At a Glance:\n\nUnderstanding virtualization technology\nInstalling and configuring Virtual Server 2005\nPerformance tuning, scripting, and security\nVirtual system management best practices\n\nVirtual Server 2005\nWindows Server 2003\nOver the years, computing hardware performance has grown at a dramatic rate. There’s always some hungry application waiting to gobble up all that power, but many machines run\nat a small fraction of their total capacity, taking up precious space, administrative effort, and resources. If you’ve ever wished you could saw a server into small pieces so it could be more productive (not to work out your frustration), server virtualization may be the solution you’ve been dreaming about.\nPut simply, server virtualization allows you to run multiple operating systems concurrently on a single computer. Microsoft has released several versions of the Virtual PC product for workstations, and recently shipped a server-side solution in Virtual Server 2005, and the subsequent Virtual Server 2005 R2 release, that can provide dramatic advantages to your organization’s IT department. In this article, I’ll focus on the benefits of virtualization, the architecture of Virtual Server 2005, and best practices for making the most of Virtual Server in your server room.\nVirtual Server 2005 is essentially a service that runs on Windows Server™ 2003. Using Virtual Server, you can host up to 64 virtual machines (VMs), each running its own operating system, on a given host machine. Figure 1 provides an overview of this basic Virtual Server architecture.\n\nFigure 1** Virtual Server 2005 Architecture **\nVirtualization Architecture\nNotice that there are four operating systems (one host OS and three virtual machines) running on the same server hardware. Each VM is completely self-contained in that the OS believes it is running on physical hardware. The virtualization layer, in this case the Virtual Server 2005 service, translates all calls from within the VMs to actual physical hardware.\nIf you’re like most systems administrators, the burning question that comes to mind is: what kind of performance can I expect? There is obviously going to be CPU, memory, disk, and network overhead when using any form of virtualization (this is sometimes referred to as the “Virtualization Tax”). While there’s no single number that would reflect the performance impact, you’re likely to find virtualization to be a viable solution for all but your most heavily used servers. Of course, scalability and performance testing is critical to a successful deployment. Rest assured, however, that there are many organizations using virtualization for mission-critical enterprise applications. Oh, and you can play old MS-DOS®-based games like Doom and Gauntlet within a virtual machine, as well. The sidebar “The Benefits of Virtualization” elaborates on many of these benefits.\nThe Benefits of Virtualization\nHere’s a brief look at the many ways in which virtualization technology can improve your environment.\nHardware Independence Since your operating system and applications are installed within a VM where the configuration can remain stable over time, you’re relieved of having to worry about hardware compatibility issues, upgrade cycles, and maintenance of old hardware. Even complex, multitier enterprise applications can be moved between virtual servers without the need for reinstallation.\nSince most VMs can be easily moved between machines without needing reconfiguration, you have complete flexibility when you want to upgrade or extend the useful life of an older, existing server. The decoupling of servers from their underlying hardware also means you can move VMs based on load requirements.\nEasy Deployment Deploying servers can be time consuming, even when you use automated deployment tools. In addition to the standard security and operating system configuration, you’ll most likely need to support many different types of hardware. Virtualization allows you to create a set of base VM images that ensure a standard platform. You can then copy those images to new machines in a matter of minutes. The end result is nearly instant server deployment without the need to set up new hardware.\nSimplified Application Testing It is quick and easy to set up a test lab environment using VMs. Complete test environments (including virtual networks) can be created in minutes. Features in Virtual Server 2005 allow you to easily undo changes to a VM. Developers can target their applications to a very specific VM hardware and operating system configuration, since the hardware specifications of the VM are well known and consistent.\nEfficient Hardware Utilization Think about all the servers in your data center and then imagine how fully utilized these machines actually are. Chances are many (if not most) of your computing resources are being left unused much of the time, particularly if you are maintaining older hardware for compatibility. Say you’re maintaining an entire server for an old application built with Windows NT ® 4.0. It’s important enough to keep the server running, but upgrading the application for current systems just isn’t going to happen. With Virtual Server 2005 you can move that application, along with its Windows NT environment, to a virtual server on a more modern, better utilized system. How’s that for server consolidation?\nVirtual Server 2005 runs on Windows Server 2003 and Windows® XP Professional (though running on Windows XP is not supported for production use). Note, however, that if you only want to host one or a few virtual machines on a single workstation, Virtual PC may suit your needs. Virtual Server 2005 uses a Web-based administration interface, so you’ll need to either run IIS on the host machine or install the included vmrc.exe admin application on the workstation from which you’ll manage the virtual servers.\nOverall VM performance will be determined primarily by physical CPU, memory, and hard disk specifications of your host computer. Microsoft supports a variety of Intel and AMD CPUs in single and multiprocessor configurations. With the R2 release of Virtual Server 2005, support was also added for x64-based Windows host operating systems (though the guest operating systems are still 32-bit). The minimum supported CPU speed is 550 MHz, with a minimum recommended speed of 1.0 GHz or higher. You’ll likely need faster CPUs based on your guest OS requirements. The “Virtual Machine Specs” sidebar shows the specifica-tions of the emulated hard-ware configuration.\nInstalling and Configuring\nWhen planning for VM deployment, physical RAM in the host server will be the most important constraint. First, estimate how much memory each guest OS will need. Then keep in mind that Virtual Server 2005 requires a physical amount of 32MB of memory in addition to what you configure. Also note that you cannot over commit memory—that is, the sum of all of the memory allocated to running VMs cannot exceed the total physical memory available on your server (regardless of whether the allocated memory is being fully utilized). The theoretical limit is 64 VMs per host server, although that number is completely dependent on available system resources.\nInstalling Virtual Server 2005 is simple—the installer does all the work for you. Before you begin the installation, make sure that you have an IIS Web server available (or installed on the local server). During installation, a new Virtual Server Administration Web site will be configured (on port 1024, by default). Additionally, the Virtual Server service will be added to the machine. To access the Virtual Server, you can use the Virtual Server Administration Web site shortcut icon, or you can connect to ServerName:PortNumber\/VirtualServer\/VSWebApp.exe. Figure 2 shows the main Virtual Server 2005 administration interface.\n\nFigure 2** Virtual Server Administration Web Site **\nFor the most part, Virtual Server 2005 is ready for use in its default configuration. However, there are some settings you might want to change. First, you will probably want to enable the Virtual Machine Remote Console (VMRC). You can use this ActiveX® control to interact with virtual machines during the installation process. Next, you should configure Search Paths on the server. These locations will specify where VM hard disks and configuration files are to be stored. Additionally, you can configure VM startup options and the automatic refresh interval for the Web site.\nSetting Up Virtual Machines\nIn many ways, you should treat virtual machines the same as physical ones. Each VM requires its own operating system license and will likely require the same administration and maintenance as a physical server. The process of creating a new VM is quite simple. Just use the Create option under Virtual Machines in the left-hand pane of the admin interface. Here you’ll have the option of naming the VM and specifying basic memory, virtual hard disk, and network settings (see Figure 3).\n\nFigure 3** Creating a New Virtual Machine **\nThe next step is to install an operating system. As with physical computers, you can install the OS manually using media. Virtual Server 2005 allows you to attach the VM to most ISO disk image files or to connect directly to the host’s floppy, CD, or DVD drive. To save time, you can use all of the standard Microsoft Automated Deployment Services (ADS) tools and techniques to speed up the process.\nAfter installing the guest OS on the VM, you should install Virtual Machine Additions. This provides improved overall performance on supported operating systems, as well as additional features such as clean guest OS shut down functionality from within the admin console, and synchronization between the guest and host BIOS clocks. It’s also very helpful to enable remote administration on your guest operating system if it’s supported. While you can continue to use the VMRC to access the VM, it can be easier to use a Remote Desktop Protocol-based connection to do your work.\nAt this point, your VM is ready for use, and you can practically forget that it’s virtual. Set up the machine as you would any other server or workstation in your environment. That includes making sure the VM’s guest OS has all current service packs and updates. Once you’ve finished all of this installing, updating, and configuring, make a copy of this VM’s Virtual Hard Drive (.vhd) file to use it as a template for future deployments (though remember the earlier caveat, that each instance must abide by the licensing requirements as a physical machine).\nAdministering Virtual Machines\nYou can easily edit the virtual hardware configuration of a VM by using the Web-based administration tool. Figure 4 shows the options that are available. From here, you can add additional hard disks, configure network adapters, and fine-tune the amount of memory. Some changes can be performed while the system is running, but others will require that the VM be shut down.\n\nFigure 4** Virtual Machine Properties **\nIn addition to turning a VM on and off, you have several other useful options. Reset is similar to powering on and off a physical machine. Generally, you’ll want to use Shut Down Guest OS (which gracefully shuts down a Windows-based guest operating system) or Save State (which is similar to putting the computer in standby mode). Of course, you can also use commands within the guest OS such as Shut Down, Restart, Stand by, and Hibernate.\nYou can easily move VMs between installations of Virtual Server 2005. First, take note of the location of the VM’s configuration files. By default, the folders you’ll need are located within the C:\\Documents and Settings\\All Users\\Documents\\ folder), and the location of all of the disk-related files required for the VM. Before you move a VM, you must shut it down or save its state. Then the operation is as simple as copying the files to the destination Virtual Server and using the Add Virtual Machines operation to point the server to the appropriate .vmc configuration file. Note that if the path to the .vhd files has changed, you may need to specify the new locations of the .vhd files manually. Also keep in mind that the source and destination services must be using the same processor type, and that if the destination server has drastically different available resources, you may want to adjust your guest OS configurations.\n\nFigure 6** Differencing Disk Hierarchy **\nVirtual Hard Disks\nWhile the various options might be a little confusing at first, much of the flexibility and power of Virtual Server comes from the ability to configure its virtual hard disks. Virtual disks can be attached to virtual IDE or SCSI controllers. Virtual Server 2005 supports four types of virtual hard disk as shown in Figure 5.\nFigure 5 Virtual Hard Drive Types\n\n\n\n\nDrive type\nDescription\n\n\nDynamically expanding\nAllocates physical disk space on the host only when the guest OS uses it. You can configure a 10GB hard disk for a virtual machine, but it might only take up 3GB of disk space on the host OS.\n\n\nFixed-size\nTakes up the amount of physical hard disk space that is allocated. Since there’s no overhead related to expanding the file, fixed-size disks can offer improved performance.\n\n\nLinked\nPoints to an entire physical hard disk on the host computer. This option is primarily intended for the process of converting an existing physical hard disk to a virtual hard disk.\n\n\nUndo\nSaves changes in a separate file to keep permanent changes from being written directly to your virtual disk.\n\n\nDifferencing\nCreates a hierarchy of disks by writing all differences to a new virtual disk.\n\n\n\nWhen shutting down a VM with undo disks enabled, you can choose whether you want to keep, commit, or discard changes to the virtual machine. Differencing disks are created for individual virtual hard disks, but they do not allow for automatically rolling back changes.\nDifferencing disks offer you the ability to create a base .vhd (including just an OS, for example), and then write all differences to a new virtual disk. The differencing disk might contain alternate applications or configurations. This can lead to some complex and powerful scenarios. Figure 6 provides an example of how differencing disks can be used to create a hierarchy. You can use the Inspect Virtual Disks command to convert hard disk types (for example, between fixed and dynamic types), and to compact dynamic virtual disks to reclaim unused space.\nVirtual Networks\nVirtual Server offers flexible network configuration options. Each VM can be given up to four network adapters, and each adapter can be connected to a separate virtual network. When creating a new virtual network, you can attach the virtual network to a physical network adapter on the host computer. This will make the VM a part of that physical network, so be sure that you set up compatible and unique IP addresses. You can also create a virtual network that allows VMs to communicate only with each other, or disable networking altogether.\nVirtual Server 2005 also provides a built-in Dynamic Host Configuration Protocol (DHCP) server that can be enabled to simplify network configuration (see Figure 7). You can even manually specify media access control (MAC) addresses for each virtual network interface card (NIC) through each VM’s individual configuration settings.\n\nFigure 7** Configuring DHCP Properties **\nPerformance Tuning\nVirtual Server offers many different options for configuration and allocating system resources. You can use Performance Monitor counters to monitor both the host and Windows-based guest operating systems. In addition, Virtual Server 2005 provides two Windows Management Instrumentation (WMI)-based objects: VirtualMachine for monitoring disk, memory, CPU, and other performance statistics within a virtual machine, and VirtualNetwork for monitoring network-related statistics.\nYou can manage CPU load using the Resource Allocation page in the Virtual Server administration site. Using this interface, you can specific the amount of total processor capacity that will be available to each VM.\nOn the network side, using Gigabit Ethernet network interface cards can dramatically improve overall performance. Even though the guest OS emulates a 100Mb connection, when you have multiple VMs running, the performance increase will be noticeable.\nIn many virtual environments, disk throughput can be a significant bottleneck because you have multiple virtual operating systems, each of which is unaware of the others, competing for the same disk resources. On the host server, standard parallel IDE hard disks will perform at the bottom of the heap, Serial-ATA will perform better, and SCSI hard disks will usually give the best performance. You can dramatically improve disk performance by using RAID-based file systems, adding more independent disk spindles and controllers, or by investing in network-based storage systems. While the RTM version of Virtual Server 2005 does not provide native support for these technologies, you can use a Storage Area Network (SAN), Network Attached Storage (NAS), and file servers to store .vhd, .vmc, and other configuration files and resources. While you might realize useful performance and manageability improvements, you should thoroughly test these scenarios before using them in a production environment.\nScripting and Automation\nWhile the Web-based administration tool is fine for setting up a few VMs on a few servers, you might want to automate or schedule various options. Fortunately, Virtual Server 2005 supports an API that allows you to script common operations. The object model is documented in the Virtual Server Programmer’s Guide, which is installed by default when you install Virtual Server 2005.\nHere’s a simple script to start all of the VMs on a local server:\n\nSet objVirtualServer = CreateObject( _ "VirtualServer.Application") Set colVirtualMachines = _ objVirtualServer.VirtualMachines Dim objVirtualMachine For Each objVirtualMachine in _ colVirtualMachines objVirtualMachine.Startup() WScript.Sleep(10000) Next \n\nThis script loops through the collection of VMs, sending a start command to each. A brief 10-second pause is added to help avoid bogging down the server. Of course, you can also create full Virtual Server-based applications easily using COM interoperability in the Microsoft .NET Framework. You should note, however, that there are special COM security-related considerations to keep in mind when building an automation application.\nYou can also create command-line scripts that run when specific VM events occur. For example, you might want to send a notification when a VM is powered off, or when it experiences a low disk space error (either within the guest OS or outside of it). These options can be set within the Scripts properties of each VM.\nBest Practices\nAs with all other applications and operating systems in your environment, you should be sure that guest OSs are kept up-to-date and that they’re backed up properly. Regarding the host operating system (and Virtual Server 2005 itself), most options are based on file system and OS security. Figure 8 shows the options available in the Virtual Server Properties security settings.\n\nFigure 8** Virtual Server Security **\nIn general, you can enhance security in your Virtual Server 2005 installation by using NTFS file system permissions on configuration files, including VM configuration (.vmc), network configuration (.vnc), and virtual disk-related files (.vhd, .vnc, and .vsv).\nYou can also boost security by limiting access to the Virtual Server Administration Web site through IIS (details are available in the Virtual Server online help). This includes setting user access permissions and TCP port settings. Finally, there’s no substitute for good policies—ensure that all VMs that are attached to your production networks adhere to the same security requirements as your physical machines.\nVirtual Machine Specs\nWhile Virtual Server 2005 Enterprise Edition will support as many processors as its host OS (currently 32 in Windows Server 2003), the individual VMs are limited to a single logical processor and up to 3.6GB RAM. The emulated VM hardware includes the following:\n\nIntel 440BX motherboard chipset\nAMI BIOS\nS3 Trio 32\/64 with 4MB of video memory\nPS\/2 Mouse and Keyboard\nTwo Floppy drives\nTwo serial ports\nOne parallel port\nUp to four IDE devices such as hard disks or CD\/DVD drives\nUp to four Adaptec 7870 SCSI controllers (each of which can host seven hard disk drives)\nUp to four DEC 21140 10\/100 network interface cards\n\nThat’s not exactly a state-of-the-art machine. It lacks such modern conveniences as USB support, true Gigabit Ethernet, advanced SCSI controllers, and 3D video graphics. But it’s functional. More importantly, all emulated devices are listed on the Hardware Compatibility List (HCL) as far back as Windows NT 4.0, meaning special drivers are rarely necessary.\nFor more information about Virtual Server 2005 specifications, see the datasheet.\nManage your virtual machines as you would any other physical machine in your environment. All of the management tasks you can accomplish through event logs, WMI, Microsoft Operations Manager (MOM), and Systems Management Server (SMS) can be applied to VMs. Similarly, you should comply with update and security policies on VMs as you would for any other machine.\nBack up your VMs. This can be tricky because the .vhd files associated with a running VM cannot be backed up directly (though this has been improved in the R2 release). Your options are to save the state or shut down the VM before backing it up from the host (which will result in some downtime), or to configure backups to occur from within the OS running on the VM.\nIn the event of a server failure, you should have a plan for restoring your VMs. In the case of complete data loss on a server, the quickest method might be to reinstall Virtual Server on another machine and to restore the latest available virtual disks and configuration files. Note however, that the R2 release of Virtual Server 2005 now supports host system clusters, which will provide a high availability scenario in the event of a system failure.\nConfigure your antivirus and other software to exclude standard Virtual Server and related files (.vhd, .iso, and so on). These files tend to be very large, and normal scanning operations can dramatically reduce host and VM performance.\nIf you’re using Virtual Server for testing, create a separate network environment. You can use a Virtual Private Network (VPN) connection to transfer files to and from your production networks, if required.\nThe Virtual Future\nMicrosoft Virtual Server 2005 provides powerful virtualization technology today, and the solutions will only get better. Whether you use Virtual Server for hosting legacy systems, utilizing hardware efficiently, or testing, it’s difficult to overlook the many potential benefits of virtualization.\nTest Drive Microsoft Software\nDid you know that you have access to a large testing lab where you can try out most any available Microsoft applications? The TechNet Virtual Labs let you evaluate Microsoft software in a risk-free environment. Participation in TechNet Virtual Labs is free, and there’s no complex setup or installation required. You get full access to most available Microsoft apps through 90-minute modules, each with its own downloadable manual.\nIt’s not difficult to imagine wanting more than the rather modest hardware specifications of the current VM. Work is being done to virtualize more types of devices available on the host operating system. You can also expect increased VM performance through hardware-based Hypervisors, a layer of software that sits between the OS and your hardware, and that allows for running multiple OSs simultaneously without the need for, and associated overhead of, a complete host OS. Intel and AMD both have plans to provide CPU-level virtualization technologies that will improve performance.\nIn the longer term, Microsoft plans to add virtualization and Hypervisor support into the Windows kernel, starting with Windows Vista™ and the next version of Microsoft Windows Server, code-named “Longhorn.” These hardware-based solutions will provide improved performance and support for thousands of different types of hardware devices.