Build a Virtual Laboratory with Virtual Server 2005 by leader6


									Build a Virtual Laboratory with Virtual Server 2005
By Nelson Ruest and Danielle Ruest
IT infrastructure architects, Ruest and Ruest, discuss the requirements to build a virtual
laboratory using Microsoft Windows technologies and Virtual Server 2005. This article is the first
of two.

As a Microsoft Certified Professional (MCP), you’re constantly faced with the need to have
access to running technologies such as Active Directory, DNS, or Exchange, for all sorts of
reasons. Whether it is for training, testing or development, it’s really handy to have a readily
available working environment you can jump into within minutes. That’s why you need a
Virtual Laboratory. Since Virtual Laboratories provide this kind of support to your everyday
work, they need to be treated as official systems that have their own places in the production
network. This is why you need a structured and standard approach for their creation. That’s
what this article series is all about: How to build a Virtual Laboratory, set it up, use and reuse
it, and manage it for long term operation. The strategies outlined in these articles stem from
real-world projects that cover all sorts of usage scenarios. These strategies will help you obtain
value from your laboratory and ensure that you get a solid return on investment (ROI) for your
efforts. One customer was able to build an entire collaboration testing environment in less
than 32 hours. Think of it: less than four days to build three physical hosts with more than
ten virtual machines playing roles as varied as Active Directory, Exchange, SharePoint Portal
Server, Content Management Server, SQL Server, Live Communications Server, and more. In
addition, they are able to reuse this environment for other testing purposes. There is no doubt
that this level of ROI is simply not available with physical laboratory environments.
When you’re building a laboratory you need to focus on four different areas:
      Laboratory Description—Here you will outline the strategy you will use to create and
       implement the environment.
      Laboratory Deliverables—In this area you identify how the deliverables from the
       laboratory can be used to support other testing or development scenarios. With virtual
       laboratories in particular it’s really easy to include pre-constructed machines as
       deliverables to other projects. This is because virtual machines (VM) are really only
       constructed of a few files on a disk—large files admittedly, but files that can be
       transported, copied, or downloaded from remote locations.
      Laboratory Management Practices—The third area focuses on the practices you’re
       going to use for the management and operation of the laboratory. Once again, file
       management will be a big part of this activity.
      Future Plans and Projected Growth—The fourth area looks beyond the immediate,
       and covers both best practices and recommendations for future lab usage as well as
       the creation and management of a distributed virtual laboratory structure as more
       members of the organization require access to running technologies.
These four pillars will help you build and prepare a Virtual Laboratory that can be used to
support any number of scenarios. The following are some examples:
      Enterprise Development Environment—Developers need to have a certain amount of
       freedom on the machines they work with, but since these machines are enterprise
       systems, they must be controlled. Within a virtual environment, they can be granted
       the level of privilege they need without compromising production security.

       Test Environment—New technologies, new products, new patches, and new hotfixes
        all need to be tested before they are introduced into the production environment. A
        Virtual Laboratory can be used to create a low-cost reproduction of the production
        environment in support of these tests. This is especially useful when you need to test
        applications which affect the structure of your Active Directory.
       Support Environment—Help desk operators supporting levels 1, 2, or 3 can use the
        virtual environment to reproduce any problem. This avoids having to give them
        multiple systems, and lets them test out multiple scenarios without impacting the
        production environment.
       Training Environment—A Virtual Laboratory is the ideal environment for MCP
        preparation. You can install any technology and simulate any situation, allowing you
        to gain practical experience in the technologies in which you want to be certified. The
        virtual lab will let you test out scenarios that you are unable to reproduce in your
        production network.
You might be already using technologies such as Virtual PC or Virtual Server (if you’re an
MCT, you’re definitely using Virtual PC),but the practices outlined here will help you move
from ad hoc usage of virtual machines to an officially supported implementation from which
multiple members of your organization can profit.

The Laboratory Setup
First, you need to build the lab. The goal is to build a Virtual Laboratory that is reusable, easy
to repurpose, and which fully supports the simulation of any Microsoft network
infrastructure. This means that your lab needs to provide several base services:
   Active Directory with a single domain forest running on two domain controllers
   E-mail capability through Exchange Server
   Instant messaging through Live Communications Server
   Database storage through SQL Server
   Clustering technologies tied to shared data storage
   Terminal Services for client access to the Virtual Domain
   Other technologies as required for testing/proof of concept purposes
In support of this lab, you’ll need some special hardware. Remember, this is a production lab
so you shouldn’t be using the oldest and slowest machines in your network. In fact, you
should be using properly-sized servers that have sufficient capabilities to run multiple virtual
machines at the same time. For example, a lab designed to test and develop collaboration
scenarios could run on three physical servers. Each would have dual processors and 5 GB of
RAM. Each would have a capacity of 292 GB in terms of disk space running on a hardware
RAID 5 configuration (three 146 GB SCSI disks). Disks should be partitioned into two drives
on each system, drive C: at 8 GB and drive D: at 284 GB. Finally, each server should have two
teaming network interface cards that can provide both double speed and automatic failover for
the servers.
All virtual machines should be running on top of Microsoft Virtual Server 2005, Standard
Edition (see Resources). This edition supports up to four processors and since there are only
two in each host, it still gives you lots of room for growth. Each virtual machine you create
should be assigned at least 1 GB of dedicated RAM, though some machines may be assigned
either more or less depending on the need and the available RAM on the physical host.
Because each physical host is set to 5 GB of RAM, each host can run four virtual machines or
more. Some RAM is also required for the physical host itself. The amount of RAM you assign
to your VM really depends on how it’s going to be used. 1 GB of RAM is appropriate for a

machine that will be hosting more than a dozen users at a time. This is a good time to put
those certification skills to the test. There’s nothing like baselining the operation of a VM to
see just what type of resources you should be assigning to it.
One of the best ways to give users and participants access to the testing environment is to
create a machine to run terminal services. The advantage of using terminal services is that
users have access to the environment as members of the domain, giving them a single-sign-on
experience. In addition, no changes to their production machines are required, which is a

Virtual Machines—Servers and Physical Host Mappings
Once the physical hosts are selected and prepared, you can begin to map where each virtual
machine will be hosted and how it will access resources from the host (see Table 1). When this
is done, you should create a graphical map indicating where each machine is located and
what role it plays in the infrastructure (see Figure 1). This type of map will be really useful,
especially for the technical staff that will be using the lab. It lays out the location of each
machine, its name, function, and IP address, as well as providing a global view of how
machines interact.
The possibilities for Virtual Laboratories are almost limitless. For example, a lab made of VMs
can also contain and support the following technologies:
      Network Load Balancing (NLB) Services for the Front End servers. This technology
       allows you to test and determine how failover works as well as which procedures are
       required to build a duplicate server for the addition of nodes to an NLB cluster.
      Windows Server Clusters for backend servers. This technology allows you to test
       how server clustering works and how it needs to be set up, as well as to test failover
      Independent Active Directory for the Lab. For the purposes of minimal impact on
       existing network services, the laboratory should be set up with an independent Active
This is a great place to let your imagination run. If you have access to all of Microsoft’s
technology, you can try any scenario you can imagine. Getting the technology is the easiest
part. It can come from a Microsoft Developer Network (MSDN) or a TechNet Plus or even a
Microsoft Action Pack Subscription (MAPS). Each offers several licenses of each product,
enough to set up any lab (see Resources).
Some things don’t work in a Virtual Lab (see Some Virtual Laboratory Limitations), but don’t
let that stop you. Ninety-nine percent of what you need to test or work on will run in a Virtual
Lab and you can save money, guaranteed. The example listed in Table 1 runs ten VMs on
three hosts. Compare this to a lab built on physical machines—the cost for the hardware
alone would more than triple.

Virtual Laboratory Deliverables
Another area that provides great ROI with virtual machines is in the deliverables you can
extract from them. Since prepared machines are no more than a series of files in a folder on a
disk, they can easily be transported and reused for other purposes than the one intended
during their creation. The very nature of virtual machines also allows the use of special
administrative and operational procedures that are simply not available on physical machines.
(If these procedures are available, they are far more complex to perform on physical
machines). However, you do have to keep licensing in mind when working with these (see
Virtual Machines and Software Licensing).

Lab Deliverables
Here is an example of some of the deliverables you can expect from a Virtual Lab:
      Core Machines: To create all of the machines in the lab, you need to start at the
       beginning. Since you’ll want to try out or work with a lot of different technologies, you
       should create two core machines: one running Windows Server 2003 Standard Edition
       and one running the Enterprise Edition. You’ll create them using volume license keys.
       The advantage of using these types of images for the creation of a Windows Server
       machine is that it avoids the need to activate the machine—a new anti-piracy strategy
       initiated by Microsoft—making it much more practical to reuse the machine for
       another purpose. If you don’t have access to this software, you’ll need to use MSDN or
       TechNet license. This means you can create no more than ten different machines from
       the code base. You’ll also want to:
           o   Make sure these machines are updated with all security patches available as
               well as any component update that is required.
           o   Update the default user environment in order to facilitate the creation of new
               user profiles. This default user profile should include the creation of special
               administrative shortcuts in the Quick Launch Area of the Windows toolbar.
           o   Add two network interface cards to these machines in order to support special
               functions such as clustering support.
           o   Create a single disk, “disk C:” for each machine. Additional disks can be added
               when the machines are purposed.
           o   Rename the administrator account.
           o   Finally, keep these machines in this state to facilitate their update when
               Microsoft releases new security patches or operating system upgrades.
      Two SysPrep Machines: Next, you should make a copy of these machines and then
       depersonalize them using the Windows SysPrep command. SysPrep removes security
       identifier information from a core machine, allowing you to create multiple copies of
       the machines for different purposes. It will be these machines that you’ll use to
       populate your Virtual Laboratory. In order to support this, you’ll also need to perform
       the following:
           o   Make a copy of both machine images (VHD and VMC files) to a special Virtual
               Machine\SysPrep folder on each physical host.
           o   Each time a new machine is needed, a copy of the appropriate edition of the
               local SysPrep machine is made. The new machine is placed in a folder
               identifying its purpose and its files are renamed. The renaming procedure
               includes the name of the parent folder, the name of the configuration file
               (VMC), and the name of the virtual hard disk (VHD).
           o   Depending on the purpose of the machine, a second or third disk can be
               added. For example, this could be the case of an Exchange or SQL Server
               machine since they will be used to run databases and transaction logs.
           o   Once the machine is ready, it is opened in Virtual Server. Because it is a
               SysPrep machine, it needs to be personalized. This includes a new name for the
               machine and the inscription of the administrator password. Windows then
               proceeds with the personalization of the machine and reboots it.
           o   Once the machine is rebooted, administrators need to reset its IP addresses,
               determine if a second network interface card is required, join it to a domain if
               appropriate, and format the additional disks if required.

           o   Once this is done, the machine can be purposed, that is, it can have special
               software loaded on it to fulfill its purpose in the environment.
      The Base Environment: Next, you can construct a base environment using
       appropriate versions of the SysPrep machines. A standard Microsoft network should
       include the following machine builds:
           o   Domain Controller A, which serves as the first DC in the new AD forest.
           o   Domain Controller B, which serves as the second DC in the new AD forest.
               You’ll also need to build out the basic structure of the Active Directory (see
               Figure 2).
           o   Exchange Server A to support email in the new domain.
           o   Live Communications Server A to support instant messaging in the domain.
           o   Terminal Server A to allow user interaction in the domain. This machine can
               include components such as Office 2003, Visio 2003, Windows Messenger,
               FrontPage 2003 and Visual Studio.NET 2003.
           o   SQL Server A as a first node that is part of an SQL Server cluster.
           o   SQL Server B as a second node that is part of an SQL Server cluster.
           o   These machines have the following characteristics:
                      All machines are based on the Standard Edition except for the two SQL
                       Server machines which require the Enterprise Edition for clustering and
                       the Exchange machine which you may want to cluster one day.
                      All machines are verified for additional patches and service packs
                       required by the software that supports their new purpose.
                      Group Policy objects are created in the domain to facilitate the
                       operation of the machines as well as user access to the environment.
                      Once the machines are ready, a backup copy of all machines is taken to
                       support the reproduction of the environment for other purposes.
      The Core Testing Environment: Once again, using the appropriate SysPrep machine,
       the core testing environment is constructed. This includes the creation of the following
           o   Web Front End Server A—the first node of a Network Load Balancing (NLB)
               cluster hosting SharePoint and CMS services.
           o   Web Front End Server B—the second node of the NLB cluster.
           o   Indexing Server A—a server running both CMS Authoring and SharePoint
               Indexing and Jobs.
           o   Once again, these machines can be captured as snapshots and delivered to
               other projects for testing in their own environments.
These four deliverables can be reused at any time by any other member of your organization
(see Figure 3). Since each machine can include several gigabytes of information, they’re not
easy to transport. In some cases, you can copy them to DVDs, but the best way to deliver
these machines is to use portable USB disks. Hook the disk up to your server, copy all of the
machines for delivery to it, and voilà!, you have a ready-made Microsoft environment for
There’s a lot you can do with these machines. The first two are easy to reuse, since by their
very nature they will produce new and unnamed machines, but the third and the fourth

require more thought. For example, the Active Directory needs to be renamed to ensure the
protection of your own testing environment as well as renaming machines, modifying their IP
addresses to avoid conflicts, and resetting all passwords to make sure no one reuses your
The practices you should use to manage and monitor a virtual environment will be the focus
of the second part of this article. For now, you’ve got your hands full with making a case for a
real Virtual Lab, one that you can set up properly to be reused by anyone who needs it in your
organization. How’s that for ROI?

About the Authors
Danielle Ruest and Nelson Ruest (MCSE, MCT, MVP) are multiple book authors focusing on
systems design, administration, and management. They run a consulting company that
concentrates on IT infrastructure architecture and change and configuration management.
You can reach them at

Figures & Captions
Figure 1. The Virtual Lab Architecture. A graphical representation of the layout of the virtual lab will
help everyone understand the relationship between each machine that makes it both virtual and
physical. In this example, virtual machines were used in support of a scenario aimed at testing
collaboration technologies based on SharePoint Portal Server and Content Management Server.

Figure 2. AD OU Structure. A simple structure is required in AD to support the application of Group
Policy and the creation and management of test user accounts. This structure also supports a proper
delegation of authority model for administration.

Figure 3. Virtual Lab Deliverables. Each of the four deliverables outlined from a virtual lab can be
reused at any time because each machine is made up of a set of files.

       Virtual Server Home Page:
       Virtual Server Evaluation Kit:
       Virtual Server Product Overview:
       Virtual Server Technical Overview:
       Virtual Server Management Pack for Microsoft Operations Manager 2005:

   Virtual Server Migration Toolkit:
   Microsoft Developer Network (MSDN):
   TechNet Plus:
   Microsoft Action Pack Subscription (MAPS):

                                     — 10 —
Table 1. Mapping out VMs to Hosts
This table maps how ten virtual machines were staged on three physical hosts in support of a
collaboration testing scenario that would have dozens of users testing out the combined might
of SharePoint Portal Server and Content Management Server.
 Physical       Virtual Machine   Content and Role                                     RAM
 Server         Name
 TandT-VS01                        Windows Server 2003 Enterprise Edition                     5 GB
                TandT-DCOne        DC, GC, DNS, WINS, Forest FSMO roles                     512 MB
                                   Windows Server 2003 Standard Edition
                TandT-TSOne        Terminal Services                                        3.5 GB
                                   Windows Server 2003 Standard Edition
 TandT-VS02                        Windows Server 2003 Enterprise Edition                     5 GB
                                   Shared Folders for Installation Sources
                TandT-DCTwo        DC, GC, DNS, Domain FSMO roles                           512 MB
                                   Windows Server 2003 Standard Edition
                TandT-LCSOne       Live Communication Server 2005                           512 MB
                                   Windows Server 2003 Standard Edition
                TandT-EXOne        Exchange Server 2003                                     512 MB
                                   Windows Server 2003 Enterprise Edition
                TandT-WFEOne       Content Management Server 2002                             1 GB
                                   Windows SharePoint Services
                                   SharePoint Portal Server 2003 (Web Front End and
                                   CMS Connector for SharePoint Technologies
                                   Network Load Balancing
                                   Windows Server 2003 Standard Edition
                TandT-WFETwo       Content Management Server 2002                             1 GB
                                   Windows SharePoint Services
                                   SharePoint Portal Server 2003 (Web Front End and
                                   CMS Connector for SharePoint Technologies
                                   Network Load Balancing
                                   Windows Server 2003 Standard Edition
 TandT-VS03                        Windows Server 2003 Enterprise Edition                     5 GB
                TandT-IDXOne       Content Management Server 2002                             1 GB
                                   Windows SharePoint Services
                                   SharePoint Portal Server 2003 (Index and Jobs)
                                   CMS Connector for SharePoint Technologies
                                   Network Load Balancing
                                   Windows Server 2003 Standard Edition
                TandT-SQLOne       SQL Server 2000, Enterprise Edition with SP3a              1 GB
                                   Server Cluster

                                            — 11 —
Physical        Virtual Machine   Content and Role                                  RAM
Server          Name
                                   SharePoint and CMS databases
                                   Data Storage S\:
                                   Windows Server 2003 Enterprise Edition
                TandT-SQLTwo       SQL Server 2000, Enterprise Edition with SP3a         1 GB
                                   Server Cluster
                                   SharePoint and CMS databases
                                   Data Storage S\:
                                   Windows Server 2003 Enterprise Edition

Table 1. Physical Host to Virtual Machine Mappings.

Notes: The host systems need to run the Enterprise Edition of Windows Server 2003 (WS03)
       in order to access more than 4 GB of RAM. In addition, they need to use the /PAE or
       physical expansion address switch in BOOT.INI to do so.

       Forest flexible single master of operation (FSMO) roles include Schema and Domain
       Naming Masters and Domain FSMO roles include PDC Emulator, Infrastructure and
       RID Master.

       The name of the forest in this case was

                                            — 12 —
Some Virtual Laboratory Limitations
If you’re using Virtual Server, you’ll notice that there are a few elements that can’t be
reproduced without some workarounds. These elements are:
      Active/Active Server Cluster — Virtual Server 2005 (VS2005) does not support an
       active/active cluster by default. Clusters in Virtual Server must use SCSI interfaces for
       access to shared disks. Because of this the cluster is limited to two nodes. In addition,
       VS2005 does not support more than four SCSI connections. In order to have an
       active/active cluster, you need six SCSI connections.
      SQL Server Cluster — One of the things you need to watch for is how you install SQL
       Server in a cluster. SQL Server 2000 must use an 8.3 name format when working with
       folder names. A couple of good tips about SQL Server 2000 cluster installations is that
       first all your nodes must be identical. Second, if you’ve installed any software that
       creates a folder whose name begins with Microsoft inside Program Files, this will affect
       how SQL installs. That’s because SQL Server installs into the Microsoft SQL Server
       folder, but actually sees it as MICROS~1. If a MICROS~1 folder already exists, SQL will
       create a MICROS~2 folder to install into. If the first folder exists on one node but not
       on the other, failover in the cluster will not work because on one server SQL will start
       from MICROS~1 on one node, but the folder on the other node will be MICROS~2
       causing the failover to fail. This is an arcane issue that is best dealt with by recreating
       both nodes and making them identical. Fortunately, this is really easy to do with
       virtual machines.
      Teaming network interface cards (NIC) on the host — In its first iteration, Virtual
       Server did not work with some teaming NICs. Once teamed, the NIC would no longer
       be visible in Virtual Server. On the other hand, different machines could be tied to
       each individual NIC, giving better performance for each VM.

                                             — 13 —
Supported Certifications
The information provided in this article series supports several certification paths.
           Supported MCP Certification
              MCSE on Microsoft Windows Server 2003
              MCSA on Microsoft Windows Server 2003
              MCSA Messaging on Windows Server 2003
              MCSE Messaging on Windows Server 2003
              MCSA Security on Windows Server 2003
              MCSE Security on Windows Server 2003
              MCDBA on Microsoft SQL Server 2000
              MCAD on Microsoft Visual Studio.NET
              MCSD on Microsoft Visual Studio.NET
              Microsoft Office Specialist Certification
              MCDST on Desktop Applications

                                               — 14 —
Virtual Machines and Software Licensing
Even though you’re working with virtual machines, you still have to be conscious of licensing
issues, especially if you’re building a laboratory to last. Here is the gist of how you need to
license virtual machines. It works very much like disk imaged machines work.
          SysPrep machine: A SysPrep machine does not require a license because it is a
           machine that is used only to seed other machines and doesn’t actually get used as
           is. Once you’ve copied the SysPrep machine and start personalizing it, you need a
           license for the machine.
          Running virtual machines: Each machine that is named and is running on a
           constant basis needs to have its own license.
          Copied virtual machines: Each copy of a virtual machine does not need its own
           license so long as it is not renamed and is using the same IP address in each copy.
           Because it uses the same name and has the same IP, only one copy of the machine
           can run at any time, therefore only one copy needs a license.
          Copied and renamed virtual machines: Each time you copy a virtual machine and
           rename it, you need to assign a license to it. A renamed machine is treated as a
           completely different machine and therefore needs a license.
Using either MSDN or TechNet Plus subscriptions, you have access to ten licenses of each
product, though each license needs activation. With the Action Pack, you have five copies. So
each supports the legal reuse of virtual machines.
But the best way to treat machine licenses, especially the base operating system license, is to
use Volume License Key software because these licenses can be reused over and over again
without activating the software. Because of the type of licensing agreement used for volume
license keys, you only have to true up at scheduled dates. This gives a lot of flexibility to
corporate virtual laboratories. For the other products, you don’t necessarily need volume
license keys because you won’t be installing as many copies. But it is conceivable that you will
be creating more than ten copies of a server in corporate laboratories.

                                            — 15 —

To top