Building a Virtual Lab

Throughout this blog I’ll be explaining how to build a Virtual Lab. The technologies ill be using to bring it all together and how to maintain the environment once it has been built.

The technologies may change over a period of time, but there will be new content to go along with those.

Presently I have two Servers Physical servers

Server 1

HP Proliant Micro server

16GB RAM

Intel G1610T CPU

Server 2

Is custom built

32GB RAM

AMD FX4300 CPU

I have already installed XenServer 7 onto these devices, and assigned static IP addresses. For this Blog ill be assuming you are currently at this point also.

 

Creating our starting Storage Repository

If you’re like me, you don’t have any shared storage so we need to utilise Windows File sharing in order to get our Virtual environment started.

So firstly, you will need to create a folder on your Desktop, or Laptop where you can store a Windows Server ISO.

You can get the Windows Server 2012 R2 Evaluation ISO from here: https://www.microsoft.com/en-gb/evalcenter/evaluate-windows-server-2012-r2

 

I’ll assume you have an MS account and have downloaded this already. I’ll Also assume, you have access to XenCenter with your XenServer hosts already added. If you need help with either, please let me know.

Right click your ISO Folder and select Properties, change the view to Sharing.

sharedrive

Select Share. Then Share

filesharing

XenServer will not be able to communicate with your Desktop or Laptop using the Hostname so make sure you have the IP address of you Desktop or Laptop before moving to the next step.

Secondly, In XenCenter, right click your host and select New SR (Storage Repository), Select Windows File Sharing (SMB/CIFS)

cifs

Give it a name:

cifsname

Now put the path to your shared ISO folder as below:

usercreds

And add the local user account for your desktop/laptop. If this is domain joined make sure you add the domain prefix before the username i.e. WIN\Administrator.

The SR should now show as a storage repository on your Host:

finishedsr

Creating our First VM

So, we have the ISO and we have the Storage repository. So now we are going to create out first VM

Right click a XenServer Host that you have attached the SR to, and Select New VM

Select the template we want to use:

template1

Give the server a name:

servername

Select the installation media:

isosr

Place the VM on this server:

homeserver

Select Next on CPU and Memory as we will adjust this depending on the server role at a later stage, next on GPU also.

Select your active NIC:

network

Select Finish.

This will then run through the Windows Server 2012 R2 installation.

Once XenServer has created the VM and it appears in the XenCenter console, select the server and change the view to Console.

Running through the VM build selections:

timeconfig

install

We want to install the Standard Evaluation Server with GUI.

serversetup

Accept the Licensing Terms and Conditions:

termsandconditions

We want to select Custom: Install Windows Only

Select the server Drive, this will become your servers C drive.

cdrive

Let it run through the installation of Windows

windowsinstallers

Provide an Administrator account, this is the local administrator.

administratoraccount

Eject the ISO from the DVD Drive, so the VM doesn’t try to boot into windows installer again:

eject

And now we have a full functioning first server. This will be used to create our Template Server on the next Blog post.

Converting our VM into a Template

The VM we have just created will act as our server template that we will build our entire environment on. So we first need to run through some basic settings.

Firstly, I like to disable IPV6 then can be done in two ways

Log into the server as the local administrator, right click the Network adapter and select Open Network and Sharing Center.

nic

Select Change Adapter Settings

Right click your NIC and select Properties

ethernetnic

This step will need to be completed for each NIC.

Deselect IPV6 and click ok.

The second way to do this, is via the registry. Open powershell and run regedit.

Browse to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\ TCPIP6\Parameters

Create a new REG_DWORD (32bit) name is “DisableComponants” and the Value is “FFFFFFFF

It should now look like this:

ipv6

Once you restart the VM IPV6 will now be disabled.

Next thing we do is enable RDP Access, I’ll assume you know how to do this.

Now we will disable Windows updates and Windows Firewall

Right click the start menu, Control Panel, System Security.

Select Windows Firewall – Currently it is Enabled. For XenApp Lab we really don’t need a firewall to be present in our environment. I may bring in a new post around enabling this via SCCM or GPO. But for now, we will leave it as disabled.

In the left hand pane select – Turn Windows Firewall off and deselect the options for Private and Public network settings.

firewall

Select back to Windows Security in the Explore bar, and select Windows updates. This should be disabled but double check that it is currently disabled:

autoupdates

Now we want to install our Hyper-visor Tools, this will allow us full management of the VM from our Hyper-visor. Improved performance and better, monitoring capabilities.

From the Hyper-visor console select the Guest-tools.iso from the drop down, With XenServer these are populated automatically and no manual user intervention is required to make this available.

xentooliso

From the VM click run the Attached device

cdrivexentool

Let it installconfigxentool

Once it is installed the installer will request a reboot:

restart

From here we want to generalise our server and convert it to a template.

Open powershell, and change the target to the c:\windows\system32\sysprep folder.

Run .\Sysprep which should prompt the following application box:

sysprep

System Clean up Action is OOBE, we want to Generalize and want the VM to shut down so we can create the template. Once those have been selected click ok.

Once that Sysprep has completed he VM will shutdown. From here we want to go back to the Hypervisor and select our device, right click and Convert to Template.

converttotemplate

This will now create a template on the XenServer Console, it will look like this:

viewtemplate

If like me you don’t have shared storage, you can export this template as an .xva file and store it on your Desktop/laptop, then on the other XenServer Hosts you can import the file in as a template.

You can see the process in the XenConsole Event Logs:

exporttemplate

And that is it, our template has been created ready for use.

Building our First Server – the DC

Now we are going to build our first Server. This will be our Domain controller.
Remember the amount of time it took to build the first one? Now we have our Template it will take a fraction of the time. So first we need to go to our Hyper-visor console, and right click our Template. Select New VM Wizard:

vmtemplate

 

Ensure the “Template” is our template.

vmtem1

 

Give it a name:

vmname

Assign some Resources, I’ve found 4GB of RAM and 2CPUs ensure smooth performance. But if you are going to use this for anything else then adjust for that.

vmres

 

Select an Active NIC, this can be adjusted later if required:

vmnic

Once that has finished you should get to the Windows Settings configuration. Select the options that apply to yourself:

vmsetting1

Accept terms and conditions

Give your local admin account a password, I’d make sure it is secure.

vmsetting2

Once you get to the CTRL + ATL + DEL screen, Login to the machine.

First thing we want to do is assign a static IP address

vmnic1

Change the Name of our VM:

vmrename

When prompted Restart the machine

Verify IP in XenConsole:

vmip

 

Once the server has rebooted, and has picked up the assign Static IP, go to Server Manager and select Manage, Add Roles and Features.

addroles

Next on before we being page, then Role-based or feature-based installation:

servertype

Select the Server in question

vmdestin

Now we want to Add Server Role.

We want to add:

Active Directory Domain Services

DHCP

DNS

Select Next, Ensure .NET Framework 4.5 is select and GPO, leave the defaults.

features

Run through adding configuration of those roles and Features for our Domain controller.

dcconfig

dcompleted

Once it has completed please reboot the machine:

Creating our Domain, and configuring DHCP and DNS

Once our server has rebooted with the roles and features added, we need to then configure them.

Firstly open Server Manger, select the Warning sign, and then “Promote this Server to a domain controller”

adconfig

We will be running through creating our Domain and Domain controller.

Select “Add a new Forest”

Then give our Domain a root name.

deploymentop

Type in a DSRM Password. Directory Service Restore Mode is a safe boot mode for Domain Controllers.  This allows an administrator to repair or recover to repair an Active Directory DB.

dcoptions

Skip over the DNS option.

NetBIOS name for our domain, I shortened Windows.Local to just WIN.

netbios

The config will run through a list of pre reqs.

prerequs1

Select next, then the configuration will run through the installation, once it has installed the server will reboot.

Now we have a Domain Controller and a Domain.

Make sure you log into the server as your domain admin, the account you created the domain with, will be elevated to domain administrators. So, log in with our Domain suffix

WIN\Administrator

Your local admin password.

Next Let’s set up our DHCP.

Select Server Manager and then Complete DHCP configuration

configdhcp

 

Make sure the administrator is in the DHCP Admin and DHCP Users groups. You can do this from Active Directory for Users and Computers.

adgroups

adminmemberof

The configuration will then run through authorising the DC and finish setting up the role.

 

Now we need to create a new scope.

Go back to the Server Manager and select DHCP

dhcpsm

Expand our authorised server:

newdhcpcope

Right Click > new scope. Give it a Name

scopename

If you wanted to go down the road of segmenting your Network into different Scopes go ahead, I’m just going to create a standard one for now.

 

Add in your IP address range

scopeiprange

Select Next, then we need to add in any Exclusions we have.

The DC will automatically be within this Exclusion scope, but we are going to add our Default gateway and XenServer Hosts also. If there is anything else on your network like shared file storage devices, wifi extenders, sky boxes, etc. Add them in here, I’m going to leave this like that, the devices on my network don’t require static IPs. So, everything else I want DHCP to assign the IP address to.

scopeexcludes

Next on lease time

We want to configure the Scope potions now:

Ensure your default gateway is correct

defaultrouter

DNS Server is correct

dnsname

Skip WINS Server, as it is not required.

 

 

 

 

Yes, lets activate the scope now.

dhcpactivate

Then finish

DHCP should now be registered and handing out IP address on your network. Further configuration may be required here as your router usually is set to hand out IP addresses, this feature can usually be disabled.

 

 

DNS

The only thing we need to do right now is to make sure the DNS Reverse lookup zone is created. So open DNS, Expand the DC. Right click Reverse Lookup Zone, select New Zone

newdnszone

 

Select the Zone type as Primary

dnsprimary

Select All DNS Servers running on Domain controllers in this Domain

dns1

Select IPv4 Reverse Look up Zone

reverselookup

Put in your network ID, as it says this is the portion of the IP Address that belongs to this zone. As we have one primary of 192.168.0.xxx then that is what we put, obviously if you were using 10.1.0.xxx then 10.1.0 wold go there.

zones2

We won’t be using this feature but select Allow Only Secure dynamic updates.

zone3

Let is configure and complete.

completeconfigdns

Now we should have our DC within the reverse lookup Zone.

completeddns

 

Next we want to update the Default Domain Policy and disable the Windows Firewall:

Open the Group Policy Management Console, Select the Default Domain Policy:

gpmc

Right click and select Edit. Browse to Computer Management, Policies, Windows Settings, Security settings, Windows Firewall and Advanced Security. 

windefaultdomain

Right Click and Edit the setting. Then turn the firewall state for each profile off:

Domain:

domainprofile

Private:

privateprofile

Public:

publicprofile

We should now have set up our Domain, with a Domain Controller. Configured DHCP and DNS ready to progress the implementation of our environment.

 

AD Structure and Security Groups

The small stuff!

I was going to leave this bit out, or go over it briefly but we may as well cover it in its entirety. While creating our Lab we could have gone down the route of using one administrator account to install everything, or Bind LDAP Policies, or use as our SQL Service account, the list goes on. For someone who is new to this, I’d image that is what they would do, I mean I did do it also. As we are a little bit wiser and know a bit better, we can go down the route of replicating how a Customers Environment may look and feel, although I still see administrator accounts used as service accounts in live environments to this day!

RDP to our DC, open up Active Directory Users and Computers.

We want to create our own Organisation Unit (OU) and possibly some additional OUs to split up the environment and keep things looking nice a clean. This is how i have designed mine:

adou

So we have a location for our Security groups, and application groups. Our infrastructure servers, either production like  our DC, or a maintenance Server, Our PVS Maintenance image. Then we have Service accounts, standard user accounts and lastly administrator accounts. So when trying to find something, or if someone else is trying to find something they are able to without breaking a sweat 🙂

So start with a standard domain user:

stndrduser

An Administrator user:

adminuser

Here is a small collection of Security Groups you will need. We will add more later but for now lets get these created. Use your own naming convention if you wish:

ourownusergoups

Add our new Administrator user to the groups also add him to the Domain Administrators group and these:

usergroups

Lastly we want to create out Service Accounts. I’ve gone for 3 for now, we will add more as and when we need them:

serviceaccounts

Add the generic groups to those users for PVS and SQL. We will be using the adsvc account to bind our LDAP policy to our domain on the netscaler. But that is much later down the road.

This is pretty much it, let me know if you have any questions regarding the information in this post.

Thanks

Creating our File Server

The next server we are going to be building is our File server. This will provide shared storage for our Environment. From Shared drives, to home profiles, and much more.

 

So, run through the same build from template process we did when creating our Domain Controller instead obviously call the server something else.

fsname

Assign the required resources to the VM.

fsresources

At this point we want to make sure our VM has the required drives. This can be done after it is built, but I’m going to do it now.

I’ve created 2 50GB drives and a 100GB drive.

fssharedstorage

Share drive – 50GB

Home drive – 50GB

ISO drive – 100GB

Run through the sysprep build settings with your desired configurations.

Next we want to Rename the VM.

Reboot when prompted.

Now we want to join the machine to the domain: Use the full domain name. You can use the NetBIOS Domain name if required.

fsdomain

Often I get an error saying there are no DCs available, or cannot be contacted:

fserror

This is because the VM has a router assigned the IP address and the VM is using the router/default gateway for DNS, and obviously, the Router doesn’t have our named server records. So, if you didn’t disable DHCP on your router we will need to manually point the VM to the DC.

You need to set your VM NIC to the DNS server.

fsdns

Now try to join the VM to the Domain. It should now join

fsdomainjoin

Reboot again when prompted.

 

We need to assign an IP to the File server now, this can be done prior to joining the domain, so we need to set up DHCP and DNS records for this server. So, if you go to the Network tab on Xenconsole:

fsuipaddress

Copy the MAC address of the vNIC

Go to your domain controller, open DHCP, expand the domain, IPv4, and our Scope, right click on Reservations and New.

fsdhcp

Open up DNS Manager, Expand the DC, Forward Lookup Zones, Domain Name, Right click and add New Host (A or AAAA record). Add the server host name and IP address, ensure PTR record is selected.

fsdnsadd

Reboot again

The vNIC in XenConsole should show our IP address we assigned.

fsipcheck

Now we have our VM with a static IP assigned in DHCP, you can check DHCP to ensure it has been assigned. Go to the DHCP console and check Addresses Leased – Should show as active.

dhcpactive

So now we want to format the drives we added earlier:

Right click the start menu, and select Disk Management.

fsdiskmanagement

 

The VM should show there are 3 disks that require initializing. Select OK.

fsdiskinitialisation

Select each disk and right click “New Simple Volume”

fssimplevol

Select Next

Confirm the amount you want to create from the available storage.

 

Select which Drive letter you wish it to have:

fsassigndrive

Give a name:

fsdrivename

Next and completed, the drive should then turn Blue in the Disk management console, after a quick format.

Complete the same for the next two drives

If you are not able to remember which drives are what, you can look back at the XenConsole under Storage and it will tell you what position the drives fall.

fsxenconsolecheck

They should now appear in Disk Management as below:

fsdiskamangementcheck

New ISO Shared Drive

Creating our primary ISO Share drive.

So now we have our File server, with a nice big chunk of space. First think you want to do it RDP to the server, or Console to it. Browse to the ISO drive locally, and create a new folder. I’ve called mine ISOs, yup original.

Once you have created the folder, right click it and go to Properties. Change the view to Sharing.

Select Share….

Add in “Everyone” with Read/write permissions

isoproperties

Press share

You should have “Your folder is shared”

Now select Advanced Sharing and select Caching

Ensure you select “No files or programs from the share drive are available offline”

offlinesettings

Now go into Security, Add in Domain Administrators, or if you want a File share administrator group add that. Give it Full Control. Select Everyone, deselect Full control.

isopermissions

Ok that.

Now select Advanced.

Select Everyone, Edit.

Change Applies to “This folder Only”.

advancedpermissions

Ok that. You change the owner of the folder to domain admins, or your own File Server Administrator group

To finish off, go to Server manager > File and Storage Services > Shares > Right click the share and go to Properties. Select settings and ensure Enable Access-based -enumeration is selected.access-based

You now have a new ISO repository. From your laptop/desktop where the ISOs were before, browse to your new repository using the IP address, i take the laptop or desktop aren’t domain joined. So in Explorer browse to \IP.Add.re.ss\ISOs. It may require authentication so use your domain administrator. Then copy all the ISOs you have into the new repository.

From XenConsole we need to then add the new repository and forget the old one.

You know how to add a repository, so follow the same process, except using the domain administrator for credentials. To forget a Repository you need to Right click the old Temp ISO store, Select Detach. Once it shows as detached, you can right click and Forget. This will remove it from our Console. If you do not get the detach when right clicking, it means one of the media files is being held open on one of the VMs, just browse each VM and remove anything that is in the DVD drives for them.

 

Building our SQL server and SCCM SQL Instance

So now we are going to create and SQL server, this will also be our SCCM server further down the road.

So, follow the same process we used to create the File server and create an SQL server.

Add two additional drives for SQL DBs and SCCM packages, and MS Updates.

So, when you have done all that, let’s get installing SQL.

Firstly, if you do not have SQL Server 2012 you can get it from here:

Eval version

http://www.microsoft.com/en-us/download/details.aspx?id=29066

SP 2

http://www.microsoft.com/en-us/download/details.aspx?id=43340

Once installed and placed into your ISO folder and you have attached the new ISO folder to your XenConsole you can then place the SQL ISO into the DVD Drive.

sqlxenconsole

Run the setup file

Select Installation

New SQL Server Stand-alone installation or add features to an Existing installation

We are going to get our SQL server ready for SCCM at the same time.

Setting up Support Rules:

sqlsupport

Select Evaluation:

sqlproduct

Accept licensing terms.

Select any Product updates:

sqlproductupdates

Let the Install Setup complete:

sqlinstallsetup

You can ignore the Firewall warning:

sqlsetupsupportrules

Under Setup Roles, select SQL Server Feature Installation:

sqlsetuprole

Select the required Instance Features:

sqlinstancefeature

Allow Installation Rules to complete its check:

sqlinstallrules

Give the instance a name, or leave as default:

sqlinstancedefault

This will set our Citrix Instance as the default DB Instance, if you don’t want it to be default, selected Named Instance and change it to something more personal.

We want to point our DB to the additional Drive we created earlier. So select Instance Root Directory, and select the folder structure you created on your additional drive. Or choose the local folder location if you wish. I have placed the SQL DB Directory into the E drive where i wanted to store them.

Disk space check:

sqldiskspace

Change the standard SQL service accounts for the service account we created earlier, and change the startup service type to automatic for SQL Server Agent.

sqlserviceaccount

Add some security accounts, these should be the SQL-Admin group we created earlier, your current admin account and the service account.

sqlauthen

Check the Data directories screen to ensure they are going to where you want them to go…

sqldbengine

Do the same for analysis Services Configuration:

sqlanalysisservices

for Reporting Services Configuration we will do an install only:

sqlanalysisservicesconfig

Ignore the error reporting. unless you want it.

Let it run through the install:

sqlinstall

It should now be completed:

sqlcomplete

Our SQL Instance is now installed.

SCCM Instance

If you are going to be running through an SCCM install with me then we are going to install another SQL Instance. If not, then please skip to the next blog post.

So from the installer menu, we are going to select New SQL stand-alone installation.

sqlsecondinstance

Ensure Perform a new installation of SQL Server 2012 is selected.

sqlsccminstalltype

Select Evaluation for Product Key, and Accept the Licensing Terms.

Select Server Feature installation, add the same roles as we did before:

sqlsccmfeature

Move onto the Instance Configuration Page.

Change the name to WINSCCM, or whatever you want it to be called.

Change the DB directory to the already made folder structure we created on our additional attached drive.

sqlsccminstancename

Ensure Disk Space requirement is completed

sqldiskspace2

Again change the service accounts to one we created earlier. Change Startup process to Automatic for SQL Server Agent.

sqlsccmservicenames

Now select the TAB for Collation.

Change the Database Engine Collation to SQL_Latin1_General_CP1_CI_AS

sqlinstancecollation

OK that, and select Next. Add in your current user, and the SQL service account and Administrator groups. Select Next again.

Do the same for Analysis Service Configuration.

Under reporting services Configuration, just select Install.

Either opt in or out of error reporting.

Progress to install the new Instance. The second instance should now complete.

sqlsccmcomplete