
Disk space: 40 GB 150 GB (depending on whether or not a SQL Server database is installed on the
same server. In addition, if the library is on the same server, then disk space will also depend on
library content.)
VMM Database
The VMM database stores all VMM configuration information, which you can access and modify by using
the VMM management console. The VMM database requires SQL Server 2008 SP2 or newer. Because of
this, the base hardware requirements for VMM database are equal to the minimum system requirements
for installing SQL Server. Additionally, if you are going to manage more than 150 hosts, you should have
at least 4 GB of RAM on the database server. Software requirements for the VMM Database are the same
as for SQL Server.
VMM Library
The VMM library is the server that hosts resources for building virtual machines, services and business unit
clouds. In smaller environments, you usually install the VMM library on the VMM Management Server, in
which case the hardware and software requirements are the same as for the VMM Management Server. In
larger and more complex environments, it is recommended to have VMM library on separate server in
highly available configuration. If you want to deploy another VMM library server, the server should fulfill
following requirements:
Supported operating system: Windows Server 2008 or Windows Server 2008 R2
Windows Remote Management 2.0
CPU: at least 2.8 GHz
RAM: at least 2 GB
Hard disk space: Varies based on the number and size of files stored
VMM Installation Considerations
Before installing VMM, ensure that the computer meets the minimum hardware requirements, and that
all the prerequisite software is installed. The VMM installation wizard will not install any prerequisite
components, so ensure that all prerequisites are installed prior to running the Installation Wizard.
You should consider the following when planning your VMM installation:
Before you begin installing your VMM management server, ensure that you have a computer with the
supported SQL Server version installed and running. Unlike VMM 2008 R2, VMM does not install an
Express edition of SQL Server automatically.
The VMM console installs automatically when you install a VMM management server. However, you
cannot use the VMM console to connect to a VMM server from a previous version of VMM (for
example, you cannot use the VMM console to connect to a VMM 2008 R2 server).
If you are installing the VMM management server on a computer that is a member of a cluster, you
will be asked whether you want to make the VMM management server highly available.
If there is a problem with setup completing successfully, consult the log files in the
%SYSTEMDRIVE%\ProgramData\VMMLogs folder. Be aware that ProgramData is a hidden folder by
default.
During the VMM management server installation, on the Configure service account and distributed
key management page, you must configure the VMM service to use either the Local System account
or a domain account. Considerations for choosing this account will be discussed later in this module.
Before beginning to install VMM, close any open programs, and ensure that there are no pending restarts
on the computer. For example, if you have recently installed a server role by using Server Manager or
have applied a security update, you may need to restart the computer and then log on to the computer
with the same user account to finish the server role or security update installation.
Upgrading VMM from Previous Versions
2-21
If you already have a previous VMM version installed in your environment, it may be possible to upgrade
directly to VMM 2012. However, there are several requirements and limitations that you must be aware of
before planning an upgrade.
Supported Versions of VMM to Upgrade
VMM 2008 R2 SP1 is the only supported earlier version that you can upgrade directly to VMM 2012. In
addition, VMM 2008 R2 SP1 must be running on Windows Server 2008 R2 SP1. If your VMM server for
VMM 2008 R2 SP1 is installed on Windows Server 2008 SP2, you need to upgrade the operating system to
Windows Server 2008 R2 SP1 before you can begin an in-place upgrade to VMM.
SQL Server Edition
VMM does not support the SQL Server Express edition for VMM databases. This means that you should
migrate your VMM Database to a supported SQL Server version before starting your VMM upgrade.
The SQL Server 2008 R2 command-line utilities are not mandatory for an upgrade, but they are highly
recommended. If the SQL Server 2008 R2 command-line utilities are not present on the VMM server, a
warning displays in the prerequisites check during the upgrade process. This does not prevent installation,
and you can install these utilities later.
Requirement for AIK
VMM requires that you install an AIK. AIK tools help you deploy virtual machines automatically. Windows
AIK for Windows 7 is the only supported version. You must uninstall previous Windows AIK versions
before installing Windows AIK for Windows 7.
Virtual Server 2005 R2
Virtual machine hosts running Microsoft Virtual Server 2005 R2 are no longer supported in VMM. If
you upgrade a VMM environment that has Virtual Server hosts, the hosts are removed from the VMM
database. If you do not want these hosts to be removed automatically, remove the hosts manually before
upgrading.
VMWare ESX, ESXi, and vCenter Server
Virtual machine hosts that are running certain versions of VMware ESX and VMware vCenter Server are
also no longer supported. VMM 2012 supports only VMware vCenter Server 4.1 (including Updates 1 & 2),
VMware ESX 3.5, ESX 4.0, ESX 4.1, and VMware ESXi 3.5, ESXi 4.0, and ESXi 4.1 (including all available
updates for all versions).
PRO Configurations
When upgrading to VMM, PRO configurations are not maintained. If you have an existing connection to
Operations Manager, the upgrade process removes the connection. If you do not want the connection to
be removed automatically, remove the connection manually before upgrading. After the upgrade process
completes, you can reconfigure your connection to Operations Manager.
Library Server on Windows Server 2003
VMM does not support a library server on a computer that is running Windows Server 2003. If your library
server is on a computer that is running Windows Server 2003 and you continue with the upgrade, you will
not be able to use the library server in VMM. You will only be able to remove the library server from
VMM.
Note During an upgrade process, VMM provides automatic rollback functionality in the
event of a failure. If an upgrade failure is detected, the upgrade automatically reverts to the
original VMM 2008 R2 SP1 configuration.
Considerations for Deploying a Highly Available VMM Server
2-23
VMM now supports a highly available VMM Server. You can use failover clustering to achieve high
availability for VMM, because VMM is now a cluster-aware application. However, you should consider
several things before deploying a VMM cluster.
Before you begin the installation of a highly available VMM management server, ensure the following:
You have installed and configured a failover cluster that is running Windows Server 2008 R2 or
Windows Server 2008 R2 SP1.
All computers on which you are installing the highly available VMM management server meet the
minimum hardware requirements, and all prerequisite software is installed on all computers.
You have created a domain account that will be used by the VMM service. You must use a domain
user account for a highly available VMM management server.
You are prepared to use distributed key management to store encryption keys in Active Directory
Domain Services (AD DS). You must use distributed key management for a highly available VMM
management server.
You have a computer with a supported SQL Server version installed and running. Unlike VMM 2008
R2, VMM will not automatically install a SQL Server Express edition.
Highly Available Databases and Library Servers
To achieve full redundancy, we recommend that you use a highly available SQL Server. You should install
a highly available SQL Server on a separate failover cluster from the failover cluster on which you are
installing the highly available VMM management server. Similarly, we also recommend that you use a
highly available file server for hosting your library shares.
Self Service Portal and Clustered VMM Server
For best practices, do not install the VMM Self-Service Portal on the same computer as the highly
available VMM management server. If your VMM Self-Service Portal currently resides on the same
computer as the VMM server, we recommend that you uninstall the VMM Self-Service Portal for VMM
2008 R2 SP1 before upgrading to VMM. We also recommend that you install the VMM Self-Service Portal
on a highly available web server to achieve redundancy and load balancing.
Failover Cluster Manager
You cannot perform a planned failover (for example, to install a security update or do maintenance on a
cluster node) by using the VMM console. Instead, to perform a planned failover, use the Failover Cluster
Manager console.
During a planned failover, ensure that there are no tasks actively running on the VMM management
server. Any tasks that are executing during a failover will be stopped and will not restart automatically.
Any connections to a highly available VMM management server from the VMM console or the VMM
Self-Service Portal will also be lost during a failover. However, the VMM console will be able to reconnect
automatically to the highly available VMM management server after a failover if it was opened before you
performed failover to another VMM server.
Lesson 3
Configuring VMM Security and Roles
2-25
Because VMM is software that operates a private cloud infrastructure, it is very important to design
security properly. In addition, it is very important to define precisely the access permissions to various
resources that private cloud users will use. VMM provides several options for configuring and managing
security. However, you must first define a VMM service account, key management, and then define run as
accounts and security roles.
In this lesson, you will learn about VMM security and roles.
Specify VMM service accounts.
Configure distributed key management.
Configure run as accounts.
Configure user roles.
Specifying VMM Service Accounts
During the VMM management server installation in VMM, on the Configure service account and
distributed key management page, you must configure the VMM service to use either the Local System
account or a domain account. If you specify a domain account, the account must be a member of the
local Administrators group on that computer.
It is very important that you create a service account before starting your VMM deployment. You can also
consider using the managed service accounts feature that is available in Windows Server 2008 R2, to
create an account for VMM.
When planning a service account for VMM, take into account the following considerations:
If you specify a domain account, we strongly recommend that you create an account that is
designated specifically for this purpose. When a host is removed from the VMM management server,
the account under which the VMM service is running is removed from the local Administrators group
of the host. If the same account is used for other purposes on the host, this can cause unexpected
results.
In the following instances, you must use a domain account:
If you plan to use shared ISO images with Hyper-V virtual machines
If you are using a disjointed namespace
If you are installing a highly available VMM management server
If you are installing a highly available VMM management server on a release candidate version of
VMM, you must add the domain account directly to the local Administrators group. The domain
account cannot be a member of a group that is itself a member of the local Administrators
group.
Configuring Distributed Key Management
2-27
During a VMM management server installation, on the Configure service account and distributed
key management page, you can select to use distributed key management to store encryption keys in
AD DS, instead of storing the encryption keys on the computer on which the VMM management server
is installed. If you choose to enable distributed key management, coordinate with your Active Directory
administrator about creating the appropriate container in AD DS for storing the cryptographic keys. If you
are installing a highly available VMM management server, you must use distributed key management to
store encryption keys in AD DS.
Distributed key management is required in this scenario, because when the VMM service fails over to
another node in the cluster, the VMM service still needs access to the encryption keys to access data in
the VMM database. This is only possible if the encryption keys are stored in a central location such as
AD DS.
You must create a container in AD DS to store the encryption keys. You can create the container before
installing VMM by using ADSI Edit.
The following are some considerations when using distributed key management in VMM:
If the account with which you are installing VMM has the appropriate permissions to create a
container in AD DS, you do not need to create the container in AD DS before starting the VMM
installation. Instead, on the Configure service account and distributed key management page, you
can enter the name for the container, and the container will be created automatically as part of the
VMM installation process.
You can create the container anywhere in your AD DS hierarchy. Examples of locations in AD DS are:
CN=VMMDKM,DC=contoso,DC=com
CN=VMMDKM,CN=corp,DC=contoso,DC=com
The account with which you are installing VMM must have at least Read, Write, and Create all child
objects permissions to the container in AD DS, and the permissions must apply to this object and all
descendant objects of the container.
On the Configure service account and distributed key management page, you must specify the
location of the container in AD DS by typing the location. For example, you can type:
CN=VMMDKM,DC=contoso,DC=com.
What Is a Run As Account?
2-29
In VMM, the credentials that a user enters for any process can instead be provided by a Run As account. A
Run As account is a container for a set of stored credentials.
Only administrators and delegated administrators can create and manage Run As accounts. Read-only
administrators can see the account names associated with Run As accounts that are in the scope of their
user role.
The same restrictions on creating, managing, and viewing Run As accounts are in effect for both the VMM
console and the VMM command shell. Delegated administrators and self-service users can only access
objects that are in the scope of their user role, and can only perform the actions that their user role allows.
VMM uses the Windows Data Protection API (DPAPI) to provide operating system-level data protection
services during storage and retrieval of the Run As account credentials. DPAPI is a password-based data
protection service that uses cryptographic routines (the strong Triple Data Encryption Standard (DES)
algorithm, with strong keys) to offset the risk posed by password-based data protection.
User Roles in VMM
You can create user roles in VMM to define the objects that users can manage, and the management
operations that users can perform.
Administrator
Members of the administrators user role can perform all administrative actions on all objects that VMM
manages.
Administrative users have sole responsibility for the following VMM features:
Adding stand-alone Citrix Xen-Server hosts and Xen-Server clusters (known as pools) to VMM
management
Adding a WSUS server to VMM to enable VMM private cloud infrastructure updates through VMM
Delegated Administrator
Members of Delegated Administrator user roles can perform all administrative tasks within their assigned
host groups, clouds, and library servers, except for adding a Citrix Xen-Server host or cluster, and adding
WSUS servers.
Self-Service User
Members of the self-service user roles create, deploy, and manage their own virtual machines and services
by using the VMM management console, Self Service Portal, or Windows PowerShell.
When a Self-Service user profile is created, you configure the scope of objects that are made available to
users of this profile. This includes the private clouds and resources that can be used by the self-service
user. You can also configure whether self-service users can view or implement PRO tips.
Read-Only Administrator
2-31
Read-Only Administrator users can view status, job status, and properties of objects within their assigned
host groups, clouds, and library servers. The Read-Only Administrators user role also specifies the Run As
accounts that the Read-Only Administrator can view.
Lesson 4
Understanding Host Groups
A virtual machine host is one of the main objects in the VMM private cloud infrastructure. A host is a
physical computer that runs the virtual machines. You can organize hosts into groups so they can share
common properties and settings. It is very important to know how to manage hosts properly when
deploying your virtual environment.
In this lesson, you will learn about configuring host groups.
Describe host groups.
Configure placement rules.
Configure host reservations.
Configure dynamic optimization.
Configure networks.
Configure storage.
What Are Host Groups?
2-33
You can organize hosts into host groups, which help you simplify management tasks. A host group
enables you to apply settings to multiple hosts with a single action. By default, there is a single host group
in VMM Administration console named All Hosts. However, if necessary, you can create additional groups
for your environment.
Host groups are hierarchical. When you create a new child host group, it inherits the settings from the
parent host group. When a child host group moves to a new parent host group, the child host group
maintains its original settings except for PRO settings, which are managed separately. When the settings
in a parent host group change, you have the option to apply those changes to child host groups.
The following are scenarios in which you would use host groups:
Providing basic organization when you are managing large numbers of hosts and virtual machines.
You can create custom views within the Hosts view and Virtual Machines view to provide easy
monitoring and access to a host. For example, you might create a host group for each branch office
in your organization.
Reserving resources for use by hosts. Host reserves are useful when placing virtual machines on a
host. Host reserves determine the amount of CPU, memory, disk space, disk input/output (I/O)
capacity, and network capacity that are continuously available to the host operating system.
Use the Host group properties action for the root host group All Hosts, to set default host reserves for
all hosts that VMM manages. If you want to use more of the resources on some hosts rather than on
other hosts, you can set host reserves differently for each host group.
Designating hosts on which users can create and operate their own virtual machines. When a VMM
administrator adds self-service user roles, one part of role creation is to identify the hosts on which
self-service users or groups in that role are allowed to create, operate, and manage their own virtual
machines. It is recommended to designate a specific host group for this purpose.
Creating a business unit cloud from resources in host groups. When you create a private cloud, you
select which host groups will be part of the private cloud. You can then allocate some or all of the
resources from the selected host groups to the private cloud.
Each host group has a set of properties and settings that are common to all hosts within that host group.
These properties include changing the name or description of a host group, moving a host group within
the host group hierarchy, or modifying the resources reserved for the host operating system on the host.
You can access a host groups properties by right-clicking the host group, and then clicking Properties.
You can assign host groups to the Delegated Administrator and the Read-Only Administrator user roles to
scope the user roles to specific host groups. Members of these user roles can view and manage the private
cloud infrastructure resources that are assigned to them at the host group level.
Configuring Placement Rules
2-35
In VMM 2008, virtual machine placement enables VMM 2008 to evaluate hosts capacity, and then
suggest the most appropriate virtualization host for deployment. The most recent VMM edition extends
this capability with over 100 virtual machine placement checks, and adds support for custom placement
rules.
VMMManaged Virtual Machine Placement
Placement rules that you define on a host group level help you to manage virtual machine placement on
specific hosts inside a host group. In general, VMM always tries to recommend the most appropriate host
for virtual machine placement by calculating host rating. However, by specifying Custom placement rules,
you can define your own rules for placement or placement blocking.
Custom Placement Rules
Custom placement rules are based on host and virtual machine custom properties. On each host, you
can define values for 10 predefined custom properties, and you can also define your own new custom
properties and their values. Similarly, you can define custom properties for each virtual machine.
By defining custom placement rules on a host group level, you can actually define a rule that is using a
custom property as a condition for allowing or blocking virtual machine deployment on a host in a host
group.
For example, you can define a rule specifying that a specific custom property value must match on both
the host and the virtual machine, or the virtual machine will not be allowed to deploy.
Configuring Host Reservations
Host reserve settings specify the amount of resources that VMM sets aside for host operating system use.
For a virtual machine to be placed on a host, the host must be able to meet the virtual machines resource
requirements without using host reserves. You can set host reserves for both individual host groups, and
for individual hosts. The host reserve settings for the root host group, All Hosts, sets the default host
reserves for all hosts.
You can configure reserve values for the following resources:
CPU: By configuring the CPU value, you specify how much of the CPU resources are available to the
host machine.
Memory: You can define the amount of RAM memory that hosts need to operate normally.
Disk I/O: By configuring Disk I/O, you reserve some bandwidth to disk for the host operating system.
Disk space: You can reserve amount of free disk space that must always be available for hosts.
Network I/O: This setting specifies how much of the total network I/O is available on the host
machine.
You should consider configuring host reserves on the host group level. By configuring host reserves, you
will optimize resource usage, and ensure that all vital services on physical hosts have enough resources to
run even when virtual machines are operating with heavy loads.
Configuring Dynamic Optimization
2-37
VMM provides two new features that help optimize power and resource usage on hosts managed by
VMM: dynamic optimization, and power optimization. Dynamic optimization balances the virtual machine
load within a host cluster, while power optimization enables VMM to evacuate balanced cluster hosts, and
then turn them off to save power.
Although power optimization is an optional setting within the Dynamic Optimization group of settings, it
is important that you consider it separately.
Dynamic Optimization
During dynamic optimization, VMM migrates virtual machines within a host cluster to improve loadbalancing among hosts, and to correct any placement constraint violations for virtual machines.
You can configure dynamic optimization on a host group to migrate virtual machines within host
clusters with a specified frequency and aggressiveness settings. Aggressiveness determines the amount
of load imbalance that is required to initiate a migration during dynamic optimization. By default, virtual
machines with medium aggressiveness are migrated every 10 minutes. When configuring frequency and
aggressiveness for dynamic optimization, an administrator should factor in the resource cost of additional
migrations against the advantages of balancing loads among hosts in a host cluster. By default, a host
group inherits dynamic optimization settings from its parent host group.
You can set up dynamic optimization for clusters with two or more nodes. If a host group contains
standalone hosts or host clusters that do not support live migration, dynamic optimization is not
performed on those hosts. Any hosts that are in maintenance mode also are excluded from dynamic
optimization. In addition, VMM only migrates highly available virtual machines that use shared storage.
If a host cluster contains virtual machines that are not highly available, those virtual machines are not
migrated during dynamic optimization.
On-demand dynamic optimization is also available for individual host clusters, by using the Optimize
Hosts action in the Virtual Machines and Services workspace. You can perform on-demand dynamic
optimization without configuring dynamic optimization on host groups. When you request dynamic
optimization for a host cluster, VMM lists the virtual machines that will be migrated for your approval.
Note You do not need to implement and configure PRO to use Dynamic Optimization;
these two technologies do not depend on each other.
Power Optimization in VMM

Power optimization is an optional feature within Dynamic Optimization, and it is only available when a
host group is configured to migrate virtual machines through dynamic optimization. Through power
optimization, VMM helps to save energy by turning off hosts that are not needed to meet resource
requirements within a host cluster, and then turns the hosts back on when they are needed again.
By default, when the feature is turned on, VMM performs power optimization at all times. However,
you can schedule specific hours and days of the week that VMM will perform power optimization. For
example, you might initially schedule power optimization only on weekends, when you anticipate low
resource usage on your hosts. After observing the effects of power optimization in your environment, you
might increase the hours.
To use Power Optimization, the host computers must have a baseboard management controller (BMC)
that enables out-of-band management. The BMC that is installed in a host must support one of the
following out-of-band management protocols:
Intelligent Platform Management Interface (IPMI) versions 1.5 or 2.0
Data Center Management Interface version 1.0
System Management Architecture for Server Hardware version 1.0 over WS-Management
Configuring Networks
2-39
Networking in VMM includes several enhancements that enable administrators to efficiently provision
network resources for a virtualized environment. Networking enhancements include the following
capabilities:
Create and define logical networks
Assign static IP addresses and static MAC addresses
Integrate Load balancers
Logical Networks
A logical network that is combined with one or more associated network sites is a user-defined, named
grouping of IP subnets, VLANs, or IP subnet/VLAN pairs, which are used to organize and simplify
network assignments. Some possible logical network examples include BACKEND, FRONTEND, LAB,
MANAGEMENT, and BACKUP. Logical networks represent an abstraction of the underlying physical
network infrastructure that enables you to model the network based on business needs and connectivity
properties. After you create a logical network, you can use it to specify the network on which to deploy a
host or a virtual machine (standalone or part of a service). Users can assign logical networks as part of
creating a virtual machine and service, without having to understand the network details.
You can use logical networks to describe networks with different purposessuch as for traffic isolation,
and to provision networks for different types of SLAs. For example, for a tiered application, you may
group IP subnets and VLANs that you use for the front-end web tier into a logical network named
FRONTEND. You may choose to group backend servers into a logical network named BACKEND for the IP
subnets and VLANs that you use. When a self-service user models the application as a service, they can
easily choose the logical network for virtual machines in each tier of the service to which to connect.
At least one logical network must exist for you to deploy virtual machines and services. By default, when
you add a Hyper-V host to VMM management, VMM automatically creates logical networks that match
the first Domain Name System (DNS) suffix label of the connection-specific DNS suffix on each host
network adapter.
To make a logical network available to a host, you must associate the logical network with a physical
network adapter on the host, and make it available through an external virtual network (otherwise known
as an external virtual switch). You perform this association on a per network adapter basis.
By default, when you add a Hyper-V host to VMM management, if a physical network adapter on the host
does not have an associated logical network, VMM automatically creates and associates a logical network
that matches the first DNS suffix label of the connection-specific DNS suffix. For example, if the DNS suffix
for the host network adapter is corp.contoso.com, VMM creates a logical network that is named corp. If
a virtual network is not associated with the network adapter, when a job connects a virtual machine to a
logical network that is associated with the physical network adapter, VMM automatically creates an
external virtual network, and then associates it with the logical network. Be aware that no network sites
are created automatically. These default settings provide a solution to help you create and deploy virtual
machines on your existing network.
Network Sites
When you create a logical network, you can create one or more associated network sites. A network site
associates one or more subnets, VLANs, and subnet/VLAN pairs with a logical network, and enables you
to define the host groups to which the network site is available. For example, if you have a Seattle host
group and a New York host group, and you want to make the BACKEND logical network available to
each, you can create two network sites for the BACKEND logical network. You can scope one network site
to the Seattle host group (and any desired child host groups), and the other network site to the New York
host group (and any desired child host groups), adding the appropriate subnets and VLANs for each
location.
IP Address Pools
If you associate one or more IP subnets with a network site, you can create an IP address pool. By
creating a static IP address pool, you enable VMM to assign static IP addresses to hosts (for example,
when you use VMM to convert a bare-metal computer to a Hyper-V host), and to Windows-based virtual
machines that are running on any supported hypervisor platform. By using static IP address pools, IP
address management for the virtual environment is taken from network management and brought within
the scope of the VMM administrator.
However, configuring static IP address pools is optional. You can also assign addresses automatically
through Dynamic Host Configuration Protocol (DHCP) if it is available on the network. If you use DHCP,
you do not have to create IP address pools.
MAC Address Pools
VMM can assign static MAC addresses automatically to new virtual network devices on Windows-based
virtual machines that are running on any managed Hyper-V, VMware ESX, or Citrix Xen-Server host.
VMM has two default static MAC address pools: the default MAC address pool (for Hyper-V and Citrix
Xen-Server), and the default VMware MAC address pool (for VMware ESX hosts). The default static MAC
address pools are used only if you set the MAC address type for a virtual machine to Static. If the virtual
machine setting is set to Dynamic, the hypervisor assigns the MAC address. You can use either the default
MAC address pools, or you can configure custom MAC address pools that are scoped to specific host
groups.
Virtual IP Templates
2-41
A virtual IP template contains load balancerrelated configuration settings for a specific type of network
traffic. For example, you could create a template that specifies the load balancing behavior for Hypertext
Transfer Protocol/Secure (HTTPS) traffic on a specific load balancer manufacturer and model. These
templates represent the best practices from a load balancer configuration standpoint.
After you create a virtual IP template, users (including self-service users) can specify the virtual IP template
to use when they create a service. When a user models a service, they can pick an available template that
best matches their needs for the type of load balancer and the type of application.
Load Balancer Integration
By adding a load balancer to VMM, you can load-balance requests to the virtual machines that make
up a service tier. You can use NLB, or you can add supported hardware load balancers through the VMM
console. NLB is included as an available load balancer when you install VMM. NLB uses round-robin as the
load-balancing method.
To add supported hardware load balancers, you must install a configuration provider that is available
from the load balancer manufacturer. The configuration provider is a plug-in to VMM that translates
Windows PowerShell commands to API calls, which are specific to a load balancer manufacturer and
model. Supported hardware load balancer devices are: F5 Big-IP, Brocade ServerIron, and Citrix Netscaler.
You must obtain the load balancer provider from the load balancer vendor, and install the provider on the
VMM management server.
Configuring Storage
Through the VMM console, you can discover, classify, and provision remote storage on supported storage
arrays. VMM fully automates storage assignment to a Hyper-V host or Hyper-V host cluster, and then
tracks any storage that it manages.
To enable the new storage features, VMM uses the new Storage Management Service to communicate
with external arrays through an SMI-S provider. The Storage Management Service installs by default
during the VMM installation. You must install a supported SMI-S provider on an available server, and then
add the provider to VMM management. List of supported storage systems can be found on the Microsoft
website.
Note For backward compatibility purposes, if you do not add an SMI-S provider to VMM
management, VMM still uses a Virtual Disk Service (VDS) hardware provider for Storage
Area Network (SAN) transfer functionality. However, support for VDS hardware providers
has deprecated, and future VMM releases will not support VDS providers.
The following is a list of steps that you must complete to discover, classify, and assign storage through
VMM:
1.
For a supported storage array, obtain an SMI-S storage provider from your storage array vendor, and
then install the provider on an available server according to the instructions that are provided by your
storage vendor.
2.
From the VMM console, in the Storage node, connect to the SMI-S storage provider to discover and
classify the storage. Connect to the provider by using either the Internet Protocol version 4 (IPv4)
address or the fully qualified domain name (FQDN). Classifying storage entails assigning a meaningful
classification to storage pools. For example, you may assign a classification of GOLD to a storage pool
that resides on the fastest, most redundant storage array. This enables you to assign and use storagebased classification without actually knowing its hardware characteristics.
2-43
3.
Optionally, in the Storage node, you can create logical units from a managed storage pool.
4.
From either the VMM console Storage node or the target host group Properties dialog box, you
need to allocate either pre-created logical units or storage pools to specific host groups. If you
allocate storage pools, you can create and assign logical units directly from managed hosts in the
host group that can access the storage array. In addition, if you use rapid provisioning to provision
virtual machines by using SAN snapshots or cloning, VMM can create logical units automatically from
the storage pool.
5.
In the VMM console, from either the host or host cluster Properties dialog box, assign logical units
from the host group either to specific Hyper-V hosts or to Hyper-V host clusters, as shared Cluster
Shared Volume or available storage. If you allocated a storage pool to a host group, you can create
and optionally assign logical units directly from a host or host clusters Properties dialog box. If the
storage array supports Internet Small Computer System Interface (iSCSI) host connectivity, you can
also create iSCSI sessions to the storage array from a hosts Properties dialog box.
Note The hosts must be able to access the storage array. For example, if you are using a
Fibre Channel SAN, each host must have a host bus adapter (HBA), and the hosts must be
zoned correctly.
Lab: Configuring and Deploying the Private Cloud

Infrastructure
Lab Setup
Note
Before starting this lab, you must have completed the lab in Module 1.
ensure that the virtual machines are running by completing the following steps:
1.
2.
3.
4.
Password: Pa$$w0rd
Domain: Contoso
5.
6.
7.
8.
9.
Password: Pa$$w0rd
Domain: Contoso
Lab Scenario
2-45
You are administrator at Contoso, Ltd You have just deployed VMM and two physical hosts, and you now
want to make basic configuration changes, and then perform a test deployment of the virtual machines.
Exercise 1: Reviewing and Configuring Hosts

Scenario
You have just added a host cluster in VMM, and before implementing any resources or virtual machines,
you want to review the current physical hosts configurations.
1.
Review cluster configuration.
2.
Review and configure host network adaptors.
Task 1: Review cluster configuration

1.
On LON-VM1, in the VMM console, click the VMs and Services workspace, and then open the
Properties dialog box for LON-CLUSTER01.
2.
Review the cluster configuration by browsing through all of the tabs. Do not make any changes.
Task 2: Review and configure host network adaptors

1.
Expand LON-CLUSTER01, and then open the Properties dialog box for lon-host1.contoso.com.
2.
For the network adapter, in the Description field, type Adapter for host management and virtual
machine usage.
3.
Under logical network connectivity, ensure that the network adapter is connected to External
Network, and options Available for placement and Used by management are both selected.
4.
In Virtual Networks, ensure that name of the network is External Network, and network binding is
External.
5.
Repeat steps 1 to 4 on lon-host2.
Results: After this exercise, you should have reviewed and configured hosts.
Exercise 2: Configuring Host Groups

Scenario
2-47
After configuring hosts and clusters, you have decided to implement a host group named Production, and
then place your current hosts into that group. You also want to configure some of the options that are
available for the host group.
The main task for this exercise is as follows:
1.
Create and configure a host group named Production.
Task: Create and configure a host group named Production

1.
On LON-VM1, in the VMM console, create host group named Production.
2.
Open the Production host group Properties dialog box, and then configure host reserves with the
following settings:
CPU: 10%
Memory: 512 MB
Disk Space: 10%
Network I/O: 5%
3.
Configure Dynamic Optimization to migrate virtual machines automatically on 15 minute intervals.
4.
Configure Power Optimization thresholds with the following settings:
CPU: 40%
Memory: 2048
Disk I/O: 5
Network I/O : 10%
5.
Configure Power Optimization to work during night hours (from 7:00 P.M. to 6:00 A.M.), 7 days a
week.
6.
Clear both the Enable power optimization and Automatically migrate virtual machines to
balance load at this frequency check boxes.
Note You are disabling these options, as we will not utilize these settings in the lab. Also,
be aware that the check box to Enable Power Optimization only becomes available if you
select the Automatically Migrate VMs to balance load at this frequency check box.
7.
Move LON-CLUSTER01 to the Production host group.
Results: After this exercise, you should have created and configured a host group.
Exercise 3: Configuring User Roles and Run As Accounts

Scenario
To provide users with ability to access their private cloud resources, you have decided to create dedicated
user roles for the StockTrader business unit. For administrative purposes, you decide also to create a Run
As account.
1.
Configure a Run As account.
2.
Create a user role for the StockTrader business unit.
Task 1: Configure a Run As account

1.
On LON-VM1, in the VMM console, in the Security node of the Settings workspace, run Create Run
As Account.
2.
Create a Run As Account called Administrator account for Contoso\Administrator using the
password of Pa$$w0rd. As a descriptor, type For administrative tasks.
Task 2: Create a user role for the StockTrader business unit

1.
On LON-VM1, in the Create User Role Wizard, create a new Self-Service User profile called
StockTrader Business Unit.
2.
Add the StockTrader security group as a member of StockTrader Business Unit.
3.
Configure MSSCVMMLibrary as a resource for StockTrader Business Unit.
4.
Allow the following actions: Author, Checkpoint, Deploy, Local Administrator, Remote
Connection, Shut down, and Start.
5.
When the task completes, close the Jobs window.
6.
Open a new connection to the VMM Manager console as Contoso\Bart with the password of
Pa$$w0rd. Clear the Automatically connect with these settings check box, and verify that only the
Clouds node displays in the VMs and Services workspace.
7.
Close the VMM instance that you started with the Contoso\Bart credentials.
Results: After this exercise, you should have configured both a User role and a Run As account.
Exercise 4: Configuring the Library

Scenario
To provide balance and redundancy you decide to implement an additional VMM Library share.
1.
Add a Library share.
Task: Add a Library share
On LON-VM1, use the VMM Manager console to add the VHD shared folder on
LON-VM1.Contoso.com as a Library share.
Results: After this exercise, you should have configured a library share.
2-49
Exercise 5: Preparing the Private Cloud Infrastructure

Scenario
To prepare private cloud infrastructure resources, you must create a new logical network, a MAC pool,
and a virtual IP template.
1.
Create a new logical network.
2.
Create an IP pool for the external network.
3.
Create a MAC pool and a virtual IP template.
Task 1: Create a new logical network
1.
On LON-VM1, in the VMM console, click the Fabric workspace, expand the Networking node, and
then create a new logical network.
2.
Name the new logical network StockTrader Production Network.
3.
Create a new IP pool named StockTrader IP Pool. Select the StockTrader Production Network as
the logical network.
4.
Create a network site named Contoso HQ, with a subnet 172.16.0.0/16. Allow the Production host
group to use the network site.
5.
Configure 172.16.0.100 as a reserved IP address.
6.
Configure 172.16.0.200 as a default gateway.
7.
Configure 172.16.0.10 as a DNS server address, and Contoso.com as a Connection-specific DNS

suffix.
Task 2: Create an IP pool for the external network

1.
On LON-VM1, in the VMM console, create a new IP pool named External. Select the External
Network as the logical network.
2.
Create a network site named External, with a subnet 10.10.0.0/16. Allow the Production host group
to use the network site.
3.
Configure 10.10.0.80 as the Starting IP address.
4.
Configure 10.10.0.95 as the Ending IP address.
5.
Configure the Gateway address as 10.10.0.1.
6.
Configure the DNS Server Address as 10.10.0.10, and Contoso.com as a Connection-specific DNS
suffix.
Task 3: Create a MAC pool and a virtual IP template
2-51
1.
On LON-VM1, in the VMM console, create a new MAC pool named StockTrader MAC Pool for the
Production host group, with 00:27:B4:BF:A7:4F as the starting MAC address, and
00:27:B4:BF:A7:7F as the ending MAC address.
2.
Create a new VIP template named Web load balancer that uses Virtual IP TCP port 80.
3.
Configure a specific template type that uses Microsoft Network Load Balancing (NLB).
Results: After this exercise, you should have prepared private cloud infrastructure resources
Exercise 6: Deploying a New Virtual Machine

Scenario
For testing purposes, you decide to deploy one new virtual machine that is based on a virtual hard drive
that is stored in the VMM Library.
1.
Create and deploy a new virtual machine.
Task: Create and deploy a new virtual machine

1.
On LON-VM1, in the VMM console, click the VMs and Services workspace.
2.
Select the option to create a new virtual machine.
3.
Use VHD drive WS08R2SP1.vhd from the library as a template. Name the new virtual machine
TestVM.
4.
Configure the new virtual machine to have 1024 MB of static memory.
5.
Connect the new virtual machine to the External Network.
6.
Deploy the new virtual machine on LON-Host1.Contoso.com.
7.
On the Add Properties page, select 64-bit edition of Windows Server 2008 R2 Enterprise.
8.
Monitor the Job Status column to verify that the creation completes successfully. When the creation is
complete, close the VMM console.
Results: After this exercise, you should have deployed a new virtual machine.
Review Questions
1.
In VMM terminology, what is a service?
2.
In VMM terminology, what is private cloud infrastructure?
3.
Which version of VMM can you upgrade to VMM 2012?
4.
What is dynamic optimization?
5.
Why should you configure roles?
Common Issues and Troubleshooting Tips

Issues
VMM Management Server cannot install.
Upgrading to VMM 2012 fails.
You cannot place a virtual machine on a specific
host.
You cannot add a host to a VMM console.
Troubleshooting tips
2-53
Best Practices
Provide enough hardware resources for VMM components.
Before deploying virtual machines, create a private cloud infrastructure and library resources.
Deploy VMM as a highly available component.
Use dynamic optimization to save energy and resources.
Leverage user roles.

3-1
Module 3
Extending and Maintaining the Private Cloud Infrastructure

Contents:
Lesson 1: Overview of the PXE and Update Server Roles
3-3
Lesson 2: Deploying Bare Metal Hyper-V Host Servers
3-8
Lesson 3: Configuring the Update Server Role
3-18
Lesson 4: Creating and Using an Update Baseline
3-27
3-33
Module Overview
3-2
Maintaining the infrastructure in Microsoft System Center 2012 - Virtual Machine Manager (VMM)
includes tasks such as adding new Windows Server Hyper-V host servers, and ensuring that the
infrastructure components contain the latest approved software updates. VMM provides support for
converting a physical server without an operating system into a fully managed Hyper-V host. VMM also
integrates functionality provided by the Windows Server 2008 R2 feature Windows Server Update Services
(WSUS), to ensure that all servers are compliant with the latest update baseline requirements.
In this module, you will learn about integrating features provided by Windows Deployment Services
(Windows DS) and WSUS to help extend and manage the VMM private cloud infrastructure.
Describe how VMM integrates with WDS and WSUS to provide Pre-Boot eXecution Environment
(PXE) Server role and Update Server roles.
Describe how to deploy bare-metal Hyper-V host servers.
Configure the Update Server role.
Create and remediate a software update compliance baseline.
Lesson 1
Overview of the PXE and Update Server Roles
3-3
The PXE Server and Update Server roles are used within the VMM infrastructure to help deploy new host
servers, and to manage updates for servers that make up the private cloud.
In this lesson you will see how VMM integrates with PXE and software update services to provide a
deployment and update management solution for the virtual server environment.
Describe host server deployment using the PXE Server role in VMM.
Describe the update management process in the VMM environment.
Deploying Host Servers Using the PXE Server Role in VMM
3-4
When managing a virtual data center using VMM, a common task is configuring and adding new Hyper-V
host servers to the environment as a standalone or clustered resource. You can add existing Hyper-V hosts
and host clusters, or you can use VMM to discover a new server that does not have an operating system.
You can then deploy a virtual machine and configuration to the new system to become a managed
Hyper-V host.
VMM supports discovery of servers without an operating system, and then fully provisions the servers with
Hyper-V enabled. After discovering the host computer, the provisioning process completes as follows:
1.
After the out of band discovery, the bare-metal server reboots using the built-in PXE boot
capabilities.
2.
The bare-metal server seeks out a Windows DS server that has been added to VMM as a managed
server role. The WDS server contains a VMM provider that manages PXE requests from bare metal
servers that have been started using the VMM provisioning tools.
3.
The VMM provider on the WDS server contacts the VMM server to verify that the bare-metal server
has the authorization to perform a managed host deployment. If the server has not been authorized
from within VMM, WDS attempts to use another provider to install an operating system on the baremetal machine. If no other provider is available, then the PXE installation fails.
4.
If the server is authorized within VMM, a Windows Preinstallation Environment (Windows PE) image
downloads to the server, which contains a VMM agent that controls the operating system
deployment to the host server.
5.
The VMM agent runs generic command scripts that you can specify to update firmware, configure
redundant array of independent disks (RAID), and configure and format partitions.
3-5
6.
A virtual hard disk (VHD) downloads from the library server to the host computer. Hyper-V host
deployment uses native boot from VHD.
7.
Any drivers that are host-specific can be installed from the library server.
8.
Post-deployment customizations take place. Customization includes options such as using the System
Preparation Tool (Sysprep) setup process to provide settings (such as a unique name) for the server,
and joining the server to the domain.
9.
The final step in the provisioning process is to install and enable the Hyper-V server role.
Question: What do you think the next step might be when adding the new host server to
the VMM environment?
The Update Management Process in the VMM Environment
3-6
Microsoft provides a number of solutions for deploying software updates, and to scan computers for
compliance. However, some network clientssuch as cluster-based server nodes or other highly available
server rolestypically present complexities that can make it difficult and time-consuming to maintain a
standard update management process.
VMM integrates with WSUS to provide on-demand compliance scanning and remediation of servers that
make up the infrastructure, including Hyper V hosts, library servers, PXE servers, and the VMM
management server.
Integrating WSUS with VMM also provides you with the ability to perform orchestrated updates of
Hyper-V host clusters. When you remediate a host cluster, VMM places one cluster node at a time in
maintenance mode, and then installs the approved updates. For clusters that support live migration,
intelligent placement moves virtual machines off the cluster node that is being updated. If a cluster does
not support live migration, then VMM saves the state of the virtual machines before updating the cluster
node.
Note
You must have Windows Server 2008 R2 installed for live migration support.
The process for implementing update management within your VMM environment is as follows:
1.
To use VMM to manage updates, you must first enable update management. You enable update
management by adding an existing WSUS server to VMM, or you can install a dedicated WSUS server,
and then add the new update server to VMM.
2.
After you add the WSUS server to VMM, you can then configure and manage update baselines. An
update baseline specifies a set of updates to be deployed to a host group, a standalone host, a host
cluster, or a VMM server.
3-7
3.
Once you have assigned an update baseline, you can start a scan to determine compliance status.
During a compliance scan, WSUS checks each update in the assigned update baseline to determine
whether the update is applicable and installed on the target server. The target server will then report
a compliance status for each update.
4.
You perform an update remediation to bring a managed server or Hyper-V host cluster into
compliance. You can either choose to remediate all update baselines assigned to a computer, all
noncompliant updates in a specific update baseline, or a single update as needed.
5.
You can specify update exemptions to prevent a specific update from being installed on a server. The
computer will remain accountable for the assigned baseline, even if a specific update has been
exempted from being installed.
Lesson 2
Deploying Bare-Metal Hyper-V Host Servers
3-8
To discover and deploy the Hyper-V host server role to a bare metal computer, you must first understand
several configuration requirements for both the server and VMM environment.
In this lesson, you will learn about the requirements and process for integrating a PXE Server role into the
private cloud infrastructure. You will also learn about how you use the Add Resource Wizard to discover
and deploy a Hyper-V host.
Describe the requirements for PXE server integration.
Describe the process for bare metal deployment.
Describe how to configure and add the PXE Server role to VMM.
Prepare and create the host profile.
Use the Add Resource Wizard to discover and deploy a Hyper-V host.
Requirements for PXE Server Integration
To add the PXE Server role to your VMM environment, you need to ensure that prerequisites and
requirements are met for both the physical server and the VMM infrastructure.
Host Server Deployment Requirements
3-9
To support the VMM host deployment process, you need to ensure that the physical server meets the
following requirements:
Support for Hyper-V. To support Hyper-V, the server must use X64-based processors. You may also
need to configure the appropriate basic input/output system (BIOS) settings to ensure that both
hardware-assisted virtualization and hardware-enforced Data Execution Prevention (DEP) are enabled.
Note The names associated with hardware-assisted virtualization and hardware-enforced
DEP may vary based upon manufacturer. Check with your servers manufacturer to verify
equivalent settings.
Support for PXE Boot. The server must support PXE boot. You may also need to set the boot order to
ensure that the first boot device is the PXE-enabled network adapter.
Support for out of band management. For VMM 2012 to discover the physical server and manage
power states, the server must have a baseboard management controller (BMC). The BMC itself should
support any one of the following protocols:
Microsoft Intelligent Platform Management Interface (IPMI) versions 1.5 or 2.0
Data Center Management Interface (DCMI) version 1.0
Systems Management Architecture for Server Hardware (SMASH) version 1.0 over
WS-Management
3-10 Extending and Maintaining the Private Cloud Infrastructure
You will need to configure the BMC to enable the appropriate protocol, and configure the local
area network (LAN) parameters, such as the domain and host name, IP address source (static or
dynamic), the IP address (if configured to use Dynamic Host Configuration Protocol (DHCP)), and
logon credentials for the BMC.
VMM Requirements
To support the PXE Server role in VMM, consider the following infrastructure requirements:
Windows DS. The PXE Server role in VMM uses the Windows DS server role, which is available in
Windows Server 2008. You can use an existing Windows DS server, or you can deploy a dedicated
Windows DS server for VMM. Consider the following when integrating Windows DS into the VMM
environment:
When you install the Windows DS server role, select both the Deployment Server and
Transport Server options. After the server role installs, you can run the Windows Deployment
Services Configuration Wizard and accept all default settings. When prompted, do not add
images to the server.
You do not have to configure any settings on the PXE Response tab. VMM installs its own
provider and agent, which it uses to respond to VMMinitiated PXE requests. The provider will
coexist with other providers, such as the provider that installs when integrating Microsoft System
Center 2012 Configuration Manager.
You do not have to add images to WDS. During managed host deployment, VMM will use a
preconfigured .vhd file that is stored in the Virtual Machine Manager library.
Account Credentials. To add a PXE Server to the VMM environment, you need to provide credentials
for an account that has local permissions on the Windows DS server. You can provide these
credentials by creating and specifying a VMM-configured Run As account that you configure with the
appropriate administrative credentials.
Process for Bare-Metal Deployment
The process for performing a bare-metal deployment for a managed Hyper-V host is as follows:
3-11
1.
Add the PXE server role to the VMM environment. From within the VMM console, use the Add PXE
Server dialog box to provide the computer name and credentials that are required to add an existing
Windows DS server to the VMM infrastructure.
2.
Add library resources. Library resources that you need to make available include a sysprepped
Windows Server 2008 R2 .vhd file, and any device driver files necessary for the bare-metal servers.
3.
Create host profiles. You can create and store one or more host profiles within the Virtual Machine
Manager library. You create a host profile using the New Host Profile Wizard. The host profile
contains various settings such as what operating system .vhd file to use, hardware configuration,
operating system configuration, and virtual machine placement paths for default locations in which
to store virtual machines.
4.
Run the Add Resource Wizard. When you use the Add Resource Wizard, ensure that the Physical
computers to be provisioned as virtual machine hosts option is selected. This option allows you
to specify the Run As account and out of band management protocol to use for discovery. You also
specify settings such as the IP address, subnet, or range discovery scope for baseboard management
controllers, host provisioning options such as which host group to assign the server to, and the host
profile to use.
After the Add Resource Wizard completes, a host job is created and the VMM management server
restarts the physical computer. After the restart, the PXE server responds to the boot requests by
providing a customized Windows PE boot image. After the Windows PE agent performs configuration
taskssuch as configuring the hardware, downloading the operating system VHD, injecting device driver
files as neededit then enables the Hyper-V server role.
Configuring and Adding the PXE Server Role to VMM
The process for configuring and adding the PXE Server role to VMM is as follows:
1.
Open the VMM management console, and then click the Fabric workspace.
2.
In the navigation pane, expand the Servers node, and then click the PXE Servers node.
3.
In the ribbon, click Add Resources, and then click PXE Server. The Add PXE Server dialog box
opens.
4.
In the Add PXE Server dialog box, configure the following settings, and then click Add:
Computer name. Provide the name of the PXE server you will add to the VMM environment.
Credentials. Provide credentials from an existing Run As account, or enter a user name and
password. The account credentials that you use must have local administrative rights on the PXE
server that you are adding.
The Jobs dialog box opens to provide a setup status for the new PXE server. You can verify that the
server has been added by clicking the PXE Servers node in the Fabric workspace. The new PXE Server
should have the Agent Status column display a status of Responding.
Preparing for and Creating the Host Profile
3-13
Before creating a host profile, you need to ensure that all prerequisite components are available in the
Virtual Machine Manager library. You also need to address configuration settings within the VMM
environment. The following section discusses the prerequisites for creating a host profile.
Host Profile Prerequisites

Before you create a host profile, consider the following prerequisites:
Windows Server 2008 R2 .vhd file. The host profile references a .vhd file that it will use for the
managed Hyper-V host deployment. The .vhd file is stored in the Virtual Machine Manager
library, and must contain an x64-based Windows image that has been generalized using a system
preparation tool such a sysprep.exe. It is recommended that you use a fixed .vhd file to help increase
performance. By default, the host profile specifies to convert a dynamic disk to a fixed disk. You can
modify this default behavior when you configure the host profile.
Device drivers. If the server requires any custom device drivers, you must place these in the Virtual
Machine Manager library. You have the choice of configuring the host profile to filter drivers based
upon a matching plug and play ID, or you can tag specific drivers manually, and then filter them
based upon matching custom tags.
DHCP or static IP address. During the host profile configuration, you will need to specify how the
network adapter on the server will obtain its IP address. You can obtain an IP address from DHCP, or
you can specify to allocate a static IP from a preconfigured logical network. In order to assign a static
IP address from VMM, the logical network must have a configured associated network site, IP subnet,
and static IP address pool.
Run As account. You need to configure a Run As account that VMM will use to join the target host to
the domain. You can create the Run As account from the Settings workspace in the VMM console.
Creating a Host Profile

The process for creating a host profile is as follows:
1.
Open the VMM console, and then click the Library workspace.
2.
In the navigation pane, expand the Profiles node, and then click the Host Profiles node.
3.
In the ribbon, click Create, and then click Host Profile. The New Host Profile Wizard starts.
4.
In the New Host Profile Wizard, on the Profile Description page, configure the following, and then
click Next:
Name. Provide a name for the host profile.
Description. Provide a descriptor that will help identify the host profile use.
5.
In the New Host Profile Wizard, on the OS Image page, next to VHD file, provide the library path
and name of the VHD file for deployment. By default, a dynamic hard disk will be converted
automatically to a fixed disk. If you do not want this behavior to occur, select the Do not convert the
VHD to fixed type during deployment check box. Click Next.
6.
On the Hardware Configuration page, configure the following settings, and then click Next:
7.
Management NIC. You can choose between obtaining an IP address through DHCP, or you can
allocate a static IP address from a specified logical network.
Disk. This setting configures the partitioning scheme for the first disk. You can select either
Master Boot Record (MBR) or GUID Partition Table (GPT). By default, MBR is selected to
support BIOS-based systems. If computers use Extensible Firmware Interface (EFI), then you
should select GUID Partition Table. For BIOS-based systems, GPT disks can only be used as
additional data drives in order to support partitions larger than 2 terabytes.
OS. Under the Disk section, you can select OS. In the Partition information pane, you can specify
a volume label for the partition, select whether to use all remaining free disk space or only use a
specified amount of space, and specify whether to make this the boot partition. You can select
the Add Disk or Add Partition buttons to add additional disks or partitions as needed.
Driver filter. The Driver filter option allows you to choose between Filter drivers with
matching PnP IDs, or Filter drivers with all matching tags specified below. If you choose to
filter using matching tags, VMM will only consider drivers that you have tagged specifically for
use by the configuration. This ensures that only the drivers that you have tested are installed in
the deployment. You need to ensure that all driver files are added to the Virtual Machine
Manager library, and if you decide to use matching tags, you need to assign corresponding tags
to the drivers in the library share.
On the OS Configuration page, configure the following settings, and then click Next:
Domain. In the Domain text box, specify the domain that the Hyper-V host is to join. You also
need to specify a preconfigured Run As account that has permissions to join the host to the
domain.
Admin Password. Enter the password that you want to assign to the local administrator account.
Identity Information. Specify the Full name and Organization name for the operating system
deployment.
Product Key. Specify the product key to be used for activation. If you do not provide a product
key, the standard activation grace period is applied.
8.
3-15
Time Zone. Specify the time zone for the host computer.
Answer File. Specify a Unattend.xml file to be used during deployment. You must store the
answer file the Virtual Machine Manager library.
[GUIRunOnce] Commands. You can use this setting to specify one or more commands to be
run the first time a user logs on to the server. Any commands specified in this section will be
added to the [GuiRunOnce] section of the Sysprep file.
On the Host Settings page, you can specify the path to be used to store the files associated with the
virtual machines that are placed on the host. If you do not specify a path, VMM placement processes
will determine the most suitable location. If needed, you can change the path after you deploy the
host.
Using the Add Resource Wizard to Discover and Deploy a Hyper-V Host
You can use the Add Resource Wizard to discover a physical computer, and then deploy a fully-managed
Hyper-V host. The physical server can be a bare-metal computer, or it may contain an existing operating
system that you will overwrite during the deployment process.
Prerequisites
Before you run the Add Resource Wizard, consider the following prerequisites:
Physical server and VMM requirements. You must have already configured the physical server, and
have already added the PXE Server role to VMM.
Media access control (MAC) address. If you decide to assign a static IP address on the host server, you
need to obtain the MAC address of the network adapter that you will use to communicate with the
VMM management server. You can obtain the MAC address from the server BIOS, or from the
hardware configuration listings from the hardware manufacturer.
Run As account. You can configure a Run As account that has permissions to access the BMC that is
used for out of band management.
Discovering and Deploying a Hyper-V Host

The process for discovering and deploying a Hyper-V host is as follows:
1.
Open the VMM console, and then click the Fabric workspace.
2.
In the ribbon, click Add Resources, and then click Hyper-V Hosts and Clusters. The Add Resource
Wizard starts.
3.
In the Add Resource Wizard, on the Resource location page, select the Physical computers to be
provisioned as virtual machine hosts option, and then click Next. You use this option for both
bare-metal computers and computers that are to be refreshed with a new operating system.
3-17
4.
On the Credentials and protocol page, specify the Run As account, configure the appropriate out of
band management protocol to be used for discovery, and then click Next.
5.
On the Discovery scope page, specify IP address, IP subnet, or IP range to be used for discovering
the BMC IP address, and then click Next.
6.
If you selected the IP subnet or IP range, the Target resources page will list all discovered
computers within the scope. Select the check box next to each server that you want to deploy as a
Hyper-V host, and then click Next.
7.
On the Provisioning Options page, select the host group of which the new Hyper-V host will
become a member. You also use this page to specify whether the Hyper-V host will obtain IP
addresses and other network settings from DHCP, or whether static IP addresses will be assigned from
an IP address pool. For both options, you also specify a specific host profile to be applied during the
deployment.
8.
On the Deployment customization page, perform the following:
For a host profile that uses DHCP, select each BMC IP address on the list, and then specify the
computer name that should be associated with them. You can also choose to select the Skip
Active Directory check for this computer name option. You would select this option if you
want to overwrite any existing computer account listed in Active Directory Domain Services
(AD DS).
For a host profile that uses static IP addresses, select each BMC IP address in the list, and then
specify the computer name that should be associated with them. You can also choose to select
the Skip Active Directory check for this computer name option. In the MAC address text box,
specify the MAC address of the network adapter that communicates with the VMM management
server. Note that this is not the MAC address of the BMC. Finally, select the logical network and
IP subnet that will provide the IP address.
Lesson 3
Configuring the Update Server Role
VMM provides support for on-demand software update compliance scanning, and for remediation of
servers that make up your private cloud infrastructure. It is important that you understand how VMM
integrates with WSUS to help create and maintain software update baselines, and how you can plan
specific scenarios such as updating host cluster resources.
Explain how the Update Server role manages server updates.
Describe considerations for integrating WSUS with VMM.
Add an Update Server to VMM.
Manage update settings in VMM.
Managing Server Updates
3-19
Maintaining security and software updates has become a prevalent task in most organizations.
Administration tools such as Configuration Manager and WSUS help automate and manage compliance
scanning and update deployment. Even though these tools work well for most infrastructure
requirements, some scenariossuch as updating cluster nodes or updating other highly available data
center rolesbecome more complicated.
You can use the Update Server role in VMM to manage these more complicated update tasks for servers
that make up your private cloud infrastructure. These servers include:
Hyper-V hosts
Hyper-V clusters
Library servers
PXE servers
VMM servers
Note You only use the Update Server role for updating servers that make up the VMM
infrastructure. You cannot use this solution to update VMM-managed virtual machines.
For all server roles within the VMM infrastructure, you scan against a baseline of approved updates to
determine compliance status. For any servers that are non-compliant, you can perform update
remediation tasks to have the missing updates installed and the servers restarted, if necessary.
For a Hyper-V cluster, VMM performs a rolling update for each cluster node. The process for performing
the rolling update includes the following:
1.
VMM places a non-compliant node into maintenance mode. If a node is compliant, VMM will bypass
the node and continue with the next node in the cluster.
2.
If specified, VMM uses live migration to move the virtual machines from the host that is being
updated. You also have the option to save state, which will shut down the virtual machines, and then
proceed with the update remediation tasks.
3.
If specified, the server will reboot to complete the update. Once the server reboots, the node
compliance status changes to Compliant, and the node is removed from maintenance mode.
Considerations for Integrating WSUS
The VMM 2012 Update Server role uses WSUS functionality for the following:
The Windows Update and Microsoft Update catalogs
The Windows Update Agent for compliance scanning
Distributing binary file updates to managed servers
3-21
To integrate the Update Sever role, you need to install WSUS 3.0 64-bit with Service Pack 2 (SP2) either on
the VMM server, or on a remote server.
Note Be sure that the server that hosts WSUS meets all prerequisites for WSUS 3.0 SP2 x64
as listed on the Microsoft website.
You can also integrate an existing WSUS server; however, you must make special considerations if the
WSUS server is also shared with Configuration Manager.
Consider the following when integrating WSUS into the VMM infrastructure:
If WSUS is installed on a remote server, you must install the WSUS Administration console on the
VMM management server. If the VMM management server is part of a cluster, you must install the
WSUS administration console on each node of the cluster.
If you are using a dedicated WSUS server, consider limiting the languages, products, and
classifications to only those required by the servers that make up the VMM infrastructure.
If you are using a WSUS server that is shared with a Configuration Manager environment:
You should only make WSUS configuration changes from within Configuration Manager.
Note that for the VMM environment, the synchronization schedule is always on demand.
In Configuration Manager, create a collection that includes all of the servers for which VMM will
manage updates. Exclude this collection from any software update deployments that
Configuration Manager deploys.
After you add the WSUS server to VMM, ensure that the Allow Update Server configuration
changes check box is cleared. You configure this in the Virtual Machine Manager console, in the
Update Server Properties window.
Adding an Update Server to VMM
The process for adding the Update server to VMM is as follows:
3-23
1.
2.
In the navigation pane, expand the Servers node, and then click the Update Server node.
3.
In the ribbon, click Add Resources, and then click Update Server. The Add Windows Server
Update Services Server dialog box opens.
4.
In the Add Windows Server Update Services Server dialog box, configure the following settings,
and then click Add:
Computer name. Provide the name of the WSUS server that you want to add to the VMM
infrastructure.
TCP/IP port. Specify the TCP/IP port that the WSUS website listens on for connections. A default
WSUS installation will typically use the Internet Information Services (IIS) default website on port
80 (port 443 for Secure Sockets Layer (SSL)), or a custom website using port 8530 (8531 for SSL).
Credentials. You can provide credentials from an existing Run As account, or enter a user name
and password. The account credentials that you enter must have local administrative rights on
the WSUS server that you are adding.
The Jobs dialog box opens to provide a setup status for the new Update server.
5.
Verify that the server has been added by clicking the Update Server node in the Fabric workspace
The new Update Server should display with the WSUS version, and have the Agent Status column
show a status of Responding. The Last Sync and Synchronization Result columns also display the
results of the WSUS synchronization with Windows Update.
To view the updates that have been downloaded during WSUS synchronization, perform the following
steps:
1.
Open the VMM console, and click the Library workspace.
2.
In the navigation pane, expand the Update Catalog and Baselines node, and then click the Update
Catalog node. You can select an update to view a description and additional details for the update.
By default, only the first 100 updates display. If you want to view all of the downloaded updates, click
the Load All Updates button, which is located in the ribbon.
VMM 2012 does not perform scheduled automatic synchronization after the initial synchronization. To
perform on-demand synchronizations, perform the following steps:
1.
2.
3.
In the results pane, select the update server, and then in the ribbon, click Synchronize. The Jobs
window opens to display synchronization results.
Managing Update Settings in VMM
3-25
When you add a dedicated WSUS server to VMM, all management tasks should take place from within the
VMM console. Once you add an Update Server, you can perform the following tasks from within the VMM
console:
On-demand WSUS synchronization with Windows Update
Proxy Server name and port settings are required for connecting to the Internet for WSUS
synchronizations
Specifying update classifications to synchronize
Specifying products to synchronize
Specifying supported languages to synchronize
To manage update settings, perform the following tasks:

1.
2.
3.
In the results pane, select the Update server, and then in the ribbon, click Properties. The Properties
dialog box opens.
4.
In the Properties dialog box, on the General page, verify that the Allow Update Server
configuration changes check box is selected. This option is required to apply configuration changes
to the WSUS server.
5.
In the Properties dialog box, on the Proxy Server page, configure a proxy server name and port
number if needed.
6.
In the Properties dialog box, on the Update Classifications page, select the update classifications
that you want to synchronize.
7.
In the Properties dialog box, on the Products page, select the products that you want to
synchronize. For a dedicated WSUS installation, you should only select products that are installed
within your VMM infrastructure.
8.
In the Properties dialog box, on the Languages page, select the languages that you support and for
which you want software updates.
9.
Click OK to apply the changes, and close the Properties dialog box.
Lesson 4
Creating and Using an Update Baseline
3-27
After you have added a WSUS server to VMM to perform the Update Server role, your next step is to
determine which updates you should install on each server within the private cloud infrastructure. VMM
adds the updates that you select to an update baseline, against which each server scans. VMM can then
remediate any server that does not meet the baseline to have the missing updates installed as necessary.
Describe considerations for planning an update baseline.
Configure an update baseline.
Scan for update compliance.
Perform update remediation on a non-compliant server.
Considerations for Planning an Update Baseline
Once you determine which updates are required for your VMM infrastructure servers, you then need to
create a list for VMM to use as a baseline from which to scan against and remediate. VMM uses the
update baseline as the list, and you can add or remove updates as needed.
What Is an Update Baseline?
All updates from a specific product and category display within the VMM console when you synchronize
with WSUS. To specify only the updates necessary for your requirements, you create an update baseline.
An update baseline is a set of required updates that are assigned to a scope of infrastructure servers within
the private cloud. You can assign an update baseline to the following:
All hosts within all host groups
Specific host groups
A specific standalone server within a host group
A specific host cluster within a host group
Library servers
PXE servers
The VMM server
Update Server
Planning Considerations
Consider the following when planning update baselines:
3-29
If you have assigned a baseline to a host group, any host or host cluster within that group will be
assigned to that baseline. If you move a host to a new host group, the original baseline will be
removed, and the host will inherit the baseline associated with the new host group.
If you assign a baseline specifically to a standalone host or host cluster, the baseline will stay with the
object when it moves from one host group to another.
When you first add the Update Server, two built-in update baselines are provided. The Sample
Baseline for Critical Updates contains all of the critical updates that are initially synchronized, and
the Sample Baseline for Security Updates contains all of the security updates that are initially
synchronized. If you plan to use these built-in update baselines, you will need to maintain the
updates as you perform subsequent synchronization tasks. You also need to assign computers to
the baseline before you are able to use the baseline for compliance scanning and remediation.
You can create a new update baseline containing updates that you require and that you assign to the
servers that you want to maintain update compliance.
Configuring an Update Baseline
Whether you create a new baseline or modify one of the sample update baselines, you use the following
process to configure or modify the baseline settings:
1.
2.
In the navigation pane, expand the Update Catalog and Baselines node, and then select the
Update Baselines node.
3.
If you want to create a new update baseline, in the ribbon, click Create, and then click Baseline. If
you want to modify one of the sample baselines, select the desired baseline, and then in the ribbon,
click Properties.
4.
In the Properties dialog box, on the General page, provide a Name and Description for the update
baseline.
5.
In the Properties dialog box, on the Updates page, click Add.
6.
In the Add Updates to Baseline dialog box, select the appropriate updates to include in the
baseline. From the Updates page, you can also remove an update from the baseline by selecting
specific updates, and then clicking Remove.
7.
In the Properties dialog box, on the Assignment Scope page, select the host groups or individual
servers to which you want to apply the update baseline, and then complete the task. If any of the
selected updates require an acceptance to a Microsoft license agreement, the Microsoft License
Terms dialog box opens for you to accept the license terms.
8.
To verify that the update baseline configured correctly, select the Update Baselines node, and then
in the results pane, select the update baseline that you created. In the preview pane, you can view
how many updates are contained within the baseline, and how many objects are assigned to the
baseline.
Scanning for Update Compliance
3-31
After you have assigned a baseline to a server, you can scan the server to determine compliance status.
When a scan occurs, the Windows Update Agent on the server scans each update in the baseline to see if
the update is applicable, and whether or not it is installed.
Each scan is performed on-demand. However, you can automate the process using a Windows
PowerShell command-line interface. After the compliance scan completes, each update provides a status
of Compliant, Non-Compliant, Error, or Unknown.
To scan for update compliance, perform the following tasks:
1.
2.
In the navigation pane, click the Servers node, and then in the ribbon, click the Compliance button.
In the results pane, each server that has an update baseline assigned displays. You will also see each
servers compliance status, and the last time a scan completed.
3.
In the Compliance view, select the servers to be scanned, and then in the ribbon, click the Scan
button. The Operational Status column displays that a scan is taking place. After the compliance
scan completes, the Compliance Status column updates. If the Compliance Status column displays
Non-Compliant, then you will have to perform required remediation tasks.
Remediating Software Update Non-Compliance
When you choose to remediate updates on a server or host cluster, any non-compliant server is made
compliant by installing missing updates that you define within the update baseline. Remediation performs
on-demand, or you can automate it using Windows PowerShell.
You can use the Jobs workspace within the Virtual Machine Manager console to track the progress of an
update remediation task.
To remediate updates, perform the following tasks:
1.
2.
In the navigation pane, click the Servers node, and then in the ribbon, click the Compliance button.
3.
In the Compliance view, select the servers to be remediated, and then in the ribbon, click the
Remediate button. The Remediate button is only available if the selected server has a Compliance
Status of Non Compliant.
4.
In the Update Remediation dialog box, you can select or clear update baselines or individual
updates as needed.
5.
Click Remediate to start update remediation.
Lab Setup
Note Before starting this lab, you must have completed the lab in Module 2.
3-33
1.
2.
3.
4.
Password: Pa$$w0rd
Domain: Contoso
5.
6.
7.
8.
9.
Password: Pa$$w0rd
Domain: Contoso
Lab Scenario
Contoso, Ltd wants to expand its private cloud infrastructure resources. However, manually installing,
configuring, and deploying new Hyper-V hosts as they arrive requires substantial overhead. You have
been asked to implement a Windows DS infrastructure to provide bare-metal Hyper-V host provisioning.
Your compliance manager has also asked you to implement a new system for monitoring private cloud
infrastructure servers for update compliance against a baseline.
You must now implement these two features into the new private cloud infrastructure.
Exercise 1: Configuring a PXE Server in VMM

Scenario
3-35
You need to add the PXE Server role to VMM. To complete this task, you need to install WindowsDS, and
then configure the PXE Server role in VMM.
1.
Install the Windows DS server role.
2.
Configure Windows DS.
3.
Configure the PXE Server Role in VMM.
Task 1: Install the Windows DS server role

1.
On LON-VM1, click Start, point to Administrative Tools, and then click Server Manager.
2.
Add the Windows Deployment Services server role with the Deployment Server and Transport
Server role services selected.
Task 2: Configure Windows DS

1.
On LON-VM1, click Start, point to Administrative Tools, and then click Windows Deployment
Services. The Windows Deployment Services console opens.
2.
Run the Windows Deployment Services Configuration Wizard, and configure the following:
On the Remote Installation Folder Location page, verify that the path displays
C:\RemoteInstall. When the System Volume Warning message displays, click Yes.
On the PXE Server Initial Settings page, click Respond to all client computers (known and
unknown).
On the Operation Complete page, clear the Add images to the server now check box.
Task 3: Configure the PXE Server Role in VMM

1.
On LON-VM1, on the desktop, double-click Virtual Machine Manager Console.
2.
If the Connect to Server dialog box opens, ensure that Use current Microsoft Windows session
identity is selected, and then click Connect. The Virtual Machine Manager console opens.
3.
From the Fabric workspace, expand the Servers node, and then add a PXE Server with the following
options:
4.
Computer name: LON-VM1
User name: Contoso\Administrator
Password: Pa$$w0rd
Monitor the status of the configuration job and then close the Jobs window.
Results: After this exercise, you should have added a PXE Server to VMM.
Exercise 2: Configuring a Host Profile

Scenario
You need to create a host profile to provide configuration settings for new host servers. To complete this
task, you need to run the New Host Profile Wizard.
1.
Configure a new host profile.
Task 1: Configure a new host profile

1.
On LON-VM1, in the VMM console, click the Library workspace, expand the Profiles node, and then
click Host Profiles.
2.
Create a new host profile, and configure the following:
Name: Hyper-V Host Profile
OS Image: WS08R2SP1.vhd
Allocate a static IP from the External Network.
Configure the host machine to join the Contoso.com domain.
Configure the Administrator account Run As Account as a local administrator with the
password of Pa$$w0rd.
Add C:\VMStorage as a virtual machine placement path.
Results: After this exercise, you should have configured a host profile.
Exercise 3: Configuring an Update Server Role in VMM

Scenario
3-37
You have been asked to add the Update Server role to VMM. You have an existing WSUS server located
on LON-VM1, which uses port 8530.
1.
Add an Update Server to VMM.
Task: Add an Update Server to VMM

1.
On LON-VM1, in the VMM console, click the Fabric workspace.
2.
In the navigation pane, expand the Servers node, and then click Update Server.
3.
Add an Update Server with the following configuration:
TCP/IP port: 8530
Password: Pa$$w0rd.
4.
In the Jobs window, select the Add Update Server job. On the Summary and Details tabs, monitor
the status of the configuration job.
5.
When the job displays as Completed w/info, close the Jobs window.
Results: After this exercise, you should have added the Update Server role to VMM.
Exercise 4: Configuring a Software Update Baseline in VMM

Scenario
Now that you have added the Update Server role to VMM, you need to create a software update baseline
containing several updates that the compliance team has approved.
1.
Create a software update baseline.
2.
Verify baseline compliance.
Task 1: Create a software update baseline

1.
On LON-VM1, in the VMM console, click the Library workspace.
2.
In the navigation pane, expand Update Catalog and Baselines, and then click Update Catalog.
3.
Verify that various updates display.
4.
Create a new update baseline with the following settings:
Name: Server Baseline
Updates:
5.
Update for Windows Server 2008 R2 x64 Edition (KB976662)
Assignment Scope:
Library Servers: LON-VM1.Contoso.com
PXE Servers: LON-VM1.Contoso.com
Update Server: LON-VM1.Contoso.com
VMM Server: LON-VM1.Contoso.com
Verify that Create new baseline has completed successfully.
Task 2: Verify baseline compliance

1.
On LON-VM1, click the Fabric workspace.
2.
In the navigation pane, expand Servers, and then click Library Servers.
3.
In the ribbon, click the Compliance button.
4.
In the results pane, note the compliance and operational status of lon-vm1.contoso.com.
5.
Scan lon-vm1.contoso.com, and verify its compliance status.
6.
Shut down LON-VM1.
Results: After this exercise, you should have configured an update baseline and verified baseline
compliance.
Review Questions
1.
What are the physical server and VMM requirements for integrating a PXE Server into the VMM
private cloud infrastructure?
2.
You need to create a host profile for server deployment. What do you need to have in the Virtual
Machine Manager library to create a host profile?
3.
What is the difference between managing updates with Configuration Manager and managing
updates with VMM?
3-39

4-1
Module 4
Configuring Application Delivery
Contents:
Lesson 1: Dynamic Application Deployment Overview
4-3
Lesson 2: Web Deployment Packages
4-8
Lesson 3: Server Application Virtualization Overview
4-13
Lesson 4: Configuring Server App-V Components
4-23
Lesson 5: Sequencing and Deploying Virtual Applications
4-28
4-34
Module Overview
4-2 Configuring Application Delivery
Private clouds benefit from using virtual resources that make new workload deployments easier.
Microsoft System Center 2012 - Virtual Machine Manager (VMM) allows you to use web deployment
packages, Microsoft Server Application Virtualization (Server App-V), and other methods to simplify the
process for deploying services and applications to your private cloud. These methods enable you to
deploy, resize, and update many of the applications in your private cloud.
In this module, you will learn how to use the Microsoft Web Deployment Tool and Server App-V to
dynamically deploy applications in your private cloud.
Describe dynamic application deployment.
Create web deployment packages by using the Web Deployment Tool.
Configure the Server App-V Sequencer and agent.
Sequence and then deploy a Server App-V virtualized application.
10751A: Configuring and Deploying a Private Cloud with System Center 2012 4-3
Lesson 1
Dynamic Application Deployment Overview
VMM allows you to dynamically deploy packaged server-based applications and services. You can more
easily manage private cloud resources, because you can distribute and resize the deployment of a defined
application without having to manually create virtual machines, install software, and manage load
balancers.
VMM uses three technologies to facilitate dynamic deployments: the Web Deployment Tool, Server
App-V, and Microsoft SQL Server data-tier applications (DACs). (We will discuss SQL Server in the next
module.)
In this lesson, you will review the Web Deployment Tool and Server App-V, which you can use to enable
VMM to dynamically deploy services.
Describe the benefits of dynamic application deployment.
Describe the Web Deployment Tool.
Describe Server App-V.

.
What Is Dynamic Application Deployment?
Dynamic application deployment provides a simpler method for you to deploy prepackaged solutions,
which are called services. Services may be simple web-based applications or multitier line-of-business
(LOB) applications that include SQL Server. You can customize services to meet the deployment and
scaling needs of many server-based applications.
You must install and configure traditional applications either manually, or by using a solution such
as Microsoft System Center 2012 Configuration Manager. You can use application virtualization
technologiesincluding App-Vto simplify application deployment and management for user-based
applications. However, server-based applications do not typically work using these tools. For this reason,
VMM introduces a server application virtualization tool called Server App-V.
Note Server App-V is not suitable for all server-based applications, so VMM also allows
you to use the Web Deployment Tool, SQL Server DAC packages, and profiles to address a
broader set of deployment scenarios.
Question: What services or applications do you think you can deploy in a private cloud?
Question: What are some challenges that you might face when trying to adjust the resources
needed for a virtualized website deployment?
Overview of the Web Deployment Tool
You may want to deploy web-based applications in your private cloud. To deploy a website to multiple
servers, you can manually copy the content, and then configure Internet Information Services (IIS) on each
load-balanced server. Alternatively, you can use the Web Deployment Toolknown as Web Deployto
create a file, known as a package, which contains the website content and settings that are located on one
server. Web Deploy collects website data and packages it into a zip file, which you can then use to deploy
the contents to other servers in the private cloud.
Web Deploy is available as a separate download, and by default is located in the ApplicationsFrameworks
folder of the VMM library server. Web Deploy works with IIS versions 6.0, 7.0, and 7.5, and with Microsoft
Visual Studio 2010. When you install Web Deploy, the tool extends the IIS Manager to allow an
administrator to export or import a web deployment package. When used in conjunction with Visual
Studio, Web Deploy enables an application developer to package an application for deployment.
Additionally, Web Deploy provides a command-line tool.
Server Application Virtualization Overview
Application virtualization allows you to isolate an applications configuration, binaries, and runtime state
from the applications operating system, so that you can simplify your deployment scenarios and reduce
dependencies on a specific operating system environment.
Note Application virtualization is not intended to enable applications to run on an
operating system that it does not support. For example, you cannot use Server App-V to
enable a 16-bit application to run on a 64-bit operating system.
In a traditional deployment scenario, each application installs its own binaries and adds its own
configuration and data to the operating system to which it is deployed. A virtualized application is
packaged in a way that encapsulates the configuration and runtime state of the application separate from
the operating system environment.
Traditional Server-Based Applications
A traditional server-based application creates Windows services, and creates and modifies registry
settings during installation. While the application is running, the application may further modify settings
and generate data for purposes such as logging and application functionality. This behavior makes it
difficult to move an application from a deployed server to another server while simultaneously
maintaining the configuration and the runtime state of the application.
Server Application Virtualization
Server application virtualization as performed by Server App-V allows you to deploy server-based
applications while maintaining the resources, configuration, and runtime state separate from the
underlying operating system. This separation streamlines application deployment, and allows you to
redeploy to new or additional servers while still maintaining the settings, log files, and the runtime state.
You do not have to rewrite the applications to enable the Server App-V functionality; instead, Server
App-V converts the applications in a process called sequencing. Sequencing is described later in this
module.
Question: How does Server App-V differ from automated deployment?
Lesson 2
Web Deployment Packages
The private cloud can host a variety of web-based applications. However, deploying the virtual servers,
installing and configuring IIS, and then installing the web-based content is a time-consuming process.
You can use Web Deploy to streamline this process by bundling all of the web content and settings into
a package, called a web deployment package. You can place multiple web deployment packages in the
Virtual Machine Manager library, and then deploy them onto virtual machines as required.
In this lesson, you will learn how to use web deployment packages within VMM to deploy scalable
websites.
Describe the web deployment process.
Create a web deployment package.
Use web deployment packages with VMM.
Overview of the Web Deployment Process
The web deployment process allows you to deploy an entire website to a web server without managing
the server directly. In this process, you use Visual Studio 2010 or other development tools to complete the
following steps:
1.
Create the website content, settings, and data.
2.
Package the site content and configuration settings.
3.
Deploy the content to a server or multiple servers.
You can deploy the package on the server by using Web Deploy. Alternatively, if the server has the
Microsoft Web Deployment Agent Service configured on it, you can then also use Visual Studio 2010 to
publish the content to a web server. Microsoft WebMatrix is another tool that you can use to simplify
website creation. It also uses the Web Deployment Agent Service to both publish content and perform
backups of a deployed sites content and settings.
In a more traditional deployment scenario, the process can be significantly more complicated. As before,
you still need to create the website content, settings, and data for the website. After that, you need to
create a new website on the server to which you are deploying the site. You must then copy the web
content to the web server along with any associated data. Lastly, you must set the website settings
manually. The manual deployment process can take additional time to complete, and can lead to errors
if one of the configuration tasks are not done correctly.
Note VMM does not use the Web Deployment Agent Service to deploy the content in the
web deployment packages. To simplify the virtual machine setup process, the target virtual
machine transfers the web deployment package from the Virtual Machine Manager library,
and then uses Web Deploy to import the deployed packages.
Creating Web Deployment Packages
There are a number of ways to create web deployment packages using Web Deploy. The method that you
choose will depend on how the source content for the website was created. You may use the following
methods to create a web deployment package:
IIS Manager. IIS Manager provides a graphical interface to Web Deploy, which allows you to export a
configured website or application to a web deployment package. You can customize the package to
include specific settings, while leaving other settings undefined.
Visual Studio 2010. Visual Studio developers can create a web deployment package using the Visual
Studio web packaging feature. This allows the developer to customize the settings, content, and
configuration that is included in the web deployment package.
Web Deploy command line. The Web Deploy command-line has all of the functionality of the other
methods, and you can use it to automate the website packaging process. For example, you could
develop a script to create a package, and then copy that package to the VMM library.
All three methods perform more than simple backups of the site content. They also allow you to package
the following:
A single web-based application or an entire site
Access control lists (ACLs)
Microsoft COM settings
Global assembly cache settings
Registry settings
A sites associated databases
Secure Sockets Layer (SSL) certificates
Microsoft .NET Framework configuration
Application pool configuration
When you create a web deployment package, you specify which parameters must be defined when the
package is deployed. This is important for settings that you typically include in the Web.config file, and
that point to server names or items such as database connection strings. You must also specify these
parameters when you create the web deployment package.
Once you have created a web deployment package, you must copy the file to your Virtual Machine
Manager library so that it can be deployed.
Discussion: Using Web Deployment Packages with VMM
Web deployment packages simplify the deployment process for web-based application content and
settings. You can deploy additional virtual servers, and then use the web deployment package to install
and customize specified settings.
VMM uses web deployment packages for deploying new content; it does not synchronize the content on
a deployed server across multiple servers. If a specific web application has files that frequently change and
need to be shared with each web server, you may choose to use a file share to make the content available
to all of the servers, instead of using web deployment packages. Using web deployment packages is
especially beneficial when you deploy the content more than once, either across multiple servers in the
same environment, or across multiple environments.
Using web deployment packages make sense when content will be static across the servers. If the required
content needs to be unique for every deployment, you may not want to use a web deployment package.
Question: What types of deployments might benefit from web deployment packages?
Question: What methods can you use to create web deployment packages?
Lesson 3
Server Application Virtualization Overview
Application virtualization has been available to help client operating system administrators deploy
applications for many years. VMM now provides Server App-Va server-based application
virtualizationto enable dynamic application deployment to private cloud servers.
In this lesson, you will learn about Server App-V and its components.
Describe how Sever App-V works.
Describe Server App-V usage scenarios.
Describe invalid Server App-V usage scenarios.
Define key application virtualization terms.
Describe the application sequencing process.
Describe the Server App-V package.
Describe the differences between Server App-V and Microsoft Application Virtualization (App-V).
Server App-V Fundamentals
Virtualizing an application with Server App-V allows you to capture not only the information required to
install the applicationsuch as the applications binary files and registry settingsbut it also retains the
runtime state of the deployed application, which includes registry settings, log files, and other data that
the application stores. This runtime state persists on disk until you remove the application from the server.
The application runtime state includes the data that is captured while the deployed application is running.
This data can include log files, collected data, and settings that are modified for a specific application
deployment.
Server App-V performs a sequencing operation that captures an applications settings and configuration
prior to deployment. After sequencing, this information along with the runtime state information enables
you to back up a deployed Server App-V application. It also enables you to capture not only the initial
settings, but also the entire runtime state of the application. You can then deploy this backup to another
server with the applications last runtime state intact.
If an application can function in a load-balanced environment, VMM can deploy the application across
additional servers, and reconfigure the load balancer to use the newly deployed servers.
Question: What are the benefits of using Server App-V?
Question: Why is the ability to back up the runtime state beneficial in a production
environment?
Server App-V Usage Scenarios
Server App-V allows you to virtualize and deploy many server-based applications. There are several
components that Server App-V can sequence. Additionally, applications such as multi-tier web
applications and third-party network service applications lend themselves to virtualization with Server
App-V.
A single application may require you to specify registry settings, modify configuration files, or create
Windows operating system services. Additionally, an application may have many other points where it
interacts with the operating system. If so, the Server App-V Sequencer needs to capture these points, or
else the application may not work properly when you deploy it.
Applications that require you to perform the following tasks may be suitable for virtualization with Server
App-V:
Save runtime state to local disk
Install Windows services
Create IIS applications
Add and change registry settings
Install and use COM+ and Distributed COM (DCOM)
Use text-based configuration files
Install Windows Management Instrumentation (WMI) providers
Install and use Reporting Services, a feature of SQL Server
Add, modify, or use Local Users and Groups
Install and use Java-based applications
If an application requires another type of virtualized information that is not included on this list, it may
not work properly with Server App-V. There is no exhaustive list of applications that will work with Server
App-V. You must thoroughly test all applications that you are virtualizing before you run them in a
production environment.
Invalid Server App-V Usage Scenarios
Server App-V is flexible, and you can use it to virtualize a wide variety of server-based applications.
However, there are a few functions that you cannot use Server App-V to virtualize. For example,
applications that require the following functionality are not supported:
Windows drivers or other components that must load when the operating system boots
Microsoft SharePoint Server, or applications that install SharePoint Server
SQL Server databases
Just as there is no complete list existing for supported Server App-V virtualization application types, there
is also no exhaustive list of unsupported applications types for Server App-V.
Note Even though you may not use Server App-V to virtualize SQL Server databases, you
may still automate deployment by using VMM and DAC packages. Deploying SQL Server
using VMM is discussed in Module 5.
Key Server App-V Terms
Before working with Server App-V, you should understand the main components used for Server App-V.
The following terms apply to Server App-V:
Application. An application is the binaries, configuration, and settings that you plan to virtualize.
Server App-V Sequencer. The Sequencer packages an application. It monitors and records all of the
changes that an application makes during installation and setup of the application, and then creates a
Server App-V package.
Server App-V agent. The agent is installed on the server that will run the virtualized application. It
executes and maintains the virtualized application and its runtime state.
Package. A package includes the binaries, configuration, and runtime state information for the
virtualized application Packages are imported on a server that has the Virtualization Agent installed.
Server App-V virtual drive (Q:\). The virtual drive stores the binaries and settings for the virtualized
application. Application settings and installation files are stored on this virtual drive during
sequencing. The App-V agent creates and maintains the virtual drive in a folder on your system
drive based on the contents of packages that have been imported.
Overview of the Application Sequencing Process
Application sequencing is the process of registering the changes that an application makes during the
setup and configuration procedure. The application registration consists of the settings and configuration
captured during the sequencing. This represents how the application will initially deploy.
Sequencing provides Server App-V with information about how an application works and what resources
it requires. Specifically, Server App-V can determine which binaries and settings are required to make the
application run, and how the application creates and consumes data. The Server App-V package then
encapsulates all of this information.
The sequencing process is as follows:
1.
Install the Server App-V Sequencer.
2.
Configure package details, and then start the Server App-V Sequencer to monitor the system.
3.
Launch the installer and install your application.
4.
Stop the Server App-V Sequencer from monitoring the system.
5.
Save the Server App-V package.
You will learn more in-depth about the process of sequencing applications later in this module.
The Server App-V Package
After sequencing an application, you save the sequenced information as a Server App-V package. You can
then use the package file to deploy the virtualized application. Server App-V packages include the
following files:
Sequencer project (.sprj). The .sprj file is an XML-based file that the Sequencer uses to save
information about the package so that you can edit or upgrade the package later.
Package payload (.sft). The sft file is a binary file that the Sequencer creates. This file contains the
deployed files, folders, registry settings, and other package-related information.
Open Software Descriptor (.osd). The .osd files are XML-based files that describe how the application
should be imported on the agent computer.
Package manifest (_manifest.xml). The package name_manifest.xml file is an XML-based file that
contains metadata information that describes the package. The Server App-V agent uses the
information included in this file to import and then run a Server App-V package.
Deployment configuration (DeploymentConfig.xml). The DeploymentConfig.xml file is an XML-based

file containing the data that will be passed to the Server App-V agent. The data is then used to
customize the package settings that were specified when the application was sequenced. For
example, settings in this file may include database connection strings, server names, and passwords
customized for a specific deployment.
Differences Between Server App-V and App-V
Both Server App-V and App-V virtualize applications, but you should be aware of their differences. You
can stream applications that were packaged with App-V by using a number of protocols from either an
App-V streaming server or a simple file location. Server App-V expects you to deliver the applications
directly to the running server by using VMM or a Windows PowerShell command-line interface. For
Server App-V, you cannot stream applications from network locations.
App-V has more limited virtualization capabilities than Server App-V. Server App-V allows you to
sequence and deliver services, WMI components, COM objects, and IIS applications.
Server App-V is designed to use VMM to deploy applications that both run on servers and provide
network services, such as a third-party File Transfer Protocol (FTP) services. App-V, however, is designed to
deploy user-based applications, such as Microsoft Office.
The following table shows the key differences between Server App-V and App-V.
Server App-V
App-V
The application-created data or user-specific

registry settings that are made when the
application is sequenced remains associated with
the same user at deployment time and run time.
The application-created data or user-specific

registry settings that are made when the
application is sequenced is mapped so that it is
accessible to any user running the application.
Application files that are part of a virtual

application package are available to all processes
that are running on the computer.
Application files that are part of a virtual

application package are only available to that
virtual application and any other processes that
are started in the virtual application's
environment.
(continued)
Server App-V
App-V
COM objects, DCOM objects, COM+ objects, WMI

providers, and Windows services that are part of a
virtual application package are exposed on the
local system so that the operating system, tools,
and other applications can interact with them.
COM, DCOM, COM+, WMI, and service

information that are associated with a virtual
application package are kept within that package,
and are unavailable to processes that are running
outside of that package.
The Server App-V agent uses heuristics to detect

automatically which processes on a computer
must be run within virtual environments.
For a process to be virtualized, that process must

be opened by an App-V program (such as
sfttray.exe), or it has to be the child of another
virtual process.
There is no option that allows you to stream

packages. All packages are deployed to the client
using Windows PowerShell cmdlets or VMM.
You can stream packages from a distribution

point.
Configuration options are configured using a

separate XML-based file to customize deployment
parameters.
Configuration options are contained in the

package. You must create a new package to
customize deployment parameters.
Lesson 4
Configuring Server App-V Components
Server App-V requires that you properly install and configure the Server App-V agent and the Server
App-V Sequencer. For the best results when deploying the virtualized applications, you must also consider
the operating system configurations to which you will deploy the virtualized applications.
In this lesson, you will learn how to configure the Server App-V components.
Describe the Server App-V software requirements.
Explain how to configure the Server App-V agent and agent cmdlets.
Describe the best practices for configuring the Server App-V Sequencer.
Server App-V Software Requirements
The Server App-V Sequencer and the Server App-V agent run on the same operating system versions.
However, because Server App-V is a server-based product, it only runs on server operating systems. The
following table lists the supported operating systems.
Operating system
System architecture
Windows Server 2003 with Service Pack 2 (SP2)
x86 and x64
Windows Server 2003 R2 with SP2
x86 and x64
Windows Server 2008 with SP2
x86 and x64
Windows Server 2008 R2 and Windows Server 2008 R2

with Service Pack 1 (SP1)
x64
In addition to a supported operating system, the Server App-V Sequencer and the Server App-V agent
require you to install the Microsoft Visual C++ 2005 SP1 Redistributable Package. If Visual C++ 2005 is
not already installed, then the Server App-V Sequencer or Server App-V agent installation process will
install it for you.
The Server App-V installation files are located on the Virtual Machine Manager server in the Install Drive:
\Program Files\Microsoft System Center 2012\Virtual Machine Manager\SAV directory. Depending on
the system architecture of the operating system onto which you intend to install the Server App-V
components, you will use the files in either the 32-bit or the 64-bit folders. These folders contain the
following files:
AgentSetup.exe. This file installs the Server App-V agent.
AgentCmdletsSetup.exe. This file installs the Windows PowerShell cmdlets that the Server App-V
agent uses. You must install the Server App-V agent on the same machine for the cmdlets to function.
SeqSetup.exe. This file installs the Server App-V Sequencer.
SequencerCmdletSetup.exe. This file installs the Windows PowerShell cmdlets that the Server App-V
Sequencer uses. You must install the Server App-V Sequencer on the same machine for the cmdlets to
function.
Configuring the Server App-V Agent and Agent Cmdlets
You install the Server App-V agent on the server that will run the virtualized application. If the virtualized
application requires Windows roles or features, you should install them before you deploy the application.
To test package deployment, you may also wish to install the Server App-V PowerShell agent cmdlets.
These cmdlets allow you to verify the functionality of a package quickly, without using VMM. To install the
Server App-V PowerShell agent cmdlets, use the AgentCmdletsSetup.exe file that is found in the Server
App-V installation folder on the VMM server.
Once you have installed the Server App-V PowerShell agent cmdlets, you must also set the Windows
PowerShell execution policy to RemoteSigned, which allows scripts and configuration files to execute if
they are signed by a trusted publisher. The default execution policy does not allow scripts or configuration
files to execute. To adjust the policy, run the following command from an elevated Windows PowerShell
prompt to set the execution policy to RemoteSigned:
Set-ExecutionPolicy RemoteSigned
The execution policy is a user preference, and must be set by each user. After setting the Windows
PowerShell execution policy, run the following cmdlet from an elevated Windows PowerShell prompt to
import the ServerAppVAgent module:
Import-Module ServerAppVAgent
Note Changing the Windows PowerShell execution policy alters the security configuration
of the server. These changes could allow malicious scripts to be run on the server, which
could cause damage. You should only make changes to the execution policy after
understanding the consequences of making the changes.
Best Practices for Configuring the Server App-V Sequencer
You cannot install the Server App-V Sequencer on a machine that already has the Server App-V agent
installed. You must uninstall the Server App-V agent before attempting to install the Server App-V
Sequencer. It is recommended that you use the following best practices for configuring your sequencing
server:
Set up the sequencing machine with the same base configuration as the target servers. Server App-V
can run the same virtualized application on different operating system configurations. However, you
should limit the number of variables to reduce the possibility of incompatibilities.
Verify that the default sequencing drive is valid for your deployments. By default, Server App-V uses
Q for the default drive letter. If you are already using this drive in your environment, you may need to
adjust the default drive to a different letter. Use the same virtual drive letter for all of your
applications to reduce confusion.
Disable unused applications. Just before you run the Server App-V Sequencer, shut down antivirus
software, Windows Update, and any other applications, which can slow down the sequencing process
and cause the Server App-V Sequencer to package data that is not related to the application you are
sequencing.
Document your sequencing environment. Be sure to document any software and configuration
changes that you made before you sequenced the application. This is helpful if you ever have to
troubleshoot, update, or recreate your virtualized application.
If you are deploying the virtualized application to multiple operating system types, use the lowest
version to sequence the application. For example, if you plan to deploy your virtualized application to
both Windows Server 2008 and Windows Server 2008 R2, sequence the application on a Windows
Server 2008 machine.
Use a virtual machine for sequencing, and create a checkpoint before you sequence a new
application. Use the checkpoint to revert the virtual machine to a clean runtime state after
sequencing. This allows you to sequence another application in the future using the same
virtual machine.
Lesson 5
Sequencing and Deploying Virtual Applications
Before deploying a virtual application, you must first sequence it. The sequencing process is critical for
creating a package that works properly after deployment. In addition, you should always test a sequenced
application to verify that it will function correctly once you deploy it.
In this lesson, you will learn how to sequence and test the deployment of applications.
Explain how to create a Server App-V package.
Describe the Server App-V agent and Sequencer PowerShell cmdlets.
Explain how to test a Server App-V package before deployment.
Explain how to back up and restore a Server App-V package.
Creating a Server App-V Package
To sequence an application, complete the following steps:

1.
Deploy a sequencing server that matches your deployment standard.
2.
Install the Server App-V Sequencer on the sequencing server. If you are using a virtual machine,
create a checkpoint of the machine so that you can revert to it after you finish sequencing the
machine.
3.
Install the Windows roles and features that are required to support your application.
4.
Run the New Virtual Application Package Wizard.
5.
Select your applications installer, or if you plan to install your application manually, select a custom
installation.
6.
Install the application to the Server App-V virtual drive (Q:\).
7.
Run any other installers that are necessary to complete the application configuration.
8.
Perform configuration changes as needed.
9.
Customize the package information. Customization may include configuring which files and settings
are included, and which need to be specified when the application deploys.
10. Save the package to another server. When you have completed your sequencing session, you can
revert the virtual machine back to the checkpoint that you created in step 2.
VMMs Service Templates feature makes use of Server App-V. After creating and testing the Server App-V
package, you must copy the package to the Virtual Machine Manager library so that you can use it. Once
the package is in the library, you can use it when you create or modify a service template. You will learn
more about service templates in Module 5.
Server App-V Agent and Sequencer Cmdlets
You can use the Server App-V agent cmdlets to manage Server App-V packages without needing to use
VMM. This is helpful because it allows you to test single package deployments quickly and then deploy
new virtual machines, without having to add the packages to the Virtual Machine Manager library. You
receive near immediate feedback on how the application functions. The Server App-V agent cmdlets allow
you to deploy a package, start and stop a deployed application, and back up and restore the runtime
state of an application.
The Server App-V agent cmdlets that are listed in the following table are available.
Cmdlet
Description
Add-ServerAppVPackage
This cmdlet adds a new virtual application package to a

computer that is running the Server App-V agent, or upgrades
an existing virtual application package on a computer that is
running the Server App-V agent.
Use this cmdlet to import a sequenced application on the
computer without using VMM.
Backup-ServerAppVPackageState
This cmdlet backs up to a specified location the runtime state

that is associated with an existing virtual application package.
Use this cmdlet to save the runtime state of a deployed
package so that you can restore it to a new server, or to the
same server at a later time.
Restore-ServerAppVPackageState Using a previously created backup, this cmdlet restores the

runtime state that is associated with a virtual application
package.
Use this cmdlet to restore the package state after a previous
backup has been created.
You can use the Server App-V Sequencer cmdlets to create scripts to sequence applications. This is
helpful, because it allows you to sequence an application the same way each time, which is important
when updating Server App-V packages. The Server App-V Sequencer cmdlets that are listed in the
following table are available.
Cmdlet
Description
NewServerAppVSequencerPackage
This cmdlet creates a new virtual application package.

Use this cmdlet to create a Server App-V Sequencer package
from a Windows PowerShell command-line interface.
Protect-UpdateConfiguration
This cmdlet encrypts the private values in the deployment

configuration document. Private values include passwords and
user names that the application requires to function.
Unprotect-UpdateConfiguration
This cmdlet decrypts the private values in the deployment

configuration document. Private values include passwords and
user names that the application requires to function.
UpdateServerAppVSequencerPackage
This cmdlet updates an already created existing virtual

application package. Server App-V updates an already created
package if a newer version of the software must be integrated
into the package, or if other adjustments are required.
Testing a Server App-V Package
You can use the Server App-V agent cmdlets to test the Server App-V packages. To test a package
deployment, complete the following steps:
1.
Customize the DeploymentConfig.xml file.
2.
Run the Add-ServerAppVPackage cmdlet to add the Server App-V package.
3.
Run the Start-ServerAppVPackage cmdlet to start the Server App-V package.
VMM configures the DeploymentConfig.xml file automatically, when you use VMM to deploy a Server
App-V package. However, when you use the cmdlets, you must modify this file manually. Specifically, to
test a deployment properly, you may need to edit the attributes of the <ENTRY> XML elements in the
<CONFIGURATION><VIRTUALENVIRONMENT>and the <CONFIGURATION><LOCAL> sections of the
file. Elements that you may need to edit include database connection strings, server names, and other
settings that would change for the application each time it is deployed.
Backing Up and Restoring a Server App-V Package
After you deploy an application, the application may create log files, change settings, or change the
runtime state. With Server App-V, you can back up the runtime state of the deployed application and
restore it on another server. You may need to complete this process if you need to replace the server on
which the application is deployed, or if you want to test the application on another server.
The backup and restore process is as follows:
1.
Run the Stop-ServerAppVPackage cmdlet to stop the Server App-V application.
2.
Run the Backup-ServerAppVPackageState cmdlet to back up the Server App-V application runtime
state.
3.
Copy the backup files and the Server App-V package to the new server.
4.
Run the Add-ServerAppVPackage cmdlet to add the Server App-V package to the new server.
5.
Run the Restore-ServerAppVPackageState cmdlet to restore the Server App-V package runtime
state.
6.
Run the Start-ServerAppVPackage cmdlet to start the Server App-V package.

Question: Why might you want to back up and restore a deployed application?
Lab Setup
Note
1.
2.
3.
4.
Password: Pa$$w0rd
Domain: Contoso
5.
6.
7.
In Hyper-V Manager, click 10751A-LON-AP1, and in the Actions pane, click Start.
8.
9.
Password: Pa$$w0rd
Domain: Contoso
10. Repeat steps 7 to 9 for 10751A-LON-SE1.
Lab Scenario
As a part of the move to a private cloud infrastructure, Contoso, Ltd has decided to change its server
application delivery strategy so that it can provide a more scalable platform. Contoso, Ltd has decided
to use Server App-V to deliver existing applications. You are tasked with virtualizing the .NET Pet Shop
application using Server App-V. You will need to test the virtualized Pet Shop application before you
deploy it.
You must configure Server App-V so that you can use it to sequence and deploy an application virtually.
Exercise 1: Configuring the Server App-V Sequencer

1.
Install the Server App-V Sequencer on LON-SE1.
Task: Install the Server App-V Sequencer on LON-SE1

1.
Log on to LON-SE1 as Contoso\Administrator using the password Pa$$w0rd.
2.
Install Microsoft Server Application Virtualization Sequencer from C:\SAV\x64\SeqSetup.exe.
Results: After this exercise, you should have installed the Server App-V Sequencer on LON-SE1.
Exercise 2: Configuring the Server App-V Agent

1.
Install the Server App-V agent on LON-AP1.
Task: Install the Server App-V agent on LON-AP1

1.
Log on to LON-AP1 as Contoso\Administrator using the password Pa$$w0rd.
2.
Install Microsoft Server Application Virtualization Agent from E:\Labfiles\SAV\x64\AgentSetup.exe.
Results: After this exercise, you should have installed the Server App-V agent on LON-AP1.
Exercise 3: Sequencing an Application

1.
Sequence the Pet Shop application.
Task: Sequence the Pet Shop application

1.
On LON-SE1, open Microsoft Server Application Virtualization Sequencer and create a new Virtual
Application package.
Application installer: C:\SAV\Microsoft .NET Pet Shop 4.0.msi
Package Name: PetShop4.0
2.
Complete the .NET Pet Shop 4.0 Source Code Only installation on Q:\PetShop4.0\.
3.
Complete the site installation by executing the following commands from an elevated command
prompt:
Q:
Cd \PetShop4.0
Build.bat
DecryptWebConfig.bat
4.
Create a new website using IIS Manager.
Name: PetShop4
Physical Path: Q:\PetShop4.0\web
Port: 8081
5.
In the Microsoft Server Application Virtualization Sequencer, finish the sequencing process.
6.
Save the completed package to \\LON-AP1\E$\Labfiles\SAV\PetShop\PetShop4.0.sprj.
Results: After this exercise, you should have successfully sequenced the Pet Shop application, and saved
the package to LON-AP1.
Exercise 4: Testing the Server App-V Package Deployment

1.
Install the Server App-V agent cmdlets on LON-AP1.
2.
Import the Server App-V package.
Task 1: Install the Server App-V agent cmdlets on LON-AP1
On LON-AP1, install Microsoft Server Application Virtualization Agent cmdlets from

E:\Labfiles\SAV\x64\AgentCmdletsSetup.exe.
Task 2: Import the Server App-V package

1.
On LON-AP1, open a Windows Explorer window, and browse to E:\Labfiles\SAV\PetShop.
2.
In the PetShop folder, right-click deploymentconfig.xml, and then click Edit.
3.
Replace all instances of localhost and (local) with LON-SQ1.
4.
Replace all instances of password= with password=pass@word1.
5.
Save and close Notepad, and then close the PetShop window.
6.
In an elevated Windows PowerShell window, set the Windows PowerShell execution policy to
RemoteSigned by using the following cmdlet:
Set-ExecutionPolicy RemoteSigned Scope Process Force
7.
Import the ServerAppVAgent PowerShell module by using the following cmdlet:

Import-Module ServerAppVAgent
8.
Add the Server App-V package by using the following cmdlet typed on a single line:
Add-ServerAppvpackage Petshop -Manifest
E:\Labfiles\SAV\petshop\petshop4.0_manifest.xml -Sft
E:\Labfiles\SAV\petshop\petshop4.0.sft -Configuration
E:\Labfiles\SAV\petshop\deploymentconfig.xml
9.
Start the PetShop4 Server App-V package by using the following cmdlet:
Start-ServerAppVPackage Petshop.
10. Open Windows Internet Explorer to test the site using http://localhost:8081/. The .NET Pet Shop
web site displays.
11. Close Internet Explorer and close the Windows PowerShell window.
12. Shut down LON-SE1.
Results: After this exercise, you should have installed the Server App-V agent cmdlets on LON-AP1, and
successfully tested the Pet Shop application that you sequenced in Exercise 3.
Review Questions
1.
What are web deployment packages used for?
2.
What is Server App-V, and with what types of applications can you use it?
3.
What types of applications might not be suitable for Server App-V or dynamic deployment?
Common Issues Related to Server App-V
Identify the causes for the following common issues related to a particular technology area in the module,
and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module.
Issue
Server App-V package will
not deploy.
Server App-V Sequencer will
not deploy.
Troubleshooting tip
Best Practices Related to Server App-V

Supplement or modify the following best practices for your own work situations:
Configure the sequencing server with the same roles and features that you will deploy in production.
Create a checkpoint for the sequencing virtual machine before creating a package, so that you can
revert to it after creating a package.
Use unique package names for each package that you will deploy.

5-1
Module 5
Creating the Private Cloud Building Blocks
Contents:
Lesson 1: Configuring Guest Operating System Profiles
5-3
Lesson 2: Configuring Hardware Profiles
5-12
Lesson 3: Configuring SQL Server Using SQL Server Profiles
5-24
Lesson 4: Configuring Application Profiles
5-32
Lesson 5: Configuring Virtual Machine Templates
5-37
Lesson 6: Configuring the Self-Service User Role
5-43
5-50
Module Overview
5-2
To deploy a virtual machine or a service efficiently within a private cloud infrastructure, you must use
several underlying components as building blocks for the deployment. You may have specific settings
that are common for groups of virtual machines, such as hardware specifications and operating system
settings. You may also want to automate as much as possible the deployment of application services such
as Microsoft Server Application Virtualization (Server App-V) applications, web-based applications, or
Microsoft SQL Server data-tier applications (DACs). Delegated users might also need access to the profile
configurations for creating, deploying, and managing virtual machines and services in the private cloud.
In this module you will learn about the profile configurations that you can use as a foundation for virtual
machine deployment templates and service templates. You will also learn how to configure user selfservice in Microsoft System Center 2012 - Virtual Machine Manager (VMM), which allows you to delegate
virtual machine management tasks.
Configure the guest operating system profiles.
Configure hardware profiles.
Configure SQL Server by using SQL Server profiles.
Configure application profiles.
Configure a virtual machine template using profile components.
Configure the self-service user role.
Lesson 1
Configuring Guest Operating System Profiles
5-3
A guest operating system profile (guest OS profile) contains operating system settings that you use during
a virtual machine deployment. You can use the guest OS profile as one of the building blocks for
constructing a virtual machine template.
In this lesson you will learn about the four categories of settings that you can configure when you create a
guest OS profile.
Describe guest OS profiles.
Configure general settings for guest OS profiles.
Configure roles and features settings for guest OS profiles.
Configure network settings for guest OS profiles.
Configure scripts settings for guest OS profiles.
Overview of the Guest OS Profile
A guest operating system refers to any operating system that runs on a virtual machine in Windows
Server using Hyper-V technology. As you install a guest operating system on a multiple virtual
machines, you may come to realize that many virtual machines contain similar system settings, such as
domain or workgroup membership, product keys, time zone, and the local administrator password.
5-4
To support an automated and standardized virtual machine deployment process, you can create and
use a guest OS profile. Guest OS profiles contain a collection of operating system settings that the virtual
machine deployment process imports into a virtual machine template. The virtual machine template
provides a consistent operating system configuration for any virtual machine that you create using the
template.
You can use a guest OS profile to provide predefined configuration settings for the guest operating
system. These setting include:
Identify information
Local administrator password
Product key
Time zone
Operating system version
Server roles and features
Domain/workgroup membership
Answer file references
The guest OS profile is a database object that you create and access from within the Library workspace in
the VMM console.
Creating a Guest OS Profile

To create a guest OS profile, perform the following steps:
5-5
1.
In the VMM console, click the Library workspace.
2.
In the navigation pane, expand Profiles, and then click Guest OS Profiles. Any existing profiles
display in the results pane.
3.
On the Home tab, click Create, and then click Guest OS Profile. The New Guest OS Profile dialog
box opens.
4.
On the General page, provide the profiles name and description.
5.
On the Guest OS Profile page, configure settings as required, and then click OK.
On the Guest OS Profile page, you can configure the following settings:
General Settings. This section includes settings such as computer name, local administrator
password, and the type of operating system you will be deploying to the virtual machine.
Roles and Features. This section allows you to select one or more server roles and features that
you want to install on the virtual machine that you are deploying.
Networking. This section allows you to specify the workgroup or domain that the virtual
machine should join.
Scripts. This section allows you to include additional settings as specified in an Unattend.xml file
or a Sysprep.inf file, or through commands configured within the [GUIRunOnce] section of the
registry key.
Note You can also create a guest OS profile when you create a virtual machine template.
More information about the virtual machine template is provided later in this module.
Question: How will you use guest OS profiles in your environment?
Configuring General Settings for Guest OS Profiles
On the Guest OS Profile page, under General Settings, you can configure the attributes that multiple
virtual machine deployments usually will share. The following table describes these attributes.
Setting
Description
5-6
Identity Information
When you select Identity Information, you can enter a name in the
Computer name field. By default, an asterisk (*) displays, which VMM
uses to randomly generate a computer name for any virtual machine that
you create using this profile.
You can enter a specific name, or even a partial name, and you can use
the number (#) symbol as a wildcard to represent a single digit. For
example, PROD# would create names such as PROD1, PROD2, and so on.
However, if the machines will exist on the same network, ensure that
each virtual machine that you create with this profile has a unique name.
Admin Password
This setting provides options for specifying the credential for the local
Administrator account. Options include:
No local administrator credential required
Specify the password of the local administrator account
Select a Run As account for the local administrator account
To use a Run As account, you need to configure the account in the
Settings workspace, under the Security\Run As Accounts node.
(continued)
Setting
Description
5-7
Product Key
This setting allows you to specify a valid product key or volume licensing
key. By default, the Product key field is blank, which means that users
must provide their own product keys when they are using this profile to
create a virtual machine.
If you are using an answer file to provide customized settings, you can
also include the product key in the answer file. In this case, you select the
Product key provided by answer file check box. When you create the
virtual machine, the product key will import from the answer file.
Time Zone
This section allows you to specify the appropriate time zone for the
virtual machine.
Operating System
This section specifies the operating system that you will deploy on to the
virtual machine. You should configure each operating system that you
deploy with its own guest OS profile. Depending on which operating
system that you specify, other configuration options may or may not be
made available when creating the guest OS profile.
Question: You need to ensure that the Windows product key is secure and cannot be read
by users who are deploying virtual machines. What can you do?
Configuring Roles and Features Settings for Guest OS Profiles
5-8
When you deploy a server-based virtual machine, you often intend the new server to perform one
or more roles to support network services. For example, you might need the new server to provide
Active Directory Domain Services (AD DS), or to host a web-based application that requires the Microsoft
Internet Information Services (IIS) server role.
You may also need to install one or more features to support specific roles or functionality. For example,
to include a server in a cluster, you would need to install the Failover Clustering feature on the server.
On the Guest OS Profile page, under Roles and Features, you can specify which server roles and
features that you want to install on the virtual machines that you deploy using this profile. The following
table describes these roles and features.
Setting
Description
Roles
Select one or more server roles for installation on the server. Several
options are available, including:
Active Directory Certificate Services
Active Directory Domain Services
Application Server
File Services
Web Server (IIS)
Features
Select one or more features that are required to support a specific

server role or functionality. Several options are available including:
.NET Framework 3.5.1 Features
Background Intelligent Transfer Service (BITS)
BranchCache
Network Load Balancing
Windows Server Backup Features
Note You can only specify roles and features if the Operating System option is set to
Windows Server 2008 R2 operating system, or newer.
5-9
Configuring Networking Settings for Guest OS Profiles
On the Guest OS Profile page, under Networking, you can specify the workgroup or domain that all
virtual machines you create with this profile should join. The following table describes this setting.
Setting
Domain/Workgroup
Description
5-10 Creating the Private Cloud Building Blocks
This section provides options for specifying the workgroup, domain

name, and credentials that are required to join a domain.
Options include:
Workgroup. Select this option when you want the virtual machines
to join a specified workgroup.
Domain. Select this option when you want the virtual machines to
join a specified domain.
Specify credentials to use for joining the domain. Select this
option to create a domain user and password that users must use to
join the virtual machine to the domain.
Select the Run As account to use for joining the domain. Select
this option to use a preconfigured Run As account for joining the
virtual machine to the domain.
Configuring Scripts Settings for Guest OS Profiles
5-11
On the Guest OS Profile page, under Scripts, you can specify a preconfigured answer file that Windows
Setup should use during the mini-setup process. You can also specify commands that the operating
system will run automatically the first time a user logs on to the virtual machine. The following table
describes these settings.
Setting
Description
Answer File
After you prepare a computer image by using the System Preparation

tool (Sysprep), you can use an answer file to automate the mini-setup
portion of the virtual machine deployment. The answer file contains
configuration settings that are used to complete the Mini-Setup Wizard.
The Microsoft Windows 2000 Server and Windows Server 2003 operating
systems both use a Sysprep.inf file as an answer file.
Windows Server 2008 and newer Windows Server operating systems uses
a Unattend.xml file as an answer file.
For the answer file to be accessible, you must store the file on a Virtual
Machine Manager library share, and specify the file for the Answer File
option.
[GUIRunOnce] Commands
You can use the [GUIRunOnce] Commands section to add commands

that must run during the first logon of the virtual machine that you are
deploying. For example, you may want to install a specific application
or agent, or apply an additional custom registry setting after the virtual
machine deploys. Once the command runs on the virtual machine,
Windows Server removes it from the [GUIRunOnce] registry key and
does not run it again.
Lesson 2
Configuring Hardware Profiles
You use a hardware profile to define a standard set of hardware settings that you want to use during a
virtual machine deployment. The hardware profile is another building block that you can specify when
you construct your virtual machine template.
In this lesson, you will learn about the settings that you can configure when you create a hardware profile.
Describe the hardware profile.
Configure the compatibility and general settings for hardware profiles.
Configure the bus configuration settings for hardware profiles.
Configure the network adapter settings for hardware profiles.
Configure the advanced settings for hardware profiles.
Overview of the Hardware Profile
5-13
A hardware profile contains specifications for various hardware components such as the number of
processors, memory allocation, integrated drive electronics (IDE) devices, small computer system interface
(SCSI) adapter configuration, and network adapter configuration. Although you can deploy a virtual
machine without a hardware profile, using a hardware profile in conjunction with a virtual machine
template ensures that your virtual machine deployment uses a consistent hardware configuration.
Creating a Hardware Profile

To create a hardware profile, perform the following steps:
1.
In the VMM console, click the Library workspace.
2.
In the navigation pane, expand Profiles, and then click Hardware Profiles. Any existing profiles
display in the results pane.
3.
On the Home tab, click Create, and then click Hardware Profile. The New Hardware Profile dialog
box opens.
4.
On the General page, provide the profiles name and description.
5.
On the Hardware Profile page, configure settings as required, and then click OK.
On the Hardware Profile page, you can configure the following settings:
Compatibility. This setting provides an option to select a preconfigured capability profile, which
ensures that the hardware profile meets specific hardware capability requirements.
General. This section allows you to configure settings related to the processor, memory, floppy drive,
COM ports, and video adapter.
Bus Configuration. This section allows you to configure settings for IDE devices and SCSI adapters.
Network Adapters. This section allows you to specify connectivity settings for one or more network
adapters.
Advanced. This section provides a number of settings related to availability, BIOS configuration, and
CPU and memory priorities.
Note You can also create a hardware profile when you create a new virtual machine, or
when you create a virtual machine template. Virtual machine templates will be discussed in
more detail later in this module.
Configuring Compatibility and General Settings for Hardware Profiles
Each hardware profile that you create specifies hardware settings for a specific virtual machine
deployment type. To ensure that a hardware profile meets predetermined requirements, you can
validate the hardware profile against a capability profile. This ensures compatibility for your private
cloud infrastructure.
Compatibility Settings
5-15
Hardware profiles are stored in the Virtual Machine Manager library, and you use them for deploying
virtual machines based on various platforms such as Hyper-V, VMware ESX Server, and Citrix XenServer.
You may have specific requirements for each platform. For example, you might have defined that any
server that is based on the Hyper-V platform cannot have more than two processors, or any server that is
based on the VMware ESX Server platform can only have a memory range of 16 gigabytes (GB) to 128 GB
of allocated random access memory (RAM).
When you create a hardware profile, in the Compatibility section, select the Cloud Capability Profiles
setting, and then select the check box next to the preconfigured capability profile that you want to use. By
default, three capability profiles exist, one each for the Hyper-V, VMware ESX Server, and Citrix XenServer
platforms. Linking your hardware profile to one of these three capability profiles ensures that your virtual
machine adheres to platform-specific requirements. It also provides information about the validation
state. As needed, you can also create a customized capability profile.
After you create a hardware profile, open the hardware profiles Properties dialog box. The Validation
Errors page provides information about the validation status, including a description of any errors, and
the recommended action to take to resolve errors.
General Settings
On the Hardware Profile page, under General, you can configure the settings that are listed in the
following table.
Setting
Description
Processor
Use this setting to specify the number of processors that a virtual

machine can use. Options include:
Number of processors. You can select from 1 to 16 processors to
match the capabilities of the virtualization platform on the host.
Allow migration to a virtual machine host with a different
processor version. Selecting this option allows the virtual machine
to run on a host that has a different processor version than the host
on which you created the virtual machine. This provides support for
live or saved-state migration, but may limit the processor features
that are available to the virtual machine.
Memory
Use this setting to specify how much memory to allocate to the virtual
machine. Selecting Static allocates a static amount of memory ranging
from 4 megabytes (MB) to 255 GB. The amount of memory that you can
configure depends on the capabilities of the virtualization platform on
which the virtual machine is running.
You can also specify the Dynamic option, which causes Hyper-V to
assign memory to the virtual machine on demand as needed. Settings
related to the Dynamic option include:
Startup memory. This setting specifies the amount of memory used
to start the virtual machine. This number needs to be high enough
to allow the virtual machine to start, but low enough to allow for
dynamic memory utilization.
Maximum memory. This setting specifies the maximum amount of
memory that the virtual machine can use.
Memory buffer percentage. This setting specifies that the virtual
machine should use a memory buffer as calculated by Hyper-V.
By using committed memory performance counters, Hyper-V can
determine current memory requirements of a virtual machine, and
calculate the amount of memory to add as a buffer.
Floppy Drive
Use this setting to specify a virtual floppy disk file. Options include:
No media. This option specifies that the virtual floppy drive does
not contain a virtual floppy disk file. This is the default selection.
Existing virtual floppy drive. This option allows you to browse the
Virtual Machine Manager library for an existing virtual floppy disk
file.
COM 1 and COM 2
Use these settings to specify virtual COM port configurations. Options

include:
None. No COM port is configured.
Named pipe. Specify a pipe pathname for the COM port.
(continued)
Setting
Video Adapter
Description
5-17
Use this setting to select between using the Standard video adapter or
the Microsoft RemoteFX 3D video adapter. RemoteFX enables the
virtual machine display to use multiple monitors, and to display at
various resolutions. Microsoft RemoteFX 3D video adapter options
include:
Maximum number of monitors. By default, this option is 1. You
can use values from 1 to 4.
Maximum monitor resolution. The default resolution is
1280x1024. You can change the resolution to 1024x768, 1600x1200,
or 1920x1200, depending on the number of monitors that you
select.
Note To use Microsoft RemoteFX, you must host the virtual machine on a Hyper-V
platform that is running Windows Server 2008 R2 Service Pack 1 (SP1). Clients must also use
the Remote Desktop Connection (RDC) 7.1 client to connect to RemoteFX-enabled virtual
machines. RDC 7.1 is included in Windows Server 2008 R2 SP1, and Windows 7 SP1 and
newer.
Configuring Bus Configuration Settings for Hardware Profiles
For any new virtual machine that you create using the hardware profile, the bus configuration setting in
the hardware profile specifies the number of virtual DVD drives to attach to the IDE device. Depending on
your requirements, you can also add or remove SCSI adapters. SCSI adapters allow additional virtual hard
disks to be available to each virtual machine.
By default, each hardware profile that you create includes one IDE controller and one SCSI adapter. On
the Hardware Profile page, under Bus Configuration, you can configure the following setting options.
Setting
IDE Devices
Description
A single IDE device is available. This device allows you to connect up to four devices,
as follows:
Primary channel (0). Not in use in the hardware profile, but is used by the first
hard disk when you deploy a new virtual machine.
Primary channel (1). Not in use in the hardware profile, but can be used as
needed when you deploy a new virtual machine.
Secondary channel (0). By default, this channel is used by a virtual DVD drive.
You can remove the DVD drive if you do not require it.
Secondary channel (1). Not in use in the hardware profile, but can be used as
needed when you deploy a new virtual machine.
You can add additional virtual DVD drives to unused channels, or remove virtual
DVD drives as required. For virtual DVD drives, you can use the following options:
Channel. This option specifies the IDE controller channel that you want to use
for the virtual DVD drive.
No media. Select this option to specify that there is no media in the virtual DVD
drive.
Physical CD or DVD drive. This option allows you to connect the virtual DVD
drive to a physical CD or DVD drive on the host computer. You will then be able
to read CDs or DVDs from the host computer.
(continued)
Setting
IDE Devices
(continued)
Description
SCSI Adapter 0
5-19
Existing ISO image file. Allows you to select an .iso (ISO) image file that you
want to attach to the virtual DVD drive and read. You must store the ISO image
file on a Virtual Machine Manager library share.
Share image file instead of copying it. By default, any virtual machine that you
create using the hardware profile will attach a copy of the ISO file. This can
quickly use up drive space. Use this option to allow multiple virtual machines to
share the ISO image file.
This setting allows you to remove the default SCSI adapter, as needed. Alternatively,
you can configure up to four SCSI adapters, including the adapter types, as follows:
Default. Uses the adapter type supported by the intended guest operating
system that you are deploying.
LSI Logic Parallel. This is the default for the Windows Server 2003 and Windows
Vista operating systems.
BusLogic Parallel. This is considered a legacy adapter type. This adapter was
typically used with Windows 2000 Server-based servers.
VMware Paravirtual. Use this option when you create a new virtual machine on
a VMware ESX host. This option only supports server-based operating systems.
LSI Logic SAS. This setting is the default for newer operating systems, such as
Windows Server 2008 and Windows 7. This setting supports both servers and
desktops, and is optimized to support failover clustering.
When you create a new virtual machine, or when you create a virtual machine
template, you can add up to 64 virtual hard disks to a single SCSI adapter, allowing
up to a maximum of 256 SCSI-connected virtual hard disks (VHDs) provided the
server is using all four SCSI adapters.
Configuring Network Adapter Settings for Hardware Profiles
When you create a new hardware profile, you can include one or more virtual network adapters as part of
the specification. You can choose from the following two types of network adapters:
Legacy network adapter. The legacy network adapter provides network adapter emulation for all
supported virtualization platforms. This option provides the best overall compatibility with software
and operating systems, but requires greater processing overhead and a possible decrease in
performance. By default, a new hardware profile includes a single legacy network adapter.
Network adapter. This option is also known as the synthetic network adapter. This type of adapter
presents itself as a network device that is not emulated, and it typically offers higher performance for
virtual machines and lower overhead on the host system. The synthetic network adapter requires you
to install the Virtual Guest Services (VGS) components on the guest operating system.
On the Hardware Profile page, under Network Adapters, you can configure the settings listed in the
following table.
Setting
Connectivity
Description
Use this setting to specify how the network adapter connects to the
network. Options include:
Not connected. Select this option to indicate that the network adapter
does not connect to any network.
Connected to. Use this option to select a logical network as defined in
VMM.
Dynamic IP. Select this option to specify that the IP address will be
allocated automatically from a service such as Dynamic Host
Configuration Protocol (DHCP).
Setting
Connectivity
(continued)
Description
MAC Address
5-21
Static IP (from a static IP Pool). Select the IP protocol version, which

specifies support for Internet Protocol version 4 (IPv4) and Internet
Protocol version 6 (IPv6) network environments. To use a static IP pool,
you need to create an IP pool, and then associate it with a logical
network definition.
Enable virtual network optimizations. This option is only available
for the synthetic network adapter. You can select this option to take
advantage of network capabilities such as TCP offload support and
Virtual Machine Queue support, which are available on Hyper-V hosts
running Windows Server 2008 R2 and newer.
Use this setting to specify how media access control (MAC) addresses
are allocated to virtual machines. Similar to a MAC address on a physical
computer, the MAC address uniquely identifies each virtual network adapter
that is configured on each virtual machine. Options include:
Dynamic. Select this option to enable dynamic MAC address allocation
for a virtual machine.
Static. Select this option to specify a static MAC address for a virtual
machine.
Enable spoofing of MAC addresses. This option is only supported in
Microsoft Hyper-V Server 2008 R2 hosts, and in the Hyper-V feature in
Windows Server 2008 R2. This option allows you to override the virtual
network adapter MAC address by using the NetworkAddress key in
the virtual machines registry. This option also lowers restrictions on the
virtual switch port that connects the virtual network adapter.
Configuring Advanced Settings for Hardware Profiles
You can use hardware profiles to provide settings for virtual machines that will be included in a high
availability cluster, or that require specific CPU or memory priority configurations. On the Hardware
Profile page, the Advanced section contains various settings related to virtual machine priority,
availability, and startup order of devices. The following table describes these settings.
Setting
Description
Availability
This setting provides the Make this virtual machine highly available
option. When you select this option, virtual machines that you create
using this hardware profile will only be available for Hyper-V hosts in a
failover cluster, or for VMware ESX hosts in a host cluster with high
availability enabled.
BIOS
This setting specifies the startup order of boot devices for a virtual
machine. The default startup order is:
CD
IDE hard drive
Pre-Boot eXecution Environment (PXE) boot
Floppy
For virtual machines that are hosted on Hyper-V virtualization
platforms, you can also select the Enable Num Lock during startup
(for password entry) check box. This ensures that Num Lock is on by
default at logon for new virtual machines.
(continued)
Setting
Description
5-23
CPU Priority
This setting allows you to assign a CPU priority for virtual machines
that you create using this profile. When a host has high CPU usage, any
virtual machine with a high priority is allocated CPU resources before
other virtual machines that are configured with a lower priority. You can
set the CPU priority from 1 to 1,000,000. Four CPU Priority options are
available:
High. This setting sets the CPU priority to 1,000,000.
Normal. This is the default setting, with a value of 1.
Low. This setting sets the CPU priority to 1.
Custom. You can use this field to enter a custom priority number
and fine-tune the CPU priority.
Memory Weight
For operating systems that support dynamic memory, you can configure
a priority for allocating memory resources. You can set the memory
priority from 0 to 10,000. Memory Weight has four available options:
High. This setting sets the memory priority to 10,000.
Normal. This is the default setting, which has a value of 5,000.
Low. This setting sets the memory priority to 0.
Custom. You can use this field to enter a custom priority number
and fine-tune the memory priority.
To use this feature, you must have previously selected the Dynamic
option for the Memory setting.
Lesson 3
Configuring SQL Server Using SQL Server Profiles
Many web-based applications and multi-tier services use SQL Server for database functionality. You often
have to deploy database applications to support virtualized services within the private cloud. You can use
a SQL Server profile as a building block for deploying instances of SQL Server onto virtual machines.
Describe the process for using VMM to configure a SQL Server installation.
Prepare and deploy a SQL Server image.
Create a SQL Server profile.
Configure the virtual machine and service templates to complete the SQL Server deployment.
Using VMM to Configure a SQL Server Installation
5-25
VMM allows you to configure a SQL Server instance when you are deploying a virtual machine as part of a
service. The process for installing and configuring a SQL Server instance includes a number of components
as described in the following steps:
1.
Prepare a SQL Server image. The virtual machine that you are deploying must contain a version of
SQL Server 2008 R2 that you prepared previously using Sysprep. SQL Server 2008 R2 provides a builtin Sysprep functionality that you can use to rapidly deploy and configure SQL Server.
2.
Create a SQL Server profile. The SQL Server profile contains a number of configuration settings, such
as the instance name and ID, product key, media source, SQL Server administrators, and service
account designations.
3.
Create a virtual machine template (VM template). The VM template specifies the hardware, operating
system, and SQL Server profile that you plan to deploy to a new virtual machine.
4.
Create a service template. A service template provides the foundation for deploying a virtual machine
and using the SQL Server profile to configure the instances that are defined within the profile settings.
A service is a set of virtual machines that you configure and deploy together to support specific
infrastructure requirements. For example, you may have a multi-tier web-based application that
requires a SQL Server database. A service template gathers all of the configuration settings into a
single managed entity for the multiple servers. You can only configure and deploy a virtual machine
with SQL Server when you deploy the application as a service.
5.
Deploy the service. Deploying the service essentially deploys and configures all servers and
applications associated with the service.
For More Information This module only discusses service templates in context with
deploying SQL Server. For details about service templates, refer to Module 6.
Preparing and Deploying a SQL Server Image
Before you can deploy a SQL Server VHD image, you must prepare the image by using the SQL Server
Sysprep process.
Preparing the SQL Server Image
SQL Server 2008 R2 includes system preparation functionality that is similar to the way Windows Sysprep
functions. You run SQL Server Sysprep prior to running Windows Sysprep to create an image that includes
a prepared operating system and an unconfigured SQL Server installation.
SQL Server Sysprep is a two-step installation process that begins with image preparation. During the
image preparation phase, SQL Server Setup installs the product binaries without configuring any SQL
Server settings for the instance that is being prepared. After this first step completes, Windows Sysprep
begins, and then the image is captured.
The high-level steps for preparing an instance of SQL Server are as follows:
1.
From the SQL Server 2008 R2 installation media, run Setup.exe. Install prerequisites as necessary.
2.
In the SQL Server Installation Center, click Advanced, and then click Image Preparation of a standalone instance of SQL Server. The SQL Server 2008 R2 Setup page opens.
3.
On the Setup Support Files page, click Install to install the Setup support files.
4.
On the Feature Selection page, select the components that you want to install, and then click Next.
5.
On the Instance Configuration page, specify the Instance ID for the Instance, and then click Next.
The Instance ID identifies the installation directories and registry keys for a specific SQL Server
instance.
Note Be sure to document the Instance ID that you specify, because you will need it when
you create the SQL Server profile in VMM.
6.
On the Ready to Prepare Image page, click Prepare.
Deploying the SQL Server Image
5-27
You perform the second step of the installation process during image deployment. After you deploy an
image to a virtual machine, you can proceed with the final installation and completion of a SQL Server
prepared instance. VMM uses the SQL Server profile that you prepared to provide the configuration
settings for each Sysprepped instance in the image.
The SQL Server profile provides most of the common settings for use during deployment. However, you
can also use a SQL Server configuration file to provide the additional configurations for settings that are
not available in the SQL Server profile. A SQL Server configuration file is an .ini file, which is similar to a
Windows operating system answer file (unattend.xml). If you use a SQL Server configuration file, you must
save it to a Virtual Machine Manager library share so that it is available to the template.
Note A quick way to create a SQL Server configuration file is to run the Complete Image
of SQL Server 2008 R2 Wizard. On the Ready to Complete Image page, you will see a path
to a complete SQL Server configuration file. Document the path, and then copy the file. You
can then cancel out of the installation wizard.
Creating a SQL Server Profile
As discussed previously, a SQL Server profile provides the building blocks for configuring a prepared
instance of SQL Server on a virtual machine image. The profile contains configuration settings for each
instance that was previously prepared on the virtual machine.
To create a SQL Server profile, complete the following steps:
1.
2.
In the navigation pane, expand Profiles, and then click SQL Server Profiles.
3.
In the ribbon, click Create, and then click SQL Server Profile. The New SQL Server Profile dialog
box opens.
4.
On the General page, provide a Name and Description for the profile.
5.
On the SQL Server Configuration page, for each instance that you need to configure, click
SQL Server Deployment, and then configure the following:
Name. Use this field to specify the name of the SQL Server deployment in the profile. Each
instance will have a unique name for identification. This is a required setting.
Instance name. Use this field to specify the SQL Server instance name. This is a required setting.
Instance ID. Use this field to enter the Instance ID that you documented when you prepared the
SQL Server image. This is a required setting.
Product key. Use this optional setting to specify the product key for SQL Server. If you do not
configure this setting, the Evaluation version installs.
6.
7.
5-29
Installation Run As account. Use this optional setting to specify the Run As account with which
you want to run the SQL Server setup. If you do not specify an account, the installation uses the
virtual machine service account.
Timeout (seconds). Use this optional setting to specify a timeout window within which the
SQL Server installation has to finish. By default, this value it is configured for 3,600 seconds (one
hour).
Click Configuration, and then configure the following:
Media source. Use this setting to specify the path to the installation media folder. You can place
the media locally on the VHD, or you can specify a path to a network share. If you use a network
share, the Installation Run As account must be configured with credentials that have permission
to access the network share, and that have administrator privileges for the guest virtual machine.
This setting is required.
SQL Server administrators. Use this setting to specify users or groups that should be members
of the System Administrator role. This setting is required.
Security mode. You can use this optional setting to choose between Windows Authentication
(the default) and SQL Server Authentication.
System administrator (SA) password Run As account. Use this setting if you selected
SQL Server Authentication. This setting provides the password for the System Administrator
account.
Use TCP/IP for remote connections. Use this optional setting to enable the TCP/IP protocol for
the SQL Server service.
Use named pipes for remote connections. This setting is optional. You can use this setting to
enable the named pipes protocol for the SQL Server service.
SQL Server configuration file. Use optional this setting to specify a SQL Server configuration
file. The file must reside on a Virtual Machine Manager library share.
Click Service Accounts, and then configure the following:
SQL Server service Run As Account. Use this setting to specify the account for use with the SQL
Server service. This setting is required.
SQL Server Agent service Run As Account. Use this setting to specify the account for use with
the SQL Server Agent service. This setting is required.
Reporting Services Run As Account. Use this optional setting to specify the account for use
with Reporting Services.
Configuring VM and Service Templates to Complete the SQL Server

Deployment
In VMM 2012, you can only deploy a SQL Server instance as part of a service. To configure the service,
you must complete two final tasks: configure a VM template, and configure a service template.
Configuring a VM Template for Deploying a SQL Server Installation

You need a VM template so that you can specify the following:
A source for the new virtual machine. You need to specify the virtual hard disk that contains the
sysprepped Windows operating system and SQL Server instances.
Hardware specifications. You can use an existing hardware profile, or you can configure individual
hardware settings as needed.
Operating system specification. You can use an existing guest OS profile, or you can configure
individual operating system settings as needed.
SQL Server installation settings. You can use an existing SQL Server profile, or you can add and
configure a SQL Server deployment to be stored within the VM template.
To create a new VM template, perform the following tasks:

1.
2.
In the navigation pane, expand Templates, and then click VM Templates.
3.
In the ribbon, click Create VM Template.
4.
Complete the Create VM Template Wizard.
Configuring a Service Template for Deploying a SQL Server Installation

You need to configure a service template so that you can specify the following:
5-31
The service configuration. You need to specify whether the service contains a single machine, a
two-tier application, or a three-tier application. For a single SQL Server deployment, you can select
Single Machine.
The VM template. The VM template that contains the SQL Server profile specification is added to the
service, and then modified as needed.
To create a new service template, perform the following tasks:

1.
2.
In the navigation pane, expand Templates, and then click Service Templates.
3.
In the ribbon, click Create Service Template.
4.
Use the Virtual Machine Manager Service Template Designer to complete the configuration.
5.
Select Configure Deployment to deploy the service.
Lesson 4
Configuring Application Profiles
When you deploy a service using VMM, that service will often contain applications that integrate with
Web Services, or with a SQL Server instance. You can configure and deploy application profiles to provide
installation and configuration settings that VMM will use to deploy specific types of applications with a
service.
Describe application profiles.
Create an application profile.
Deploy an application profile.
Application Profile Overview
5-33
When you deploy a virtual machine as part of a service, application profiles provide configuration
instructions for installing specific application types. Application profiles support the following application
types:
SQL Server DACs
Server App-V applications
Web applications
Scripts
SQL Server DACs
SQL Server 2008 R2 supports a new package type called a DAC. A DAC contains all of the database and
instance objects that the application uses, and is typically targeted towards departmental-based
applications.
SQL database developers create DACs by using one of the following methods:
Author and build a DAC using the SQL Server Data-tier Application project type that is available in
Microsoft Visual Studio 2010.
Extract a DAC from an existing database by using the Extract Data-tier Application Wizard in the
SQL Server Management Studio.
After developers create DACs, they can import the DACs into the VMM library, which is then accessible
from the application profile.
Server App-V
Server App-V is a technology that creates virtual application packages that are then deployed to servers
that run the Server App-V agent. A virtual application package does not require a local installation;
however the package runs as if it is a locally installed application.
As discussed in Module 4, you create Server App-V packages by using the Server App-V Sequencer.
When you create a Server App-V package, the Server App-V Sequencer monitors a typical application
installation and records information that is required for the application to run in a virtual environment.
Once created, you can import the Server App-V package into the Virtual Machine Manager library so that
it is accessible from an application profile.
Web Applications
A web application is a package that is stored within the Virtual Machine Manager library, and that
contains the content, websites, certificates, and registry settings of a web-based application. As discussed
in Module 4, you can package and deploy web applications with the Microsoft Web Deployment Tool.
VMM also uses this tool to deploy web applications as a service when deploying a web application as
specified in an application profile.
Scripts
When deploying a virtual machine as part of a service, you can also use the application profile to run
scripts. You use scripts during the pre-installation and the post-installation phases of a specific application.
For example, you might need to copy updated configuration files to a deployed web application, or you
may have to run specific virtual application commands to finalize a virtual application deployment. You
can also use scripts to help you with pre-configuration or post-configuration tasks when you uninstall
applications. Scripts must be available in the VMM library as a resource package.
Creating an Application Profile
To create an application profile, complete the following steps:
5-35
1.
2.
In the navigation pane, expand Profiles, and then select Application Profiles.
3.
On the ribbon, click Create, and then click Application Profile. The New Application Profile dialog
box opens.
4.
On the General page, provide a Name and Description for the application profile.
5.
In the Compatibility drop-down list box, select General to allow for all types of supported
applications in the profile. Alternatively, use the SQL Server Application Host selection if you are
using this application profile to deploy a SQL Server DAC to an existing SQL Server computer.
Selecting this option only allows you to add SQL Server DAC packages and SQL Server scripts.
6.
On the Application Configuration page, click OS Compatibility, and then select the guest
operating systems that are compatible with the application.
7.
Click Add, and then select the appropriate application type. Note that you can only add an
application script after you have added an application.
8.
For each application or script that you added, configure the appropriate settings.
9.
Click OK to accept the application configuration settings.
You can add one or more applications as required by the service that you are configuring.
Deploying an Application Profile
Similar to a SQL Server profile, you can only use an application profile when you are deploying a virtual
machine as part of a service.
To configure a service template for use when deploying an application with a service, use the VMM
Service Template Designer. Two options are available for specifying an application configuration within a
service template. Using some of these options, you can:
Create a VM template and specify the application configuration settings. You can then use the VM
template when you create the service template.
Edit the properties of a service tier, and manually specify the application profile.
Lesson 5
Configuring Virtual Machine Templates
5-37
You use virtual machine templates to help you create new virtual machines. You can add the templates
to tiers in a service template. The virtual machine template also combines many of the settings that you
would configure in hardware profiles, guest OS profiles, application profiles, and SQL server profiles.
Describe virtual machine templates.
Describe methods for creating virtual machines templates.
Configure a virtual machine template.
Virtual Machine Templates Overview
When you create a new virtual machine, you can either derive the source of the new virtual machine from
an existing virtual machine or hard disk, or you can base the new virtual machine on a VM template. If
you use a stored virtual machine or a virtual hard disk, you can only customize the hardware settings;
there is no option for adding additional information such as the operating system configuration or
applications.
A VM template provides additional flexibility and efficiency for virtual machine deployment. The
advantages of using a VM template include the following:
You can configure hardware, operating system, applications, and SQL Server specifications.
You can use them to create new virtual machines or service templates.
You can share them with self-service users or roles to provide a consistent virtual machine
deployment process.
When you create a VM template, you can configure the following:
Hardware profile. You can configure the hardware settings directly in the VM template, or you can
specify a preconfigured hardware profile. You can also save any modifications as a new hardware
profile that is stored in the Virtual Machine Manager library. The main difference between the
hardware configuration in the VM template and the hardware configuration in the hardware profile is
that in the VM template, you can create, remove, and configure disks as required.
Guest OS profile. In the VM template, you can configure the guest OS profile settings manually, or
you can import settings from a preconfigured guest OS profile template. If you do not need to
customize the operating system, you can select None customization not required.
Note If you choose not to include a guest OS profile in the VM template, VMM removes
all other application and SQL Server profile settings so that they are not available for
configuration in the VM Template.
5-39
Application profile. You can configure application profile settings manually, import settings from a
preconfigured application profile, or choose not to install any applications.
SQL Server profile. You can configure SQL Server installation settings manually, import settings from a
preconfigured SQL Server profile, or choose not to provide SQL Server configuration settings in the
VM template.
Note As mentioned previously, you can only deploy application and SQL Server profiles as
a service. If you attempt to create a virtual machine using a VM template that contains
application or SQL Server settings, VMM ignores those settings.
Methods for Creating Virtual Machine Templates
VMM provides several methods that you can use to create VM templates. However, you need to be aware
of the implications for each method. The following table describes the methods and considerations for
each method.
Method
Considerations
Create a VM template from

an existing virtual hard disk
that is stored in the Virtual
Machine Manager library.
The source virtual hard disk typically has an operating system that was
installed and prepared using the Windows Sysprep tool.
If you choose to use a source virtual hard disk that is not sysprepped, you
can configure a noncustomized VM template that contains the guest OS
profile that is set to None customization not required.

an existing VMM template
that is stored in the Virtual
Machine Manager library.
You can use the settings of a preconfigured VM template as the basis for
a new VM template. All preconfigured and modified settings are saved in
a new template that is stored and available in the Virtual Machine
Manager library.

an existing virtual machine
that is deployed on a host.
You can only choose a source virtual machine that is deployed on a host,
not a virtual machine that is stored in the library.
You configure the virtual machine settings in the template, and
generalize the virtual disks of the virtual machine using Sysprep. You
then move the virtual machine into a Virtual Machine Manager library
share, where it becomes no longer available on the host.
You can further modify the VM template as needed.
Import a preconfigured
template.
You can use the Import Package Wizard to import preconfigured

templates that have been configured in other virtualization platforms
such as VMware. You can start the Import Package Wizard by clicking the
Import Template button on the ribbon.
Configuring a Virtual Machine Template
5-41
Use the following process to create a new VM template based on a virtual hard disk that is stored in the
Virtual Machine Manager library:
1.
Open the VMM console, and click the Library workspace.
2.
In the navigation pane, expand Templates, and then select VM Templates.
3.
On the ribbon, click Create VM Template. The Create VM Template Wizard opens.
4.
On the Select Source page, select one of the following options, and then click Next:
Use an existing VM template or a virtual hard disk stored in the library
From an existing virtual machine that is deployed on a host
Note If a VM Template is currently selected in the results pane, then VMM uses it for the
new template and the Select Source page does not appear. You can also right-click VM
Templates, and then click Create VM Template, which does not use a selected template.
5.
On the VM Template Identity page, provide a VM Template name and Description.
6.
On the Configure Hardware page, configure the displayed hardware profile settings, or select a
preconfigured hardware profile, and then edit as required.
7.
On the Configure Operating System page, configure the displayed guest OS profile settings, or
select a preconfigured profile, and then edit as required.
8.
On the Configure Applications page, configure the displayed application profile settings, or select a
preconfigured profile, and then edit as required.
9.
On the Configure SQL Server page, configure the displayed SQL Server profile settings, or select a
preconfigured profile, and then edit as required.
10. On the Summary page, click Create.

Note If you create a template from an existing virtual machine that is deployed on a host,
you cannot configure the application and SQL Server profile settings. Instead, you have two
additional wizard pages from which to select an appropriate library server, and from which
to select a path to store the imported virtual machine.
Lesson 6
Configuring the Self-Service User Role
5-43
VMM 2012 provides a self-service user role that you can use to enable standard users to create, deploy,
and use virtual machines and services on one or more private clouds. To configure a self-service user role,
you need to understand the concept of user roles, and you need to understand how to configure
resources to support the VMM self-service capabilities.
Describe user roles.
Describe considerations for implementing self-service user roles.
Describe resource quotas.
Create a self-service user role.
Overview of User Roles
In VMM, a user role provides the foundation for determining which management operations users can
perform, and which objects users can manage. VMM provides four user role profiles that you can assign
to user roles. Each user role profile provides various levels of capabilities in VMM. The following table
describes the user role profiles.
User role profile
Capabilities
Administrator
This is the default user role profile, and it is assigned to the Administrator
user role. Members of this user role can perform all administrative tasks
on all objects in VMM.
Delegated Administrator
This profile allows members to perform all administrative tasks on all

objects within the assigned scope. The scope may consist of clouds, host
groups, and specified library servers. Delegated Administrators cannot
modify VMM settings, and cannot modify members of the Administrator
user role.
Read-Only Administrator
This user role profile allows members to view only properties, status, and
job status of objects within their assigned scope and specified library
servers.
Self-Service User
This user role profile allows members to create, deploy, and manage
their own virtual machines and services within a specified private cloud.
When you create a user role using the Self-Service user role profile, you
can also specify the library resources to which you want to allow access.
You can also specify a data path to allow users to upload data to a library
location.
When you specify the private cloud to which the self-service user will
have access, you can also configure quotas on private cloud resources,
(such as the number of virtual machines used), and limits to computer
resources, such as memory or storage usage.
In addition to the user role profile, when you create a new user role, you must specify the following:
5-45
Members. User accounts or Active Directory security groups that should belong to the user role.
Scope. The objects to which a user role has access. For Delegated Administrators and Read-Only
Administrators, the scope may be host groups or private clouds. For a Self-Service User, the scope is
limited to a private cloud.
Library Servers. For Delegated Administrators and Read-Only Administrators, you can specify the
library servers that members of this user role can use.
Run As accounts. You can specify the Run As accounts that the users can use.
Resources. For Self-Service Users, you can specify library resources that members can use.
Actions. For Self-Service Users, you can specify the actions that each member of the user role can
perform.
Considerations for Implementing Self-Service User Roles
When you configure a Self-Service User role, any member of the role can perform the actions that you
have specified in the Self-Service User role profile. Consider the following when you implement a SelfService User role:
You can allow access to library resources such as hardware profiles, guest OS profiles, application
profiles, and SQL Server profiles. You can also provide access to virtual machine templates and service
templates. You can define access from within the role configuration, or you can access the properties
of the library resource and configure the access settings.
Self-service users, by default, only have access to objects they own. When a user creates an object,
that user becomes the owner. If the user has permission to share resources, then additional selfservice roles can be added to the object through its access settings.
Self-service users can use the VMM console, the VMM command shell, or the VMM self-service portal
to create and manage their virtual machines and services. You can access the VMM self-service portal
at http://VMMServerName/.
Self-service users can view capacity and quota usage, but they cannot view host groups, hosts, library
servers, or network and storage configurations.
If a self-service user is a member of more than one self-service user role, then for each VMM session
the user must choose which user role to log on to.
What Is a Quota?
When you deploy private cloud resources to a Self-Service User role, you may also want to control
resource usage. Quotas help you control usage for the following types of resources:
5-47
Virtual CPUs. This quota controls the number of CPUs being utilized within the private cloud.
Memory (MB). This quota controls the amount of memory being used within the private cloud.
Storage (GB). This quota controls the total amount of storage capacity within the private cloud.
Custom quota (points). This quota controls the point value that is assigned to a specific VM template,
which is applied to the owners custom quota. You use this quota mainly for compatibility with
previous VMM versions.
Virtual machines. This quota controls the number of virtual machines that are deployed within the
private cloud. Virtual machines that are stored in the library do not count against the quota
configuration.
You can specify two levels of self-service user quotas:
Role-level quotas. These quotas are shared between all members of the user role.
Member-level quotas. These quotas are applied to each member of the user role.
For example, you may decide that a specific Self-Service User role may only use 10 deployed virtual
machines. However, each member of that user role is limited to only 2 virtual machines. In this example,
you would configure the role-level quota as 10, and the member-level quota as 2.
Configuring a Quota
To configure a quota, complete the following steps:
1.
Open the properties of a private cloud, and then configure the appropriate Capacity settings. These
settings provide the foundation for the self-service user quotas.
2.
Create a user role based on the self-service user profile. When you select the private cloud as the
scope, the Quotas page displays.
3.
Configure role-level and member-level quotas as needed.
Creating a Self-Service User Role
To create a user role that is based on the Self-Service User profile, complete the following steps:
5-49
1.
Open the VMM console, and then click the Settings workspace.
2.
In the navigation pane, expand Security, and then select User Roles.
3.
On the ribbon, click Create User Role. The Create User Role Wizard opens.
4.
On the Name and description page, provide a name and description for the user role, and then click
Next.
5.
On the Profile page, select Self-Service User.
6.
On the Members page, click Add, and then specify the desired user accounts or security groups for
the role.
7.
On the Scope page, select the private cloud in which the members can perform actions.
8.
On the Quotas for the CloudName page, configure the appropriate role-level and member-level
quotas.
9.
On the Resources page, specify the resources that should be accessible to role members. You can
also specify a data path to allow members to upload data to a specific library location.
10. On the Action page, select the actions in the private cloud that each member of the role are
permitted to perform.
11. On the Summary page, click Finish.
Lab Setup
1.
2.
3.
4.
Password: Pa$$w0rd
Domain: Contoso
5.
6.
7.
8.
9.
Password: Pa$$w0rd
Domain: Contoso
10. Repeat steps 7 to 9 for 10751A-LON-AP1.
Lab Scenario
5-51
Now that you have completed the private cloud infrastructure configuration, you need to build the
core VMM components that are necessary for delivering new virtual machines and services to that
infrastructure. These components include profiles and templates that you will use as the building blocks
for the deployed services.
The StockTrader application team has also asked you to provide the necessary profiles, templates, and
configuration to deploy a service containing the SQL Server that they need for a new web application.
Exercise 1: Configuring Profiles

Note Before starting this exercise, you must have completed the lab in Module 2.
Scenario
You need to create four profiles to support the creation of service templates and virtual machine
templates:
Guest OS profile. This profile supports the creation of new SQL server installations.
Hardware profile. This profile supports the creation of new Windows Server 2008 R2 server
installations.
SQL Server profile. This profile supports the creation of a specific SQL server instance.
Application profile. The StockTrader development team has created the StockTrader web application.
They have packaged the application so that you can import it into the Virtual Machine Manager
library, and use it for an application service that will be deployed in a private cloud.
The requirements for these profiles are described in the individual tasks.
1.
Configure a guest OS profile named LON-DB OS Profile.
2.
Configure a hardware profile named WinServer2008R2.
3.
Configure a SQL Server profile named SQLServer1.
4.
Configure an application profile named StockTrader Web Application.
Task 1: Configure a guest OS profile named LON-DB OS Profile

The requirements for the guest OS profile are:
All SQL Servers must be named LON-DBnumber, where number is an identification number that
increments with each deployment.
All SQL Servers will be based on the 64-bit edition of Windows Server 2008 R2 Enterprise.
The configuration must join the server to the Contoso, Ltd domain with appropriate administrative
credentials.
1.
On LON-VM1, open the Virtual Machine Manager Console. Ensure that the Use current Microsoft
Windows session identity check box is selected.
2.
Create a new guest OS profile with the following configuration information:
Name: LON-DB OS Profile
Description: Guest OS profile for new SQL Server
Computer name: LON-DB#
Local administrator password: Pa$$w0rd
Product key: 489J6-VHDMP-X63PK-3K798-CPX3Y
Operating System: 64-bit edition of Windows Server 2008 R2 Enterprise
Domain: Contoso.com
Domain credentials: Contoso\Administrator with the password Pa$$w0rd
Task 2: Configure a hardware profile named WinServer2008R2

The requirements for the hardware profile are:
5-53
The configuration must support the Hyper-V platform.
Any server that is created using this profile must be allowed to migrate to hosts that contain different
processors.
Memory must be configured statically to support 1,024 MB.
The configuration must support a synthetic network adapter that is connected to the production
network, and it must obtain a static IP address from an IPv4based IP pool.
1.
In the VMM console, create a new hardware profile with the following configuration information:
Name: WinServer2008R2
Description: Hardware profile for new Windows Server 2008 R2 servers
Cloud Capability Profile: Hyper-V
Processor: Allow migration to a virtual machine host with a different processor version
Memory: 1024 MB
Network Adapter: Connected to External network with static IPv4 only configuration (For
this configuration, remove the legacy network adapter and add the synthetic network adapter. Be
sure to choose IPv4 only for Static IP.)
Task 3: Configure a SQL Server profile named SQLServer1

The requirements for the SQL Server profile are:
The instance name is MSSQLSERVER with an instance ID named DefaultInstance.
Media can be accessed from C:\SQLInstall.
The SQL instance must use Windows Authentication and TCP/IP for remote connections.
1.
In the VMM console, create a new SQL Server profile with the following configuration information:
Name: SQLServer1
Description: Template for new SQL servers
For SQL Server Deployment:
Name: SQLServer1
Instance name: MSSQLSERVER
Instance ID: DefaultInstance
Installation Run As account: Administrator account
Media source: C:\SQLInstall
Administrator: Administrator
Security mode: Windows Authentication
Use TCP\IP for remote connections: Selected
All Service Accounts use the Administrator account Run As account
Task 4: Configure an application profile named StockTrader Web Application

You need to import the application files into VMM, and then configure an application profile for
configuration and deployment at a later date.
1.
In the VMM console, click the Library workspace, expand Library Servers, expand
LON-VM1.Contoso.com, and then click MSSCVMMLibrary.
2.
Import \\LON-AP1\E$\Labfiles\WebApp\StockTraderWeb.zip into the MSSCVMMLibrary share

by clicking the Import Physical Resource button on the ribbon.
3.
In the VMM console, create a new application profile with the following configuration information:
Name: StockTrader Web Application
Description: Template for StockTrader web application
Compatibility: General
OS Compatibility: 64-bit edition of Windows Server 2008 R2 Enterprise
For Web application:
Name: StockTrader Web
Browse Application Packages: StockTraderWeb.zip
Results: After this exercise, you should have configured profiles to be used for service templates and
virtual machine templates.
Exercise 2: Configuring Virtual Machine Templates

Scenario
5-55
Now that you have configured your profiles, you need to create two virtual machine templates. You will
use the first template to deploy the StockTrader web server, which will include the application profile for
the StockTrader web application. You will also need to provide a specific web server name, and you will
need to specify to install the Web Server (IIS) server role.
You will use the second virtual machine template for deploying SQL Server, which will include a SQL
Server profile configuration.
1.
Create a VM template for the StockTrader web server.
2.
Create a VM template for deploying SQL Server.
Task 1: Create a VM template for the StockTrader web server

1.
In the VMM console, in the Library workspace, expand the Templates node, and then click
VM Templates.
2.
Create a new VM template with the following configuration information:
Source: WS08R2SP1.vhd
VM Template name: StockTrader Web Application Server
Description: Web Server hosting the StockTrader Web Application
Hardware profile: WinServer2008R2
Guest OS profile: LON-DB OS Profile
Computer name: LON-WEB1#
Roles: Web Server (IIS)
Application profile: StockTrader Web Application
SQL Server profile: None-no SQL Server configuration settings
Task 2: Create a VM template for deploying SQL Server
Create a new VM template with the following configuration information:
Source: SQL_Prep.vhd
VM Template name: StockTrader SQL Server
Description: SQL Server to support the StockTrader application
Hardware profile: WinServer2008R2
Guest OS profile: LON-DB OS Profile
Application profile: None do not install any applications
SQL Server profile: SQLServer1
Results: After this exercise, you should have configured VM templates.
Exercise 3: Configuring a Service Template

Scenario
To deploy a SQL Server as a virtual machine, you need to configure a service template.
1.
Create a service template to deploy the StockTrader application.
Task: Create a service template to deploy the StockTrader application
1.
In the VMM console, in the Library workspace, expand Templates, and then click Service
Templates.
2.
Create a new service template, and use the Virtual Machine Manager Service Template Designer
with the following configuration information:
Name: StockTrader Application
Patterns: Single Machine
VM Templates: StockTrader SQL Server
3.
On the ribbon, click Save and Validate.
4.
Close the Virtual Machine Manager Service Template Designer.
Results: After this exercise, you should have configured a service template to deploy the StockTrader
application.
Exercise 4: Configuring a User Role

Scenario
5-57
The StockTrader administrative team would like to deploy and manage their own SQL Server and web
application servers. Eventually, they will be delegated self-service access to a departmental private cloud.
However, in the interim, you will need to provide them with the Delegated Administrator user role.
1.
Create a Delegated Administrator user role.
Task: Create a Delegated Administrator user role

1.
On LON-VM1, in the VMM console, in the Settings workspace, expand Security, and then click User
Roles.
2.
Create a new user role with the following configuration:
Name: StockTrader App Admins
Description: User role for StockTrader Administrators
Profile: Delegated Administrator
Members: StockTrader
Scope: Production
Library servers: LON-VM1.Contoso.com
Run As accounts: Administrator account
Results: After this exercise, you should have configured a Delegated Administrator user role.
Exercise 5: Deploying the StockTrader Application Service

Scenario
You need to test the StockTrader application service deployment. You will log on as a StockTrader
administrator, and deploy the service to verify that deployment is successful.
1.
Connect as a StockTrader administrator, and deploy the StockTrader application service.
Task: Connect as a StockTrader administrator, and deploy the StockTrader application

service
1.
On LON-VM1, open a new instance of the VMM console as Contoso\Bart with the password
Pa$$w0rd. Use the StockTrader App Admins user role for the session.
2.
In the Library workspace, expand Templates, and then click Service Templates.
3.
In the results pane, select the StockTrader Application object.
4.
In the ribbon, click Configure Deployment, and then configure the following:
Name: StockTrader
Verify that a host group has been selected
5.
Deploy the service. Use the Jobs window to monitor the service deployment. This will take
approximately 30 minutes to complete.
6.
After the service deploys, in the VMs and Services workspace, shut down the StockTrader service.
7.
Close all instances of the VMM console.
Results: After this exercise, you should have deployed the StockTrader application service.
Review Questions
5-59
1.
You need to create a guest OS profile that automatically generates a computer name for each virtual
machine that you deploy using the profile. How can you do this?
2.
You attempt to deploy the Web Server (IIS) server role using a guest OS profile on a Windows Server
2008 server. After the deployment, you notice that the role did not install. What might be wrong?
3.
What is one of the minimum requirements to deploy the RemoteFX configuration for the video
adapter within a hardware profile?
4.
You attempt to deploy a new virtual machine using a VM template that is configured with a
SQL Server profile. You receive an error. What might be the problem?
5.
You attempt to create a Self-Service User role, but you cannot configure a scope. What might be the
problem?

6-1
Module 6
Deploying and Accessing a Private Cloud
Contents:
Lesson 1: Understanding Private Cloud Computing
6-3
Lesson 2: Installing and Configuring App Controller
6-12
Lesson 3: Creating and Managing Services and Service Templates
6-21
6-31
Module Overview
6-2 Deploying and Accessing a Private Cloud
A private cloud is one of the main concepts in Microsoft System Center 2012 - Virtual Machine Manager
(VMM). By defining a private cloud, you define a set of resources and technologies that are available to
users. To create and manage private clouds, you need to understand the private cloud concept, in
addition to its properties and components. You also need a clear understanding of how private cloud
services and technologies provide end users with private cloud accessibility.
In this module, you will learn about private clouds, Microsoft System Center 2012 - App Controller, and
private cloud services.
Objectives
Describe a private cloud.
Install and configure App Controller.
Create and manage services and service templates.
Lesson 1
Understanding Private Cloud Computing
6-3
The concept of private cloud computing is much more than just a collection of virtual machines in a data
center. With a private cloud infrastructure, you have the ability to automate many processes such as new
service deployment, and limit resource usage. Before using VMM to start building your private cloud
infrastructure, you will need to learn key concepts of the private cloud and cloud computing resources,
capacity and capabilities.
Objectives
Describe a private cloud.
Configure private cloud resources.
Configure private cloud capacity.
Configure private cloud capabilities.
What Is a Private Cloud?
Todays IT organizations face challenges inherent to acquiring new virtual resources. Now they can begin
to address those challenges through automation. This section describes how a private cloud can enable
that automation.
Traditional Virtualized Environment Scenario
In a traditional virtualized environment, placing new resources online requires significant human
intervention. For example, if a developer requires a new virtual machine, he or she will probably request
one from the system administrator. The system administrator must then determine whether the request
should be granted. If this is a simple organization with a simple process, this decision may only require a
single system administrator; however, a larger organization with a more complex process may involve
several people. A more complex process is likely to take longer, and so an apparently simple request for
a new virtual machine may take a long time to complete. Assuming the request is granted, the system
administrator then creates the new virtual machine using a variation of virtual machine management tools
such as Microsoft Hyper-V Manager or VMM. The administrator must then configure the virtual
machine, which requires even more time.
Using Private Clouds to Automate Tasks
You can save a significant amount of time by automating all or some of the virtual machine provisioning.
Rather than requiring human interaction, a user who needs a new resource can allocate it from a predefined resource pool. The main idea of the private cloud concept is to offer resources to users when they
need them, and provide automation as often as possible.
6-5
From the example above, rather than requiring an approval process for each request made by a user,
the system administrator can instead create one or more clouds in advance. Each business unit within
the corporation can have its own cloud with resources to build services. For example, an organizations
finance, marketing, and research departments may have their own separate clouds. Each cloud has a
defined set of available resources and users, with predefined quotas that limit how many resources users
can consume from the cloud. When a user needs a resource, the user can now use a Self-Service Portal,
or some other interface such as VMM or App Controller to request this resource directly from a cloud
to which he or she has access. Cloud policies and available resources will determine if a user can have
additional resources or not.
Through VMM, an organization can manage the private cloud, manage access to the private cloud, and
manage the underlying physical resources.
In VMM, a private cloud provides the following benefits:
Self-service. Because users do not need to ask the private cloud provider for administrative changes
(beyond increasing capacity and quotas), they have no knowledge of (nor need to understand) the
underlying physical resources. Administrators can delegate management and usage of the private
cloud while retaining the opaque usage model.
Resource pooling. Through the private cloud, administrators can collect and present an aggregate set
of resources, such as storage and networking resources. Resource usage is limited by the capacity of
the private cloud, and by user role quotas.
Elasticity. Administrators can add resources to a private cloud to increase the capacity.
Usage. The private cloud enables you to configure usage permissions and quotas for defined groups
of users.
Customizable. The private cloud provides ability to customize its properties at various levels.
Control. The private cloud owner can be delegated full control over private cloud resources.
Optimization. Usage of the underlying resources is continually optimized without affecting the overall
private cloud user experience.
During private cloud creation, you select the underlying infrastructure resources that will be available in
the private cloud, configure library paths for private cloud users, and set the capacity for the private cloud.
Therefore, before you create a private cloud, you must first configure the infrastructure resources such as
storage, networking, library servers and shares, host groups, and hosts.
Question: What is the main difference between private clouds and set of virtual machines
that users can access and administer?
Configuring Private Cloud Resources
Like all services and software, a private cloud depends on hardware resources such as servers, storage,
networks, CPUs, and memory. A private cloud in VMM can run on traditional hardware configurations,
including conventional or blade servers, a storage area network (SAN), and various load balancers.
Characteristics of Private Cloud Resources
You prepare private cloud resources in the VMM private cloud infrastructure by defining various hardware
and software components that VMM uses as private cloud building blocks. After defining and creating
components, you should validate that all of the hardware and software components are functioning
together correctly. This process can be complex and time consuming, but you usually do not have to do
it very often.
Once you prepare all of the hardware and software components, you can assign them to a private cloud
by using the Create Cloud Wizard. Later, you can add and remove resources from your existing private
cloud by editing its properties.
A private cloud can utilize physical resources from either host groups or VMware resource pools. Host
groups can contain some combination of physical servers running Hyper-V, VMware ESX, VMware ESXi, or
Citrix Xen-Server. The VMware resource pool contains only servers running VMware ESX or VMware ESXi.
When you build a private cloud, you cannot select specific physical servers. Instead, you can select a host
group or resource pool. After you select the specific host group or resource pool that you want to use to
build a private cloud, you are presented with resources that belong to that group or pool.
Private Cloud Resources
When creating a private cloud, you should assign at least one logical network. A logical network is one
of the infrastructure elements that you must create prior to creating your private cloud. With a logical
network you define virtual local area networks (VLANs), IP subnets, and a network site that belongs to that
logical network.
6-7
If you create a load balancer, you can also add it to the private cloud. It is not mandatory that you add
a load balancer. The Microsoft Network Load Balancing load balancer is installed by default. With load
balancer, you can add a virtual IP template to your private cloud. The virtual IP template contains load
balancer-related configuration settings for a specific type of network traffic. For example, you can create
a virtual IP template to define load balancing for HTTP traffic that goes through port 80.
In VMM you can also manage storage and assign it to your private cloud by defining storage pools
and classifications. Storage classifications enable you to assign user-defined storage classifications to
discovered storage pools, typically by quality of service (QoS) that storage offers. For example, you can
assign a classification of gold to storage pools that have the highest performance and availability, or silver
for Fibre Channel serial attached small computer system interface (SCSI) storage redundant array of
independent disks 5 (RAID 5), or bronze to Serial advanced technology attachment (SATA) disks.
To enable the new storage features, VMM uses the new Microsoft Storage Management Service to
communicate with external arrays through a Storage Management Initiative - Specification (SMI-S)
provider. The Storage Management Service is installed by default during the installation of VMM.
However, you must install a supported SMI-S provider on an available server, and then add the provider
to VMM management.
The library is also a very important part of configuring cloud resources. Most VMMmanaged objects such
as virtual machines or services deploy from the library. While configuring a cloud, you can add a stored
virtual machine path and read-only library shares. A stored virtual machine path is where private cloud
users can store the virtual machines that they create. If you want to provide self-service users with the
ability to store virtual machines in the VMM library, create a library share, or create a folder in a library
share that serves as the storage location. However, be aware that the library share location you designate
for stored virtual machines must be different from the shares that you designate as read-only resource
locations for the private cloud. Read-only library shares can provide a place where administrators store
read-only resources such as any .iso files that they want to make available to self-service users.
Configuring Private Cloud Capacity
For each private cloud, the administrator can specify its total available capacity and many other important
details. By specifying cloud capacity, you limit the resources that private cloud users can either consume
or create. You configure private cloud capacity during the private cloud creation process. However, you
can change it later. You can limit resource usage based on user roles, and on individual members of a user
role.
The following table describes categories and quotas that you use to set up private cloud capacity.
Quota type
Description
Virtual CPUs
The virtual CPU quota sets a limit on processing capacity within the private cloud. This
quota is expressed as capacity provided by a specified number of CPUs, applied against
virtual machines that are running. Setting a virtual CPU quota does not guarantee
contiguous capacity; it only guarantees total CPU capacity available among hosts in the
private cloud.
Memory
The memory quota sets a quota in gigabytes (GB) on memory that is available for
virtual machines that you deploy on the private cloud. This quota is applied against
running virtual machines only. Setting a memory quota does not guarantee contiguous
capacity. For example, the private cloud might have available 2 GB of memory on one
host, and 2 GB of memory on another.
Storage
The storage quota sets a quota on storage capacity in GB that is available to virtual
machines that you deploy on the private cloud. For dynamic virtual hard disks, quota
calculations are based on maximum size. However, we recommend that you use fixedsize disks.
(continued)
Quota type
Description
6-9
Custom
quota
(points)
The custom quota sets a quota on virtual machines that you deploy on the private
cloud. This quota is based on total quota points that you assign to the virtual machines
through their virtual machine templates. Quota points are an arbitrary value that you
can assign to a virtual machine template based on the anticipated size of the virtual
machines. Custom quotas are provided for backward compatibility with self-service user
roles that were created in System Center Virtual Machine Manager 2008 (VMM 2008)
R2.
Virtual
machines
The virtual machines quota limits the total number of virtual machines that can be
deployed on the private cloud.
If the capacity of the private cloud already equals the capacity of the underlying private cloud
infrastructure, then you must first add hosts or other private cloud infrastructure resources, then make
them available to the private cloud, and then increase private cloud capacity. To modify any private cloud
resource settings, open the private cloud properties, and then click the desired tab.
Configuring Private Cloud Capabilities
The cloud capability profile defines which resources and which features are available to the virtual
machine once you deploy it to a private cloud. By assigning the cloud capability profile to a private cloud,
you can specify which hypervisor platform is supported, and how much memory or how many processors
you can assign to a virtual machine. You can also define supported virtual disk types, and the number of
hard drives and network adapters. Within a capability profile, you can define whether or not the virtual
machine will deploy only on a highly available cluster.
Configurable Options for Capacity Profiles

The following is the list of configurable capability profile options:
Fabric Compatibility (Hyper-V virtualization host, VMware virtualization host, and Xen-Server
virtualization host)
Processor Range (This may vary from hypervisor to hypervisor. Hyper-V is currently limited to a
maximum of 4 virtual CPU (vCPU), while VMware and Citrix Xen-Server supports as much as 8 vCPU.)
Memory Range (This varies from hypervisor to hypervisor)
Microsoft Synthetic Video Adapter (For Hyper-V only)
DVD Drive Range (Number of DVD drivers)
Shared Image Mode (For Hyper-V only)
Bus Configuration (Contains virtual disk configuration informationfor example, to control whether
or not you want your users to create virtual machines with differential disks on your private cloud,
you could specify in the profile Fixed Disk Mode or Dynamic Disk Mode
Network Adapters (Minimum and maximum virtual network interface cards (vNICs))
6-11
Network Optimization (For Hyper-V only)
Advanced (Here you can configure the profile to enforce Highly Available Virtual Machine Mode, and
define it as required.)
Built-in and Custom Capability Profiles
For each private cloud that you create, you can assign a capability profile. If you do not want to use
pre-defined capability profiles (VMware ESX Server, Citrix Xen-Server or Hyper-V), you should first create a
new capability profile in the library before assigning it to the private cloud. The built-in capability profiles
represent the minimum and maximum values for various categories that you can configure for a virtual
machine, for each supported hypervisor platform. If you have a mixed environmentfor example a
private cloud with both Hyper-V and ESX Serversit is very important that the virtual machine templates
that you create support one or another capability profile (or both).
In the library workspace you can also create custom capability profiles to limit the resources that the
virtual machines in the private cloud use. To view the settings associated with a built-in capability profile,
or to create a custom capability profile, open the virtual library pane, expand Profiles, and then click
Capability Profiles. You can view the properties of a capability profile, or to create a new profile, on the
Home tab, in the Create group, click Create, and then click Capability Profile.
The following table shows characteristics of built-in capability profiles.
Hyper-V
VMware
Citrix Xen
vCPU range
14
18
1 8
Memory range
8 MB 64 GB
4 MB 255 GB
16 MB 32 GB
Dynamic memory
User-defined, Required,
Disabled
Disabled
DVD drives
04
04
04
Shared ISO image
Disabled
Hard disks
0 255
0 255
07
Disk size range
0 MB 2040 GB
0 MB 256 GB
0 MB 2040 GB
Disk options
Allow Fixed Disks

Allow Dynamic Disks
Allow Differencing Disks
Allow Fixed Disks

Allow Dynamic Disks
Allow Differencing Disks
Network adapters
0 12
0 64
07
Network
optimizations
Disabled
Virtual machine
availability
Disabled
Disabled
Disabled
Lesson 2
Installing and Configuring App Controller
A private cloud helps you meet consumer and service provider expectations by providing a simple and
effective way to deliver IT as a Service (ITaaS). One of the products that make that possible is App
Controller.
App Controller can be understood as the end users single view to manage applications and services
across the Microsoft cloud services and the Windows Azure public cloud. App Controller is used to
configure, deploy, visualize, and update multi-tier application components in the context of the holistic
service delivered to the business. Service consumers can view in one window, all the applications for which
they are responsible.
In this lesson, you will learn about App Controller and its capabilities.
Objectives
Describe App Controller.
Install App Controller.
Connect App Controller to VMM.
Deploy and manage virtual machines and services with App Controller.
Configure private cloud security.
Overview of App Controller
6-13
In a private or public cloud solution, end user focus is not on virtual machines or servers, but rather on
applications and services. Because VMM focuses primarily on virtual machines and service management,
you need an additional tool that allows application owners to view services and applications. In previous
VMM versions such as System Center Virtual Machine Manager 2008 (VMM 2008) R2, the Self-Service
Portal provided end users with the ability to create and manage virtual machines from their permission
scope. However, Self-Service Portal is orientated to virtual machines, not to services or applications.
Benefits of App Controller
App Controller gives the application owner a self-service experience across the VMM, and provides them
with a unified view that lets them manage applications and service across private clouds and Windows
Azure. App Controller provides the ability for users to manage application components in the context of
the holistic service that it represents to the business.
App Controller provides the self-service component of this solution by enabling application owners to:
Configure, deploy, and manage services through an intuitive, unified and service-centric interface,
while using a library of standard templates.
Provide self-service application management, visibility, and control across both the Microsoft private
cloud services and the Microsoft public cloud services (such as Windows Azure).
Create, manage, and move services using a web-based interface that presents a customized view of
resources based on your role in the organization, and enables you to manage services rather than
servers. This lets application owners focus on driving business value.
View virtual machines, and both private and public cloud services. Control components at each layer,
track jobs, and maintain a detailed history of changes.
App Controller also enables data center administrators to delegate authority to application owners.
Predefined templates ensure compliance with company IT standards and policies. Using App Controller,
data center administrators can create for application owners a customized, role-based view of private and
public cloud services, and a consumed and available resources view. In addition, application owners can
customize all service components, including virtual machines, network resources, and load balancing.
You can also use App Controller to move applications and components within public and private cloud
environments. You can copy Windows Azure configuration, package files, and .vhd files among Windows
Azure subscriptions, and copy service templates and resources from one VMM server to another.
Installing App Controller
6-15
You install App Controller as a separate component. You can choose to host this service on a separate
server, or you can host it together with an existing service such as VMM. In both cases, you should first
ensure that your server meets system requirements for App Controller. For better performance, you
should install the App Controller server on a separate computer from the VMM management server.
Hardware Requirements
From a hardware perspective, App Controller is not a very demanding service. You must have at least a
Pentium 4 CPU running on 2 gigahertz (GHz), and the recommended amount of random access memory
(RAM) is 2 GB, with 1 GB of hard disk space. Because of low hardware requirements, you can run App
Controller in a virtual machine to optimize resource usage.
Software Requirements
App Controller has software requirements that you must meet prior to installation. You can install App
Controller only on Windows Server 2008 R2 Service Pack 1 (SP1). (All Windows Server 2008 editions
except Web Edition are supported). You must also install a Web Server role. There are several Web Server
role services required for App Controller, but the App Controller Setup Wizard will install all of them
during setup. You should also install Microsoft .NET Framework 4.0 before installing App Controller, or
you can let App Controller setup install it for you.
To run successfully, App Controller also requires Microsoft SQL Server 2008 Service Pack 2 (SP2) or
SQL Server 2008 R2. SQL Server does not require a dedicated server. Instead, you can use the SQL instance
that is being used by VMM. Finally, you must install the VMM console on the App Controller server.
If you want to use Windows PowerShell support for App Controller, you should install .NET Framework
3.5.1 (available as feature in Windows Server 2008 R2) and Windows PowerShell Module 2.0 (built in
Windows Server 2008 R2).
Installation Considerations
To install the App Controller, you must be logged on to the computer that you are configuring as a
domain user with membership in the local Administrators group. This account must also have at least
database owner (DBO) permission on the database that it will use.
While running the App Controller Setup Wizard, you will be asked for a service account that App
Controller will use to run. You can choose between Network Service and domain account. We recommend
that you create a dedicated account just for this purpose, or that you use the Managed Service Account
feature. You should also configure the port on which App Controller services will work. This port is used
for internal purposes only, so you do not need to configure it on a firewall.
If you are installing multiple App Controller servers behind a load balancer, you will be required to
configure an encryption key that the servers share. After installing the first App Controller server, you
export the encryption key by using the Export-AppControllerAesKey cmdlet, and then provide the key
when installing subsequent servers.
If there is a problem with the setup completing successfully, consult the log files that are located in the
%LOCALAPPDATA%\AppController\Logs folder.
Deployment Considerations
When deploying App Controller, it is important that you configure certificates properly. You cannot
request a certificate during setup, so you should prepare the certificate using the Internet Information
Services (IIS) console prior to running setup. An alternative to your internal public key infrastructure (PKI)
is to use a self-assigned certificate. However, using self-signed certificates can cause potential trust issues.
App Controller is not a cluster-aware service, but you can still make it highly available by using the
following methods:
Make the database highly available by installing the database on a clustered SQL Server.
Make the App Controller server highly available either by:
Installing multiple App Controller servers behind a load balancer.
Installing App Controller servers on a highly available virtual machine.
By default, App Controller is enabled to prompt users to sign in by entering their Active Directory
Domain Services (AD DS) user name and password. If you want to configure App Controller to use the
users current Windows credentials to sign in automatically, you should enable Windows Authentication
on the /api virtual directory on the App Controller website.
App Controller limits
The following table displays some limits for App Controller. You should be aware of these limits when you
plan App Controller deployment.
Measure
Value
Maximum number of objects in a Windows Azure storage directory
900
Maximum number of VMM management servers
Maximum number of Windows Azure subscriptions per user
20
Maximum number of concurrent users
75
Maximum number of jobs that can be run in a 24-hour interval
10,000
Connecting App Controller to VMM
6-17
After you install App Controller, you will want to connect it to either a public or a private cloud. You can
simultaneously connect App Controller to both Windows Azure and to a locally installed VMM instance.
Connecting to a Private Cloud
You can connect to a VMM server by choosing the Connect a Virtual Machine Manager server and the
clouds option, which is available in the Common Tasks section. When you select this option, you must
provide the connection name, which you define. Optionally, you can provide a description, and type the
Server name and port. The server name should be the fully qualified domain name (FQDN) of your VMM
server, while the port is set to 8100 by default. You should not change the port number unless you
changed the port when you were configuring VMM.
Importing SSL Certificates
You also have an option to import Secure Sockets Layer (SSL) certificates automatically. This option is
selected by default. You must import SSL certificates to the App Controller server to copy files or
templates to and from VMM cloud libraries. For the import to succeed, users must belong to all of the
following roles: the local administrator of the App Controller server, local administrator of the VMM
server, and VMM administrator. After you enter all of the data, you should be able to connect to both
your private clouds and your VMM server.
Connecting to Both Public and Private Clouds
If you want to connect to Windows Azure, you should select the Connect a Windows Azure
subscription option. You will have to provide a connection name, your subscription ID, a management
certificate, and a corresponding password. If you connect to both the VMM private cloud and Windows
Azure, you will be able to manage and deploy all of your cloud-based services and applications.
Deploying and Managing Virtual Machines and Services with App

Controller
Once you install App Controller, you can use it to configure, manage, and deploy applications and services
for both public and private clouds.
Accessing the App Controller Web Portal
The App Controller console is a portal that is accessible through a web browser. You should install
Microsoft Silverlight 4.0 before connecting to the App Controller portal. We also recommend that you
add the App Controller portal to Trusted sites or intranet Sites on the computer from where you are
making a connection. To use single sign-on, you will have to add the portal to intranet sites in the
Windows Internet Explorer settings, so that Internet Explorer allows delegation of default credentials. If
you do not want to be logged on using the same credentials that you use to log on to your computer,
you should not enable Windows Authentication on the /api virtual directory.
Managing Clouds and Resources with App Controller

The default path for connecting to the App Controller console is https://AppControllerServerFQDN/.
Ensure that the certificate for App Controller is issued to the same name that you are using to connect.
Once you are connected to App Controller, you can use it to deploy and manage services, private clouds,
and virtual machines. However, unlike the VMM console that provides a full set of options for these tasks,
App Controller provides a limited set of options that focus on private clouds and services. For example,
you can use App Controller to deploy new virtual machines and new Services, but only based on existing
templates. Additionally, App Controller enables you to connect to and manage both public and private
cloud resources from the same place.
VMM Administrator vs. Self-Service User
6-19
If you log on to App Controller as a VMM administrator, you will be able to create connections, view
resource usage, and manage User Roles. However, if you log on to the App Controller console as a selfservice user, your set of available options will be limited to resources to which you have permissions.
For example, on the Clouds tab, a self-service user can view private and public clouds to which he or she
has appropriate permissions. On this tab, self-service user will also see an option to deploy resources to a
cloud. Based on templates provided in the library that are available to the self-service user, it is possible to
deploy a new service or virtual machine. Self-service users can also access a library view, where they can
view available templates, shares, and other resources. From this point, it is also possible to deploy a new
service or virtual machine. However, unlike VMM where new virtual machine or service deployment
requires several steps and several decisions, the App Controller process is a more straightforward. From
App Controller, each self-service user is also able to see his or her active jobs, job progress, and state.
Configuring Private Cloud Security
The App Controller portal content and other available options depend on VMM security settings. If you
want to provide users with the ability to use the App Controller portal, you should first configure
appropriate roles, and assign resources.
Configuring User Roles
You first need to create a user role. You do this using the Create User Role Wizard. To access the Create
User Role Wizard, in App Controller, in the Settings workspace, in the Security pane, on the Home tab,
click the Create User Role button. The next steps allow you to add users or groups from Active Directory
as members. A very important step in defining the user role is to configure scope and resources. On the
Scope page, you will have all private clouds created in that instance of VMM, and you can choose on
which cloud objects the specific user role will have ability to perform actions. You can also configure
quotas on role-level and on member-level.
Defining Access to Resources
On the Resource page, you define which resources will be available to the user role that you are creating.
You can choose from existing virtual machines, virtual machine templates, service templates, hardware,
and guest profiles. You can also specify the data path where users from this user role can save data. Lastly,
you need to define actions that members of this user role can perform on cloud objects and resources
from their scope.
You can also define access permissions from the resource side. For each resource (such as virtual machine,
template, service), you can define both owner and user roles that have permissions to access and share
that specific resource. You can do it by opening properties of resource, and selecting the Access tab.
Specific to a cloud object, you can assign a private cloud to only one user role.
Lesson 3
Creating and Managing Services and Service Templates
6-21
Deploying services in the private or public cloud environment is a key cloud concept. VMM provides you
with entirely new tools for creating, managing, and deploying services. These new tools integrate with
App Controller, which end users can use to deploy services for themselves. In this lesson, you will learn
about services and service management in VMM, and how to configure and deploy them.
Objectives
Describe a service.
Describe a service template.
Create and manage a service and a service template.
Create deployment configuration for a service.
Configure service template settings.
What Is a Service?
Services are a new concept in VMM. Therefore, it is very important that you understand services fully
before deploying a private cloud infrastructure. The concept of a service in VMM differs from traditional
service scenarios.
Traditional Services Scenario
When we think about services, we usually refer to an application or set of applications that provide some
service to end users. For example, we can deploy various types of web-based services, but we can also
implement a service such as email. In a non-cloud computing scenario, deployment of any type of service
usually requires that users, developers, and administrators work together through the phases of creating
a service, deploying a service, testing the service, and maintaining the service.
A service often includes several computers that must work together to provide a service to end users.
For example, a web-based service is usually an application that deploys on a web server, connects to
a database server (which can be hosted on another machine), and performs authentication on an
Active Directory domain controller. Enabling this application requires three different roles, and possibly
three different computers: a web server, a database server, and a domain controller. Deploying a test
environment for a service such as this can be time and resource consuming. Ideally, developers work
with IT administrators to create an environment where they can deploy and test their web application.
Concept of a Service in a Private Cloud Scenario
With the concept of a private cloud, how you deal with services can change significantly. You can prepare
the environment for a service, and then let developers deploy it by using a self-service application such as
App Controller.
6-23
In VMM, a service is a set of one or more virtual machines that you deploy and manage together as a
single entity. You configure these machines to run together to provide a service. In VMM 2008, users were
able to deploy new virtual machines by using the Self-Service Portal. In VMM 2012, end users can deploy
new services. By deploying a service, users are actually deploying the entire infrastructure, including the
virtual machines, network connections, and applications that are required to make the service work.
However, you can use services to deploy only a single virtual machine without any specific purpose.
Instead of deploying virtual machines in the historic way, you can now create a service that will deploy a
virtual machine withfor exampleWindows Server 2008 R2, with several roles and features preinstalled,
and already joined to a domain. This simplifies the process of creating and later updating new virtual
machines.
What Is a Service Template?
Deploying a new service requires a high level of automation and predefined components, and requires
management software support. This is why VMM provides service templates. A service template is a
template that encapsulates everything required to deploy and run a new instance of an application. Just
as a private cloud user can create new virtual machines on demand, a user can also use service templates
to install and start new applications on demand.
Process for Deploying a New Service
When using service templates in VMM, the process of deploying a new service or application is as follows:
1.
The system administrator creates and configures service templates in VMM by using Service Template
Designer. (This will be discussed in the next topic.)
2.
The application owner (for example, a developer that needs to deploy the application environment)
opens the App Controller portal, and requests a new service deployment based on available service
templates that he or she can access. The user can then deploy the service to a private cloud where a
user has access. As an alternative to App Controller, the user can also use the VMM console.
3.
A request is submitted and evaluated by the VMM management server. VMM searches for available
resources in the private cloud, then calculates the user quota and verifies that the cloud is capable for
the requested service deployment.
4.
While the service is created automatically, the virtual machines and applications (if any) are deployed
on the host chosen by VMM.
5.
The application owner gains control over service virtual machines through the App Controller portal,
or by Remote Desktop Protocol (RDP).
If there is a need for manual approval for resource creation, you can use Microsoft System Center 2012 Service Manager to create workflows for this purpose.
Information Included in the Service Template
6-25
The service template includes information about the virtual machines that are deployed as part of the
service. The service template also includes which applications to install on the virtual machines, and the
networking configuration needed for the service (including the use of a load balancer). The service
template can also make use of existing virtual machine templates. While you can define the service
without using any existing virtual machine templates, it is much easier to build a template if you have
already created virtual machine templates. After creating the service template, you configure it for
deployment using the Configure Deployment option.
Creating and Managing Services and Service Templates
In the VMM console, you use the Service Template Designer to create a service template, which defines
the configuration of the service.
When you start the Service Template Designer, few preconfigured patterns will be available. However, you
can create additional templates by modifying the Blank pattern, or by selecting either the Single Machine
pattern, the Two-tier Application pattern, or the Three-tier Application pattern. Deploying tiers actually
defines levels of your application. For example, one tier of your application can be a web server (or
servers), while a second tier could be database servers.
It is important to understand that a tier is not to the equivalent of a virtual machine. A tieror more
specifically a machine tiercontains one or more virtual machines of an identical type. When you create
a tier you specify the default, minimum, and maximum values for the number of instances of virtual
machines that there will be in the tier. You can also add a virtual IP load balancer to a tier that has virtual
machines with services that need load balancing. By creating tiers, you define levels on which your
application is working.
The simplest way to add a tier is to use the Service Template Designer. In the Service Template Designer,
a list of available virtual machine templates appears in the left pane. Select the virtual machine template
that you want to use to create a tier, and then drag the virtual machine template on to the canvas. Service
Template Designer then creates the tier using the properties of the virtual machine template that you
selected.
For each tier that you have in your service template, you can configure options such as name, scale-out
capabilities, hardware configuration, operating system configuration, and application configuration.
If you created a service template with a pattern that created default tiers for you, you can drag the virtual
machine template on to one of those default tiers. The tier will be configured with the properties of that
virtual machine template. You can also add more tiers.
6-27
Note, however, that no link or relationship is created between the virtual machine template and the tier
that you create. Any subsequent changes that you make to the virtual machine template in VMM are not
made to the tier in the service template. Furthermore, any configuration settings that you make to the
tier are not made to the virtual machine template. The virtual machine template that you drag to the tier
in the Service Template Designer provides you with a configuration template that you can additionally
modify, but establishes no permanent connection between the virtual machine template, tier, or service
template.
Creating Deployment Configuration for Services
After you create the service template, you can then deploy the service to a private cloud or to virtual
machine hosts. To deploy a service, you should first create a service deployment configuration. You can
create a deployment configuration by right-clicking a service, and then selecting Configure Deployment.
Type a name for the deployment configuration, and then select a destination for the service. You can
choose between host groups and private clouds (if you have created any).
After you type the name and select a destination for a service, placement evaluation will be performed.
Following the evaluation, the Deploy Service console opens, displaying the deployment diagram and the
selected host machine or private cloud. Here you can configure a virtual machine name and a computer
name for the virtual machines that are deployed as a part of service. By default, VMM generates names in
format ServiceVM0000X.domain for both virtual machine name and computer name. However, you can
change this for each service deployment.
When you click the Deploy Service button in the Deploy Service console, you actually initiate the
deployment process. You can monitor deployment progress in the Jobs window. Depending on the
number of virtual machines deployed and the network and storage speed, this process can take between
ten minutes to a few hours. For long running service deployments, we recommend that you also monitor
the VM Manager log in Event view, and System log on the VMM management server. You can find more
detailed information about tasks performed in the Event Viewer.
After the service deploys, you can update the service template and then deploy those updated changes to
the already deployed service. Alternatively, you can deploy additional virtual machines to an existing
service to provide additional resources for the deployed service.
6-29
You can also start a deployment from the App Controller portal. If you provide a self-service user role with
access to a service template, self-service users can initiate a service deployment by using App Controller.
Optimally, in a private cloud environment, end users should use App Controller to deploy services and
applications without ever having to know a virtual machines number, configuration, or location.
Note You can only use the VMM Self Service portal for virtual machine deployment, and
not for service deployment.
Configuring Service Template Settings
Each service template that you create in VMM has several settings that you can configure. You access
these settings by opening the Properties window of the service template that you are creating.
The following list provides explanations for the most important service template settings:
Name. The name for the service template. This name will appear in the virtual machine and Services
workspace. This is also the name that self-service users will see, so you should use descriptive names.
Release. A value indicating the version of the service template. The release value is important when
you update a service. The release value helps you to identify the version of the service template. Each
time you create a service template and make a deployment based on the template, you can make no
further changes to it. If you want to make changes, you must first create a new version.
Dependencies. Here you can view objects that derive from a specific service template, and library
resources that are referenced in the template. You cannot make any changes here.
Access. You can define the owner of the service template in the Access setting. You can also list selfservice users that can use this service template to deploy a service. If you want to provide self-service
users with the ability to deploy services by using the VMM console, or by using App Controller, you
must add them to the service template access list.
We recommend that you configure all service template settings before you actually begin deploying
services based on that template.
Lab Setup
Note Before starting this lab, you must have completed the labs in Module 2 and
Module 5.
6-31
1.
2.
3.
4.
Password: Pa$$w0rd
Domain: Contoso
5.
6.
7.
8.
9.
Password: Pa$$w0rd
Domain: Contoso
Lab Scenario
Contoso, Ltd requires that you are able to allocate various resources to users through a private cloud.
Management wants users to be able to access this private cloud resource through a web console so that
they can control specific services in the private cloud.
Exercise 1: Creating and Configuring a Private Cloud

Scenario
6-33
You have decided to create a private cloud for StockTrader business unit. Based on resources available in
the Library and Fabric workspaces, you will create and configure a private cloud and cloud properties.
1.
Create a private cloud.
2.
Configure private cloud capacity and capability features.
3.
Configure a user profile.
Task 1: Create a private cloud

1.
Create new private cloud named StockTrader Cloud.
2.
Use resources from the Production host group.
3.
Connect it to the External network.
4.
Add Microsoft Network Load Balancer (NLB) and Web load balancer.
5.
Add StoredVM-STR as the path for stored virtual machines, and add RO-Library-STR as the readonly Library share.
6.
Do not configure Capacity and Capability at this point.
Task 2: Configure private cloud capacity and capability features

1.
2.
3.
Open Properties for StockTrader Cloud and configure settings for Cloud Capacity as follows:
Virtual CPUs Assigned Capacity: 3
Memory (GB) Assigned Capacity: 10
Storage (GB) Assigned Capacity: 150
Custom quota (points) Assigned Capacity: 10
Virtual Machines Assigned Capacity: 5
Open the Library workspace, expand Profiles, and select Capability Profiles. Create a capability
profile named StockTrader, and configure it with the following information:
Fabric Compatibility: select Hyper-V virtualization host
Number of processors : Minimum: 1, Maximum: 3
Memory range: Minimum: 8 MB, Maximum : 6 GB
Hard Disk count: Minimum: 0, Maximum: 4
Disk Size range: Minimum: 0, Maximum: 80 GB
Fixed disks: Allowed
From the VMs and Services workspace, open the Properties of the StockTrader Cloud and on
Capability Profiles tab select the StockTrader profile that you just created.
Task 3: Configure a user profile
1.
In the VMM console, from the Settings workspace, open the Properties window for the StockTrader
Business Unit user role.
2.
Configure the scope to assign the StockTrader Cloud.
Results: After this exercise, you should have created and configured a private cloud.
Exercise 2: Configuring App Controller

Scenario
6-35
You have decided to create a private cloud for the StockTrader business unit. Based on resources available
in the Library and Fabric workspaces, you will create a private cloud and configure cloud properties.
1.
Configure App Controller.
Task: Configure App Controller

1.
Open the App Controller portal on LON-VM1 by opening a Windows Internet Explorer window and
typing https://lon-vm1.contoso.com.
2.
Sign in as Contoso\Administrator with the password Pa$$w0rd.
3.
Connect the App Controller to VMM on LON-VM1 using the following settings:
Connection name: Contoso VMM
Server name: LON-VM1.contoso.com
Port: 8100
Automatically import SSL certificates: selected
4.
In the App Controller portal, click the Clouds node and verify that StockTrader Cloud displays.
5.
Close the App Controller.
Results: After this exercise, you should have configured App Controller.
Exercise 3: Creating, Deploying, and Managing Services

Scenario
You want to enable users from the StockTrader business unit to deploy services through App Controller.
To do this, you need to configure accounts, resources, and service templates.
1.
Create a virtual machine template.
2.
Create a service template.
3.
Deploy and verify a service.
4.
Deploy a service by using App Controller.
5.
Perform and verify a service upgrade.
Task 1: Create a virtual machine template
In VMM console, in the Library workspace, create a new VM template using the following
information:
Source: VHD from Library WS08R2SP1.vhd
Template name: Win2008srv
Cloud Capability Profile: StockTrader
Memory: 1024 MB
Legacy Network Adapter: Connected to: Logical Network: External Network
Admin Password: Select Run As account for the local administrator account. Click Browse,
and then select Administrator account.
Product Key: 489J6-VHDMP-X63PK-3K798-CPX3Y
Domain/Workgroup: Select Domain: Contoso.com, and Select Run As account, click Browse,
Task 2: Create a service template

1.
On LON-VM1, in the VMM console, create a new service template using the following information:
Name: WebServer
Release: 1.0
Pattern: Single Machine (v1.0)
Source VM Template: Win2008srv
Cloud Capability Profiles: StockTrader
Network: External Network with Static IP (select IPv4 only)
Installed Roles:
Web Server (IIS)
Management Tools
IIS Management Console
Web Server
.NET Extensibility
ASP
ASP.NET
Default Document
Basic Authentication
Windows Authentication
Features: .NET Framework 3.5.1
Access: Add StockTrader Business Unit from the list
2.
Save and validate the service template.
3.
Publish the service template.
Task 3: Deploy and verify a service
6-37
1.
On LON-VM1, in the VMM console, open a new connection using the credentials Contoso\Bart. In
the Select User Role dialog box, click the StockTrader Business Unit profile, and then click OK.
2.
Open the Library workspace and navigate to Service Templates.
3.
Start the Configure Deployment process for the WebServer service template.
4.
Deploy service template WebServer to the StockTrader cloud. Name the deployment WebServer1.
(Note: It might take 15-20 minutes to complete this operation).
5.
After the service deploys, use the VMM console, to connect to the newly created virtual machine, and
verify that it has joined to the domain, and that Web Server role is installed. You can do this by
opening Server Manager on the new virtual machine and checking properties on home screen and
Roles node.
6.
Close the Virtual Machine Viewer.
7.
Close the VMM console that is named StockTrader Business Unit.
Task 4: Deploy a service by using App Controller

1.
On LON-VM1, log on to the App Controller portal as Contoso\Bart with the password of Pa$$w0rd.
When prompted to select a role, click StockTrader Business Unit.
2.
Select to deploy a new service or virtual machine in Common Tasks section of the console.
3.
Configure new deployment to deploy service to Stock Trader cloud. Choose template WebServer
Service 1.0.
4.
Modify the Instance to have a description that states Deployed with App Controller.
5.
Monitor progress on Jobs node and verify that it completes successfully.

Optional: If you do not have enough time to deploy a service once more, you can cancel this job in
the VMM console Jobs workspace.
6.
Close the App Controller portal.
Task 5: Perform and verify a service upgrade

1.
Switch back to the VMM console on LON-VM1, which is running under the administrator account.
2.
In the VMM console, use the Library workspace to create a new version of the WebServer service
template. For New Release value, type 1.1.
3.
Configure the service template to include the Domain Name System (DNS) role.
4.
Attach the new template to the existing WebServer1 service, and then click to update the virtual
machines.
5.
Verify that the virtual machine that you updated now includes the DNS role by logging on to the
virtual machine as Administrator, opening Server Manager and verifying that DNS Server exists in
installed roles list.
6.
Shut down both the WebServer1 and the WebServer services that have been created in this lab.
7.
Close the VMM console.
Results: After this exercise, you should have deployed a service.
Review Questions
List the module review questions here.
1.
What is the difference between cloud capacity and cloud capability?
2.
Can a user deploy new virtual machines by using App Controller?
3.
What should you create to deploy a service in VMM?
Common Issues Related to Private Clouds and Services

Issues
You cannot deploy a service to a specific private
cloud.
You cannot add a virtual machine template to a
service template tier.
App Controller cannot connect to the VMM
server.
User cannot deploy a service by using App
Controller.
Troubleshooting tips
6-39
Best Practices Related to a Particular Technology Area in this Module
Make a detailed plan for private cloud capacity, capability, and resources for each private cloud that
you create.
Use App Controller rather than single virtual machines for deploying services.
Test service templates before publishing them to users.

7-1
Module 7
Monitoring the Private Cloud Infrastructure
Contents:
Lesson 1: Operations Manager Architecture and Security
7-3
Lesson 2: Upgrading Operations Manager 2007 R2
7-17
Lesson 3: Configuring Notifications
7-28
Lesson 4: Configuring Management Packs
7-34
Lesson 5: Configuring Integration with System Center 2012
7-43
7-49
Module Overview
7-2 Monitoring the Private Cloud Infrastructure
You can use Microsoft System Center 2012 - Operations Manager (Operations Manager) to monitor your
private cloud infrastructure. This infrastructure consists of the servers and applications that provide
services to users. By using Operations Manager, you can gather performance information and receive
notifications when problems occur in infrastructure components. To monitor infrastructure components,
you import management packs into Operations Manager.
System Center 2012 - Virtual Machine Manager (VMM) and System Center 2012 - Data Protection
Manager (DPM) are more deeply integrated with Operations Manager than most infrastructure
components. Operations Manager can automate tasks in VMM and DPM based on events that occur in
VMM and DPM.
Describe Operations Manager architecture and security considerations.
Upgrade from System Center Operations Manager 2007 R2 to Operations Manager.
Describe the notification options that are available in Operations Manager.
Install, configure, and upgrade management packs.
Configure Operations Manager integration with System Center 2012.
Lesson 1
Operations Manager Architecture and Security
To deploy Operations Manager successfully, you need to understand the components that make up
Operations Manager. Operations Manager provides several methods that you can use to monitor
infrastructure components. In most cases, you monitor components by installing the Operations
Manager agent.
In this lesson, you will review the Operations Manager architecture, learn how to install and configure
agents, and learn how to secure access to Operations Manager data.
Describe the Operations Manager architecture.
Describe resource pools.
Describe the Operations Manager installation prerequisites.
Monitor private cloud infrastructure components.
Deploy the Operations Manager agent.
Provide security for agent communication.
Provide security with user role permissions.
7-3
Operations Manager Architecture
Operations Manager monitors the private cloud infrastructure and notifies you when infrastructure
components are not healthy. This allows you to identify and address underlying problems that are causing
the unhealthy status. To deploy Operations Manager successfully, you need to understand the overall
architecture of Operations Manager.
The components for Operations Manager are organized into a management group. Most organizations
have a single management group, although you can have multiple management groups. If you have
multiple management groups, the alerts from one management group can roll up to another
management group. This allows you to centralize monitoring for multiple management groups.
Operations Manager Components

The Operations Manager components include:
Operations console. The Operations console is the user interface that you use for monitoring alerts
and making administrative changes. The Operations console reads and writes data through a
management server.
Management server. Each management group has one or more management servers that are
responsible for reading and writing data to the operational database. To service requests,
management servers are combined into resource pools.
Operational database. The operational database is a Microsoft SQL Server database that stores
recently collected information. By default, this database keeps data for seven days. Each management
group has only one operational database.
7-5
Data warehouse database. The data warehouse database is a SQL Server database that stores
historical data for reporting and long-term performance monitoring. Operations Manager writes data
to this database at the same time that it writes data to the operational database. Each management
group has only one data warehouse database.
Reporting server. The reporting server runs Microsoft SQL Server Reporting Services (SSRS).
Operations Manager generates and stores reports on the reporting server. Operations Manager
generates reports from data located in the data warehouse database.
Agents. In most cases, monitored servers have the Operations Manager agent installed. The
Operations Manager agent is responsible for transmitting data to the management server. The
management server configures the agent with rules for reporting data. Based on these rules, the
Operations Manager agent is responsible for identifying the data for transmittal to the management
server.
Web console. The web console is an optional component that provides access to Operations Manager
data through a web-based interface. This avoids the need to install the Operations console on each
computer where alerts are accessed and resolved.
SharePoint Portal. The SharePoint Portal, a feature of Microsoft SharePoint 2010 allows you to
display dashboard views in a SharePoint site. This can be useful for displaying Operations Manager
data in an existing SharePoint site for a workgroup.
Audit Collection Services
Operations Manager includes Audit Collection Services (ACS), which centrally collects and stores data
from security logs. ACS has a separate infrastructure that integrates with the other Operations Manager
components. This allows you to secure ACS data separately from the other Operations Manager data. You
can use ACS to monitor security on computers running Windows Server, Solaris, AIX, UNIX, and Linux.
ACS components include:
ACS collector. The ACS collector is a service that runs on a server and accepts events that are being
archived. The ACS database stores all collected events.
ACS database. The ACS database is a SQL Server database that stores the events that the ACS
collector collects.
ACS forwarder. The ACS forwarder is a service that runs on monitored computers. The forwarder
collects security events and then passes them to the ACS collector.
ACS reporting server. The ACS reporting server runs SSRS. This can be the same SSRS instance that
functions as the reporting server for Operations Manager, or a different SSRS instance. If you use the
same SSRS instance, Operations Manager controls the security for the reports. If you use a different
SSRS instance, then you must configure SSRS security to control access to the reports.
What Are Resource Pools?
In Operations Manager, resource pools provide high availability for the services that management servers
provide. All management servers in a resource pool operate as peers with the ability to update and access
the operations manager database. In addition to providing high availability, resource pools allow you to
increase the capacity of a management group by adding additional management servers. Operations
Manager functionality is targeted to resource pools instead of specific management servers.
Management groups in previous versions of Operations Manager used a root management server and
secondary management servers. Only the RMS could update data in the operational database. To support
backward compatibility with componentssuch as management packs written for previous versions of
Operations Managerone management server in a management group is a designated RMS emulator.
During installation, Operations Manager creates three resource pools:
All Management Servers resource pool. This resource pool is used for most Operations Manager
functionality, such as group calculations and database grooming.
Notifications resource pool. This resource pool defines which management servers can generate
notifications. This is useful because only specific management servers may have the necessary
hardware or network configuration to generate alerts. For example, not all management servers may
have a modem that is required to send text messages to mobile devices.
AD Assignment resource pool. This resource pool is used by agents that automatically retrieve their
management group information from Active Directory Domain Services (AD DS) during installation.
The membership for the three default resource pools is automatic, and all management servers are
included in each management pool. This means that all management servers can service requests. You
can modify the membership configuration of the Notifications Resource Pool and AD Assignment
Resource Pool to a manual setting so that you can specify which servers are members. You cannot modify
the membership configuration of the All Management Server Resource Pool.
7-7
You can create additional resource pools for specific purposes. For example, you can create a resource
pool specifically for monitoring network devices, or for monitoring UNIX and Linux computers.
Members of a resource pool should have no more than 5 milliseconds of latency between them. In most
cases, this means that all management servers must be in the same data center. To incorporate computers
from remote locations where data rollup is required, use gateway servers. A gateway server in the remote
site communicates with remote agents, and then forwards the data to the resource pool.
For More Information For more information about gateway servers, see the topic
Providing Security for Agent Communication later in this Lesson.
Operations Manager Installation Prerequisites
Before deploying Operations Manager, you must have previously installed and configured the following:
AD DS. Specifically, you must have configured the Minimum Domain Functional Level option to
either Windows 2000 native or Windows Server 2003 interim.
Domain Name System (DNS). DNS must support AD DS.
You cannot install Operations Manager in a single-label domain namesuch as Contoso. If the forest root
domain for your Active Directory forest is a single-label name, then you must install Operations Manager
in a subdomain.
Depending on the level of scalability that you require, you can deploy Operations Manager either on a
single server, or on multiple servers. Organizations often configure on one server all Operations Manager
components except for the SQL Server components. To determine the hardware requirements for each of
your servers, you should use the Operations Manager Sizing Helper.
You can use Operations Manager in a virtual environment. When you use a virtual environment to host
Operations Manager, you need to allocate the same physical resources as you would for a physical server.
To ensure sufficient performance, you should not store the SQL Server database that Operations Manager
uses, on virtual hard drives.
The management server must meet the following requirements:
Windows Server 2008 R2 Service Pack 1 (SP1) operating system
Windows PowerShell 2.0 command-line interface
Windows Remote Management, enabled
Microsoft Core XML Services 6.0
Microsoft .NET Framework 3.5 SP1, and.NET Framework 4
The database server must meet the following requirements:
7-9
Windows Server 2008 Service Pack 2 (SP2) 64-bit or Windows Server 2008 R2 SP1 operating systems
SQL Server 2008 SP1 64-bit or SQL Server 2008 R2
SQL Collation of SQL_Latin1_General_CP1_CI_AS SQL database setting enabled
SQL Server Full Text Search
.NET Framework 3.5 SP1 and.NET Framework 4
A computer running the Operations console must meet the following requirements:
Windows Vista, Windows 7, Windows Server 2008, or either Windows Server 2008 R2 32-bit or
64-bit operating systems
Windows PowerShell 2.0
.NET Framework 3.5 SP1 and.NET Framework 4
Monitoring Private Cloud Infrastructure Components
Private cloud infrastructure is composed of devices and software from many vendors. Operations Manager
can monitor more than just Windows servers and clients. In addition to Windows servers and clients,
Operations Manager can monitor the following:
Networks. Monitoring networks includes monitoring network devices such as switches, routers,
and firewalls, and connectivity between the devices. Operations Manager discovers your network
topology, and monitors your network by using the Simple Network Management Protocol (SNMP).
.NET Framework applications. You can monitor.NET Framework applications to help you analyze
system performance and perform troubleshooting. You can collect performance information from
both the server-side and the client-side. You can specify which performance and event information
that you want to collect. For example, you can collect the number of requests per second that the
application is servicing.
Java Enterprise Edition (JEE) applications. You can monitor applications running on JEE application
servers. There are management packs available for monitoring IBM WebSphere, Oracle WebLogic,
Red Hat JBoss, and Apache Tomcat.
UNIX and Linux computers. Operations Manager includes an agent for UNIX and Linux computers.
You can use the Operations console to discover and install the agent just as you would for computers
with the Windows operating system installed.
Deploying the Operations Manager Agent
7-11
The most common way to monitor Windows computers or UNIX and Linux computers is by installing
the Operations Manager agent. You install the Operations Manager agent on a computer to facilitate
communication with the management server. After installation, the Operations Manager agent obtains
its configuration from the management server. Only data that is defined by the configuration from the
management server is forwarded to the management server.
You can deploy the Operations Manager agent in the following ways:
Computer and Device Management Wizard. You can use the Computer and Device Management
Wizard to discover unmanaged computers on the network. After using the Discovery Wizard to
discover computers, you can perform a push to install the Operations Manager agent on to the
discovered computers. After the push installation completes, Operations Manager starts monitoring
the computer without any further intervention required. Operations Manager configures the
management group and management server automatically. After installation, you can update the
agent from the Operations console.
Manual installation. A manual installation requires you to install the Operations Manager agent
on the computer that you want to monitor. You can run the installation from the Operations
Manager media or from a network share. You can perform a manual installation by using a graphical
installation wizard or by using command-line options. In both cases, you can specify the name for the
management and the management server.
Microsoft System Center 2012 Configuration Manager. Configuration Manager is a comprehensive

tool for software deployment. You can use Configuration Manager to distribute the Operations
Manager agent automatically.
Active Directory Integration
You can configure agents to retrieve their management group and management server information
from AD DS, rather than providing the information during installation. Using Active Directory integration
simplifies installation because the person or process performing the agent installation does not need to
provide the management group or management server name. For example, if the agent is being pushed
out by Configuration Manager, the application in configuration would not need to be configured with any
information about the management group or management server. This can also be useful when
performing imaging of servers, as the agent can be preinstalled as part of the image.
Use the following process to configure integration with AD DS:
1.
Use MOMADAdmin.exe to create an AD DS container for the management group.
2.
Use the Agent Assignment and Failover Wizard in the Operations console to specify the computers
that are configured for the management group and a specific management server.
3.
If necessary, update existing agents to use settings from AD DS.
Security for Discovery and Installation

To discover computers automatically and deploy the agent, you must ensure that you have properly
configured the network. Additionally, you need to provide the proper administrative credentials on the
managed computer that you are using to perform the installation.
Discovery and deployment to Windows-based computers requires:
Server Message Block (SMB), which becomes available when you enable the File and Printer Sharing
for Microsoft Networks and the Client for Microsoft Networks options.
Communication through firewalls by using remote procedure call (RPC) ports, TCP port 135, and TCP
port 1024 and above.
Communication with SMB on TCP port 445.
Windows Firewall configured with the All remote administration and Allow file and printer
sharing from the management servers for the agent options.
Discovery and deployment to UNIX and Linux computer requires:
Communication with TCP port 1270.
Communication with Secure Shell (SSH) on TCP port 22.
Agentless Monitoring
You can monitor Windows-based computers without installing an agent. The information that you
collect by using agentless monitoring may be limited because some management packs do not work with
agentless monitoring. Agentless monitoring also creates a high load on the management server and is not
very scalable. For these reasons, agentless monitoring is generally not recommended.
Queries for agentless monitoring perform with RPCs that are difficult to perform through firewalls. When
there is no firewall between the management server and the monitored system, a management server
can query the monitored system directly. If there is a firewall between the management server and the
monitored system, then you must configure an agent-managed computer as a proxy agent. The proxy
agent queries the monitored system, and then transfers the data to the management server.
Providing Security for Agent Communication
7-13
Agent-managed computers need to authenticate with the management server. Authentication is required
to ensure that only authorized computers provide monitoring information.
Agents Inside a Trust Boundary
Agent-managed Windows computers typically use Kerberos authentication when communicating with
the management server. Kerberos authentication requires the monitored computer to be a member of a
trusted domain. If this is the case, then the agent-managed Windows computer is considered to be inside
a trust boundary, and authentication occurs automatically.
Agents Outside a Trust Boundary
Agent-managed Windows computers that are not inside a trusted domain cannot be authenticated
by using Kerberos. Agent-managed UNIX and Linux computers are always outside a trust boundary.
Agents that are outside a trust boundary are authenticated with certificates. In most cases, you generate
these certificates from an internal certification authority (CA). You may need to configure the managed
computer to trust the internal CA. On the managed computer, you must use the MOMCertImportTool.exe
tool to import the certificate.
When you use the Discovery Wizard to deploy an agent to UNIX or Linux computers, Operations Manager
and the agent configure a self-signed certificate automatically. If you deploy the agent to UNIX or Linux
computers manually, you must configure the certificate manually.
Gateway Servers
To simplify monitoring of computers that are located in a perimeter network, you can configure a
gateway server. Gateway servers simplify firewall configuration, and avoid the need to issue a certificate
for each computer. All communication occurs on TCP port 5723 between the gateway server and the
management server. Agent-managed computers in the perimeter network communicate with the
gateway server.
In the perimeter network, all computersincluding the gateway serverare members of a domain.
This allows Kerberos authentication to occur between the agent-managed Windows computers and the
gateway server. In this scenario, you only need a certificate to allow communication between the gateway
server and the management server. If the computers in the perimeter network are not all part of the same
domain, then certificates need to be configured on all computers to allow communication with the
gateway server.
For high availability, you can configure agents to use multiple gateway servers, and you can configure
gateway servers to use multiple management servers.
Securing User Access
7-15
To control who can perform tasks in Operations Manager, you use user roles. A user role is composed of
a profile and scope, and also tasks and views. The profile defines the provided privileges, and the scope
defines the objects to which the privileges apply. When you create a user role, you select tasks and views
that will be included in the user role.
By default, only the Operations Manager Administrator account has permission to perform tasks and view
collected data. You need to configure user roles to meet the need of your environment.
The available profiles are:
Administrator. This profile has full permissions to Operations Manager. Use this profile for users who
need to create and manage the overall Operations Manager infrastructure.
Operator. This profile can access and resolve alerts, access views, and run tasks. This profile is the most
commonly used profile because it allows users to monitor alerts for relevant systems, and then resolve
those alerts when problems have been fixed.
Advanced Operator. This profile has the same permissions as an operator, and can create overrides
for rules and monitors. Use this profile for users who have authority for systems and who can
distinguish what should be monitored by Operations Manager.
Read-only Operator. This profile has read-only access to views and alerts, but not tasks. Use this
profile for users who need to identify whether there are overall system problems that may be causing
users to call the help desk.
Application Monitoring Operator. This profile can access Application Diagnostics. Use this profile for
users who are responsible for troubleshooting and monitoring .NET Framework applications
performance.
Author. This profile can modify tasks, rules, monitors, and views. Use this profile for users who need to
create new monitors for customizing application and systems monitoring. For example, an author
could create a new monitor for a database.
Report Operator. Use this profile for users who can view reports and access the data warehouse
database regardless of the scope. This profile allows users to view any of the reports stored on the
reports server.
Report Security Administrator. Only Operations Manager can use this profile to provide integration
between SSRS security and Operations Manager roles.
Operations Manager includes built-in user roles that you can use to assign permissions. The built-in user
roles are based on the available profiles, and are scoped for the entire management group. You may want
to define user roles with a limited scope. For example, you could create a user role that allows Microsoft
Exchange Server administrators to manage only Exchange Servers in Operations Manager.
You define scopes for user roles by selecting groups as defined in Operations Manager, such as Microsoft
Exchange Server servers, or Windows 2008 servers. You can select one or more groups for the scope. You
can also create your own groups if none of the existing groups meet your needs.
Lesson 2
Upgrading Operations Manager 2007 R2
7-17
If your organization is using Operations Manager 2007 R2 to monitor your environment, there are several
upgrade methods that you can use to upgrade to Operations Manager. You need to understand these
methods so that you can select the appropriate upgrade method to meet the needs of your organization.
You also need to understand the how you can upgrade .NET Framework application monitoring from the
AVIcode .NET application monitoring product to the Application Performance Monitoring (APM) service
in Operations Manager.
Choose an upgrade path to Operations Manager.
Perform simple and complex single-server upgrades.
Upgrade a distributed topology.
Perform a side-by-side upgrade.
Upgrade AVIcode .NET application monitoring.
Choosing an Upgrade Path to Operations Manager
You can upgrade from Operations Manager 2007 R2 to Operations Manager. The upgrade process varies
depending on your Operations Manager 2007 R2 configuration.
The available upgrade paths are:
Simple. Perform a simple upgrade when the existing servers for Operations Manager 2007 R2 meet
the requirements for Operations Manager. A simple upgrade is an in-place upgrade.
Complex. Perform a complex upgrade when the existing servers for Operations Manager 2007 R2 do
not meet the requirements for Operations Manager. A complex upgrade requires you to implement
additional servers during the installation process.
Side-by-side. Perform a side-by-side upgrade when you do not need to migrate configuration
information and historical data as part of the upgrade process. You use new servers when you
perform a side-by-side upgrade.
You can configure Operations Manager 2007 in single-server and distributed topologies. The specific
steps for performing the upgrade vary depending on the exact configuration.
The Upgrade Helper Management Pack
Operations Manager media includes the Upgrade Helper management pack, which guides you through
the upgrade process for a distributed topology. The Upgrade Helper management pack discovers all of
the components in the management group that you need to upgrade. After it identifies the components,
it provides guidance about the order in which you should upgrade the components, and then verifies that
you performed the upgrades correctly.
Upgrading to SQL Server 2008 R2
7-19
Before you can install Operations Manager, you must upgrade the database for Operations Manager 2007
to SQL Server 2008 R2. If your existing server meets the requirements for SQL Server 2008 R2, then you
can perform an in-place upgrade. If your existing server does not meet the requirements for SQL Server
2008 R2, then you need to move the databases to a new SQL Server.
The high-level steps for moving Operations Manager databases to SQL Server are:
1.
Back up the existing database.
2.
Remove the existing database.
3.
Restore the database to the new database.
4.
Update the management server so that it points to the new database location.
5.
Update the internal database configuration so that it includes the new database server.
6.
Update the log on information for the new database.
Simple and Complex Single-Server Upgrades
When performing either a simple or a complex single-server upgrade, you must ensure that all the
required components for Operations Manager are in place.
Simple Single-Server Upgrade
The Operations Manager server must already meet the minimum system requirements, such as a Windows
Server 2008 R2 SP1 operating system. You must also ensure that you are using a 64-bit version of SQL
Server 2008 or newer, for the SQL Server databases.
For a simple single-server upgrade, complete the following high-level steps:
1.
Perform an in-place upgrade by installing Operations Manager on the existing server. During the
installation, the installer identifies and upgrades existing Operations Manager 2007 R2 components.
2.
Upgrade the agents. You can use the Operations console to push the agent out to monitored
computers. If you have installed agents manually, you should upgrade those agents manually before
upgrading the server.
Complex Single-Server Upgrade
You perform a complex single-server upgrade when an existing Operations Manager 2007 R2 deployment
does not meet Operations Manager requirements. You must use a new server for the deployment.
For a complex single-server upgrade, complete the following high-level steps:
1.
Add a new server to the domain that meets the Operations Manager requirements.
2.
Install Operations Manager 2007 R2 as a secondary management server in the management group.
3.
Move all agents to the new secondary management server.
4.
Upgrade the SQL server, if necessary.
5.
Upgrade manually installed agents.
6.
Upgrade the new secondary management server.
7.
Upgrade push-installed agents.
8.
Run the management group upgrade on the secondary management server.
9.
Remove the original management server.
7-21
Upgrading a Distributed Topology
Unlike a single-server upgrade, upgrading a distributed topology requires you to upgrade the
components in a specific order. To guide you through the process, import the Upgrade Helper
management pack.
Upgrade the components in the following order:
1.
Manually installed agents
2.
Secondary management servers
3.
Gateways
4.
Management group on the root management server
5.
Optional features such as consoles and reporting
Simple Distributed Topology Upgrade
During a simple distributed topology upgrade, you upgrade each component by running the Operations
Manager media on the existing servers. The media upgrades each existing server to the new Operations
Manager version.
Complex Distributed Topology Upgrade

For a complex distributed topology upgrade, complete the following high-level steps:
1.
Install Operations Manager 2007 R2 as a secondary management server in the management group.
2.
Move all agents to the new secondary management server.
3.
Add a new gateway server.
4.
Move all agents from the old gateway server to the new gateway server.
5.
Remove the old gateway server.
6.
Upgrade the SQL server to meet minimum requirements of Operations Manager, if necessary.
7.
Upgrade manually installed agents.
8.
Upgrade the new secondary management server.
9.
Upgrade push-installed agents.
10. Run the management group upgrade on the secondary management server.
11. Upgrade optional features such as consoles and reporting.
12. Remove the original management server.
7-23
Performing a Side-by-Side Upgrade
Performing a side-by-side upgrade means that you will replace Operations Manager 2007 R2 entirely with
Operations Manager. You do not migrate the existing configuration or historical data, because the process
creates new databases.
For a side-by-side upgrade, perform the following high-level steps:
1.
Install a new management group with Operations Manager.
2.
Update the agent on the monitored computers.
3.
Multi-home agents to communicate with Operations Manager 2007 R2 and the new management
group. Only an upgraded agent can communicate simultaneously with Operations Manager 2007 R2
and Operations Manager.
Note Multi-homing an agent is the process of connecting the agent to multiple
management groups. In previous Operations Manager versions, this process required
installing the agent multiple times. You can edit the Operations Manager agent
configuration to include multiple management groups.
4.
Perform tuning, and test the configuration in the new management group.
5.
Remove the Operations Manager 2007 R2 management group once you no longer require it.
Performing a side-by-side upgrade requires a significant amount of effort, because none of the
existing configuration migrates from Operations Manager 2007 R2. In essence, you have a brand new
implementation of Operations Manager. Because of this, you must discover all of the computers that
require monitoring, import and tune management packs, configure notifications, and perform all the
other configuration tasks that are required for a new Operations Manager implementation.
Note Once an agent has been upgraded and multi-homed to Operations Manager 2012,
it will be able to continue to communicate to the existing Operations Manager 2007
management group. An Operations Manager 2007 agent will not be able to communicate
to an Operations Manager 2012 management group on its own, and an Operations
Manager 2012 agent will not be able to communicate to an Operations Manager 2007
management group on its own. This cross-management group communication only works
in this upgraded scenario.
7-25
Upgrading AVIcode.NET Framework Application Monitoring
Operations Manager 2007 R2 does not have built-in support for monitoring.NET Framework applications.
Instead, you use AVIcode, a technology that monitors .NET Framework applications and integrates with
Operations Manager 2007 R2 through its own management pack. In this infrastructure, a separate
AVIcode client exists on each monitored server.
Operations Manager replaces AVIcode with APM. You can continue to use AVIcode with Operations
Manager; however, only AVIcode 5.7 is supported for coexistence with Operations Manager. There are no
plans to update AVIcode past version 5.7. Future updates and improvements will occur only for APM.
As a best practice, it is recommended to keep AVIcode to support legacy applications that you cannot
monitor by using APM. These applications include:
Microsoft Internet Information Services (IIS) 6.0
Microsoft .NET Services
Microsoft Office SharePoint Server 2007
Microsoft BizTalk Server
SQL Server Reporting Services

Note You cannot install the AVIcode agent on an Operations Manager management
server.
When you upgrade the Operations Manager agent on a computer that has the AVIcode agent installed
already, the Operations Manager agent automatically skips installing the APM service, because it would
conflict with the AVIcode agent.
7-27
There is no process for automatically migrating applications that are monitored by AVIcode to APM. To
move from AVIcode to APM you must:
1.
Uninstall the AVIcode agent.
2.
Select to repair the Operations Manager agent. The Repair option causes the APM service to install.
3.
Configure APM for the application.
Lesson 3
Configuring Notifications
Notifications are an essential part of using Operations Manager. Without notifications, you can only
identify alerts when you are viewing the Operations console. For example, with notifications, you can
receive alerts on a mobile device so that you are aware of critical events no matter where you are. You can
configure the notifications in Operations Manager so that they are sent through specific channels to
specified people, based on the time the alert occurs and infrastructure component generating the alert,
and many other criteria that you can choose.
Configure notification channels.
Configure notification subscribers.
Configure notification subscriptions.
Configuring Notification Channels
7-29
Alerts that the Operations Manager generates appear in the Operations console. By using the console,
you can identify quickly that there is a problem. However, you might not always have the Operations
console open and available to you. For example, when you are in meetings or otherwise away from your
console you may be unaware that irregularities are occurring.
Operations Manager provides notifications that inform you when it generates an alert. After receiving a
notification, you can use the Operations console to further investigate the cause of the alert, and begin
resolving the problem.
Operations Manager uses the following notification channels for communication:
Email (SMTP). The email channel sends a message to a Simple Mail Transfer Protocol (SMTP) server.
The SMTP server can be an Exchange server or any other SMTP server. You can define credentials to
authenticate delivery to the SMTP server. The main concern about using the email channel is that the
SMTP server may fail and prevent notifications from being delivered.
Instant Messaging (IM). The instant messaging channel delivers an instant message through Office
Live Communications Server, Office Communications Server, or Lync. This is appropriate only if your
organization uses Office Live Communications Server for instant messaging.
Text Message (SMS). Short message service (SMS) is the standard protocol for delivering text
messages to mobile phones. The primary advantage of this notification channel is that it does not
depend on your mail servers for delivery. The phone provider network delivers the messages. To
use the text message notification channel, you need a Global System for Mobile Communications
(GSM)compatible modem that supports SMS message delivery in your management server.
Command. The command notification channel allows you to create customized notifications by
running a script that generates the notification. You need to create the script.
To use the instant messaging and text message notification channels, you need to specify a notification
action account to define the security credentials that will be used to send the message. You also need a
notification action account if the email notification channel uses Windows authentication rather than
anonymous authentication. The command notification channel runs commands by using the Local System
account.
Configuring Notification Subscribers
7-31
Before you can begin sending notifications to users, you need to configure notification subscribers.
Notification subscribers are people or lists of people that Operations Manager can notify. Notification
subscribers define the delivery addresses for notifications and their delivery schedules.
Within a subscriber, you can define multiple subscriber addresses. Each subscriber address is for a specific
notification channel. For example, if you want to deliver a notification by email, you would select the
email channel, and then enter a destination email address. Defining multiple subscriber addresses allows
you to define multiple ways for an individual to be contacted. Alternatively, you can use multiple
subscriber addresses to notify multiple users.
The notification schedule allows you to specify:
The time zone for the subscriber.
Days of the week that the notification will be sent.
Hours for notification delivery.
Dates for notification delivery.
By default, the notification schedule applies to all subscriber addresses. However, for additional flexibility,
you can override the default notification schedule for individual subscriber addresses. For example, you
can configure one address to receive notifications during business hours, and another address to receive
notifications outside of business hours.
Configuring Notification Subscriptions
After creating your notification channels and notification subscribers, you can configure your notification
subscriptions. Notification subscriptions define which alerts to send to which subscribers. They also define
through which channels to send the alerts.
To create a notification subscription, you must define:
Subscription criteria that define which alerts the subscription can use. If you do not configure any
criteria, then all alerts that the Operations Manager console generates are sent.
Subscribers that will receive notifications.
Channels that will be used to send the notifications. Only the specified channels are valid for the
selected subscribers. For example, if you configure a subscriber with an email address, and the
subscription does not specify the email channel, then an email will not be sent.
Alert aging, which you use to suppress notifications until an alert has remained active for a specified
period. For example, you would use this mechanism to:
Allow the on-site staff time to resolve issues before off-site staff are notified.
Allow Operations Manager to resolve an issue itself. For example, an alert might occur because a
server is down during a reboot, but the alert automatically resolves when the server starts up
again.
Subscription Criteria
7-33
Subscription criteria allow you to limit the alerts that are sent for a specific notification subscription. This
means that you can limit notifications to only the administrators responsible for specific systems. For
example, you can notify a network administrator when there is a networking problem, and server
administrators when there is a server problem.
A subscription can include multiple criteria. When you define multiple criteria, then all criteria must be
met for the notification to be sent.
Some of the most commonly used notification subscriptions criteria are as follows:
Raised by an instance in a specific group
Raised by any instance of a specific class
Created by specific rules or monitors (e.g. sources)
Of a specific severity
Of a specific priority
Created in a specific time period
Lesson 4
Configuring Management Packs
Most management packs come with a recommended baseline of monitoring. However, in many cases,
there may be a need to further tune these management packs to meet the particular monitoring needs of
your environment. For example, the Disk Space Monitor in the Windows Server Monitoring Management
Pack comes with recommended disk space monitoring levels for system and non-system disks. Although
these monitoring levels are normally adequate to meet most needs, you may need to tailor these to meet
monitoring requirements already laid down by your organization. You create overrides, and then store
them in a different, unsealed management pack that you have created. You can also configure monitoring
for components for which you were unable to obtain a management pack.
Describe management packs.
Obtain and install management packs.
Tune a management pack.
Create a management pack.
Overview of Management Packs
7-35
Management packs contain the settings that allow you to monitor components. Operations Manager
includes management packs for monitoring itself, and common private cloud infrastructure components
such as UNIX and Linux, and network devices. You need to import management packs for other specific
components that you want to monitor, such a SQL Server 2008 R2 and Exchange Server 2010.
Management packs can contain any of the following:
Object discoveries. Object discoveries find objects that you can monitor. The objects can be servers
or software. To find specific objects, object discoveries use the registry, Windows Management
Instrumentation (WMI), scripts, Object Linking and Embedding Database (OLE DB), or custom code.
The object types that you can monitor are called classes.
Monitors. Monitors are responsible for monitoring the state of each instance of a class. For example,
you can monitor the health state of a server or application. The management pack author controls
the health states that are reported by the monitor. For example, a monitor can indicate that a logical
disk is in a warning state when free space on that disk is less that 10 percent or less than 200
megabytes (MB).
Rules. Rules identify the events and performance data that Operations Manager collects from
monitored computers. Rules also define the actions to perform based on that data. For example,
Operations Manager can generate an alert when a specific event appears in the event log.
Tasks. Tasks run executable code such as scripts. If an agent runs the task, then the task runs with
the permissions of the agent action account. Typically, this is Local System. If a user runs a task
manually, then the task can be run based on the permissions of the user or an associated Run As
profile. Running a task by using a Run As profile account allows operators to perform actions that
they would not normally have permission to do. For example, a task could be used to restart a service
or restart a server. Operations Manager can run tasks automatically in response to specified error
conditions.
Knowledge. Knowledge provides operators with information about how to resolve problems.
Management packs include product-specific knowledge. Additionally, you can add company-specific
knowledge for your environment.
Views. Views display information in the Operations console. The management pack for most products
includes specific views to organize information about that product. Operations Manager includes a
new dashboard view that allows you to combine multiple views into one window.
Reports. Reports are generated by and accessible on SSRS. Like views, the management pack for a
product may contain reports with information that is useful for monitoring a particular product. For
example, a report may contain graphs showing utilization of a resource over time, which you can use
for capacity planning. Reports are generated from data in the data warehouse.
Run As profiles. Run As profiles are used by monitors, rules, and tasks to perform actions. The Run As
profile contains credentials with permissions to access system resources and perform actions.
Obtaining and Installing Management Packs
7-37
You need to obtain management packs for many of the infrastructure components that you want to
monitor. Management packs are downloadable from the Microsoft System Center Marketplace website.
This website contains a catalog of management packs that are available from Microsoft and from other
vendors. The catalog provides summaries and reviews of the management packs that are available. Many
of the management packs are available at no cost. Other management packs are available for purchase
from the vendor.
If your Operations console has access to the Internet, you can download management packs from
Microsoft System Center Marketplace, within the Operations console itself. When you download
management packs directly from within the Operations console, you can:
View updates for currently installed management packs.
View management packs released in the last 3 months.
View management packs released in the last 6 months.
Search for management packs.
Dependencies
Some management packs are dependent on other management packs. When you use the Operations
console to import a management pack, Operations Manager checks the dependencies before importing
the management pack. Once the check completes, the status displays with the following icons:
Green checkmark. This icon means that any necessary dependencies are installed, and the import can
proceed.
Yellow information icon. This icon means that some dependencies are missing, but you can download
them from the Microsoft System Center Marketplace. You can download and install the missing
dependencies by selecting the option to resolve the missing dependencies. This option is only
available when you import management packs directly from the Microsoft System Center
Marketplace by using the Operations console.
Red error icon. This icon means that some dependencies are missing, and they are not available from
the Microsoft System Center Marketplace. You must locate, download, and install the missing
dependencies yourself.
Tuning a Management Pack
7-39
By default, management packs provide best practice baselines for monitoring applications and platforms.
The default settings may have rules, monitors, and even some discoveries disabled that you may need.
You may also find that some thresholds need adjusting and that other alerts need to be suppressed
completely to prevent false alerts.
Most management packs are sealed. This means that you cannot modify the settings in the management
pack. However, you may need to adjust the default settings to suit your environment. To modify the
default settings, you create overrides that reference the original monitor, rule, or discovery, which
are stored in a separate management pack. As a best practice, you should create a separate override
management pack for each of the management packs that you install. This way, you can reset a specific
management pack back to the default configuration by removing the override management packs.
Additionally, you can back up overrides easily by exporting the management packs that contain the
overrides.
Note You can generate a report that lists the overrides that apply to a specific
management pack by running the get-overrides cmdlet.
Implementing a New Management Pack

To implement a new management pack, do the following:
1.
Obtain the management pack, and then implement it in the development environment.
2.
Tune the management pack in the development environment.
3.
Export the overrides management pack from the development environment.
4.
Import both the management pack and the overrides management pack into the production
environment.
5.
Review for additional tuning requirements as your production environment changes.
In some cases, it is difficult to create a development environment for testing new management packs.
Development servers do not generate the same data as production servers. One way to generate accurate
data for testing purposes is to have some of your production servers multi-homed to communicate with
the development Operations Manager environment. In this configuration, the production servers provide
valid data to your development Operations Manager environment. The data in the development
environment is then suitable for configuring overrides.
Creating Overrides
You can create overrides with the granularity that you need for your environment. The options available
for setting an override are:
For all objects of a class. This override allows you to override settings for all instances of a class. For
example, you could override the minimum free-disk space that is required on the Windows Server
2008 Logical Disk class before an alert generates. The override would apply to all instances of the
logical disk class. Effectively, this would apply to all logical disks on all servers running Windows
Server 2008.
For a group. This override allows you to override settings only for objects in a specific group.
Management packs create many groups automatically, such as Windows Servers. You can also create
groups with specific computers or other objects to meet your needs. For example, you could create a
group that contains all logical disks with a drive letter of P (because this may be the disk containing
your paging file). You can then use this group as a target for an override to disable disk space
monitoring.
For a specific object of a class. This override allows you to override settings for a specific instance of a
class. For example, you could override the minimum free-disk space that is required on drive C of a
specific server before an alert generates.
You can prioritize specific overrides by selecting the Enforced option. This option ensures that the
specified override has priority over other overrides at the same level. For example, if a computer is a
member of two groups and overrides are applied to each group, then the enforced override will be
effective. However, an override that is applied to a specific object of a class is always enforced over an
override that applies to a group.
Some rules and monitors may not be relevant to your environment. As a best practice, rather than
creating overrides to suppress the alerts created by unneeded rules and monitors, you should disable the
rule or monitor. Disabled rules or monitors are disabled for all classes of objects to which they apply.
Note Some management packs include recovery and diagnostic tasks that are disabled by
default. You must create an override that enables these tasks.
Creating a Management Pack
7-41
Management packs that vendors provide may be sufficient for your needs. However, you can also create
your own management packs. For example, you can create a management pack to monitor customized
applications or features that vendor-supplied management packs do not monitor.
In your management pack, you can create any of the management pack components that normally
import as part of management packs. These components can include discoveries, groups, monitors,
and rules. In many cases, you can use management pack templates to simplify the creation process. The
management pack templates create a combination of components for common monitoring scenarios.
The management pack templates are as follows:
.NET Application Performance Monitoring. This template allows you to monitor the server and client
side of. .NET Framework applications. Operations Manager automatically discovers applications on
monitored computers.
OLE DB Data Source. This template allows you to monitor database performance and availability. The
database must be accessible by using OLE DB. You must configure watcher nodes that perform the
testing.
Process Monitoring. This template allows you to monitor whether a process is running on a
monitored computer. You can use this template to ensure a particular process is running, ensure
that a particular process in not running, or ensure that a particular process has not been running for
an extended period of time. You can also use this template to monitor resources a process uses.
TCP Port. This template allows you to verify that a TCP port is responding to requests. You must
configure one or more watcher nodes. This template cannot identify whether an application is
functioning properly on the port; it only monitors accessibility.
UNIX or Linux Log File. This template allows you to monitor text in a UNIX or Linux log file. You can
use this template to monitor a log file for completion of a task or an error message.
UNIX or Linux Service. This template allows you to monitor whether a process is running on a
monitored UNIX or Linux computer.
Web Application Transaction Monitoring. This template allows you to monitor the availability and
performance of any web-based application. As part of the monitoring process, you can record a
synthetic transaction that performs actions on the website, so that you can confirm functionality
rather than simply availability.
Windows Service. This template allows you to monitor the availability of Windows services. You can
also monitor resource utilization.
Note
Details about these templates are provided in Module 8.
By default, all management packs that you create are unsealed. This means that the contents of the
management pack can be modified by other administrators. If you want to prevent other administrators
from modifying a management pack that you have created, you can seal your management pack.
Generally, you do this only for management packs that perform monitoring rather than overrides.
You may also want to seal a management pack if you want another management pack to refer to it. A
management pack can only refer to content within a sealed management pack. For example, if you create
a management pack that contains a group definition, you may want to use that group definition when
defining an override that is stored within another management pack. For this to work, you must seal the
management pack containing the group definition. Alternatively, you can create the group definition in
the same management pack as the override to which it refers.
You can unseal a management pack, but this is not recommended because once unsealed, any references
to that management pack become invalid. If a vendor provides a sealed management pack, then any
modifications are unlikely to be supported.
If you install an updated version of the management pack, your modifications will be lost.
Lesson 5
Configuring Integration with System Center 2012
7-43
To provide complete monitoring for your private cloud infrastructure, it is recommended that you
integrate Operations Manager with VMM and DPM. Integrating VMM with Operations Manager allows
you to optimize VMM with Performance and Resource Optimization (PRO) tips. Integrating DPM with
Operations Manager allows you to centrally monitor all of your DPM servers and their backup jobs.
Describe Operations Manager integration with VMM.
Configure Operations Manager and VMM integration.
Describe Operations Manager integration with DPM.
Configure Operations Manager and DPM integration.

Note Integration topics related to Service Manager are covered in Module 9, and
integration topics related to Orchestrator are covered in Module 11.
Operations Manager Integration with VMM
Operations Manager can monitor virtual machines in the same way that it monitors physical computers.
To monitor a virtual machine, you deploy the Operations Manager agent to the operating system that
is running on the virtual machine, just as you would with a physical machine. Operations Manager then
discovers the virtual machine just as it would a physical computer. If you are using VMM, then additional
monitoring options are available to you.
Integrating VMM and Operations Manager allows you to view a complete system overview of
virtualization hosts and the virtual machines that are running on them. You can see the relationship
between a virtualization host and the virtual machine in diagrams. Operations Manager monitors all VMM
components and the virtual machines.
The VMM management pack includes Performance and Resource Optimization (PRO) tips. PRO tips in the
management pack can perform actions on the VMM automatically in response to monitored events. For
example, when resource utilization is too high on a Hyper-V host, the PRO tip can move a virtual
machine automatically to another Hyper-V host with lower resource utilization.
PRO functions as follows:
1.
The PRO monitor identifies an opportunity for optimization.
2.
The PRO monitor generates a PRO tip, which may include advice or a remediation script.
3.
If you have enabled automatic remediation, then the remediation script runs.
4.
If you have not enabled automatic remediation, then the PRO tip prompts the administrator to
approve the remediation script for running.
Configuring Operations Manager and VMM Integration
7-45
You configure Operations Manager and VMM integration through the Virtual Machine Manager
Administrator Console. The wizard that configures integration imports the VMM management packs into
Operations Manager, and enables Windows PowerShell remoting on the Virtual Machine Manager server.
Windows PowerShell remoting allows the Operations Manager management server to run VMM
management scripts on the Virtual Machine Manager server.
Before you can configure integration, your infrastructure must satisfy the following prerequisites:
Windows PowerShell 2.0 must be installed on all Operations Manager management servers.
Operations console must be installed on the Virtual Machine Manager server.
SQL Server management pack must be installed in Operations Manager.
Microsoft Windows Server 2000/2003/2008 Management Pack.
The PRO tips implementation is more granular for Operations Manager and VMM, than for previous
versions of these products. You can enable or disable PRO tips all the way down to individual virtual
machines. This allows for better control of PRO tip implementation and delegation. For example, you can
configure PRO tips so that self-service users are notified when PRO tips are available for any virtual
machines that they own.
After configuring integration between Operations Manager and VMM, you can verify functionality by
viewing discovered Virtual Machine Manager servers, and by viewing diagrams that show virtualization
hosts and the virtual machines hosted on them. Additionally, you can use the following Windows
PowerShell cmdlets:
Test-SCPROTip. This cmdlet creates a test PRO tip, and verifies that integration is configured
correctly.
Write-SCOpsMgrConnection. This cmdlet pushes any undiscovered VMM objects to Operations

Manager.
Operations Manager Integration with DPM
When integrated with Operations Manager, DPM provides a central console for monitoring DPM servers
and jobs. The central console for DPM can monitor DPM and System Center Data Protection Manager
2010 (DPM 2010).
After you install the central console, DPM alerts are integrated into the Operations console. The central
console provides a single, central location for monitoring DPM alerts for items such as failed backups. This
means you do not need to monitor multiple servers individually.
When an alert displays in the Operations console, you can select one of the following options:
Resume backups. Use this option to resume backups after you have resolved the problem that was
causing the backup to fail.
Take recommended action. If the alert includes a recommendation for resolving the problem, use
this option to implement the recommendation. For example, if a necessary service was not running,
using this option could cause the service to restart.
Troubleshoot. Use this option to view detailed information about why the alert was raised. You can
use this information to resolve the problem that raised the alert. For example, the information could
indicate that a snapshot failed because an agent failed to start, and it could provide an error code.
You could then begin searching for the resolution to that error code.
Operations Manager consolidates repeated instances of an alert into a single alert. This prevents the
console from becoming cluttered with repetitious information.
Configuring Operations Manager and DPM Integration
7-47
To enable Operations Manager integration with DPM, you must install the DPM server and client
components for the DPM central console on an Operations Manager management server. The central
console server component allows you to monitor DPM servers. The central console client component
allows you to run the scoped DPM Administrator Console. After you install the DPM central console, you
need to import the DPM Management Packs into Operations Manager.
After installing the DPM central console, you must do the following:
In Operations Manager, if the DPM server has more than 2,000 data sources, then override the health
monitor settings for the DPM servers. You must do this because high volume DPM servers have
higher disk activity than most servers.
Add registry keys on the Operations Manager management server.
Modify registry keys on the DPM server that you are monitoring.
Note For details about the overrides and registry changes, see the installation
documentation for DPM.
You can also configure DPMspecific security that applies to the central console. To create the default
DPM management roles, you need to run DefaultRoleConfigurator.exe in C:\Program Files\Microsoft
DPM\bin.
The default DPM user roles are:
DPM Admin. This role allows users to perform all DPM actions.
DPM Read-Only Operator. This role allows users to view all job alerts and DPM configurations.
DPM Tier-1 Support. This role allows users to see alerts and job information. It also allows users to
perform simple tasks such as rerunning a backup job.
DPM Tier-2 Support. In addition to the DPM Tier-1 Support role permissions, this role allows users to
perform additional troubleshooting tasks.
DPM Tape Operator. This role allows users to perform simple tape management tasks such as tape
inventory.
DPM Tape Admin. This role allows users to perform all tape management tasks.
DPM Recovery Operator. This role allows users recover data backed up by DPM.
After you configure the default DPM roles, you can assign users to those roles. You can create scoped
roles to limit management to specific DPM servers. The permissions associated with these roles apply in
the central console and the scoped DPM console, but they do not apply on the DPM server.
Lab Setup
Note
7-49
1.
2.
3.
4.
Password: Pa$$w0rd
Domain: Contoso
5.
Repeat steps 2 to 4 for 10751A-LON-SQ1 and 10751A-LON-OM1.
6.
7.
8.
9.
Password: Pa$$w0rd
Domain: Contoso
10. Repeat steps 7 to 9 for 10751A-LON-AP1 and 10751A-LON-DM1.
Lab Scenario
Contoso, Ltd has implemented a new private cloud infrastructure. You now need to set up private
cloud infrastructure monitoring, so that IT staff can identify and resolve problems quickly. The Operations
Manager server components are already in place. You need to complete the Operations Manager agent
deployment, and configure integration with other System Center 2012 components.
Exercise 1: Deploying Agents

Scenario
7-51
You need to configure the infrastructure servers for monitoring. Most servers will be monitored by the
Operations Manager agent. However, you cannot install the agent on LON-SQ1 or LON-AP1, because it
has conflicting software already installed. You must configure LON-SQ1 and LON-AP1 for agentless
monitoring.
1.
View currently monitored computers.
2.
Identify the management action account.
3.
Install the agent on systems by using the Discovery Wizard.
4.
Configure agentless monitoring by using the Discovery Wizard.
5.
Prepare security for manual agent installation.
6.
Manually install the agent.
7.
Verify that monitored computers are healthy.
Task 1: View currently monitored computers

1.
On LON-OM1, open the Operations console.
2.
In the Monitoring workspace, under Monitoring, view the Discovered Inventory.
3.
Notice that only LON-OM1.Contoso.com is currently being monitored. Refresh the view to change
the state to Healthy.
Task 2: Identify the management action account

1.
In the Operations console, in the Administration workspace, under Run As Configuration, view the
Accounts.
2.
Read the description for Contoso\SCAdmin, that says this user account is used on agent-managed
computers to run tasks, and that this account is configured as the domain administrator.
Task 3: Install the agent on systems by using the Discovery Wizard

1.
In the Operations console, in the Administration workspace, select Administration.
2.
On the Administration Overview page, select the option to configure computers and devices to
manage.
3.
In the Computer and Device Management Wizard, use the following settings:
Windows computers
Advanced discovery
Computer and Device Classes: Servers Only
Management server: LON-OM1.Contoso.com
Scan Active Directory
Domain: Contoso
Computer role: Any
Use selected Management Server Action Account
Objects to manage:
LON-DC1.Contoso.com
LON-DM1.Contoso.com
LON-VM1.Contoso.com
Management mode: Agent
Agent Action Account: Local System
Task 4: Configure agentless monitoring by using the Discovery Wizard

1.
In the Operations console, in the Administration workspace, select Administration.
2.
On the Administration Overview page, select the option to configure computers and devices to
manage.
3.
In the Computer and Device Management Wizard, use the following settings:
Windows computers
Advanced discovery
Computer and device classes: Servers Only
Management server: LON-OM1.Contoso.com
Scan Active Directory
Domain: Contoso
Computer role: Any
Use selected Management Server Action Account
Objects to manage:
LON-SQ1.Contoso.com
LON-AP1.Contoso.com
Management mode: Agentless
Task 5: Prepare security for manual agent installation

1.
In the Operations console, in the Administration workspace, select Settings, and then open
Security.
2.
Select the option to review new manual agent installations.
Task 6: Manually install the agent

1.
On LON-HOST1, browse to \\LON-AP1\E$\Labfiles\SystemCenter\SCOM2012, and then run

Setup.exe.
2.
Start installation of a local agent using the following settings:
3.
Destination folder: default location
Specify Management Group Information
Management Group Name: Contoso
Management Server: LON-OM1.Contoso.com
Management Server Port: 5723
Agent action account: Local System
On LON-OM1, in the Operations console, in the Administration workspace, under Device

Management in Pending Management, approve LON-HOST1.Contoso.com.
Task 7: Verify that monitored computers are healthy

1.
On LON-OM1, in the Operations console, in the Administration workspace, under Device

Management, view the Agent Managed computers.
2.
View the Agentless Managed computers.
3.
View the Management Servers.
4.
In the Monitoring workspace, view the Discovered Inventory.
Results: After this exercise, you should have configured monitoring for infrastructure servers.
7-53
Exercise 2: Deploying and Configuring Management Packs

Scenario
To finish configuring infrastructure server monitoring, you need to import the management packs for
Windows Server 2008 R2, IIS 7.0, and SQL Server 2008 R2. These management packs will configure
Operations Manager to monitor information specific to those products.
In addition, you need to configure an override for the default disk space monitor to prevent unnecessary
alerts from being triggered.
1.
Install management pack files.
2.
Import management packs.
3.
Verify management pack functionality.
4.
Create a management pack for overrides.
5.
Create an override for the Windows Server 2008 disk space monitor.
Task 1: Install management pack files

1.
On LON-OM1, browse to \\LON-AP1\E$\labfiles\MgmtPacks.
2.
Run Windows Server Base OS System Center Operations Manager 2007 MP.msi.
3.
Accept the license agreement, and use the default installation folder.
4.
Run Internet Information Services MP.msi.
5.
6.
Run SQLServerMP.msi.
7.
Task 2: Import management packs

1.
On LON-OM1, in the Operations console, open the Authoring workspace.
2.
On the Authoring Overview page, select to import management packs and use the following
settings:
3.
Add from disk
Do not search the online catalog for dependencies
Select all files in: C:\Program Files(x86)\System Center Management Packs

\Windows Server Base OS System Center Operations Manager 2007 MP
On the Authoring Overview page, select to import management packs, and use the following
settings:
Add from disk

4.
Select all files in: C:\Program Files(x86)\System Center Management Packs

\Internet Information Services MP
On the Authoring Overview page, select to import management packs and use the following
settings:
7-55
Add from disk
Select all files in: C:\Program Files(x86)\System Center Management Packs\SQLServerMP
Task 3: Verify management pack functionality

1.
In the Operations console, in the Authoring workspace, in Management Pack Objects, select Object
Discoveries.
2.
In the Object Discoveries list, under Discovered Type: Computer, verify that Populate All
Windows Server 2008 R2 Full Computer Group exists.
3.
Verify that Discovered Type: IIS 7 Server Role exists.
4.
In the Monitoring workspace, in Microsoft Windows Internet Information Services, view the IIS Role
State.
5.
In Microsoft Windows Server, view the Windows Server State.
Task 4: Create a management pack for overrides
In the Operations console, in the Administration workspace, select Management Packs, and then
create a management pack with the following settings:
Name: Windows 2008 Overrides
Version: 1.0.0.0
Description: Overrides for computers running Windows Server 2008
Task 5: Create an override for the Windows Server 2008 disk space monitor
1.
In the Operations console, in the Authoring workspace, in Management Pack Objects, select
Monitors.
2.
In Windows Server 2008 Logical Disk, under Entity Health, under Availability, open Logical Disk
Free Space.
3.
On the Health tab, read the available states.
4.
On the System Drive % tab, read the default configuration.
5.
On the System Drive Mbytes tab, read the default configuration.
6.
On the Alerting tab, read the default configuration.
7.
On the Overrides tab, create an override for all objects in the Windows Server 2008 Logical Disk class
with the following settings:
Override: Warning % Threshold for System Drives: 5
Select destination management pack: Windows 2008 Overrides
8.
Use right-click to view the Overrides Summary for Logical Disk Free Space, and verify that the
override is present.
9.
Close the Operations Manager console.
Results: After this exercise, you should have imported management packs and configured an override.
Exercise 3: Configuring Notifications

Scenario
7-57
After configuring monitoring for the private cloud infrastructure, you need to configure notifications for
alerts related to computers that are running Windows Server 2008. The notifications will be sent by email
to the email account Administrator@Contoso.com.
1.
Create a notification channel.
2.
Create a notification subscriber.
3.
Create a notification subscription.
Task 1: Create a notification channel
On LON-OM1, in the Operations console, in the Administration workspace, create a new email
notification channel with the following settings:
Channel name: default
SMTP server (FQDN): smtp.contoso.com
Port number: 25
Authentication method: Anonymous
Return address: OMAlerts@contoso.com
Task 2: Create a notification subscriber
In the Operations console, in the Administration workspace, create a new notification subscriber
Subscriber name: Administrator
Always send notifications
Subscriber address:
Address name: Mobile E-mail
Channel type: E-mail (SMTP)
Delivery address for the selected channel: administrator@contoso.com
Always send notifications
Task 3: Create a notification subscription
In the Operations console, in the Administration workspace, create a new notification subscription
Subscription name: Windows Server 2008 notifications
Conditions: raised by any instance in a specific group: Windows Server 2008 Computer Group
Subscriber: Administrator
Channel: SMTP Channel
Delay sending notifications if conditions remain unchanged for longer than: 10 minutes.
Results: After this exercise, you should have created a notification subscription for alerts from computers
running Windows Server 2008.
Exercise 4: Configuring VMM Integration

Scenario
7-59
To enhance monitoring of VMM, you need to integrate Operations Manager with VMM. This will allow
you to centrally monitor all virtualization hosts and virtual machines, and to use PRO tips.
1.
Install the Operations console on the Virtual Machine Manager server.
2.
Enable VMM integration with Operations Manager.
3.
Verify VMM integration with Operations Manager.
Task 1: Install the Operations console on the Virtual Machine Manager server
1.
On LON-VM1, browse to \\LON-AP1\e$\Labfiles\SystemCenter\SCOM2012, and then run

setup.exe.
2.
Install Operations Manager with the following settings:
Accept the license agreement
Select features to install: Operations console
Select installation location: default
Do not help improve Operations Manager
Microsoft Update: Off
Clear the Start the Operations console when the wizard closes check box, and then click
Close.
Task 2: Enable VMM integration with Operations Manager

1.
On LON-VM1, start Virtual Machine Manager Console using the current Windows session identity.
2.
In the Settings workspace, click System Center Settings, open Operations Manager Server, and
then select the following settings:
3.
Server name: LON-OM1.Contoso.com
Use the VMM server service account
Enable Performance and Resource Optimization (PRO)
Enable maintenance mode integration with Operations Manager
User name: Contoso\SCAdmin
Password: Pa$$w0rd
In the Jobs window, wait for the New Operations Manager connection job to complete. This may take
up to five minutes.
Task 3: Verify VMM integration with Operations Manager

1.
On LON-OM1, in the Operations console, in the Monitoring workspace, verify that VMM displays.
2.
Expand Virtual Machine Manager, expand Agents, and then click to view the Health State.
3.
Under AgentWatcher State, select LON-VM1.Contoso.com, and then open the Diagram View.
Results: After this exercise, you should have configured integration of Operations Manager and VMM.
Exercise 5: Configuring DPM Integration

Scenario
7-61
Your last task for the Operations Manager deployment is to integrate Operations Manager with DPM.
Integrating DPM with Operations Manager will allow you to centralize the monitoring of DPM backups,
and to generate alerts in the Operations Manager console.
1.
Import the DPM management packs.
2.
Install the DPM central console.
3.
Configure DPM integration registry keys for the DPM server.
4.
Install DPM security roles.
5.
Verify installation of the DPM central console.
Task 1: Import the DPM management packs

1.
2.
On LON-OM1, in the Operations console, in the Administration workspace, select Management

Packs, and then import the management packs by using the following settings:
Add from disk
Select all files in: \\LON-AP1\E$\Labfiles\SystemCenter\DPM2012\SCDPM

\ManagementPacks\en-US\
Close the Operations console.
Task 2: Install the DPM central console

1.
On LON-OM1, browse to \\LON-AP1\E$\Labfiles\SystemCenter\DPM2012\SCDPM, and then run

setup.exe.
2.
Install the DPM central console with the following settings:
Accept the license agreement
Install Central Console server-side and client-side Components
Installation location: default
Microsoft Update: Do not use
Task 3: Configure DPM integration registry keys for the DPM server
1.
On LON-OM1, run regedit.exe.
2.
Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager

\3.0\Modules\Global\PowerShell.
3.
In the PowerShell key, create a new DWORD (32-bit) Value with the following settings:
Name: IsolationLevel
Value: 0
4.
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HealthService
\Parameters.
5.
Edit Persistence Version Store Maximum, and change the value to 5dc00.
6.
In the Parameters key, create a new DWORD (32-bit) Value with the following settings:
7.
Name: State Queue Items
Value data: 1000
Use the Services administrative tool to restart the System Center Management service.
Task 4: Install DPM security roles
On LON-OM1, browse to C:\Program Files\Microsoft DPM\bin, and run

efaultRoleConfigurator.exe.
Task 5: Verify installation of the DPM central console
1.
On LON-OM1, in the Operations console, in the Monitoring workspace, under System Center 2012
Data Protection Manager, in State Views, click DPM Servers.
2.
Verify that LON-DM1 displays.
3.
In the Administration workspace, under Security, select User Roles.
4.
Verify that the DPM roles displays under Profile: Operator.
Results: After this exercise, you should have configured Operations Manager integration with DPM.
Review Questions
1.
What is the default port number that agents and gateways use when communicating with a
management server?
2.
Which security profile for Operations Manager can resolve alerts but not create overrides?
3.
Why would you want to continue using AVIcode 5.7 with Operations Manager, rather than using
APM?
4.
How can you configure notifications to be sent to a specific person that is on call?
5.
Which DPM component is installed on an Operations Manager management server to configure

integration between DPM and Operations Manager?
Real-World Issues and Scenarios
7-63
1.
Your organization is using Operations Manager to monitor 100 servers with a single management
server. However, there is a concern that Operations Manager is not highly available. Can you make
the management server highly available?
2.
Your organization uses a mix of Windows servers and Linux servers. You have proposed using
Operations Manager to monitor the servers. A colleague is concerned that Operations Manager
cannot monitor Linux. How do you respond?
3.
Your organization wants to monitor computers in a perimeter network, but would like to avoid
configuring certificates for each monitored computer. How can you accomplish this?
4.
Your organization is planning an upgrade from Operations Manager 2007 R2 to Operations Manager.
You are trying to decide whether the simple or complex upgrade path is appropriate. What are the
biggest concerns when selecting either the simple or the complex upgrade paths?
5.
You have imported several new management packs into Operations Manager. The server
administrators are complaining that they are receiving alerts about issues that are not problems.
What do you need to do?

8-1
Module 8
Extending and Customizing Monitoring of the Private Cloud

Infrastructure
Contents:
Lesson 1: Configuring the SharePoint Server Portal
8-3
Lesson 2: Monitoring Templates
8-8
Lesson 3: Distributed Application Monitoring
8-18
8-22
Extending and Customizing Monitoring of the Private Cloud Infrastructure
Module Overview
8-2
The standard management packs for products, such as Microsoft System Center 2012 Virtual Machine
Manager (VMM), allow you to monitor the individual components of your private cloud. However, your
monitoring needs likely extend beyond the basics that come with standard management packs. If you
want to monitor applications for which there is no specific management pack, then you need to create
your own management pack. To simplify monitoring of custom applications, Microsoft System Center
2012 - Operations Manager (Operations Manager) includes templates for monitoring various application
types. You can also monitor the components of a distributed application and roll up the health status into
a single item.
Integrate Operations Manager data into the Microsoft SharePoint Server 2010 portal.
Describe how to use monitoring templates in Operations Manager.
Implement distributed application monitoring.
Lesson 1
Configuring the SharePoint Server Portal
8-3
SharePoint Server is a commonly used platform for building corporate intranets. Intranets are websites
for collaboration, and are often a central point that workgroups use to find relevant information for their
jobs. IT departments can integrate dashboards from Operations Manager into SharePoint Server sites to
make the data more easily available.
Describe dashboard view integration with SharePoint Server.
Install the Operations Manager Web Part.
Configure the Operations Manager Web Part.
Dashboard View Integration with SharePoint Server
8-4
Operation Manager includes dashboards to make it easier to view all relevant information in a single view.
A dashboard has multiple panes, and each pane contains different information. One pane can contain
health information, while another pane contains performance information. Placing all relevant information
into a single dashboard view makes monitoring easier for administrators.
Dashboard views are included in some management packs. You can also create your own customizable
dashboard views, which allows you to meet the needs of different job roles.
When you create a dashboard view, there are layout templates with multiple panes in various orientations.
In each pane, you add a widget to identify the content that you want to display in the pane. The available
widgets are as follows:
Performance. The Performance widget displays performance data that has been collected for the
selected objects.
Alert. The Alert widget displays alert information for the selected objects.
State. The State widget displays health information for the selected objects.
You can create dashboard views from the Operations Manager console, or from the web console.
Regardless of where you create the dashboard view, you can access it automatically from the Operations
Manager console or the Web console.
Operations Manager includes a Web Part that lets you incorporate dashboard views into SharePoint 2010,
which in turn provides you with a way to incorporate Operations Manager information into your
corporate intranet. You can make this data available to users that do not have permission to view data in
the Operations Manager console by configuring shared credentials in the Web Part.
Installing the Operations Manager Web Part
8-5
You use the Operations Manager Web Part to display dashboard views in a SharePoint site. To display
Operations Manager data using the Operations Manager Web Part, the following prerequisites must be
met:
The Operations Manager web console must be installed and configured.
SharePoint Server 2010 Standard and SharePoint Server 2010 Enterprise support all features of the
Operations Manager Web Part.
SharePoint Foundation 2010 can be used with the Operations Manager Web Part, and the SharePoint
Server must be in the same domain as the Operations Manager web console. Shared credentials for
the Web Part are not supported.
The person performing the installation must have SharePoint administrator permissions.
Install the Operations Manager Web Part on the SharePoint 2010 Server
To install the Operations Manager Web Part, complete the following steps:
1.
Copy the Installation files to the SharePoint 2010 Server. These files are located on the Operations
Manager installation media at \Setup\amd64\SharePoint.
2.
In the SharePoint 2010 Management Shell, run the following installation script:
Install-OperationsManager-DashboardViewer.ps1 solutionPath <directory containing

Microsoft.EnterpriseManagement.SharePointIntegration.wsp> -url <optional, for installing to a
specific portal address or website>
3.
Verify installation by confirming that the Operations Manager Dashboard Web Part is activated in
the site collection features.
4.
Add an Operations Manager web console URL (http://servername/OperationsManaager) to the list of

Operations Manager Web Console Environments for the site.
Configuring the Operations Manager Web Part
8-6
After you have added the Operations Manager Web Part to a SharePoint 2010 server, you can add it to a
page in the site. However, first, you need to configure the Web Part with the dashboard view URL on the
Operations Manager web console. The simplest way to get a dashboard view URL is to access it on the
web console, and then copy the URL from the browser address bar and paste it into the Web Part
configuration.
A common problem that you may encounter when implementing the Operations Manager Web Part is
time synchronization between the SharePoint 2010 server and the Operations Manager web console
server. The time synchronization for these two servers must be within 5 seconds. If time synchronization
between the two servers diverges by more than five seconds, then you may receive a message indicating
that the ticket has expired when you attempt to view the Operations Manager Web Part.
Web Part Security
When the Operations Manager Web Part accesses the dashboard view on the Operations Manager web
console, the credentials that are used by default are those of the logged on user. In this configuration,
users are able to access views that they have permission to view in Operations Manager.
If you want to provide users who do not have Operations Manager permissions with access to a
dashboard, you can configure the Web Part to use shared credentials. When users access the Web Part,
the shared credentials are used to access the dashboard on the Operations Manager web console.
To configure shared credentials:
1.
Create the Active Directory Domain Services (AD DS) user that will be used for shared credentials,
and then assign that user the correct permissions in Operations Manager.
2.
Create a Target Application ID in SharePoint Central Administration. This ID stores the shared account
user name and password.
3.
On the Operations Manager web console server, use the Operations Manager shell to run the
following command:
add-OperationsManager-WebConsole-Environment.ps1.
8-7
Alternatively, you can edit the Web.config file for the web console manually. This process configures
the Web Part to use the Target Applications ID when accessing the dashboard view on the Operations
Manager web console.
Lesson 2
Monitoring Templates
Many organizations have customized applications and services for which no management pack is
available. To monitor these applications and services you need to configure monitors to view health
status, and configure rules to generate alerts. Operations Manager includes templates to simplify the
configuration process for monitoring customized applications and services.
Describe management pack authoring.
Explain how to monitor database availability and performance.
Explain how to monitor port availability for a service or application.
Explain how to monitor a process.
Explain how to monitor Windows operating system services.
Explain how to monitor web applications.
Explain how to monitor Microsoft .NET Framework applications.
8-8
Management Pack Authoring
8-9
You can customize the monitoring of Operations Manager by creating your own management packs. You
generally create your own management packs when you want to monitor applications for which there is
no management pack available. This may be because the vendor does not provide a management pack,
or because it is internally developed software.
Custom Management Packs
When you create your own management pack, you can create and modify management pack objects
such as:
Attributes. An attribute defines a registry key or Windows Management Instrumentation (WMI) query
that can be used to determine the configuration of a computer. It also defines what class, group, or
object should be queried for that attribute. You can create attributes that define groups, or display
configuration information for discovered objects.
Overrides. An override modifies the default setting in a management pack. This node in the Authoring
workspace allows you to view and modify existing overrides. Overrides are typically created in the
properties of a monitor or rule, or from an alert.
Monitors. A monitor defines health status, or state, for an object. The health status can be indicated
by performance data, event log entries, or service status. You can use this to create your own health
monitors.
Object discoveries. An object discovery describes how objects are discovered based on methods such
as WMI scripts or registry keys. You can disable object discoveries or override parameters for an
object discovery. You cannot create new object discoveries by using the Operations Manager console.
Rules. A rule generates alerts based on characteristics of a monitored object. A rule does not define
the state for an object.
8-10
Service level tracking. Service level tracking uses service level objectives that let you track availability
or performance of an object against a defined standard. You can run reports to see if you are meeting
the objectives.
Tasks. A task runs a command on a monitored system. Operations console operators do not need to
have permission to run the script on monitored systems because an agent runs the script.
Views. A view allows you to customize what data displays in the Operations Manager console. For
example, you can create a view that includes alerts only from specific system types for which you are
responsible. You create views in the Monitoring workspace, but you view a list of them in the
Authoring workspace.
Management Pack Templates
Management pack templates are included in the Operations console to simplify the monitoring process. A
configuration wizard is provided when you use templates. The wizard simplifies the process of monitoring
common objects. Some commonly used templates are Process Monitoring, TCP Port, and Windows
Service.
You can also create distributed applications in the Operations console. A distributed application is
composed of multiple components, such as a web front end and a database. When you configure a
distributed application, all of the application components are monitored, and the health status of the
individual components is combined to create the health of the monitored application.
Finally, you can create your own groups that you can use for purposes such as configuring overrides or
sending notifications. You can list specific objects as group members, and then generate dynamic
membership based on monitored object attributes.
Monitoring Database Availability and Performance
8-11
You can use the OLE DB Data Source template to monitor database availability and performance. The
database can be Microsoft SQL Server, or any other database that can be accessed by using Object
Linking and Embedding Database (OLE DB). You should monitor a database as part of monitoring an
application that uses the database.
Watcher Nodes
Database monitoring uses watcher nodes to monitor the database. A watcher node is any computer with
the Operations Manager agent installed. You typically configure several watcher nodes to monitor from
different parts of the network that may experience performance problems.
Monitoring a Database for Health Status
You can choose to create a connection to the database either to monitor availability, or to send a query to
the database. Sending a query to the database is a better indicator of database performance.
Monitors that display health status are:
Success of the database connection or query.
Time to connect to database.
Time to complete query.
Time to fetch results of query.
Security
Two Run As profiles are available for connectivity to the database. Use the Simple Authentication Profile
for testing connectivity to a database with a non-Windows username and password. Use the Synthetic
Transaction Profile to test connectivity to a database by using an account in AD DS. If a SQL Server
database uses only Windows Authentication, then you must use the Synthetic Transaction Profile. In
both cases, you first create a Run As account, and then add it to the appropriate profile.
Monitoring Port Availability
8-12
You use the TCP Port template to monitor availability of a service or application that is listening on a TCP
port. Similar to the OLE DB Data Source template, you specify watcher nodes that test connectivity to a
TCP port on a specific Domain Name System (DNS) name or IP address.
The TCP Port template is not capable of testing whether the service or application using the TCP port is
functioning properly; it is capable only of identifying whether the port is accepting connections.
Monitors to display health status are:
Target host reachable
Connection accepted
Connection timeout
DNS resolution
When you view the health status for port monitors, you need to consider network connectivity. If only one
watcher is having connectivity problems, then the problem is likely in the network. If all watchers are
having connectivity problems, then it is more likely that the application is experiencing a problem.
Monitoring Processes
8-13
You can use the Process Monitoring template to monitor processes on a Windows Server. For the
specified process, you can collect processor and memory utilization information. It is possible to generate
alerts based on this performance data. This template does not use watcher nodes; instead, all information
is gathered directly from the computer that is running Windows Server.
You can use the Process Monitoring template for three different scenarios:
Critical processes. In this scenario, you use the template to ensure that a particular process is running.
You can monitor the performance of the process.
Long-running process. In this scenario, you use the template to monitor the duration for which a
particular process runs. This is useful when a process is known to have problems completing a task.
Unwanted process. In this scenario, you use the template to monitor for the presence of an unwanted
process. You can request that an alert generate if this process appears. This is useful for monitoring
known rogue processes.
For processes that are running, you can specify a minimum and maximum number of instances for the
process that should be running. This is useful if a scheduled task sometimes does not complete properly
and stays in memory. If too many instances are in memory, this may affect performance.
Performance monitoring for a process collects memory and CPU utilization. You can request that an alert
generate when memory or CPU utilization is above a threshold that you specify. You also specify the
sampling interval and number of samples that the value must be above before an alert generates.
Monitoring Windows Services
8-14
A Windows service is different from a simple process because the Windows service registers in the
operating system. The registration in the operating system provides additional capabilities for gathering
performance information. It also provides the ability to use the startup type as part of the monitoring
criteria.
Like the Process Monitoring template, you use the Windows Services template to monitor memory and
CPU utilization. You also have the ability to be sent an alert if either is above a threshold that you define.
You can collect performance information about the handle count, thread count, and working set for the
service.
The template for monitoring Windows services provides the option to monitor only services with a startup
type of automatic. This is often appropriate, because a service with startup type of manual or disabled is
expected to be stopped. Therefore, you do not want to monitor the status of services that are not starting
automatically.
Monitoring Web Applications
8-15
You can use the Web Application Transaction Monitoring template to monitor the availability and
performance of web-based applications. You use watcher nodes to test the application. You can use this
template for web-based applications that are running on any platform, because the template is based on
HTTP requests from the watcher nodes. The web server does not need to be agent-managed.
The simplest configuration for monitoring web applications requires that you provide only the web
application URL, the watcher nodes, and how often to run the query. This configuration lets you know if
the web application accepts connections, and how quickly it responds.
You can also perform advanced web applications monitoring, which generates errors and warnings based
on the following:
Http status code. You can test for the value of an error code. By default, all error codes above 400
generate an error.
Content match. You can test for the presence of text in the response. This allows you to identify if an
application is or is not sending specific text. This is useful when specific text can be associated with
the application working properly.
Response Time. You can test for a specific response time from the server. If the server is responding
slowly, you may need to troubleshoot the web server.
You can do more than simply monitoring web application connectivity with the Web Application
Transaction Monitoring template. The template also supports specifying authentication credentials, and
performing actions in the web application. By performing actions in the web applicationsuch as clicking
linksyou are verifying performance of the application as seen by users.
The Web Recorder records a session in the application. While you use Windows Internet Explorer to
perform actions in the web application, the Web Recorder saves those actions. When a watcher monitors
the application, it performs the same actions. If necessary, you can edit the details of the recorded steps to
fine-tune them.
Monitoring .NET Applications
You can use the .NET Application Performance Monitoring Template to monitor Microsoft .NET
applications that are hosted on servers running Microsoft Internet Information Services (IIS) 7.0. On
monitored computers, .NET applications are inventoried automatically based on the management pack
for IIS 7.0.
8-16
When you use the .NET Application Performance Monitoring Template, you select one or more .NET
applications that make up an overall application. The ability to select multiple .NET applications is useful
when the application is multi-tier.
Server-Side Monitoring
Server-side monitoring can generate alerts based on performance. The performance alerts generate based
on how quickly user transactions complete. By default, alerts generate when a user transaction takes
longer than 15 seconds.
Server-side monitoring can also generate alerts based on exceptions. The exception alerts generate when
an error occurs in the .NET application. You can limit alerts to specific exception types. For example, you
can configure only critical events to generate an alert. It is possible to use the data in an alert for
troubleshooting a problem with an application.
Client-Side Monitoring
For client-side monitoring, requests are generated by the .NET Application Performance Monitoring
service, which is installed on the agent-monitored watcher node. This service installs automatically
when you install the agent. The exception to this is when the AVIcode agent is already installed. AVIcode
also performs .NET application monitoring, and the AVIcode agent conflicts with the .NET Application
Performance Monitoring service. During Operations Manager agent installation, if the AVIcode agent is
detected, then the .NET Application Performance Monitoring service will not install.
8-17
When you enable client-side monitoring, JavaScript scripts are added to the web applications
automatically. The watcher nodes run these scripts to test the health of the web applications. The watcher
nodes do not test custom code that you have written.
Use a Controlled Deployment Process
We recommend that you first begin monitoring .NET applications with the default settings. In addition,
begin with only server-side monitoring, and only on a single server. After you have tuned the server-side
monitoring on a single server, you can then begin monitoring additional servers. Finally, you can
introduce client-side monitoring, and then tune the client-side monitoring. Introducing monitoring for
.NET applications as a controlled process makes it much easier to identify the information that you need,
and to perform the tuning process to obtain that information.
Lesson 3
Distributed Application Monitoring
8-18
A distributed application combines the monitoring information from multiple objects into a single logical
view that shows the health of an application. When individual components that make up an application
are not healthy, the application status is also not healthy. You can use distributed applications to monitor
the overall health of an application and the services upon which it depends.
Describe distributed application monitoring.
Identify the tools available to create distributed applications.
Identify the templates available for creating distributed applications.
Distributed Application Monitoring
8-19
Many applications are not composed of a single process, nor are they installed on a single server; instead,
many applications rely on multiple components. For example, many applications have a web front end,
and a SQL Server back end. There are management packs for IIS and SQL Server, but each of those
management packs monitor only the individual components of the application, not the overall
application.
You can monitor the performance of a web-based application by using both the .NET Application
Performance Monitoring template and the Web Application Transaction Monitoring template. However,
while these templates provide performance information, they do not let you explore or discover the status
of the underlying components that make up the application.
Distributed application monitoring allows you to create a complete overview of an application by
combining the monitoring of its parts into a single component. You can create a distributed application
that is composed of a SQL database, a web server, and performance monitoring for the application. When
a problem occurs in a distributed application, you can explore and identify the specific health monitor
that is reporting the problem.
A distributed application is composed of the following parts:
Component groups. The component groups represent discrete parts of an application. For example, in
a simple distributed application, one component would be the web front end, and a second
component would be the SQL Server back end.
Objects. You place objects inside each component group to provide the monitoring information. For
example, for the web front-end component, you could include IIS 7.0 objects and Windows Server
objects to provide an overview of the entire server.
Relationships. Relationships show how one component group is related to another. This is meant to
represent visually how one component group might affect the health of another component group.
However, the health status of one component group does not affect the health status of other
component groups. Health status for a distributed application is based on the worst health status
of any component group.
Creating Distributed Applications
8-20
You can use the Distributed Application Designer in the Operations Manager console to create distributed
applications. Distributed Application Designer includes templates to simplify the creation of distributed
applications. However, distributed applications that you create by using Distributed Application Designer
have the following limitations:
Explicit membership for component groups.
No health update between component groups.
Other tools that you can use to create a management pack that includes distributed applications are:
Visio Management Pack Designer. Visio Management Pack Designer is an add-in that you use drag
and drop functionality to authoring management packs in Microsoft Visio. As you add shapes to the
diagram, you edit the properties of the objects to customize the management pack. You can only
work within predefined monitoring scenarios.
System Center Operation Manager 2007 R2 Authoring Console. You can use the System Center
Operations Manager 2007 R2 Authoring Console to make management packs that are compatible
with Operations Manager. The Authoring Console lets you create relationships, custom classes, and
discoveries that are not available in Distributed Application Designer.
Visual Studio Authoring Extensions. Management packs are composed of XML. The Visual Studio
Authoring Extensionsa feature of Microsoft Visual Studioprovides templates for management
pack elements. Editing XML in a management pack gives you complete control, but is very complex.
Distributed Application Templates
8-21
When you create a distributed application by using Distributed Application Designer, you can select a
template as a starting point for building the distributed application. Each template identifies the most
commonly used objects for that type of template, and makes them available for placement in the
component groups.
The following templates are included in Distributed Application Designer:
3-Tier Application (360). This template is composed of four component groups for the client
perspective, presentation tier, business tier, and data tier. The client perspective component group
is reserved for synthetic transactions that monitor application availability and performance. The
presentation and business tiers are for .NET Application monitors. Finally, the data tier is for database
monitoring.
Line of Business Web Application. This template is composed of two component groups for web
application web sites, and web application databases. Most line-of-business (LOB) applications are
composed of these two parts.
Messaging. This template is composed of several component groups that combine to provide
messaging infrastructure. The component groups are for messaging clients, messaging components,
directory services, storage, network services, and physical network.
Blank (Advanced). This template contains no preconfigured components. You must create the
component groups for your scenario, and then configure the relationships between them.
Lab Setup
Note
1.
2.
In Microsoft Hyper-V Manager, click 10751A-LON-DC1, and in the Actions pane, click Start.
3.
4.
Password: Pa$$w0rd
Domain: Contoso
5.
Repeat steps 2 to 4 for 10751A-LON-SQ1 and 10751A-LON-OM1.
6.
7.
8.
8-22
9.
Password: Pa$$w0rd
Domain: Contoso
10. Repeat steps 7 to 9 for 10751A-LON-AP1, and 10751A-LON-DM1.
Lab Scenario
8-23
Contoso, Ltd has implemented Operations Manager to monitor private cloud infrastructure. The
management packs for infrastructure components such as Microsoft System Center 2012 - Data
Protection Manager (DPM) and VMM have already been imported. The default monitors and views for
monitoring the infrastructure components are useful, but you would like to extend Operations Manager
capabilities by customizing monitoring. This includes creating custom monitors, custom views, and
making a dashboard view available on a SharePoint Server site.
Exercise 1: Creating Custom Monitoring

Scenario
8-24
You want to create customized monitoring to extend Operations Manager capabilities. You need to create
a management pack to contain the customized monitors. You then need to create customized monitors
by using management pack templates.
1.
Create a management pack for custom monitoring.
2.
Create a group for VMM servers.
3.
Monitor the VMM service.
4.
Monitor the VMM service process.
5.
Configure monitoring for the SQL TCP port.
6.
Configure monitoring for the VMM SQL database.
7.
Configure monitoring for the VMM Self-Service Portal.
8.
Configure monitoring for the AppController .NET Application.
Task 1: Create a management pack for custom monitoring

1.
On LON-OM1, open the Operations Console.
2.
In the Administration workspace, create a new management pack with the name Infrastructure
Monitoring.
Task 2: Create a group for VMM servers
On LON-OM1, in the Authoring workspace of the Operations console, create a new group with the
following characteristics:
Name: VMM Servers
Destination management pack: Infrastructure monitoring
Explicit members: None
Dynamic Members: VMM Server objects
Subgroups: None
Excluded members: None
Task 3: Monitor the VMM service

1.
On LON-OM1, in the Authoring workspace, select Management Pack Templates, and start the Add
Monitoring Wizard.
2.
In the Add Monitoring Wizard, on the General page, use the Windows Service template with the
Name: VMM Service
Destination management pack: Infrastructure Monitoring
3.
On the Service Details page, select the System Center Virtual Machine Manager service from
LON-VM1.
4.
For the Targeted group, select VMM Servers.
5.
Select to Monitor only automatic service.
6.
On the Set Performance Data Collection Settings page, configure the following:
Generate an alert of CPU usage exceeds the specified threshold
CPU Usage: 50
Number of samples: 3
Sampling interval: 5 minutes
Task 4: Monitor the VMM service process
8-25
1.
Monitoring Wizard.
2.
In the Add Monitoring Wizard, on the General Properties page, use the Process Monitoring
template and enter the following information:
3.
4.
5.
Name: VMM Process
On the Process to Monitor page, configure the following:
Monitor whether and how a process is running (for processes you want)
Process name: vmmservice.exe
Targeted group: VMM Servers
On the Running process page, configure the following:
Generate an alert if the number of processes is below the minimum value or above the
maximum value for longer than the specified duration
Minimum number of processes: 1
Maximum number of processes: 1
Duration: 2 minutes
On the Performance Data Collection Settings page, accept the default configuration.
Task 5: Configure monitoring for the SQL TCP port

1.
Monitoring Wizard.
2.
In the Add Monitoring Wizard, on the General Properties page, use the TCP Port template with the
Name: VMM SQL Server Port
3.
On the Test Port Settings page, configure the following:
Computer or device name: LON-SQ1.Contoso.com
Port: 1433
4.
Test connectivity to the port.
5.
On the Choose Watcher Nodes page, configure the following:
Watcher nodes: LON-OM1.Contoso.com
Run this query every: 1 minute
Task 6: Configure monitoring for the VMM database
8-26
1.
Monitoring Wizard.
2.
In the Add Monitoring Wizard, on the General Properties page, use the OLE DB Data Source
template with the following characteristics:
3.
Name: VMM SQL Database
On the Connection String page, use the Build button with the following settings to create the
connection query string:
Provider: Microsoft OLD DB Provider for SQL Server
Database: VirtualManagerDB
4.
Test the connection.
5.
On the Query Performance page, configure the following:
6.
Connection time in milliseconds
Error Threshold: 30000
Warning Threshold: 500
On the Watcher Nodes page, configure the following:
Task 7: Configure monitoring for the VMM Self-Service Portal

1.
Monitoring Wizard.
2.
In the Add Monitoring Wizard, on the General Properties page, use the Web Application
Transaction Monitoring template with the following characteristics:
Name: VMM Self-Service Portal
3.
On the Web Address page, type the URL http://LON-VM1.Contoso.com.
4.
On the Watcher Node page, configure the following:
Task 8: Configure monitoring for the AppController .NET Application
8-27
1.
On LON-OM1, in the Operations console, open the Administration workspace.
2.
On the Administration Overview page, select to import management packs and use the following
settings:
Add from disk
Browse to \\LON-AP1\E$\Labfiles\SystemCenter\SCOM2012\ManagementPacks
Import Microsoft.SystemCenter.Apm.Web.IIS7.mp
3.
On LON-OM1, in the Authoring workspace, select Management Pack Templates, and then start the
Add Monitoring Wizard.
4.
In the Add Monitoring Wizard, on the General Properties page, use the .NET Application
Performance Monitoring template with the following characteristics:
Name: AppController NET Application
5.
On the What to Monitor page, add the AppController .NET application.
6.
On the Server-Side Configuration page, configure the following:
Turn on performance event alerts
Turn on exception event alerts
Performance event threshold: 10000
7.
Open a command prompt, and then run iisreset.exe.
8.
Close the command prompt.
Results: After this exercise, you should have created customized monitoring for infrastructure
components.
Exercise 2: Creating a Distributed Application

Scenario
Contoso, Ltd wants a distributed application in Operations Manager that they can use to monitor the
VMM Self-Service Portal. You will configure this by using the some of the custom monitoring that you
have already configured.
1.
Create a distributed application from a template.
2.
Configure monitoring for the Self-Service Portal website.
3.
Configure monitoring for the Self-Service Portal back end.
4.
View the distributed application.
Task 1: Create a distributed application from a template
8-28
1.
2.
In the Operations console, in the Authoring workspace, create a new distributed application with the
following information:
3.
Name: VMM Self-Service Portal Application
Template: Line of Business Web Application
Management pack: Infrastructure Monitoring
Leave Distributed Application Designer open.
Task 2: Configure monitoring for the Self-Service Portal website

1.
On LON-OM1, in the Distributed Application Designer, open the properties of the VMM Self-Service
Portal Application Web Application Web Sites component group.
2.
In the Component Group Properties window, rename the component group to VMM Portal Web
Site.
3.
Allow the following object to be added to the component group:
Object\Configuration Item\Logical Entity\Perspective
4.
In the Objects pane, view the Web Site objects.
5.
Right-click Microsoft System Center Virtual Machine Manager Self-Service Portal (x64) and add
it to the VMM Portal Web Site component group.
6.
In the Objects pane, view the Perspective objects.
7.
Right-click to add VMM Self-Service Portal to the VMM Portal Web Site component group.
Task 3: Configure monitoring for the Self-Service Portal back end
8-29
1.
On LON-OM1, in the Distributed Application Designer, open the properties of the VMM Self-Service
Portal Application Web Application Databases component group.
2.
In the Component Group Properties window, rename the component group to VMM Portal
Backend.
3.
Allow the following object to be added to the component group:
Object\Configuration Item\Logical Entity\Perspective
4.
In the Objects pane, view the Perspective objects.
5.
Use a right-click to add VMM SQL Database to the VMM Portal Backend component group.
6.
Use a right-click to add VMM SQL Server Port to the VMM Portal Backend component group.
7.
In the Objects pane, view the Database objects.
8.
Use a right-click to add the first instance of VirtualManagerDB to the VMM Portal Backend
component group.
9.
Save the VMM Self-Service Portal Application.
10. Close the Distributed Application Designer.
Task 4: View the distributed application

1.
On LON-OM1, in the Operations console, in the Monitoring workspace, view the Distributed
Applications.
2.
Look at the health of the VMM Self-Service Portal Application.
3.
Use right-click to open a Diagram View of the VMM Self-Service Portal Application.
4.
Expand the diagram components.
5.
Results: After this exercise, you should have created a distributed application for the VMM Self-Service
Portal.
Exercise 3: Configuring Service Level Management

Scenario
8-30
The VMM Self-Service Portal is an important part of managing the virtual machines in the private cloud.
Contoso, Ltd has defined a service level objective of 99 percent availability for the VMM Self-Service
Portal. You need to configure service level management to track availability of the VMM Self-Service
Portal.
1.
Configure service level tracking.
2.
View a service level report.
Task 1: Configure service level tracking

1.
2.
In the Authoring workspace, create a new Service Level Tracking management pack object.
3.
On the General page, enter a name of VMM Self-Service Portal Tracking.
4.
On the Objects to Track page, select the VMM Self-Service Portal Application.
5.
On the Service Level Objectives page, add a Monitor state SLO (service level object) with the
Service level objective name: VMM Self-Service Portal Availability
Monitor: Availability
Service level objective goal: 99
Specify the states you want to be counted as downtime in this objective: Critical
Task 2: View a service level report

1.
On LON-OM1, in the Operations console, in the Reporting workspace, browse to the Microsoft
Service Level Report Library.
2.
Open the Service Level Tracking Summary Report, and add VMM Self-Service Portal Tracking
Data Aggregation: Hourly
From: Today 1:00 AM
To: Today 11:00 PM
3.
Run the report. After the report is generated, under VMM Self-Service Portal Tracking, expand
Contoso to view more information.
4.
Close the Service Level Tracking Summary Report and the Operations console.
Results: After this exercise, you should have created a service level tracking object and viewed a service
level report.
Exercise 4: Creating Views for Private Cloud Infrastructure

Scenario
8-31
To simplify monitoring, you can create additional monitoring views. Contoso, Ltd wants to have additional
views for private cloud infrastructure alerts and status. The new views will central information for
infrastructure component.
1.
Create a group for infrastructure servers.
2.
Create an alert view for infrastructure servers.
3.
Create a dashboard view for infrastructure servers.
Task 1: Create a group for infrastructure servers

1.
2.
In the Authoring workspace, create a new group.
3.
On the General Properties page, use the following settings:
Name: Infrastructure Servers
4.
On the Explicit Members page, do not configure any explicit members.
5.
On the Dynamic Members page, create a new rule that includes:
VMM Server
DPM Server
6.
On the Subgroups page, do not create a subgroup.
7.
On the Excluded Members page, do not exclude any members.
8.
Select the Groups node, and then use right-click to View Group Members for Infrastructure
Servers.
Task 2: Create an alert view for infrastructure servers

1.
On LON-OM1, in the Monitoring workspace, select Infrastructure Monitoring.
2.
Create a new Alert View with the following settings:
3.
Name: Infrastructure Alerts
Show data related to: Infrastructure Servers
Click Infrastructure Alerts to view any alerts for member of the Infrastructure Servers group.
Task 3: Create a dashboard view for infrastructure servers

1.
On LON-OM1, in the Operations console, in the Monitoring workspace, select Infrastructure

Monitoring.
2.
Create a new Dashboard View with the following settings:
3.
4.
Template: Grid Layout
Name: Infrastructure Dashboard
Number of cells in the dashboard: 2
Layout: two horizontal cells
Add a widget to the top cell with the following settings:
Alert Widget
Name: Infrastructure Alerts
Scope: Infrastructure Servers
Criteria: none
Display preferences: none
Add a widget to the bottom cell with the following settings:
State Widget
Name: Infrastructure State
Scope: Infrastructure Servers
Criteria: none
Display preferences: none
Results: After this exercise, you should have created views specifically for infrastructure servers.
8-32
Exercise 5: Configuring SharePoint Integration

Scenario
8-33
Contoso, Ltd is creating a new SharePoint site for the IT group. This site will provide a central location for
the IT group to view alerts and state information about private cloud infrastructure. Shared credentials
ensure that SharePoint users without permissions to access Operations Manager have the ability to access
the dashboard view in the SharePoint site.
1.
Install the Operations Manager Web Part.
2.
Configure a Web Console for the Web Part.
3.
Identify the Uniform Resource Identifier (URI) for the dashboard.
4.
Add a Web Part to a SharePoint site.
5.
Create a target application ID for shared credentials.
6.
Configure a Web Part to use the target application ID.
7.
Test the use of shared credentials to access the dashboard.
8.
Reinstall the Operations Manager Web Console.
Task 1: Install the Operations Manager Web Part

1.
On LON-AP1, use the Windows Explorer window to browse to

E:\Labfiles\SystemCenter\SCOM2012\Setup\AMD64.
2.
Copy the SharePoint folder to drive C on LON-AP1.
3.
Open the SharePoint 2010 Management Shell, and change the directory to C:\SharePoint.
4.
Install the Operations Manager Dashboard Viewer by using the following command:
.\install-OperationsManager-DashboardViewer.ps1 SolutionPath C:\SharePoint
Task 2: Configure a Web Console for the Web Part

1.
On LON-AP1, open SharePoint 2010 Central Administration.
2.
Use the Site Actions list in the upper-left corner to View All Site Content.
3.
Open the Operations Manager Web Console Environments list, and then add a new item with the
following settings:
Title: LON-OM1
HostUri: http://LON-OM1.Contoso.com/OperationsManager/
Task 3: Identify the URI for the dashboard

1.
On LON-AP1, open Internet Explorer, and open http://LON-OM1/OperationsManager.
2.
At the Web Console Configuration Required prompt, click Configure. Click Run, and then click
Close. Refresh the Web page.
3.
In the Monitoring workspace, view the Infrastructure Dashboard inside of Infrastructure

Monitoring.
4.
Copy the URI from the address bar to the clipboard.
Task 4: Add a Web Part to a SharePoint site

1.
On LON-AP1, open Internet Explorer, and open http://LON-AP1.
2.
Use the Site Actions list to create a New Page with the name Infrastructure Dashboard.
3.
In the new Infrastructure Dashboard page, insert the Operations Manager Dashboard Viewer
Web Part.
4.
Edit the Operations Manager Dashboard Viewer Web Part, and configure the following settings:
Operations Manager web console environments: LON-OM1
Dashboard link: paste the link you copied in task 3
Title: Infrastructure Dashboard
If prompted for credentials, enter Administrator with the password of Pa$$w0rd.
5.
Notice that the dashboard now displays the same data that you saw in the web console.
6.
On the Page tab, Save & Close the web page.
7.
Close all open windows.
Task 5: Create a target application ID for shared credentials

1.
2.
Under Application Management, open Manage service applications.
3.
Select the Secure Store Service, and then generate a new key.
4.
Use Pa$$w0rd as the pass phrase to secure the new key.
5.
Create a new target application ID with the following settings:
6.
Target Application ID: Operations Manager
Display Name: SCAdmin
Contact E-mail: Administrator@Contoso.com
Target Application Administrator: Contoso\Administrator
Click the down arrow on Operations Manager to Set Credentials with the following settings:
Credential Owner: Contoso\Administrator
Windows User Name: Contoso\SCAdmin
Windows Password: Pa$$w0rd
Confirm Windows Password: Pa$$w0rd
8-34
Task 6: Configure a Web Part to use the target application ID
8-35
1.
On LON-AP1, use Windows Explorer to browse to \\LON-OM1\c$\Program Files

\System Center 2012\Operations Manager\WebConsole\WebHost.
2.
Use Notepad to open web.config.
3.
In the Find window, find the word OverrideTicketEncryptionKey.
4.
Verify that you can see the key with the name OverrideTicketEncryptionKey, and verify that you can
see the value.
5.
Verify that below the OverrideTicketEncryptionKey, you can see the Validation key and the value.
6.
Leave Notepad open.
7.
8.
Use the Site Actions list in the upper-left corner to View All Site Content.
9.
Open the list Operations Manager Web Console Environments, and then edit LON-OM1.
10. Configure the Target Application ID as Operations Manager.
11. Copy the OverrideTicketEncryptionKey value from Notepad to the EncryptionAlgorithmKey box.
Do not include the quotes.
12. Copy the Validation key value from Notepad to the EncryptionValidationAlgorithmKey box. Do
not include the quotes.
13. Save the settings for LON-OM1.
Task 7: Test the use of shared credentials to access the dashboard

1.
On LON-AP1, open Internet Explorer, and then open http://LON-AP1.
2.
In Site Pages, open the Infrastructure Dashboard page.
3.
After the dashboard displays, close all open windows.
4.
Shut down LON-DM1.
Note If Task 7 is successful then the Exercise is complete. If the message An unexpected
error has occurred displays when viewing the Infrastructure Dashboard in Task 7, then
complete Task 8 to resolve the error.
Task 8: Reinstall the Operations Manager Web Console

1.
On LON-OM1, open Control Panel and Uninstall a program.
2.
In Programs and Features, remove the Web console feature from System Center 2012 Operations
Manager.
3.
Browse to \\LON-AP1\E$\Labfiles\SystemCenter\SCOM2012 and run setup.exe.
4.
5.
Install the Web console feature with the following options:
Web site: Default Web Site
Enable SSL: not selected
Authentication mode: Use Mixed Authentication
Microsoft Update: Off
When the Web console installation is complete, repeat Task 6 and Task 7.
Results: After this exercise, you should have configured the Operations Manager Web Part.
8-36
Review Questions
8-37
1.
Where are the files that you need to configure SharePoint Server integration with Operations
Manager located?
2.
What is a watcher node?
3.
Can monitoring that you configure by using the TCP Port template confirm that a website is
functioning properly?
4.
How does server-side monitoring differ from client-side monitoring for the .NET Application
Performance Monitoring template?
5.
How does a distributed application differ from the monitors that you create by using management
pack templates?
Real-World Issues and Scenarios

1.
Your organization wants to monitor web-based application responses to service requests. You need
to configure monitoring to ensure that user logons are working properly for the application. Which
management pack template should you use?
2.
Your organization has created a new .NET application that the sales department uses for tracking
orders and monitoring sales leads. The sales people are complaining that the application sometimes
generates errors, and then loses the information that they entered. Which management pack
template should you use to gather additional information about the errors?
3.
Your organization would like to integrate dashboard view information from Operations Manager into
a SharePoint site for the IT department. You need to implement a new SharePoint server to support
this. Which editions of SharePoint Server can you use if you want to use shared credentials?
Tools
Tool
Use for
Where to find it
8-38
Install-OperationsManagerDashboardViewer.ps1
Installing the Operations Manager

Web Part on the SharePoint 2010
server
Operations Manager media
Add-OperationsManagerWebConsole-Environment.ps1
Creating and configuring an

Operations Manager Web Console
Server environment in SharePoint
2010 to support the Operations
Manager Web Part
Operations Manager media
SharePoint 2010 Central

Administration
Configuring SharePoint 2010 central

services
Start menu on the

SharePoint 2010 server
SharePoint 2010 Management

Shell
Running Windows PowerShell scripts

Start menu on the
that manage and configure SharePoint SharePoint 2010 server
2010
Distributed Applications
Designer
Creating and modifying distributed

applications based on a template
Operations Manager
console

9-1
Module 9
Implementing Service Management for the Private Cloud
Contents:
Lesson 1: Service Manager Architecture Overview
9-3
Lesson 2: Upgrading to System Center 2012 Service Manager
9-12
Lesson 3: Understanding Service Manager Work Items
9-17
Lesson 4: Configuring Service Manager Connectors
9-30
Lesson 5: Configuring Service Manager Notifications
9-40
9-44
Module Overview
Microsoft System Center 2012 - Service Manager provides an integrated platform for automating and
adapting your organizations IT service management best practices, such as those found in Microsoft
Operations Framework (MOF) and IT Infrastructure Library (ITIL). Service Manager provides built-in
processes for incident and problem resolution, change control, and asset life cycle management.
In this module, you will learn about Service Manager architecture, upgrade options, work items,
connectors, and notifications.
Describe the Service Manager architecture.
Upgrade to System Center 2012 - Service Manager.
Understand Service Manager work items.
Configure Service Manager connectors.
Configure Service Manager notifications.
9-2 Implementing Service Management for the Private Cloud
Lesson 1
Service Manager Architecture Overview
To help organizations manage their help desks, Service Manager automates help desk functions such as
ticketing and change request processes. Service Manager integrates with Active Directory Domain
Services (AD DS), and products such as System Center 2012 - Operations Manager, System Center 2012 Virtual Machine Manager (VMM) and System Center 2012 Configuration Manager to build a single,
reconciled inventory of an organizations assets.
In this lesson, you will learn about Service Manager components, and about Service Manager deployment.
Describe Service Manager components.
Describe the prerequisites for Service Manager deployment.
Describe the considerations for Service Manager deployment.
Describe the considerations for Service Manager security.
Service Manager Components
Service Manager helps organizations to implement process automation and workflows for various types of
scenarios. These scenarios include change control, incident control, and service requests, and service
offerings.
The Service Manager infrastructure consists of several components:
Service Manager management server. As the central component of the Service Manager
infrastructure, you use the Service Manager management server to manage work items, incidents,
changes, users, and tasks.
Service Manager console. The Service Manager console is a graphical user interface (GUI) that
administrators use to manage Service Manager components, and that help desk technicians use to
manage incidents, problems, and other items. The console automatically installs when you deploy a
Service Manager management server. You can also manually install the Service Manager console as a
standalone component on a server or desktop computer.
Service Manager database. The Service Manager database is the Service Manager implementation
of a Configuration Management database. It contains Service Manager configuration items, work
items (such as incidents), change requests, and the configuration for the product itself. Microsoft
SQL Server hosts the database.
Service Manager data warehouse management server. The data warehouse stores operational data
that you can access for reporting purposes in near-real time. It provides historical and analytical
functions to drive strategic service delivery and operations decision-making. The computer that hosts
the server piece of the data warehouse is called the Service Manager data warehouse management
server. You normally install this server after you install the Service Manager management server. After
installing both servers and the Service Manager database, you use the Service Manager console to
manually connect the Service Manager management server to the Service Manager data warehouse
management server. After you perform this task, the console will display options for reporting and for
the Service Manager data warehouse management server.
Data warehouse database. The data warehouse database provides long-term storage for the business
data that Service Manager generates. Server Manager uses this database for generating reports.
Self-Service Portal. The Self-Service Portal is a Microsoft SharePoint website that accompanies a set
of Microsoft Silverlight applications. The Self-Service Portal consists of two elements: a SharePoint
Server website, and a web content server. The web content server is a web application that provides a
path for data from the Service Manager database server to the Silverlight-based application that is
running in the browser.
The Self-Service Portal also provides a web-based console for both end users and analysts:
The end user console allows users to submit incidents, search for knowledge articles, read
announcements, reset passwords, and deploy self-service software.
The analyst console allows users to view change requests.
The Self-Service Portal also provides a set of building blocks for extending the features that users can
access through a web browser.
Prerequisites for Service Manager Deployment
Before deploying Service Manager components, you should be aware of hardware and software
requirements.
When planning your hardware configuration to support Service Manager, your configuration should
include a Dual Core CPU running at 2.6 gigahertz (GHz), with at least 8 gigabytes (GB) of random access
memory (RAM). For managing greater than 20,000 users, it is recommended that you increase the RAM to
16 GB or 32 GB. Additionally, you should have at least 10 GB of hard disk space available to cover both
the Service Manager installation and the additional space required for the databases. You will also need
additional disk space if you plan to deploy the Self-Service Portal. For pilot environments, you can start
with less RAM, but in general, you should not provide less than 8 GB in production.
The software requirements for Service Manager installation vary from component to component. In
general, you can only deploy Service Manager server components on 64-bit operating systems, and not
on 32-bit operating systems. As a best practice, use the Windows Server 2008 R2 Service Pack 1 (SP1)
operating system.
The only Service Manager component that can function on a 32-bit operating system is the Service
Manager console, which you can deploy on desktop operating systems such as Windows 7 and Windows
Vista.
Server Manager Management Server

To deploy the Service Manager management server, you will also need:
Microsoft .NET Framework 3.5 with SP1
ADO.NET Data Services Update for .NET Framework 3.5 SP1 for Windows Server 2008 R2
Microsoft Report Viewer Redistributable
Data Warehouse Management Server
To deploy the Data Warehouse management server, you also need SQL Server. Supported SQL Server
versions are:
The 64-bit version of SQL Server 2008 with SP1
The 64-bit version of SQL Server 2008 with Service Pack 2 (SP2)
The 64-bit version of SQL Server 2008 R2
In addition, you should install SQL Server Reporting Services and Analysis Services. The SQL Server
collation settings must be the same for the computers that are hosting the Service Manager database,
data warehouse database, and SQL Server Reporting Services database. The same requirements apply for
the Service Manager database.
Self-Service Portal
If you want to implement the Self-Service Portal, you need a supported version of SharePoint, .NET
Framework 4.0, and Internet Information Services (IIS). The following SharePoint versions are supported:
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2010
Microsoft SharePoint 2010 for Internet Sites Enterprise
Software requirements for SharePoint Web Parts for the Self-Service Portal are based on SharePoint Server
2010 specifications.
Considerations for Service Manager Deployment
Service Manager deployment is a demanding procedure. Consider the following prior to the deployment
planning phase:
Before deployment, create a group of users in AD DS, and create or identify a domain account that
Service Manager will use during the setup process. Make sure that the domain account is a member
of the groups that are required for proper Service Manager operation. (Accounts that you need for
Service Manager deployment are discussed in next topic.) During Setup, you will be prompted to
provide domain users or groups for various Service Manager functions.
When you deploy both the Service Manager management server and the Service Manager data
Warehouse management server, you will be asked to provide a management group name. When
you deploy Operations Manager, you will also be asked to provide a management group name. The
management group names that you use for the Service Manager management group, the Service
Manager data warehouse management group, and the Operations Manager management group
must all be unique.
Before starting the Service Manager installation, you may want to consult your SQL Server
administration team to discuss the impact that Service Manager will have on your SQL Server
computers. Specifically, Service Manager and its components create and use several databases.
Some of these databases are quite large, so you need to plan the resources to host them.
Implementing Service Manager with Operations Manager
Because Service Manager can integrate with other System Center productsin particular with Operations
Manageryou will most likely implement the products in the same environment. If you decide to install
Service Manager with a System Center product on the same server, consider the following:
Operations Manager 2007 or Operations Manager 2012 can share the database server with Service
Manager.
The Operations Manager 2007 R2 agent and the Service Manager management server can coexist on
the same server if you install the agent first, and then install either the Service Manager management
server or the Service Manager data warehouse management server.
You can install both the Operations Manager 2007 R2 console and the Service Manager console on
the same computer. The order in which you install the consoles does not matter.
Do not attempt to use the same SQL Server Reporting Services instance for both Operations Manager
and Service Manager.
Necessary Hotfixes
Make sure that you install all updates and hotfixes that are available for Service Manager and the Service
Manager components. During the time that this course was being written, Service Manager was in RC
version, and it required installation of the Authorization Manager hotfix (KB975332) and the Microsoft
Report Viewer Redistributable security update (KB971119) before starting Service Manager deployment.
In addition, if either the Service Manager management server, the Service Manager data warehouse
management server, or the Self-Service Portal lose connection to the SQL Server databaseseven
brieflythe connection does not automatically re-establish itself. Microsoft released a hotfix to address
this issue. It is extremely important that you install this hotfix on the computers that host the Service
Manager management server, Service Manager data warehouse management server, or the Self-Service
Portal.
Self-Service Portal Deployment Considerations

Considerations for deploying the Self-Service Portal are as follows:
Deploy the Self-Service Portal on a machine separate from the Service Manager management server.
It is very important that you have installed the certificates properly before you begin deploying the
Self-Service Portal. You should install certificates from a trusted Certification Authority (CA), and
ensure that the name on the certificate matches the URL where you will locate the Self-Service Portal.
If the certificate is not configured properly, users will not be able to run the Silverlight portion of the
Self-Service Portal.
It is recommended that you use a Web Server certificate from an internal CA. However, you can also
use Subject Alternative Names (SANs) on your certificate if you plan to use it for multiple sites. In
addition, if you want to host the self-service portal on TCP port 443, you first need to move the
SharePoint server from that port before you begin deployment. Alternatively, you can use a dedicated
IP address for the Self-Service Portal.
Considerations for Service Manager Security
The Service Manager deployment process requires that you have appropriate rights and permissions, and
that you create accounts that Service Manager will use during Setup and later use. You should plan for
these items before starting a deployment.
Server Manager Management Server

To install a Service Manager management server, you need the following permissions:
Local administrator on the computer that you are using to run Setup
Local administrator on the computer that will host the Service Manager database if it is on a remote
computer
Logged-on user must be logged on as a domain user
The Sysadmin SQL Server role on the SQL Server instance where the Service Manager database is
being created
Data Warehouse Management Server

To install the Data Warehouse management server, you need the following:
Local administrator permissions on the computer that you are using to run Setup.
Local administrator permissions on the computer that will host the Service Manager data warehouse
database, if it is on a remote computer.
Logged-on user must be logged on as a domain user.
The Content Manager role in SQL Server Reporting Services at the site level (root).
The Sysadmin SQL Server role on the SQL Server instance where the Service Manager data warehouse
database is being created.
Additional Considerations
When planning your Service Manager deployment process, consider the following:
Create an Active Directory user group that will be assigned to the Service Manager administrator
roles for both the Service Manager data warehouse database, and the Service Manager management
groups. For example, you could create a group called SM_Admins. This group of users must be
located in the same domain as Service Manager. Users from any other domaineven child
domainsare not supported.
Create the accounts that are necessary for Service Manager. Service Manager accounts must be
located in the same domain as Service Manager. Accounts from any other domaineven child
domainsare not supported.
As part of your security infrastructure, you may want to keep a record of port numbers that you use
throughout your Service Manager environment. Ensure that these firewall ports are open on
computers that host Service Manager.
Lesson 2
Upgrading to System Center 2012 - Service Manager
You can upgrade to Service Manager 2012 from previous versions of Service Manager. However, when
planning an upgrade, you should be aware of some limitations and considerations.
In this lesson, you will learn how to plan and perform a Service Manager upgrade to System Center 2012 Service Manager.
Describe considerations for upgrading to Service Manager 2012.
Describe how to prepare Service Manager servers for upgrade.
Describe how to upgrade Service Manager connectors.
Considerations for Upgrading to Service Manager 2012
You can upgrade System Center Service Manager 2010 SP1 Cumulative Update 3 (CU3) (version
7.0.6555.115) to Service Manager 2012. Once you start an upgrade from Service Manager 2010, you
have to perform the upgrade across your entire Service Manager environment. Service Manager 2010
management servers are not compatible with the Service Manager 2012 data warehouse management
server. Additionally, Service Manager 2010 consoles are not compatible with the Service Manager 2012
management servers.
Note If you are running Service Manager 2012 beta, you can use it to perform an in-place
upgrade to Service Manager.
Service Manager 2012 only supports in-place upgrades. An in-place upgrade is an upgrade of all Service
Manager components on the same hardware, which means that you run the Service Manager 2012 setup
on the same machine where Service Manager 2010 is installed.
The Service Manager 2010 Self-Service Portal is completely redesigned for Service Manager. This means
that you cannot perform an in-place upgrade of the Service Manager 2010 Self-Service Portal. Instead,
you should uninstall the 2010 Self-Service Portal, and install the new Self-Service Portal. Perform this task
after you upgrade the other service management servers.
The Upgrade Process

Perform the upgrade steps in the following order:
1.
Upgrade the Service Manager data warehouse management server. Before you begin the upgrade,
stop the data warehouse management server jobs. You will not be able to start them again until after
you complete the upgrade.
2.
After the Service Manager data warehouse management server upgrade completes, wait 10 minutes
for processing to complete, and then upgrade the initial Service Manager management server. If you
have more than one Service Manager management server, the initial Service Manager management
server is the first one that you created.
3.
Upgrade the Service Manager consoles and any additional Service Manager management servers.
4.
Restart the Service Manager data warehouse management server jobs.
5.
Install the 2012 version of the Self-Service Portal.
Upgrade Timing
Timing your upgrade appropriately is important. You should complete the upgrade so that the Service
Manager 2010 and Service Manager 2012 do not coexist. This means that after upgrading your Service
Manager data warehouse management server, you must immediately update the Service Manager
management server and deploy the new Self-Service Portal.
The Management Pack Sync (MPSync) job on a Service Manager data warehouse management server
does not work with either the Service Manager management server or the Self-Service Portal from Service
Manager 2010. After you upgrade your initial Service Manager management server, you must be
prepared to immediately upgrade all your Service Manager consoles, additional Service Manager
management servers, and the self-service portal.
Preparing Service Manager Servers for Upgrade
Before starting an in-place upgrade, you need to perform some preliminary steps on your existing Service
Manager servers. Ensure the following:
Your current Service Manager infrastructure works without errors.
The database is available, and that you have all the necessary permissions on the account that you
will use to perform the upgrade.
You have installed the necessary software components for Service Manager 2012 before starting
upgrade process.
To prepare the Service Manager data warehouse management server for upgrade, perform the following
steps:
1.
List the Service Manager data warehouse management server jobs that are running.
2.
Disable the Service Manager data warehouse management server job schedules.
3.
Confirm that the Service Manager data warehouse management server jobs have stopped running.
4.
Stop the Service Manager 2010 Self-Service Portal.
When the data warehouse jobs complete, you can start upgrading the Service Manager data warehouse
management server.
After you have upgraded the Service Manager data warehouse management server successfully, wait for
about 10 minutes, and then start upgrading the Service Manager management server. You must uninstall
the Service Manager 2010 Self-Service Portal before you begin installing the new 2012 Self-Service Portal.
Upgrading Service Manager Connectors
Service Manager connectors retrieve data from other systems, and then import the data to Service
Manager. Any connectors that you created with Service Manager 2010 SP1 will continue to function after
you upgrade to Service Manager 2012.
The following are connectors that you might have created with Service Manager 2010 SP1:
AD DS
System Center Configuration Manager 2007 R2
System Center Operations Manager 2007 R2 alert connector
System Center Operations Manager 2007 R2 CI connector
These connectors will continue to synchronize after you upgrade to Service Manager 2012. However,
Service Manager 2012 also supports connectors for the following System Center 2012 products:
Operations Manager
Configuration Manager
VMM
System Center 2012 - Orchestrator
You must create new connectors to import data from these newly supported products.
After you have verified that the new connectors are functioning properly, you can disable the connectors
that connect to older System Center product versions. The data that the older connectors captured will
remain in the Service Manager database.
Connectors are discussed in further detail later in this module.
Lesson 3
Understanding Service Manager Work Items
As part of your initial Service Manager configuration, you have to configure settings and workflows for
change and activity management. You create a change request template that you can use later when
users submit new change requests. In addition, you configure workflows to automatically close completed
change requests, and then send notifications to users when activities require approval. Workflows
automate processes for applying templates and sending notifications.
In this lesson, you will learn about activity management, change management, and knowledge
management. You will also learn about managing incidents, problems, releases, and service requests. In
Service Manager, activities, changes, incidents, problems, releases, and service requests are referred to as
work items.
Describe activity and change management.
Describe release management.
Describe incident management.
Describe problem management.
Describe service request fulfillment.
Describe knowledge management.
Activity and Change Management
In Service Manager 2012, you define various types of templates and workflows so that you can automate
many administrative processes. As part of your initial Service Manager configuration, you must configure
settings and workflows for change and activity management.
Change requests typically generate when the IT infrastructure requires a configuration change to achieve
a desired result, or to support new technologies, processes, or applications. Service Manager allows you to
automatically collect and process change requests by defining workflows and activities that you should
perform during the change management process. End users and administrators can create change
requests.
In Service Manager, you use workflows to automatically close completed change requests, and to send
notifications to users when activities require approval.
To maintain change requests, you create change request templates. You can use a workflow to
automatically apply these templates. You generally use change request templates when new change
requests are submitted, and they are particularly useful when you create a change request for a recurring
type of issue.
Change request templates allow you to:
Set an issue category, then define a standard priority, effect, and risk level for it in the template.
Create additional templates for other types of recurring change requests.
Include a number of activities in one template. However, any activities that you want to include in a
change request template must have been created previously as activity templates.
Additionally, by using change request templates, users spend less time submitting new change requests
because the request templates store commonly used settings and then apply these settings to new
change requests. For example, you can create a change request template to modify the Microsoft
Exchange Server infrastructure. You can also create change templates that include an activity that
automatically changes a standard change priority request to Low.
Note When you create a change request template, do not create links to configuration
items or work items, and do not enter any user information. If you create a template with
these objects, you cannot remove them and you will have to re-create the template.
Manual activity templates help ensure that all manual activities are assigned to the person who is
designated as the activity implementer. After you create the manual activity template, you need to create
a workflow that applies to the template.
Release Management
Release management provides a mechanism through which you can implement changes to IT services in a
holistic manner that includes people, process, and technology. Release management includes all aspects
of a change, including planning, designing, building, testing, training, communications, and deployment
activities.
Often, projects consist of multiple stages with multiple change requests that deploy at different points
during the project. The combined goal of change management and release management is to protect the
production environment from unnecessary changes. Every change to an environment must first be
approved through a change management process. Release management then only processes changes
that have been approved through this process.
To understand release management properly, you should understand how objects such as change
requests and activities interact with each other and are facilitated by release records. In Service Manager,
release management uses parent and child release records to automate status updating for change
requests. In addition, release management includes change status propagation between various activities.
The propagation can occur in parallel or sequentially.
The Release Management Process

After you use the change management process to approve changes, you use the release management
process to group approved changes, schedule them, and then deploy them in the safest and most
efficient method possible. Depending on the extent of the changes, you typically plan to deploy the
changes during the next scheduled release or maintenance window.
Depending on the nature of the change, sometimes development occurs during the project phase, and at
other times, during the release management phase. Regardless of when development occurs, release
management ensures that changes are tested, and that they are safe to deploy.
Release Records
The release manager uses release activities, or records, to define the sequence of actions that are
required for a release. For example, a particular change might include infrastructure update tasks,
database modification tasks, and tasks to update applications. In some cases, it might make sense to
group tasks together with infrastructure updates, or perform database updates or application updates.
A release record might depict the deployment sequence of different changes using parallel activities,
sequential activities, and as individual activities. The release manager can then delegate responsibility for
these activities. The administrator who is responsible for a delegated activity can modify the activity and
update its status.
When you modify an activity, its status does not update immediately. There is a delay while the workflow
activates and the activity status updates. Usually, 30 to 60 seconds might elapse before you see the
updated activity status in the console, and only after you refresh your view of an item. Depending on
the number of dependent activities that the release record includes, it might take longer to update an
activitys status.
Incident Management
An incident is an unplanned interruption to an IT service, or a reduction in the quality of an IT service that

may lead to service outage, data loss, or inability to perform a task.
Incident management describes how to handle incidents. Specifically, you use incident management to
restore normal operations as quickly as possible, with the least possible impact to the business or user,
and at a cost-effective price.
Users and customers can report incidents by calling a service desk, self-logging through an intranet portal,
or by using monitoring tools.
Service Manager includes a component for incident management. You can also manually create an
incident by using either the Service Manager console or the Self-Service Portal. Alternatively, Service
Manager can create incidents automatically based on alerts or configuration items that it imports from
Operations Manager, or based on data that it collects from connectors.
To automate incident reporting, you can use the Service Manager console to create an incident template.
Incident templates allow you to populate certain fields for a specified incident type, such as email-related
problems or hardware-related problems. Help desk technicians typically use templates when creating
incidents. The template prepopulates some of the fields in the incident, such as the name of the support
analyst who is handling the problem. You also use incident templates for the incident change workflow.
For example, an organization might have determined that if the urgency of a printer-related problem
changes from Low to High, Service Manager should automatically elevate that incident to the Tier 2
support level.
Incident Settings
To streamline the process for creating and managing incidents, you should use the Service Manager
console to configure incident settings. You can configure the following incident settings:
Parent and child incident settings. You can connect incidents to each other with parent-child
relationships. Normally, you do this when an incident causes another incident to occur. To automate
the incident-resolving process, you can configure the child incidents so that they are automatically
considered resolved when you resolve the parent incident. Similarly, if you reactivate a parent
incident, Service Manager could also automatically reactivate the child incidents.
Priority calculations. Priority calculations are based on impact and urgency. You can define a rule
for how Service Manager should calculate incident priority. Incident priority calculation occurs on a
scale from 1 to 9, with 1 being the highest priority. You base priority on a combination of impact and
urgency. Users and administrators can set Impact and Urgency options by using the Service Manager
console. The following table displays how Service Manager could then assign the priority.
Impact: Low
Impact: Medium
Impact: High
Urgency: Low
Urgency: Medium
Urgency: High
As an example, this table shows that if both the urgency and impact values are defined as High, the
priority is 1. You can define these values with your own metrics.
Target resolution time. You can specify the desired timeframe for resolving an incident. You define
the target resolution time based on the incident priority. The higher the priority, the shorter the
resolution time should be.
Prefixes that are used for incident numbers. The prefix you choose defines the convention for how
incidents are marked.
Length of time a closed incident remains in the Service Manager database. You can configure the
length of time a closed incident will remain in the Service Manager database before it is deleted
automatically.
You can configure incident management to automatically generate incidents when components do not
comply with desired configuration management baselines. To do this, you must install Configuration
Manager with configuration management baselines in your environment.
You can create a connector to import alerts and configuration items from Operations Manager. By using
the Operations Manager alert connector, Service Manager can create incidents based on alerts.
Additionally, instead of placing a call to the help desk, your users can submit incidents by sending an
email to a dedicated email address. If you want to separate incident management for various types
of incidents, you can supply several email addresses. If you want to create incidents based on email
messages, you should implement a server with the Simple Mail Transfer Protocol (SMTP). Service Manager
can only process emails that are located in the Drop folder location on the SMTP server.
Problem Management
Service Manager uses problem records to help prevent future problems and incidents, to eliminate
recurring incidents, and to minimize the impact of incidents that cannot be prevented. Analysts can use
the Service Manager console to create problem records, and to associate incidents with problems.
It is important to understand the difference between incidents and problems:
Incident. Incidents are typically unplanned, and they are usually generated through end-user input or
monitoring events (alerts). Incident management is concerned with restoring service as quickly as
possible.
Problem. Problems are usually defined by IT experts. They are typically based on incidents that were
confirmed as being caused by a bug, or by either a functional flaw or security flaw. By defining a
problem object, you acknowledge that a problem exists, and then you initiate a procedure to resolve
it. Problem management is concerned with determining and eliminating root causes.
To create a problem record, you can use the Service Manager console in either one of two ways: either
create a problem record manually, or navigate to the Incidents node to create a problem record based
on an existing incident. When you create a problem record based on an incident, these two objects are
connected. This means that when you resolve the problem, the incident also resolves. You can also initiate
change requests or create release records based on problems.
When you create a problem record, you should describe the problem, and:
Assign the problem to a category.
Define the problems impact and urgency. As with incident management, the impact and urgency
values determine the problems priority.
Define affected services and items (if known).
Enter details in the action log. Provide as many details as possible in the action log so that you can
track your resolution activities.
Define any related items, including work items, incidents, and configuration items such as computers,
services, and people.
You can also link knowledge articles to problems. This is useful when several users are working on the
same problem, and they want to share knowledge articles that they find (or create).
Problem records cycle through three status categories: Active, Resolved, or Closed. You can manually
change the problem record status, but as a best practice, you should configure status changes so that
they occur automatically.
During the Active state, you are working on the problem. When you mark a problem as Resolved,
it means that the problem no longer exists, or that you have solved the problem by performing a
procedure. However, before you close a problem, you should test whether the problem still exists for any
affected user. When you mark a problem as Closed, the problem moves to the Closed Problems container.
Service Request Fulfillment
Service request fulfillment occurs on a daily basis in most organizations that have implemented a service
management methodology. Service requests are requests for existing, pre-authorized services and
features. For example, customer requests to upgrade from one type of customer package to another
could be processed as service requests.
Service requests often require approvalor acknowledgement of pre-approvaland sometimes require

scheduling. However, unlike change management and incident management, request fulfillment does not
require testing and is not related to possible implementation failures within the system. Service requests
focus on customer communication and service level agreements (SLAs).
Service requests are tightly coupled with the service catalog, and together they help add value to your IT
organization by managing service requests.
Note
Service catalogs are discussed in detail in Module 10.
Service Request Fulfillment Functionality
To align with industry standards, service request functionality in Service Manager is based on the MOF 4.0
and ITIL version 3 processes. Service Manager treats service requests as work items, and it provides the
following service request fulfillment functionality:
Processes for recording, tracking, and processing service requests
Service fulfillment workflow automation
A consistent interface that helps Service Manager administrators identify and map their existing IT
services
Support for situations where cost-tracking and SLAs are required
Time-to-resolution tracking through SLA integration
Service Requests
End users often create service requests in Service Manager by accessing the service catalog on the
Self-Service Portal, or by submitting email requests. However, you can also manually create a new service
request in the Service Manager console. For example, you might want to manually create a new service
request if a user contacts the help desk by telephone.
In Service Manager, you can use the Service Manager console to approve a review activity, and to
complete a manual activity for a service request. In some cases, multiple people may need to approve a
review activity. After approval, a service request might then require a manual activity to verify that the
service was provided to the requesting user. Once all the review activities are approved or rejected, and
once any manual activities are completed, you can close the service request.
Users can only approve or reject, and close activities that are assigned to them.
Knowledge Management
Knowledge management aims to improve the quality of decision making by ensuring that accurate and
reliable information is available.
With Service Manager, you can build your own internal knowledge base about problems, issues, and their
resolutions. You create your knowledge base by creating one or more knowledge articles about known
errors. A known error is an incident or a problem for which the root cause is known, and for which a
temporary workaround or a permanent alternative has been identified.
Knowledge articles can help service desk analysts and end users understand and solve problems. Because
any employee can search for and view knowledge articles, they can also create knowledge articles so that
end users can help themselves resolve IT problems before opening new work items. Service desk analysts
can also link work items to knowledge articles.
You can use the Service Manager console to create knowledge articles. Knowledge articles are stored in
the Service Manager library. When you create a knowledge article, you should define as many attributes
as possible so that users and other IT administrators can easily search and navigate to desired articles. End
users can also navigate to knowledge articles by using the Self-Service Portal.
Creating a Knowledge Article

The knowledge article form contains the following fields:
Title. Enter the title for the knowledge article.
Description. Enter a short description of the article.
Keywords. You can associate several keywords to each knowledge article. The more keywords you
associate, the easier it will be for users to search for the article.
Knowledge article owner. You can specify the article owner for each article. It is recommended to fill
in this field so that users can contact the owner directly if they need clarifications or want to provide
updates.
External URL. For each knowledge article, you can provide links to external content. For example,
you can link content from TechNet or the Microsoft Developer Network (MSDN) website. This allows
you to extend your knowledge base to external sources. To view external content in knowledge
articles, the computer on which the Service Manager console is installed must be connected to the
Internet, either directly or through a proxy server.
Internal Content. Internal content is the article content. Write the article within this field.
Feedback. Users of the article use this field to leave feedback about the article. You cannot edit
feedback directly in the Service Manager console.
Related items. Each article can have several related items. Related items are work items or
configuration items, or other knowledge articles. If you want to link a knowledge article to an incident
or to a change request, you must first save the incident or change request.
Lesson 4
Configuring Service Manager Connectors
The Service Manager database in Service Manager contains information about your enterprise, and is used
by all areas of your service management structure. Many of the configuration items that are found in the
Service Manager database are the result of data that is imported by using connectors.
In this lesson, you will learn about the various connectors that you can create in Service Manager.
Describe the Active Directory connector.
Describe the Configuration Manager connector.
Describe the Operations Manager 2012 connectors.
Describe the Orchestrator connector.
Describe the Virtual Machine Manager connector.
The Active Directory Connector
To integrate an existing Active Directory infrastructure and Active Directory objects with Service Manager,
you must create and configure an Active Directory connector. You use the Active Directory connector to
add Active Directory objectsusers, groups, printers and computersto the Service Manager database as
configuration items.
To create an Active Directory connector, you use the Active Directory Connector Wizard. During
configuration, you choose whether you want to import all objects from your local domain, or just import
selected objects. If you are importing data from several organizational units (OUs) or subdomains, you can
create a Lightweight Directory Access Protocol (LDAP) query that specifies computers, printers, users, or
user groups that you want to import with the connector. Once you create the Active Directory connector,
you cannot modify the importation criteria that you specified in the Active Directory Connector Wizard.
To ensure that the Service Manager database is up-to-date, the Active Directory connector synchronizes
with AD DS every hour after the initial synchronization. You can also use the Service Manager console to
initiate manual synchronization. All imported AD DS objects are located in the Configuration items Users node in Service Manager.
Additionally, when you configure an Active Directory connector to import data from an Active Directory
group, you can select an option to automatically add users from the Active Directory group. New users
who are added to the Active Directory group are also automatically added to the Service Manager
database. When you remove the Active Directory connector, all objects that were imported through that
connector are removed from the database, with the exception of objects that have been modified from
other sources.
Note Active Directory users who are removed from an Active Directory group remain in
the Service Manager database. However, these users are automatically moved to the
Deleted Items group.
You can map Active Directory security groups to Service Manager user roles. For example, you can
create a security group in AD DS named Incident Resolvers. Then, in Service Manager, you can assign this
security group to the Incident Resolvers user role. When you create an Active Directory connector, you
can select to use the connector to automatically import and add users of Active Directory groups. Then,
when users who are member of the Incident Resolvers security group start the Service Manager console,
they are granted Incident Resolver rights and permissions.
If, at a later date, you must perform maintenance operations on the Service Manager database, you can
temporarily disable the Active Directory connector and suspend data importation. You can then resume
data importation later by re-enabling the connector.
The Configuration Manager Connector
Service Manager can connect to Configuration Manager 2007 SP1, Configuration Manager 2007 R2, and
Configuration Manager 2012. The Configuration Manager connector allows you to import configuration
data from the Configuration Manager site database into the Service Manager database. This process
automatically generates configuration items for the hardware and software objects that Service Manager
will manage. You can use these items to create incidents, problems, and other objects in Service Manager.
You can also use the Configuration Manager connector to import configuration baselines from
Configuration Manager. You can then use these baselines to automatically generate incidents for
noncompliant configuration items. Additionally, this connector allows you to import:
A subset of hardware inventory attributes
A subset of software inventory
Compliance data
Software updates information
To create a Configuration Manager connector, you must have previously completed the Service Manager
data warehouse management server registration process. You can use the Service Manager console to
initiate and complete the Service Manager data warehouse management server registration.
The Configuration Manager connector also allows you to collect the following data types:
User device affinity data. This data includes mobile device data and software request data. User
device affinity data from Configuration Manager can help you determine who the primary user of a
computer or device is. Service Manager uses user device affinity data to populate the UsesComputer
and PrimaryUser information in the Service Manager database.
Mobile device data. The connector collects mobile device data for Windows Phones, Windows Mobile
Phones, and Nokia devices. When you use the Configuration Manager Exchange Server connector,
data is collected from other mobile devices such as iPhone, BlackBerry, and Android-based phones.
The Configuration Manager connector imports mobile device data into the Service Manager database
as configuration items, and you can associate these items with work items, incident management, and
change management.
The Operations Manager 2012 Connectors
If your organization uses Operations Manager to monitor systems in your enterprise, then the Operations
Manager agents gather information about configuration items that Operations Manager discovers, and as
problems are detected, Operations Manager generates alerts. You can connect Operations Manager to
Service Manager, and then import selected data by creating a connector from Service Manager to
Operations Manager.
You can create two types of Operations Manager 2012 connectors: the Configuration item connector, and
the Alert connector.
Configuration Item Connector
The Configuration item connector imports objects that Operations Manager discovers into the Service
Manager database. These objects then become configuration items in the Service Manager database. The
Configuration item connector synchronizes data from Operations Manager on a daily basis at the time
that you specify in the schedule.
Operations Manager collects information about many types of objects in your infrastructure. To import
objects that Operations Manager discovers, Service Manager requires a list of class definitions for these
objects. Additionally, for the Configuration item connector to function properly, you must import a set of
Operations Manager management packs into Service Manager.
When you install Service Manager, the installation process copies a set of Operations Manager
management packs for common objects and the required Windows PowerShell scripts to your Service
Manager installation folder. If you have installed additional management packs in Operations Manager
and you want to add the data from those additional management packs to Service Manager, you can
modify the Configuration item connector to add the additional management packs.
Alert Connector
The Alert connector automatically creates incidents based on alerts that it imports from Operations
Manager. The Alert connector retrieves the data from Operations Manager every 30 seconds. Service
Manager also supports importing alerts that are generated by Windows Azure. This means that if your
Operations Manager is connected to Windows Azure, the Alert connector can also import alerts from
Windows Azure to Service Manager.
Note Alerts that are imported from Operations Manager do not contain user information.
Imported alerts automatically generate incidents in Service Manager, but the Affected User
text box remains unpopulated. You must enter user data manually so that you can save the
incident form. Since you might not know the proper user for each alert, it is recommended
that you create a special user in Service Manager specifically for this purpose. This user is
the user that you will assign to the Affected User field for all incidents that Operations
Manager creates.
Alert connectors allow you to define specific Service Manager templates, which run when certain types
of alerts appear. In addition, you can configure an alert-routing rule by which you configure Service
Manager to use a particular template based on alert criteria, such as Priority or Severity.
To create and enable an Alert connector, complete the following steps:
1.
Create the Alert connector object on the Service Manager management server.
2.
Start the Operations Manager console, and set up a subscription for the newly created connector. The
subscription you create must be unique for the Alert connector.
The Orchestrator Connector
Orchestrator provides a workflow management solution for data centers. Orchestrator allows you to
automate resource creation, monitoring, and deployment. You can evolve and automate key processes
between groups, and consolidate repetitive manual tasks by using automated procedures called runbooks.
The standard activities defined in every Orchestrator installation provide a variety of monitors, tasks, and
runbook controls with which you can integrate a wide range of system processes. Each activity in a
runbook publishes data that is available to any subsequent activity in that runbook. You use this published
data to provide dynamic, decision-making capabilities, which can include creating emails, alerts, log files,
and accounts. Module 12 discusses Orchestrator in detail.
The Orchestrator connector allows Service Manager to invoke Orchestrator runbooks synchronously from
within Service Manager by using workflows. Integration between Orchestrator and Service Manager allows
you to initiate some actions from the Self-Service Portal, and then use Orchestrator to perform the rest of
the actions. Additionally, when used together with the Service Manager service catalog, you can create a
user-facing end-user request offering with an Orchestrator runbook as part of the fulfillment process.
Service request activities can map to runbook activities, which in turn can map to an Orchestrator
runbook. For example, the parameters that are required for a custom start activity that invokes an
Orchestrator runbooksuch as a computer namecan exist in Service Manager as objects.
To use Orchestrator runbooks in Service Manager, you use the Orchestrator connector to import the
Orchestrator runbook objects into the Service Manager database. After you import runbooks into Service
Manager, they appear in the Runbooks node in the Library pane in the Library workspace.
To create an Orchestrator connector, use the Connector Creation Wizard. You must provide:
The URL of the Orchestrator web service in the form of http://computer:port/Orchestrator2012

/Orchestrator.svc, where computer is the name of the computer that is hosting the web service,
and port is the port number where the web service is installed. The default port number is 81.
The URL for the Orchestrator web console in the form of http://computer:port. The default port
number is 82.
The Virtual Machine Manager Connector
The VMM connector allows you to import VMM objectssuch as private clouds, templates, and virtual
machinesinto the Service Manager database. You can then use Service Manager and the imported
VMM objects to create service offerings.
You can also import VMMmanaged objects from Operations Manager. If the Virtual Machine Manager
server passes discovery data on to an Operations Manager server, you need to create an Operations
Manager Configuration item connector. You must ensure that the VMM management pack called
Microsoft.SystemCenter.VirtualMachineManager.2012.Discovery is synchronized with the Service Manager
management server. You can create the Configuration item connector either before or after creating the
VMM connector.
When you create your VMM connector, you simply need to specify the Virtual Machine Manager server
name and your credentials. You credentials must include permissions that allow you to connect to VMM
and access information. When you synchronize data by using the VMM connector, objects from VMM
become configuration items in Service Manager. However, you cannot access an object in the Service
Manager console until you create a new view, and then select the objects classes that you want to display
in the console.
Lesson 5
Configuring Service Manager Notifications
You may want to be notified by email when incidents or other changes occur in Service Manager. Service
Manager can generate notifications for almost any kind of change. For example, you can configure
notifications to be sent to a messaging analyst when changes occur to work items or configuration items
that pertain to email problems.
In this lesson, you will learn how to use Service Manager notifications.
Configure notification templates.
Configuring Notification Channels
To configure notifications, you must first configure the notification channels through which Service
Manager will distribute the notifications. In Service Manager 2012, the default (and only) channel for
distributing notifications is email. Email notifications are not enabled by default, so you need to enable
them.
To configure an email notification channel, you need to provide the following information:
Your SMTP server name, communication port (default is 25), and authentication type (anonymous or
Windows Integrated).
The service account email address that you use during setup.
As a failover mechanism, you can configure more than one SMTP server. If you configure more than one
SMTP server, you should also configure the failback time (in seconds).
Configuring Notification Subscriptions
After configuring the notification channel, you should configure the notification subscriptions.
Subscriptions define when Service Manager will send notifications, who will receive the notifications, and
which events will cause notifications.
You can select one of the following primary criteria options for a notification subscription:
Object of the selected class is created
Object of the selected class is updated
Objects meet defined criteria
In each case, you should select which object classes you want to monitor within the subscription. An
object class can be an item such as an incident, problem, service request, or change request.
After you define your primary criteria, you can also define additional criteria at a more granular level.
Defining additional criteria is optional, but the criteria are helpful when you want to narrow your
subscription.
During subscription configuration, you should also select the email template that Service Manager will use
when it sends notifications.
Finally, you must select the recipients for the notification subscription. You can select any user who has an
email address attribute as defined in AD DS.
Note To select subscription recipients, you must first import the recipients user objects by
using the Active Directory connector.
Configuring Notification Templates
Service Manager provides predefined email templates, or you can create your own template.
When you create a template, you first select your targeted object class. For templatesunlike
subscriptionsthe specified object class informs Service Manager which variables to include in your
template. For example, if you select the Incident object class, you will be able to put various incident
attributes and properties in the message body.
After you define the object class, you configure the message body. You can prepopulate the message
subject and message body. You can type free text of your choice, and you can combine free text with
variables related to the object class that you selected. For example, if you want to send automatic-reply
messages that state that an incident was received successfully, you can include text in the email template,
and also insert some basic information about the incident, or provide a support ticket. You can predefine
all of this data in a template. Later, when you configure subscriptions, you can simply select an email
template from the list.
Lab: Implementing Service Management for the

Private Cloud
Lab Setup
Note
1.
2.
3.
4.
Password: Pa$$w0rd
Domain: Contoso
5.
Repeat steps 2 to 4 for 10751A-LON-SQ1, 10751A-LON-OM1, and 10751A-LON-OR1.
6.
7.
8.
9.
Password: Pa$$w0rd
Domain: Contoso
10. Repeat steps 7 to 9 for 10751A-LON-AP1 and 10751A-LON-SM1.
Lab Scenario
Contoso, Ltd wants to implement service management so that it can better manage change, release,
incident and problem management. Management has decided to use Service Manager, because Service
Manager can integrate with its existing infrastructure, provide self-service functionality to its core users,
and send email notifications to key users when incidents are assigned to them.
You must configure Service Manager, and then integrate it with a private cloud system.
Exercise 1: Configuring Service Manager Basic Settings

1.
Configure service request settings.
2.
Configure incident settings.
3.
Configure problem settings.
4.
Configure data retention settings.
5.
Create a new user role for incidents.
6.
Connect to the Service Manager data warehouse management server.
Task 1: Configure service request settings

1.
On LON-SM1, open the Service Manager console, click the Administration workspace, expand
Administration, and then click Settings.
2.
Configure the following Service Request Settings:
Service Request ID prefix: SRT
Maximum size (KB): 1024
Task 2: Configure incident settings

1.
In the Service Manager console, double-click Incident Settings.
2.
Configure the following settings:
Maximum number of attached files: 5
Maximum size (KB): 3072
Default support group: Tier 2
Parent incident: Automatically resolve child incidents when parent incident is resolved
Priority calculation: As described in the following table:
Impact: Low
Impact: Medium
Impact: High
Urgency: Low
Urgency: Medium
Urgency: High
Resolution time:
Priority 1: 30 minutes
Priority 2: 60 minutes
Task 3: Configure problem settings

1.
In the Service Manager console, double-click Problem Settings.
2.
Configure the following General settings:
Maximum number of attached files: 5
Priority calculation: As described in the following table:

Impact: Low
Impact: Medium
Impact: High
Urgency: Low
Urgency: Medium
Urgency: High
Task 4: Configure data retention settings

1.
In the Service Manager console, double-click Data Retention Settings.
2.
Incident retention time: 120
Change request retention time: 240
History retention time: 720
Task 5: Create a new user role for incidents

1.
In the Service Manager console, in the Administration workspace, expand Security.
2.
Click User Roles, click Create User Role, and then select Incident Resolver.
3.
In the Create User Role Wizard, on the General page, enter Contoso Incident Resolvers for the
name.
4.
On the Management Packs page, select the following two items:
5.
Service Manager Incident Management Configuration Library
Service Manager Incident Management Library
On the Tasks page, provide access to only the selected tasks:
Properties
Link or Unlink to Parent
Resolve
Change Incident Status
Assign to Me
Escalate or Transfer
Create Related Incident
Request User Input
Activate
Unlink
Create Incident
Assign to Analyst
Apply Template
Close
6.
On the Users page, click Add, and then in the Select Users or Groups window, type IT. Click Check
Names, and verify that Contoso\IT displays.
7.
Complete and close the Create User Role Wizard.
Task 6: Connect to the Service Manager data warehouse management server
1.
In the Service Manager console, in the Administration workspace, click Administration.
2.
Click Register with Service Manager Data Warehouse.
3.
In the Data Warehouse Registration Wizard, on the Data Warehouse page, in the Server name text
box, type LON-SQ1.contoso.com, and then test the connection.
4.
On the Credentials page, click New, and configure the following settings:
5.
Display name: Administrator account
Account: Windows Account
Password: Pa$$w0rd
Domain: Contoso
Complete and close the Data Warehouse Registration Wizard.
Results: After this exercise, you should have configured Service Manager basic settings.
Exercise 2: Configuring Service Manager Connectors

1.
Create an Active Directory connector, and create a group.
2.
Create an Operations Manager Alert connector.
3.
Create an Operations Manager Configuration item connector.
4.
Create an Orchestrator connector.
5.
Create a VMM connector.
Task 1: Create an Active Directory connector, and create a group

1.
On LON-SM1, in the Service Manager console, click the Administration workspace, expand
Administration, and then click Connectors.
2.
Right-click Connectors, select Create connector, and then click Active Directory connector.
3.
In the Active Directory Connector Wizard, on the General page, in Name text box, type Contoso AD.
4.
On the Domain or organizational unit page, click Use the domain: Contoso.com, and then click
New.
5.
Password: Pa$$w0rd
Domain: Contoso
6.
Click Test Connection, and verify the connection.
7.
On the Select Objects page, click All computers, printers, users and user groups, and then select
Automatically add users of AD Groups imported by this connector.
8.
Complete and close the Active Directory Connector Wizard.
9.
In the Service Manger console, click Contoso AD, click Synchronize Now, click OK, and verify that
you receive a Finished Success status. In the Tasks pane, click Refresh to view the refreshed status. It
might take 4 to 5 minutes for the task to complete.
10. In the Service Manager console, click the Configuration Items workspace, click Users, and then
verify that all the Active Directory users and groups were imported.
11. Click the Library workspace, click Groups, and then click Create Group.
12. In the Create Configuration Items Group Wizard, on the General page, enter Contoso Computers
for the group name.
13. On the Included Members page, click Add, in the Type to filter field, click Contoso, press Enter,
add Contoso\Domain Computers, and then add Contoso\Domain Controllers.
14. Complete and close the Create Configuration Items Group Wizard.
Task 2: Create an Operations Manager Alert connector
1.
In the Service Manager console, click the Administration workspace, expand Administration, and
then click Connectors.
2.
Right-click Connectors, select Create connector, and then click Operations Manager Alert
connector.
3.
In the Operations Manager Alert Connector Wizard, on the General page, in the Name text box, type
Contoso SCOM.
4.
On the Server Details page, type LON-OM1.contoso.com, select Administrator account, and then
click Test Connection. Use Pa$$w0rd for the password. Verify the connection.
5.
On the Alert Routing Rules page, click Add, configure the following settings, and then click OK:
Rule Name: Contoso Computers Alert
Template: Operations Manager Incident Template
Computer for which the alert was raised: Contoso Computers
Priority: Medium
6.
In the Add Alert Routing Rules window, select Default Incident Template.
7.
On the Schedule page, click Close alerts in Operations Manager when incidents are resolved or
closed.
8.
Complete and close the Operations Manager Alert Connector Wizard.
Task 3: Create an Operations Manager Configuration item connector

1.
In the Service Manager console, click Connectors, right-click Connectors, select Create connector,
and then click Operations Manager CI connector.
2.
In the Operations Manager CI Connector Wizard, on the General page, in the Name text box, type
Contoso SCOM CI.
3.
On the Server Details page, type LON-OM1.contoso.com, select Administrator account, and then
click Test Connection. Use Pa$$w0rd for the password. Verify the connection.
4.
On the Management Packs page, click Select All.
5.
On the Schedule page, select 7:00 PM.
6.
Complete and close the Operations Manager CI Connector Wizard.
Task 4: Create an Orchestrator connector

1.
In the Service Manager console, click Connectors, right-click Connectors, select Create connector,
and then click Orchestrator connector.
2.
In the Orchestrator Connector Wizard, on the General page, in the Name text box, type Contoso
Orchestrator.
3.
On the Connection page, for the Orchestrator Web Service URL, type
http://lon-or1:81/Orchestrator2012/Orchestrator.svc, select Administrator account, and then
click Test Connection. If necessary, use Pa$$w0rd for the password. Verify the connection.
4.
On the Web Console URL page, type http://lon-or1:82.
5.
Complete and close the Orchestrator Connector Wizard.
Task 5: Create a VMM connector

1.
2.
Right-click Connectors, select Create connector, and then click Virtual Machine Manager
connector.
3.
In the Virtual Machine Manager Connector Wizard, on the General page, in the Name text box, type
Contoso VMM.
4.
On the Connection page, type LON-VM1.contoso.com, select Administrator account, and then
click Test Connection. Use Pa$$w0rd for the password, and then verify the connection.
5.
Complete and close the Virtual Machine Manager Connector Wizard.
6.
In the Service Manager console, click Contoso VMM, click Synchronize Now, click OK, and verify
that you receive a Finished Success status. In the Tasks pane, click Refresh to view the refreshed
status. It might take 4 to 5 minutes for the task to complete.
7.
In the Service Manager console, click the Configuration Items workspace, click Create Folder, and
then in the Folder name box, type VMM Objects.
8.
In the Management pack section, select Service Catalog Generic Incident Request, and then
click OK.
9.
In the navigation pane, click the VMM Objects folder, click Create View, and then configure the
following:
On the General page, Name: VMM Templates
Management pack: Service Catalog Generic Incident Request
10. In the navigation pane, click Criteria.
11. In the Advanced Search area, click Browse, and then in the drop-down box, select All basic classes.
12. In the Type to filter text box, type virtual machine template, click Virtual Machine Template, and
then click OK two times.
13. In the Configuration Items results pane, click the VMM Templates view to verify that the VMM
templates have been created.
14. Close the Service Manager console.
Results: After this exercise, you should have configured Service Manager connectors.
Exercise 3: Configuring the Self-Service Portal

1.
Verify the Self-Service Portal functionality.
Task: Verify the Self-Service Portal functionality

1.
On LON-DC1, open Windows Internet Explorer, and in the address bar, type
http://lon-ap1:8080/SMPortal.
2.
In the SMPortal site, on the Home page, click Create a request.
3.
On the Service Request page, click Go to request.
4.
Configure the following options:
Issue title: Test Incident
Symptoms: Mouse does not work
Category of the issue: Hardware Problems
How urgent is issue: Medium
Alternate contact: administrator@contoso.com
5.
Scroll down, and then click Next, click Submit, and then verify that you receive a message that says
that your request was submitted. Leave the Self-Service Portal open.
6.
On LON-SM1, open the Service Manager console, click the Work Items workspace, expand
Incident Management, click All Incidents, and then double-click Test Incident.
7.
In the Incident window, click the Resolution tab, in the time worked value text box, select 1 hour,
and then click Add.
8.
In the Tasks pane, click Change Incident Status, and then click Resolve.
9.
In the Resolve window, in the Resolution Category box, select Fixed by analyst, in the Comments
text box, type fixed by installing new driver, and then click OK twice.
10. On LON-DC1, in the self-service portal, click My Requests, and then click Test Incident.
11. Review the incident details, and verify that the status is Resolved.
12. Close SMPortal.
Results: After this exercise, you should have configured the Self-Service Portal.

1.
2.
Create an email notification template.
3.
Task 1: Configure notification channels

1.
Administration, expand Notifications, click Channels, and then double-click E-mail Notification
channel.
2.
In the Configure E-mail Notification Channel window, select the Enable e-mail notifications check
box, and then click Add.
3.
In the Add SMTP Server window, in SMTP server (FQDN) text box, type lon-mail.contoso.com, and
then click OK.
4.
In the Return e-mail address text box, type scservice@contoso.com, and then click OK.
Task 2: Create an email notification template

1.
In the Service Manager console, under Notifications, click Templates.
2.
In the Tasks pane, click Create E-mail Template.
3.
In the Create E-Mail Notification Template Wizard, on the General page, in the Notification
template name text box, type Incident Notification e-mail.
4.
Click Browse, select Incident, and then click OK.
5.
On the Template Design page, in the Message subject text box, type Incident has been created.
6.
In the Message body text box, type The incident has been created in Service Manager, press
Enter, and then click Insert.
7.
Select Affected User, click User Name, and then click Add.
8.
Complete and close the Create E-Mail Notification Template Wizard.
Task 3: Configure notification subscriptions

1.
In the Service Manager console, under Notifications, click Subscriptions.
2.
In the Tasks pane, click Create Subscription.
3.
In the Create E-Mail Notification Subscription Wizard, on the General page, in the Notification
subscription name text box, type Incident Subscription.
4.
Click Browse, select Incident, and then click OK.
5.
Verify that the When an object of the selected class is created option is selected.
6.
On the Additional Criteria page, select Priority, click Add, select is less than or equal to, and then
type 4.
7.
On the Template page, click Select, select Incident Notification e-mail, and then click OK. On the
Recipient page, click Add, select Contoso\Administrator, click Add, and then click OK.
8.
On the Related Recipients page, click Add, select Affected User, and then click Add.
9.
Complete and close the Create E-Mail Notification Subscription Wizard.

11. To prepare for the next lab, shut down 10751A-LON-VM1.
Results: After this exercise, you should have configured Service Manager notifications.
Review Questions
1.
Which Service Manager components do you use for reporting purposes?
2.
What is the prerequisite for running the Self-Service Portal in Service Manager?
3.
Which older version of Service Manager can you upgrade to Service Manager 2012?
4.
What is the difference between a problem and an incident?
5.
What functionality do you enable when you configure a connector between Service Manager and
Operations Manager?
Common Issues Related to Service Manager

Identify the causes for the following common issues related to Service Manager, and fill in the
troubleshooting tips. For answers, refer to relevant lessons in the module.
Issue
You cannot install the Self-Service Portal.
You cannot upgrade an older version of
Service Manager.
You cannot use reporting in Service Manager.
You cannot install the Operations Manager
agent on the Service Manager computer.
You cannot see content in the Self-Service
Portal.
Troubleshooting tip
Best Practices Related to Service Manager

Always install both the Service Manager management server and the Service Manager data
warehouse management server.
Use a separate server to host the Self-Service Portal.
Create activity workflows to automate processes.
Create and use templates for work items.
Create connectors for all supported systems that you have in your environment.
Tools
Tool
SQL Server Management Studio
Use for
Management of Service Manager
databases
Where to find it
Start Menu of SQL Server
computer

10-1
Module 10
Protecting the Private Cloud Infrastructure
Contents:
Lesson 1: Planning DPM Deployment
10-3
Lesson 2: DPM Architecture and Components
10-15
Lesson 3: Upgrading DPM
10-23
Lesson 4: Configuring DPM for the Private Cloud
10-28
Lesson 5: Configuring Application Protection for the Private Cloud
10-38
Lesson 6: Restoring Applications to the Private Cloud
10-47
10-52
Module Overview
10-2 Protecting the Private Cloud Infrastructure
Microsoft System Center 2012 - Data Protection Manager (DPM) provides protection for the applications
and data in your private cloud. The advanced integration features with System Center 2012 - Operations
Manager and Hyper-V facilitate deploying and configuring DPM. DPM also provides advanced
protection for products such as Microsoft SQL Server and Microsoft Exchange Server.
Plan DPM deployment.
Describe DPM architecture and components.
Upgrade DPM.
Configure DPM for the private cloud.
Configure application protection for the private cloud.
Restore applications to the private cloud.
Lesson 1
Planning DPM Deployment
A reliable and trustworthy private cloud design must include protection for the infrastructure and the
applications that run within the private cloud. Before installing and configuring hardware or software to
protect this data, you must create a plan that addresses both the business and technical needs of your
private cloud. Planning for DPM deployment includes defining data retention standards, determining
how many copies of the data you need, and providing storage for the copies. Once you complete your
deployment plan, you will then have enough information to successfully install and configure DPM in your
private cloud.
In this lesson, you will learn about how to plan for a DPM deployment.
Describe the considerations for DPM deployment.
Describe backup methods.
Describe storage, security, and software requirements.
Describe hardware, network, and scaling requirements.
Considerations for DPM Deployment
Before beginning your DPM deployment, you should consider a number of factors so that you can
properly size and plan for your DPM deployment. For example, you may want to answer the following
questions:
What is your budget?
When determining the budget for your DPM deployment, you must consider the value of the
protected data. For example, if you only back up your order processing application once a month,
you may lose up to a months worth of order revenue in addition to losing customers and the work
hours required to recover from the failure. You can perform similar analyses for other applications
within your environment to help justify the budget required to deploy a properly sized DPM
infrastructure in your private cloud.
Which operating systems and applications will DPM protect?
DPM can protect a variety of operating systems and applications. Create a list of the systems that
you are going to back up. This could include your Microsoft Hyper-V Server 2008 servers, your other
System Center servers, Exchange Server servers, SQL Server servers, Microsoft SharePoint Server
servers, and other supported applications. You may also want to back up system state information
and perform bare-metal recovery on all or specific systems within your private cloud.
Where and how long will DPM retain data?
Applications may have different retention requirements, so you should identify and document the
requirements for all of your applications. For example, compliance requirements may require offsite
retention for specific employees email correspondence for seven years. During this identification and
documentation process, it is important that you discuss the requirements with the application owners
and anyone who might have oversight into retention decisions, such as regulatory auditors and
attorneys.
What is the recovery point objective (RPO) for each application?
RPOs define how much data loss is acceptable during a failure. For example, an order entry system
may be such a critical component of an organization that losing more than 30 minutes worth of
orders is unacceptable. In this case, the order entry RPO would be less than 30 minutes. The RPO
defines the frequency and the speed at which the application will be backed up.
What is the recovery time objective (RTO) for each application?
RTOs define how much time it will take to recover from a failure. For example, you may need to
recover your order processing system within one hour of a failure. You typically specify both an RTO
and a RPO for each application, with the RTO set to a longer time period. The RTO specifies the speed
at which a restore must occur, and the type of backups that will be performed.
How much data will DPM protect for each application?
For each application that you plan to protect, calculate how much data you will need to back up. For
example, you may have 10 terabytes of Exchange Server data with 30-day retention, 5 terabytes of
Exchange Server data with seven years of offsite retention, 1 terabyte of SQL Server data with 30-day
retention, and 10 terabytes of file server data with 14-day retention.
How many computers are domain-joined, how many are non-domain-joined, and where are they
located?
Identify the number of computers you will protect that reside within your domain, or that are nondomain-joined. The number of managed agents determines the number of DPM servers that you will
need. You will also need to define the location of the computers so that you can plan the network
requirements and DPM server placement.
Will you perform all recovery operations, or will you delegate this task to others?
Self-service recovery is available for SQL Server and file-based backups. Enabling end-user recovery
requires modification to Active Directory Domain Services (AD DS); therefore, you will need
permissions to complete these changes. You may also want to allow specific users to access DPM so
that they can adjust backup settings, initiate restores, or manage tapes.
Selecting a Backup Method
DPM protects data by creating a backup of the application data on disks that are attached to the DPM
server. This is known as a disk-to-disk (D2D) backup. Storing backup data initially on the DPM server
enables quick data recovery as compared to more traditional recovery methods that require tape or
other offline media.
Disk-Based Backups vs. Tape-Based Backups
A DPM restore first locates the hard disk where data is stored by using the DPM database. The data is
then copied from the hard disk to the restore location. In contrast, a magnetic tape-based restore starts
with the backup software locating the tape where the backup data is stored, and then mounting the
correct tape and advancing to the position where the data is stored. At this point, the data is copied from
the tape to the restore location. Although magnetic tape data transfer speeds can meet or exceed that of
standard disks, the time it takes to mount a tape in the drive and then locate the data is measured in
minutes, as compared to the seek time of a disk, which is measured in milliseconds.
Although tape media can last for many years when properly stored, tapes have a finite number of times
that they should be used, whereas disk drives are designed to be read and written to continuously.
However, disk drives are not designed primarily to store data offline, as is tape media.
Despite the slower seek time of tape-based data protection, there are still times when tape-based backup
is needed or required. You may need to store data for longer periods of time, or you may need to store
data offsite to meet regulatory and compliance requirements. In these cases, hard disks may not be
suitable because hard disks are less durable and cost more per gigabyte (GB) than tape. You can take
advantage of the strengths of both disk-based and tape-based storage in the disk-to-disk-to-tape
(D2D2T) backup scenario. In this scenario, DPM first performs backups to disk, and then copies the data
to tapes.
In other scenarios, you may need to have DPM back up data offsite continuously to enable disaster
recovery. You can create backup tapes and ship them to the disaster recovery site, or you can also use a
DPM server in the disaster recovery site to replicate data from the primary DPM server over a wide area
network (WAN) link.
The D2D2D Backup Method
An additional backup method, disk-to-disk-to-disk (D2D2D), provides a second copy of backup data on a
second server that can be located in another site. D2D2D is used most often to provide access to backup
data in a disaster recovery site. Rather than shipping tapes to the recovery site, the data is replicated
across the network, which means that it is available for immediate recovery. Utilizing replication to copy
the data typically provides quicker and more current backup data to the recovery site than using the D2T
method, and then shipping the tapes to the disaster recovery site.
The D2D2C Backup Method

The disk-to-disk-to-cloud (D2D2C) backup method uses a public or private cloud service provider to
replicate the DPMprotected data to an offsite storage facility. Because this functionality is provided
outside of DPM, the use cases and considerations vary for both public and private clouds.
The following table summarizes the advantages and disadvantages of each of the core backup methods.
Backup method
Criteria for choosing
D2D backup
Advantages:
Quick data backup and recovery
Less prone to failures
No need to manage tape usage and storage
Disadvantages:
Higher cost and complexity of adding capacity
Not suitable for shipping for offsite storage
When to use:
When you need faster recovery times
When you do not need long-term offsite storage
D2T backup
Advantages:
Backups are easily stored offsite
Easy and inexpensive to add capacity
Disadvantages:
Slower and more complex recovery process
Tape media is prone to errors in both backup and recovery
When to use:
When offsite storage is required
When you need to satisfy compliance and regulatory requirements
When you need to provide long-term data retention
(continued)
Backup method
Criteria for choosing
D2D2T backup
Advantages:
Combines the advantages of D2D and D2T
Reduces the limitations of D2D and D2T
Disadvantages:
More complex to manage than just D2D or D2T
More expensive to deploy than just D2D or D2T
When to use:
When you must provide quick backup and recovery, and when you
need offsite or long-term storage
D2D2D backup
Advantages:
Reduces the limitations of D2D by providing a second copy of
backup data either onsite or offsite
Enables automatic availability of protected data in a disaster recovery
site
Disadvantages:
More complex to manage than just D2D or D2T
More expensive to deploy than just D2D or D2T
When to use:
When you must provide quick backup and recovery, and when you
need offsite storage with quick restore times
Defining Storage Requirements
Storage configuration is one of the most critical aspects of designing DPM deployment. You must have
enough storage while still balancing budgetary, capacity, and performance concerns.
DPM requires block storage to store protected data. This storage either can be direct attached storage
(DAS), or can be on a storage area network (SAN). DPM cannot use a file share to store backup data.
DPM supports most disk types, such as SCSI, Serial Attached SCSI (SAS), Serial Advanced Technology
Attachment (SATA), and Integrated Drive Electronics (IDE), but it does not support USB and IEEE
1394attached disks.
If DPM is installed on a virtual machine, the storage pool must not be an attached virtual hard disk.
Instead, you must use the following options:
Pass-through disk with host DAS
Pass-through iSCSI logical unit number (LUN) that is attached to the host
Pass-through FC LUN that is attached to the host
Internet SCSI (iSCSI) target LUN that is connected to the DPM virtual machine directly
Estimating Storage Size Requirements
To estimate your storage size requirements, add up the amount of data that will be backed up for each
data source, and then add the amount of data that is changed each day for the number of days you
wish to retain the data. If you are using a traditional backup solution, this daily change rate is roughly
equivalent to the size of an incremental backup. For example, suppose you have 10 terabytes of Exchange
Server data that generates about 1 terabyte of changes each day. You wish to retain the backup for 14
days. This would mean that for Exchange Server data, you would need a minimum of 24 terabytes of
storage space to protect your Exchange Server data.
Backup deployments tend to require more storage as time progresses. Therefore, consider disk solutions
that can provide enough storage for the initial deployment, and that you can expand for future growth.
Microsoft has published several tools to help estimate storage for Exchange Server, Hyper-V, and
SharePoint Server.
Note DPM supports volumes up to 17 terabytes in size when using globally unique
identifier (GUID) partition table (GPT) dynamic disks, and up to 2 terabytes for master boot
record (MBR) dynamic disks.
Defining Storage Redundancy Requirements
DPM protects your primary data from failures, and therefore DPM data is a secondary copy of your data.
If you do not require data redundancy for your backup data, you may choose to use a just a bunch of
disks (JBOD) storage configuration. A JBOD configuration presents each disk as a separate volume to the
operating system with no redundancy. If your data protection plan requires you to protect your backup
data from disk failures, you should consider using a redundant array of independent disks (RAID). A
number of RAID configurations are available that provide varying levels of capacity, speed, cost, and the
number of disk failures against which it can protect.
An alternative to using RAID is to deploy a second DPM server with a JBOD configuration that performs a
backup of the primary DPM server.
Defining Storage Performance Requirements
The performance requirement for DPM is typically lower than for each of the applications it is protecting.
For example, if you have 10 terabytes of Exchange Server data that changes 1 terabyte per day, you need
to be sure to store an additional 1 terabyte over a 24-hour period. However, you must also take into
account the performance that you require for restoring data. For example, if you must be able to restore
5 terabytes of Exchange Server data within 5 hours, you will need to have storage and networking
equipment capable of transferring that much data within that time.
Defining Tape Requirements
If your recovery plan includes tapes, then you must determine the tape drive configuration. You must
calculate the amount of space that you require to store the data during the retention period. For example,
if you require 10 terabytes of storage to store 14 days of backups on your DPM server, and you wish to
keep data on tape for an additional 14 days, you would need about 10 terabytes of tape available to
accommodate your backups.
You must also take into account the speed at which a tape drive can copy data to tape and the speed at
which it can retrieve data from tape. Lastly, you should also consider whether to use a single tape drive or
a tape library. A tape library holds multiple tapes and can automatically mount the required tapes needed
for backup and recovery.
Defining Security Requirements
The DPM central console provides role-based access control (RBAC) to the DPM through Operations
Manager. To control who can perform tasks in DPM you use user roles, which are composed of profiles,
scopes, tasks, and views. The profile defines the provided privileges, and the scope defines the objects to
which the privileges apply. When you create a user role, you select tasks and views that will be included in
the user role.
You need to configure user roles to meet the needs of your environment. It is always a best practice to
give users only the minimum permissions necessary to perform their job. The predefined roles are:
DPM Read-Only Operator. This role allows users to view everything, but they cannot modify or run
anything. You can assign this role to server administrators so that they can verify that the protection
configuration is correct.
DPM Recovery Operator. This role allows users to only perform recoveries.
DPM Reporting Operator. This role allows users to only run and manage reports. You can assign this
role to users so that they can create reports but not modify the DPM configuration settings.
DPM Tier-1 Support. This role allows users to resume backups and perform automated recommended
actions. Users can open a scoped DPM console to troubleshoot issues. You can assign this role to
support administrators so that they can perform basic troubleshooting tasks.
DPM Tier-2 Support. This role allows users to run backups on demand. Users can perform corrective
actions such as enabling and disabling agents. You can assign this role to administrators who need to
perform more actions than do Tier-1 support administrators.
DPM Tape Operator. This role allows users to rerun backups or perform tape drive tasks.
DPM Tape Admin. This role allows users to perform all tape-related actions.
DPM Admin. This role allows users to perform all actions.
Defining Software Requirements
There are several components in the DPM solution that you must install, and each has different software
requirements. These components are the DPM server, the DPM protection agents, and the System Center
2012 central console.
DPM Server Software Requirements

DPM is a 64-bit application that requires a 64-bit operating system. You can install the DPM server on
the following Windows Server 64-bit operating systems using either the Windows Server Standard or
Windows Server Enterprise editions:
Windows Server 2008
Windows Server 2008 with Service Pack 2 (SP2)
Windows Server 2008 R2
Windows Server 2008 R2 with Service Pack 1 (SP1)
Before installing DPM, there are a number of updates that you must apply to Windows Server 2008 and
Windows Server 2008 R2 prior to SP1. Refer to the Additional Reading section at the end of this topic for
information about these updates.
Additionally, DPM requires the following prerequisite components:
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2008 Redistributable
Windows Single Instance Store (SIS), a feature in Windows Storage Server 2008
Microsoft Application Error Reporting tool
The DPM installation process installs these components automatically if they are not installed already.
However, Setup may request that you reboot the server before completing installation.
DPM also requires a SQL Server installation. The DPM installer can install SQL Server 2008 SP1 on the DPM
server during setup, or it can use a remote SQL Server instance that also has SQL Server Reporting Services
installed. The remote SQL Server cannot be a domain controller.
DPM Protection Agents Software Requirements
DPM protection agents are installed on the servers that DPM protects. Each protected server must store
the protected data on NTFS file systemformatted partitions, and protected volumes must be at least
1 GB. The software requirements depend on the operating system and the type of data that you are
protecting. For the latest requirements for each protection type, refer to the Additional Reading section at
the end of this topic.
Central Console Software Requirements
The central console is a new component introduced in System Center 2012 that can manage multiple
DPM 2010 and 2012 servers. The central console requires the following:
Operations Manager must be installed.
The Operations Manager agent must be deployed on each of the DPM servers.
All DPM 2010 servers must have DPM 2010 QFE3 installed.
To install the central console, import the central console management pack into Operations Manager.
Defining Hardware, Network, and Scaling Requirements
DPM requires at least 4 GB of random access memory (RAM), but it is recommended that you provide
8 GB. At minimum, the pagefile should be 0.2 percent of the total size of all the recovery point volumes,
and, ideally, the pagefile should be 1.5 times the size of the installed RAM. A single DPM server can
protect 600 volumes, of which 300 are replica volumes and 300 are recovery point volumes. The
maximum amount of storage for a single DPM server is 120 terabytes, with 40 terabytes of replica size
and 80 terabytes of recovery point data.
DPM has the following minimum requirements:
Windows Server 2008 or Windows Server 2008 R2 operating system
At least 1 gigahertz (GHz) dual-core CPU
Pagefile that is 0.2 percent of the total size of all the recovery point volumes. For example, 50
terabytes of storage would require about 10 GB of pagefile.
At least 4 GB of RAM
At least 5 GB of free storage space to install DPM, and at least one additional drive for backup
storage
Membership in an Active Directory domain
Scale Limits
When you deploy DPM in your private cloud environment, you may need to deploy more than one DPM
server if one DPM server is not sufficient to protect the data in your private cloud. You can use the central
console to manage up to 100 DPM servers and 50,000 protected data sources. Each DPM server can have:
Up to 9,000 disk-based snapshots that can be either express full backups or file recovery points.
Up to 2,000 SQL Server databases.
Up to 3,000 client computers.
Lesson 2
DPM Architecture and Components
DPM can protect and recover your private cloud data, including data from Hyper-V, SQL Server, Exchange
Server, SharePoint Server, and other applications. DPM can also protect applications from accidental data
deletion and data loss that are caused by hardware failures, and replicate data to other sites to enable
disaster recovery scenarios.
The 2012 version of DPM provides performance, management, and deployment improvements over
previous DPM versions. These improvements enhance its recovery capabilities for private cloud solutions.
You should understand DPMs key components and architecture before you deploy it in your private
cloud.
In this lesson, you will learn about the components that you use to build DPM architecture.
Describe the DPM components.
Describe the DPM protection process.
Explain how to protect files and applications with DPM.
Describe end-user file recovery.
DPM Components
The DPM architecture consists of several interrelated components:
DPM server. The DPM server is the computer on which the DPM service processes backup and
recovery jobs, communicates with the DPM protection agents, and manages the tape drives. The
DPM server also connects to the SQL Server database that stores the DPM configuration and
reporting information.
SQL Server database. The SQL Server database stores DPM configuration information. DPM uses a
SQL Server database to store information about the protection status and the resources used by DPM.
DPM uses this database to create reports that can be delivered via email.
Central console. The central console is a program built on Operations Manager that allows you to
centrally view and manage multiple DPM servers. In environments with multiple DPM servers, you can
discover and repair issues across the entire deployment from a single console.
Storage pool. The storage pool is a set of disks that are attached to the DPM server and that store the
protected data. DPM requires the storage to be made up of block storage. You cannot use network
file shares in a storage pool.
Protection agents. Protection agents communicate with the DPM server to transfer data for backup
and restore. You install the DPM protection agent software on the computers that DPM protects.
Protection groups. Protection groups define storage pools, retention settings, and data sources that
need protecting. All data sources in the same protection group share storage allocation, replication
creation methods, and settings for on-the-wire compression.
DPM Protection Process
To protect data, DPM creates a volume in the storage pool in which it stores a replica for each protection
group member. DPM synchronizes the protected servers data to the replica according to the schedule
that is defined in the protection group settings. The DPM protection agent that is installed on the
protected server tracks data changes, and then transfers the data to the DPM server during
synchronization.
File Synchronization Process
Rather than relying on time stamps and archive flags to determine modified files, the DPM protection
agent uses a volume filter to track changes. To reduce the amount of data that must be synchronized to
the replica, the DPM protection agent performs a checksum procedure for the updated files, and then
synchronizes only the changed blocks. The changes are transferred to the DPM server, and then applied
to the replica during synchronization.
A synchronized replica only allows the latest synchronized data to be recovered. However, by using
recovery points, DPM enables point-in-time recovery of files. Recovery points are data snapshots that
occur at scheduled intervals. To reduce the amount of data storage, these recovery points include only the
changed data. File share and volume recovery points consist of shadow copy of the replica that is created
by Volume Shadow Copy Service (VSS).
Note VSS limits the number of client VSS shadow copies to 64 for each volume. This
means that only 64 recovery points can be created for each protected volume. Additionally,
a protection group only allows you to schedule up to eight file recovery points each day. If
you schedule eight recovery points each day, you can only retain data for up to eight days
(8 VSS snapshots/day x 8 days = 64 VSS snapshots).
Application Data Synchronization Process
For applications, the DPM protection agent uses an application-specific volume filter to identify changes
to volume blocks that belong to application files. However, the exact protection process that the DPM
protection agent uses varies based on the protected application.
DPM provides two application data synchronization methods:
Incremental synchronization. Incremental synchronization is similar to incremental backup in that

it only captures the data that has changed since the last incremental synchronization. The replica
together with the incremental synchronization data provides a complete copy of the protected data.
Recovering data from an incremental synchronization can take additional time because you must first
recover the replica data, and then you must recover each of the required incremental
synchronizations.
Express full backups. An express full backup creates a full VSS snapshot on the protected server, but
only transfers the changed blocks to the DPM server. This operation also creates a recovery point for
application data. To enable more frequent RPOs and to reduce the data loss window, DPM also
performs incremental synchronizations between scheduled express full backups.
The synchronization method supported by each type of application data is summarized as follows:
Exchange Server. Incremental synchronization transfers incremental VSS snapshots using the
Exchange Server VSS writer. The Exchange Server VSS writer creates a recovery point during each
synchronization and for each express full backup.
SQL Server. Databases do not support incremental synchronization if they use log shipping, are in
read-only mode, or are configured for simple recovery. Instead, you must use express full backups for
these databases. For all other SQL Server databases, incremental synchronization transfers backed-up
transaction logs. DPM creates recovery points for each incremental synchronization, and for each
express full backup.
Microsoft SharePoint Foundation (formerly Windows SharePoint Services) and Microsoft Virtual
Server. These applications do not support incremental synchronization. Instead, you must use express
full backups. DPM creates recovery points for each express full backup.
Note Applications are limited to 512 recovery points. However, because applications are
usually stored on a protected volume, 64 recovery points are reserved for the maximum
number of file share or volume recovery points. The result is an application that may have
up to 448 recovery points (512 64). When determining the retention time for your
protected data, you must take into account the number of available recovery points.
Managing Data Inconsistencies
At times, a replica becomes inconsistent with its data source due to changes made on the protected
server, or because of other problems. If this occurs, DPM generates an alert that specifies which server
and which data source are affected. To resolve the problem, you can initiate synchronization with a
consistency check on the replica. A consistency check performs a block-by-block verification, and repairs
the replica to so that it is consistent with the data sources. You can configure protection groups to
perform daily consistency checks, or you can initiate consistency checks manually.
Protecting Files and Applications
Protecting the applications within your private cloud is critical to maintaining the reliability of the private
cloud infrastructure. DPM uses VSS to coordinate native application protection. VSS coordinates the
capture of state information for a volume one instance in time. VSS also provides consistent file state by
coordinating application input/output (I/O), and minimizes application downtime. The VSS backup model
includes the following components:
VSS Requestor. The VSS Requestor is backup software that requests that a backup be performed.
When using DPM, the DPM agent communicates with VSS.
VSS Provider. The VSS Provider manages the volumes and shadow copies. When requested, a
provider notifies the applications before a shadow copy is performed, and then creates a pointin-time copy of the storage. While the point-in-time copy is being performed, I/O requests are
intercepted to ensure that the data on disk is not altered. The point-in-time copy is then exposed
to the VSS Requestor for backup.
Windows provides a system provider that enables this functionality on all volumes. Non-Microsoft
vendors can create providers that enable additional functionality, such as offloading the creation of
the point-in-time copy to the SAN.
VSS Writer. The VSS Writer is an application or service that prepares an application for a VSS-based
backup. The VSS Writer ensures that the application data is valid and persisted to disk before the
point-in-time copy is made. Additionally, the VSS Writer prepares the application for a restore
operation.
DPM performs a VSS-based backup as follows:

1.
The VSS Requestor asks VSS to list the available VSS Writers, and prepares for shadow copy creation.
2.
VSS requests the application-specific writer to prepare the application for shadow copying.
3.
The VSS Writer prepares the application data and notifies VSS when it is ready.
4.
VSS notifies the VSS Requestor that the shadow copy process is beginning.
5.
VSS tells the VSS Writer to temporarily halt the application I/O write requests until the shadow copy is
created.
6.
VSS tells the VSS Provider to create the shadow copy. The VSS Provider creates the shadow copy
within 60 seconds, and then notifies VSS when it is complete.
7.
VSS allows write tasks to resume, and allows other file system write tasks.
8.
If backup is successful, the VSS Requestor can replicate the shadow copy to the DPM server.
DPM can provide native protection for the following applications:
Hyper-V. Hyper-V is a critical component in your private cloud. DPM can protect the Hyper-V server,
its configuration, and the virtual machines. Item-level recovery is available for files and folders,
volumes, and virtual hard disks (VHDs).
SQL Server. DPM can protect databases on SQL Server 2000, SQL Server 2005, SQL Server 2008, and
SQL Server 2008 R2. You can configure self-service recovery to allow users to recover specific
databases.
File servers. DPM can protect file stores on any NTFS file system volume. You can configure protection
to back up files in the volume, file share, or folder, and to restore individual files up to the entire
volume.
AD DS. DPM restores Active Directory data by using Directory Services Restore Mode.
Failover clusters. DPM is cluster-aware, and it ensures that backups complete even if the cluster
resources are active on different nodes.
Exchange Server. DPM can protect Exchange Server 2003, Exchange Server 2007, and Exchange Server
2010. Storage groups for Exchange Server 2003 and Exchange Server 2007 are the protected units.
You can restore a single or multiple mailboxes, a single or multiple databases, or an entire storage
group.
SharePoint Server. DPM can restore SharePoint Server front-end web servers, entire SharePoint farms,
databases, and web applications. At a more granular level, DPM can restore a single file or list item.
DPM can also protect the SharePoint Server search feature.
System Center 2012 - Virtual Machine Manager (VMM). DPM can protect both the standard and
clustered configurations of VMM. This protection is designed to protect both the Virtual Machine
Manager database and the Virtual Machine Manager library. You must protect all other files using
other DPM functionality, such as system state and file system protection.
System state. A system state backup protects Windows boot files, Windows registry, the COM+
registry database, and system files. This type of backup is useful for recovering a lost or damaged
operating system. System state protection for domain controllers also protects AD DS and the SYSVOL
shared directory.
Bare-metal recovery. Bare-metal recovery enables a protected server to be restored completely if

everything has been lost. This includes the loss of the entire boot volume, the system volume, and any
volumes hosting the system state data. To perform a bare-metal recovery, you boot the server to be
recovered using the Windows Recovery Environment (WinRE). The file share that contains the
recovery data provided by DPM initiates the recovery.
End-User File Recovery
You can configure DPM so that end users can recover files that are stored on Distributed File System (DFS)
namespaces, local storage, and file servers. To recover files, end users can right-click on a protected folder
or file, and then click Restore Previous Versions to retrieve a list of recovery points on the DPM server.
This is similar to how shadow copies work. If you currently have shadow copies enabled on a computer
that is protected with DPM, you can disable shadow copies to regain the used disk space.
To enable end-user file recovery, you must:
Configure the AD DS schema.
Enable the end-user recovery feature on the DPM server.
Install the DPM recovery point client software on the client computers.
Configuring AD DS
You can configure AD DS to support end-user recovery by using the DPM Administrator Console or
DPMADSchemaExtension.exe, which is found at Program Files\Microsoft Data Protection Manager
\DPM\End User Recovery\DPMADSchemaExtension.exe. If you are logged on with a Domain
Administrator account that is also a member of the Schema administrators group, you can use the DPM
Administrator Console.
To configure AD DS to support end-user recovery, complete the following steps:
1.
Extend the AD DS schema by using the DPM Administrator console or DPMADSchemaExtension.exe.
2.
Create the MS-ShareMapConfiguration container in AD DS for DPM to store recovery information.
3.
Grant the DPM server permissions to change the contents of the container.
4.
Add mappings between both the source shares and the shares on the replicas, to the container.
You only need to extend the schema once for each Active Directory forest, but you must configure the
schema extension for each DPM server. You complete steps 3 and 4 when you enable end-user recovery
from within the DPM Administrator Console; you must do this for each DPM server. After configuration,
DPM will update the share mapping after each synchronization.
Installing the Shadow Copy Client Software
End-user file recovery relies on VSS. Windows Vista, Windows Server 2008, and newer Windows Server
operating systems do not need any additional configuration to enable end-user recovery. For older
operating systems, you must install the recovery point client software.
Lesson 3
Upgrading DPM
If you have already deployed System Center Data Protection Manager 2010 (DPM 2010), then you will
want to preserve the currently protected data when you upgrade to DPM 2012. You may choose to either
upgrade DPM 2010 servers in place, or perform a side-by-side upgrade.
In this lesson, you will learn how to upgrade to DPM 2012.
Describe prerequisites for upgrading to DPM 2012.
Explain how to perform an in-place upgrade.
Explain how to perform a side-by-side upgrade.
Prerequisites for Upgrading to DPM 2012
To upgrade from DPM 2010 to DPM 2012, your infrastructure must meet the following minimum
requirements:
Windows Server 2008 or Windows Server 2008 R2 operating system
At least 1 GHz dual-core CPU
Pagefile that is 0.2 percent of the total size of all the recovery point volumes
At least 4 GB of RAM
At least 5 GB of free storage space to install DPM, and at least one additional drive for backup
storage
Additional operating system updates if DPM 2010 is currently running on Windows Server 2008 or
Windows Server 2008 R2 without SP1
The latest DPM 2010 hotfix rollup package and upgrade DPM protection agents
SQL Server with enabled TCP/IP protocol
Performing an In-Place Upgrade
Before upgrading to DPM 2012, ensure that the computer meets the minimum hardware requirements,
and that all prerequisite software is installed. The Setup Wizard will not install any prerequisite updates, so
you must install them prior to running the upgrade installation.
Before beginning the DPM installation, close any open programs and ensure that there are no pending
restarts on the computer. For example, if you installed a server role by using Server Manager or have
applied a security update, you may need to restart the computer and then log on to the computer with
the same user account to finish the installation of the server role or the security update.
When planning an in-place upgrade to DPM 2012, you can:
Upgrade using the local SQL Server instance.
Upgrade using a remote SQL Server instance.
Upgrade from a local SQL Server instance to a remote SQL Server instance.
Upgrade Using a Local SQL Server Instance
Performing an upgrade with a local SQL Server instance is the most straightforward upgrade path. Once
you meet the prerequisites, complete the following steps:
1.
Create a backup of the DPM 2010 DPMDB database using the SQL Server management tools.
2.
Verify that the Microsoft$DPM$Acct account has full permissions to the DPMDB directory. By default,
this account is located at Program Files\Microsoft DPM\DPM\DPMDP.
3.
Start DPM 2012 Setup from the installation media. The Setup Wizard will automatically detect that
DPM 2010 is installed already, and will start in upgrade mode.
4.
In the Setup Wizard, on the Prerequisites Check page, select Use the dedicated instance of SQL
Server, and then click Check and Install.
5.
Follow the remaining Setup Wizard prompts, and allow the upgrade to complete.
6.
Upgrade the DPM protection agents.
Upgrade Using a Remote SQL Server Instance
To upgrade using a remote SQL Server instance, once you meet the prerequisites, complete the following
steps:
1.
2.
Verify that the Microsoft$DPM$Acct account has full permissions to the DPMDB directory. By default,
the account is located at Program Files\Microsoft DPM\DPM\DPMDP.
3.
4.
In the Setup Wizard, on the Prerequisites Check page, select Use an existing instance of SQL
5.
6.
Upgrade from a Local SQL Server Instance to a Remote SQL Server Instance
To upgrade from a local SQL Server instance to a remote SQL Server instance, once you have met the
prerequisites, complete the following steps:
1.
2.
Restore the backup of the DPM 2010 DPMDB database to a remote SQL Server instance.
3.
Verify that the TCP/IP protocol is enabled for the remote SQL Server instance.
4.
Install SQLPrep.exe from the SQLPrepInstaller directory, which is located in the DPM 2010 installation
media on the remote SQL Server.
5.
6.
In the Setup Wizard, on the Prerequisites Check page, select Use an existing instance of SQL
7.
8.
If you cannot perform an in-place upgrade to DPM 2012 because your deployed DPM server does not
meet the requirements, you may choose to perform a side-by-side upgrade to DPM 2012. You may also
choose to perform a side-by-side upgrade for the following reasons:
You plan on upgrading the current DPM server to new hardware.
You do not want to take the DPM server offline to perform the upgrade.
A side-by-side upgrade does not move the protected data from the DPM 2010 server; instead, you
maintain the original server until you no longer need the data that it stores. If your organization requires
the DPM 2010 data to be located on your DPM 2012 server, you must perform an in-place upgrade.

A side-by-side upgrade includes the following steps:
1.
Install and configure DPM 2012 on your new server.
2.
Upgrade the DPM protection agent on each protected server.
3.
Reconfigure each protected server to use the new DPM server using SetDPMServer.exe. You can find
this tool at \Program Files\Microsoft Data Protection Manager\bin\SetDpmServer.exe.
4.
Attach the domain-joined protected server to the new DPM using the Attach-ProductionServer.ps1
script. For non-domain-joined protected servers, use the Attach-nondomainserver.ps1 script.
5.
Create protection groups on the new DPM server.
6.
Retire the old DPM server after you no longer require its stored recovery data.
Lesson 4
Configuring DPM for the Private Cloud
After installing DPM, you must configure DPM properly to protect the computers in your environment. To
begin protecting your private cloud, you must configure storage and deploy DPM protection agents.
In this lesson, you will learn how to configure DPM protection.
Manage storage pools.
Explain how to deploy DPM protection agents on trusted, domain-joined computers.
Explain how to use DPM protection agents on untrusted and workgroup computers.
Explain how to deploy DPM protection agents on untrusted and workgroup computers.
Explain how to use DPM protection agents with certificate-based authentication.
Explain how to deploy DPM protection agents using certificate-based authentication.
Managing Storage Pools
The first step in configuring DPM is to add at least one disk to a storage pool. The storage pool is a set
of disk drives on which DPM server stores both the replica and recovery point data. DPM requires block
storage to store backup data; however, DPM does not support either USB-attached disks or IEEE 1394attached disks.
Within the DPM Administrator Console, you use the Management workspace to add disks to the storage
pool.
Note If you added disks recently, you may have to force DPM to rescan the disk
configuration before you can add the new disk to the storage pool.
After you add the disk to the storage pool, DPM converts the disk to a dynamic disk, and converts any
volumes on the disk to simple volumes. DPM does not delete any data that is already present on the disks.
DPM uses the disk storage to create the recovery points and replicas of protection group members. As
protection group members are added, DPM automatically creates the required volumes in the storage
pool. DPM also creates a change journal.
Deploying DPM Protection Agents on Trusted Domain-Joined Computers
You must install DPM protection agents on all computers that DPM will protect. You can install
protection agents manually, or by using the DPM server to automate the process. The DPM protection
agent installation files are located on the DPM server in the Program Files\Microsoft DPM\DPM
\ProtectionAgents\RA\4.0.build number.0\operating system type directory. The build number varies
depending on which DPM hotfixes and updates have been installed. The operating system type will be
either i386 for a 32-bit computer, or amd64 for a 64-bit computer.
The Manual Installation Process
To manually install DPM protection agents on a trusted domain-joined computer, complete the following
steps:
1.
Copy the appropriate DPM protection agent setup files, or map a drive to the protection agent
installation directory on the DPM server.
2.
Run the installer from a command prompt, and specify the fully qualified domain name (FQDN) for
the DPM server. For example, to install the protection agent on a 64-bit computer with a DPM server
named DPM1.contoso.com, you would type:
DPMAgentInstaller_x64.exe DPM1.contoso.com
3.
On the DPM server, either run the Protection Agent Installation Wizard and select the Attach agents
deployment method, or run the Attach-ProductionServer.ps1 script from the DPM Management Shell.
You may also specify the DPM server name after you install the protection agent. To do so, run
SetDpmServer.exe with the dpmServerName DPM Server switch on the target computer.
DPM also offers a simplified installation and configuration option using the Protection Agent
Installation Wizard. To install the DPM protection agent on a remote computer, you need an account with
permissions to install software on the remote computer. In addition, the DPM server must connect to the
target server without having communication blocked by a firewall.
Note If the target machine is not in a trusted domain, you must manually install and
configure the DPM protection agent.
The Automated Installation Process

To automatically install DPM protection agents, run the Protection Agent Installation Wizard and
complete following steps:
1.
Either select discovered domain members, or specify one or more computers in a trusted domain to
use to install and configure DPM protection agents.
2.
Specify the credentials of an account that has permissions to install and configure the agent on the
target computer (or computers).
3.
Choose to allow DPM to restart the computer if needed.
DPM performs an auto-discovery to identify new computers that have been added to the Active Directory
domain of which the DPM server is a member. (By default, auto discovery runs at 01:00 A.M. each day, but
you can modify this setting.) Newly discovered computers are then listed in the Protection Agent
Installation Wizard, or in the Create New Protection Group Wizard.
Using DPM Protection Agents on Untrusted and Workgroup Computers
You may want to protect machines in untrusted domains or in workgroups. You can do this by manually
installing and configuring DPM protection agents on these machines. Deploying DPM protection agents
to machines in an untrusted domain or in a workgroup is similar to the manual deployment agent process
that you use for trusted domain computers.
However, before you can install and configure DPM protection agents on untrusted and workgroup
computers, these computers must be authenticated. You can use either NTLM or certificate-based
authentication. Certificate-based authentication is described later in this lesson.
NTLM authentication creates a local user account on the protected server that DPM can use for
authentication. The following table summarizes the scenarios that are supported for untrusted and
workgroup computers that use NTLM authentication.
Scenario
Workgroup
Untrusted
File servers
Supported
Supported
System state
Supported
Supported
Bare-metal recovery
Unsupported
Unsupported
SQL Server standalone
Supported
Supported
SQL Server mirroring and clustering
Unsupported
Unsupported
Hyper-V standalone
Supported
Supported
Hyper-V cluster
Unsupported
Unsupported
(continued)
Scenario
Workgroup
Untrusted
Exchange Server standalone
Not applicable
Supported
Exchange Server clustering
Not applicable
Unsupported
Exchange Server 2007 - local continuous

replication (LCR)
Not applicable
Supported
SharePoint Server
Unsupported
Unsupported
Deploying DPM Protection Agents on Untrusted and Workgroup

Computers
To deploy DPM protection agents on untrusted and workgroup computers, complete the following steps:
1.
Copy the appropriate DPM protection agent setup files, or map a drive to the DPM protection agent
installation directory on the DPM server.
2.
Run the DPM protection agent installer on the target computer.
3.
Open a command shell, and run the following command:

Set-DpmServer.exe IsNonDomainServer UserName
4.
On the DPM server, either run the Protection Agent Installation Wizard and select the Attach agents
deployment method, or run the Attach-NonDomainServer.ps1 script from the DPM Management
Shell.
Using DPM Protection Agents with Certificate-Based Authentication
You can use DPM protection agents with certificate-based authentication for trusted computers, and for
untrusted and workgroup computers. The following table summarizes the scenarios that are supported for
computers that use certificate-based authentication.
Scenario
Workgroup
Untrusted
Trusted
File servers standalone
Supported
Supported
Supported
File servers clustered
Supported
Supported
Supported
Bare-metal recovery
Unsupported
Unsupported
Unsupported
SQL Server standalone
Supported
Supported
Supported
SQL Server cluster
Supported
Supported
Supported
Hyper-V standalone
Supported
Supported
Supported
Hyper-V cluster
Supported
Supported
Supported
Exchange Server standalone
Not applicable
Unsupported
Unsupported
Exchange Server cluster
Not applicable
Unsupported
Unsupported
SharePoint Server
Unsupported
Unsupported
Unsupported
Secondary DPM Server
Not applicable
Unsupported
Supported
You will need to generate certificates for DPM authentication by using an Enterprise Certificate Authority
(CA) or an outside CA. Using an Enterprise CA allows you to have full control over the certificate settings.
The certificates you use must meet the following requirements:
Certifications must be X.509 V3 certificates.
Certificates cannot be self-signed, and the root must be trusted by both the DPM server and the
protected servers.
Certificates must be enabled for both client authentication and server authentication.
Key length must be at least 1,024 bits.
Key type must be configured as an Exchange key type.
Certificates must be installed on both the DPM server and the protected computers.
If you do not already have a CA deployed, then you will need to plan the CA deployment to ensure that
both the protected servers and the DPM servers trust it.
Deploying DPM Protection Agents Using Certificate-Based Authentication
To deploy DPM protection agents on computers that use certificate-based authentication, complete the
following steps:
1.
Create and install a certificate for the DPM server and all the computers that you plan to protect.
2.
Enable DPM to use certificates by running the following command:

Set-DPMCredentials Type Certificate Action Configure Thumbprint <from the
certificate file> -OutputFilePath <Metadata file path>
3.
Copy the metadata file output from the DPM server.
4.
Install the DPM protection agent on the protected server, and then associate it with the DPM server
by running SetDPMServer.exe. Specify the output file from the DPM server and the protected servers
certificate thumbprint.
5.
Attach the protected server to the DPM server by running the AttachProductionServerWithCertificate.ps1 script, and by using the output file from the protected server.
Lesson 5
Configuring Application Protection for the Private Cloud
You must protect information in your private cloud so that it is available for recovery purposes. You must
be sure to capture data from SQL Server, Hyper-V, and any other data that resides in your private cloud.
In this lesson, you will learn how to protect critical applications such as SQL Server and Hyper-V.
Describe considerations for configuring protection groups.
Explain how to configure SQL Server protection.
Describe options for protecting the private cloud.
Explain how to configure item-level recovery for private cloud-based hosts.
Describe cluster shared volume (CSV) protection.
Explain how to configure self-service recovery for end users.
Considerations for Configuring Protection Groups
A protection group is a set of retention settings and data sources that share storage allocation, replication
creation methods, and settings for on-the-wire compression. When configuring a protection group,
consider the following:
The same DPM server must protect all data sources on a computer; however, data sources on the
same computer can be in different protection groups on the same DPM server.
A protection group can include more than one computer.
When you select a parent folder or share, DPM automatically selects its subfolders. You can exclude
specific subfolders and file types. These exclusions reduce the amount of data that DPM protects. For
example, when protecting a corporate file share you could exclude from protection any files with a
.mp3 file extension.
Verify that you do not have more than 100 protectable data sources on a single volume. If you do,
and if possible, distribute your data sources across more volumes.
All protection group members of the same typeapplication or file data sourcesshare the same
recovery point settings. A protection group that includes application sources and file data sources has
separate recovery settings for each source.
Configure the retention range for all data sources in a protection group.
On-the-wire compression is set for each protection group. Compression reduces the amount of data
that is transmitted over the network for replica creation, synchronization, consistency checks, and
recovery operations. Enabling compression adds an additional CPU load to both the DPM server and
the protected computers. The amount of CPU load and the amount of compression depends on the
protected data.
You cannot move data sources between protection groups. If you need to add a data source to
another protection group, you must stop protection of the data source from the original protection
group.
Consistency check settings are shared for all data sources in a protection group. You can enable
consistency checks to occur automatically when DPM detects inconsistencies in the replica, or you
can enable checks to occur every day on a schedule. Consistency checks verify that the replica data is
valid, which can improve data recoverability from DPM when needed; however, consistency checks
also create additional load on the DPM server, the protected computer, and the network.
Configuring SQL Server Protection
DPM provides protection for SQL Server, which provides the back end for many applications that are
deployed in private clouds. To protect SQL Server, you must:
Choose the SQL Server instances or databases that you need to protect. Either you can configure
protection to back up all databases on a SQL Server instance, or you can select specific databases to
protect. When you choose to protect a SQL Server instance, DPM enables automatic protection so
that any databases that are added to that SQL instance will be protected automatically. You may
disable automatic protection by right-clicking the SQL instance name, and then clicking Turn off
auto protection.
Choose the length of time to retain backup data on diskand optionally on tape. Choose the
retention time based on the amount of time that you will need to keep this type of data, as defined
during DPM deployment planning. Select the frequency with which to create recovery points, or
synchronize the SQL Server data to DPM. DPM can synchronize server data as often as every 15
minutes, or as infrequently as once every 24 hours. Alternatively, you can choose to synchronize only
when an express full backup completes. Scheduling synchronization that is more frequent enables a
lower RPO; however, it will also require additional storage space on the DPM server.
Set the schedule for creating express full backups. By default, an express full backup occurs once each
day, but you can reconfigure the schedule to fit your requirements. Performing an express full backup
integrates recovery point data into the replica to reduce the time required to perform a recovery.
Databases that have simple recovery enabled must use express full backups for protection.
Note While DPM 2010 enables database protection with less than 60,000 filestream blobs,
DPM 2012 does not have this restriction.
Options for Protecting the Private Cloud
Your private cloud is based on a foundation of Hyper-V servers. DPM is designed to perform Hyper-V
backups. With DPM, you can back up the virtual machines by installing the DPM protection agents, or you
may choose to protect the virtual machines by protecting Hyper-V.
DPM supports the following scenarios for protecting your private cloud:
DPM protection agents that are installed by virtual machines enable direct backup and recovery of
DPMsupported applications.
DPM protection agents that are installed by Hyper V hosts enable the following scenarios:
Online backup. You can back up virtual machines that are running Windows Server 2003 or
newer, while they are active. These backups are suitable for bare metal recovery, and entire disks
and individual files recovery; however these backups are not suitable for single-step recovery of
application data. For example, to recover Exchange Server or SQL Server data, you need to
restore the virtual machine first, before you can recover the application data.
Offline backup. You can back up virtual machines that do not support VSS Writer, such as
Microsoft Window NT 4.0, Microsoft Windows 2000 Server, and Linux. An offline backup pauses
the virtual machine temporarily while DPM creates a snapshot, and then performs a backup of
the snapshot. These backups allow you to recover entire disks, and they are not suitable for
single-step recovery of application data or individual files.
Cluster-aware backups. You can back up virtual machines that reside on CSVs or standard
clustered disks.
DPM 2012 improves the performance of express full backups from standalone Hyper-V servers. This is
because DPM can use the DpmFilter to track the changes made to the VHDs, and only transfer the
changed data to the DPM server.
Private cloud environments are by definition flexible, which often leads to virtual machines frequently
being created, modified, and deleted. Although DPM can automatically protect new SQL databases, it
cannot do the same for newly added virtual machines. To ensure that you are capturing new virtual
machines as they are added to your private cloud, you may want to consider using a script to find and
then protect them automatically.
Configuring Item-Level Recovery for Private Cloud-Based Hosts
If you choose to protect your Hyper-V servers, you may want to be able to restore specific files from
protected virtual machines without having to restore the entire virtual machine. You can do this by
performing a file backup within the virtual machine, or you can you can use the item-level recovery (ILR)
feature that is available with DPM. ILR allows you to perform individual recovery of files, folders, volumes,
and VHDs from a Hyper-V host-level backup.
DPM supports ILR because DPM can open VHD files and extract individual items without first needing to
recover the entire virtual machine. To perform ILR for Hyper-V virtual machines you must install DPM
2012 as follows:
1.
Install DPM 2012 and the Hyper-V server role on either a Windows Server 2008 or a Windows Server
2008 R2 physical machine.
2.
Install DPM 2012 on a Windows Server 2008 R2 virtual machine that is on a Windows Server 2008 R2
computer that is running Hyper-V.
Note DPM cannot perform ILR from recovery data on tape. Additionally, you cannot
recover item-level data from protected non-NTFS file system volumes, or from VHD files
that are partitioned as dynamic disks.
Understanding Cluster Shared Volume Protection
Many private cloud deployments use CSVs to provide high availability for virtual machines. If you plan to
use DPM with CSVs, you should understand the implications so that you can create a design that will meet
your needs. When DPM performs a backup on a virtual machine that is stored on a CSV, it sets the CSV to
redirected I/O mode. The computer that hosts the virtual machine that you are backing up owns access to
the CSV, and all other nodes will redirect I/O to the CSV until the backup completes.
To reduce the impact that can occur during a backup, you can do the following:
Install and configure a hardware VSS provider to enable hardware snapshots. DPM will initiate a
hardware snapshot that may last up to a few minutes and then resume direct I/O. DPM will then
replicate the hardware snapshot data without affecting the production data.
Place fewer virtual machines on each CSV, and place all VHDs for each virtual machine on the same
CSV. If your virtual machines have multiple VHDs that are placed on the multiple CSVs, backups for
each of these machines will affect multiple CSVs and virtual machines.
If your storage hardware does not have a VSS provider, serialize backups by only allowing backups on
a per-node or a per-CSV basis.
Configuring Self-Service Recovery for End Users
Empowering users to perform tasks themselves is a key benefit of the private cloud. DPM allows users
to recover file share data themselves after you have properly configured AD DS to allow for this type of
recovery. Users can also recover their own data by recovering their SQL Server data with the SQL Server
recovery tool.
The DPM administrator can create recovery roles that enable data recovery. These recovery roles can
specify how and where users can recover data. Each role can include multiple Active Directory groups.
To enable SQL recovery, complete the following steps:
1.
Create a recovery role, and then assign Active Directory groups to the role.
2.
Specify the SQL Server instance from which users in the role can recover data. Optionally, you can
also specify exact databases that users are allowed to recover. For example, you may want to allow
the application owner to be able to recover the MyApp database, because it is used only for the
owners application. However you may not wish to allow the application owner to recover data from
the MyApp2 database, because that database is also used for other applications.
3.
Specify to where users can recover data. You may want to restrict to where a database can be
restored, so that an end user cannot recover the data to a location that would disrupt normal
operations. For example, you may not want a user to recover the MSDB database to the original
server, because this action could cause the server to go offline. However, you may want to allow the
user to recover the MSDB database to a file share, so the user can attach the database to a server that
is used for developing software.
Lesson 6
Restoring Applications to the Private Cloud
After configuring protection for your private cloud data, your most important activity will be to use DPM
to perform data recovery. DPM provides easy recovery for many application and file types, which an
administrator or a self-service user can complete.
Describe SQL Server data recovery.
Explain how to perform self-service SQL Server data recovery.
Explain how to perform virtual machine recovery.
Explain how to perform item-level recovery on Hyper-V virtual machines.
Recovering SQL Server Data
DPM provides several SQL Server data recovery options, which you access through the DPM Administrator
Console Recovery workspace. In the Recovery workspace, there are several options that you use to recover
SQL Server data:
Recover data to the original location. This option recovers the selected recovery point to the
original SQL server, and replaces the original database. You typically use this option when data loss is
localized to a single database.
Recover data to the original location with a different name. This option recovers the selected
recovery point to the original SQL server; however, it creates a new database to recover the data. You
typically use this option when you want either to test data recovery, or test application upgrades
against the restored copy.
Recover data to a different SQL instance. This option recovers the selected recovery point to a
separate SQL Server instance. You typically use this option when you need to recover data to another
server due to a server failure or a server migration.
Recover data to a network folder. This option recovers the selected recovery point to a network
share. DPM can archive the data that it recovers to other media, or it can attach the data to a SQL
Server instance.
Recover data to tape media. This option recovers the selected recovery point to tape media. You
typically use this option to allow data transport to offsite storage, or for long-term retention.
Recover data and apply additional log backups. This option recovers the selected recovery point
to a SQL Server instance, but does not bring the database online. You can use this option when
the DPM recovery point does not include all of the transaction logs that are required to bring the
database up-to-date. After DPM completes the recovery, you can copy additional transaction logs to
the SQL Server instance, and then bring the database online to apply the provided transaction logs.
Performing Self-Service SQL Server Data Recovery
Recovery procedures can take up a significant amount of an administrators time. To reduce administrator
workload, you can enable properly trained end users to perform their own recoveries. SQL Server data
end-user recovery is not enabled by default; the administrator must configure DPM to allow end-user
recovery for each database, and then assign permissions to users or groups.
After the DPM administrator configures SQL Server recovery, the end user can perform a self-service
SQL Server recovery as follows:
1.
Install the DPM Self Service Recovery tool. You do not need to install this tool on the SQL Server;
instead, you can install it on the clients desktop, or on another computer with the Windows Server
operating system installed.
2.
Start the DPM Self Service Recovery tool with a user that has permissions for self-service recovery.
3.
Connect to the DPM server. The end user will need to know the DPM server name that protects the
SQL Server that the user wishes to recover. You must provide this information to the user.
4.
Create a new recovery job. This task initiates the restore process.
5.
Select both the SQL Server and the database that you want to recover. Users can only view the
SQL Server databases that they have been given permissions to manage.
6.
Select the recovery point.
7.
Select whether to recover to a SQL Server instance or to a network folder. If the user only has
permissions to recover data to a network folder, the user will only be given that option. You may
wish to provide guidance to the end users on where they are permitted to restore data. For example,
if a user is able to restore a database to its original location, the restore will take the current database
offline and replace it with the restored copy of the data. This could lead to unintended data loss if the
end user is not aware of how the recovery works.
8.
Select the location to which to restore data.
9.
Select whether to restore security, and whether to notify someone when the restore completes.
Performing Virtual Machine Recovery
In your private cloud, you may have several deployed virtual machines. If you are protecting your virtual
machines with a DPM protection agent that is installed on Hyper-V hosts, then the virtual machines and
their associated VHDs are available for recovery. There are several ways to recover data when a VHD is
protected with DPM. Recovery is performed in the DPM Administrator Console from within the Recovery
workspace.
When performing a VHD recovery you can use the following options:
Recover data to the original instance. This option recovers the selected recovery point to the
original Hyper-V server, and replaces the original machine. You typically use this option when the
virtual machine is damaged and you need to recover the entire virtual machine.
Recover data as a virtual machine to any host. This option recovers the selected recovery point to
another Hyper-V server. You typically use this option when the virtual machine is damaged and you
need to use another Hyper-V server to host the machine. You can also use this option to restore a
virtual machine for testing.
Copy to a network folder. This option copies the entire VHD file to a location on the network. Use
this option either to rebuild a virtual machine using the VHD file, or to recover data from the VHD.
Performing Item-Level Recovery on Hyper-V Virtual Machines
When you use ILR, you can recover data to either a network share or to a volume on a DPM-protected
server. However, you cannot use ILR recover the data directly to the original file location.
Note If you need to recover an item to its original location, you must manually copy it
from the DPM recovery location to its original location.
To perform ILR, you must meet one of the following two requirements:
The Hyper-V role must be enabled on the DPM server.
DPM must be running on a Windows Server 2008 R2 virtual machine.
Once you have met one of these requirements, you can recover item-level data to a location on the
network by completing the following steps:
1.
In the DPM Administrator Console, in the Actions pane, click Recovery.
2.
In the Browse pane, select the recovery point, expand the Hyper-V server, expand All Protected
HyperV Data, and then click the virtual machine from which you want to restore the item.
3.
In the details pane, double-click the VHD that contains the item you want to recover. The VHD
contents open so that you can select the specific folders or files that you want to recover.
4.
Select the data that you want to recover, right-click, and then click Recover.
5.
In the Recovery Wizard, choose the network location to which you want to recover the data, and
select the option that specifies to preserve file permissions.
6.
Complete the Recovery Wizard.
Lab Setup
Note
1.
2.
3.
4.
Password: Pa$$w0rd
Domain: Contoso
5.
6.
7.
In Hyper-V Manager, click 10751A-LON-DM1, and in the Actions pane, click Start.
8.
9.
Password: Pa$$w0rd
Domain: Contoso

11. In Hyper-V Manager, click 10751A-LON-AP2, and in the Actions pane, click Start.
12. In the Actions pane, click Connect. Wait until the virtual machine starts.
13. Log on using the following credentials:
Password: Pa$$w0rd
Domain: LON-AP2
Lab Scenario
You are the administrator at Contoso, Ltd. You have just deployed DPM, and now you want to perform
basic configuration and testing.
Critical to the success of your private cloud initiative is the ability to recover quickly from data loss.
Furthermore, management has mandated that all data must be restored to within 15 minutes of the last
transaction. Additionally, the SQL Server teams must be able to recover SQL Server databases themselves
from any SQL Server, and without having to interact with the data center management team.
Exercise 1: Configuring the Storage Pool

Scenario
You have added a disk to your DPM server that you will use to store protection data. You must configure
this disk and add it to the storage pool.
1.
Configure a new disk for DPM.
2.
Add the disk to the storage pool.
Task 1: Configure a new disk for DPM

1.
Log on to LON-DM1 using the following credentials:
Password: Pa$$w0rd
Domain: Contoso
2.
On LON-DM1, in Server Manager, in the navigation pane, locate the Disk Management node.
3.
In Disk Manager, bring online, initialize, and then convert Disk 1 to a dynamic disk.
Task 2: Add the disk to the storage pool

1.
In the DPM Administrator Console, in the Management workspace, perform a rescan of the disks.
2.
In the DPM Administrator Console, add Disk 1 to the DPM storage pool.
Results: After this exercise, you should have added a disk to the DPM storage pool.
Exercise 2: Deploying DPM Protection Agents

Scenario
You need to enable protection for two computers. First, you must automatically deploy the protection
agent on LON-SQ1. Second, you must manually install and configure the protection agent on a nondomain-joined computer.
1.
Automatically deploy a DPM protection agent on LON-SQ1.
2.
Manually deploy and configure a DPM protection agent on LON-AP2.
3.
Attach LON-AP2 to the DPM server.
Task 1: Automatically deploy a DPM protection agent on LON-SQ1

1.
In the DPM Administrator Console, click the Management workspace, and then in the navigation
pane, click Agents.
2.
Deploy the DPM protection agent to LON-SQ1 with the following options:
3.
Password: Pa$$w0rd
Domain: contoso.com
Choose restart method: No. I will restart the selected computers later.
Verify that the DPM protection agent completed the installation successfully.
Task 2: Manually deploy and configure a protection agent on LON-AP2

1.
Log on to LON-AP2 with user name Administrator and a password of Pa$$w0rd.
2.
Install the DPM protection agent from C:\DPM2012\Agents\amd64\DPMAgentInstaller_x64.exe.
3.
In an elevated command prompt, from the C:\Program Files\Microsoft Data Protection

Manager\DPM\Bin directory, run the following command:
SetDpmServer.exe -dpmServerName LON-DM1 -isNonDomainServer -userName DpmAgentAcct
4.
When prompted to enter a password, type Pa$$w0rd.
5.
Verify that SetDpmServer.exe completed successfully, and then log off of LON-AP2.
Task 3: Attach LON-AP2 to the DPM server

1.
On LON-DM1, in the DPM Administrator Console, click the Management workspace.
2.
Click Agents, and then click Install. Use the following information to attach the DPM protection
agent to a computer in a workgroup:
3.
Computer name: LON-AP2
Username: DpmAgentAcct
Password: Pa$$w0rd
Verify that the DPM protection agent attached successfully.
Results: After this exercise, you should have automatically deployed a DPM protection agent to a
domain-joined computer, and then manually installed and configured the DPM protection agent on a
workgroup computer.
Exercise 3: Creating and Configuring Protection Groups

Scenario
You need to protect a virtual machine that is running on LON-HOST2, and that does not have a DPM
protection agent installed. You must protect the virtual machine by configuring a Hyper-V protection
group. You also must enable the SQL Server administrators so that they can provide protection for the
AppController database on LON-SQ1.
1.
Create a Hyper-V protection group.
2.
Create a SQL Server protection group.
Task 1: Create a Hyper-V protection group

1.
On LON-DM1, open the DPM Administrator Console, and then click the Protection workspace.
2.
Create a protection group with the following properties:
Group member: Contoso.com\LON-HOST2\HyperV\Backup using Child Partition

Snapshot\10751-LON-AP1
Name: HyperV LON-HOST2 Protection Group
Retention range: 5 days
Task 2: Create a SQL Server protection group

1.
2.
Create a protection group with the following properties:
Group member: Contoso.com\LON-SQ1\All SQL Servers\LON-SQ1\AppController
Name: App Controller Protection Group
Retention range: 5 days
Results: After this exercise, you should have created a Hyper-V protection group and a SQL Server
protection group.
Exercise 4: Configuring SQL Server Self-Service Recovery

Scenario
You need to enable the SQL Server administrators so that they can recover data without needing to
contact the backup administrators. You also need to configure SQL Server self-service recovery.
1.
Configure the SQL Administrator recovery role.
2.
Install the DPM Self Service Recovery Tool on LON-SQ1.
Task 1: Configure the SQL Administrator recovery role

1.
2.
Create a new SQL self-service recovery role with the following properties:
Name: SQL Admins
Description: SQL Self Service Recovery Role
Specify <domain\group>: Contoso\SQLAdmins
Specify SQL Server instance: LON-SQ1
Database name: AppController
Task 2: Install the DPM Self Service Recovery Tool on LON-SQ1

1.
Log on to LON-SQ1 as Contoso\Administrator with the password Pa$$w0rd.
2.
Install the DPM Self Service Recovery Tool from C:\DPM2012\DpmSqlEUR_x64.msi.
3.
Log off of LON-SQ1.
Results: After this exercise, you should have configured SQL Server self-service recovery and installed the
DPM Self Service Recovery Tool.
Exercise 5: Restoring Data from a SQL Server Protection Group

Scenario
You have been asked to recover the latest data for the AppController database on LON-SQ1 to its original
location.
1.
Recover data from LON-SQ1.
Task: Recover data from LON-SQ1

1.
On LON-DM1, open the DPM Administrator Console, and then click the Recovery workspace.
2.
Perform a recovery with the following properties:
SQL Server: LON-SQ1
Database: AppController
Recover to the original instance and overwrite the current database
Results: After this exercise, you should have recovered the latest recovery point of a SQL Server database
to its original location.
Exercise 6: Performing Self-Service Recovery to Recover SQL Server Data

Scenario
You have been provided self-service access to recover data to a SQL Server. Before you make
modifications to the database, you must recover the latest available recovery point to disk so that you can
restore the database to your development lab, which does not have access to your production network.
1.
Use self-service recovery to recover data from LON-SQ1.
Task: Use self-service recovery to recover data from LON-SQ1

1.
Log on to LON-SQ1 using the following credentials:
User name: SQLUser
Password: Pa$$w0rd
Domain: contoso.com
2.
On LON-SQ1, start the DPM Self Service Recovery Tool, and then connect to
LON-DM1.Contoso.com.
3.
Start a new recovery job with the following properties:
SQL Server: LON-SQ1
Database: AppController
Recover the latest available recovery point
Recover to C:\DatabaseRecovery\AppController on LON-SQ1.contoso.com
Apply security settings of destination computer
4.
Log off of LON-SQ1.
5.
Shut down LON-AP2.
to a folder on your computer so that you can copy it to your development server.
Review Questions
1.
What is an RPO?
2.
What is a storage pool in DPM?
3.
Which earlier version of DPM can you upgrade to DPM 2012?
4.
To use the DPM Central Console, which other System Center product must you also deploy?
Common Issues Related to DPM
Identify the causes for the following common issues related to a particular technology area in the module,
and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module.
Issue
Troubleshooting tip
DPM 2012 cannot install.

Upgrade to DPM 2012 fails.
Best Practices Relating to Protecting the Private Cloud Infrastructure

Provide enough storage to complete backups.
Use hardware-based snapshots to speed up CSV backups.

11-1
Module 11
Automating and Standardizing the Private Cloud
Contents:
Lesson 1: Orchestrator Architecture and Components Overview
11-3
Lesson 2: Deploying and Configuring Core Components
11-13
Lesson 3: Managing Runbooks
11-22
Lesson 4: Configuring Integration Packs
11-35
11-45
Module Overview
11-2 Automating and Standardizing the Private Cloud
A private cloud is more than just a virtualized platform; it must offer self-service administration and
flexible deployment options. To provide a private cloud, you must use automation to streamline activities
and provide additional control to the administrators. Automation can improve the speed and accuracy of
administrative tasks while reducing the overall cost, because it takes less interaction from the IT
professional.
In this module, you will learn how to use Microsoft System Center 2012 Orchestrator (Orchestrator) to
automate the Microsoft System Center 2012 - Virtual Machine Manager (VMM) components, and you will
learn how to use Orchestrator to automate other IT systems.
Objectives
Describe Orchestrator architecture and components.
Deploy and configure Orchestrator components.
Create and execute run books.
Configure integration packs.
Lesson 1
Orchestrator Architecture and Components Overview
11-3
Creating a private cloud that meets the needs of your business requires additional automation and
optimization beyond what is provided with the products within the Microsoft System Center suite.
For example, you may need to integrate established business processes into VMM to ensure that each
department is billed for resources they consume. You may also need to integrate your private cloud
with legacy systems for provisioning and ticketing. You can achieve additional automation by using
Orchestrator to tie together the System Center suite and other IT services that are deployed within your
business.
Automation creates improvements by optimizing existing processes and technology, providing more
flexible and reliable services, and lowering costs. Orchestrator provides a platform that you can use to
automate IT processes and to connect multiple IT systems.
In this lesson, you will learn about how you can build an Orchestator architecture, and which components
you can include in it.
Objectives
Describe Orchestrator and its architecture.
Explain how to automate the private cloud using runbooks.
Describe integration packs, and explain how to use them to automate a private cloud.
Explain how to integrate Orchestrator into a private cloud.
Understand the system requirements for Orchestrator.
Orchestrator Overview
Once you have used the System Center tools to deploy a private cloud, you will need to perform routine
administrative tasks and procedures. You may also want to integrate the operation of your private cloud
into other business processes. For example, you may need to create new employee accounts and then
assign them resources. You might have specific tasks automated, but there may be gaps in the process.
Within your organization, you might have both a script to create a new user account and a script to assign
resources to that account, but what initiates the user creation process? By using Orchestrator, Human
Resources could begin the process during hiring when they provide the user name, the department, and
the location from where the user works. Automating these types of processes helps speed up daily tasks
and ensures that they are done consistently every time.
Orchestrator provides a platform to enable automation and integration of various processes within your
environment. Processes are defined quickly within flexible sequences. These sequences are called
runbooks, and they are created in a graphical user-interface (GUI) tool called Runbook Designer.
Orchestrator Architecture
Orchestrator enables you to configure and manage your virtualization host, networking, and storage
resources to create and deploy virtual machines and services to private clouds.
The following components make up the Orchestrator architecture:
11-5
Management server. The management server is the computer that provides communication between
the Runbook Designer and the orchestration database.
Runbook server. The runbook server is a computer that runs an instance of a runbook. Runbook
servers communicate with the orchestration database. You can configure multiple runbook servers to
provide additional resources or for redundancy.
Orchestration database. Orchestration database is a Microsoft SQL Server database that stores the
Orchestrator configuration, deployed runbooks, the status of runbooks, and log files.
Runbook Designer. Runbook Designer is an administration tool that you use to build, edit, and
manage Orchestrator runbooks.
Runbook Tester. Runbook Tester is an administration tool that you use to test runbooks that you
develop in Runbook Designer.
Orchestrator web service. Orchestrator web service is a web-based service that provides a
Representational State Transfer (REST)based administration API. This service enables applications
and scripts to start, stop, and check the status of runbooks. By default, the Orchestrator web service
is bound to TCP/IP port 81 and is accessed using http://<Servername>:81/Orchestrator2012
/Orchestrator.svc/.
Orchestrator console. Orchestrator console is a Microsoft Silverlightbased administration tool that

you use to start, stop, and view runtime status of runbooks. The Orchestration console relies on the
Orchestrator web service to perform actions and retrieve information. By default, the Orchestrator
console is bound to TCP/IP port 82 and is accessed using http://<Servername>:82/.
Deployment Manager. Deployment Manager is an administration tool used to register and deploy IPs,
runbook servers, and Runbook Designers.
Integration Pack. Integration Pack is a collection of activities that you use to interact with specific
products or technologies. Microsoft offers several integration packs to provide automation
capabilities to System Center and other products.
Orchestrator Integration Toolkit (OIT). Use the OIT to create integration packs that extend the
functionality of Orchestrator. If an integration pack does not exist for a product with which you need
to interface, you can use OIT to create one.
Automating the Private Cloud Using Runbooks
11-7
Orchestrator provides a structure to enable you to document processes using discrete tasks and methods
for passing information. Orchestrator enables automation with three principal components:
Activity. An activity is a task that performs actions or interactions within a workflow. Many standard
activities are included within Orchestrator, such as reading and writing files, running scripts, and
querying SQL Server databases. You can add additional activities to Orchestrator using integration
packs.
Runbook. A runbook is a series of activities that you arrange to complete a workflow. You define a
runbook in Runbook Designer by dragging activities from the Activities pane and arranging them in
the Design pane.
Data bus. Orchestrator enables information to move between activities in a runbook by using the
data bus. Each activity can retrieve information from the data bus before it executes. After execution,
the activity then publishes data on the data bus for other activities to use. For example, you can have
an activity query a database for a customer name, and for all records belonging to that customer. You
can then pass those records to the next activity for additional automation tasks.
Published data can be text (string), a date value, a number value, or a Boolean value (true or false). An
activity can publish data with multiple values. This data is available for subsequent activities to use by
subscribing to the data.
Using Integration Packs to Automate Your Private Cloud
Orchestrator can automate processes within your private cloud, and with other IT systems. It integrates
with System Center and with many of the other management products used within enterprise
environments today. This integration enables you to create runbooks that automate and control processes
that encompass more than just System Center.
Microsoft offers the following System Center integration packs are available for Orchestrator:
System Center Integration Pack for System Center 2012 Operations Manager
System Center Integration Pack for System Center 2012 Configuration Manager
System Center Integration Pack for System Center 2012 Service Manager
System Center Integration Pack for System Center 2012 Virtual Machine Manager
System Center Integration Pack for System Center 2012 Data Protection Manager
System Center Integration Pack for System Center Operations Manager 2007 R2
System Center Integration Pack for System Center Configuration Manager 2007
System Center Integration Pack for System Center Service Manager 2010
System Center Integration Pack for System Center Virtual Machine Manager 2008 R2
System Center Integration Pack for System Center Data Protection Manager2010
The following integration packs are available for other products:
Active Directory Integration Pack for System Center 2012 - Orchestrator
HP iLO and OA Integration Pack for System Center 2012 - Orchestrator
HP Operations Manager Integration Pack for System Center 2012 - Orchestrator
HP Service Manager Integration Pack for System Center 2012 - Orchestrator
IBM Tivoli Netcool/OMNIbus Integration Pack for System Center 2012 - Orchestrator
VMware vSphere Integration Pack for System Center 2012 - Orchestrator
11-9
The available integration packs enable you to easily create runbooks for many systems. If no integration
pack exists for a product that you need, you may be able to leverage a built-in activitysuch as a
Windows PowerShell scriptto accomplish the needed tasks. You may also use the OIT to create your
own customized integration pack.
Note A number of custom integration packs have been posted for use at the CodePlex:
Microsoft System Center Orchestrator website.
Discussion: Integrating Orchestrator into a Private Cloud
Orchestrator integrates with your IT systems and is designed to help reduce the amount of interaction
needed to accomplish repetitive tasks.
Question: What private cloud tasks would you use Orchestrator to automate?
Question: What private cloud tasks would you use Orchestrator to automate?
Orchestrator System Requirements
11-11
Before deploying Orchestrator and its components, you should be certain that your system meets the
software and hardware requirements. You can install Orchestrator on a single server or across multiple
servers.
All of the Orchestrator components share the following hardware requirements:
Central processing unit (CPU): Dual core CPU 2.1 gigahertz (GHz) or higher
Random access memory (RAM): 1 gigabyte (GB) required, 2 or more GB is recommended
Disk space: 200 megabytes (MB) (or more if SQL Server is installed on the same server)
However, each component also has specific software and hardware requirements that must be met.
Orchestrator Management Server
Orchestrator management server runs only on Windows Server 2008 R2. You must also ensure that your
system meets the following software requirements:
Microsoft .NET Framework 3.5 Service Pack 1 (SP1) or later
SQL Server 2008 Service Pack 2 (SP2) (Standard or Enterprise) or SQL Server 2008 R2 SP1 Standard,
Enterprise or Datacenter Edition. (SQL Server can be installed locally or on a separate server.)
Orchestrator supports SQL_Latin1_General_CP1_CI_AS for collation.
Orchestrator Web Service
Orchestrator web service runs only on Windows Server 2008 R2. You must also be sure that your system
meets the following software requirements:
.NET Framework 3.5 SP1
.NET Framework 4
Internet Information Services (IIS) role enabled
Silverlight 4 (required for the web service client)
An existing Orchestrator management server and database
Runbook Designer
Runbook Designer runs on Windows Server 2008 R2 and Windows 7. You must also be sure that your
system meets the following software requirements:
.NET Framework 3.5 SP1
An existing Orchestrator management server and database
Lesson 2
Deploying and Configuring Core Components
11-13
To have a complete Orchestrator deployment, you must install multiple components. You can deploy the
Orchestrator components in a number of ways for scale and redundancy. However, you must also plan
security configuration for your Orchestrator components. Once Orchestrator is deployed, you will use
Orchestrator console and Runbook Designer to configure runbooks.
In this lesson, you will learn about the core Orchestrator components, and how to configure them.
Objectives
Describe Orchestrator deployment tasks.
Explain how to deploy integration packs.
Explain how to configure Orchestrator security.
Describe the Orchestrator console and Runbook Designer.
Orchestrator Deployment Tasks
The first Orchestrator component that you deploy is a management server. To begin the deployment you
must first determine that your system meets the software and hardware requirements. Next you must
create a service account for the Orchestrator management service and make sure the following
permissions are granted:
Permission to log on to the management server as a service.
Member of the Microsoft.SystemCenter.Orchestrator.Admins role in the Orchestrator Data Store.
Local administrator permissions on the management and runbook servers.
You should create the service account in a domain because it will be used to connect to the Orchestrator
Data Store. Although you can use a local service account if you host the management database on the
management server, it is recommended to use a domain service account. This will reduce complexity if
you ever need to move the database at a later time or use a separate runbook server.
The Orchestrator Runbook Server Monitor, which monitors the health of runbook servers, is also installed.
The Orchestrator Management Service account is used for this service and requires the same permissions.
Orchestrator Runbook Server
Install the Runbook Server Service on each runbook server to execute runbooks and to communicate
with the Orchestrator Data Store. If you install the runbook service on the management server, then the
Orchestrator Management Server Service uses the same account as the Orchestrator Runbook Service. If
you install runbook servers on a different computer, you can specify another service account.
11-15
The Runbook server service account is the default account for executing runbooks; however, some
activities allow you to specify a different user account. Just as the Orchestrator Management Service
may need to access resources on other computers, the runbook server service account should be an
Active Directory domain account so that it can be granted permissions to resources within the domain.
The Orchestrator runbook service account must be granted the following permissions:
Log on as a service permission to the runbook server.
Access to resources that are needed within runbooks. For example, if a runbook needs to edit a text
file, then the service account will modify permissions to the text file.
Each runbook server is throttled to execute up to 50 runbooks concurrently. This value can be changed
for specific runbook servers or for all runbook servers using aspt.exe. You should only modify this value
after you have fully tested the new value. For redundancy and scale reasons, deploy more than one
runbook server. At least two runbook servers are recommended.
There are also activities that use Windows Management Instrumentation (WMI) for communication, and
therefore require that you enable certain Windows Firewall rules to function correctly. For Windows Server
2008 R2 targets, enable the following rules to allow WMI activities to function correctly:
Windows Management Instrumentation (Async-In)
Windows Management Instrumentation (DCOM-In)
Windows Management Instrumentation (WMI-In)
Other activities or integration packs may require that you enable other Windows Firewall rules. Be sure to
review all runbook activities to ensure the Windows Firewall is configured properly.
Deployment Manager
Install the Deployment Manager on the management server to import and deploy integration packs,
install additional runbook servers, and install the Runbook Designer on computers. Deployment Manager
runs under the desktop user account from which it is started. The user must be able to administer the
management server, and must have administrator access on the computers that are targeted to install
runbook servers and Runbook Designer.
By default, you will need to add a Windows Firewall rule to allow remote access to
OrchestratorRemotingService.exe to enable Deployment Manager to deploy runbook servers and
Runbook Designers remotely. For a Windows Server 2008 R2 or a 64-bit Windows 7 computer, the
program will be located at %SystemRoot%\SysWOW64\OrchestratorRemotingService.exe. If you
are using a 32-bit version of Windows 7, the file will be located at %SystemRoot%\System32
\OrchestratorRemotingService.exe.
Orchestrator Web Service
By default, Orchestrator web service is not configured to use Hypertext Transfer Protocol/Secure (HTTPS)
to protect communication. If you wish to protect logon information, you will need to obtain and install a
Secure Sockets Layer (SSL) certificate. To improve security and to be able to provide access records, you
should also enable request logging to document the calls made from the Orchestrator console and the
OIT. These logs will provide a history of the jobs and parameters that are passed into a runbook, and a
record of who started the job. You enable audit trail logging using atlc.exe.
To provide redundancy and additional capacity, you can deploy web services on multiple computers and
use network load balancing to direct traffic to each of the available servers.
Runbook Designer
A feature in Runbook Designer allows you to modify the properties of an activity by browsing the
network. By default, network discovery is disabled in Windows Server 2008 R2. If you wish to use network
discovery you must enable it. You are not required to enable network discovery, because you can type in
the target computer name rather than browsing the network.
If you are using Runbook Designer on a computer that is not the management server, you will need to
create a Windows Firewall to allow remote access to %Program Files (x86)%
\Microsoft System Center 2012\Orchestrator\Management Server\ManagementService.exe.
Deploying Integration Packs
11-17
To deploy an integration pack you must first download the integration pack, and then register the
integration packs into the Orchestration database by using the Deployment Manager on the management
server. Once an integration pack is registered in the database, you must then deploy it to the Runbook
Designers and runbook servers that need access to the integration pack. When updates are released for
an integration pack, you must follow the same process to import the update on the management server,
and then deploy the update to the runbook servers and Runbook Designers.
Note
You cannot uninstall a hotfix or an upgrade to an integration pack.
Configuring Orchestrator Security
Orchestrator uses to two groups to control access to resources: Orchestrator Users Group, and
Orchestrator System Group.
Orchestrator Users Group
User accounts that you add to Orchestrator Users Group have permissions to use the Runbook Designer
and Deployment Manager tools. Members of this group have permissions to perform the following
actions:
Deploy new runbook servers and Runbook Designers
Register and deploy integration pack
Create, view, change and execute runbooks
Configure settings for runbook servers
Modify runbook permissions
You can create and use Active Directory groups, or you can allow Orchestrator to create local groups on
the management server. For multiple server deployments, you must manually create Active Directory
groups, and then select them during installation. In single server deployments you can use local groups.
However, to provide flexibility and centralized management, you will want to use Active Directory groups.
Orchestrator System Group
A local group named OrchestratorSystemGroup is created on the management server, and on each
runbook server. The service account or service accounts that are assigned to the Orchestrator services are
added to this group to provide permissions to Orchestrator objects. If you change the service account,
you must manually add the new service account to this group.
Runbook Security
11-19
Runbook access permissions are set when you use Runbook Designer. By default, only the Orchestrator
Users Group has full access to the runbooks. You assign permissions to additional users or groups by
either modifying the access control list on a folder, or by modifying a specific runbook.
Overview of Orchestrator Console and Runbook Designer
The Orchestrator console is a Silverlight-based web page that you use to run and view the status of
runbooks that were created using Runbook Designer. The console is intended for use by those who are
not modifying runbooks.
Orchestrator Console
The following areas are present in the Orchestrator console:
Runbooks workspace. The Runbooks workspace lets you start, stop, and monitor runbooks. You can
also view the definition or design of a runbook, or a runbook instance. Viewing the definition of a
runbook instance can help you identify if the runbook instance had a different design than the
runbook that is currently checked in to Orchestrator.
Runbook Servers workspace. The Runbook Servers workspace displays the status of jobs and instances
for each runbook server. You choose the runbook server in the navigation pane, and then view and
filter the jobs and instances for the selected runbook server.
Events workspace. The Events workspace lets you view logs and all events for the management server,
and for all runbook servers. You can limit the events based on server, or by using a custom filter.
Runbook Designer
Runbook Designer is a management tool that you deploy using Deployment Manager. You use Runbook
Designer to create, manage, and run runbooks. Runbook Designer is intended for use by those who are
modifying runbooks. Runbook Designer is separated into four panes:
Connections. The Connections pane displays the connected Orchestrator server and its folders that
include runbooks, computer groups, runbook servers, and global settings.
Runbook Designer workspace. This is the work area where you can view and modify runbooks. Tabs
along the top list the runbooks in the folder that you selected in the Connections pane.
Activities. The Activities pane contains all of the available activities that you can use to build
runbooks. To build a runbook, drag an activity from the Activities pane to the Runbook Designer
workspace.
Log. The Log pane displays the history and logs for the currently selected runbook.
11-21
Lesson 3
Managing Runbooks
Runbooks are the core of the Orchestrator functionality. They define the activities and workflow for
automation tasks. It is important to understand what activities runbooks can complete, how to create and
modify runbooks, and how to control the workflow inside a runbook.
In this lesson, you will learn about creating and managing runbooks.
Objectives
Explain how to work with runbooks.
Describe the standard runbook activities that are available.
Describe how to control workflow within a runbook.
Describe runbook parameters, computer groups, and global settings.
Describe how to migrate from Opalis Integration Server 6.3 to Orchestrator.
Create a runbook.
Working with Runbooks
11-23
A runbook is a logical representation of a task sequence or process. The steps that you add to a runbook
are called activities. Activities can retrieve information, perform an action, or publish new data. Runbooks
do not have to follow a simple linear execution process; instead, runbooks use information to make
decisions on which activities to run. This enables automation of complicated tasks using just a few
runbooks.
You create runbooks in Runbook Designer by dragging activities into sequences, and then adjusting the
properties to modify their behavior. Smart links pass information from one activity as it completes to the
next. These links also provide a method of choosing which activity should run next.
Version Control
Runbooks are stored in the management database. You use Runbook Designer to view them, and to
check them out for modification. Multiple Runbook Designers can have different runbooks checked out
for modification. To edit the runbook, you must use Runbook Designer check it out. While the runbook is
checked out, no one else can make modifications to it. This protects runbook changes from being
overwritten by another editor.
After you are finished with a runbook that you have checked out, you have the option either to check in
the runbook, or undo the checkout. When you check in the runbook, you commit your changes to the
runbook, and you have the opportunity to comment on the changes that you made. If you choose to
undo check out, the runbook is reverted to the state it was before you checked it out, and no changes
are made.
All runbook changes are logged in the audit log. This log enables you to track when changes were made,
and by whom. In an environment with multiple administrators, this is invaluable to ensure that you
maintain the integrity of the runbooks.
Testing Runbooks
Before using or checking back in a runbook, you will want to test runbooks thoroughly to make sure they
work as intended. Runbook Tester allows you to test and validate a runbook. Using Runbook Tester, you
can step through the results of each activity, and view the data each activity publishes to the data bus.
Even though this is known as testing, the runbook is run unmodified against actual value. If the runbook
is configured to delete data, it will execute the activity against the values provided. If you want to use
Runbook Tester to test a runbook against test data, you must reconfigure the runbook to use a test
environment.
Running Runbooks
After you test and check in a runbook, there are a number of ways you may start the runbook You can
use Runbook Designer, the Orchestrator console, the Orchestrator web service API, or another program
such as Microsoft System Center 2012 - Service Manager. Runbook execution depends on the runbook
requirements. If a runbook is run only when an administrator needs it, you may just use the Orchestrator
console. If the runbook is part of a process in Service Manager, then that may be the best way to start the
runbook. If you are integrating Orchestrator with a custom process, you may decide to use the API to
initiate the runbook.
A job is created for every request made to run a runbook. These jobs will create an instance of the
runbook on the runbook server. You can review the status and history of the jobs and the instances that
have run using the Orchestrator console.
Standard Activities
Orchestrator includes a number of standard activities that you can leverage to build runbooks. These
activities are grouped into activity groups.
The following standard activity groups are available in Orchestrator:
11-25
System. The System activity group activities can stop and start processes, reboot computers, run .Net
scripts, or other programs, send and get Simple Network Management Protocol (SNMP) traps, and
Query Windows Management Instrumentation (WMI).
Schedule. Within the Schedule activity group, you can use the Monitor Data/Time activity to configure
the runbook to wait until a specific time before continuing the runbook execution. You use Check
Schedule to verify that a runbook or activity is allowed to run during at that time. For example if you
have a runbook that generates a high load, you may schedule it to run outside of business hours.
Monitoring. You use the Monitoring activity group activities to get information about computers.
Activities include retrieving status of Windows Services and processes, available disk space, and
monitor WMI information.
File Management. The activities within the File Management activity group include basic file
management tasks. You can copy, delete, move, and rename files and folders. You can also compress
and decompress files, print files, and monitor file changes. You can use these activities to create a
runbook to manage file server content.
Email. Use the Email activity group activities to send email using an SMTP server. You may use this to
send information about the results of the runbook.
Notification. The Notification activity group activities will make an event log entry on the Runbook
Server or on another computer on the network. You can also send an event to a syslog server. You
can use these notifications to log the runbook process for troubleshooting.
Utilities. The Utilities activity group activities can perform a wide range of tasks. You can use these
activities to compare files, format data time, generate random text, start a virtual private network
(VPN) or dialup connection, read and write log, HTML, and XML files, and retrieve or update data
from a SQL Server database.
Text File Management. The Text File Management activity group activities retrieve, read, insert,
append, and delete lines in a text file. You may also find text within a text file, and replace specified
text within a text file.
Runbook Control. Use the Runbook Control activity group activities to specify the parameters needed
to execute the runbook, specify what data a runbook should return when complete, and specify what
runbook to execute.
Workflow Control
11-27
Activities perform actions in the runbook, however in order to provide valuable runbooks that work in
complex, scenarios you must be able to control how the activities are executed. There are three main ways
the workflow in a runbook is controlled starting points, smart links, and loops.
Start and End Points
Runbooks can only have one defined starting point. After the starting point additional activities are
processed. A runbook can be started by a monitoring activity, which continually waits for a specific
action to occur before executing the second activity. A monitoring activity cannot be triggered by
another activity; it must be the starting activity in a runbook. You can also send the results of a runbook
to a second runbook, which causes that runbook to run.
Smart Links
When one activity completes, the next activity in the runbook is connected with a smart link. You can use
more than one smart link to connect multiple possible activities based on runtime input. You can also use
smart links to filter the data being passed in the databus to subsequent activities in the workflow.
You can also modify the properties of smart links to conditionally pass data to the next activity. Using
smart link conditions, you can create branches into runbooks. Branching is useful in creating a runbook
that can handle more complicated scenarios. For example, if you have a runbook that is designed to
create a checkpoint of a virtual machine only if it is running on a certain host and it is not on the correct
host, then the runbook must move the virtual machine to the correct host and then create the checkpoint.
Using conditions, you can configure the runbook to check which host the virtual machine is running on,
and then either create a checkpoint or move the virtual machine as needed. To configure smart link
conditions, modify the properties of the smart link. On the Include tab, specify the conditions that when
true will allow the connected activity to run. On the Exclude tab, specify the conditions that when true
will prevent the next activity from running.
You use the Junction Runbook Control activity to wait for multiple branches of the runbook to complete
before continuing to the next activity. Use smart links to connect each of the branches to the Junction
activity.
Loops
Loops allow you to retry an activity until a specific condition is met. Because monitor activities can only
be placed at the beginning of a runbook, a loop can provide similar functionality for other places in the
runbook. When an activity is configured to loop, the activity runs with the same input data until the
looping criteria is met. The loop condition can be based on any information the activity publishes. To
ensure that a loop can be exited, activities set to loop publish additional data about the number of times
the loop has executed and the amount of time the loop has been executing. This additional published
data can be used as criteria for executing the loop.
Data Manipulation
At times you may need to extract data from one source and manipulate or convert it to use it for other
activities. To do this, you modify text strings and perform simple arithmetic by typing the functions into
the textboxes that you use to configure an activity. For example, you can append a department number
to the beginning of any new virtual machine to ensure they are associated with the correct department.
To do this, you append the department name to the virtual machine name provided by the user.
Parameters, Computer Groups, and Global Settings
11-29
Orchestrator provides several other methods to simplify the creation and management of runbooks.
For example, global settings and computer groups define information used by a number of runbooks.
Parameters allow runbooks to accept information from outside the runbook to modify the execution
behavior.
Parameters
You may want to pass parameters to a runbook so that you can modify the behavior of the runbook. For
example, you may want to provide a name for the virtual machine that the runbook will create. You can
require this information by beginning the runbook with the Initialize Data activity and defining the
parameters.
Computer Groups
Computer groups are defined using Runbook Designer and can be used as the target of activities. A
computer group can be a statically assigned set of computers, or it can be dynamically evaluated based
on Active Directory queries. Using Active Directory queries allows a runbook to target all computers in the
group without an administrator having to update the group manually as computers are added and
removed from the domain.
Counters
When executing a runbook, you may want to track of the number of attempts a runbook made to
complete a task. This may be for troubleshooting purposes, or to keep statistics for the number of times
an activity was run. You cannot run multiple, concurrent instances of a runbook that modifies a counter,
because the counter will be unreliable. Counters are modified by the Modify Counter activity, and are
read by the Get Counter Value activity. Counters are created in the Counters folder of the Global Settings
node in Runbook Designer, and apply to the entire Orchestrator management server and associated
runbook servers.
Schedules
Schedules define the times that a runbook can run. For example, if you have a runbook that generates a
high load, you may create a schedule that only allows it to run outside of business hours. Schedules use
the system clock on runbook server. You create schedules are created in the Schedules folder of the
Global Settings node in Runbook Designer. Schedules that you create apply to the entire Orchestrator
management server and associated runbook servers.
Variables
Orchestrator provides the ability to use variables that are set once for each set of runbooks, or that can
be set when the runbook is executed. Variables are powerful and when used properly can reduce the
amount of management needed. For example, you could have a runbook that queries a SQL Server
database for the list of servers that require Microsoft System Center 2012 - Data Protection Manager
(DPM) protection agents installed, and then updates the database once the protection agent is deployed.
When you migrate the SQL Server database to a new server, you must locate each activity in the runbook
and then update it with the new SQL Server information. If you use a variable, you can simply update the
variable with the new information.
Orchestrator protects password variables by encrypting them. Therefore, you should specify passwords
using variables to protect them, and to make changing them easier. You create variables in the Variables
folder of the Global Settings node in Runbook Designer, and apply to the entire Orchestrator
management server and associated runbook servers.
Migrating from Opalis to Orchestrator Runbooks
11-31
If you are running Opalis in your environment and are considering moving to Orchestrator, there are
options for migrating between the two platforms. Orchestrator is not a direct upgrade from Opalis. It does
maintain the core principles upon which Opalis was developed, but it has been redesigned. Therefore,
there is no in-place upgrade from Opalis to Orchestrator.
Supported Upgrade Paths
If you are running Opalis Integration Server 5.2 or older, you must first upgrade to Opalis Integration
Server 6.3, and then export your Opalis Polices in a format that Orchestrator can import as runbooks. Even
though you can import a policy, it does not guarantee that the runbook will work as expected. You must
be sure the integration packs, data bus mode, and activities are all supported in Orchestrator.
For example, the Policy workflow in your Opalis workflows may be running in either Pipeline or Legacy
data bus modes. Pipeline mode is the mode that all Policies were created in by default in Opalis 6.3. The
other Opalis data bus modeLegacy mode is not supported in Orchestrator. If you have policies that
use Legacy mode, you will need to reconfigure the runbook before they will work in Orchestrator.
Migration Process
To begin the migration process, first document your existing Policies and identify which ones are being
used. For each of the Policies that are migrated, verify that each activity is still needed. If there are
activities that are no longer used, you can remove them from the Policy before migration to simplify any
remediation that might be needed. Because there is no direct migration path to Orchestrator, you should
limit the migration to the Policies that are still being used.
After you have identified the Opalis Polices that you want to migrate, export each of them from the Opalis
6.3 server. Next, import the exported Policies as runbooks using Runbook Designer. Because of differences
between the two products, you may encounter an object that existed in Opalis but does not exist, or is
renamed or replaced by another activity, in Orchestrator. If your imported runbook references an activity
or an integration pack that does not exist, a question mark will appear in the Runbook Designer in place
of those activities. You must reconfigure the activities as an available activity, or remove them if they are
no longer needed.
After you have imported and remediated the runbooks, you should test and verify your new runbooks.
Open Runbook Tester from the Runbook Designer. Review how the runbook runs, and verify that it works
as intended.
Designing Runbooks
11-33
Automating processes using runbooks can be complicated. There are a number of tools and
questions that you can ask yourself to reduce the complexity of developing and maintaining runbooks.
The following is a list of considerations that make administration easier and reduce the possibility of
problems occurring:
Create folders in Runbooks to organize runbooks for a specific task. Create the same folders under
each of the Global Settings folders (Counters, Variables, Schedules) to organize the global settings
objects created for the runbooks.
Create warning and failure logs. Make sure you are capturing and if possible reacting to issues so the
problem can be fixed.
Use descriptive labels for activities to make it clear what each activity is supposed to do. Use colors for
smart links to designate branches for easier troubleshooting.
Create subtasks in separate runbooks to limit the size of runbooks. Use the Invoke Runbook activity to
start the subtask runbooks.
Create subtasks in subfolders to make them easier to find.
When designing a runbook it is important that you understand the need to fully document the process
you plan to automate, before starting your runbook design.
Be prepared to answer the following questions:
What steps are needed to complete the task?
What information is needed to complete the task?
What information should the completed tasks provide?
What activities and integration packs will be used?
Will the runbook be run on a schedule, or will it be triggered using Service Manager, the Orchestrator
console, or the Orchestrator web service?
What errors or problems could occur during the process?
What choices must be made during the process?
Lesson 4
Configuring Integration Packs
11-35
Administrators can accomplish many tasks using the standard activities in Orchestrator. Integration
packs give runbooks additional functionality to integrate with other System Center products and other
technologies. To fully utilize your integration packs, you must know how to register and configure them.
In this lesson, you will learn about Orchestrator integration packs.
Objectives
Configure the System Center Integration Pack for System Center 2012 Virtual Machine Manager.
Configure the System Center Integration Pack for System Center 2012 Data Protection Manager.
Configure the System Center Integration Pack for System Center 2012 Operations Manager.
Configure the System Center Integration Pack for System Center 2012 Service Manager.
Configure Service Manager integration with Orchestrator.
Describe deployment of the Cloud Services Process Management Pack.
Integrating with VMM
You can use Orchestrator to automate common tasks in VMM using the System Center Integration Pack
for System Center 2012 Virtual Machine Manager.
The following activities are available in this integration pack:
Restart virtual machines.
Manage the self-service virtual machine library.
Create virtual hard disks (VHDs).
Create new virtual machines:
From virtual machine templates.
From VHDs.
Based off other virtual machines.
By modifying existing virtual machines.
Start and shut down virtual machines in batch mode.
Move virtual machines to a new host. This may be used as part of an upgrade scenario where you
must move all of the virtual machines from a host on which runbook will perform maintenance.
Create and restore virtual machine checkpoints. These activities may be used to create checkpoints
for virtual machines. These checkpoints could then be used during a process that makes changes to
the virtual machines.
Configuration
11-37
Before you can start using the Integration Pack for System Center 2012 Virtual Machine Manager, you
must perform several configuration steps:
1.
Set the Windows PowerShell execution policy to RemoteSigned on both the runbook servers and the
VMM server.
2.
Configure a connection to the VMM server in Runbook Designer by providing the following
information:
VMM Server name
User information to connect and execute tasks on VMM

Note If the VMM server is in an untrusted domain, you have to add the servers to the
Windows Remote Management TrustedHost list on all of the runbook servers.
Integrating with DPM
Orchestrator can also automate common tasks in DPM using the System Center Integration Pack for
System Center 2012 Data Protection Manager. The following activities are available in this integration
pack:
Automated virtual machine protection and recovery. These activities enable you to add protection to
a virtual machine, and perform recovery of a virtual machine. For example, you might create a
runbook to add a virtual machine that you initially deployed using a runbook.
Automated SharePoint Server farm protection and recovery. These activities enable you to automate
SharePoint Server protection and recovery tasks. You may use this as part of a runbook that
automates the migration of SharePoint Server to a new server by both protecting and then
recovering the data to the new server.
Automated SQL Server protection and recovery. These activities enable you to automate SQL Server
protection and recovery tasks. You may use this as part of a runbook that automates the migration of
SQL Server data to a new server by both protecting and then recovering the data to the new server.
Automated system state protection. You can use this to start system state protection.
One-time (Ad hoc) backups. At times you may need to protect data for specific purposes. For
example, you may need to protect data on a server right before to applying an operating system
update. You can create a runbook that performs a backup as part of installing the update.
Configuration
11-39
Before you start using the Integration Pack for System Center 2012 Data Protection Manager, you must
perform the following configuration steps:
1.
Add VMM servers to the Windows Remote Management TrustedHost list on all of the runbook
servers and Runbook Designers that will need to use the integration pack.
2.
Set the Windows PowerShell execution policy to RemoteSigned on both the runbook servers and the
DPM server.
3.
Configure a connection to the DPM server in Runbook Designer by providing the following
information:
DPM computer name
User information to connect and execute tasks on the DPM server
Integrating with Operations Manager
You can use Orchestrator to automate common tasks in Operations Manager using the System Center
Integration Pack for System Center 2012 Operations Manager. The following activities are available in this
integration pack:
Create, Get, Monitor and Update Alert. As part of a runbook, you may need to watch for alerts to
occur, or to verify that the runbook is executing successfully. You may also need to update alerts with
information about how the runbook is progressing.
Start and Stop Maintenance Mode. As part of a runbook, you may make changes to a computer to
avoid causing monitoring alerts to be created. You can use these activities to enable maintenance
mode before making changes, and then disable maintenance mode when the runbook completes the
changes.
Configuration
Before you can start using the Integration Pack for System Center 2012 Operations Manager, you must
install the Operations console on each runbook server and Runbook Designer. Then you must create a
connection to the Operations Manager server by providing the following information:
Operations Manager computer name
User account and password to connect and execute tasks on Operations Manager computer
Integrating with Service Manager
11-41
You can use Orchestrator to automate common tasks in Service Manager using the integration pack for
System Center 2012 Service Manager. The following activities are available in this integration pack:
Create Change with Template. Use this activity to have a runbook initiate a change using a defined
change template in Service Manager.
Create, Get, and Update Objects. Use these activities to have a runbook modify and create objects in
Service Manager.
Create Incident with Template. Use this activity to have a runbook create an incident using a defined
change template in Service Manager.
Create, Get, and Delete Relationship. Use these activities to have a runbook modify and create
relationships between objects in Service Manager.
Get and Update Activity. Use these activities to have a runbook retrieve and update Service Manager
activities.
Upload Attachment. You can use this activity to have a runbook upload an attachment. This
attachment could be an attachment that is generated during the execution of a runbook, or retrieved
by the runbook.
Configuration
To start using the integration pack for System Center 2012 Service Manager, you must first create a
connection by providing the following information:
Service Manager computer name
User account and password to connect and execute tasks on Service Manager computer
Importing and Using Runbooks in Service Manager
After configuring the integration pack for System Center 2012 Service Manager, you are able to use
activities to create runbooks that perform actions in Service Manager. However, if you enable Service
Manager to run runbooks you must also create a connector for Orchestrator using the Service Manager
console.
Using the Service Manager console, create an Orchestrator connector in the Administration workspace.
You will need to provide the following information for the connector:
Connector name. Create a name for the connector to make it easy to identify the Orchestrator server
to which it connects.
Orchestrator Web Service URL. Input the URL of the Orchestrator web service in the format of
http://<Servername>:<81>/Orchestrator2012/Orchestrator.svc.
Run As Account. This account will need to have access to view and run runbooks.
Sync folder. This is the top folder that will be synchronized from Orchestrator.
Orchestrator console. URL Input the URL of the Orchestrator console in the format of
http://<Servername>:<82>/.
Immediately after creating the connector, Service Manager synchronizes the information from
Orchestrator and imports all of the available runbooks into the Runbooks Library. To use an imported
runbook, you need to create a runbook automation activity template. This provides the option to map
parameters in the runbook to parameters in Service Manager, which allows Service Manager to pass
information to the runbooks. After you configure the infrastructure, the process for enabling Orchestrator
and Service Manager to work together is as follows:
1.
Create an Orchestrator runbook to automate a task.
2.
Create a runbook automation activity template in Service Manager.
3.
Add the Orchestrator activity template to a service request template.
4.
Create a Service Manager request offering.
11-43
Service Manager is now able to execute runbooks based on the input collected from within the Service
Manager request.
Deploying the System Center Cloud Services Process Pack
The System Center Cloud Services Process Pack is a set of Orchestrator runbooks, Operations Manager
management packs, and Service Manager workflows that provide common usage scenarios to integrate
System Center into a private cloud. The System Center Cloud Services Process Pack contains the following:
Service Catalog Request Offerings: Use request offerings to:
Create and update project.
Create and update capacity pool.
Create and update virtual machines.
Decommission project/ capacity pool/virtual machine.
Deploy Service.
Request for Service Deployment. This collection allows individuals or automated processes to create
a request for a standardized service to be deployed. Rather than requiring an end user to deploy a
virtual machine and manually configure it, this enables the request to initiate a standard deployment.
Chargeback. Many organizations would like to provide information about the amount of resources
consumed by each department or application. This collection enables you to gather information
quickly about resource consumption for chargeback.
Reports. Information about you private cloud is important for you to track changes and plan for
capacity. This collection provides many additional reports that summarize the health and
performance of your private cloud.
Lab Setup
Note
Before starting this lab, you must have completed the labs in Modules 2 and 5.
11-45
1.
2.
3.
4.
Password: Pa$$w0rd
Domain: Contoso
5.
Repeat steps 2 to 4 for 10751A-LON-SQ1, 10751A-LON-OM1, and 10751A-LON-OR1.
6.
7.
8.
9. Log on using the following credentials:
Password: Pa$$w0rd
Domain: Contoso
10. Repeat steps 7 to 9 for 10751A-LON-AP1 and 10751A-LON-DM1.
Lab Scenario
You are administrator at Contoso, Ltd. You have just deployed Orchestrator, and you want to perform
additional configuration and testing.
As part of a company-wide initiative, you need to improve the efficiency of the IT department by
automating manual processes. Furthermore, the IT Department would like to allow users to perform more
tasks themselves such as deploying virtual machines by using Service Manager to submit a service request.
11-47
Exercise 1: Creating a Runbook Server and Configuring Integration Packs

Scenario
You have just installed Orchestrator on LON-OR1, and you must now deploy a second runbook server on
LON-AP1.
1.
Configure Windows Firewall on LON-AP1.
2.
Deploy a runbook server on LON-AP1.
3.
Register System Center 2012 integration packs.
4.
Deploy System Center 2012 integration packs to LON-OR1 and LON-AP1.
5.
Configure the System Center Integration Pack for System Center 2012 Virtual Machine Manager.
6.
Configure the System Center Integration Pack for System Center 2012 Data Protection Manager.
7.
Configure the System Center Integration Pack for System Center 2012 Operations Manager.
Task 1: Configure Windows Firewall on LON-AP1

1.
On LON-AP1, in the Start menu, open Windows Firewall with Advance Security.
2.
Create an inbound rule named Orchestrator Remoting Service that allows connections to the
program at %SystemRoot%\SysWOW64\OrchestratorRemotingService.exe.
Task 2: Deploy a runbook server on LON-AP1

1.
On LON-OR1, in the Start menu, open Deployment Manager.
2.
In the left pane, right-click Runbook Servers and click Deploy a New Runbook Server. Configure
the deployment using the following information:
Computer: LON-AP1
Account Information User name: Contoso\Administrator
Account Information- Password: Pa$$w0rd
Do not select any integration packs or hotfix deployments at this time.
Task 3: Register System Center 2012 integration packs
On LON-OR1, in the Management server pane, right-click Integration Packs and register the
following integration packs that are stored in C:\OR2012\IntegrationPacks:
SC2012_data_protection_manager_integration_pack.oip
SC2012_operations_manager_integration_pack.oip
SC2012_virtual_machine_manager_integration_pack.oip
Task 4: Deploy System Center 2012 integration packs to LON-OR1 and LON-AP1
1.
2.
On LON-OR1, in the left pane, right-click Integration Packs, and deploy the following integration
packs both to LON-OR1 and LON-AP1:
System Center Integration pack for System Center 2012 Data Protection Manager
System Center Integration pack for System Center 2012 Virtual Machine Manager
System Center Integration pack for System Center 2012 Operations Manager
Close the Orchestrator Deployment Manager.
Task 5: Configure the System Center Integration Pack for System Center 2012 Virtual
Machine Manager
1.
On LON-OR1, open Runbook Designer.
2.
Click the Options menu, and then click SC 2012 Virtual Machine Manager.
3.
Add a configuration with the following information:
VMM Administrator Console: LON-VM1
Type: System Center Virtual Machine Manager
VMM Server: LON-VM1
User: Administrator
Domain: CONTOSO
Password: Pa$$w0rd
Task 6: Configure the System Center Integration Pack for System Center 2012 Data
Protection Manager
1.
In Runbook Designer, click Options and then click SC 2012 Data Protection Manager.
2.
DPM Administrator Console: LON-DM1
Type: PowerShell Remoting
Computer name: LON-DM1
DPM Server: LON-DM1
User: Administrator
Domain: CONTOSO
Password: Pa$$w0rd
Task 7: Configure the System Center Integration Pack for System Center 2012
Operations Manager
1.
In Runbook Designer, click Options, and then click SC 2012 Operations Manager.
2.
Name: LON-OM1
Domain: CONTOSO
Password: Pa$$w0rd
11-49
Results: Results: After this exercise, you should have deployed a runbook server, and registered, deployed,
and configured the System Center 2012 integration packs.
Exercise 2: Configuring a Template to Deploy Agents on a New Virtual

Machine
Scenario
You must now ensure that all of the virtual machines in your private cloud environment are protected.
Configure the StockTrader Web Application Server template to install the DPM Protection Agent
automatically when the template deploys.
1.
Modify the virtual machine template.
Task: Configure the virtual machine template

1.
On LON-VM1, open the Virtual Machine Manager console.
2.
Open the properties of the StockTrader Web Application template.
3.
On the OS Configuration tab, add the [GUIRunOnce] command:

C:\DPM2012\Agents\amd64\DPMAgentInstaller_x64.exe /q LON-DM1
Results: After this exercise, you should have configured the StockTrader Web Application Server virtual
machine template so that it will install the DPM protection agent automatically after the template has
deployed.
Exercise 3: Creating a Runbook to Protect All Resources on a Virtual

Machine Scenario
To protect virtual machines automatically, you create a runbook that will automatically add specified
virtual machine names into a protection group named PG1.
1.
Create variables for DPMServer, DPMUser, and DPMPassword.
2.
Create a new runbook named ProtectVM.
Task 1: Create variables for DPMServer, DPMUser, and DPMPassword

1.
On LON-OR1, open Runbook Designer.
2.
Expand LON-OR1, and then expand Global Settings. Create a folder under Variables named
AutomateDeploy.
3.
Create a folder under AutomateDeploy named 1. ProtectVM.
4.
Create the variables that are listed in the following table, in the 1. ProtectVM folder.
Name
Value
Encrypted Variable
DPMServer
LON-DM1
No
DPMUser
Administrator
No
DPMPassword
Pa$$w0rd
Yes
Task 2: Create a new runbook named ProtectVM
11-51
1.
On LON-OR1, open Runbook Designer, and under Runbooks, create a folder named
AutomateDeploy.
2.
Create a folder under AutomateDeploy named 1. ProtectVM.
3.
Create a new runbook in the 1. ProtectVM folder named ProtectVM.
4.
From the Runbook Control workspace, click and drag the Initialize Data Activity from the Activities
pane onto the Runbook Designer workspace.
5.
Modify Initialize Data, and create a string parameter named VMName.
6.
From the SC 2012 Data Protection Manager workspace, click and drag the Run DPM PowerShell
Script from the Activities pane onto the Runbook Designer workspace.
7.
Create a smart link from Initialize Data to Run DPM PowerShell Script.
8.
Modify the Run DPM PowerShell Script properties to the following settings:
Configuration Name: LON-DM1
Properties PowerShell Script:
'C:\Program Files\Microsoft System Center 2012\DPM\DPM\bin\AttachProductionServer.ps1' -DPMServerName {DPMServer} -PSName {VMName from Initialize
Data} -Username {DPMUser} -password {DPMPassword} -domain Contoso
9.
Properties Output Variable $results
From the SC 2012 Data Protection Manager workspace, click and drag Get Data Source onto the
Runbook Designer workspace.
10. Create a smart link from Run DPM PowerShell Script to Get Data Source.
11. Modify the Get Data Source properties to the following settings:
Properties Data Source Location: Production Server
Properties Name: {VMName from Initialize Data}
12. From the SC 2012 Data Protection Manager workspace, click and drag Protect Data Source onto
the Runbook Designer workspace.
13. Create a smart link from Get Data Source to Protect Data Source.
14. Modify the Protect Data Source properties to the following settings:
Properties Replica Creation Method: Manual
Properties Data Source ID: {DatasourceId from Get Data Source}
Properties Protection Group: PG1
15. Close the System Center 2012 Orchestrator Runbook Designer.

Results: After this exercise, you should have created a runbook to attach the virtual machine to
Data Protection Manager, and to protect all of the specified virtual machines data sources.
Review Questions
1.
What is a runbook?
2.
What is the process to upgrade from Opalis 6.3 to Orchestrator?
3.
On which operating systems can you install Orchestrator?
Common Issues and Troubleshooting Tips

Issue
Troubleshooting tip
Cannot install Orchestrator

Opalis Integration 6.3 Policies will not
import into Orchestrator
Best Practices
Fully document each process before you automate it.
Use integration packs as needed to provide additional activities.
11-53
Tools
Tool
Use for
Where to find it
Orchestrator console
Running and viewing runbooks
Start Menu
Deployment manager
Administrating integration packs, and deploying

runbook server and Runbook Designer
Start Menu
Runbook Designer
Runbook administration
Start Menu
Runbook Tester
Runbook testing
Runbook Designer

12-1
Module 12
Configuring the System Center Cloud Services Process Pack

Contents:
Lesson 1: Implementing the Cloud Services Process Pack
12-3
Lesson 2: Service Level Management
12-15
12-18
Module Overview
12-2 Configuring the System Center Cloud Services Process Pack
Microsoft System Center 2012 provides the infrastructure to create a private cloud. Once you have that
infrastructure in place, you can enhance the user experience by automating the private cloud provisioning
and management. To do this, you configure a private cloud service catalog using the System Center Cloud
Services Process Pack. The Service Level Management functionality in Microsoft System Center 2012
Service Manager provides monitoring for incidents and service requests, which ensures that user needs
are met in a timely way.
Implement the Cloud Services Process Pack.
Understand service level management.
10751A: Private Cloud Configuration and Deployment with System Center 2012 12-3
Lesson 1
Implementing the Cloud Services Process Pack
You provide users with access to a service catalog by using the Self-Service Portal in Service Manager.
This portal provides a web-based interface that describes the private cloud services that users can request.
To help deploy private cloud services, the Cloud Services Process Pack provides request templates and
automated processes for deploying cloud services. The Cloud Services Process Pack also provides reports
for monitoring the private cloud.
Describe the Cloud Services Process Pack.
Describe Cloud Services Process Pack Terminology.
Describe how to create request offerings.
Describe the Cloud Services User Roles and workflows.
List the prerequisites for installing the Cloud Services Process Pack.
Implement the Cloud Services Process Pack.
Identify the reports that are included in the Cloud Services Process Pack.
What Is the Cloud Services Process Pack?
You can simplify the deployment and management of private cloud resources by using the Cloud Services
Process Pack. The Cloud Services Process Pack builds on System Center 2012 to provide Infrastructure as
a Service (IaaS) for private clouds. IaaS is a model for requesting and provisioning data center resources
such as virtual machines and applications. The Self-Service Portal in Service Manager is the interface by
which users can access the processes that the Cloud Services Process Pack makes available.
The Cloud Services Process Pack includes best practices for providing IaaS. However, you can customize
the components that the Cloud Services Process Pack provides to meet the needs of your organization.
To implement the Cloud Services Process Pack, you must have the following System Center products in
your environment:
Microsoft System Center 2012 - Service Manager (Service Manager)
Microsoft System Center 2012 Orchestrator (Orchestrator)
Microsoft System Center 2012 Operations Manager (Operations Manager)
Microsoft System Center 2012 - Virtual Machine Manager (VMM)
The Cloud Services Process Pack provides building blocks for automating and controlling private cloud
resources. It includes predefined templates for performing common tasks. It also includes runbooks for
Orchestrator that can be used to automate virtual machine management.
Cloud Services Process Pack Terminology
To understand how to use the cloud services process pack, you first need to understand the terminology
used in the Cloud Services Process Pack configuration. The following terms are used for the Cloud Services
Process Pack:
Service provider. The service provider is the owner of the cloud who is responsible for providing and
maintaining the cloud infrastructure. For a private cloud, this may be an organizations IT department
or a subset of the IT department, or it may be an outside service provider whose services are
purchased by the organization.
Tenant. This is the organization that uses the private cloud resources. Tenants are defined based on
how you want to track and control the utilization of resources. You may choose to have tenants be
the equivalent to specific departments or specific projects.
Cloud resources. These are logical groupings of VMM resources that can be used to create virtual
machines. Cloud resources can include virtual machine templates, storage quotas, and memory
quotas. Users are able to request new virtual machines as long as there is sufficient unused capacity in
their cloud resources.
Cloud resources subscription. This is the assignment of could resources to users. After a cloud
resources subscription has been configured, users are able to use the resources to which they are
subscribed.
Service catalog. This is a web-based interface that describes the private cloud services that users can
request. It is based on the Self-Service Portal in Service Manager. The service catalog contains request
offerings and service offerings:
A request offering is an individual catalog item that is available to userssuch as creation of a

new virtual machine.
A service offering is a grouping of request offerings. You use service offerings to organize request
offerings into logical groups.
Request Offerings
The Cloud Services Process Pack includes request offerings for common private cloud service requests.
It also creates the service offering called Private Cloud Infrastructure Services. By default, no request
offerings are assigned to Private Cloud Infrastructure Services. Instead, you need to select request
offerings and assign them to Private Cloud Infrastructure Services.
Some of the default request offerings included in the Cloud Services Process Pack are:
Register a Tenant
Subscribe to Cloud Resources
Request Virtual Machine
Update Virtual Machine
Customizing Request Offerings
You can use the default request offerings that are included in the Cloud Services Process Pack, or you can
create new request offerings to meet your specific needs. If you choose to create your own request
offerings, you can:
Create new request offering. New request offerings are created from templates. You can also create
your own templates. This provides flexibility in the information that you want to gather.
Copy an existing request offering. This is helpful for when an existing request offering is similar to
what you need.
You can also define the information that a user is prompted for in a request offering. For example, as part
of a request you can ask a user for their cost center so that you can properly assign the cost of completing
the request. For each prompt that you define, you can configure the type of data that is allowed. For
example, you can define the data as an integer range or an Active Directory group.
When defining a prompt, you must map each prompt with a field in the request. Different fields are
available depending on how you create the request offering. The data type of the prompt must match
the data type of the field. For example, both must be a string, or both must be an integer. As another
example, you could map a string prompt that you create to the description field that is also a string.
Publishing Request Offerings
When you first create a request offering, it is unpublished. This means that users cannot select it. While a
request offering remains unpublished, you can configure or modify it without affecting users.
Once you finish creating and configuring your request offering, you must publish it to make it available to
users. When you publish the request offering as part of service offering, it appears in the Self-Service
Portal in that category. However, if the published request offering is not categorized in a service offering,
it remains uncategorized in the Self-Service Portal.
Cloud Services User Roles and Workflows
The Cloud Services Process Pack does not create or configure specific user roles for managing the private
cloud. It is your responsibility to create the necessary user roles for requesting and approving services. The
following user roles are typical:
Service Provider. Service provider users are responsible for installing and configuring the Cloud
Services Process Pack. Service provider users also create request offerings and service offerings.
Tenant Reviewer. Tenant reviewer users are responsible for approving new tenants and updates to
existing tenants.
Activity Implementer. Activity implementer users are responsible for implementing cloud resources
requests and decommission requests.
Tenant Administrator. Tenant administrator users are responsible for creating all tenant and cloud
resources requests. Virtual machine requests are also approved by this role.
Cloud Resources Subscription User. This user role creates requests for virtual machines and virtual
machine updates.
Workflows
The following is an example of a new tenant workflow with the Cloud Services Process Pack installed:
1.
The tenant administrator creates a request to register a new tenant.
2.
The reviewer approves the tenant request.
3.
The tenant administrator creates a cloud resources subscription request.
4.
The activity implementer allocates the resources for the cloud resources subscription request.
5.
The cloud resources subscription user requests a new virtual machine.
6.
The tenant administrator approves the request for the new virtual machine.
Prerequisites for Installing the Cloud Services Process Pack
Before you can install the Cloud Services Process Pack, you need to ensure that the necessary
prerequisites are in place. The Cloud Services Process Pack is installed on both Service Manager and
Orchestrator. The software installed on Service Manager is the Cloud services process pack. The software
installed on Orchestrator is the Cloud services runbooks.
Prior to installing the Cloud Services Process Pack, you must ensure that you meet the following software
configuration prerequisites:
Operations Manager is integrated with VMM.
The VMM Discovery Management Pack is imported into Service Manager. To import the VMM
management pack into Service Manager, you must import the necessary prerequisite management
packs for Windows Server 2008, Microsoft SQL Server 2008, and Internet Information Services (IIS).
When the Cloud Services Process Pack is uncompressed during installation, all required management
packs are placed in C:\Users\<username>\AppData\Local\Temp\Setup\ManagementPacks.
The System Center Integration Pack for System Center 2012 Service Manager must be deployed on
an Orchestrator runbook server.
Security Requirements
To install the Cloud Services Process Pack on Service Manager, you must meet the following requirements:
You must be a Service Manager administrator.
You must be a local administrator of the server running Service Manager.
To install the Cloud Services Runbooks, you must meet the following security requirements:
You must be a domain user.
You must an administrator of the Orchestrator database.
You must be a local administrator of the server running Orchestrator.
You must be a member of the local group OrchestratorUsersGroup.
The Orchestrator service account must be a VMM administrator.
Orchestrator Users Group

You define an Orchestrator users group when installing Orchestrator. The members of the Orchestrator
users group will have administrative permissions to Orchestrator. In most cases, you select a domain
group to be the Orchestrator users group. However, the default is to create a local group called
OrchestratorUsersGroup.
Regardless of what was configured when Orchestrator was installed, Cloud Services runbooks specifically
verifies that the user running the installation is a member of the local group OrchestratorUsersGroup. In
most cases, you need to create this local group and add the installer as a member to complete the
installation. You do not need to assign any specific permissions to OrchestratorUsersGroup.
Implementing the Cloud Services Process Pack
You must install the Cloud Services Process Pack in both Service Manager and Orchestrator.
The process for installing the Cloud Services Process Pack is as follows:
1.
Install all necessary prerequisite software and management packs.
2.
Install Cloud Services Process Pack on a Service Manager server. This adds request offerings that are
preconfigured for cloud services. The new request offerings are not published automatically.
3.
Install the Cloud Service runbooks on an Orchestrator server. These runbooks automate private cloud
management. For example, a runbook could create a virtual machine automatically when requested
by a user.
Connectors
After you have installed the Cloud Services Process Pack, you need to perform additional configuration. In
Service Manager, you need to create the following connectors to other System Center products, provided
they these connectors are not already configured:
VMM connector. The VMM connector imports VMM informationsuch as templatesinto Service
Manager.
Operations Manager connectors. An alert connector generates incidents automatically in Service

Manager based on Operations Manager alerts. A configuration item connector imports information
about discovered objects from Operations Manager into Service Manager.
Orchestrator connector. The Orchestrator connector performs actions automatically, based on

requests in Service Manager.
Additional Configuration Items

After you create the connectors, you can complete the Cloud Services Process Pack configuration. To
complete the Cloud Services Process Pack configuration, complete the following tasks:
Configure virtual machine resources. This process imports resources from VMM, and then allows you
to assign friendly names to the resources for easier reference.
Create user roles. You can create tenant administrators and cloud resources subscription users. Tenant
administrators approve requests and perform administrative actions. Cloud resources subscription
users create requests that may be implemented automatically or approved by tenant administrators.
Create notification channels and subscriptions. Notification channels and subscriptions send
notifications from Service Manager to assigned users.
Configure general properties. General properties include the assignment of users to roles such as
Tenant Administrator, Cloud Resources Subscription User, Tenant Reviewers, and Activity
Implementer.
Configure cost properties. Use this to assign costs for resources such as CPU, memory, and disk space.
Configure cost centers. You can create multiple cost centers to which you can assign projects. Use this
to track costs and then allocate them back to specific departments.
Configure offerings. Create the request offerings and service offerings to support your private cloud
deployment.
Create catalog groups. Use catalog groups to control access to the service catalog.
Cloud Services Process Pack Reporting
The Cloud Services Process Pack includes various reports for tenants and chargebacks. A chargeback is the
calculated cost of using private cloud resources. These reports generate automatically, and are stored in
the Service Manager data warehouse. Reports included in the Cloud Services Process Pack are:
Cloud Resources Report. This report displays capacity pool information. Use this information to
identify when cloud resources subscriptions are reaching their limits so you can decide whether to
increase the resources in the cloud resources subscription, or whether to identify virtual machines that
should be removed.
Tenant Report. This report displays tenant information to the service provider and the tenant
administrator. A tenant is a logical grouping of capacity pools. This is a way to summarize capacity
pool utilization based on a tenant.
Virtual Machine Report. This report displays virtual machine properties to the service provider, the
tenant administrator, and the cloud resources users. Use this report to identify the resources that
specific virtual machines use.
Chargeback Report per VM. This report displays chargeback costs for virtual machines to the service
provider, tenant administrator, and cloud resources users. Only virtual machines that these users
manage are reported on. Use this report to identify the cost of individual virtual machines.
Chargeback Report per Tenant. This report displays user chargebacks for tenants. Use this report to
calculate chargebacks that are made to departments or projects that are represented as the tenant.
Virtual Machines Daily Specs. This report displays user properties for virtual machines. Use this report
to identify the configuration of individual virtual machines.
VM Cost Settings Daily Report. This reports displays changes made to cost configurations. Use this
report to help track changes over time.
Customized Reports
You can also create custom reports by using the sample reports included in the Cloud Services
Management Pack, and in Microsoft Office Excel. To create custom reports, open a sample report in
Office Excel, and then modify the connection string to the Service Manager data warehouse. After
connecting to the Service Manager data warehouse, you can modify the report to customize it.
The sample reports that you can customize are located in C:\Program Files\Service manager
\Cloud services process pack\Sample Reports. The sample reports files are:
CloudServices.ShowbackReport.xlsx. Contains chargeback reports.
CloudServices.TenantReport.xlsx. Contains tenant reports.
Lesson 2
Service Level Management
Service level management is an important part of providing services to users. Service level management
ensures that private cloud service levels meet the requirements of users in your organization. Service level
management ensures that the timelines that users require for provisioning and incident response are met.
Describe service level management.
Describe calendar items.
What Is Service Level Management?
Service level management is a part of service management. It measure whether incidents and service
request are resolved within expected timelines. Expected timelines are defined by service level objectives.
A service level objective defines how quickly an incident should be resolved or a request should be
completed. In the service level objective, you can define a target time and a warning threshold. If the
timeto-completion is longer than the target time, then the service level objective was not met. To help
avoid not meeting the service level objective, a notification can be sent when the warning threshold is
reached, to help avoid not meeting the service level objective. This allows you time to meet the
requirements defined in the service level objective.
When you create a service level objective, you must assign it to a queue. The queue is used to group the
work items that the service level objective is measuring. The service level objective then reads the
information about the work items from the queue.
You use metrics to define how time is measured for a service level objective. Two metrics are created by
default:
Resolution Time. This metric defines the time that is required to resolve an incident as the time
between the incident start time and the incident resolution time.
Completion Time. This metric defines the time that is required to complete a service request as the
time between the request creation time and the incident resolution time.
You can create customized metrics that measure time for different object types, and that are based on
different time sources that are available in that object.
What Are Calendar Items?
Service level management lets you monitor the provisioning of services and incidents to ensure that they
are completed and resolved in a timely manner. In addition to defining metrics and the appropriate time
frames in Service Manager, you also need to create a calendar item.
A calendar item defines the time frame during which a service level object should be measured. A
calendar item defines normal working hours in which performance should be evaluated. A calendar is
linked to a service level objective. Time outside of the calendar item is not counted against a service level
objective.
The settings in a calendar item are:
Title
Time zone
Working days and hours
Holidays
Lab Setup
Note
1.
2.
3.
4.
Password: Pa$$w0rd
Domain: Contoso
5.
Repeat steps 2 to 4 for 10751A-LON-SQ1 and 10751A-LON-OR1.
6.
7.
8.
9.
Password: Pa$$w0rd
Domain: Contoso
10. Repeat steps 7 to 9 for 10751A-LON-AP1 and 10751A-LON-SM1.
Lab Scenario
Contoso, Ltd has implemented all of the infrastructure components for a private cloud. After
implementing the necessary infrastructure, Contoso, Ltd needs you to install the processes and
automation features to simplify private cloud management. You are implementing the Cloud Services
Process Pack to meet these needs.
Exercise 1: Installing the Cloud Services Process Pack

Scenario
The first step in implementing the Cloud Services Process Pack is to install the necessary prerequisite
management packs in Service Manager. After you complete this, you can install both parts of the Cloud
Services Management Pack, and then begin configuration by importing VMM resources into Service
Manager.
1.
Extract the prerequisite management packs.
2.
Import the prerequisite management packs.
3.
Install the Cloud Services Process Pack.
4.
Configure a Service Manager connection.
5.
Install the Cloud Services runbooks.
6.
Configure VMM resources.
7.
View the Cloud Services templates.
Task 1: Extract the prerequisite management packs

1.
On LON-SM1, open a Windows Explorer window, and browse to \\LON-AP1\E$\Labfiles

\MgmtPacks.
2.
Run System Center Cloud Services Process Pack.exe.
3.
Extract all files, and wait for the Cloud Services Process Pack Setup Wizard to open.
Task 2: Import the prerequisite management packs

1.
On LON-SM1, in the Start menu, open the Service Manager console.
2.
In the Service Manager console, in the Administration workspace, browse to the Management
Packs node.
3.
Import the all of the management packs from C:\Users\Administrator.Contoso\AppData\Local

\Temp\Setup\ManagementPacks.
Note
4.
Import all management packs in C:\Users\Administrator.Contoso\AppData\Local\Temp

\Setup\ManagementPacks\VMMMP.
Note
5.
You will need to change the File Type to MP files (*.mp).
You will need to change the File Type to MP files (*.mp).
When the import completes, close the Service Manager console.
Task 3: Install the Cloud Services Process Pack
in the Cloud Services Process Pack Setup Wizard, install the Cloud Services Process Pack by using
the following settings:
Name: Administrator
Organization: Contoso
I have read, understood, and agree with the terms of the license agreement
Task 4: Configure a Service Manager connection

1.
On LON-OR1, in the Start menu, open the System Center 2012 - Orchestrator Deployment
Manager.
2.
In the navigation pane, click Integration Packs.
3.
Right-click System Center Integration Pack for System Center 2012 Service Manager, and then
click Deploy IP to Runbook Server or Runbook Designer.
4.
In the Integration Pack Deployment Wizard, use the following settings:
System Center Integration Pack for System Center 2012 Service Manager
Computer: LON-OR1
Note
Do not schedule installation.
Stop all running runbooks before installing the integration packs or hotfixes.
5.
Close the Orchestrator Deployment Manager.
6.
From the Start menu, open the Orchestrator Runbook Designer.
7.
In System Center 2012 Runbook Designer, in the Options menu, select System Center Service
Manager 2010.
8.
In the System Center Service Manager 2010 window, add a connection with the following settings:
Name: SM Connector
Server: LON-SM1
Domain: Contoso
User name: SCService
Password: Pa$$w0rd
Polling: 10 seconds
Reconnect: 10 seconds
Task 5: Install the Cloud Services runbooks

1.
On LON-OR1, open Server Manager.
2.
In the Configuration node, use Local Users and Groups to create a new local group with the
following settings:
Group name: OrchestratorUsersGroup
Members: Contoso\Administrator
3.
On LON-OR1, open a Windows Explorer window, browse to \\LON-AP1\E$\Labfiles

\MgmtPacks\, and run System Center Cloud Services Process Pack.exe.
4.
Extract the files, and wait for the Cloud Services Process Pack Setup Wizard to start.
5.
In the Cloud Services Process Pack Setup Wizard, install Cloud Services runbooks by using the
following settings on the Product registration page:
Name: Administrator
6.
On the Prerequisites page, verify that the prerequisite check has passed.
7.
On the Configuration page, use the following settings, and then test the credentials:
8.
Password: Pa$$w0rd
Domain: Contoso
System Center Orchestrator Database Server: LON-SQ1
SQL Server instance: Default
Orchestrator Database: Orchestrator
On the Configuration page, use the following settings.
Runbooks folder name: SM-CloudServices
System Center Service Manager connection name: SM Connector
Task 6: Configure VMM resources

1.
On LON-SM1, start the Service Manager console.
2.
In the Service Manager console, in the Administration workspace, in the navigation pane, select
Cloud Services.
3.
Click Configure VMM Resources. The Configure VMM Resources Wizard starts.
4.
In the Configure VMM Resources Wizard, on the Logical Networks page, select StockTrader
Production Network, and then provide the user-friendly name StockTrader Network.
5.
Select External Network, and then provide the user-friendly name Internet.
6.
On the VIP Templates page, select Web load balancer.
7.
On the Storage Classifications page, select Local Storage, and provide the user-friendly name
Standard Storage.
8.
Select Remote Storage, and provide the user-friendly name High Availability Storage.
9.
On the VM Templates page, do not select any templates.
10. On the Service Templates page, select StockTrader Application.

11. On the Placement Tags page, add a placement tag with the following settings:
Display Name: High Availability
Description: Protected from host failure
12. Add another placement tag with the following settings:
Display Name: Standard Availability
Description: Not protected from host failure
Task 7: View the Cloud Services templates

1.
On LON-SM1, use the Service Manager console to view the templates in the Library workspace.
2.
Review the list of templates. Notice that some of the cloud services templates display.
3.
Close the Service Manager window.
Results: After this exercise, you should have installed the Cloud Services Process Pack.
Exercise 2: Configuring User Roles and Settings

Scenario
After installing the Cloud Services Process Pack, you need to begin configuring the components. First you
will create both a tenant administrator user role to approve tenant requests, and a cloud resources
subscription user role to request services. Next you will configure cloud services properties such as cost
centers and the costs associated with virtual machines.
1.
Configure a tenant administrator user role.
2.
Create a cloud resources subscription user role.
3.
Configure cloud services general properties.
4.
Configure cost properties.
5.
Create cost centers.
Task 1: Configure a tenant administrator user role

1.
On LON-SM1, open the Service Manager console.
2.
In the Cloud Services node, in the Administration workspace, click Create User roles for Tenant
Administrators and Cloud Resources Subscription Users.
3.
Create an End User user role with the following settings:
Name: Tenant Administrator
Management packs: Select All
Service Manager Cloud Services Administration Library
Service Manager Cloud Services Catalog Library
Service Manager Cloud Services Cube Library
Service Manager Cloud Services Data Warehouse Library
Service Manager Cloud Services Library
Service Manager Cloud Services Service Management Library
Service Manager Cloud Services Subscription Management Library
Service Manager Cloud Services Tenant Management Library
Service Manager Cloud Services Virtual Machine Management Library
All work items can be accessed
All configuration items can be accessed
All catalog items can be accessed
All forms can be accessed
Task 2: Create a cloud resources subscription user role

1.
In the Service Management console, browse to the Administration workspace, and then browse to
the User Roles node.
2.
Create an End User user role with the following settings:
Name: Cloud Resources Subscription User
Management packs:
Virtual Machine Manager Library
All work items can be accessed
All configuration items can be accessed
All catalog items can be accessed
All forms can be accessed
Task 3: Configure cloud services general properties

1.
In the Service Manager console, browse to the Administration workspace, and then browse to the
Cloud Services node.
2.
Configure the general properties as follows:
Tenant ID Prefix: TN
Cloud Resources Subscription ID Prefix: CS
Tenant Administrators User Role: Tenant Administrator
Cloud Resources Subscription User Role: Cloud Resources Subscription User
Tenant Reviewers: Contoso\Administrator
Activity Implementer: Contoso\Administrator
Task 4: Configure cost properties

1.
2.
Configure cost properties as follows:
Memory Cost (GB/Day): 1
Storage Cost (GB/Day): 1
CPU Cost Per Unit Per Day: .50
Miscellaneous Cost Per Day: 0
Notes: None
Task 5: Create cost centers

1.
2.
Create a cost center with the following settings:
3.
Display Name: Stock Trader Cost Center
Asset status: Deployed
Code: ST
Name: Stock Trader
Create a second cost center with the following settings:
Display Name: DinnerNow Cost Center
Code: DN
Name: DinnerNow
Results: After this exercise, you should have configured services roles and settings.
Exercise 3: Configuring Service Offerings

Scenario
Now that you have completed the Cloud Services Process Pack general configuration, you can begin
configuring request offerings and service requests.
1.
Configure the default service offering that was installed by the Cloud Services Process Pack.
2.
Create a service offering for tenant management.
Task 1: Configure the default service offering that was installed by the Cloud Services
Process Pack
1.
2.
In the Service Manager console, browse to the Cloud Services node in the Administration
workspace, and then select Group request offerings under service offering.
3.
In the Library workspace, view the properties of the Private Cloud Infrastructure Services service
offering.
4.
On the Request Offering page, add the following request offerings:
Cancel Cloud Resources Subscription
Update Cloud Resources Subscription
Task 2: Create a service offering for tenant management

1.
In the Service Manager console, in the Library workspace, browse to All Service Offerings, and then
create a service offering.
2.
In the Create Service Offering Wizard, on the General page, use the following settings:
Title: Tenant Management
Category: General
Overview: Options for managing cloud services tenants
Description: Options for managing cloud services tenants
Management pack: Create a new management pack called Cloud Customizations
3.
On the Detailed Information page, leave all selections blank.
4.
On the Related Services page, change no settings.
5.
On the Knowledge Articles page, change no settings.
6.
On the Request Offering page, choose to add objects, filter by the word tenant, and add all listed
objects.
7.
On the Publish page, use the following settings:
Offering status: Published
Offering owner: CONTOSO\Administrator (Administrator)
Results: After this exercise, you should have created a private cloud service offering.
Exercise 4: Creating an Incident Request

Scenario
You now need to create incident requests in the service catalog so that users can report problems that
need resolving. You need to customize an incident request, and then publish it.
1.
Create an incident request template.
2.
Publish an incident request.
Task 1: Create an incident request template

1.
2.
In the Library workspace, in the Service Catalog node, browse to All Request Offerings.
3.
Filter the request offerings based on the word incident.
4.
Create a copy of the Generic Incident Request template, and then place it in the Cloud
Customizations management pack.
5.
Edit the Copy of Generic Incident Request template.
6.
In the Edit Request Offering Wizard, on the General page, use the following settings:
7.
Title: Cloud Services Incident
Description, shown on the request offering page: Report a problem with cloud service
infrastructure
Template name: Generic Incident Request
Management pack: Cloud Customizations
On the User Prompts page, use the following settings:
User Prompts or Information: Are customers affected?
Response Type: Required
Prompt Type: True/False
8.
On the Map Prompts page, display all properties.
9.
Select the Incident object, and map the Is Downtime property to 6. Are customers affected?:
True/False.
10. On the Publish page, use the following settings:
Offering status: Draft
Task 2: Publish an incident request

1.
In the Service Management console, in the Library workspace, view the draft request offerings.
2.
Publish the Cloud Services Incident request offering.
3.
Add the Cloud Services Incident request offering to the Private Cloud Infrastructure Services
service offering.
Results: After this exercise, you should have created and published an incident request.

Scenario
You want to use service level management to monitor when users create virtual machines. To do this you
need to create all of the necessary objects, including a calendar, metric, and service level objective.
1.
Create a calendar for cloud services.
2.
View existing metrics.
3.
Create a metric for assigning cloud resources to a subscription.
4.
Create a service level objective.
Task 1: Create a calendar for cloud services

1.
On LON-SM1, in the Service Manager console, open the Administration workspace.
2.
Browse to Service Level Management\Calendar.
3.
Create a new calendar with the following settings:
Title: Cloud Services Calendar
Time zone: (UTC-08:00) Pacific Time (US & Canada)
Work day: Monday, Tuesday, Wednesday, Thursday, Friday
Start time: 7:00:00 AM
End time: 9:00:00 PM
Task 2: View existing metrics

1.
In the Service Manager console, open the Administration workspace.
2.
Browse to Metric, and then open Completion Time.
3.
Read the time metrics for the Start date and End date.
4.
Open Resolution Time, and read the time metrics for the Start date and End date.
Task 3: Create a metric for assigning cloud resources to a subscription

1.
2.
Create a new Metric with the following settings:
Title: Assign Cloud Resources
Class: Manual Activity to Assign Cloud Resources to Subscription
Start date: First assigned date
End date: Actual end date
Task 4: Create a service level objective

1.
2.
Create a new service level objective.
3.
In the Create Service Level Objective Wizard, on the General page, use the following settings:
4.
5.
6.
Title: Cloud Resources Assignment
Class: Manual Activity to Assign Cloud Resources to Subscription
Enabled
On the Queues page, create a new queue with the following settings, and then select it:
Virtual Machine Cloud Resources Assignment Queue
Work item type: Manual Activity to Assign Cloud Resources to Subscription
Criteria: do not select any
On the Service Level Criteria page, use the following settings:
Calendar: Cloud Services Calendar
Metric: Assign Cloud Resources
Target: 4 hours
Warning threshold: 30 minutes
Close the Service Manager console.
Results: After this exercise, you should have configured service level management for assigning cloud
resources.
Review Questions
1.
What is the difference between a request offering and a service offering?
2.
Which System Center 2012 products must you implement in your environment before implementing
the Cloud Services Process Pack?
3.
How does a calendar item affect tracking of a service level objective?

L1-1
Lab: Preparing the Private Cloud

Infrastructure
Exercise 1: Deploying the Virtual Machine Manager Agent
Task 1: Open the VMM console
1.
On LON-VM1, click Start, click All Programs, click Microsoft System Center 2012, click Virtual
Machine Manager, and then click Virtual Machine Manager Console.
2.
In the Connect to Server dialog box, click Automatically connect with these settings, and then
click Connect.
Task 2: Deploy the Virtual Machine Manager agent to the hosts

1.
In the VMM console, click the VMs and Services workspace, in the navigation pane right-click All
Hosts, and then click Add Hyper-V Hosts and Clusters.
2.
In the Add Resource Wizard, on the Resource location page, click the Windows Server computers
in a trusted Active Directory domain option, and then click Next.
3.
On the Credentials page, click Manually enter the credentials, in User name text box, type
Contoso\administrator, in the Password text box, type Pa$$w0rd, and then click Next.
4.
On the Discovery scope page, click Specify an Active Directory query to search for Windows
Server computers, and then click Generate an AD query.
5.
In the Find Computers window, next to Computer name, type *host*, and then click OK.
6.
On the Discovery scope page, click Next.
7.
On the Target resources page, in the Discovered computers pane, select Lon-host1.contoso.com
and Lon-host2.contoso.com, and then click Next. In the Virtual Machine Manager message box,
click OK.
8.
On the Host settings page, click Next.
9.
On the Summary page, click Finish.
10. In the Jobs window, wait until all jobs display a status of Completed, and then close the window.
Results: After this exercise, you should have deployed the Virtual Machine Manager agent to the host
machines.
Exercise 2: Creating a Hyper-V Host Cluster Using VMM

1.
Switch to LON-HOST1.
2.
Click Start, point to Administrative Tools, and then click iSCSI Initiator.
3.
4.
In the iSCSI Initiator Properties dialog box, click the Discovery tab.
5.
On the Discovery tab, click Discover Portal.
6.
In the IP address or DNS name text box, type 10.10.0.10, verify that the default port is 3260, and
then click OK.
7.
Click the Targets tab, and then click Refresh.
8.
In the Targets list, select iqn.1991-05.com.microsoft:lon-dc1-lon-host1-target, and then click

Connect.
9.
Ensure that the Add this connection to the list of Favorite Targets check box is selected.
10. Click Enable multi-path, and then click OK.

11. Click OK to close the iSCSI Initiator Properties dialog box.

1.
Switch to LON-HOST2.
2.
Click Start, point to Administrative Tools, and then click iSCSI Initiator.
3.
4.
In the iSCSI Initiator Properties dialog box, click the Discovery tab.
5.
On the Discovery tab, click Discover Portal.
6.
In the IP address or DNS name text box, type 10.10.0.10, verify that the default port is 3260, and
then click OK.
7.
Click the Targets tab, and then click Refresh.
8.
In the Targets list, select iqn.1991-05.com.microsoft:lon-dc1-lon-host2-target, and then click

Connect.
9.
Ensure that the Add this connection to the list of Favorite Targets check box is selected.
10. Click Enable multi-path, and then click OK.

11. Click OK to close the iSCSI Initiator Properties dialog box.
12. On LON-VM1, in the Virtual Machine Manager console, click the VMs and Services workspace.
13. Expand All Hosts, and then select lon-host1.
14. Right-click lon-host1, and then click Refresh.
15. Right-click lon-host2, and then click Refresh.
L1-2
Lab: Preparing the Private Cloud Infrastructure L1-3
Task 3: Create a Hyper-V host cluster in VMM

1.
On LON-VM1, in the Virtual Machine Manager console, click the Fabric workspace.
2.
On the navigation pane, click Servers, in the ribbon, click Create, and then click Hyper-V Cluster.
3.
On the General page, in the Cluster name text box, type LON-CLUSTER01, and then select Enter a
user name and password. In the User name text box, type Contoso\administrator, in the
Password text box, type Pa$$w0rd, and then click Next.
4.
On the Nodes page, in the Available hosts pane, select lon-host1.contoso.com, click Add, select
lon-host2.contoso.com, click Add, and then click Next.
5.
On the IP Address page, click 10.10.0.0/16, in the IP Address text box, type 10.10.0.15, and then
click Next.
6.
On the Storage page, select Quick Format and CSV on all listed disks, and then click Next. (Note
that one disk will be greyed out as it is automatically configured as the witness disk.)
7.
On the Virtual Networks page, click Next.
8.
9.
In the Jobs window, wait until the Install cluster job shows a status of Completed w/ Info, then close
the window. This can take up to 15 minutes to complete.
10. Close the Virtual Machine Manager console.

Results: After this exercise, you should have created a Hyper-V host cluster using VMM.

L2-5
Module 2: Configuring and Deploying the Private Cloud

with Microsoft System Center 2012 - Virtual Machine
Manager
Lab: Configuring and Deploying the Private

Cloud Infrastructure
Exercise 1: Reviewing and Configuring Hosts

Task 1: Review cluster configuration
1.
If necessary, log on to LON-VM1 as Contoso\Administrator using the password Pa$$w0rd.
2.
On the desktop, double-click Virtual Machine Manager Console.
3.
In the Microsoft System Center 2012 - Virtual Machine Manager (VMM) console, click the VMs and
Services workspace, and then in the navigation pane, expand the All Hosts node.
4.
Right-click LON-CLUSTER01, and then select Properties. The LON-CLUSTER01.contoso.com

Properties dialog box opens.
5.
Review the cluster configuration by browsing through all of the tabs. Do not make any changes.
6.
Click Cancel to close the LON-CLUSTER01.contoso.com Properties dialog box.
Task 2: Review and configure host network adaptors

1.
In the VMM console, below LON-CLUSTER01, right-click LON-Host1, and then select Properties.
2.
In the LON-Host1.Contoso.com Properties window, click Hardware.
3.
In the middle pane, under Network Adapters, click the network adapter.
4.
In the right pane, in the Description field, type Adapter for host management and virtual
machine usage.
5.
Under Logical network connectivity, ensure that the adapter is connected to External Network,
and that the options for Available for placement and Used by management are both selected.
6.
Click the Advanced button. Review the available options for configuring both the switch port mode
and associated logical networks.
7.
Click Cancel.
8.
In the left pane, click Virtual Networks. Under the Virtual Networking section, verify that the name
of the network is External Network, and that network binding is External, and then click OK.
9.
Open the Properties of LON-Host2, and repeat steps 1-8.
Results: After this exercise, you should have reviewed and configured hosts.
Module 2: Private Cloud Configuration and Deployment with System Center Virtual Machine Manager
Exercise 2: Configuring Host Groups

Task: Create and configure a host group named Production
1.
On LON-VM1, in the Virtual Machine Manager console, click the VMs and Services workspace.
2.
Right-click the All Hosts node, and then select Create Host Group.
3.
For host group name, type Production, and then press Enter.
4.
Right-click the Production host group, and then click Properties.
5.
In the Production Properties dialog box, click Host Reserves.
6.
Clear the Use the host reserves settings from the parent host group check box.
7.
Configure settings on this page as follows:
CPU: 10%
Memory: 512 MB
Disk Space: 10%
Network I/O: 5%
Leave other settings unchanged.
L2-6
8.
Click Dynamic Optimization. Clear the Use dynamic optimization settings from the parent host
group check box.
9.
Click the Automatically migrate virtual machines to balance load at this frequency (minutes)
check box, and then in the text box, type 15.
10. Click the Enable power optimization check box, and then click the Settings button.
11. In the Power Optimization Settings window, configure values as follows :
CPU: 40%
Memory: 2048
Disk I/O: 5
Network I/O: 10%
12. In the Schedule section, schedule power optimization to run only during night hours (from 7:00 P.M.
until 6:00 A.M., 7 days a week), and then click OK.
13. Clear the check boxes for Enable power optimization and Automatically migrate virtual
machines to balance load at this frequency.
Note
You are disabling these options, as we will not utilize these settings in the lab.
14. Click OK to close the Production Properties dialog box.

15. Right-click LON-CLUSTER01, and then select Move to Host Group. In the Move Host Group
LON-CLUSTER01.contoso.com window, under Parent host group, select Production, and then
click OK.
Results: After this exercise, you should have created and configured a host group.
Exercise 3: Configuring User Roles and Run As Accounts

Task 1: Configure a Run As account
1.
On LON-VM1, in the VMM console, click the Settings workspace.
2.
Expand Security, and then click Run As Accounts.
3.
In the ribbon, click Create Run As Account.
4.
In the Create Run As Account dialog box, type the following, and then click OK:
Name: Administrator account
Description: For administrative tasks
Password: Pa$$w0rd
Confirm password: Pa$$w0rd
Task 2: Create a user role for the StockTrader business unit

1.
On LON-VM1, expand the Security node, and then click User Roles.
2.
In the ribbon, click Create User Role.
3.
In the Create User Role Wizard, on the Name and description page, in the Name text box, type
StockTrader Business Unit, and then click Next.
4.
On the Profile page, click Self-Service User, and then click Next.
5.
On the Members page, click the Add button.
6.
In Select Users, Computers or Groups, type StockTrader, click OK, and then click Next.
7.
On the Scope page, click Next.

Note The scope will usually be a cloud. Since a cloud will be created in later labs, scope
will be configured then.
8.
On the Resources page, in the Specify user role data path part of the page, click Browse, select
MSSCVMMLibrary, click OK, and then click Next.
9.
On the Actions page, click the following check boxes, and then click Next:
Author
Checkpoint
Deploy
Local Administrator
Remote connection
Shut down
Start
L2-7
10. On the Run As accounts page, click Next.

12. Close the Jobs window.
L2-8
13. In the Virtual Machine Manager console, click the arrow at the top, left corner, and then select Open
New Connection.
14. In the Connect to Server window, click Specify credentials. For User name, type Contoso\Bart, and
for Password, type Pa$$w0rd, clear the Automatically connect with these settings check box, and
then click Connect.
15. Verify that the VMM console opens, and that only the Clouds node displays in the VMs and Services
workspace.
16. Close the VMM instance that was started with the Contoso\Bart credentials.
Results: After this exercise, you should have configured both a User role and a Run As account.
Exercise 4: Configuring the Library

Task: Add a Library share
L2-9
1.
On LON-VM1, in the Virtual Machine Manager console, in the Library workspace, in the Library
Servers node, select LON-VM1.contoso.com.
2.
Right-click LON-VM1.Contoso.com, and then click Add Library Shares.
3.
On the Add Library Shares page, click the VHD share, click the Add Default Resources check box,
and then click Next.
4.
On the Summary page, click Add Library Shares.
5.
After the job completes, close the Jobs window.
Results: After this exercise, you should have configured a library share.
Exercise 5: Preparing the Private Cloud Infrastructure

Task1: Create a new logical network
L2-10
1.
2.
In the navigation pane, expand the Networking node, and then click Logical Networks.
3.
On the ribbon, click Create Logical Network.
4.
In the Create Logical Network Wizard, on the Name page, in the Name field, type StockTrader
Production Network, and then click Next.
5.
On the Network Site page, click Next, and then click Finish.
6.
Close the Jobs window.
7.
In the ribbon, click Create IP pool.
8.
In the Create Static IP Address Pool Wizard dialog box, on the Name page, in the Name field, type
StockTrader IP Pool, and then next to Logical network, select StockTrader Production Network.
Click Next.
9.
On the Network Site page, in the Network site field, type Contoso HQ.
10. In the IP Subnet field, type 172.16.0.0/16, in the Host groups that can use this network site
section, click the Production check box, and then click Next.
11. On the VIP and Reserved IPs page, in the IP addresses to be reserved for other uses text box,
type 172.16.0.100, and then click Next.
12. On the Gateway page, click Insert, type 172.16.0.200, and then click Next.
13. On the DNS page, next to DNS Server Address, click Insert, and then type 172.16.0.10. In the
Connection specific DNS suffix box, type Contoso.com, and then click Next.
14. On the WINS page, click Next, and then click Finish.
Task 2: Create an IP pool for the external network

1.
2.
In the navigation pane, expand the Networking node, and then click Logical Networks.
3.
On the ribbon, click Create IP Pool.
4.
In the Create Static IP Address Pool Wizard dialog box, on the Name page, in the Name field, type
External. Next to Logical network, select External Network, and then click Next.
5.
On the Network Site page, in the Network site field, type External.
6.
In the IP Subnet field, type 10.10.0.0/16, in the Host groups that can use this network site
section, click the Production check box, and then click Next.
7.
On the VIP and Reserved IPs page, in the Starting IP address text box, type 10.10.0.80.
8.
On the VIP and Reserved IPs page, in the Ending IP address text box, type 10.10.0.95, and then
click Next.
9.
On the Gateway page, click Insert, type 10.10.0.1, and then click Next.
10. On the DNS page, next to DNS Server Address, click Insert, and then type 10.10.0.10. In the
Connection specific DNS suffix box, type Contoso.com, and then click Next.
11. On the WINS page, click Next, and then click Finish.
Task 3: Create a MAC pool and a virtual IP template
L2-11
1.
On LON-VM1, in the VMM console, on the ribbon, click Create MAC Pool.
2.
In the Create MAC Address Pool Wizard, on the Name and Host Group page, for the MAC address
pool name, type StockTrader MAC Pool, select the Production host group, and then click Next.
3.
On the MAC Address Range page, in the Starting MAC address field, type 00:27:B4:BF:A7:4F, and
in the Ending MAC address field, type 00:27:B4:BF:A7:7F.
4.
Click Next, and then click Finish.
5.
6.
In the VMM console, in the ribbon, click Create VIP template.
7.
In the Load balancer VIP template Wizard, on the Name page, in the Template name field, type
Web load balancer, in the Virtual IP port field, type 80, and then click Next.
8.
On the Type page, click Specific. From the Manufacturer drop-down list box, click Microsoft. From
the Model drop-down list box, click Network Load Balancing (NLB), and then click Next.
9.
On Protocol page, click TCP, and then click Next.
10. On the Persistence page, click Next, and then click Finish.
Results: After this exercise, you should have prepared private cloud infrastructure resources.
Exercise 6: Deploying a New Virtual Machine

Task: Create and deploy a new virtual machine
L2-12
1.
On LON-VM1, in the VMM console, click the VMs and Services workspace.
2.
On the ribbon, click the Create Virtual Machine button, and then click Create Virtual Machine.
3.
In the Create Virtual Machine Wizard, on the Select Source page, click Browse.
4.
In the Select Virtual Machine Source window, select WS08R2SP1.vhd, click OK, and then click Next.
5.
On the Specify Virtual Machine Identity page, type TestVM, and then click Next.
6.
On the Configure Hardware page, click Memory, set it to Static 1024 MB.
7.
On the Configure Hardware page, click Legacy Network Adapter, configure the adapter to
connect to the External Network, and then click Next.
8.
On the Select Destination page, click Place the virtual machine on a host, and then click Next.
9.
On the Select Host page, review Rating details and explanations, select LON-Host1.Contoso.com,
10. On the Configure Settings page, click Next.
11. On the Add Properties page, under Operating system, select 64-bit edition of Windows Server
2008 R2 Enterprise, and then click Next.
12. On the Summary page, click Create. Monitor the Job Status column to verify that the creation
completes successfully.
13. Close the VMM console.
Results: After this exercise, you should have deployed a new virtual machine.

L3-13
Module 3: Extending and Maintaining the Private Cloud

Infrastructure
Lab: Maintaining the Private Cloud

Infrastructure
Exercise 1: Configuring a PXE Server in VMM

Task 1: Install the Windows Deployment Services (Windows DS) server role
1.
On LON-VM1, click Start, point to Administrative Tools, and then click Server Manager.
2.
In the Server Manager console, in the navigation pane, click Roles.
3.
In the details pane, click Add Roles. The Add Roles Wizard starts.
4.
In the Add Roles Wizard, on the Before You Begin page, click Next.
5.
On the Select Server Roles page, select the Windows Deployment Services check box, and then
click Next.
6.
On the Overview of Windows Deployment Services page, click Next.
7.
On the Select Role Services page, ensure that both the Deployment Server and Transport Server
check boxes are selected, and then click Next.
8.
On the Confirm Installation Selections page, click Install.
9.
On the Installation Results page, verify that the installation has succeeded, and then click Close.
10. Close the Server Manager.
Task 2: Configure Windows DS

1.
On LON-VM1, click Start, point to Administrative Tools, and then click Windows Deployment
Services. The Windows DS console opens.
2.
In the Windows DS console, expand the Servers node.
3.
Right-click LON-VM1.Contoso.com, and then click Configure Server. The Windows Deployment
Services Configuration Wizard starts.
4.
On the Before You Begin page, click Next.
5.
On the Remote Installation Folder Location page, verify that the path displays C:\RemoteInstall,
and then click Next. When the System Volume Warning message displays, click Yes.
6.
On the PXE Server Initial Settings page, click Respond to all client computers (known and
unknown), and then click Next. A Task Progress bar starts.
L3-14
7.
On the Operation Complete page, clear the check box next to Add images to the server now, and
then click Finish.
8.
Close the Windows Deployment Services console.
Task 3: Configure the PXE server role in Microsoft System Center 2012 - Virtual
Machine Manager (VMM)
1.
On LON-VM1, on the desktop, double-click Virtual Machine Manage Console.
2.
If the Connect to Server dialog box displays, ensure that the Use current Microsoft Windows
session identity option is selected, and then click Connect. The VMM console open.
3.
Click the Fabric workspace, expand the Servers node, and then click PXE Servers.
4.
Right-click PXE Servers, and then click Add PXE Server. The Add PXE Server dialog box opens.
5.
In the Add PXE Server dialog box, in the Computer name field, type LON-VM1.
6.
In the Add PXE Server dialog box, select the Enter a user name and password option, in the User
name field, type Contoso\Administrator, in the Password field, type Pa$$w0rd, and then click
Add. The Jobs window opens.
7.
In the Jobs window, select the Setup a new PXE Server job. On the Summary and Details tabs,
monitor the status of the configuration job.
8.
When the job displays Completed, close the Jobs window.
9.
With the PXE Servers node selected, verify that LON-VM1.Contoso.com displays in the results pane,
and the Agent Status column displays Responding.
Results: After this exercise, you should have added a PXE Server to VMM.
Exercise 2: Configuring a Host Profile

Task 1: Configure a new host profile
L3-15
1.
In the VMM console, click the Library workspace, expand the Profiles node, and then click Host
Profiles.
2.
Right-click Host Profiles, and then click Create Host Profile. The New Host Profile Wizard dialog
box opens.
3.
On the Profile Description page, in the Name field, type Hyper-V Host Profile, and then click
Next.
4.
On the OS Image page, click Browse in the Choose a VHD dialog box, select WS08R2SP1.vhd, and
then click OK.
5.
On the OS Image page, click Next.
6.
On the Hardware Configuration page, under Management NIC, select the Allocate a static IP
from the following logical network option. Verify that External Network is selected, and then click
Next.
7.
On the OS Configuration page, under General Settings, select Domain. In the details pane, in the
Domain field, type Contoso.com.
8.
Next to Run As account, click Browse. In the Select a Run As Account dialog box, select
Administrator account, and then click OK.
9.
Under General Settings, click Admin Password. In the details pane, in both the Password and
Confirm boxes, type Pa$$w0rd, and then click Next.
10. On the Host settings page, under Add the following path, type C:\VmStorage. Click Add, and
then click Next.
11. On the Summary page click Finish.
12. After the host profile is created, close the Jobs window.
Results: After this exercise, you should have configured a host profile.
Exercise 3: Configuring an Update Server Role in VMM

Task: Add an Update Server to VMM
L3-16
1.
2.
In the navigation pane, expand the Servers node, and then click Update Server.
3.
Right-click Update Server, and then click Add Update Server. The Add Windows Server Update
Services Server dialog box opens.
4.
In the Add Windows Server Update Services Server dialog box, in the Computer name field, type
LON-VM1, and then in the TCP/IP port field, type 8530.
5.
Select the Enter a user name and password option. In the User name field, type
Contoso\Administrator, in the Password field, type Pa$$w0rd, and then click Add. The Jobs
window opens.
6.
In the Jobs window, select the Add Update Server job. On the Summary and Details tabs, monitor
the status of the configuration job.
7.
When the job displays as Completed w/info, close the Jobs window.
8.
With the Update Server node selected, verify that LON-VM1.Contoso.com displays in the results
pane and the Agent Status column displays Responding.
Results: After this exercise, you should have added the Update Server role to VMM.
Exercise 4: Configuring a Software Update Baseline in VMM

Task 1: Create a software update baseline
L3-17
1.
On LON-VM1, in the VMM console, click the Library workspace.
2.
In the navigation pane, expand Update Catalog and Baselines, and then click Update Catalog.
3.
In the results pane, verify that various software updates display. These updates have been
synchronized from the Windows Server Update Services (WSUS) server role. If you do not see any
software updates, right-click Update Catalog, and then click Synchronize Update Server. When
synchronization completes, close the Jobs window.
4.
In the ribbon, click Create, and then click Baseline. The Update Baseline Wizard starts.
5.
In the Update Baseline Wizard, on the General page, in the Name field, type Server Baseline, and
then click Next.
6.
On the Updates page, click Add.
7.
In the Add Updates to Baseline dialog box, press and hold the Ctrl key on your keyboard, and then
click the following updates:
8.
Click Add, and then click Next.
9.
On the Assignment Scope page, select the check boxes for the following items, and then click Next:
Library Servers: LON-VM1.Contoso.com
PXE Servers: LON-VM1.Contoso.com
Update Server: LON-VM1.Contoso.com
VMM Server: LON-VM1.Contoso.com

11. In the Jobs window, verify that Create new baseline has completed successfully.
Task 2: Verify baseline compliance

1.
On LON-VM1, click the Fabric workspace.
2.
In the navigation pane, expand Servers, and then click Library Servers.
3.
In the ribbon, click the Compliance button.
4.
In the results pane, note the compliance and operational status of lon-vm1.contoso.com.
Compliance Status should display as Unknown, and Operational Status should display as Pending
Compliance Scan.
5.
Select lon-vm1.contoso.com, and then in the ribbon, click Scan. The Operational Status column
changes to Scanning. After a minute or so, Compliance Status should report as Compliant. This
indicates that lon-vm1.contoso.com is compliant with the baseline that you configured in the
previous task.
6.
Close the VMM console.
7.
Shut down LON-VM1.
Results: After this exercise, you should have configured an update baseline, and verified baseline
compliance.
L3-18

L4-19
Lab: Configuring Virtual Application

Delivery
Exercise 1: Configuring the Server App-V Sequencer

Task: Install the Server App-V Sequencer on LON-SE1
1.
Log on to LON-SE1 as Contoso\Administrator using the password Pa$$w0rd.
2.
On the desktop, click Start, click All Programs, click Accessories, and then click Windows Explorer.
3.
In the Windows Explorer window, expand Computer, expand Local Disk (C:), expand SAV, and then
click x64.
4.
In the details pane, double-click SeqSetup.exe.
5.
On the Welcome to The Setup Wizard for Microsoft Server Application Virtualization
Sequencer page, click Next.
6.
On the License Agreement page, select I accept the license terms, and then click Next.
7.
On the Customer Experience Improvement Program page, leave the default settings, and then
click Next.
8.
On the Destination Folder page, leave the default settings, and then click Next.
9.
On the Ready to Install page, note that the installer will also install the prerequisites for the
Sequencer, and then click Next.
10. On the Setup had finished installing Microsoft Server Application Virtualization Sequencer
page, click Finish, and then close the x64 window.
Results: After this exercise, you should have installed the Server App-V Sequencer on LON-SE1.
Exercise 2: Configuring the Server App-V Agent

Task: Install the Server App-V agent on LON-AP1
L4-20
1.
Log on to LON-AP1 as Contoso\Administrator using the password Pa$$w0rd.
2.
On the desktop, click Start, click All Programs, click Accessories, and then click Windows Explorer.
3.
In the Windows Explorer window, expand Computer, expand Allfiles (E:), expand Labfiles, expand
SAV, and then click x64.
4.
In the details pane, double-click AgentSetup.exe.
5.
On the Welcome to The Setup Wizard for Microsoft Server Application Virtualization Agent
page, click Next.
6.
7.
On the Microsoft Update Opt-in page, select I do not want to use Microsoft Update, and then
click Next.
8.
On the Destination Folder page, leave the default settings, and then click Next.
9.
On the Ready to Install page, note that the installer will also install the prerequisites for the Server
App-V agent, and then click Next.
10. On the Setup had finished installing Microsoft Server Application Virtualization Agent page,
click Finish, and then close the x64 window.
Results: After this exercise, you should have installed the Server App-V agent on LON-AP1.
Exercise 3: Sequencing an Application

Task: Sequence the Pet Shop application
L4-21
1.
On LON-SE1, on the desktop, click Start, click All Programs, click Microsoft Server Application
Virtualization, and then click Microsoft Server Application Virtualization Sequencer.
2.
In the Microsoft Server Application Virtualization Sequencer, click Create a New Virtual
Application Package.
3.
In the Create New Package Wizard, on the Prepare Computer page, click Next.
4.
On the Select Installer page, click Select the installer for the application, and then click Browse.
5.
In the Browse navigation pane, expand Computer, expand Local Disk (C:), and then click SAV. In
the details pane, click Microsoft .NET Pet Shop 4.0.msi, click Open, and then click Next.
6.
On the Package Name page, in Virtual Application Package Name field, type PetShop4.0, and
then click Next.
7.
On the .NET Pet Shop 4.0 Welcome page, click Next.
8.
On the License Agreement page, click I Agree, and then click Next.
9.
On the .NET Pet Shop 4.0 Information page, click Next.
10. On the Installation Options page, click Source Code Only, and then click Next.
11. On the Select Installation Folder page, in the Folder field, type Q:\PetShop4.0\, and then click
Next.
12. On the Confirm Installation page, click Next.
13. On the Installation Complete page, click Close.
14. Close the Windows Internet Explorer window that opens.
15. Click Start, and then click Run.
16. In the Run dialog box, in the Open field, type cmd, and then click OK.
17. At the command prompt, type Q:, and then press Enter.
18. At the command prompt, type cd \Petshop4.0, and then press Enter.
19. At the command prompt, type build.bat, and then press Enter. When prompted to press any key to
continue, press a key.
20. At the command prompt, type DecryptWebConfig.bat, and then press Enter. When prompted to
press any key to continue, press a key.
21. Close the command prompt.
22. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS)
Manager.
23. In the connections pane, expand LON-SE1, and then click Sites.
24. In the Actions pane, click Add Web Site.
25. In the Add Web Site dialog box, in the Site Name field, type PetShop4, in the Physical path field,
type Q:\PetShop4.0\Web\, in the Port field, type 8081, and then click OK.
26. Close Internet Information Services (IIS) Manager.

27. In the Create New Package Wizard, on the Installation page, select the I am finished installing
check box, and then click Next. The sequencer collects the changes that were made.
28. On the Configure Software page, click Next.
29. On the Create Package page, click Close.
30. Click File, and then click Save.
31. In the Save As dialog box, in the navigation pane, click Computer, type
\\LON-AP1\E$\Labfiles\SAV\PetShop\PetShop4.0.sprj, and then click Save.
32. Close the Microsoft Server Application Virtualization Sequencer.
L4-22
Results: After this exercise, you should have successfully sequenced the Pet Shop application and saved
the package to LON-AP1.
Exercise 4: Testing the Server App-V Package Deployment

Task 1: Install Server App-V agent cmdlets on LON-AP1
L4-23
1.
On LON-AP1, on the desktop, click Start, click All Programs, click Accessories, and then click
Windows Explorer.
2.
In Windows Explorer window, expand Computer, expand Allfiles (E:), expand Labfiles, expand SAV,
and then click x64.
3.
In the details pane, double-click AgentCmdletsSetup.exe.
4.
On the Welcome to the Setup Wizard for Microsoft Server Application Virtualization Agent
PowerShell Cmdlets page, click Next.
5.
6.
On the Microsoft Update Opt-In page, select I do not want to use Microsoft Update, and then
click Next.
7.
On the Ready to Install page, click Next.
8.
On the Setup has finished installing Microsoft Server Application Virtualization Agent
PowerShell Cmdlets page, click Finish.
9.
Close the x64 window.
Task 2: Import the Server App-V package

1.
On LON-AP1, open Windows Explorer, and then browse to E:\Labfiles\SAV\PetShop.
2.
In the PetShop folder, right-click deploymentconfig.xml, and then click Edit.
3.
In Notepad, click Edit, and then click Replace.
4.
Replace all instances of localhost and (local) with LON-SQ1.
5.
Replace all instances of password= with password=pass@word1.
6.
Save and close Notepad, and then close the PetShop window.
7.
On LON-AP1, on the taskbar, right-click the Windows PowerShell button, right-click Windows
PowerShell, and then click Run as administrator.
8.
At the Windows PowerShell prompt, type the following cmdlet, and then press Enter. This changes
the Windows PowerShell execution policy.
Set-ExecutionPolicy RemoteSigned Scope Process Force
9.
Type Import-Module ServerAppVAgent, and then press Enter.
10. Type the following cmdlet, on a single line and then press Enter:
Add-ServerAppvpackage Petshop -Manifest
E:\Labfiles\SAV\petshop\petshop4.0_manifest.xml -sft
E:\Labfiles\SAV\petshop\petshop4.0.sft -configuration
E:\Labfiles\SAV\petshop\deploymentconfig.xml
11. Type Start-ServerAppVPackage Petshop, and then press Enter.
12. Click Start, click All Programs, and then click Internet Explorer.
L4-24
13. In the Internet Explorer address bar, type http://localhost:8081, and then press Enter to test the site.
The .NET Pet Shop web site displays.
14. Close Internet Explorer.
15. Close the Windows PowerShell window.
16. Shut down LON-SE1.
Results: After this exercise, you should have installed the Server App-V agent cmdlets on LON-AP1, and
successfully tested the Pet Shop application that you sequenced in Exercise 3.

L5-25
Lab: Creating the Private Cloud Building

Blocks
Exercise 1: Configuring Profiles
Task 1: Configure a guest OS profile named LON-DB OS Profile

1.
On LON-VM1, on the desktop, double-click Virtual Machine Manager Console.
2.
If the Connect to Server dialog box displays, ensure that the Use current Microsoft Windows
session identity check box is selected, and then click Connect. The Microsoft System Center 2012 Virtual Machine Manager (VMM) console opens.
3.
In the VMM console, click the Library workspace, expand Profiles, and then click Guest OS Profiles.
4.
In the ribbon, click Create, and then click Guest OS Profile.
5.
In the New Guest OS Profile dialog box, on the General page, configure the following settings:
Name: LON-DB OS Profile
Description: Guest OS Profile for new SQL Server
6.
Click the Guest OS Profile page.
7.
On the Guest OS Profile page, under General Settings, click Identity Information.
8.
In the Computer name text box, type LON-DB#.
9.
Click Admin Password, and then click Specify the password of the local administrator account.
In the Password and Confirm text boxes, type Pa$$w0rd.
10. Click Product Key, and then in the Product key box, type 489J6-VHDMP-X63PK-3K798-CPX3Y.
11. Click Operating System, and then verify that 64-bit edition of Windows Server 2008 R2
Enterprise is selected.
12. Under Networking, click Domain/Workgroup.
13. Click Domain, and then in the Domain text box, type Contoso.com.
14. Under Domain credentials, select Specify credentials to use for joining the domain.
15. In the Domain user text box, type Contoso\Administrator. In the Password and Confirm text
boxes, type Pa$$w0rd.
16. Click OK to close the New Guest OS Profile dialog box. The new profile displays in the results pane.
Task 2: Configure a hardware profile named WinServer2008R2
L5-26
1.
In the VMM console, click the Library workspace, expand Profiles, and then click Hardware Profiles.
2.
In the ribbon, click Create, and then click Hardware Profile.
3.
In the New Hardware Profile dialog box, on the General page, configure the following settings:
Name: WinServer2008R2
Description: Hardware Profile for new Windows Server 2008 R2 Servers
4.
Click the Hardware Profile page.
5.
On the Hardware Profile page, under Compatibility, click Cloud Capability Profile.
6.
Select the Hyper-V check box.
7.
In the General section, click Processor, and then select the Allow migration to a virtual machine
host with a different processor version check box.
8.
Click Memory, verify that Static is selected, and then change the Virtual machine memory option
to 1024 MB.
9.
Under Network Adapters, click Legacy Network Adapter 1, and then click Remove.
10. Click Network Adapter, and then click Network Adapter.

11. Under Network Adapters, click Network Adapter 1.
12. Under Connectivity, select the Connected to radio button, next to Logical network, click the dropdown list box, and then select External Network.
13. Click the Static IP (from a static IP pool) radio button, and then in the drop-down list box, select
IPv4 only.
14. Click OK to close the New Hardware Profile dialog box. The new profile displays in the results pane.
Task 3: Configure a SQL Server profile named SQLServer1

1.
In the VMM console, click the Library workspace, expand Profiles, and then click SQL Server
Profiles.
2.
In the ribbon, click Create, and then click SQL Server Profile.
3.
In the New SQL Server Profile dialog box, on the General page, configure the following settings:
Name: SQLServer1
Description: Template for New SQL Servers
4.
Click the SQL Server Configuration page.
5.
On the SQL Server Configuration page, next to Add, click SQL Server Deployment. A new SQL
Server deployment is added to the template.
6.
Name: SQLServer1
Instance name: MSSQLSERVER
Instance ID: DefaultInstance
7.
Under Installation Run As account, click Browse.
8.
In the Browse Run As Accounts dialog box, select Administrator account, and then click OK.
9.
Click Configuration.
10. In the Media source text box, type C:\SQLInstall.
L5-27
11. Click Add, and then in the Select Users or Groups dialog box, type Administrator, and then click
OK.
12. Next to Security mode, verify that Windows Authentication is selected.
13. Select the Use TCP\IP for remote connections check box.
14. Click Service Accounts.
15. Under SQL Server service Run As Account, click Browse.
16. In the Browse Run As Accounts dialog box, select Administrator account, and then click OK.
17. Repeat steps 15 and 16 for both the SQL Server Agent service Run As Account and the Reporting
Services Run As Account.
18. Click OK to close the New SQL Server Profile dialog box. The new SQL Server profile displays in the
results pane.
Task 4: Configure an application profile named StockTrader Web Application

1.
In the VMM Console, click the Library workspace, expand Library Servers, expand
LON-VM1.Contoso.com, and then click MSSCVMMLibrary.
2.
In the ribbon, click Import Physical Resource.
3.
In the Import Library Resources dialog box, click Add resource.
4.
In the Select resource items dialog box, in the File name field, type
\\LON-AP1\E$\Labfiles\WebApp\StockTraderWeb.zip, and then click Open.
5.
Under Select Library server and destination for the imported resources, click Browse.
6.
Under LON-VM1.Contoso.com, select MSSCVMMLibrary, and then click OK.
7.
Click Import.
8.
9.
In the VMM console, click the Library workspace, expand Profiles, and then click Application
Profiles.
10. In the ribbon, click Create, and then click Application Profile.
L5-28
11. In the New Application Profile dialog box, on the General page, configure the following settings:
Name: StockTrader Web Application
Description: Template for StockTrader web application
Compatibility: General
12. Click the Application Configuration page.
13. On the Application Configuration page, click OS Compatibility, and then select the 64-bit edition
of Windows Server 2008 R2 Enterprise check box.
14. Click Add, and then click Web application.
15. With Web Application selected, in the Name text box, type StockTrader Web.
16. Click Browse, in the Browse Application Packages dialog box, select StockTraderWeb.zip, and
then click OK.
17. Click OK to close the New Application Profile dialog box. The new application profile displays in the
results pane.
Results: After this exercise, you should have configured service template and virtual machine template
profiles.
Exercise 2: Configuring Virtual Machine Templates

Task 1: Create a VM template for the StockTrader web server
L5-29
1.
In the VMM console, click the Library workspace, expand Templates, and then click
VM Templates.
2.
3.
In the Create VM Template Wizard, on the Select Source page, select Use an existing VM template
or a virtual hard disk stored in the library, and then click Browse.
4.
In the Select VM Template Source dialog box, select WS08R2SP1.vhd, and then click OK.
5.
On the Select Source page, click Next.
6.
In the VM Template Identity page, configure the following options, and then click Next:
VM Template name: StockTrader Web Application Server
Description: Web Server hosting the StockTrader Web Application
7.
On the Configure Hardware page, in the Hardware profile drop-down list box, select
WinServer2008R2. Notice that the settings from the hardware profile import into the template.
8.
Click Next.
9.
On the Configure Operating System page, in the Guest OS profile drop-down list box, select
LON-DB OS Profile. Even though this profile was configured for LON-SQL2, you will modify the
settings for this specific web server.
10. Under General Settings, select Identity Information, and then under Computer name, change the
name to LON-WEB1#.
11. Under Roles and Features, select Roles.
12. Select the Web Server (IIS) check box, and then click Next.
13. On the Configure Applications page, in the Application profile drop-down list box, select
StockTrader Web Application. Notice that the settings from the application profile are imported
into the template.
14. Click Next.
15. On the Configure SQL Server page, in the SQL Server profile drop-down list box, select None-no
SQL Server configuration settings, and then click Next.
Task 2: Create a VM template for deploying SQL Server
L5-30
1.
In the VMM console, click the Library workspace, expand Templates, and then click VM Templates.
2.
3.
In the Create VM Template Wizard, on the Select Source page, select Use an existing VM template
or a virtual hard disk stored in the library, and then click Browse.
4.
In the Select VM Template Source dialog box, select SQL_Prep.vhd, and then click OK.
5.
On the Select Source page, click Next.
6.
On the VM Template Identity page, configure the following, and then click Next:
VM Template name: StockTrader SQL Server
Description: SQL Server to support the StockTrader application
7.
On the Configure Hardware page, in the Hardware profile drop-down list box, select
WinServer2008R2. Notice that the settings from the hardware profile are imported into the
template.
8.
Click Next.
9.
On the Configure Operating System page, in the Guest OS profile drop-down list box, select
LON-DB OS Profile, and then click Next.
10. On the Configure Applications page, in the Application profile drop-down list box, select None
do not install any applications, and then click Next.
11. On the Configure SQL Server page, in the SQL Server profile drop-down list box, select
SQLServer1, and then click Next.
Results: After this exercise, you should have configured VM templates.
Exercise 3: Configuring a Service Template

Task: Create a service template to deploy the StockTrader application
L5-31
1.
In the VMM console, click the Library workspace, expand Templates, and then click Service
Templates.
2.
In the ribbon, click Create Service Template.
3.
In the Virtual Machine Manager Service Template Designer, in the New Service Template dialog
box, in the Name text box, type StockTrader Application.
4.
Under Patterns, select Single Machine, and then click OK. The StockTrader Application loads into
the Template Designer.
5.
Under VM Templates, click and drag the StockTrader SQL Server template to the Add
applications section of the Tier.
6.
On the ribbon, click Save and Validate.
7.
Close the Virtual Machine Manager Service Template Designer.
Results: After this exercise, you should have configured a service template to deploy the StockTrader
application.
Exercise 4: Configuring a User Role

Task: Create a Delegated Administrator user role

1.
On LON-VM1, in the VMM console, click the Settings workspace, expand Security, and then click
User Roles.
2.
In the ribbon, click Create User Role.
3.
In the Create User Role Wizard, on the Name and description page, configure the following, and
then click Next:
Name: StockTrader App Admins
Description: User Role for StockTrader Administrators
L5-32
4.
On the Profile page, select Delegated Administrator, and then click Next.
5.
On the Members page, click Add.
6.
In the Select Users, Computers, or Groups dialog box, type StockTrader, click OK, and then click
Next.
7.
On the Scope page, select the Production check box, and then click Next.
8.
On the Library servers page, click Add.
9.
In the Select a Library server dialog box, click LON-VM1.Contoso.com, click OK, and then click
Next.
10. On the Run As accounts page, click Add.
11. In the Select a Run As Account dialog box, select Administrator account, click OK, and then click
Next.
12. On the Summary page, click Finish. After a few minutes, the Jobs window opens.
13. After the user role is created, close the Jobs window.
Results: After this exercise, you should have configured a Delegated Administrator user role.
Exercise 5: Deploying the StockTrader Application Service

Task: Connect as a StockTrader administrator, and deploy the StockTrader

application service
L5-33
1.
On LON-VM1, in the VMM console, in the upper left corner, click the menu button, and then click
Open New Connection.
2.
In the Connect to Server dialog box, select the Specify credentials radio button, in the User name
text box, type Contoso\Bart, and then in the Password text box, type Pa$$w0rd.
3.
Clear the Automatically connect with these settings check box, and then click Connect.
4.
In the Select User Role dialog box, click OK.
5.
Click the Library workspace, expand Templates, and then click Service Templates.
6.
In the results pane, select StockTrader Application.
7.
In the ribbon, click Configure Deployment.
8.
In the Select name and destination dialog box, in the Name text box, type StockTrader, and then
click OK.
9.
In the Deploy Service - StockTrader window, verify that the tier is placed successfully on a host.
10. In the Deploy Service StockTrader window, in the ribbon, click Deploy Service.
11. In the Deploy Service dialog box, click Deploy. In a few minutes, the Jobs window opens. Monitor
the deployment of the service using the Jobs window. It will take approximately 30 minutes to
complete the service deployment.
12. After the service is deployed, click the VMs and Services workspace.
13. In the ribbon, click Services.
14. In the results pane, right-click the StockTrader service, and then click Shut down.
15. Close all instances of the VMM console.
Results: After this exercise, you should have deployed the StockTrader application service.

L6-35
Lab: Deploying and Accessing a Private

Cloud
Note Before starting this lab, you must have completed the labs in Module 2 and
Module 5.
Exercise 1: Creating and Configuring a Private Cloud

Task 1: Create a private cloud
1.
Log on to LON-VM1 as Contoso\Administrator with the password Pa$$w0rd.
2.
On the desktop, double-click Virtual Machine Manager Console. If necessary, on the Connect to
Server dialog box, click Use current Microsoft Windows session identity, and then click Connect.
3.
In the Virtual Machine Manager console, click the VMs and Services workspace, and then in the
navigation pane, click the Clouds node.
4.
In the ribbon, click Create Cloud. The Create Cloud Wizard opens.
5.
On the General page, in the Name text box, type StockTrader Cloud, and then click Next.
6.
On the Resources page, ensure that the Host groups option is selected, click Production host
group, and then click Next.
7.
On the Logical Networks page, click External Network, and then click Next.
8.
On the Load Balancers page, click Microsoft Network Load Balancing (NLB), and then click Next.
9.
On the VIP profiles page, click Web load balancer, and then click Next.
10. On the Storage page, click Next.
11. On the Library page, next to Stored VM path, click Browse. Select the StoredVM-STR folder, and
then click OK. Next to Read-only library shares, click Add. Select RO-Library-STR, click OK, and
then click Next.
12. On the Capacity page, click Next.
13. On the Capability Profiles page, click Next.
15. After the job is finished, close the Jobs window.
Task 2: Configure private cloud capacity and capability features

1.
In the Virtual Machine Manager console, expand Clouds, right-click StockTrader Cloud, and then
click Properties.
2.
In the Properties dialog box, click the Capacity tab.
3.
In the right pane of the Capacity tab, clear all check boxes.
4.
Configure values for Cloud capacity as follows, and then click OK:
Virtual CPUs Assigned Capacity: 3
Memory (GB) Assigned Capacity: 10
Storage (GB) Assigned Capacity: 150
Custom quota (points) Assigned Capacity: 10
Virtual Machines Assigned Capacity: 5
L6-36
5.
In the Virtual Machine Manager console, click the Library workspace. In navigation pane, expand
Profiles, and then select Capability Profiles. Right-click Capability Profiles and then select Create
Capability Profile.
6.
In the Create Capability Profile Wizard, on the General page, in the Name text box, type
StockTrader, and then click Next.
7.
On the Capabilities page, configure the following values, and then click Next:
Fabric Compatibility: Hyper-V virtualization host
Processor Range: Minimum: 1, Maximum: 3
Memory Range: Minimum: 8 MB, Maximum: 6 GB
Hard Disk Count: Minimum: 0, Maximum: 4
Disk Size Range: Minimum: 0, Maximum: 80 GB
Fixed disks: Allowed
Make no changes on other categories.

8.
On the Summary page, click Finish. If the Jobs window appears, close the window.
9.
In the VMM console, click VMs and Services, right-click StockTrader Cloud, and then click
Properties.
10. Click the Capability Profiles tab.

11. Select StockTrader, and then click OK.
Task 3: Configure a user profile
L6-37
1.
In the Virtual Machine Manager console, click the Settings workspace, expand the Security node,
and then click User Roles.
2.
In the right pane, right-click StockTrader Business Unit, and then select Properties.
3.
In the StockTrader Business Unit Properties window, click the Members tab. Ensure that
Contoso\StockTrader is listed in the Members pane.
4.
Click Scope, and in the right pane, select StockTrader Cloud.
5.
Click OK to close the Properties window.
6.
In the Virtual Machine Manager console, click the VMs and Services workspace, right-click
StockTrader Cloud, and then select Assign Cloud.
7.
Do not make any changes. This is just to demonstrate a way to configure scope in two different ways.
Click Cancel without making any changes.
Results: After this exercise, you should have created and configured a private cloud.
Exercise 2: Configuring App Controller

Task: Configure App Controller
1.
On LON-VM1, open Windows Internet Explorer, in the address bar type

https://lon-vm1.contoso.com, and then press Enter.
2.
On the App Controller logon page, sign in as Contoso\Administrator with the password
Pa$$w0rd.
3.
On the Overview page, in the Private Clouds section, click Connect a Virtual Machine manager
server and clouds.
4.
In the Add a new VMM connection window, type the following, and then click OK:
Connection name: Contoso VMM
Server name: LON-VM1.contoso.com
Port: 8100
Automatically import SSL certificates: selected
L6-38
5.
When the job finishes, click Clouds in the navigation pane. Verify that you can now view StockTrader
Cloud in the central pane.
6.
Close the App Controller portal.
Results: After this exercise, you should have configured App Controller.
Exercise 3: Creating, Deploying and Managing Services

Task 1: Create a virtual machine template
L6-39
1.
On LON-VM1, in the VMM console, click the Library workspace, and then in the navigation pane,
expand Templates.
2.
Right-click VM Templates, and then select Create VM Template.
3.
In the Create VM Template Wizard, on the Select Source page, click Use an existing template or a
virtual hard disk stored in library, and then click Browse.
4.
In the Select VM Template Source window, click WS08R2SP1.vhd, click OK, and then click Next.
5.
On the VM Template Identity page, in the VM template name text box, type Win2008Srv, and
then click Next.
6.
On the Configure Hardware page, configure following values, and then click Next:
7.
Cloud Capability Profile: StockTrader
Memory: 1024 MB
Legacy Network Adapter: Connected to : Logical Network: External Network
On the Configure Operating System page, configure following values, and then click Next:
Admin Password: Select a Run As account for the local administrator account. Click Browse,
Product Key: 489J6-VHDMP-X63PK-3K798-CPX3Y
Domain/Workgroup: Select Domain: Contoso.com, click Select the Run As account to use for
joining the domain, click Browse, and then select Administrator account.
8.
On the Configure Applications page, click Next.
9.
On the Configure SQL Server page, click Next.
Task 2: Create a service template

1.
On LON-VM1, in the VMM console, click the Library workspace, and then in the navigation pane,
expand Templates.
2.
Right-click Service Templates, and then select Create Service Template.
3.
In the New Service Template window, for the Name, type WebServer, and for Release, type 1.0.
4.
In Patterns, select Single Machine (v1.0) and then click OK.
5.
In the VM Templates window, click and drag the Win2008Srv virtual machine template and release it
on the Single Tier text.
6.
Right-click on the same place where you released the virtual machine template, and then select
Properties.
L6-40
7.
In the Machine Tier 1 Properties window, click the Hardware Configuration tab. In the central pane,
select Cloud Capability Profiles, and verify that in the right pane, StockTrader is selected.
8.
In the central pane, in the Network Adapters section, click Legacy Network Adapter 1. In the right
page, ensure it is connected to External Network. Click Static IP (from a static IP pool), and then
from the drop-down box, select IPv4 only.
9.
In the Machine Tier 1 Properties window, click the OS Configuration tab.
10. In the Roles and Features section of the central pane, click Roles.
11. In the right pane, select following:
Web Server (IIS)
Management Tools
IIS Management Console
Web Server
.NET Extensibility
ASP
ASP.NET
Default Document
Basic Authentication
Windows Authentication
12. In the central pane, click Features, and then select .NET Framework 3.5.1.
13. In the left pane, click the Validation Errors tab, ensure that no error appears in right pane, and then
click OK.
14. Ensure that no errors or exclamation marks appear on the schema. If any errors or exclamation marks
appear, double-click the tier to open the Properties dialog box again, and then without making any
changes, click OK.
15. Ensure that on the schema NIC 1 is connected to External Network.
16. Right-click on the rectangle, where the text WebServer Release 1.0 displays (it should be on top),
and then select Properties.
17. Click the Access tab, and in the right pane, click the Add button.
18. In the Select Users window, select StockTrader Business Unit, and then click OK twice.
19. In the Virtual Machine Manager Service Template Designer window, click the Save and Validate
button in the ribbon.
20. Close the Virtual Machine Manager Service Template Designer window.
21. Right-click the WebServer service template, and then click Publish.
Task 3: Deploy and verify a service
L6-41
1.
On LON-VM1, in the Virtual Machine Manager console, click the arrow in the top left corner, and
then select Open New Connection.
2.
In the Connect to Server window, select the Specify credentials option, for the user name, type
Contoso\Bart, and for the password, type Pa$$w0rd. Clear the option to Automatically connect
with these settings, and then click Connect.
3.
In the Select User Role dialog box, click the StockTrader Business Unit profile, and then click OK.
4.
In the newly opened VMM window, verify that the window is named StockTrader Business Unit.
5.
Click the Library workspace.
6.
In the navigation pane, expand Templates, and then click Service Templates.
7.
In the results pane, right-click the WebServer template, and then select Configure Deployment.
8.
In the Select name and destination window, in the Name field, type WebServer1, in the Destination
drop-down menu, select StockTrader Cloud, and then click OK.
9.
In the Deploy Service window, verify that there are no errors or exclamation marks on service schema,
and then in the ribbon, click Deploy Service.
10. In the Deploy Service window, click Deploy.
11. The Jobs window will open, and you will be able to observe progress. The deployment will take 15-20
minutes.
12. After the create service instance completes, close the Jobs window.
13. In the VMM console, click the VMs and Services workspace.
14. Expand Clouds, and then click StockTrader Cloud.
15. In the ribbon, click the VMs button, and then verify that a machine named
ServiceVM00001.Contoso.com is visible and running.
16. Right-click ServiceVM00001.Contoso.com, select Connect or View, and then click Connect via
Console.
17. In the Virtual Machine Viewer window, click the Ctrl-Alt-Del button.
18. Log on to the machine as Contoso\Administrator with the password of Pa$$w0rd.
19. Open Server Manager, and verify that machine is joined to domain, and then click Roles and verify
that the Web Server (IIS) role is installed.
20. Close the Virtual Machine Viewer.
21. Close the VMM console that is named StockTrader Business Unit.
Task 4: Deploy a service by using App Controller
L6-42
1.
On LON-VM1, click Start, navigate to All Programs, Microsoft System Center 2012, App
Controller, and then click App Controller.
2.
On the App Controller page, enter the User name Contoso\Bart using the password Pa$$w0rd,
and then click Sign In. When prompted to select a role, click StockTrader Business Unit and then
click OK.
3.
On the Overview page, in the Common Task section, click Deploy a new service or virtual
machine.
4.
On the New Deployment page, click Configure.
5.
In the Select a cloud for this deployment window, click StockTrader Cloud, and then click OK.
6.
On the New Deployment page, click Select a template.
7.
In the Choose a template window, select WebServer Service 1.0 and then click OK.
8.
On the New Deployment page, in the INSTANCE section, click Configure.
9.
In the Properties of new Virtual Machine window, in the Description text box, type Deployed with
AppController, and then click OK.
10. On the New Deployment page, click Deploy.

11. In the App Controller window, click Jobs.
12. Verify that the Create service deployment job has an In Progress status.
13. Refresh the console and verify that it completes successfully. Optional: If you do not have enough
time to deploy a service once more, you can cancel this job in the VMM console Jobs workspace. It
might need around 15 minutes to complete.
14. Close the App Controller portal.
Task 5: Perform and verify a service upgrade

1.
Switch back to the VMM console on LON-VM1, which is running under the administrator account.
2.
Click the Library workspace.
3.
Expand Templates, and then click Service Templates.
4.
In the right pane, right-click the WebServer template, and then select Open Designer.
5.
In Virtual Machine Manager Service Template Designer, double-click the Win2008Srv Machine
Tier 1 box.
6.
In the Warning window, for New Release value, type 1.1, and then click OK.
7.
In the Machine Tier 1 Properties window, click the OS Configuration tab.
8.
In the central pane, click Roles under Roles and Features.
9.
Select the DNS Server role, and then click OK.
10. Click Save and Validate in the ribbon.

11. Close the Virtual Machine Manager Service Template Designer window.
12. Click WebServer (version 1.0). In the lower pane, click the WebServer1 text.
13. In the results pane, right-click WebServer1, and then select Set Template.
14. In the Change Service Template for WebServer1 Wizard, click Replace the current template
with an updated template for this service, and then click Browse.
15. Select WebServer version 1.1, and then click OK.
16. Click Next twice.
17. On the Update Method page, ensure that Update method is set to Apply updates to existing
virtual machines in-place, and then click Next.
18. On the Update Reviews page, read the warning, click Apply the updates to the service
immediately after this wizard completes, and then click Next.
L6-43
20. The Jobs window will open, and you will be able to observe progress. To update the service will take
1-2 minutes. (The job with most likely complete with a status of Completed w/ Info that is normal).
21. After the job completes, close the Jobs window.
22. Expand, WebServer1, expand Win2008Srv Machine Tier 1, right-click virtual machine
ServiceVM00001.Contoso.com, select Connect or View and then click Connect via console.
23. If necessary, in the Virtual Machine Viewer window, click the Ctrl-Alt-Del button. Log on as
Contoso\Administrator with the password of Pa$$w0rd.
24. Open Server Manager, and verify that the DNS Server role is installed.
25. Close the Virtual Machine Viewer window.
26. Right-click WebServer1, and then click Shut Down.
27. Right-click WebServer, and then click Shut Down.
28. Close the VMM console.
Results: After this exercise, you should have deployed a service.

L7-45
Module 7: Monitoring the Private Cloud Infrastructure
Lab: Monitoring the Private Cloud

Infrastructure
Exercise 1: Deploying Agents

Task 1: View currently monitored computers
1.
On LON-OM1, click Start, point to All Programs, click Microsoft System Center 2012, expand
Operations Manager, and then click Operations Console.
2.
In the Operations console, in the Monitoring workspace, under Monitoring, click Discovered
Inventory.
3.
Read the list of computers, and notice that only LON-OM1.Contoso.com displays. If the state does not
show Healthy, right-click the LON-OM1.Contoso.com object, and then click Refresh.
Task 2: Identify the management action account

1.
In the Operations console, in the Administration workspace, under Run As Configuration, click
Accounts.
2.
Under Type: Action Account, read the description for Contoso\SCAdmin. This user account is used
on agent-managed computers to run tasks. This account is configured as a domain administrator.
Task 3: Install the agent on systems by using the Discovery Wizard

1.
In the Operations console, in the Administration workspace, click Administration.
2.
On the Administration Overview page, click Required: Configure computers and devices to
manage.
3.
In the Computer and Device Management Wizard, on the What would you like to manage page,
click Windows computers, and then click Next.
4.
On the Auto or Advanced page, click Advanced discovery.
5.
In the Computer and Device Classes dialog box, select Servers Only.
6.
Verify that the Management Server is LON-OM1.Contoso.com, and then click Next.
7.
On the Discovery Method page, click Scan Active Directory.
8.
In the Domain box, select Contoso, and then click Configure.
9.
In the Find Computers window, verify that the Role box is set to Any, and then click OK.
10. On the Discovery Method page, click Next.
L7-46 Module 7: Monitoring the Private Cloud Infrastructure
11. On the Administrator Account page, click Use selected Management Server Action Account, and
then click Discover.
12. On the Select Objects to Manage page, select the check boxes for the following servers:
LON-DC1.Contoso.com
LON-DM1.Contoso.com
LON-VM1.Contoso.com
13. In the Management mode box, select Agent, and then click Next.
14. On the Summary page, read the default agent installation directory. Notice that the Agent Action
Account is Local System, and then click Finish.
15. Wait for agent installation to complete for all three targets, and then click Close.
Task 4: Configure agentless monitoring by using the Discovery Wizard

1.
In the Operations console, on the Administration Overview page, under Actions, click Configure
computers and devices to manage.
2.
In the Computer and Device Management Wizard, on the What would you like to manage page,
click Windows computers, and then click Next.
3.
On the Auto or Advanced page, click Advanced discovery.
4.
In the Computer and Device Classes box, select Servers Only.
5.
Verify that the Management Server is LON-OM1.Contoso.com, and then click Next.
6.
On the Discovery Method page, click Scan Active Directory.
7.
In the Domain box, select Contoso, and then click Configure.
8.
In the Find Computers window, verify that the Role box is set to Any, and then click OK.
9.
On the Discovery Method page, click Next.
10. On the Administrator Account page, click Use selected Management Server Action Account, and
then click Discover.
11. On the Select Objects to Manage page, select the check box for the following servers:
LON-SQ1.Contoso.com
LON-AP1.Contoso.com
12. In the Management mode box, select Agentless, and then click Next.
Task 5: Prepare security for manual agent installation

1.
In the Operations console, in the Administration workspace, click Settings, and then double-click
Security.
2.
In the Global Management Server Settings Security window, click Review new manual agent
installations in pending management view, and then click OK.
Task 6: Manually install the agent
L7-47
1.
On LON-HOST1, click Start, and then click Computer.
2.
In a Windows Explorer window, browse to \\LON-AP1\E$\Labfiles\SystemCenter\SCOM2012, and

then double-click Setup.exe.
3.
In the Operations Manager window, click Local agent.
4.
In the Welcome to the System Center 2012-Operations Manager Agent Setup wizard window, click
Next.
5.
On the Destination Folder page, read the default installation location, and then click Next.
6.
On the Management Group Configuration page, verify that Specify Management Group
information is selected, and then click Next.
7.
On the Management Group Configuration page, enter the following information, and then click
Next:
Management Group Name: Contoso
Management Server: LON-OM1.Contoso.com
Management Server Port: 5723
8.
On the Agent Action Account page, click Local System, and then click Next.
9.
On the Ready to Install page, click Install.
10. Click Finish.
11. Close the System Center Operations Manager 2012 window, and then close the Windows Explorer
window.
12. On LON-OM1, in the Operations console, in the Administration workspace, under Device
Management, click Pending Management.
13. Click LON-Host1.Contoso.com, and then click Approve.
14. In the Manual Agent Install window, read the information, and then click Approve.
Task 7: Verify that monitored computers are healthy

1.
In the Operations console, in the Administration workspace, under Device Management, click
Agent Managed, and then review the list of computers.
2.
Click Agentless Managed, and then review the list of computers.
3.
Click Management Servers, and then review the list of computers.
4.
In the Monitoring workspace, under Monitoring, click Discovered Inventory.
5.
Results: After this exercise, you should have configured monitoring for infrastructure servers.
Exercise 2: Deploying and Configuring Management Packs

Task 1: Install management pack files
1.
On LON-OM1, click Start, and then click Run.
2.
In the Open box, type \\LON-AP1\E$\labfiles\MgmtPacks, and then click OK.
3.
Double-click Windows Server Base OS System Center Operations Manager 2007 MP.msi.
4.
In the Windows Server Base OS System Center Operations Manager 2007 MP Installer window, on
the License Agreement page, click I accept, and then click Next.
5.
On the Select Installation Folder page, click Next.
6.
On the Confirm Installation page, click Install.
7.
On the Installation Complete page, click Close.
8.
Note the location of the management pack files, and then close Windows Explorer.
9.
In the MgmtPacks window, double-click Internet Information Services MP.msi.
10. On the License Agreement page, click I accept, and then click Next.
11. On the Select Installation Folder page, click Next.
12. On the Confirm Installation page, click Install.
14. Note the location of the management pack files, and close Windows Explorer.
15. In the MgmtPacks window, double-click SQLServerMP.msi.
16. On the License Agreement page, click I accept, and then click Next.
17. On the Select Installation Folder page, click Next.
18. On the Confirm Installation page, click Install.
20. Note the location of the management pack files, and close all instances of Windows Explorer.
Task 2: Import management packs

1.
2.
In the Operations console, in the Authoring workspace, on the Authoring Overview page, click
Required: Import management packs.
3.
In the Import Management Packs window, click Add, and then click Add from disk.
4.
In the Online Catalog Connection window, click No to prevent searching the online catalog for
dependencies. The virtual machine does not have access to the Internet to search for the
dependencies.
L7-49
5.
In the Select Management Packs to import window, browse to C:\Program Files (x86)
\System Center Management Packs\Windows Server Base OS System Center Operations
Manager 2007 MP.
6.
Select all files, and then click Open.
7.
In the Select Management Packs window, notice that all management packs have a green check mark
icon except Windows Server Operating System Library.
8.
Click Windows Server Operating System Library, read the status details, and then click Install.
9.
When the import completes, click Close.
10. In the Operations console, in the Authoring workspace, on the Authoring Overview page, click
11. In the Import Management Packs window, click Add, and then click Add from disk.
12. In the Online Catalog Connection window, click No to prevent searching the online catalog for
dependencies.
13. In the Select Management Packs to import window, browse to C:\Program Files (x86)
\System Center Management Packs\Internet Information Services MP.
14. Select all files, and then click Open.
15. In the Select Management Packs window, notice that now all management packs have a green check
mark.
16. Click Install.
17. When the import completes, click Close.
18. In the Operations console, in the Authoring workspace, on the Authoring Overview page, click
19. In the Import Management Packs window, click Add, and then click Add from disk.
20. In the Online Catalog Connection window, click No to prevent searching the online catalog for
dependencies.
21. In the Select Management Packs to import window, browse to C:\Program Files (x86)
\System Center Management Packs\SQLServerMP.
22. Select all files, and then click Open.
23. In the Select Management Packs window, notice that all management packs have a green check
mark.
24. Click Install.
Task 3: Verify management pack functionality
1.
On LON-OM1, in the Operations console, in the Authoring workspace, expand Management Pack
Objects, and then click Object Discoveries.
2.
Scroll down to Discovered Type: Computer (19), and verify that Populate All Windows Server
2008 R2 Full Computer Group exists.
3.
Scroll down and verify that Discovered Type: IIS 7 Server Role (7) exists.
4.
In the Monitoring workspace, expand Microsoft Windows Internet Information Services, and
then click IIS Role State.
5.
Expand Microsoft Windows Server, and then click Windows Server State.
Task 4: Create a management pack for overrides

1.
On LON-OM1, in the Operations console, in the Administration workspace, click Management

Packs.
2.
In the Tasks pane, click Create Management Pack.
3.
In the Create a Management Pack window, on the General Properties page, enter the following
information, and then click Next:
4.
Name: Windows 2008 Overrides
Version: 1.0.0.0
Description: Overrides for computers running Windows Server 2008
On the Knowledge page, click Create.
Task 5: Create an override for the Windows 2008 disk space monitor
1.
On LON-OM1, in the Operations console, in the Authoring workspace, expand Management Pack
Objects, and then click Monitors.
2.
Scroll down and expand Windows Server 2008 Logical Disk, expand Entity Health, expand
Availability, and then double-click Logical Disk Free Space.
3.
In the Logical Disk Free Space Properties window, on the Health tab, read the health states that are
available.
4.
On the System Drive % tab, read the default configuration. When less than 10 percent of the disk
space is available, a warning state generates.
5.
On the System Drive Mbytes tab, read the default configuration. When less than 500 megabytes
(MB) of disk space are available, a warning state generates.
6.
On the Alerting tab, read the default configuration. An alert generates when a warning state is
generated.
7.
On the Overrides tab, click Override, and then click for all objects of class: Windows Server 2008
Logical Disk.
L7-51
8.
In the Override Properties window, select the Override check box for Warning %Threshold for
System Drives, and then in the Override Value column, type 5.
9.
In the Select destination management pack box, select Windows 2008 Overrides, and then click
OK.
10. In the Logical Disk Free Space Properties window, click Close.
11. In the Authoring workspace, right-click Logical Disk Free Space, and then click Overrides
Summary.
12. Verify that the Warning %Threshold for System Drives is now 5, and then click Close.
13. Close the Operations Manager console.
Results: After this exercise, you should have imported management packs and configured an override.

Task 1: Create a notification channel
1.
2.
In the Operations console, in the Administration workspace, under Notifications, click Channels.
3.
In the Tasks pane, click New, and then click Email (SMTP).
4.
In the E-mail Notification Channel window, on the Description page, click Next to accept the default
channel name and description.
5.
On the Settings page, click Add.
6.
In the Add SMTP Server window, enter the following information, and then click OK:
SMTP server (FQDN): smtp.contoso.com
Port number: 25
Authentication method: Anonymous
7.
On the Settings page, in the Return address box, type OMAlerts@contoso.com, and then click
Next.
8.
On the Format page, click Finish to accept the default message format.
9.
After the channel saves, click Close.
Task 2: Create a notification subscriber

1.
In the Operations console, in the Administration workspace, click Subscribers.
2.
In the Tasks pane, click New.
3.
In the Notification Subscriber Wizard, on the Description page, in the Subscriber Name box, type
Administrator, and then click Next.
4.
On the Schedule page, click Always send notifications, and then click Next.
5.
On the Addresses page, click Add to create a new subscriber address.
6.
In the Subscriber Address Wizard, on the General page, in the Address name box, type
Mobile E-mail, and then click Next.
7.
On the Channel page, in the Channel Type box, select E-mail (SMTP).
8.
In the Delivery address for the selected channel box, type administrator@contoso.com, and then
click Next.
9.
On the Schedule page, click Always send notifications, and then click Finish.
10. In the Notification Subscriber Wizard, click Finish.

11. Click Close.
Task 3: Create a notification subscription
L7-53
1.
In the Operations console, in the Administration workspace, under Notifications, click

Subscriptions.
2.
In the Tasks pane, click New.
3.
In the Notification Subscription Wizard, on the Description page, in the Subscription name box,
type Windows Server 2008 notifications, and then click Next.
4.
On the Criteria page, in the Conditions box, select the raised by any instance in a specific group
check box.
5.
In the Criteria description box, click specific.
6.
In the Group Search window, in the Filter by box, type 2008, and then click Search.
7.
Click Windows Server 2008 Computer Group, click Add, and then click OK.
8.
On the Criteria page, click Next.
9.
On the Subscribers page, click Add.
10. In the Subscriber Search window, click Search, click Administrator, click Add, and then click OK.
11. On the Subscribers page, click Next.
12. On the Channels page, click Add.
13. In the Channel Search window, click Search, click SMTP Channel, click Add, and then click OK.
14. On the Channels page, click Delay sending notifications if conditions remain unchanged for
longer than (in minutes), type 10, and then click Next.
16. Click Close.
17. Close the Operations Manager console.
Results: After this exercise, you should have created a notification subscription for alerts from computers
running Windows Server 2008.
Exercise 4: Configuring VMM Integration

Task 1: Install the Operations console on the Virtual Machine Manager server
1.
On LON-VM1, click Start, and then click Run.
2.
In the Open box, type \\LON-AP1\e$\Labfiles\SystemCenter\SCOM2012 and then press Enter.
3.
Double-click Setup.exe.
4.
In the System Center 2012 Operations Manager window, click Install.
5.
On the Select features to install page, select the Operations console check box, and then click
Next.
6.
On the Select installation location page, click Next.
7.
On the Proceed with Setup page, click Next.
8.
On the Help improve System Center 2012 - Operations Manager 2012 page, click No, I am not
willing to participate for both Customer Experience Improvement Program and Error
Reporting, and then click Next.
9.
On the Microsoft Update page, click Off, and then click Next.
10. On the Installation Summary page, click Install.

11. Clear the Start the Operations console when the wizard closes check box, and then click Close.
12. Close all open windows.
Task 2: Enable VMM integration with Operations Manager

1.
On LON-VM1, click Start, point to All Programs, click Microsoft System Center 2012, expand
Virtual Machine Manager, and then click Virtual Machine Manager Console. If the Connect to
Server dialog box opens, select to use the current Microsoft Windows session identity, and then click
Connect.
2.
In the Settings workspace, click System Center Settings, and then double-click Operations
Manager Server.
3.
In the Add Operations Manager window, on the Introduction page, read the requirements for
integration, and then click Next.
4.
On the Connection to Operations Manager page, use the following settings, and then click Next.
5.
Server name: LON-OM1.Contoso.com
Use the VMM server service account
Enable Performance and Resource Optimization (PRO)
Enable maintenance mode integration with Operations Manager
On the Connection to VMM page, enter the following, and then click Next.
User name: Contoso\SCAdmin
Password: Pa$$w0rd
L7-55
6.
7.
In the Jobs window, click New Operations Manager connection, and wait for the job to complete.
This takes approximately five minutes.
8.
Task 3: Verify VMM integration with Operations Manager

1.
2.
In the Monitoring workspace, scroll down and expand Virtual Machine Manager, expand Agents,
and then click Health State.
3.
Under AgentWatcher State, right-click LON-VM1.Contoso.com, point to Open, and then click
Diagram View.
4.
Results: After this exercise, you should have configured integration of Operations Manager and VMM.
Exercise 5: Configuring DPM Integration

Task 1: Import the DPM management packs
1.
2.
In the Administration workspace, click Management Packs.
3.
In the Tasks pane, click Import Management Packs.
4.
5.
In the Online Catalog Connection window, click No.
6.
In the Select Management Packs to import window, browse to \\LON-AP1\E$\Labfiles

\SystemCenter\DPM2012\SCDPM\ManagementPacks\en-US\.
7.
Select both management packs, and then click Open.
8.
In the Import Management Packs window, notice that the System Center 2012 Data Protection
Manager Discovery and Monitoring management pack has a security warning.
9.
Click Install, and then click Yes.

11. Close the Operations console.
Task 2: Install the DPM Central Console
1.
On LON-OM1, click Start, and then click Run.
2.
In the Open box, type \\LON-AP1\E$\Labfiles\SystemCenter\DPM2012\SCDPM, and then press

Enter.
3.
Double-click setup.exe.
4.
In the System Center 2012 - Data Protection Manager window, under Install, click DPM Central
Console.
5.
In the Microsoft Software License Terms window, select the I accept the license terms and
conditions check box, and then click OK.
6.
In the Data Protection Manager Central Console Setup Wizard, on the Welcome page, click Next.
7.
On the Central Console Opt-in page, click Install Central Console server-side and client-side
Components, and then click Next.
8.
On the Prerequisites Check page, when the prerequisite check completes, click Next.
9.
On the Installation Settings page, click Next.
10. On the Microsoft Update Opt-in page, click I do not want to use Microsoft Update, and then
click Install.
11. On the Data Protection Manager message box, click OK. On the Installation page, click Close.
Task 3: Configure DPM integration registry keys for the DPM server
L7-57
1.
On LON-OM1, click Start, type regedit, and then press Enter.
2.
In the Registry Editor, browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft

\Microsoft Operations Manager\3.0\Modules\Global\Powershell.
3.
Right-click PowerShell, point to New, click DWORD (32-bit) Value, type IsolationLevel, and then
press Enter. Note the default value of 0 is preferred.
4.
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services
\HealthService\Parameters.
5.
Double-click Persistence Version Store Maximum, in the Value data box, type 5dc00, and then
click OK.
6.
Right-click Parameters, point to New, click DWORD (32-bit) Value, type State Queue Items, and
then press Enter.
7.
Double-click State Queue Items, in the Value data box, type 1000, and then click OK.
8.
Close the registry editor.
9.
Click Start, point to Administrative Tools, click Services, scroll down and right-click System Center
Management, and then click Restart.
10. Close Services.
Task 4: Install DPM security roles

1.
On LON-OM1, click Start, and then click Computer.
2.
Browse to C:\Program Files\Microsoft DPM\bin.
3.
Double-click DefaultRoleConfigurator.exe.
4.
When prompted to press Return, press Enter.
5.
Close Windows Explorer.
Task 5: Verify installation of the DPM central console

1.
2.
In the Operations console, in the Monitoring workspace, expand System Center 2012 Data
Protection Manager, expand State views, and then click DPM servers. Notice that LON-DM1 is
listed here.
3.
In the Administration workspace, under Security, click User Roles.
4.
Notice that DPM roles display under Profile: Operator.
5.
Results: After this exercise, you should have configured Operations Manager integration with DPM.

L8-59
Module 8: Extending and Customizing Monitoring of the

Private Cloud Infrastructure

Exercise 1: Creating Custom Monitoring

Task 1: Create a management pack for custom monitoring
1.
2.
In the Operations console, in the Administration workspace, click Management Packs.
3.
In the Tasks pane, click Create Management Pack.
4.
In the Create a Management Pack window, in the Name box, type Infrastructure Monitoring, and
then click Next.
5.
On the Knowledge page, click Create.
Task 2: Create a group for VMM servers

1.
On LON-OM1, in the Operations console, in the Authoring workspace, click Groups.
2.
In the Task pane, click Create a New Group.
3.
On the General Properties page, enter the following information, and then click Next:
Name: VMM Servers
Select destination management pack: Infrastructure Monitoring
4.
On the Explicit Members page, click Next.
5.
On the Dynamic Members page, click Create/Edit rules.
6.
In the Create a Group Wizard Query Builder window, select VMM Server, click Add, and then click
OK.
7.
On the Dynamic Members page, read the query formula, and then click Next.
8.
On the Subgroups page, click Next.
9.
On the Excluded Members page, click Create.
Task 3: Monitor the VMM service

1.
On LON-OM1, in the Operations console, in the Authoring workspace, click Management Pack
Templates.
2.
In the Tasks pane, click Add Monitoring Wizard.
Module 8: Extending and Customizing Monitoring of the Private Cloud Infrastructure
3.
In the Add Monitoring Wizard window, on the Select Monitoring Type page, click Windows
Service, and then click Next.
4.
On the General page, enter the following information, and then click Next:
Name: VMM Service
L8-60
5.
On the Service Details page, next to Service name, click the ellipsis button.
6.
In the Select Windows Service window, in the Computer name box, type LON-VM1, and then press
Enter.
7.
In the Select service area, scroll down, click System Center Virtual Machine Manager, and then
click OK.
8.
On the Service Details page, next to Targeted group, click the ellipsis button.
9.
In the Group Search window, click Search, click VMM Servers, and then click OK.
10. On the Service Details page, verify that the Monitor only automatic service check box is selected,
11. On the Set Performance Data Collection Settings page, enter the following information, and then
click Next:
Generate an alert if CPU usage exceeds the specified threshold: selected
CPU Usage: 50
Number of samples: 3
Sampling interval: 5 minutes
Task 4: Monitor the VMM service process

1.
Templates.
2.
3.
In the Add Monitoring Wizard window, on the Select Monitoring Type page, click Process
Monitoring, and then click Next.
4.
Name: VMM Process
5.
On the Process to Monitor page, click Monitor whether and how a process is running (for
processes you want).
6.
In the Process name box, type vmmservice.exe.
7.
On the Process to Monitor page, next to Targeted group click the ellipsis button.
8.
In the Group Search window, click Search, click VMM Servers, and then click OK.
9.
On the Process to Monitor page, click Next.
10. On the Running process page, enter the following information, and then click Next:
L8-61
Generate an alert if the number of processes is below the minimum value or above the
maximum value for longer than the specified duration: selected
Minimum number of processes: 1
Maximum number of processes: 1
Duration: 2 minutes
11. On the Performance Data Collection Settings page, read the available options, and then click Next.
Task 5: Configure monitoring for the SQL TCP port

1.
Templates.
2.
3.
In the Add Monitoring Wizard window, on the Select Monitoring Type page, click TCP Port, and
then click Next.
4.
5.
Name: VMM SQL Server Port
On the Test Port Settings page, enter the following information, and then click Test:
Port: 1433
6.
When the test completes, read the results, and then click Next.
7.
On the Choose Watcher Nodes page, select the LON-OM1.Contoso.com check box.
8.
In the Run this query every box, enter 1 minute, and then click Next.
9.
On the Port Monitoring Settings Summary page, click Create.
Task 6: Configure monitoring for the VMM database

1.
Templates.
2.
3.
In the Add Monitoring Wizard window, on the Select Monitoring Type page, click OLE DB Data
Source, and then click Next.
4.
Name: VMM SQL Database
5.
On the Connection String page, click Build.
6.
In the Build Connection String window, enter the following, and then click OK:
Provider: Microsoft OLE DB Provider for SQL Server
Database: VirtualManagerDB
7.
On the Connection String page, click Test.
8.
When the test completes, click Next.
9.
On the Query Performance page, select the Connection time in milliseconds check box.
10. In the Error Threshold box, type 30000.

11. In the Warning Threshold box, type 500, and then click Next.
12. On the Watcher Nodes page, select the LON-OM1.Contoso.com check box.
13. In the Run this query every box, enter 1 minute, and then click Next.
Task 7: Configure monitoring for the VMM Self-Service Portal
L8-62
1.
Templates.
2.
3.
In the Add Monitoring Wizard window, on the Select Monitoring Type page, click Web Application
Transaction Monitoring, and then click Next.
4.
Name: VMM Self-Service Portal
5.
On the Web Address page, enter the URL http://LON-VM1.Contoso.com, and then click Next.
6.
On the Watcher Node page, select the LON-OM1.Contoso.com check box.
7.
In the Run this query every box, enter 1 minute, and then click Next.
8.
On the Summary page, click Create.
Task 8: Configure monitoring for the AppController .NET Application
L8-63
1.
On LON-OM1, in the Operations console, in the Administration workspace, on the Administration

Overview page, click Required: Import management packs.
2.
3.
In the Online Catalog Connection window, click No to prevent searching the online catalog for
dependencies.
4.
In the Select Management Packs to import window, browse to

\\LON-AP1\E$\Labfiles\SystemCenter\SCOM2012\ManagementPacks.
5.
Select Microsoft.SystemCenter.Apm.Web.IIS7.mp, and then click Open.
6.
In the Select Management Packs window, notice the green check mark icon.
7.
Click Install. When the import completes, click Close.
8.
Templates.
9.
10. In the Add Monitoring Wizard window, on the Select Monitoring Type page, click .NET Application
Performance Monitoring, and then click Next.
11. On the General Properties page, enter the following information, and then click Next:
Name: AppController NET Application
12. On the What to Monitor page, click Add.

13. In the Object Search window, click Search.
14. In the Available items area, scroll down, click AppController, click Add, and then click OK.
15. On the What to Monitor page, click Next.
16. On the Server-Side Configuration page, enter the following, and then click Next:
Turn on performance event alerts
Turn on exception event alerts
Performance event threshold 10000
17. On the Summary page, read the information, and then click Create. Note that Microsoft Internet
Information Services (IIS) may need to be restarted.
18. Close the Operations console.
19. Click Start, type cmd, and then press Enter.
20. In the command prompt window, type iisreset, and then press Enter.
21. Close the command prompt.
Results: After this exercise, you should have created customized monitoring for infrastructure
components.
Exercise 2: Creating a Distributed Application

Task 1: Create a distributed application from a template
L8-64
1.
2.
In the Operations console, in the Authoring workspace, click Distributed Applications.
3.
In the Tasks pane, click Create a New Distributed Application.
4.
In the Distributed Application Designer window, enter the following information, and then click OK:
5.
Name: VMM Self-Service Portal Application
Template: Line of Business Web Application
Management pack: Infrastructure Monitoring
Review the component groups that have been configured by the template.
Task 2: Configure monitoring for the Self-Service Portal website

1.
On LON-OM1, in the Distributed Application Designer, click VMM Self-Service Portal Application
Web Application Web Sites to select it, and then in the toolbar, click Properties.
2.
In the Component Group Properties window, in the Component Group name box, type VMM
Portal Web Site.
3.
In the Objects that can be added to the component group box, select the Object
\Configuration Item\Logical Entity\Perspective check box, and then click OK.
4.
In the Objects pane, click Web Site.
5.
Right-click the Microsoft System Center Virtual Machine Manager Self-Service Portal (x64)
website, point to Add To, and then click VMM Portal Web Site.
6.
In the Objects pane, click Perspective.
7.
Scroll down, right-click VMM Self-Service Portal, point to Add To, and then click VMM Portal Web
Site.
Task 3: Configure monitoring for the Self-Service Portal back end

1.
On LON-OM1, in the Distributed Application Designer, click VMM Self-Service Portal Application
Web Application Databases to select it, and then in the toolbar, click Properties.
2.
In the Component Group Properties window, in the Component Group name box, type VMM
Portal Backend.
3.
In the Objects that can be added to the component group box, select the Object
\Configuration Item\Logical Entity\Perspective check box, and then click OK.
4.
In the Objects pane, click Perspective.
5.
Scroll down, right-click VMM SQL Database, point to Add To, and then click VMM Portal Backend.
6.
Right-click VMM SQL Server Port, point to Add To, and then click VMM Portal Backend.
L8-65
7.
In the Objects pane, click Database.
8.
Scroll down, right-click the first instance of VirtualManagerDB, point to Add To, click VMM Portal
Backend, and then click Save.
9.
Close Distributed Application Designer.
Task 4: View the distributed application

1.
On LON-OM1, in the Operations console, in the Monitoring workspace, click Distributed

Applications.
2.
Notice the state for the VMM Self-Service Portal Application is Healthy. If the state shows Not
monitored, wait a couple of minutes and then refresh the view.
3.
Right-click VMM Self-Service Portal Application, point to Open, and then click Diagram View.
4.
Expand VMM Portal Web Site.
5.
Expand VMM Portal Backend.
6.
Close the diagram view.
7.
Results: After this exercise, you should have created a distributed application for the VMM Self-Service
Portal.

Task 1: Configure service level tracking
L8-66
1.
2.
In the Operations console, in the Authoring workspace, expand Management Pack Objects, and
then click Service Level Tracking.
3.
In the Tasks pane, click Create.
4.
On the General page, in the Name box, type VMM Self-Service Portal Tracking, and then click
Next.
5.
On the Objects to Track page, under Targeted class, click Select.
6.
In the list, click VMM Self-Service Portal Application, and then click OK.
7.
On the Objects to Track page, click Next.
8.
On the Service Level Objectives page, click Add, and then click Monitor state SLO.
9.
In the Service Level Objective (Monitor State) window, enter the following information, and then click
OK:
Service level objective name: VMM Self-Service Portal Availability
Monitor: Availability
Service level objective goal: 99
Specify the states you want to be counted as downtime in this objective: Critical
10. On the Service Level Objectives page, click Next.

12. On the Completion page, click Close.
Task 2: View a service level report

1.
On LON-OM1, in the Operations console, in the Reporting workspace, click Microsoft Service Level
Report Library, and then click Service Level Tracking Summary Report.
2.
In the Tasks pane, click Open.
3.
In the Service Level Tracking Summary Report window, click Add.
4.
In the Add Service Levels window, click Search.
5.
In the Available Items area, click VMM Self-Service Portal Tracking, click Add, and then click OK.
6.
In the Service Level Tracking Summary Report window, enter the following information, and then click
Run:
Data Aggregation: Hourly
From: Today 1:00 AM
To: Today 11:00 PM
7.
When the report generates, under VMM Self-Service Portal Tracking, expand Contoso.
8.
Close the Service Level Tracking Summary Report.
9.
L8-67
Results: After this exercise, you should have created a service level tracking object and viewed a service
level report.
Exercise 4: Creating Views for Private Cloud Infrastructure

Task 1: Create a group for infrastructure servers
1.
2.
In the Operations console, in the Authoring workspace, click New Group.
3.
Name: Infrastructure Servers
4.
On the Explicit Members page, click Next.
5.
On the Dynamic Members page, click Create/Edit rules.
6.
In the Create Group Wizard Query Builder window, select VMM Server, and then click Add.
7.
Select DPM server, click Add, and then click OK.
8.
On the Dynamic Members page, read the query formula, and then click Next.
9.
On the Subgroups page, click Next.
10. On the Excluded Members page, click Create.

11. In the navigation pane, click Groups. In the list of groups, right-click Infrastructure Servers, and
then click View Group Members.
12. In the Managed Objects window, read the servers that are listed, and then close the window.
Task 2: Create an alert view for infrastructure servers

1.
In the Operations console, in the Monitoring workspace, scroll down and click Infrastructure
Monitoring.
2.
Right-click Infrastructure Monitoring, point to New, and then click Alert View.
3.
In the Properties window, in the Name box, type Infrastructure Alerts.
4.
Next to Show data related to, click the button.
5.
In the Select Items to Target window, click View all targets.
6.
In the list of targets, click Infrastructure Servers, and then click OK.
7.
In the Properties window, click OK.
8.
Under Infrastructure Monitoring, click Infrastructure Alerts.
Task 3: Create a dashboard view for infrastructure servers

1.
On LON-OM1, in the Operations console, in the Monitoring workspace, click Infrastructure

Monitoring.
2.
Right-click Infrastructure Monitoring, point to New, and then click Dashboard View.
L8-68
L8-69
3.
In the New Dashboard and Widget Wizard window, on the Template page, in the right column, click
Grid Layout, and then click Next.
4.
On the General Properties page, in the Name box, type Infrastructure Dashboard, and then click
Next.
5.
On the Layout page, in the Select the number of cells in the dashboard list, select 2 cells.
6.
In the Select a Layout Template area, select the layout with two horizontal cells, and then click
Next.
7.
8.
On the Completion page, click Close.
9.
In the Monitoring workspace, with Infrastructure Dashboard selected, in the top cell, click Click to
add widget.
10. In the New Dashboard and Widget Wizard window, in the right pane, click Alert Widget and then
click Next.
11. On the General Properties page, in the Name box, type Infrastructure Alerts, and then click Next.
12. On the Scope page, next to Select a group or object, click the ellipsis button.
13. In the Select a group or object window, scroll down, click Infrastructure Servers, and then click OK.
14. On the Scope page, click Next.
15. On the Criteria page, click Next.
16. On the Specify Display Preferences page, click Next.
19. In the Monitoring workspace, with Infrastructure Dashboard selected, in the bottom cell, click
Click to add widget.
20. In the New Dashboard and Widget Wizard window, in the right pane, click State Widget, and then
click Next.
21. On the General Properties page, in the Name box, type Infrastructure State, and then click Next.
22. On the Scope page, click Add.
23. In the Add Group or Objects window, scroll down, click Infrastructure Servers, click Add, and then
click OK.
24. On the Scope page, click Next.
26. On the Specify Display Preferences page, click Next.
Results: After this exercise, you should have created views specifically for infrastructure servers.
Exercise 5: Configuring SharePoint Integration

Task 1: Install the Operations Manager Web Part
L8-70
1.
On LON-AP1, click Start and then click Run.
2.
In the Open box, type E:\Labfiles\SystemCenter\SCOM2012\Setup\AMD64, and then press Enter.
3.
Right-click the SharePoint folder, and then click Copy.
4.
Browse to drive C.
5.
Right-click Local Disk (C:) , and then click Paste.
6.
Close Windows Explorer.
7.
Click Start, point to All Programs, click Microsoft SharePoint 2010 Products, and then click
SharePoint 2010 Management Shell.
8.
In the Microsoft SharePoint 2010 Management Shell, type CD C:\SharePoint, and then press Enter.
9.
Type the following command, and then press Enter:

.\install-OperationsManager-DashboardViewer.ps1 SolutionPath C:\SharePoint
10. When prompted, press Enter to install for all sites.

11. Close the SharePoint 2010 Management Shell.
Task 2: Configure a web console for the Web Part

1.
On LON-AP1, click Start, point to All Programs, click Microsoft SharePoint 2010 Products, and
then click SharePoint 2010 Central Administration.
2.
In the upper left corner, click Site Actions, and then click View All Site Content.
3.
Under Lists, click Operations Manager Web Console Environments.
4.
Click Add new item.
5.
In the Operations Manager Web Console Environments New Item window, enter the following
information, and then click Save:
6.
Title: LON-OM1
HostUri: http://LON-OM1/OperationsManager/
Close Windows Internet Explorer.
Task 3: Identify the URI for the dashboard

1.
On LON-AP1, click Start, point to All Programs, and then click Internet Explorer.
2.
In Internet Explorer, in the address bar, type http://LON-OM1/OperationsManager, and then press
Enter.
3.
At the Web Console Configuration Required prompt, click Configure. Click Run, and then click
Close. Refresh the Web page.
L8-71
4.
In the Monitoring workspace, expand Infrastructure Monitoring, and then click Infrastructure
Dashboard.
5.
Click the address bar, and copy the URI for the dashboard.
6.
Close Internet Explorer.
Task 4: Add a Web Part to a SharePoint site

1.
2.
In Internet Explorer, in the address bar, type http://LON-AP1, and then press Enter.
3.
In the upper left corner, click Site Actions, and then click New Page.
4.
In the New Page window, in the New page name box, type Infrastructure Dashboard, and then
click Create.
5.
Under Editing Tools, click Insert, and then click Web Part.
6.
In the Categories box, click Microsoft System Center.
7.
In the Web Parts box, click Operations Manager Dashboard Viewer Web Part, and then click Add.
8.
In the upper right corner of the Operations Manager Dashboard Viewer Web Part, click the down
arrow, and then click Edit Web Part.
9.
In the Operations Manager Dashboard Viewer Web Part pane, in the Operations Manager web
console environments box, select LON-OM1.
10. In the Dashboard link box, paste the dashboard URL.

11. In the Title box, type Infrastructure Dashboard.
12. Scroll down, and then click OK. If prompted for credentials, enter Administrator with the password
of Pa$$w0rd.
13. Notice that the dashboard now displays the same data that you saw in the web console.
14. Click the Page tab, and then click the Save & Close button.
Task 5: Create a target application ID for shared credentials

1.
On LON-AP1, click Start, point to All Programs, click Microsoft SharePoint 2010 Products, and
2.
In SharePoint Central Administration, under Application Management, click Manage service

applications.
3.
Click Secure Store Service.
4.
Click Generate New Key.
5.
In the Generate New Key window, in the Pass Phrase and Confirm Pass Phrase boxes, type
Pa$$w0rd, and then click OK.
6.
Click New.
7.
In the Target Application ID box, type Operations Manager.
8.
In the Display Name box, type SCAdmin.
9.
In the Contact E-mail box, type Administrator@Contoso.com.
10. In the Target Application Type box, select Group, and then click Next.
11. On the Add Field page, click Next.
L8-72
12. In the Target Application Administrators box, type Contoso\Administrator, and click the Check
Names button.
13. In the Members box, type All Users (windows), click the Check Names button, and then click OK.
14. Move the mouse pointer over Operations Manager, click the down arrow, and then click Set
Credentials.
15. In the Set Credentials for Secure Store Target Application (Group) window, enter the following
information, and then click OK:
Windows User Name: Contoso\SCAdmin
Windows Password: Pa$$w0rd
Confirm Windows Password: Pa$$w0rd
16. Close Internet Explorer.
Task 6: Configure a Web Part to use the target application ID

1.
On LON-AP1, click Start, and then click Run.
2.
In the Open box, type \\LON-OM1\c$, and then press Enter.
3.
In Windows Explorer, browse to \\LON-OM1\c$\Program Files\System Center 2012

\Operations Manager\WebConsole\WebHost, right-click Web.config, and then click Open.
4.
Click Select a program from a list of installed programs, and then click OK.
5.
In the Open with window, click Notepad, deselect the Always use the selected program to open
this kind of file check box, and then click OK.
6.
In Notepad, click Edit, and then click Find.
7.
In the Find window, in the Find what box, type OverrideTicketEncryptionKey, and then click Find
Next.
8.
Click Cancel.
9.
In Notepad, verify that you can see the key with the name OverrideTicketEncryptionKey, and the
value.
10. Verify that below the OverrideTicketEncryptionKey, you can see the Validation key and the value.
11. On LON-AP1, click Start, point to All Programs, click Microsoft SharePoint 2010 Products, and
12. In the upper left corner, click Site Actions, and then click View All Site Content.
13. Under Lists, click Operations Manager Web Console Environments.
14. Click LON-OM1.

15. In the Operations Manager Web console Environments LON-OM1 window, click Edit Item.
16. In the TargetApplicationID box, type Operations Manager.
L8-73
17. In the EncryptionAlgorithmKey box, copy the Value from the OverrideTicketEncryptionKey key in
Notepad. (Do not include the quotes).
18. In the EncryptionValidationAlgorithmKey box, copy the Value from the Validation key in
Notepad. (Do not include the quotes).
19. Click Save.
Task 7: Test the use of shared credentials to access the dashboard

1.
2.
In Internet Explorer, in the address bar, type http://LON-AP1, and then press Enter.
3.
Under Libraries, click Site Pages.
4.
Click Infrastructure Dashboard. If you are prompted for credentials log on as

Contoso\Administrator with a password of Pa$$w0rd.
5.
After the dashboard displays, close Internet Explorer.
6.
Shut down LON-DM1.

Note If Task 7 is successful then the Exercise is complete. If the message An unexpected
error has occurred displays when viewing the Infrastructure Dashboard in Task 7, then
complete Task 8 to resolve the error.
Task 8: Reinstall the Operations Manager Web Console

1.
On LON-OM1, click Start and click Control Panel.
2.
In Control Panel, under Programs, click Uninstall a program.
3.
In the Programs and Features window, right-click System Center 2012 Operations Manager and
click Uninstall/Change.
4.
In the Operations Manager Setup window, click Remove a feature.
5.
On the Select features to remove page, select the Web console check box and then click Uninstall.
6.
On the Complete page, click Close.
7.
8.
Click Start, click Run, type \\LON-AP1\E$\Labfiles\SystemCenter\SCOM2012 and press Enter.
9.
In Windows Explorer, double-click Setup.exe.
10. In the System Center 2012 Operations Manager window, click Install.
11. In the Operations Manager Setup window, click Add a feature.
12. On the Select features to install page, select the Web console check box and click Next.
13. On the Proceed with Setup page, click Next.
14. On the Specify a web site for use with the Web console page, click Next.
15. On the Select an authentication mode for use with the Web console page, click Next.
16. On the Microsoft Update page, click Off and then click Next.
17. On the Installation Summary page, click Install.
18. On the Setup is complete page, click Close.
20. Repeat Task 6 and Task 7.
Results: After this exercise, you should have configured the Operations Manager web part.
L8-74

L9-75
Module 9: Implementing Service Management for the

Private Cloud
Lab: Implementing Service Management for

the Private Cloud
Exercise 1: Configuring Service Manager Basic Settings

Task 1: Configure service request settings
1.
On LON-SM1, click Start, click All Programs, click Microsoft System Center 2012, expand Service
Manager, and then click Service Manager Console. If the Connect to Service Manager dialog box
opens, click Connect.
2.
then click Settings.
3.
In the results pane, double-click Service Request Settings.
4.
In the Service Request Settings window, in the Service Request ID prefix text box, type SRT.
5.
In the Maximum size (KB) text box, type 1024, and then click OK.
Task 2: Configure incident settings

1.
In the results pane, double-click Incident Settings.
2.
In the Incident Settings window, click the General tab, and then in the Maximum number of
attached files text box, type 5.
3.
In the Maximum size (KB) text box, type 3072.
4.
In the Default support group drop-down list box, select Tier 2.
5.
In the navigation pane, click the Parent Incident tab, and then select the Automatically resolve
child incidents when parent incident is resolved option.
6.
In the navigation pane, click the Priority Calculation tab, and then configure the values in the matrix
consistent with the following table.
Impact: Low
Impact: Medium
Impact: High
Urgency: Low
Urgency: Medium
Urgency: High
7.
In the navigation pane, click the Resolution Time tab.
8.
In the Priority 1 row, for Target Resolution, select 30 minutes.
9.
In Priority 2 row, for Target Resolution, select 60 minutes, and then click OK.
Task 3: Configure problem settings
L9-76 Module 9: Implementing Service Management for the Private Cloud
1.
In the results pane, double-click Problem Settings.
2.
In the Problem Settings window, click the General tab, and then in the Maximum number of
attached files text box, type 5.
3.
For Priority, configure the values in the matrix consistent with the following table, and then click OK.
Impact: Low
Impact: Medium
Impact: High
Urgency: Low
Urgency: Medium
Urgency: High
Task 4: Configure data retention settings

1.
In the results pane, double-click Data Retention Settings.
2.
In the Incident retention time text box, type 120.
3.
In the Change request retention time text box, type 240.
4.
In the navigation pane, click History.
5.
In the History retention time text box, type 720, and then click OK.
Task 5: Create a new user role for incidents

1.
In the Administration workspace, in the navigation pane, expand Security, and then click User
Roles.
2.
In the Tasks pane, click Create User Role, and then select Incident Resolver.
3.
In the Create User Role Wizard, on the Before You Begin page, click Next.
4.
On the General page, in Name text box, type Contoso Incident Resolvers, and then click Next.
5.
On the Management Packs page, select the following management packs, and then click Next.
Service Manager Incident Management Configuration Library
Service Manager Incident Management Library
6.
On the Queues page, click Next.
7.
On the Configuration item Groups page, click Next.
8.
On the Catalog item Group page, click Next.
9.
L9-77
On the Tasks page, select Provide access to only the selected tasks, select the following tasks, and
then click Next:
Properties
Link or Unlink to Parent
Resolve
Change Incident Status
Assign to Me
Escalate or Transfer
Create Related Incident
Request User Input
Activate
Unlink
Create Incident
Assign to Analyst
Apply Template
Close
10. On the Views page, click Next.

11. On the Form Templates page, click Next.
12. On the Users page, click Add.
13. In the Select Users or Groups window, type IT, click Check Names, and then click OK.
14. Verify that Contoso\IT displays in the Selected users text box, and then click Next.
Task 6: Connect to the Service Manager data warehouse management server

1.
In the navigation pane, in the Administration workspace, click Administration.
2.
In the results pane, under Register with Service Managers Data Warehouse, click Register with
Service Manager Data Warehouse.
3.
In the Data Warehouse Registration Wizard, on the Before You Begin page, click Next.
4.
On the Data Warehouse page, in the Server name text box, type LON-SQ1.contoso.com, and then
click Test Connection. Verify that you receive a message that confirms a successful connection, and
then click Next.
5.
On the Credentials page, click New.
6.
In the Run As Account window, fill in the text boxes as follows, and then click OK:
Password: Pa$$w0rd
Domain: Contoso
7.
Click Next.
8.
9.
Results: After this exercise, you should have configured Service Manager basic settings.
Exercise 2: Configuring Service Manager Connectors

Task 1: Create an Active Directory connector, and create a group
L9-79
1.
2.
Right-click Connectors, select Create connector, and then click Active Directory connector.
3.
In the Active Directory Connector Wizard, on the Before You Begin page, click Next.
4.
On the General page, in the Name text box, type Contoso AD, and then click Next.
5.
On the Domain or organizational unit page, click Use the domain: Contoso.com, and then in the
Credentials section, click New.
6.
In the Run As Account window, fill in the text boxes as follows, and then click OK:
Password: Pa$$w0rd
Domain: Contoso
7.
Click Test Connection. Verify that that connection was successful.
8.
Click OK, and then click Next.
9.
On the Select objects page, click All computers, printers, users and user groups, select
Automatically add users of AD Groups imported by this connector, and then click Next.

11. Click OK at the message prompt, and then on the Completion page, click Close.
12. In the results pane, click Contoso AD, in the Tasks pane, click Synchronize Now, and then click OK.
13. Review the Status column, and wait for a status of Finished Success to display. In the Tasks pane,
click Refresh to view the refreshed status. It might take 4 to 5 minutes for the task to complete.
14. In the Service Manager console, click the Configuration Items workspace.
15. In the navigation pane, click Users, and verify that all of the Active Directory users and groups were
imported.
16. Click the Library workspace, and then in the navigation pane, click Groups.
17. In the Tasks pane, click Create Group.
18. In the Create Configuration items Group Wizard, on the Create Group Wizard page, click Next.
19. On the General page, in the Group name text box, type Contoso Computers, and then click Next.
20. On the Included Members page, click Add.
21. In the Select object window, in the Type to filter text box, type Contoso, and then press Enter.
22. In the Available objects list, select Contoso\Domain Computers, and then click Add.
23. Click Contoso\Domain Controllers, and then click Add.

24. Click OK, and then click Next.
25. On the Dynamic Members page, click Next.
26. On the Subgroups page, click Next.
27. On the Excluded Members page, click Next.
Task 2: Create an Operations Manager Alert connector
1.
2.
Right-click Connectors, select Create connector, and then click Operations Manager Alert
connector.
3.
In the Operations Manager Alert Connector Wizard, on the Before You Begin page, click Next.
4.
On the General page, in Name text box, type Contoso SCOM, and then click Next.
5.
On the Server Details page, type LON-OM1.contoso.com. In the Credentials section, in the Run As
account drop-down list box, select Administrator account, and then click Test Connection.
6.
In the Credentials window, in the Password text box, type Pa$$w0rd, and then click OK.
7.
Verify that connection is successful.
8.
9.
On the Alert Routing Rules page, click Add.
10. In the Add Alert Routing Rule window, in Rule Name text box, type Contoso Computers Alert.
11. In the Template drop-down list box, select Operations Manager Incident Template.
12. In the Select Criteria Type section, select Computer for which the alert was raised, and then in the
Computer is a member of group drop-down list box, select Contoso Computers.
13. Select the Priority check box, and in the Priority drop-down list box, select Medium, and then click
OK.
14. In the Add Alert Routing Rules window, in the template drop-down list box, select Default Incident
Template, and then click Next.
15. On the Schedule page, click Close alerts in Operations Manager when incidents are resolved or
closed, and then click Next.
Task 3: Create an Operations Manager Configuration item connector
L9-81
1.
In the Service Manager console, click Connectors.
2.
Right-click Connectors, select Create connector, and then click Operations Manager CI connector.
3.
In the Operations Manager CI Connector Wizard, on the Before You Begin page, click Next.
4.
On the General page, in Name text box, type Contoso SCOM CI, and then click Next.
5.
On the Server Details page, type LON-OM1.contoso.com. In the Credentials section, in the Run As
account drop-down list box, choose Administrator account, and then click Test Connection.
6.
7.
Verify that the connection is successful.
8.
9.
On the Management Packs page, click Select all, and then click Next.
10. On the Schedule page, in the second drop-down list box, select 7:00 PM, and then click Next.
Task 4: Create a Orchestrator connector

1.
In the Service Manager console, click Connectors.
2.
Right-click Connectors, select Create connector, and then click Orchestrator connector.
3.
In the Orchestrator Connector Wizard, on the Before You Begin page, click Next.
4.
On the General page, in the Name text box, type Contoso Orchestrator, and then click Next.
5.
On the Connection page, in the Orchestrator Web Service URL text box, type
http://lon-or1:81/Orchestrator2012/Orchestrator.svc. In the Run As account drop-down list,
select Administrator account, and then click Test Connection.
6.
7.
Verify that the connection is successful.
8.
9.
On the Folder page, click Next.
10. On the Web Console URL page, type http://lon-or1:82, and then click Next.
Task 5: Create a VMM connector

1.
In the Service Manager console, click on the Administration workspace, expand Administration,
and then click Connectors.
2.
Right-click Connectors, select Create connector, and then click Virtual Machine Manager
connector.
3.
In the Virtual Machine Manager Connector Wizard, on the Before You Begin page, click Next.
4.
On the General page, in Name text box, type Contoso VMM, and then click Next.
5.
On the Connection page, in the Server Name text box, type LON-VM1.contoso.com.
6.
In the Credentials section, in the Run As account drop-down list, select Administrator account,
and then click Test Connection. If prompted for a password, type Pa$$w0rd, and then click OK.
7.
Verify that the connection was successful, and then click Next.
8.
9.
10. In the results pane, click Contoso VMM, in the Tasks pane, click Synchronize Now, and then click
OK.
11. Review the Status column and wait for a status of Finished Success to display. In the Tasks pane,
click Refresh to view the refreshed status. It might take 4 to 5 minutes for the task to complete.
12. In the Service Manager console, click the Configuration Items workspace.
13. In the Tasks pane, click Create Folder.
14. In the Create New Folder window, in the Folder name text box, type VMM Objects.
15. In the Management pack section, select Service Catalog Generic Incident Request, and then click
OK.
16. In the navigation pane, click the VMM Objects folder that you just created.
17. In the Tasks pane, click Create View.
18. In the Create View window, configure the following:
On the General page, in the Name area, type VMM Templates.
In the Management pack area, select Service Catalog Generic Incident Request.
19. In the navigation pane, click Criteria.

20. In the Advanced Search area, click Browse.
21. In the Frequently used basic classes drop-down list box, select All basic classes.
22. In the Type to filter text box, type virtual machine template, click Virtual Machine Template, and
then click OK two times.
23. In the Configuration Items results pane, click the VMM Templates view that you created.
24. In the VMM Templates pane, you will see the VMM Templates that have been created.
Results: After this exercise, you should have configured Service Manager connectors.
Exercise 3: Configuring the Self-Service Portal

Task: Verify the Self-Service Portal functionality
L9-83
1.
On LON-DC1, open Windows Internet Explorer, and then type http://lon-ap1:8080/SMPortal.

Press Enter.
2.
Wait for 40 to 50 seconds for the SMPortal site to open.
3.
On the Home page, scroll down, and then click Create a request.
4.
On the Service Request page, beside Generic Incident Request (EN), click Go to request.
5.
Fill in the Generic Incident Request form as follows:
Issue title: Test Incident
Symptoms: Mouse does not work
Category of the issue: Hardware Problems
How urgent is issue: Medium
Alternate contact: administrator@contoso.com
6.
Scroll down, click Next, and then click Submit.
7.
Verify that you receive a message that says that your request was submitted.
8.
Leave the Self-Service Portal open.
9.
On LON-SM1, open the Service Manager console, click the Work Items workspace, expand Incident
Management, and then click All Incidents.
10. Verify that Test Incident appears in the results pane. Double-click the IR2 test incident.
11. In the Incident window, click the Resolution tab, in the time worked value box, select 1 hour, and
then click Add.
12. In the Tasks pane, click Change Incident Status, and then click Resolve.
13. In the Resolve window, in the Resolution Category drop-down box, select Fixed by analyst, in the
Comments text box, type fixed by installing new driver, and then click OK twice.
14. On LON-DC1, in the Self-Service Portal, in the navigation pane, click My Requests.
15. In the central pane, click Test Incident.
16. In the right pane, review the incident details, and verify that the status displays as Resolved.
17. Close the SMPortal.
Results: After this exercise, you should have configured the Service Manager Self-Service Portal.

Task 1: Configure notification channels
1.
Administration, and then expand Notifications.
2.
Click Channels, and then in the results pane, double-click E-mail Notification channel.
3.
In the Configure E-mail Notification Channel window, select the Enable e-mail notifications
checkbox, and then click Add.
4.
In the Add SMTP Server window, in the SMTP server (FQDN) text box, type
lon-mail.contoso.com.
5.
Leave Port number and Authentication method values unchanged, and then click OK.
6.
In the Return e-mail address text box, type scservice@contoso.com, and then click OK.
Task 2: Create an email notification template
1.
In the Administration workspace, under Notifications, click Templates.
2.
In the Tasks pane, click Create E-mail Template.
3.
In the Create E-Mail Notification Template Wizard, on the General page, in the Notification
template name text box, type Incident Notification e-mail, and then click Browse.
4.
In the Select a Class window, select Incident, click OK, and then click Next.
5.
On the Template Design page, in the Message subject text box, type Incident has been created.
6.
Click in Message body text box, type The incident has been created in Service Manager, press
Enter, and then click Insert.
7.
In the left pane, select Affected User, in the Select Property window, in the right pane, click User
Name, click Add, and then click Next.
8.
9.
On Completion page, click Close.
Task 3: Configure notification subscriptions

1.
In the Administration workspace, under Notifications, click Subscriptions.
2.
In the Tasks pane, click Create Subscription.
3.
In the Create E-Mail Notification Subscription Wizard, on the Before You Begin page, click Next.
4.
On the General page, in Notification subscription name text box, type Incident Subscription, and
then click Browse.
5.
In the Select a Class window, select Incident, and then click OK.
6.
Verify that in the When to notify drop-down box When an object of the selected class is created,
is selected, and then click Next.
L9-85
7.
On the Additional Criteria page, in Available properties section, select Priority, and then click
Add.
8.
Under Criteria, click on the less-than arrow, select is less than or equal to, type 4, and then click
Next.
9.
On the Template page, click Select.
10. In the Select E-Mail Notification Template window, select Incident Notification e-mail, click OK, and
then click Next.
11. On the Recipient page, click Add.
12. In the Select objects dialog box, select Contoso\Administrator, click Add, click OK, and then click
Next.
13. On the Related Recipients page, click Add, select Affected User, click Add, and then click Next.
15. On Completion page, click Close.
17. To prepare for the next lab, shut down 10751A-LON-VM1.
Results: After this exercise, you should have configured Service Manager notifications.
L10-87
Lab: Protecting the Private Cloud

Infrastructure
Exercise 1: Configuring the Storage Pool

Task 1: Configure a new disk for DPM
1.
Log on to LON-DM1 as Contoso\Administrator with the password Pa$$w0rd.
2.
On the Windows taskbar, click Server Manager.
3.
In Server Manager, in the navigation pane, expand Storage, and then click Disk Management.
4.
If not automatically prompted with the Initialize Disk window, in the details pane, right-click Disk 1,
and then click Initialize Disk.
5.
In the Initialize Disk window, ensure that the Disk 1 check box is selected, and then click OK.
6.
In the details pane, right-click Disk 1, and then click Convert to Dynamic Disk.
7.
In the Convert to Dynamic Disk window, ensure that the Disk 1 check box is selected, and then click
OK.
8.
Close Server Manager.
Task 2: Add the disk to the storage pool

1.
On the desktop, double-click Microsoft System Center 2012 Data Protection Manager.
2.
In the DPM Administrator Console, click the Management workspace, in the navigation pane, click
Disks, on the ribbon, click Rescan, and then click Add.
3.
In the Add Disks to Storage Pool window, in the Available disks list, click Disk 1, click Add, and then
click OK.
4.
Verify that Disk 1 appears in the details pane under DPM Storage Pool Disks.
Results: After this exercise, you should have added a disk to the DPM storage pool.
Exercise 2: Deploying DPM Protection Agents

Task 1: Automatically deploy a DPM protection agent on LON-SQ1
1.
2.
In the navigation pane, click Agents, and then on the ribbon, click Install.
3.
In the Protection Agent Installation Wizard, on the Select agent deployment method page, leave
Install agents selected, and then click Next.
4.
On the Select computers page, click LON-SQ1, click Add, in the message box click Yes, and then
click Next.
5.
On the Enter credentials page, fill in the following information, and then click Next:
Password: Pa$$w0rd
Domain: Contoso.com
6.
On the Choose restart method page, select No. I will restart the selected computers later, and
then click Next.
7.
On the Summary page, click Install.
8.
After the installation results display Success, click Close.
Task 2: Manually deploy and configure a protection agent on LON-AP2

1.
Log on to LON-AP2 as LON-AP2\Administrator with the password Pa$$w0rd.
2.
Click Start, and then click Run.
3.
In the Open text box, type C:\DPM2012\Agents\amd64\DPMAgentInstaller_x64.exe, and then

click OK.
4.
After command prompt window displays and reports that the Agent installation completed
successfully, press Enter.
5.
6.
In the Open text box, type cmd, and then click OK.
7.
At the command prompt, type the following, and then press Enter:
cd \Program Files\Microsoft Data Protection Manager\DPM\Bin
8.
At the command prompt, type the following, and then press Enter:
SetDpmServer.exe -dpmServerName LON-DM1 -isNonDomainServer -userName DpmAgentAcct
9.
L10-88
At the Enter the password for DpmAgentAcct to connect to LON-DM1 prompt, type Pa$$w0rd,
and then press Enter.
10. At the Retype the password to confirm prompt, type Pa$$w0rd, and then press Enter.
11. When the Configuration completed successfully!!! message displays, log off of LON-AP2.
Task 3: Attach LON-AP2 to the DPM server
L10-89
1.
2.
In the navigation pane, click Agents, and then on the ribbon, click Install.
3.
In the Protection Agent Installation Wizard, on the Select agent deployment method page, select
Attach agents, select Computer in a workgroup or untrusted domain, and then click Next.
4.
On the Select computers page, fill in the following information:
Computer name: LON-AP2
Username: DpmAgentAcct
Password: Pa$$w0rd
5.
Click Add, and then click Next.
6.
On the Summary page, click Attach.
7.
After the installation completes, click Close.
Results: After this exercise, you should have automatically deployed a DPM protection agent to a
domain-joined computer, and then manually installed and configured the DPM protection agent on a
workgroup computer.
Exercise 3: Creating and Configuring Protection Groups

Task 1: Create a Hyper-V protection group
L10-90
1.
On LON-DM1, in the DPM Administrator Console, click the Protection workspace.
2.
On the ribbon, click New.
3.
In the Create New Protection Group Wizard, on the Welcome page, click Next.
4.
On the Select protection group type page, leave Servers selected, and then click Next.
5.
On the Select group members page, in the Available members pane, expand Contoso.com, expand
LON-HOST2, expand HyperV, select the Backup using Child Partition Snapshot
\10751A-LON-AP1 check box, and then click Next. If a datasource enumeration dialog box opens,
click Close.
6.
On the Select data protection method page, in the Protection group name field, type
HyperV LON-HOST2 Protection Group, and then click Next.
7.
On the Select short-term goals page, leave the default Retention range of 5 days, and then click
Next.
8.
On the Review disk allocation page, accept the default settings, and then click Next.
9.
On the Choose replica creation method page, accept the default settings, and then click Next.
10. On the Choose consistency check options page, accept the default settings, and then click Next.
11. On the Summary page, review the settings, and then click Create Group.
12. When the group has been created successfully, click Close.
Task 2: Create a SQL Server protection group

1.
2.
On the ribbon, click New.
3.
In the Create New Protection Group Wizard, on the Welcome page, click Next.
4.
On the Select protection group type page, leave Servers selected, and then click Next.
5.
On the Select group members page, in the Available members pane, expand Contoso.com, expand
LON-SQ1, expand All SQL Servers, expand LON-SQ1, select the AppController check box, and then
click Next.
6.
On the Select data protection method page, in the Protection group name text box, type App
Controller Database Protection Group, and then click Next.
7.
On the Select short-term goals page, leave the default Retention range of 5 days, and then click
Next.
8.
On the Review disk allocation page, accept the default settings, and then click Next.
9.
L10-91
On the Choose replica creation method page, accept the default settings, and then click Next.
10. On the Choose consistency check options page, accept the default settings, and then click Next.
11. On the Summary page, review the settings, and then click Create Group.
12. When the group has been created successfully, click Close.
Results: After this exercise, you should have created a Hyper-V protection group and a SQL Server
protection group.
Exercise 4: Configuring SQL Server Self-Service Recovery

Task 1: Configure the SQL Administrator recovery role
L10-92
1.
2.
On the ribbon, click Self service recovery.
3.
In the DPM Self Service Recovery Configuration Tool for SQL Server window, click Create Role.
4.
On the Getting started page, click Next.
5.
On the Specify security groups page, in the Role Name text box, type SQL Admins, in the
Description text box, type SQL Self Service Recovery Role, and then click Add.
6.
In the <domain\group> text box, type Contoso\SQLAdmins, and then click Next.
7.
On the Specify recovery items page, click Add.
8.
In the Specify SQL Server Instance text box, type LON-SQ1, in the Database name text box, type
AppController, and then click Next.
9.
On the Specify recovery targets page, accept the default settings, and then click Next.
10. Click Finish, and then click OK.

11. In the DPM Self Service Recovery Configuration Tool for SQL Server window, click Close.
Task 2: Install the DPM Self Service Recovery Tool on LON-SQ1

1.
Log on to LON-SQ1 as Contoso\Administrator with the password Pa$$w0rd.
2.
3.
In the Open text box, type C:\DPM2012\DpmSqlEUR_x64.msi, and then click OK.
4.
In the DPM Self Service Recovery Tool Setup dialog box, click Install.
5.
When setup completes, click Finish.
6.
Log off of LON-SQ1.
Results: After this exercise, you should have configured SQL Server self-service recovery and installed the
DPM Self Service Recovery Tool.
Exercise 5: Restoring Data from a SQL Server Protection Group

Task: Recover data from LON-SQ1
L10-93
1.
On LON-DM1, open the DPM Administrator Console, and then click the Recovery workspace.
2.
In the navigation pane, expand Recoverable data, expand Contoso.com, expand LON-SQ1, expand
All Protected SQL Instances, expand LON-SQ1, and then click AppController.
3.
In the ribbon, click Recover.
4.
In the Recovery Wizard, on the Review recovery selection page, click Next.
5.
On the Select recovery type page, click Recover to original instance of SQL Server (Overwrite
database), and then click Next.
6.
On the Specify recovery options page, click Next.
7.
On the Summary page, click Recover.
8.
When the recovery completes, click Close.
to its original location.
Exercise 6: Performing Self-Service Recovery to Recover SQL Server Data

Task: Use self-service recovery to recover data from LON-SQ1
L10-94
1.
Log on to LON-SQ1 as Contoso\SQLUser with the password Pa$$w0rd.
2.
On LON-SQ1, on the desktop, double-click DPM Self Service Recovery Tool.
3.
In the DPM Self Service Recovery Tool, click Connect to Server.
4.
In the Connect to DPM Server dialog box, in the DPM Server Name text box, type
LON-DM1.contoso.com, and then click Connect.
5.
Click New Recovery Job.
6.
In the Recovery Wizard, on the Welcome page, click Next.
7.
On the Specify database details page, in the SQL Server Instance Name drop-down list box, select
LON-SQ1, in the Database Name drop-down list box, select AppController, and then click Next.
8.
On the Specify Recovery Point page, leave the default recovery point selected, and then click Next.
9.
On the Select recovery type page, leave the default selection, and then click Next.
10. On the Specify destination page, in the Destination server (FQDN) text box, type
LON-SQ1.contoso.com, in the Destination Folder text box, type
C:\DatabaseRecovery\AppController, and then click Next.
11. On the Specify recovery options page, select Apply security settings of destination computer,
12. On the Summary page, click Recover, and then click OK.
13. When the restore completes, click Close, and then log off of LON-SQ1.
14. Shut down LON-AP2.
to a folder on your computer so that you can copy it to your development server.
L11-95

Note Before starting this lab, you must have completed the lab in Modules 2 and 5.
Exercise 1: Creating a Runbook Server and Configuring Integration Packs

Task 1: Configure Windows Firewall on LON-AP1
1.
Log on to LON-AP1 as Contoso\Administrator with the password Pa$$w0rd.
2.
Click Start, point to Administrative Tools, and then click Windows Firewall with Advanced
Security.
3.
In the Navigation pane, click Inbound Rules.
4.
In the Actions pane, click New Rule. The New Inbound Rule Wizard starts.
5.
On the Rule Type page, leave Program selected, and click Next.
6.
On the Program page, in the This program path field, type

%SystemRoot%\SysWOW64\OrchestratorRemotingService.exe, and then click Next.
7.
On the Action page, leave Allow the connection selected, and then click Next.
8.
On the Profile page, clear the check box next to both Private and Public, and then click Next.
9.
On the Name page, in the Name field, type Orchestrator Remoting Service, and then click Finish.
10. Close Windows Firewall with Advanced Security.
Task 2: Deploy a runbook server on LON-AP1

1.
Log on to LON-OR1 as Contoso\Administrator with the password Pa$$w0rd.
2.
On LON-OR1, click Start, point to All Programs, click Microsoft System Center 2012, expand
Orchestrator, and then click Deployment Manager.
3.
In the left pane, expand the Runbook Servers node.
4.
Right-click Runbook Servers, and then click Deploy new Runbook Server. The Runbook Server
Deployment Wizard starts.
5.
On the Welcome page, click Next.
6.
On the Service Information page, enter the following information, and then Click Next:
Computer: LON-AP1
Account Information User name: Contoso\Administrator
Account Information- Password: Pa$$w0rd
7.
On the Integration Pack or Hotfix Deployment page, click Next.
8.
On the Completing the Runbook Server Deployment Wizard page, click Finish.
9.
Wait for deployment to complete.
Task 3: Register System Center 2012 integration packs
L11-96
1.
On LON-OR1, in the left pane, expand Orchestrator Management Server, right-click Integration
Packs, and then click Register IP with the Orchestrator Management Server. The Integration Pack
Registration Wizard starts.
2.
On the Welcome to the Integration Pack Registration Wizard page, click Next.
3.
On the Select Integration Packs or Hotfixes page, click the Add button. In the Open navigation
pane, click Computer, double-click Local Disk (C:), double-click OR2012, double-click
IntegrationPacks, in the details pane, click
SC2012_data_protection_manager_integration_pack.oip, and then click Open.
4.
Click the Add button.
5.
In the Open navigation pane, click Computer, double-click Local Disk (C:), double-click
OR2012, double-click IntegrationPacks in the details pane, click
SC2012_Operations_Manager_Integration_Pack.oip, and then click Open.
6.
Click the Add button.
7.
In the Open navigation pane, click Computer, double-click Local Disk (C:), double-click
OR2012, double-click IntegrationPacks, in the details pane, click
SC2012_virtual_machine_manager_integration_pack.oip, and then click Open.
8.
After adding all three integration packs, click Next.
9.
On the Completing the Integration Pack Wizard page, click Finish.
10. In each License Agreement dialog box, click Accept.

11. Wait for each integration pack to finish registering.
Task 4: Deploy System Center 2012 integration packs to LON-OR1 and LON-AP1
1.
On LON-OR1, in the Management server pane, expand Orchestrator Management Server, rightclick Integration Packs, and then click Deploy IP to Runbook Server or Runbook Designer. The
Integration Pack Deployment Wizard starts.
2.
On the Welcome to the Integration Pack Registration Wizard page, click Next.
3.
On the Deploy Integration Packs or Hotfixes page, select the check box next to the following, and
then click Next:
System Center Integration pack for System Center 2012 Data Protection Manager
System Center Integration pack for System Center 2012 Virtual Machine Manager
System Center Integration pack for System Center 2012 Operations Manager
L11-97
4.
On the Computer Selection Details page, in the Computer field, type LON-OR1, and then click
Add.
5.
To add the second Runbook server, in the Computer field, type LON-AP1, click Add, and then click
Next.
6.
Leave the default settings on the Installation Configuration page, and click Next.
7.
On the Completing the Integration Pack Deployment Wizard page, click Finish.
8.
Wait for each integration pack to deploy.
9.
Close the Microsoft System Center 2012 - Orchestrator Deployment Manager.
Virtual Machine Manager
1.
Orchestrator, and then click Runbook Designer.
2.
Click the Options menu, and then click SC 2012 Virtual Machine Manager.
3.
On the Prerequisite Configuration page, click Add.
4.
In the Add Configuration dialog box, in the Name field, type LON-VM1, and then next to the Type
field, click the ellipsis.
5.
In the Item Selection box, click System Center Virtual Machine Manager, and then click OK.
6.
On the Add Configuration dialog box, type the following information:
VMM Administrator Console: LON-VM1
VMM Server: LON-VM1
User: Administrator
Domain: CONTOSO
Password: Pa$$w0rd
Leave the remaining fields with the default settings, and then click OK.
7.
On the Prerequisite Configuration page, click Finish.
Task 6: Configure the System Center Integration Pack for System Center 2012 Data
Protection Manager
1.
In Runbook Designer, in the Options menu, click SC 2012 Data Protection Manager.
2.
On the Prerequisite Configuration page, click Add.
3.
In the Add Configuration dialog box, in the Name field, type LON-DM1, and then next to the Type
field, click the ellipsis.
4.
In the Item Selection box, click PowerShell Remoting, and then click OK.
5.
In the Add Configuration dialog box, type the following information:
DPM Administrator Console: LON-DM1
DPM Server: LON-DM1
User: Administrator
Domain: CONTOSO
Password: Pa$$w0rd
Leave the remaining fields with the default settings, and then click OK.
6.
On the Prerequisite Configuration page, click Finish.
Operations Manager
L11-98
1.
In Runbook Designer, in the Options menu, click SC 2012 Operations Manager.
2.
On the Microsoft System Center Operations Manager Connections page, click Add.
3.
In the MS System Center Operations Manager Connection Settings dialog box, type the following
information:
Name: LON-OM1
Domain: CONTOSO
Password: Pa$$w0rd
4.
Click OK to close the connection settings.
5.
On the Microsoft System Center Operations Manager Connections page, click Finish.
Results: After this exercise, you should have deployed a runbook server, and registered, deployed, and
configured the System Center 2012 integration packs.
L11-99
Exercise 2: Configuring a Template to Deploy Agents on a New Virtual

Machine
Task: Modify the virtual machine template
1.
Log on to LON-VM1 as Contoso\Administrator with the password Pa$$w0rd.
2.
On LON-VM1, click Start, point to All Programs, click Microsoft System Center 2012, expand
Virtual Machine Manager, and then click Virtual Machine Manager Console. If necessary, select
Use current Microsoft Windows session identity, and then click Connect.
3.
In the Virtual Machine Manager console, click the Library workspace.
4.
In the navigation pane, click VM Templates, in the Details pane, right-click StockTrader Web
Application Server, and then click Properties.
5.
In the Properties dialog box, click the OS Configuration tab, and then click [GUIRunOnce]
Commands.
6.
In the Details pane, in the Command to add field type:

C:\DPM2012\Agents\amd64\DPMAgentInstaller_x64.exe /q LON-DM1, and then click Add.
7.
Click OK to close the Properties dialog box.
Results: After this exercise, you should have modified the StockTrader Web Application Server virtual
machine template so that it will install the DPM protection agent automatically after it has deployed.
Exercise 3: Creating a Runbook to Protect All Resources on a Virtual

Machine
Task 1: Create variables for DPMServer, DPMUser, and DPMPassword
L11-100
1.
2.
In the Connections pane, expand LON-OR1, expand Global Settings, right-click Variables, point to
New, and then click Folder.
3.
Type AutomateDeploy, and then press Enter.
4.
In the Connections pane, expand LON-OR1, expand Global Settings, expand Variables, right-click
AutomateDeploy, point to New, and then click Folder.
5.
Type 1. ProtectVM, and then press Enter.
6.
In the Connections pane, expand LON-OR1, expand Global Settings, expand Variables, expand
AutomateDeploy, right-click 1. ProtectVM, point to New, and then click Variable.
7.
In the General Information dialog box, type the following information:
Name: DPMServer
Value: LON-DM1
8.
Click Finish.
9.
In the Connections pane, expand LON-OR1, expand Global Settings, expand Variables, expand
10. In the General Information dialog box, type the following information:
Name: DPMUser
Value: Administrator
11. Click Finish.

12. In the Connections pane, expand LON-OR1, expand Global Settings, expand Variables, expand
13. In the General Information dialog box, type the following information:
Name: DPMPassword
Value: Pa$$w0rd
Select the Encrypted Variable check box.
14. Click Finish.
Task 2: Create a new runbook named ProtectVM

1.
2.
In the Connections pane, expand LON-OR1, right-click Runbooks, point to New, and then click
Folder.
L11-101
3.
Type AutomateDeploy, and then click Enter.
4.
In the Connections pane, expand LON-OR1, expand Runbooks, right-click AutomateDeploy, point
to New, and then click Folder.
5.
Type 1. ProtectVM, and then click Enter.
6.
In the Connections pane, expand LON-OR1, expand Runbooks, expand AutomateDeploy, rightclick on 1. ProtectVM, point to New, and then click Runbook.
7.
On the toolbar, click Check Out.
8.
Right-click the New Runbook tab, click Rename, type ProtectVM, and then press Enter.
9.
In the Activities pane, click the Runbook Control workspace, and then drag Initialize Data onto the
Runbook Designer workspace.
10. Right-click Initialize Data, and then click Properties.

11. In the Details Information dialog box, click the Details tab, and then click Add.
12. Click Parameter 1. The Data dialog box opens.
13. In the Activity data field, type VMName, and then click OK.
14. Click Finish to close the Details Information dialog box.
15. In the Activities pane, click the SC 2012 Data Protection Manager workspace, and then drag Run
DPM PowerShell Script onto the Runbook Designer workspace.
16. Click the arrow to the right of Initialize Data, and drag the smart link to Run DPM PowerShell
Script.
17. Right-click Run DPM PowerShell Script, and then click Properties. The Properties dialog box
opens.
18. On the Properties tab, click the button next to Name, select LON-DM1, and then click OK.
19. In the PowerShell Script field, type the following:
'C:\Program Files\Microsoft System Center 2012\DPM\DPM\bin\AttachProductionServer.ps1' -DPMServerName {DPMServer} -PSName {VMName from Initialize
Data} -Username {DPMUser} -password {DPMPassword} -domain Contoso
20. In Output Variable 01, type $results, and then click Finish.
21. In the Activities pane, click the SC 2012 Data Protection Manager workspace, and then drag
Get Data Source onto the Runbook Designer workspace.
22. Click the arrow to the right of Run DPM PowerShell Script, and then drag the smart link to
Get Data Source.
23. Right-click Get Data Source, and then click Properties. The Properties dialog box opens.
24. On the Properties tab click the ellipsis next to the Name field. In the Item Selection dialog box, click
LON-DM1, and then click OK.
25. In the Name field right-click and point to Subscribe, and then click Published Data.
26. In the Published Data dialog box, click the drop-down arrow and select Initialize Data, click
VMName, and then click OK.
27. Click Finish to close the Properties dialog box.

28. In the Activities pane, click the SC 2012 Data Protection Manager workspace, and then drag
Protect Data Source onto the Runbook Designer workspace.
29. Click the arrow to the right of Get Data Source, and then drag the smart link to Protect Data
Source.
30. Right-click Protect Data Source, and then click Properties. The Properties dialog box opens.
31. On the Properties tab, click the ellipsis next to the Name field. In the Item Selection dialog box,
click LON-DM1, and then click OK.
32. In the Data Source ID field, right-click and point to Subscribe, and then click Published Data. On
the Published Data dialog box, click DataSourceID, and then click OK.
33. In the Protection Group field, type PG1.
34. Click Finish to close the Properties dialog box.
35. Close the System Center 2012 Orchestrator Runbook Designer.
L11-102
Results: After this exercise, you should have created a runbook to attach the virtual machine to Microsoft
System Center 2012 - Data Protection Manager, and to protect all of the specified virtual machines data
sources.
L12-103
Module 12: Configuring the System Center Cloud Services

Process Pack
Lab: Configuring the Cloud Services Process

Pack
Note
Exercise 1: Installing the Cloud Services Process Pack

Task 1: Extract the prerequisite management packs
1.
On LON-SM1, click Start, and then click Run.
2.
In the Open box, type \\LON-AP1\E$\Labfiles\MgmtPacks, and then press Enter.
3.
Double-click System Center Cloud Services Process Pack.exe.
4.
In the WinZip Self-Extractor window, click Unzip, and then click OK.
5.
Click Close, and wait for the Cloud Services Process Pack Setup Wizard to open.
Task 2: Import the prerequisite management packs

1.
On LON-SM1, click Start, point to All Programs, click Microsoft System Center 2012, click Service
Manager, and then click Service Manager Console.
2.
In the Service Manager console, in the Administration workspace, in the Navigation pane, click
Management Packs.
3.
In the Tasks pane, under Management Packs, click Import.
4.
In the Select Management Packs to Import window, in the address bar, type
C:\Users\Administrator.Contoso\AppData\Local\Temp\Setup\ManagementPacks, and then
press Enter.
5.
Change the file type to MP files (*.mp), select all of the files, and then click Open.
6.
In the Import Management Packs window, click Import.
7.
When the import completes successfully, click OK.
8.
In the Tasks pane, under Management Packs, click Import.
9.
In the Select Management Packs to Import window, browse to

C:\Users\Administrator.Contoso\AppData\Local\Temp\Setup\ManagementPacks\VMMMP.
10. Change the file type to MP files (*.mp), select all of the files, and then click Open.
11. In the Import Management Packs window, click Import.
12. When the import completes successfully, click OK.
Task 3: Install the Cloud Services Process Pack
L12-104 Module 10: Configuring a Private Cloud Service Catalog
1.
On LON-SM1, in the Cloud Services Process Pack Setup Wizard, click Cloud services process pack.
2.
On the Product registration page, use the following settings, and then click Next.
Name: Administrator
3.
On the Prerequisites page, verify that the prerequisite check has passed, and then click Next.
4.
On the Installation Summary page, read the information, and then click Install.
5.
On the Finished page, click Close.
6.
Task 4: Configure a Service Manager connection

1.
On LON-OR1, click Start, point to All Programs, click Microsoft System Center 2012, click
Orchestrator, and then click Deployment Manager.
2.
In Microsoft System Center 2012 - Orchestrator Deployment Manager, in the Navigation pane, click
Integration Packs.
3.
In the Results pane, right-click System Center Integration Pack for System Center 2012 Service
Manager, and then click Deploy IP to Runbook Server or Runbook Designer.
4.
In the Integration Pack Deployment Wizard, click Next.
5.
On the Integration Pack or Hotfix Deployment page, select the System Center Integration Pack
for System Center 2012 Service Manager check box, and then click Next.
6.
On the Computer Selection page, in the Computer box, type LON-OR1, click Add, and then click
Next.
7.
On the Installation Options page, verify that the Schedule installation check box is cleared.
8.
In the Advanced Options area, click Stop all running Runbooks before installing the Integration
Packs or Hotfixes, and then click Next.
9.
On the Completing Integration Pack Deployment Wizard page, click Finish.
10. Close the Orchestrator Deployment Manager.

11. Click Start, point to All Programs, click Microsoft System Center 2012, click Orchestrator, and
then click Runbook Designer.
12. In the Orchestrator Runbook Designer, click the Options menu, and then click SC 2012 Service
Manager.
13. In the SC 2012 Service Manager window, click Add.
14. In the Connection window, use the following settings, and then click OK.
Name: SM Connector
Server: LON-SM1
Domain: Contoso
User name: SCService
Password: Pa$$w0rd
Polling: 10 seconds
Reconnect: 10 seconds
15. In the System Center Service Manager 2010 window, click Finish.
16. Close the Orchestrator Runbook Designer.
Task 5: Install the Cloud Services runbooks
Lab: Configuring a Private Cloud Service Catalog
L12-105
1.
On LON-OR1, on the task bar, click Server Manager.
2.
In Server Manager, expand Configuration, expand Local Users and Groups, and then click Groups.
3.
Right-click Groups, and then click New Group.
4.
In the New Group window, in the Group name box, type OrchestratorUsersGroup.
5.
Click Add, type Contoso\Administrator, and then click OK.
6.
In the New Group window, click Create, and then click Close. Close Server Manager.
7.
Open a Windows Explorer window, browse to \\LON-AP1\E$\Labfiles\MgmtPacks\, and then

double-click System Center Cloud Services Process Pack.exe.
8.
In the WinZip Self-Extractor System Center Cloud Services Process Pack window, click Unzip.
9.
In the WinZip Self-Extractor window, click OK.
10. In the Cloud Services Process Pack Setup Wizard, click Cloud services runbooks.
11. On the Product registration page, use the following settings, and then click Next.
Name: Administrator
12. On the Prerequisites page, verify that the prerequisite check has passed, and then click Next. On the
Configuration page, use the following settings, and then click Test Credentials:
Password: Pa$$w0rd
Domain: Contoso
System Center Orchestrator Database Server: LON-SQ1
SQL Server instance: Default
Orchestrator Database: Orchestrator
13. When testing completes, click Next.

14. On the Configuration page, use the following settings and then click Next:
Runbooks folder name: SM-CloudServices
System Center Service Manager connection name: SM Connector
15. On the Installation summary page, click Install.

16. Click Close, and then close Windows Explorer.
Task 6: Configure VMM resources
1.
2.
Cloud Services.
3.
In the Results pane, read the Cloud Services Administration Overview, and then click Configure
VMM Resources.
4.
In the Configure VMM Resources Wizard, on the Before You Begin page, click Next.
5.
On the Logical Networks page, select the StockTrader Production Network check box.
6.
In the User Friendly Name box, type StockTrader Network.
7.
Select the External Network check box.
8.
In the User Friendly Name box, type Internet, and then click Next.
9.
On the VIP Templates page, select the Web load balancer check box, and then click Next.
10. On the Storage Classifications page, select the Local Storage check box.
11. In the User Friendly Name box, type Standard Storage.
12. Select the Remote Storage check box.
13. In the User Friendly Name box, type High Availability Storage, and then click Next.
14. On the VM Templates page, click Next.
15. On the Service Templates page, click Next.
16. On the Placement Tags page, click the Plus Sign (+).
17. In the Placement Tags area, in the blank line, use the following settings.
Display Name: High Availability
Description: Protected from host failure
18. On the Placement Tags page, click the Plus Sign (+).
19. In the Placement Tags area, in the blank line, use the following settings, and then click Next.
Display Name: Standard Availability
Description: Not protected from host failure
20. On the Summary page, click Submit.

Task 7: View the Cloud Services templates
L12-107
1.
In the Service Manager console, in the Library workspace, in the Navigation pane, click Templates.
2.
In the Results pane, read the names of available templates. Notice that some Cloud Services
templates display.
3.
Results: After this exercise, you should have installed the Cloud Services Process Pack.
Exercise 2: Configuring User Roles and Settings

Task 1: Configure a tenant administrator user role
1.
2.
Cloud Services.
3.
In the Results pane, click Create User roles for Tenant Administrators and Cloud Resources
Subscription Users.
4.
In the Tasks pane, click Create User Role, and then click End User.
5.
6.
On the General page, in the Name box, type Tenant Administrator, and then click Next.
7.
On the Management Packs page, scroll down, select all management packs that begin with Service
Manager Cloud Services, and then click Next.
Service Manager Cloud Services Catalog Library
Service Manager Cloud Services Cube Library
Service Manager Cloud Services Data Warehouse Library
Service Manager Cloud Services Library
Service Manager Cloud Services Subscription Management Library
Service Manager Cloud Services Tenant Management Library
Service Manager Cloud Services Virtual Machine Management Library
8.
On the Queues page, click All work items can be accessed, and then click Next.
9.
On the Configuration item Groups page, click All configurations items can be accessed, and then
click Next.
10. On the Catalog item Groups page, click All catalog items can be accessed, and then click Next.
11. On the Form Templates page, click All forms can be accessed, and then click Next.
12. On the Users page, click Next.
L12-109
Task 2: Create a cloud resources subscription user role

1.
In the Service Manager console, in the Administration workspace, in the Navigation pane, click User
Roles.
2.
In the Tasks pane, click Create User Role, and then click End User.
3.
4.
On the General page, in the Name box, type Cloud Resources Subscription User, and then click
Next.
5.
On the Management Packs page, select the following management packs, and then click Next.
Virtual Machine Manager Library
6.
On the Queues page, click All work items can be accessed, and then click Next.
7.
On the Configuration item Groups page, click All configurations items can be accessed, and then
click Next.
8.
On the Catalog item Groups page, click All catalog items can be accessed, and then click Next.
9.
On the Form Templates page, click All forms can be accessed, and then click Next.
10. On the Users page, click Next.

Task 3: Configure cloud services general properties

1.
Cloud Services.
2.
In the Results pane, click Configure general properties.
3.
In the Cloud Services Settings window, use the following settings, and then click OK:
Tenant ID Prefix: TN
Cloud Resources Subscription ID Prefix: CS
Tenant Administrators User Role: Tenant Administrator
Cloud Resources Subscription User Role: Cloud Resources Subscription User
Tenant Reviewers: Contoso\Administrator
Activity Implementer: Contoso\Administrator
Task 4: Configure cost properties
1.
Cloud Services.
2.
In the Results pane, click Configure cost properties.
3.
In the Cloud Services Settings window, on the General tab, use the following settings, and then click
OK:
Memory Cost (GB/Day): 1
Storage Cost (GB/Day): 1
CPU Cost Per Unit Per Day: .50
Miscellaneous Cost Per Day: 0
Notes: None
Task 5: Create cost centers

1.
Cloud Services.
2.
In the Results pane, click Create Cost Center.
3.
In the Configuration Items workspace, in the Tasks pane, click Create Cost Center.
4.
In the Cost Center Properties window, on the General tab, use the following settings, and then click
OK:
Display Name: Stock Trader Cost Center
Code: ST
Name: Stock Trader
5.
In the Configuration Items workspace, in the Tasks pane, click Create Cost Center.
6.
In the Cost Center Properties window, on the General tab, use the following settings, and then click
OK:
7.
Display Name: DinnerNow Cost Center
Code: DN
Name: DinnerNow
Results: After this exercise, you should have configured services roles and settings.
L12-111
Exercise 3: Configuring Service Offerings
Task 1: Configure the default service offering that was installed by the Cloud Services
Process Pack
1.
2.
Cloud Services.
3.
In the Results pane, click Group request offerings under service offering.
4.
In the Library workspace, in the Results pane, click Private Cloud Infrastructure Services, and then
click Properties.
5.
In the Edit Service Offering window, click Request Offering. Notice that no request offerings are
listed by default.
6.
Click Add.
7.
In the Select objects window, in the Type to filter box, type Cloud, and then press Enter.
8.
Under Available objects, select the following request offerings, and then click Add:
9.
Cancel Cloud Resources Subscription
Update Cloud Resources Subscription
In the Select objects window, in the Type to filter box, type Virtual, and then press Enter.
10. Under Available objects, select the following request offerings, and then click Add:
11. Click OK.

12. In the Edit Request Offering window, click OK.
Task 2: Create a service offering for tenant management

1.
In the Service Manager console, in the Library workspace, in the Navigation pane, click All Service
Offerings.
2.
In the Tasks pane, click Create Service Offering.
3.
In the Create Service Offering Wizard, on the Before You Begin page, click Next.
4.
On the General page, use the following settings:
Title: Tenant Management
Category: General
Overview: Options for managing cloud services tenants
Description: Options for managing cloud services tenants
5.
Next to Management pack, click New.
6.
In the Create Management Pack window, in the Name box, type Cloud Customizations, and then
click OK.
7.
On the General page, click Next.
8.
On the Detailed Information page, leave all selections blank, and then click Next.
9.
On the Related Services page, click Next.
10. On the Knowledge Articles page, click Next.

11. On the Request Offering page, click Add.
12. In the Select objects window, in the Type to filter box, type tenant, and then press Enter.
13. In the Available objects area, select all Request Offerings, click Add, and then click OK.
14. On the Request Offering page, click Next.
15. On the Publish page, use the following settings, and then click Next:
Offering status: Published

Results: After this exercise, you should have created a private cloud service offering.
Exercise 4: Creating an Incident Request

Task 1: Create an incident request template
L12-113
1.
2.
In the Service Manager console, in the Library workspace, in the Navigation pane, expand Service
Catalog, expand Request Offerings, and then click All Request Offerings.
3.
In the Results pane, in the Filter box, type incident.
4.
In the Results pane, click Generic Incident Request.
5.
In the Tasks pane, click Create a Copy.
6.
In the Copy Request Offering window, in the Management pack box, select Cloud Customizations,
and then click OK.
7.
In the Results pane, double-click Copy of Generic Incident Request. You may need to refresh the
view to make the new request offering visible.
8.
In the Edit Request Offering dialog box, on the General page, use the following settings:
9.
Title: Cloud Services Incident
Description, shown on the request offering page: Report a problem with cloud service
infrastructure
Template name: Generic Incident Request
On the User Prompts page, in the Enter prompts or information text area, enter the following
information in the first empty row (the sixth row):
User Prompts or Information: Are customers affected?
Response Type: Required
Prompt Type: True/False
10. On the Configure Prompts page, confirm that all prompts are configured.
11. On the Map Prompts page, click Display all properties.
12. In the Select an object and map its properties box, click Incident.
13. In the table, scroll down to the Is Downtime property, and in the Prompt Output column, select 6.
Are customers affected?: True/False.
14. On the Publish page, use the following settings, and then click OK:
Offering status: Draft
Task 2: Publish an incident request
1.
In the Service Manager console, in the Library workspace, in the Navigation pane, click Draft
Request Offerings.
2.
In the Filter box, type cloud, and then press Enter.
3.
Click Cloud Services Incident, and then click Publish.
4.
In the Navigation pane, click Published Request Offerings.
5.
Click Cloud Services Incident, and then click Add to Service Offering.
6.
In the Select objects window, click Private Cloud Infrastructure Services, click Add, and then click
OK.
Results: After this exercise, you should have created and published an incident request.
L12-115

Task 1: Create a calendar for cloud services
1.
2.
In the Service Manager console, in the Administration workspace, in the Navigation pane, expand
Service Level Management, and then click Calendar.
3.
In the Tasks pane, click Create Calendar.
4.
In the Create/Edit Calendar Wizard, use the following settings, and then click OK:
Title: Cloud Services Calendar
Time zone: (UTC-08:00) Pacific Time (US & Canada)
Work day: Monday, Tuesday, Wednesday, Thursday, Friday
Start time: 7:00:00 AM
End time: 9:00:00 PM
Task 2: View existing metrics

1.
Metric.
2.
In the Results pane, double-click Completion Time.
3.
In the Create/Edit Metric Wizard, read the time metrics for the Start date and End date, and then
click Cancel.
4.
In the Results pane, double-click Resolution Time.
5.
In the Create/Edit Metric Wizard, read the time metrics for the Start date and End date, and then
click Cancel.
Task 3: Create a metric for assigning cloud resources to a subscription

1.
In the Service Manager console, in the Administration workspace, in the Tasks pane, click Create
Metric.
2.
In the Create/Edit Metric Wizard, on the General page, in the Title box, type Assign Cloud
Resources.
3.
Next to the Class box, click Browse.
4.
In the Select a Class window, in the Type to filter box, type Cloud.
5.
Click Manual Activity to Assign Cloud Resources to Subscription, and then click OK.
6.
On the General page, in the Start date box, select First assigned date.
7.
In the End date box, select Actual end date, and then click OK.
Task 4: Create a service level objective

1.
Service Level Objectives.
2.
In the Tasks pane, click Create Service Level Objective.
3.
In the Create Service Level Objective Wizard, on the Before You Begin page, click Next.
4.
On the General page, in the Title box, type Cloud Resources Assignment.
5.
Next to the Class box, click Browse.
6.
In the Select a Class window, scroll down, select Manual Activity to Assign Cloud Resources to
Subscription, and then click OK.
7.
On the General page, in the Management pack box, select Cloud Customizations.
8.
Select the Enabled check box, and then click Next.
9.
On the Queues page, click New.
10. In the Create a Queue Wizard, on the Before You Begin page, click Next.
11. In the Queue name box, type Cloud Resources Assignment Queue.
12. Next to the Work item type box, click the browse button.
13. In the Select a Class window, scroll down, select Manual Activity to Assign Cloud Resources to
Subscription, and then click OK.
14. On the General page, in the Management pack box, select Cloud Customizations, and then click
Next.
18. In the Create Service Level Objective Wizard, on the Queues page, select the Cloud Resources
Assignment Queue check box, and then click Next.
19. On the Service Level Criteria page, use the following settings, and then click Next:
Calendar: Cloud Services Calendar
Metric: Assign Cloud Resources
Target: 4 hours
Warning threshold: 30 minutes

Results: After this exercise, you should have configured service level management for assigning cloud
resources.

10751A ENU TrainerHandbook

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

10751A ENU TrainerHandbook

Cargado por

Copyright:

Formatos disponibles

M I C R O S O F T

MCT USE ONLY. STUDENT USE PROHIBITED

Configuring and Deploying a Private Cloud

MCT USE ONLY. STUDENT USE PROHIBITED

Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty

Product Number: 10751A

MCT USE ONLY. STUDENT USE PROHIBITED

MICROSOFT LICENSE TERMS

MCT USE ONLY. STUDENT USE PROHIBITED

a. If you are a Authorized Learning Center:

MCT USE ONLY. STUDENT USE PROHIBITED

b. If you are a MPN Member.

MCT USE ONLY. STUDENT USE PROHIBITED

d. If you are a MCT.

2.3 Reproduction/Redistribution Licensed Content. Except as expressly provided in the applicable

MCT USE ONLY. STUDENT USE PROHIBITED

survive this agreement.

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED

This limitation applies to

MCT USE ONLY. STUDENT USE PROHIBITED

MCT USE ONLY. STUDENT USE PROHIBITED

Conan Kezema Content Developer

Joel Stidley Content Developer

Damir Dizdarevic Content Developer

Byron Wright Content Developer

Justin Kimber Technical Reviewer

Lesson 2: Requirements for Deploying a Private Cloud

Lesson 3: Designing the Private Cloud Infrastructure

Lesson 4: Overview of System Center 2012 Components

Lesson 5: Deploying Hyper-V Clustering with VMM

Lab: Preparing the Private Cloud Infrastructure

Module 2: Configuring and Deploying the Private Cloud with Microsoft

Lesson 3: Configuring VMM Security and Roles

Lesson 4: Understanding Host Groups

Lab: Configuring and Deploying the Private Cloud Infrastructure

Module 3: Extending and Maintaining the Private Cloud Infrastructure

Lesson 2: Deploying Bare Metal Hyper-V Host Servers

Lesson 3: Configuring the Update Server Role

Lesson 4: Creating and Using an Update Baseline

Lab: Maintaining the Private Cloud Infrastructure

Module 4: Configuring Application Delivery

Lesson 2: Web Deployment Packages

Lesson 3: Server Application Virtualization Overview

Lesson 4: Configuring Server App-V Components

Lesson 5: Sequencing and Deploying Virtual Applications

Lab: Configuring Virtual Application Delivery

Module 5: Creating the Private Cloud Building Blocks

Lesson 2: Configuring Hardware Profiles

Lesson 3: Configuring SQL Server Using SQL Server Profiles

Lesson 4: Configuring Application Profiles

Lesson 5: Configuring Virtual Machine Templates

Lesson 6: Configuring the Self-Service User Role

Lab: Creating the Private Cloud Building Blocks

MCT USE ONLY. STUDENT USE PROHIBITED

Module 6: Deploying and Accessing a Private Cloud

Lesson 2: Installing and Configuring App Controller

Lesson 3: Creating and Managing Services and Service Templates

Lab: Deploying and Accessing a Private Cloud

Module 7: Monitoring the Private Cloud Infrastructure

Lesson 2: Upgrading Operations Manager 2007 R2

Lesson 3: Configuring Notifications

Lesson 4: Configuring Management Packs