SBS 2011 on a virtual machine – creating a Hyper-v VM

Posted: February 8, 2011 in Hyper-v, SBS 2008, SBS 2011, Virtual Machine, vm

There is no need to beat around the bush.  It works, and it works well.  At least for hyper-v hosting systems like Microsoft Windows 2008 R2, where I have done most of my testing.  I have little reason to doubt that it works fine on other hosting platforms as well.

If you haven’t tried using virtual machines yet, read the following few paragraphs to get a quick how to guide for Windows 20008 R2.  It’s pretty much the same thing for Windows 2008.

The very first thing you should do is determine if you have an adequate hardware platform for hosting.  Simply put, the beefier your processor(s) and the more memory you have, the better your virtual machines will run.  Yet with a modest server (a Dell T310 with 16GM of memory) I have a Windows 2008 R2 Standard host operating system, a virtual 2008 R2, a virtual 2003 R2 server, a virtual Windows 7 Ultimate, and a virtual Windows XP machine all running nicely.  The latter two machines are allocated only 1GB each and still run nicely and the servers have 4GB and 2GB each and also do nicely. Of course, these are not machines that are heavily used, but still, it’s hard not to be impress with their performance knowing they are so limited in resources.

If you running 2008 or 2008 R2, the first thing you need to do is to enable the Hyper-v role.  From Server Manager, use Add Roles to accomplish this.  It will require a re-boot to complete the addition of the new role, and it takes a few minutes for that role to configure during the restart.  You might also need to check your BIOS settings; you need to enable virtualization there.  Some machines come with it enabled but many do not.

Once the role is added, start Hyper-v Manager located on Administrative Tools. 

Although this view shows a virtual machine running, creating a new one is done the same way.  However, there is one task you should do first and another optional one.  The first task is to set the virtual network up for use by the machines.  The second and optional one is to change the Hyper-v default settings for where virtual machines will be stored.  As you can change it when a machine is created, it is completely optional.

To set up the network for virtual machines, click on Virtual Network Manager on the right hand action pane.  I won’t go through all the options but rather focus on the following scenario:

  • Your host machine has a single NIC card
  • Your NIC has a local LAN address and Internet Access
  • You want the virtual machines to have the same thing.

It’s pretty simple then.  When the Virtual Network Manager opens, in the right hand pane you are offered to create a new virtual network adapter.  Chose External and click Add.  On the next screen, give it a name. Something like Virtual Network Adapter is just fine.  Below that is a radio button set; choose External and from the drop down list, pick the host machine’s NIC.  Click OK.  That’s pretty much it, and you are ready to create your first virtual machine.

Back in Hyper-v Manager, click on New on the action pane and choose virtual machine.  Click past the wizard start screen and specify the name of the virtual machine.  Meaningful is good.  You can accept the default storage location or choose a new one.  Click Next.  Allocate memory to the machine and click next. Then choose the network adapter you set up earlier and click next.

Now you will create the virtual hard disk aka .vhd.  About the only thing you need to change is the size if you want it bigger than 127GB.  The other settings are just fine.  Click next.

If you leave the default “Install an operating system later” then all that happens is that the .vhd is created and the machine will be ready to run at some future point.  For almost all of my purposes, I use an .iso image of whatever OS I want to install. If you have that, click on Install an operating system from a boot CD/DVD-ROM, click on Image FIle and browse to the location.  If you have a physical CD/DVD-ROM, insert the disk and choose the drive letter.

Finish the setup, and if you selected to install an OS, sit back and watch the machine come to life and install the os.  From then on, it is as real as any other machine in your world.

My SBS 2011 was a migration install, running as a virtual machine as a destination server with a physical machine hosting the source SBS 2008 server.  The only difference in how all this works from two physical servers is using the migration answer file.

You cannot directly use a USB device on a virtual machine, so no answer file on a flash drive stick.  Instead, create an .iso from the saved answer file and mount it in the virtual machine’s CD/DVD drive.  To do that, click on the media menu at the top of the virtual machine’s window and choose DVD then mount to mount the .iso file.  Or put in on real media and insert into the host drive.  SBS 2011 installation will find it.

I would love to say that everything was splendid with the migration and virtualization, but it wasn’t.  It took almost two weeks of intense work and investigation and the help of some very talented and good friends to find and fix the issue. None of which had anything to do with the machine being virtual, but finding that out took a lot of hard work.

I will post those findings and trials and tribulations with proper credits and thanks in the upcoming week.

About these ads
Comments
  1. Bill Herde says:

    I am doing the same as we speak. (write?) It seemed to go great from a test environment and a fresh SBS2003 source. Would sure be very interested in the problems you encountered. Please email soon. If I can look forward to the same, I may be up to my *** in it by tomorrow morning.

  2. Quote: “I will post those findings and trials and tribulations with proper credits and thanks in the upcoming week.”

    Any chance of this happening soon? :)

  3. Can’t say that migration was painless, but I cannot attribute one bit of it to a hyper-v environment. Most of the difficulties lay in some source server issues that the migration tools didn’t properly catch; one was some dns errors that just prevented the migration from continuting but it took a lot to figure that one out. Big credit goes to Susan Bradley for her help on that one. Other issues popped up that corrupted some settings on the destination (2011) server, but a bit of this and that fixed them.

    Again, nothing to do with hyper-v. It ran and continues to run flawlessly for SBS 2011 as a virtual machine.

  4. Could you elaborate on this part? “Other issues popped up that corrupted some settings on the destination (2011) server, but a bit of this and that fixed them.”

    I’m curious what the corrupted settings were, and possibly what was causing them (if known), and of course what methodology was used to determine what was corrupted, and what was done to fix the corruption.

  5. Tyler-

    The basic problem in getting migration to proceed was a DNS error on the source server. The symptom was that it processed the answer file, but seemed to stub its toe and kept asking to verify the credentials. There was certainly nothing wrong with the credentials. What led to the discovery of the problem was a look at the setup log. The location of the log is at C:\Program Files\Windows Small Business Server\Logs and is the file SBSSetup.log. In it was a posting that setup/migration could not properly resolve a DNS entry.

    Going back to the source server (SBS 2008) which was itself migrated from SBS 2003, there was no forward zone for _msdcs..local.com. I ended up deleting the forward zone .local.com, then restarted netlogon, and that recreated the zone with _msdcs under it. Then migration went forward just fine. Exactly what was wrong in the DNS zone I cannot say, but none of the pre-migration tools picked it up, and the migration itself gave no hint of the underlying problem.

    There have been a few migration issues, ones I consider completely abnormal and have not duplicated elsewhere and have no relation to this being a virtual machine. Instead, they all related to infrastructure issues on the old server. I had trouble replicating public folders from Exchange 2007 to Exchange 2010. I had trouble replicating WSUS from the old server to the new one (still have that on my to do list, long after the old server has been decommissioned). For the most part, getting around them isn’t tough, but it does require some heavy lifting.

    I hope you won’t have any of those issues. I will write some more about them when I have a chance. I have a longer list of topics, however, related to getting SBS 2011 more functional for the average user. Not nearly enough wizards to do all the stuff I think even modest users would want, so crack open your power shell books and start learning those commands. Or stay tuned for some future articles.

  6. Eric says:

    I want to do the same thing and I’ve been reading Microsoft’s Hyper-V cerfification book and they recommend that your host servers be a member server on a domain. Since SBS will be virtual and it can has to be the top dog of the domain I don’t see how this could possibly work. So my question for you then is, do you have any trouble managing your host as server in it’s own workgroup? Is there anything extra that you needed to do because of this?

  7. Okay, Eric, I have started replies three times today only to accidentally close all tabs on my browser as “hair on fire” calls came in that got me distracted.

    First, correct not to make the parent OS part of the domain. If the virtual SBS is not running, there are going to be issues where the parent boots up without the DC being available. (I have heard rumors that Windows 8 – the desktop client believe it or not – may solve this issue, but I’ll wait before commenting further). Just keep the host OS in a workgroup.

    There are two downsides:

    • Some permission notices may pop up here and there but no real biggies that I have seen (one caveat later).
    • Without some work, you can’t use remote Hyper-v Manager from a domain client machine.

    The single thing I have had to do a workaround on permissions rather than just entering them via a prompt is mounting an .iso onto a virtual DVD drive. I use Virtual Clone for the latter, and on my SBS 2011, I have an iSCSI drive on which I keep downloads and other tech stuff. From the parent machine, i mounted an .iso image and then captured that drive letter in Hyper-v Manager after using domain credentials to get to it. However, when Hyper-v Manager tried to boot from the drive, it coughed up the file location.

    My simple workaround was to create a folder on the parent, copy the handful of .iso files I would use for VMs, and mount those from the parent OS. Worked just fine.

    When I try to connect that parent OS via a domain client machine from Hyper-v Manager, I get a message about authorization policy. If you want to modify the authorization policy for Hyper-v Manager on the host parent OS, dig into the 5-part blog
    by John Howard, or try this one
    .

    Personally, it was just too much work for a simple work around. Which is to remote desktop connect to the host OS (log on with administrator account) and run Hyper-v Manager from the start menu there. You can also always remote desktop into the SBS 2011 server once it is up and running.

    Hope this helps.

  8. I have added a new post about SBS 2011 on hyper-v., this one with some more details on migration techniques. Hope this helps too.

  9. Surj says:

    Hi. Would you still be able to run the SBS 2011 Premium addon on the ‘host’ for SQL setup? Or would I need to have this on a separate physical server?

    Thanks in advance.

  10. Yes, the extra server license can be used as the host os and can also run the SQL instance. If you join the hyper-v host server to the domain, you will want to make it a DC so that the host has logon credentials. If for some reason the SBS 2011 VM machine did not start properly, you would not be able to log onto the host to fix the problem, since no DC would be available to authenticate you. (of course you could try some work arounds, like having the .vhd copy available to throw onto another hyper-v host to temporarily bring it up, or do a quick bare metal restore from your SBS 2011 backup onto a spare box, but don’t these sound yucky?)

    I admit I have not tried to join the host to a SBS domain and certainly not then promoted it to a DC, but I am going to give this a try and see what I can determine, Working on a handful of new posts about a variety of topics, so this one is a great addition to my list!

    My suggestion to you is to install the Premium 2008 R2 server as the host, set up the SBS machine as a hyper-v, then return to the host and manually join it to the domain. After it reboots, return to the SBS machine and make sure that the server appears as a server, not a client, in the SBS console. If it does not, you will have to manually change the OU via Active Directory Users and Computers. Open MyBusiness, SBSComputers, and drag the server from that OU to SBSServers. To verify this worked, look at the SBS Console again and refresh the view. Your server should be in Servers now.

    Go back to the host server, run dcpromo. DISCLAIMER: SINCE I HAVEN’T ACTUALLY DONE THE DCPROMO, I SUGGEST YOU ONLY DO THIS WHEN YOU HAVE A NEW SBS 2011 INSTALL WITHOUT MUCH OTHER THAN INITIAL CONNECTIVITY. That way, since neither the host nor the SBS server has much of anything going on, you can either restore both from a backup you take just before the promotion to a DC, or just start over.

    Like I said, I’ll do a post later on this with less speculation and more experience.

  11. Surj-

    An excellent question. The issue is the domain membership of the host server. One issue of the host server being a member of the domain is that the SBS server, running as a virtual machine, may not be available to authenticate credentials. This could happen if there is a problem with the hyper-v SBS machine not starting properly or failing; you need to log onto the host but it has no server to verify its credentials.

    You can, however, make the host server a domain controller by doing a dcpromo. That way it can always authenticate itself. Yes, SBS can have have multiple DCs, but not multiple SBS servers in a single domain. There are also restrictions on the role assignment, but for what you describe, I don’t see any issues with that.

  12. Jason Walsh says:

    Why promote it to a DC? You can make it a member and if the sbs fails to boot and you run into login issues simply log in as a local admin of the server. This assumes of course you are not setting special permissions on your vhd folders.

  13. Being a DC, it can authenticate itself without having the SBS server up yet.

    What I don’t know is: if the host is a Windows 2008 Server and member of the domain, when it boots and the SBS Server has not started, are there services that depend on the domain account that will fail to start?

    I really need a spare server, and a spare weekend, to test this all out.

    The majority of folks have said keep the host machine out of the domain, but it is just my natural curiosity to investigate this.

  14. Jason Walsh says:

    Yes, well there is obvious advantages to having it in the domain. Group policy control, permissions, etc. Creating exceptions and outliers is always a worst case scenario, and having a server not domain controlled is a rather big exception and I’m sure a security risk. Also I thought I had read somewhere that Microsoft did not support running hyper-v on a domain server.

  15. Dave Duggan says:

    I tried (multiple times) to download a trial version of SBS 2011 stndrd and
    install as a vm in hyper-v.

    no go

    The error message says something to the effect that the file has missing or is
    corrupt.

    I do not think the download iso file is corrupt.

    I am guessing that the problem has something to do with how I have the vm
    settings configured.

    I gave the vm 8 gigs of mem. (required?)

    I chose a quad processor. (require?)

    I allocated 200 gigs of disk space for virtual disk.

    My test (server 2008 r2) box is only using one nic at present.

    I did attempt to create a virtual network (external) so the sbs could do it’s
    thing to the outside internet.

    I wonder if I need to look at a legacy nic setup or if sbs has or does not have
    “integration services”? for working with hyper-v?

    I am trying to prep for the 70-169 cert test so I can be a sbsc’r.

    Plus, I would like to be able to do a test migration within hyper-v.

    any thoughts?

    thank you

  16. No really enough information in your post to work with. How did you mount the downlodaded file to install SBS as a vm? What file is missing or corrupt? Sounds like your hosting environment was sound.

  17. Dave Duggan says:

    Ok, I finally realized the problem – my internet connection is too slow so the download was getting corrupted. I took my laptop to my relatives house and tried again on their much faster connection and I got the download with no problem – came back and installed SBS 2011 Standard in a Server 2008 R2 vm – no problem.

    Thank you Larry – your blog is excellent.

  18. glad it worked for you. when I does, it is so simple.

  19. Tom Morris says:

    I am about to try Virtualizing SBS2011 Premium (SBS on one VM and 2008 running SQL on another VM) and it is my understanding that the optimal way of using the licenses will be as follows:

    Hypervisor – Windows Server 2008 R2 in Server Core Installation (from the Premium component)
    1st VM – Windows SBS 2011
    2nd VM – Windows Server 2008 R2 (from the Premium component).

    I know it looks like this is using the same license twice, but apparently that is acceptable for this configuration of SBS. I understand that this will lend a level of complexity to the process by requiring a seperate PC to configure the Hypervisor component ont eh Server Core Installation, but hopefully it should work ok.

    Would you have any suggestions as to disk raid configuration for this? I am currently thinking of something like 2x300Gb in Raid 1 for the Hypervisor and two VMs, 5x300Gb in Raid 5 for Data and possibly for distinct partitions allocated for the Virtual Memory of each Virtual Machine or maybe just for the SBS VM.

    As this is something new to me, I am a little apprehensive and am tying myself in knots with possible configuration scenarios so would appreciate some feedback.

  20. Tom-

    Server Core 2008 R2 is a free download, so you are not using your Premium license for the host. Do keep in mind there is no GUI for the core, and everything is done via the command line. To run Hyper-v manager, you have to enable remote management of your host and also set up a client, then run Hyper-v manager from the client to create VMs or to manage them. You can always remote desktop to your servers to access the VMs themselves.

    For information on how to enable remote, check out Forewarned – it is not straightforward. And if the host OS is not part of the domain (the current thinking) it adds a bit more to the mix.

    I am a big fan, bigot perhaps, of iSCSI. My favorite vendor of the movement (and for the past two years) is QNAP. Their devices cover a wide range of drive configuration and speed options and I believe are value priced. (Beware that hard disk prices have nearly doubled since the flooding in Bangkok). One of the nice things is that the entire family of iSCSI target devices uses the same software. (Disclosure – I own a device but am in no way affiliated with Q NAP nor reap any financial benefits from them).

    With iSCSI, you get RAID support (QNAP offers 0,1,5,6) plus the ability to create volumes on the fly that look, to Windows machines, like locally mounted disks. So I have an iSCSI volume for the .vhd files attached to the host, and then attach data volumes to VMs as needed. You can move your Exchange or SharePoint data off the system drive to one of these volumes. I also rather like that I can size them to need. For example, I have about 50GB for an Exchange volume for a client; where can you buy that today?

    But you do have disks that will work, and you can always add iSCSI later as needed.

  21. Tom Morris says:

    Thank you for your response. We will be buying a Dell T610 with 8x 300GB SAS drives in it and using 7 of them for arrays and leaving one as a hot spare for failover purposes. What I was really getting at in my post is how to configure the disk arrays (hence the question about 2x 300GB in Raid 1 and 5x 300GB in Raid 5) and whether to put the Server Core and both OS VMs on the Raid 1 array.

    I am also considering moving the Swap File for the SBS VM and possibly for the SQL VM to a partition on the Raid 5 array that I have proposed.

    I think possibly I may be over-engineering this, but so many guides seem to recommend different ways of doing things so your guidance would be appreciated.

  22. Tom

    I agree that the RAID 1 would be good for the core OS and having different spindles for the swap file makes sense. The biggest impact will come from memory, however, and the T610 can take a whopping amouont if I remember correctly.

  23. Michael Faklis says:

    Doesn’t SBS need a fixed IP address? The host OS and the VM client SBS share the same NIC. Do they share the same IP address? SBS would have a DNS and DHCP service running. How does that work with the host NIC shared with the vm client SBS? WIll I still be able to access my SBS remotely using the RPC over HTTP service via http://remote.domain.com?

  24. You are confusing things. Once the host has “assigned” a network adaptor to the virtual machine, all the configuration of the netwrk adaptor are done within the OS, just as you would if it were running on a physical box. Perhas the following paragraph will help.

    Suppose you create a new virtual machine and want to install SBS on it as a clean copy. During the installtion process, the network adaptor would be detected and you would be asked to give it a fixed IP address. It can be completely differrnt than the address of the physical adpator used in the parent OS. Let me tell you that on one host, I have a quad network card along with two motherboard NICs, and I use them to be on differnt physical networks and on a variety of internal LANs on the various VMs.

    But also consider if you convert a physical machine to a .vhd and then start it up. In my experience with SBS, it may take as long as half an hour for it to actually start running post initial boot. Why? Other than a slow machine (LOL), it is because the OS is installing new devices that are virtual manifestations of the physical ones. And network adaptors are on the list. As best I remember, once the desktop finally appeared, I had to tweak the network settings – and drive letters for iSCSI target drives occassionally – from DHCP acquired IP address to the static one originally on the server. See how this works?

    Don’t feel badly that it is not clear. When I first started playing with Hyper-v, I had similar questions and mis-givings. Now I wonder how that could have been as everything seems so clear.

  25. Philip De Guzman says:

    Just want to comment on using the Server 2008 R2 that comes with Premium Edition . Microsoft allows a 1+1 installation (licensing) You can use the Server 2008 R2 as Hyper-V Host Just Enable the Hyper-V Role. and You can create 2 VMs first for the SBS 2011 VM and 2nd the same 2008 R2 with SQL Server installed….i Have such implementation on our office. and Its working Fine since July 2011

  26. Thanks for adding that. The one caution I throw in the mix is to not run SQL on the host OS as it will eat up all available memory. I did hear one could tweak settings but have not yet seen which ones. On my bucket list……..

  27. Amanda says:

    We are planning on moving a physical installation of sbs 08 to sbs11 in a hyper v environment on a seperate machine. Is there any documented procedures on how to do this? I have seen a lot of 03 to 11 but I was not able to find any on this OS. Thanks for your help!

  28. Amanda- Check out my blog post “Converting Physical SBS to Hper-V wihth disk2vhd Utility at http://lhdinger.wordpress.com/2011/12/12/converting-physical-sbs-to-hyper-v-with-disk2vhd-utility/. One of the things I did was to use the hard drives for SBS 2011 on the physical instance to run disk2vhd (and store the .vhd elsewhere so it would subsequently be available; a USB drive will work but in my case I used iSCSI), then I pulled those drives and replaced them (I used two in RAID 1 configuration) with new drives, loaded a new host OS (WIndows2008 R@ in my case), added the Hyper-v role and then created the virtual machine for SBS 2011 using the .vhd image I created. My thinking was, correctly so, that I would be in deep you-know-what if I created the .vhd, blew the SBS 2011 away to install a new OS, then had to go back. As it turns out, I did – forgot to add the system reserved partition to the .vhd, so it didn’t boot. But if you are going to another machine, this wouldn’t apply.

    Do ber patient when your new virtual SBS 2011 starts up the first time. Mine took maybe half an hour or more as it was installing new device drivers and adjusting to its hosted environment. I may have had to tweak some network settings to get all the IP addresses correct again; your installation may vary a bit on these points.

    But overall it just works, and I am happy to try and help you withany issues that arise.

    I would stop Exchange and SharePoint services prior to the disk2vhd execution; you don’t want the system to be updating its files after the snapshot and while the .vhd is created. If you can, move Exchange and SharePoint data to another disk that you can mount onto the new H-v machine as it will reduce the size of the data to be converted. I think it is a good idea to have those stores outside the Hyper-v images anyway for disaster recovery and performance considerations anyway. But if you would rather, you can also use disk2vhd to create .vhd disks for the seperate Exchange and SharePoint data volumes and mount those alongside the .vhd for the OS in Hyper-v settings for the new SBS machine.

    Ihope all this makes some sense to you.

  29. Arthur Simpatico says:

    I read this blog and KUDOS to the info contained here. I learned LOTS!!

    Here’s another scenario I’m looking into for a client. They want to scale down operations to just working from home, but still need a hosted solution for their data, exchange, etc. So, what about SBS 2011 Premium, using the 1+1 licensing to install Hyper-V on the physical host. I’d then create two VM’s..one for SBS and one for RDS connections. They would only need to run about 5 users. I’m not sure in SQL would even be needed, but I’m assuming it’d go in the second VM and not with SBS. Is this feasible? We’re thinking of running this on a SuperMicro 2U with maybe 4x500GB RAID 10 for the everything and as much RAM as necessary. Any thoughts?

  30. Not sure exactly what you would use the second hyper-v machine for, and whether the premuium licenses would cover that- they do cover the hyper-v host approach, however.

    The users don’t need to connect to SBS for email except via Outlook Anywhere, and they can connect to SharePoint over port 987 and their favorite browswer. If you use companyweb to house shared documents that would work fine. Or, allow VPN connectios for server shares.

    I have a great many clients who have the majority of their workers as remote and do this often. You can easily get by with 20GB nemory (16 for SBS) but I am confident you could make it work with 12GB total unless there are LOB applications that are memory hungry.

  31. Oh and thanks for the nice words.

  32. Arthur Simpatico says:

    Thanks for the quick reply! Yes the second VM would be for running Terminal Server sessions, which are now called Remote Desktop Services. There’s a business app that’s data heavy (so it needs to run on the server) and VPN wouldn’t work.

  33. Does the app require a server to run? Do users need be on the server to access it? If not, then you can create some Win 7 virtual client machines. I re-purposed a Dell 2900 with 4GB of memory this way and have three 750MB WIN 7 machines running on it just fine, and users access them via RDP for the sole purpose of running a data intensive app that way.

  34. Jerry says:

    Could you clarify your comment regarding the Exchange and Sharepoint stores in the April 6 post: ” I think it is a good idea to have those stores outside the Hyper-v images anyway for disaster recovery and performance considerations anyway.” Are you referring to permanently running the stores outside the Hyper-v environment or does this just refer to the conversion?

    Also, regarding your suggestion (April 28) to run multiple Win 7 virtual clients machines on your old Dell, what is the host OS? Also, wouldn’t you need a separate Windows 7 license for each instance? I believe an RDS license (running on a Windows server) work out to be about half the price of the a full Windows 7 Pro license.

  35. Jerry says:

    I take it back. It looks like a Windows 7 Pro license is about the same price as an RDS client license. Each at about $150

  36. If you go through past articles, you will see my love affair with iSCSI. I like to use targets for Exchange and SharePoint not only during migration but also ongoing. They do sit outside of hyper-v. I not only backup the exposed data but the LUNs themselves on separate media.

  37. So I’ve done some more thinking about how to get the host into the SBS domain and my thought is that why not take a spare physical machine, install Server 2008 R2 trial (if you don’t have enough licenses) and make it a secondary domain controller to the virtual SBS machine. Then when you promote the host machine and when you need to shut down SBS the host can talk to the secondary physical domain controller for boot up and finish the promotion. Now you have 2 physical servers and the virtual SBS on the same domain. Since the other physical machine is just a trial you can demote it and kill it off. Can you spot any problems with doing this? Also, do you have any experience with SCVMM? My goal is to get it running on the host or is that not a good idea?

  38. Harold Poley says:

    I have installed SBS 2008 and SBS 2011 onto virtual machines numerous times (XenServer and VMware ESXi, clean installs and upgrade/migrations). It works well.

    However, I have stopped doing so because of Microsoft support policies on Domain controllers and Exchange Global Catalog servers inside VMs. They generally will not support them unless you are a premium support customer and using Hyper-V as your virualization platform. Even then, they may require you to move your installation onto physical hardware in order to assist you (and what fun THAT would be). As an IT consulting professional, I find this an unacceptable risk for installations done for clients (my own servers I happily virtualize). However, legally, clients (and their lawyers) can view an SBS installation into a VM as professional negligence/incompetence.

    You have been advised.

  39. EricE says:

    @Arthur “Yes the second VM would be for running Terminal Server sessions, which are now called Remote Desktop Services. There’s a business app that’s data heavy (so it needs to run on the server) and VPN wouldn’t work.”

    Take a look at Multipoint server – the CAL licensing is simple and very favorable (VDI infrastructure can be a nightmare to license!)

    https://www.microsoft.com/windows/multipoint/

  40. EricE says:

    @Jerry “I take it back. It looks like a Windows 7 Pro license is about the same price as an RDS client license. Each at about $150″

    Yeah, there’s a reason for that :)

    Also be aware that any device you use to access your server remotely has to be licensed with a Windows Server CAL somehow. If you are per user licensing with your SBS CAL, then you are coverd as the Windows Server CAL is in there – for sure with the Premium CAL, not sure if the SBS Standard CAL is special now that I think about it.

    Office is the other “bee in the bonnet” – any DEVICE that DISPLAYS the Office interface (UI) has to be licensed. Access a virtual desktop session with an iPad? You need to buy Office for that iPad. If you have Software Assurance on Office you might be able to get away with some roaming rights (as long as the users company doesn’t manage the device AND they don’t bring it onto your companies premise) – but Office is a complete nightmare for virtual desktops, followed closely by licensing Windows. Everyone (including me, until recently) assumes you can license the VMs on the server and your good – but that’s not true. ALL Microsoft licensing is ether end device or end user based. And don’t even get me started wtih multiplexing and CALs requierd if a product like SharePoint requires SQL server. SBS hides all this complexity, but if you aren’t using SBS and you have never heard the term Multiplexing and your using applicaitons on top of SQL server I’ll bet your not compliant….

  41. THe focus here is for Hyper-v and it is not hard to imagine MSFT does not support other host hypervisors.

  42. joel avery says:

    Glad I found this post! Thanks for the great info. Can you think of any potential caveats to running two SBS 2011 vm’s off of the same physical server? I have a client with two distinct functions that currently have two different servers and I was thinking they might be an excellent candidate for virtualization. Thanks in advance.

    jc*

  43. I confess to being confused. There is no problem running two SBS virtual machines on the same host, but are you implying they would both be for the same domain (i.e., company)? I have no conception of how that would work. The domains would have to be different meaning Exchange mail is different and on and on. You would also need separate forwading of ports 25, 80, 443 and 987 on incoming traffic, doable but a bit more complex and certainly not done off a single NIC on the host machine. I have serveral VM setups that have two side by side virtual servers, one being SBS and the others being standard, where this happens (LOB apps all want port 443 for example). I have a four-port NIC in the host, and a firewall that uses multiple WAN interfaces each with a different static address to forward traffic o the desired server. But not two SBS servers for the same organization.

  44. joel avery says:

    Hello Larry:
    Thanks for the reply and sorry for the confusion. It is a parent company and a child company that operate, in most regards, completely independently. Separate domains/names, etc. They’ve both got their own aging SBS 2003 servers right now.
    Getting additional NIC’s for the host machine shouldn’t be a problem though I can imagine it will a little fun getting them all configured.
    jc*

  45. it was actually a snap. If you just need two (I needed four) perhaps your server has two built-in NICS. You can use two separate routers, each with a different LAN segment, one into each NIC, or a firewall that supports defining your interfaces discretely (like a sonic wall, cisco, watchguard, etc.). So for example, frm my ISP modem four ports, I could plug a cheapish router into two of them and connect via two distinct static IPs (I have multiple statics set up). Each of those routers in turn would have a distinct LAN address range, say 192.168.1 and 192.168.2. Set the NIC addresses to be seperately on each of those LANS, port forward from each router to the SBS instance, and you are there. Just make sure to use different virtual NICs for each SBS.

  46. Scott says:

    Great information on this site but I still need to have you clarify my scenario if you could.
    I have installed SBS server’s on numerous occasions & am now performing my first virtual installation. This will be an SBS2011 standard installation along with a Windows server 2008r2 instance (not using the Premium add on). I have chosen this option as my client has no requirement for SQL,but they do want to use the 2008R2 server for remote access, using Remote Desktop Services & the licensing was cheaper using this approach.
    From reading your earlier posts I see two options for the virtual environment.

    1) Install Windows server 2008 r2 as the host OS with RDS configured, enable Hyper-V & install SBS2011 as a VM. With this setup the host OS could not be part of the SBS2011 domain & therefore I would have issues with the RDS sessions accessing the server resources. (I cannot install a second instance of Windows server 2008R2 as a VM without purchasing an additional license)
    2) Install Hyper-V Server 2008 R2 as the the host OS (it is a free download) & create 2 x VM’s with SBS2011 std & Windows server 2008R2. With this option both SBS2011 & server 2008r2 can exist on the same domain.

    Option 2 seems the best option but I do not see many users taking this option. Is there something that I am missing with Hyper-V as the host OS?
    Scott

  47. You are essentilly correct that the host should not be part of the domain. I say essentially correct because there is a bit of a debate about this, and to date I have not tested out what I theorize. And that is that from the host site, you could join the domain and have it cache your logon credentials. I have a suspicion it would and allow a first boot, but here is what else you could do:

    1. Start the Host and SBS VM.
    2. Join the host computer to the domain.
    3. Reboot the host, but continue to log on locally.
    4. Once the SBS vm starts, switch users on the host and log on as the domain admin account.
    5. Switch users back to the local logon, then log off.
    6. When you have to restart the host machine, log on as the domain admin. It should have cached your credentials.
    7. Even without a host logon, the VM should start. If not you can always log on locally and then switch as above.

    There may be some other technical concerns to this scenario, but I am not sure what they might be. Domain servers can run for short periods without a DC, but it is not preferable.

    Let me point out again that I have not tested this at all. If you are game, you can try it. Take a backup of the host including the .vhd and be prepared to restore.

    I have treid Windows 8 Hyper-v and found it somewhat cumbersome to access remotely. If I recall, someone from MS posted a blog with all the powershell commands that were needed to be able to run Hyper-v manager from a Windows 7 client, and it wasn’t pretty. I did get it to work – accidentally I think – but abandoned it shortly afterwards. It was a play setup anyway.

    With no other variables at play, I would definitely run two Hyper-v machines (SBS and LOB server) with a 2008 R2 host. If you don’t mind doing things from a command line and local monitor, free OS is okay, otherwise be prepared for a little adventure to configure it to run from Administrator Tools on a Windows 7 client.

    Let us know what you decide and how it works.

  48. Scott says:

    Many thanks for the quick response. I am currently installing SBS2011 on the VM & will test the scenerio once it is installed. I will provide an update at that time.
    Scott

  49. Scott says:

    Pardon my ignorance Larry, but what is a “LOB server”?

  50. That would be Look: Obama, Barry. Or perhaps it is Line of Business.

  51. Dan Stover says:

    Hi Larry, Really good info here. I was reading on the Microsoft site about SBS licensing and it says, “* SBS 2011 Standard installation media is not able to host the virtualization layer directly. The licensing allows the customer to deploy a Windows Server 2008 R2 instance on the physical host, the Hyper-V virtualization software, and then deploy the SBS 2011 Standard software into a virtual environment.”

    This makes me think that when you purchase SBS 2011 Std., you can install Server 2008 on the host, and then SBS 2011 as a vm all with the one SBS 2011 license probably without the need to even buy the Premium Add-On.

    A customer that I took over seems to have this same setup. Do you think that’s true…. That when you purchase SBS 2011, you get Server 2008 for free to act as a virtual host OS?

    Thanks,

    Dan Stover
    Stover IT Consulting

  52. It is a good question and one I have not had to face directly. I have either used the free version of Windows Hyper-V Server or clients have provided licensed copies of Windows. But your logic seems sound, with the caveat that it is Microsoft licensing.

  53. Scott says:

    Hi Dan,
    My understanding is that you will need a license for each instance of Windows 2008r2 whether it be virtual or physical. I had a requirement to have an SBS2011 std server & a Windows 2008r2 server for use as an RDS host so I would have required 2 copies of Windows server 2008r2, one for the virtual instance & one for the host OS as well as the SBS2011 license.

  54. Scott, I have always assumed that was the case, hoping Dan was correct but fear he is not from the quick look I took at it today.

  55. Dan: you are correct in reading the licensing terms – Microsoft recommend using Server 2008 R2 Standard as the base OS and include the license for this if you are virtualising your SBS 2011 environment. Using “standard” server alleviates the problems of no GUI (server core) and no management without being joined to a doman (standalone hyper-v server).

    Regarding multiple SBS VM’s being joined to multiple NICs – it’s essential to have 1 NIC per VM… but can’t this also be virtualised? For example, can’t you perhaps run a software firewall (like Vyatta or SmoothWall) in a VM, assign it multiple “internal” network connections, and have your VM’s only connected to the “internal” network?

  56. Shane-
    Regarding your NIC question, I read it as being specific to SBS VMs. If that is correct, you do indeed need multiple physical NICs, but it is not limited to SBS but to any VM whose software needs specvific ports that are also needed by other VMs. I have a situation that a LOB VM server needs port 443 but so does the SBS VM on the same box. Traffic on the incoming NICs has to be able to deal with this.

    In this specific case, the bifurcation goes past the VM and host systems to incoming IP addresses. It requires two different static IPs and roputer configuration that can route 443 traffic on one IP address differently that on the other. The simple approach is to use two small routers with a single WAN interface, although more sophisticated routers are up to the task on a single box by defining different IP addresses and rules on multiple WAN interfaces. Sonic Wall, Cisco, Watchguard and others can do this.

    You can probably get by with just two NICs in this scenario. One can be used for the host OS and one of the VMs, and a second NIC for the second VM. In the case I referred to, where the LOB server is NOT SBS, you can assign two NICs so that that server is both on its own network segment for incoming 443 traffic as well as on the same network segment with the SBS server.

    Hope this makes some sense as you read it.

  57. Hi Larry,

    I think you may misunderstand my proposed solution. I was suggesting that the network architecture could also be virtualised. Sophisticated (and expensive) routers may be able to handle multiple ports and LAN segmentation, but couldn’t this functionality also be provided by something like Vyatta NetworkOS or another *nix based software firewall running as another VM on the same host

    Having a separate NIC for the host PC makes sense (as does running it independently of the Domain hosted virtually) but if a single WAN connection is connected to the software router, then virtually limitless “internal” network connections can be made from it to the other VMs.

    I haven’t completed my setup yet and I am still learning a lot, but I have found that the SBS requirement of being connected directly to the router can be achieved by a simple “internal” network connection to an open-source Vyatta network device, rather than a physical one.

  58. My response was predicated on the need for incoming port(s) that needed to be forwarded to servers, not how the network configuration was done. Let me try again.

    For a single incoming network connection (as viewed by an external IP address), you can only move traffic for a single port to one place internally. In the case I cited, port 443 traffic cannot be parsed to two different servers if the source IP is random and unknown (as opposed to knowing specific places it comes from which could be used to route it separately). In order to have two different physical or virtual machines accept (port 443) traffic, it requires two different incoming IP external addresses to do so. That needs to be supported by two different interal network addresses, i.e., different address spaces, in order to properly route traffic.

    If you don’t face such a requirement, one NIC and one internal network and one external IP will suffice for a number of machines. One simple router will work as well. For example, running SBS asa virtual machine along with other virtual machines that are not servers can all sit behind a router and all VM and the host can have an IP address on the same network segment. The router would forward the necessary ports to the IP address assigned to the virtual SBS machine. Nothing else is needed.

    And if another physical or virtual machine also needed incoming traffic on a port that did not conflict with ports needed for SBS, nothing else is needed as well. That machine would get an IP address on the same internal network and the same router would port forward to that IP address.

  59. “SBS 2011 on a virtual machine – creating a Hyper-v VM SBS and Beyond” was indeed a fantastic blog post.
    If only there were far more web blogs like this specific one in the actual
    word wide web. At any rate, many thanks for your precious time, Marguerite

  60. You are most welcome, and I am happy to have been of help to you and others. I share your frustration abuot how poorly most forum posts, and sometimes blogs, are not really helpful in their writings. They omit far too much, make references to things that are key to understanding what to do, and more often than not leave you as helpless and clueless as before you read them. I vowed to post in a way that I would want to read and then use the information. I am about to begin a new round of postings and hope you will return often.

  61. Robin says:

    Hi
    Did anyone ever try the hypervisor 2008 r2 server as a member server of the domain ? Or even as a Bdc . Looking to do the premium build , and would like to have rds sessions on the hypervisor if poss but as domain logins

  62. It certainly works as the host machine being a member of the domain, but did you imply that does it work when the SBS server is a virtual machine AND the host machine is joined to the domain? Well, theoretically you should be able to accomplish that hat trick, but it seems hardly worth the effort and possible risk. Here’s why in my analysis.

    When you join the host to the domain, the virtual SBS will be available to validate the domain and accept the host. Then you need to reboot. If you wait long enough, it seems plausible the virtual SBS will start up and be available to validate the logon for the host, but not certain. If the virtual machine ever fails to start, and I have seen this happen enough times to actually consider it, then you can’t log on to the parent with domain credentials and would have to use local credentials. Still, it is a possibility there are some contingencies among services and/or processes that would disrupt this well considered operation.

    An alternative might be to use the premium license machine to create a DC that would always be available, but then why bother with all the fuss? If you were going to do anything, I would assume you want to have both the SBS and premium servers running as virtual machines so as NOT to have additional hardware stacks to deal with, right? And this is a conversation about technical, not licensing, approaches.

    What I have found to be workable is to leave the parent as a non-member server running Hyper-v and a stack of virtual machines for whatever purposes I might require (or clients’ purposes). On my router, I direct RDP traffic to the parent from the outside but all other traffic to either the SBS virtual machine or some other server or application virtual machine. That way, remotely, if there ever is a problem, I easily get to the host machine to correct the virtual machine(s) failure. Just remember to use the local credentials to log on, not domain credentials. Almost always, I try and make the local credentials mimic the domain one. So I name the parent computer and use the same administrator name and password. That way, \ works for either.

  63. I pondered this very scenario for a long time and I was too chicken to ever try it. Then Server 2012 came along with it’s excellent support for shared nothing migration and replication and there was enough benefit there to warrant the extra expense of standing up a second physical server. I joined one Server 2012 Hyper-V host at a time to the SBS domain by migrating the VM back and forth. Then I setup replication so that if one server went down I’d have a 15 minute copy of the SBS available to boot on the second Hyper-V server. I couldn’t be happier with this solution.

  64. robin says:

    Just wondered, I have a dual xeon server with 32gb ram – trying to work out what the best settings would be for the 2 virtual machines that we have – sbs 2011 and 2008r2 running 20 RDS logons. Am I better to allocate both 12gb and put the rest as shared or better to allocate all memory ?
    I also can’t quite work out if it’s quicker to leave them at one virtual processor or max to 4 – whilst I have read the various notes, its strikes me that running them both with 4 virtual cores feels slower ?

  65. Excellent questions and I have no highly scientific, quantitate answer to give. I successfully have run a host with as little as 4GB memory and give the rest to virtual machines. Wasn’t sure from your comments, but hope you are not using SBS as a host environment for hyper-v. It works fine as a VM however.

    I have generally given VMs as many processors as I could but your comments might make me take a second look. I will report back if I uncover something definitive.

  66. robin says:

    Hi, Sorry should have been clearer. Have SBS 2011 premium, setup 2008r2 as hypervisor, sbs 2011 and another 2008r2(for RDS) as virtual machines. Have given both 4 virtual processors and 12gb ram . The sbs server will need this as will be running basic SQL server setup. Wanted to know what was optimal for 20 users on the RDS server in terms of cores and memory.
    My own tinkering seem to make me think that it can appear to run slower with multiple virtual processors but I have only been testing minimal server load.

  67. I have found SBS 2011 wants at least 12GB of memory to be happy as a VM, and in some cases, that has not seemed to be enough. Exchange seems to increase demand as its activity rises, but I have seen a sluggish SBS VM when Exchange services were completely stopped and not a whole lot else seemed to be going on. I have not noticed a decrease in perceived performance as the cores were increased, nor decreased.

    I am positioning to try Server 2012 as the host and see if it makes some difference that is meaningful. I recently did a 2012 hyper-v that was supporting 16 VMs used for RDP; remote users needed to run with local access to a LOB database. The amount of real activity varies widely at different times as users log on and off, and I particularly like the starting, minimum and maximum memory settings. You can specify a startup value, and if demand on memory increases among other VMs, an individual machine can drop its memory use if somewhat idle. Not only that, but we set up a second server and put some machines there. Not a major feat in and of itself, but each server uses the other as a failover, so if one server were to fail, the VMs would all end up running on the other server. These are pretty neat extensions to Hyper-v in 2012.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s