PEX 2015 VCDX Mock Defense Room

For the past several VMware VCDX defenses Nutanix has been excited to sponsor a mock defense hotel room for the candidates to practice their art. I know when I was going through the defense program having the Nutanix sponsored room in San Francisco at PEX 2014 was a truly invaluable experience and greatly contributed to my first time success through the program. This year Thomas Brown from Varrow has been the study group ring leader, and has done a great job of organizing people.

Since PEX 2014 we’ve also sponsored rooms at VMworld 2014, and for the 2014 Palo Alto defenses in October. This just really shows how much Nutanix stands behind the VCDX program, and believes in the quality of people in turns out. In fact, Nutanix now has 11 VCDXs on staff and looks forward to adding even more world-class talent. Outside of VMware we have more VCDXs than several of our biggest competitors combined. Wow!

This coming weekend is crunch time for candidates across the globe. Candidates from several countries will be defending at PEX 2015 in San Francisco. Nutanix has committed to do something special for the candidates coming to PEX 2015!

Nutanix is sponsoring a room this weekend (Saturday and Sunday) at the Hotel Nikko, 222 Mason Street, for mock defenses, troubleshooting, design scenarios, and general preparation. I am working with Mark Brunstad, of VCDX program fame, to get the message out to the local VCDXs, so candidates can benefit from their experience as they prepare for the big day. I hope to have some surprises guests on Sunday for our candidates. I’ll be there the whole weekend helping the candidates prepare.

If you are a VCDX candidate who is flying in this weekend OR an existing VCDX in the Bay Area and you’d like to contribute, you should plan to spend some time at the VCDX mock defense room this weekend! Please Tweet me (@vDereks) to RSVP, and get the details about the schedule. I’m sure you will benefit greatly from the VCDXs’ guidance and experience, as they help prepare you for your defense next week.

Very best of luck to all candidates next week, and I hope to see your names in the VCDX Directory shortly. I’ll also be at PEX 2015 all week, so if you spot me please don’t be shy and come up and say HI! Always fun to meet my readers and get feedback about the blog.

Sizing Microsoft Lync Server 2013 on Nutanix

In this article I’ll be covering how to size and deploy Microsoft Lync Server 2013 on Nutanix. This article is a subset of a newly released whitepaper which covers SMB (1,000 users), medium (10,000 users), and large (26,664 users) size Lync deployment scenarios. You can download the full whitepaper for free here. In this blog post I’ll just cover the medium sizing scenario and you can check out the whitepaper for SMB and enterprise configurations.

The whitepaper also covers a lot of Hyper-V best practices for virtualizing Lync, so be sure to check it out. I would also like to add that Jason Sloan from Perficient (@Jason_D_Sloan), a Lync Certified Master, played a key role in the content. He has extensive experience with global Lync deployments, so tapping his expertise for this whitepaper was a big win.

When deploying Lync Server 2013, you want a resilient and scalable platform so that as your Lync environment grows, so can your infrastructure. Nutanix delivers a highly resilient converged compute and storage platform that brings the benefits of web-scale infrastructures to all organizations. Designed for supporting virtualized environments including VMware vSphere, Microsoft Hyper-V, and KVM, Nutanix is the ideal infrastructure for running all types of virtual workloads including real time technologies such as Microsoft Lync Server 2013.

Lync 2013 Overview

The core deployment for Lync Server 2013 consists of the “Front End” role which is required for a deployment, commonly referred to as the “Pool”.  The Front End service can run on either a Standard Edition Lync Server or the Enterprise Edition Lync Server.  The total amount of servers required starts with identifying which edition an organization requires based on business requirements.

In addition to the Lync Server 2013 Front End role, the complete Lync infrastructure is comprised of additional roles.  Not all roles however, require their own server as some can be collocated together.  Although Lync Server 2013 can be deployed a la carte the following roles are included in the Lync Server 2013 workloads:

  • Lync Front End Server – Standard or Enterprise edition
  • Lync Director Server – Client authentication
  • Lync Edge Server – Remote access
  • Microsoft Office Web Apps Server – PowerPoint Sharing and rendering
  • Lync Mediation Server – Audio codec transcoding
  • Lync Persistent Chat Server – Chat rooms
  • Microsoft SQL Server – Database servers

The total number of each of these servers can be extensive depending on the design requirements.  There are two key requirements that must be identified that drive the server design and ultimately determine the Lync Server 2013 Edition and total amount servers: user count and high availability.  It is important for an organization to understand each server and role they provide.  As the environments grow from SMB to large enterprise, the design requirements for the Lync Server architecture begins to scale up. This mirrors the scale up story of the Nutanix platform.

Standard Edition Server – Does not offer high availability, and hosts many services including instant messaging and presence, enterprise voice, archiving, persistent chat, and monitoring.

Enterprise Edition Pool – Comprised of three or more front end servers, they use an external SQL server and it is recommended the SQL server be highly available. Also, persistent chat servers must be deployed separately.

Lync on Nutanix

The Nutanix Virtual Compute Platform is a hyperconverged solution that combines storage and compute resources into a single, integrated appliance. It provides the manageability benefits of centralized storage while delivering high performance by keeping data local to server resources. IT managers can now deliver Unified Communications services with enterprise storage features without the cost and complexity of SAN and NAS systems. The scalability of the Nutanix cluster can accommodate Lync clusters of any size. A Lync deployment on Nutanix is flexible and scalable.

Nutanix delivers a highly available, easy to manage, fault tolerant platform for Lync Server 2013. The fault tolerance and self-healing of the underlying NDFS infrastructure allows critical UC services to be provided to end users without interruption. Nutanix’s ease of installation and setup cuts down UC deployment times by slashing the time needed to configure storage infrastructure. No more Fibre Channel zoning, LUN creation, LUN masking, etc.

Lync Full Capacity Sizing

With Lync Server 2013, server platform system requirements for physical hardware and virtualization are identical which simplifies planning.  These Microsoft requirements are based solely on full capacity physical deployments (200K users), which may not apply to your environment.  To view workload capacities, see the Microsoft TechNet article for more details. For each Front End, Back End and persistent chat servers Microsoft recommends 12 vCPUs (dual hex-core) at 2.26 GHz or higher with 32GB of RAM. For full capacity Edge, directors and mediation servers they recommend 8 vCPUs and 16GB of RAM. Finally, for Office web apps servers for 200K users, a 16 vCPU VM is recommended. Clearly, for smaller environments the requirements can be scaled back.

Microsoft has developed the Lync Capacity Calculator, which you can download from here. Translating calculator results into hypervisor vCPUs is not exactly straight forward. Unlike the Exchange calculator which is amazing, some estimation for Lync sizing is required. So next up is going through the sizing exercise for a “medium” deployment of 10,000 users.

Microsoft does have some virtualization guidelines for Lync, which you can find here. In there Microsoft clearly states that CPU oversubscription is strictly prohibited for Lync server media workloads. This limits the VM density, as we will see later on in this blog post. Lync is not the only UC application that mandates no CPU oversubscription, Cisco and Avaya do it as well.

10,000 Seat Sizing

In this example we are sizing the core Lync components for 10,000 users, N+1 availability, no persistent chat, and will enable archiving/monitoring. In the graphic below, you can see the assumptions we made using the Lync calculator spreadsheet. Your environment will be different, so make sure you adjust accordingly.

According to the calculator two FE servers are required, not taking into account N+1 availability. Taking that into account, and allowing for planned business growth over the next three years, I decided on a total of four FE servers.

Lync-10000

Because this deployment is far under the full deployment model, 12 vCPUs for each FE server is likely overkill. So for this model we will use the Lync calculator estimate of 45% CPU load, and translate that into 6 vCPUs (12 vCPUs * .45). Clearly, depending on the usage of Lync in your environment this may be overkill, or inadequate. Proper POC testing is important, to help gauge sizing and ensure optimum Lync performance.

Now that we have calculated how many FE servers we need, the table below lists the remaining servers that we need to account for. Here we can see 2 edge servers, 3 SQL servers (one is SQL express for witness), and two Office app servers for N+1 availability. This deployment requires a total of 11 VMs.

2015-01-22_10-14-34

Nutanix has a variety of platforms, each with a different number of CPU cores. Starting with our Haswell nodes, you can customize the CPUs to tailor the hardware to your needs. So the sizing example below is just one possible VM layout, and it would change depending on the model and processor that you select. Nutanix also has free sizing web app that partners can use to map out VMs to servers and get a full bill of materials.

In this example I selected a NX-3000 series node, with dual 10 CPUs. I also fully reserved 8 vCPUs for the Nutanix CVM, to ensure maximum storage performance. The remaining cores were distributed among the 11 VMs, taking into account the CPU oversubscription prohibition for certain VMs like the FE servers. We also included N+1 availability at the Nutanix block level, so any single node can fail and the hypervisor can restart the VMs on another node with adequate capacity. Click on the graphic below to enlarge it and see the proposed VM layout.

2015-01-29_13-51-59

 

If you used the NX-3000 series it would require five nodes (four with VMs, one free for HA capacity), which can be deployed as two block using a total of 4 RU. Three additional slots are open for future expansion of the Lync environment, or other business critical apps. A minimum of 128GB of RAM is needed in each server. To round out the solution two 10GB top-of-rack switches are needed, for a grand total of 6RU. This is a very dense solution, which is also very power efficient. And yes, no additional rack space is needed for a shared storage solution due to the magic of our distributed file system, NDFS.

Summary

Microsoft Lync Server 2013 can be successfully deployed on the Nutanix platform, delivering high availability and true linear scalability. Traditional SAN/NAS complexity is eliminated while providing a highly resilient storage and compute infrastructure with a small datacenter footprint and full Microsoft support. If you need to dramatically scale your Lync infrastructure, you can easily just add more Nutanix nodes to linearly scale the performance.

Nutanix is the optimal compute and storage platform for critical real-time UC applications, allowing Unified Communications pool scaling as needed during a deployment, instead of building the entire infrastructure up front for only a small number of users. This flexibility makes Nutanix a perfect fit for on premise, private-cloud, or “UC as a Service” deployment models where scale over time is crucial.

By following the guidelines and best practices presented in the Nutanix whitepaper available here, you can successfully design and deploy a Microsoft Lync Server 2013 solution on Nutanix at any scale in a highly reliable manner using the minimum amount of rack space and power.

You can download the full whitepaper here.

Nutanix Releases NOS 4.1.1

I am very pleased to announce the latest release of the Nutanix Operating System, NOS 4.1.1, is generally available today. Download your copy today! This release offers rich enterprise capabilities to meet the needs of the most demanding applications and critical infrastructure requirements in the datacenter.

Here’s a summary of what’s new in this release.

  • Metro Availability: Nutanix Metro Availability provides continuous data availability for business-critical applications during planned maintenance or unplanned disasters that affect entire sites. Nutanix is the only hyper-converged infrastructure vendor to deliver continuous data protection across multiple datacenters. You can read more about Metro Availability here and here.
  • Cloud Connect: Nutanix Cloud Connect seamlessly integrates public cloud services, such as Amazon Web Services (AWS), with Nutanix-powered private cloud environments. It allows Nutanix customers to combine private and public cloud technology into their long-term infrastructure strategy without requiring third-party software or hard to maintain plug-ins. Read more about Cloud Connect here and here.
  • Encryption Support: Nutanix now provides strong data protection by encrypting user and application data to a level of FIPS 140-2 Level 2 compliance. Data at rest encryption is delivered through self-encrypting drives (SED) that are factory-installed in the Nutanix hyper-converged appliance. Find out more here.
  • Simplified Hypervisor Upgrade: Nutanix radically simplifies the process of upgrading the hypervisor in a Nutanix cluster with this new feature. This release will support upgrade of VMware ESXi and Microsoft Hyper-V, with KVM support coming soon. You can read about it here.
  • Security/STIG Enhancements: Nutanix has developed its own comprehensive security technical implementation guides (STIGs) to speed up the accreditation process for DIACAP/DIARMF, which is typically slow and manual. A process that typically takes nine to twelve months can now be accomplished in minutes. Over 500 embedded configuration changes were made to the system for compliance purposes. Major kudos to the security and development teams. Learn more here.
  • Prism Central Scalability: You can now manage up to 100 Nutanix clusters and 10,000 VMs. Prism Central now also supports Hyper-V.
  • Microsoft SCOM Pack: While not part of NOS, coinciding with the 4.1.1 release Nutanix has a Microsoft SCOM pack that monitors both Nutanix hardware and software. Great for Microsoft-centric shops.
  • XenDesktop Plug-In:  Again, while separate from NOS, Nutanix is unique in the industry by releasing a XenDesktop plug-in which enables you to configure per-VM SLAs. This is all configured with a few simple clicks from the XenDesktop Studio.

As part of the ongoing security hardening of NOS, 4.1.1 also addresses several attack vectors for NTP. Nutanix recommends upgrading to 4.1.1 to address these security issues. Certificate management in PRISM has also had a few improvements as well. For a deep dive on additional security information, check out this blog post by Nutanix’s Eric Hammersley. After seeing all the focus around securing our product automating the STIG process, you will agree with me that this is really industry leading.

For a “point” release of NOS, they’ve packed in A LOT of new features plus broader ecosystem support highlighted by the SCOM and XenDesktop add-ons. If you think these features are great, just wait to see what’s in our next point release.

Nutanix coming to VMware PEX 2015

This year I’m pleased to announce that Nutanix is a Gold Sponsor of VMware PEX 2015, in San Francisco. Put on your seat belts, as VMware is going to make a big announcement on Feb 2nd about a new version of their hypervisor portfolio. Lots of great new features, and I’ll be posting a long blog series on what’s new in vSphere 6.0, and of course SSL certificate replacement. Stay tuned!

If you are new to Nutanix, then find out why IDC named us the global leader in Hyperconverged infrastructure. Click here for the full IDC report. We are #1 for a reason!

2015-01-23_12-39-40

If you are attending PEX, then there’s a few ways to get see what all the Nutanix goodness is about:

  • Drop by Booth #218 and see a demo and talk to our talented staff
  • Attend the PEX Breakout session titled “Winning with Nutanix, the Leader in Hyperconverged Infrastructure”
  • Or click here to schedule a session with one of our talented staff to answer all your questions

We are giving away an Xbox One, so drop by the booth and get scanned for a chance to win. And if you like to party, then come join us for our Nutanix party on Tuesday night. VERY limited tickets, so signup here ASAP. I’ll be there.

If you aren’t a VMware Partner, but love Nutanix, be sure to attend our first annual .Next conference this summer in Miami. I’ve seen some sneak preview of the content, and it will be killer. Find out all of the details here.

2015-01-23_12-40-08

I’ll be attending PEX this year (first time working for a VMware partner), so be sure to track me down and say HI if my blog content has helped you out. Feedback is always very much appreciated.

vSphere 5.1 U3 Now Out

Right on the heels of VMware Workstation 11 being released, VMware has released vSphere 5.1 U3. No major new features, but according to the release notes there is support for new guest operating systems (without being specific) and it also resolves a number of issues. Also updated in this release are VMware tools and the SCSI MegaRAID SAS VIB. Some security patches are also included, so be sure to start testing this release and planning your change control windows.

One interesting change in 5.1 U3, which was included in 5.5 U2, is the resetting of the CBT counter when doing a storage vMotion. Now if you do a svMotion CBT state will be maintained. New to vCenter 5.1 U3 is the support for Oracle 12c, and Microsoft SQL 2014. It’s great to see VMware keeping up with database support. vCenter 5.1 U3 also includes an updated Java engine, which addresses a plethora of security issues. So once again, view 5.1 U3 as a security update which you need to plan on rolling out in your environment.

ESXi 5.1 U3 Release notes are here

vCenter 5.1 U3 Release notes are here

As always, you can download the newest updates from My VMware portal. Be sure to conduct thorough testing in a lab environment before deploying this into product. Nutanix supports “U” releases day zero. But remembering back to NFS issues introduced in “U” releases, a good amount of testing is advised before putting this into production.

 

 

VMware Workstation 11 & Player 7 Pro Out

Hot off the presses is the release of VMware Workstation 11, and Player 7 Pro. Even though I have a full blown ESXi lab at home, I still find uses for VMware Workstation. For example, I have Windows 10 tech preview running in a Workstation VM. For those of you without a physical ESXi lab, Workstation is a great way to run multiple VMs on your PC. New features in Workstation 11 include:

  • Increased OS support. Windows 8.1 Update, Windows Server 2012 R2, Ubuntu 14.10, RHEL 7, CentOS 7 and OpenSUSE 13.2. Also included is support for Windows 10 technical preview (although I had this running on WS10 without issues).
  • Now sports VM hardware version 11, coming to vSphere 6.0 this spring. Features updated xHCI and NDIS drivers.
  • Improved support for high DPI displays, such as QHD+ (3200×1800)
  • When running on a Haswell PC, you can see up to a 45 percent improvement in CPU intensive operations like multi-media over Workstation 10.
  • VMs can now support 16 vCPUs, 8TB disks, 64GB of RAM and 2GB of video memory.
  • Boot VMs with EFI
  • Create desktop shortcuts for VMs
  • Connection to VMware vCloud Air. Easily upload, run and view your VMs right from Workstation.

For the full release notes, see this link. You can download Workstation 11 from here (login required). I hope that vExperts will be issued Workstation 11 license keys…crossing fingers.

SQL 2014 AlwaysOn AG Pt. 13: SSL

As we near the end of this installation series, there are a couple of final areas to cover. Up in this installment is configuring SSL. Now you may be thinking, SQL and SSL, really? Yes, for a good number of years SQL has supported the use of SSL for database connections. This enables you to encrypt from client to server all of the SQL traffic. Because we are using AAGs and two cluster nodes, configuring SSL for all of the possible connections is tricky. I will make the assumption here that you have an internal Microsoft CA which can issue certificates with SANs (subject alternative names). If this is not your situation you can still read through the post to get a feel for the configuration steps, but you will need to modify them for your environment.

Blog Series

SQL 2014 Always-on AG Pt. 1: Introduction
SQL 2014 Always-on AG Pt. 2: VM Deployment
SQL 2014 Always-on AG Pt. 3: Service Accounts
SQL 2014 Always-on AG Pt. 4: Node A Install
SQL 2014 Always-On AG Pt. 5: Unattended Node B
SQL 2014 Always-on AG Pt. 6: Cluster Configuration
SQL 2014 Always-on AG Pt. 7: TempDB
SQL 2014 Always-on AG Pt. 8: Max Mem & Email
SQL 2014 Always-on AG Pt. 9: SQL Maintenance
SQL 2014 Always-On AG Pt. 10: AAG Setup
SQL 2014 Always-On AG Pt. 11: File Share Witness
SQL 2014 Always-On AG Pt. 12: Kerberos
SQL 2014 Always-On AG Pt. 13: SSL

SSL Configuration

1. Open a blank MMC console and add the Certificates snap-in for the local computer store.

2. Expand the Personal node, right click and select All Tasks then Request New Certificate.

2014-11-01_11-44-22

3. Select the Active Directory Enrollment Policy.

4. Now here’s where we may run into problems. On my Microsoft CA I have a template called Server Authentication – SAN. You won’t have this, but may have other templates that work. The important factor here is that we need to enter SAN values on the certificate. This will be denoted by a yellow warning under the certificate template that more information is needed. If you don’t have any templates which need this additional information, you will need to make a new template. You can do this by duplicating the web server template and making sure the supply in request option is used for the subject name.

2014-11-01_10-32-52

2014-11-01_10-36-16

5. Check the box next to your template that needs additional information and will work as a server SSL certificate.

6. Click on the yellow warning message. A window will open up requesting certificate properties. For the subject name change the type to common name and enter the FQDN of the SQL server node.

7. In the alternative name field change the type to DNS. Enter the short name of your SQL server node, plus the short name of your AAG listener  (e.g. SDSQL03-AG1L) and the FQDN of your AAG listener.

 

2014-11-01_10-44-22

8. Process through the enrollment process, and you should now have a freshly minted SSL certificate in your computer’s certificate store.

2014-11-01_11-22-53

9. Right click on the certificate, select All Tasks, then choose Manage Private Keys. Give the SQL DBE service account read (only) permissions to the certificate.

2014-11-01_11-24-39

10. Close out the certificate MMC.

11. Open the SQL Server Configuration Manager. Open the properties of the Protocols for MSSQLSERVER as shown below.

2014-11-01_11-28-11

12. Click on the Certificates tab and choose the SSL certificate from the dropdown menu. You could also go to the Flags tab and enforce encryption. I would not recommend this unless you know 100% all of your applications support SQL SSL. Many do not.

2014-11-01_11-30-24

13. Stop and restart the SQL server and ensure it starts.

14. Repeat the entire process on the second SQL node, but use the FQDN and short name of the other node during the certificate request process. Use the same AAG listener short name and FQDN.

Summary

We have now configured both SQL nodes in our AAG cluster to be SSL enabled. So if you have applications which support encrypted SSL, then you are now set. Please do note that SSL certificates and AlwaysOn listeners have extremely limited client support due to the use of SAN certificates. See this MS article for more details. Bottom line is that even though we have fully configured SSL certs on the server side, the client side may not support the SAN certificate property needed to encrypt to the AAG listener. For non-AAG enabled databases you could still encrypt by connecting directly to the SQL server node’s name.

Also remember that if you add more AAG listeners to the cluster, then you will need to re-issue the SSL certificates on both nodes to include the additional SAN short names and FQDNs.

SQL 2014 Always-on AG Pt. 12: Kerberos

We are nearing the end of the SQL 2014 AlwaysOn Availability Group series, with just Kerberos and SSL left to configure. In this installment we tackle Kerberos. Depending on your environment, you may or may not need Kerberos configured. Kerberos is only effective when using Windows authentication to your SQL server, not SQL authentication. Should Kerberos authentication fail, it will fail back to NTLM. In case you do have a multi-tiered application that needs Kerberos, let’s get it configured. Microsoft has made some of the Kerberos configuration easy, via a nice GUI tool they created. Unfortunately it is not AAG aware, so there’s still a bit of manual configuration needed. But it helps reduce human error.

Blog Series

SQL 2014 Always-on AG Pt. 1: Introduction
SQL 2014 Always-on AG Pt. 2: VM Deployment
SQL 2014 Always-on AG Pt. 3: Service Accounts
SQL 2014 Always-on AG Pt. 4: Node A Install
SQL 2014 Always-On AG Pt. 5: Unattended Node B
SQL 2014 Always-on AG Pt. 6: Cluster Configuration
SQL 2014 Always-on AG Pt. 7: TempDB
SQL 2014 Always-on AG Pt. 8: Max Mem & Email
SQL 2014 Always-on AG Pt. 9: SQL Maintenance
SQL 2014 Always-On AG Pt. 10: AAG Setup
SQL 2014 Always-On AG Pt. 11: File Share Witness
SQL 2014 Always-On AG Pt. 12: Kerberos
SQL 2014 Always-On AG Pt. 13: SSL

Kerberos Configuration

1. Download the Microsoft Kerberos Configuration Manager for SQL server here. Install it one of your SQL servers.

2. Navigate to C:\Program Files\Microsoft\Kerberos Configuration Manager for SQL Server and launch KerberosConfigMgr.exe

3. Since we are connecting locally you won’t need to enter any connection information.

2014-10-26_19-03-23

4. Once connected, navigate to the SPN page. All the way on the right there is a Status column. Unless it says Good with a green checkmark, your SPNs are not configured. You should see a “Missing” status.

5. Click on the two Fix buttons. You should now see a status of Good.

6. Repeat the process on the second SQL server.

7. Go to an Active Directory domain controller and locate the database engine service account. In the advanced view open the Attribute Editor tab and locate the servicePrincipalName entry. Open it, and you should see four entries.

8. We need to add two SPNs, for the AAG listener. Follow the same format as the existing entries, but use the FQDN of your listener computer object. Add a second entry with the port number. You should now have a total of six SPNs.

2014-10-26_19-11-43

9. Download my Kerberos PowerShell test script from here. Copy it to a non-SQL server and run it. Enter the FQDN of the first SQL host and the FQDN of the AAG listener. You should see two Online statements. Do not run this from the SQL server, or the authentication method will be shown as NTLM. Run this on a non-SQL AAG server, please.

2014-10-26_19-19-43

10. Download my SQL authentication script from here. Open it in SQL Studio and run it. At the bottom of the screen you should see two Kerberos entries. This corresponds to the two connections made from my PowerShell script. If they are shown as NTLM, then Kerberos is not working. Re-run the PowerShell script, but this time connect to the second SQL server and validate Kerberos is working on there as well.

SQL Auth

Summary

At this point you’ve now configured Kerberos for both SQL nodes and your AAG listener. You’ve also tested it as well to ensure the configuration works. Sometimes Kerberos can be touchy, and I’ve had situations where even with all the SPNs setup correctly the listener won’t authenticate with Kerberos. So YMMV, and you may need to open a ticket with MS should it not work for you. But at least you know the process that should work for everyone.

Next up in Part 13 is configuring SSL.

Adding a GUI Back to Windows Server Core

The other day I had the occasion where I wanted to add back the Windows Server 2012 R2 GUI to a server core installation. This was a test environment, and for what I was testing I felt the GUI provided a more streamlined experience. Server core certainly has its places, and is great as a hypervisor, appliance, or in high security environments. Installing the GUI, while not difficult, it look quite a bit of Googling and trial and error to find a command that actually worked.

1. RDP into your Core install or use your server’s IPMI/VM console feature, and a command prompt should open. Type powershell.

2. From your original install ISO, copy the \sources\install.wim to your core server.

3. Type the following command and wait several minutes for the install to complete. Include the full path to where you copied your install.wim file.

install-windowsfeature -name server-gui-shell -includemanagementtools -source:wim:c:\install.wim:2

2014-10-15_14-05-02a

 

4. After the installation is complete, reboot the server. The reboot process will be quite slow, as it will be configuring the new features for several minutes. Be patient.

2014-10-15_13-55-02

SQL 2014 Always-on AG Pt. 11: File Share Witness

Now that we have our SQL AAG up and running, there’s still some configuration left to do. In this installment I cover SQL 2014 file share witness confiugration. In my example I’m doing a 2-node AAG, which means that we need a file share witness to help establish quorum. If you have a NAS appliance, you can easily create a share on there and use it. In my case I’m assuming 100% Windows, so we will be using a third member server as our FSW. There’s nothing too special about this FSW, except for some permissions. Storage space is very minimal.

Blog Series

SQL 2014 Always-on AG Pt. 1: Introduction
SQL 2014 Always-on AG Pt. 2: VM Deployment
SQL 2014 Always-on AG Pt. 3: Service Accounts
SQL 2014 Always-on AG Pt. 4: Node A Install
SQL 2014 Always-On AG Pt. 5: Unattended Node B
SQL 2014 Always-on AG Pt. 6: Cluster Configuration
SQL 2014 Always-on AG Pt. 7: TempDB
SQL 2014 Always-on AG Pt. 8: Max Mem & Email
SQL 2014 Always-on AG Pt. 9: SQL Maintenance
SQL 2014 Always-On AG Pt. 10: AAG Setup
SQL 2014 Always-On AG Pt. 11: File Share Witness
SQL 2014 Always-On AG Pt. 12: Kerberos

Create File Share

1. On a WS2012/R2 member server (not either SQL server) open Server Manager, go to File and Storage Services, click on Shares, then from the Tasks menu select New Share. If you don’t have that option, add the File Server Role and wait for the installation to complete. No reboot is needed.

2014-10-13_19-14-01

2. Select the SMB Share – Quick file share profile.

3. Select the appropriate volume the share will be created on.

4. Use a share name in the format of: <Cluster name>-FSW (e.g. SDSQL03-FSW).

5. Enter a description in the format of: <Cluster Name> Cluster File Share Witness.

6. Uncheck allow caching of share and enable encrypt data access.

7. Customize the permission, disable inheritance and remove all inherited permissions.

8. Give the cluster computer object (e.g. SDSQL03) full control. If you want, you could also give administrators access so they can peek inside.

2014-10-13_19-08-51

9. Finish the wizard and wait for the share to be created.

SQL 2014 File Share Witness Configuration

1. On a SQL server launch the Failover Cluster Manager.

2. Right click on the root cluster object (e.g. SDSQL03.contoso.local), select More Actions and then click Configure Cluster Quorum Settings.

3. Select Select the quorum witness.

4. Select Configure a file share witness.

5. Enter the file share path. Click through the remainder of the wizard and verify the FSW was successfully configured.

6. Verify Quorum configuration is now using a file share witness.

2014-10-13_19-26-10

 Summary

In this installment we configured the SQL cluster to use a file share witness. This is needed when you have an even number of servers in the SQL AAG. You can use either a NAS appliance, or another Windows member server. In the final two installments we will configure Kerberos and SSL. Check out Part 12 for Kerberos details.

© 2015 - Sitemap