This scenario helps you use Virtual Machine Manager (VMM) in System Center 2012 Service Pack 1 (SP1) to set up an environment where self-service users—your clients or customers—can create their own virtual machines and configure networks for those virtual machines. You can use VMM together with two other System Center components, Operations Manager and App Controller, to help support your self-service users.
This solution is intended to serve as a high-level example, not as comprehensive or detailed guidance. You can use the example solution as a guide to posting descriptions of your own solutions that are particular to your business or organization. Then, other members of the community can follow your descriptions to get ideas for how to combine System Center components to meet their business requirements. You can view an example template on the TechNet Wiki at Cross Component Scenario template.
Different organizations, organizational departments, administrators, and users (including users of cloud-based services) have different levels of expertise and different degrees to which they want to be involved with managing physical and virtual computer resources. In this scenario, each organization, department, or group wants to focus on their own area of expertise and not have to work with details that are related to other areas of expertise. The following list describes the scenario:
Administrators at this level are called fabric administrators.
Administrators at this level are called tenant administrators.
People at this level are called application administrators or self-service users.
By using VMM in System Center 2012 SP1, the fabric administrator can create a private cloud, which is an aggregate set of hosted storage, networking, and other resources, and work with a tenant administrator to make those resources available to self-service users. Specifically, among the networking resources in the private cloud, the fabric administrator configures logical networks that support network virtualization. The tenant administrator then uses those logical networks as a foundation and creates virtual machine networks (VM networks) that use network virtualization. Then the self-service users can create virtual machines and connect them to the VM networks, without requiring knowledge of the underlying physical resources. The tenant administrator controls resource usage through user role quotas. Self-service users can assign and reassign VM networks without having to ask administrators for assistance, other than requesting changes in capacity and quotas when their requirements change.
This solution focuses on the networking aspect of the configuration, although it also includes other aspects. Through networking options that are available in VMM in System Center 2012 SP1, administrators can configure not only logical networks, which provide a foundation on which to build, but also VM networks, which are the networks that your self-service users can assign to virtual machines that they create. The methods of configuration in VMM allow for collaboration among administrators at different levels of expertise—highly knowledgeable networking administrators (fabric administrators) and basic networking administrators (tenant administrators).
You can create a private cloud from either of the following sources:
The Microsoft cloud strategy is hosted on the Private Cloud Solution Hub where architectural guidance is located. The strategy describes how a private cloud enables organizations to deliver information technology as services. The private cloud provides a pool of computing resources that are delivered as a standard set of capabilities that are specified, architected, and managed based on requirements defined by a private organization.
If you are not already familiar with the system requirements, review them in the following topics before you begin to deploy software:
Next, deploy the software. For more information about deployment, see the following topics:
You’ll also need to connect VMM with the other components. For more information about connecting VMM, see the following topics:
Before you begin to configure networking in VMM, you will need to create host groups (as containers to which you’ll later add hosts):
It is also a good idea to configure storage, add a VMM library server or VMM library share, and add hosts before you begin to configure networking in VMM. You can delay these steps, although you have to complete them before you apply a logical switch to host network adapters (as described in the following procedures) and before you create a private cloud. For more information, see the following topics:
The steps for accomplishing this solution are divided into three stages:
Before you start, you might want to familiarize yourself with some of the networking options in VMM by reviewing the diagrams in Networking in VMM Illustrated Overview. If you want to see screenshots before you start to create your own configuration, the blog post at http://blogs.technet.com/b/scvmm/archive/2013/01/08/virtual-networking-in-vmm-2012-sp1.aspx walks through networking in VMM and includes screenshots.
By taking the following steps, a fabric administrator can make computing capacity and connectivity available to others, in a way that does not require reconfiguration each time a new user comes along, or each time someone wants different resources.
1. Optionally, configure global network settings in VMM in System Center 2012 SP1
By default, when you add a Hyper-V host to VMM management, if a physical network adapter on the host does not have an associated logical network, VMM automatically creates and associates a logical network that matches the first DNS suffix label of the connection-specific DNS suffix. On the logical network, VMM also creates a VM network that is configured with “no isolation.” No network sites are created automatically.
These default logical network name creation and virtual network creation settings are customizable.
How to Configure Global Network Settings in VMM
2. Create logical networks, one of which has network virtualization enabled
You’ll need logical networks for basic functions, such as host management, plus a logical network with network virtualization enabled (to support virtual machines that self-service users will create). The logical network, and the network sites that you create inside the logical network, help you organize your network configuration. For example, you might base the name of a logical network Contoso1 on the name of your hosting company, Contoso Hosters. Inside that logical network, you can have a network site that is named Contoso1_Building1 and another network site that is named Contoso1_ Building2. The logical network and the network sites will provide a foundation on which you build additional network infrastructure.
By creating the logical network with network virtualization enabled, you can later create multiple virtual machine networks (VM networks) on top of that logical network, with each VM network serving the needs of a particular group of self-service users. The users can assign VM networks as part of virtual machine and service creation without having to understand the network details.
How to Create a Logical Network in VMM
3. Create an IP address pool for your logical network
Because you will be using network virtualization, you will need an IP address pool for your logical network.
How to Create IP Address Pools for Logical Networks in VMM
4. Decide on the properties and capabilities that you want for the network adapters in your VMM configuration
As your network configurations grow, you will want to simplify the process of configuring the network adapters on your host systems. You can do this with native port profiles and logical switches, which act as containers for the properties or capabilities that you want your network adapters to have. By applying a logical switch and port profiles to a network adapter, you can apply the required properties with a minimum of steps.
Before you begin to configure port profiles and logical switches, you might want to review the “Settings” and “Prerequisites” sections in the following overview.
Configuring Ports and Switches for VM Networks in System Center 2012 SP1 You can begin to familiarize yourself with native port profiles and logical switches in VMM by reviewing the diagrams for logical switches in Networking in VMM Illustrated Overview.
5. Create a native port profile for uplinks
A native port profile for uplinks acts as a container for the network sites that you want to connect a network to. It also provides details about how to configuring teaming for a network adapter, if you specify in your logical switch (a few steps later in this list) that you want to use teaming with any network adapters that are on the same host and have the same logical switch and port profiles applied to them.
How to Create a Native Port Profile for Uplinks in System Center 2012 SP1
6. Choose or create a native port profile for virtual network adapters
A native port profile for virtual network adapters specifies capabilities for those adapters, and makes it possible for you to control how bandwidth is used on the adapters. The capabilities include offload settings and security settings. You can choose from the native port profiles that are already included in VMM, or create your own. For example, you might use the native port profile named “High Bandwidth Adapter” to configure high-bandwidth virtual network adapters.
How to Create a Native Port Profile for Virtual Network Adapters in System Center 2012 SP1
7. Choose or create a port classification
Port classifications provide global names for identifying different types of virtual network adapter port profiles. A port classification can be used across multiple logical switches while the settings for the port classification remain specific to each logical switch. You can choose from the port classifications that are already included in VMM, or create your own. For example, you might use the port classification that is named “High bandwidth” to identify ports that are configured with high bandwidth.
How to Create a Port Classification in System Center 2012 SP1
Note This document does not describe virtual switch extensions or virtual switch extension managers. However, it’s a straightforward process to add these to your configuration after you finish this guide. If you want to learn how virtual switch extensions or virtual switch extension managers can help you with your configuration, see Configuring Ports and Switches for VM Networks in System Center 2012 SP1 on TechNet. Go to the “Settings” section, and review the “Logical switch” and “Virtual switch extension manager” rows of the table.
8. Create a logical switch
A logical switch brings your port profiles and port classifications together so that you can apply them to multiple network adapters.
Note that when you add an uplink port profile to a logical switch, the uplink port profile appears in a list of profiles that are available through that logical switch. When you apply the logical switch to a network adapter in a host, the uplink port profile is available in the list of profiles, but it is not applied to that network adapter until you select it from the list. This helps you to create consistency in the configurations of network adapters across multiple hosts, but it also makes it possible for you to configure each network adapter according to your specific requirements.
How to Create a Logical Switch in System Center 2012 SP1
9. Configure network settings on a host by applying your logical switch
To bring together the network settings that you configured in port profiles and logical switches, apply them to network adapters on a host. The network adapters can be physical network adapters or virtual network adapters on the host.
As described in the previous step, after you select the logical switch that you want to apply to a network adapter on a host, you see a list of the uplink port profiles that are available in that switch. You must select the one that you want for that specific adapter.
How to Configure Network Settings on a Host by Applying a Logical Switch in System Center 2012 SP1
10. Optionally, add a gateway
If you already have the provider software that supports your tenant administrator’s gateway server, this is a good time to add the gateway server to your configuration. The gateway allows the virtual machines that you will be hosting to connect to another network. Typically, this gateway will be a “VPN gateway,” also called a “remote gateway,” which means that it connects VM networks on your site through a VPN tunnel to a network on the premises of the tenant administrator. There are various prerequisites for configuring a VPN gateway, but the first one is to obtain the provider software that comes from the manufacturer of the gateway device, install the provider on the VMM management server, and then restart the System Center Virtual Machine Manager service.
Later, if you are creating a connection to a VPN gateway, you will configure the appropriate VM network to make the connection. If you want to review the full list of prerequisites for that process, see the “Prerequisites for gateways” section in the following overview topic:
Configuring VM Networks and Gateways in System Center 2012 SP1
For the steps for adding a gateway to VMM, see the following procedure:
How to Add a Gateway in System Center 2012 SP1
11. Review your configuration in preparation for creating a private cloud
A private cloud is an aggregate set of storage, networking, and other resources that you can make available to self-service users. During private cloud creation, you select the underlying fabric resources that will be available, configure library paths for private cloud users, and set the capacity for the private cloud. Therefore, before you create a private cloud, you might want to review your configuration. For more information, see the following sections:
Preparing the Fabric in VMM on TechNet (for links to other topics)
Configuring Storage in VMM Overview
How to Add a VMM Library Server or VMM Library Share
Creating Host Groups in VMM Overview
12. Create a private cloud
One way to create a private cloud is to use host groups that contain resources from Hyper-V hosts, VMware ESX hosts, Citrix XenServer hosts, or a combination of these hosts. The other way is to use a VMware resource pool. The wizard for creating a private cloud has a page where you can select the logical network that supports network virtualization, and also has a page where you can select the port classification that you created. Use one of the following procedures to create a cloud:
How to Create a Private Cloud from Host Groups
How to Create a Private Cloud from a VMware Resource Pool
13. Optionally, view a diagram of your network configuration
It can be useful to see a diagram of your network configuration. At this point, the type of diagram that shows the parts of the network that you have already configured is the Host Networks diagram. For information about how to view this and other diagrams, see the following procedure:
How to View VMM Network Configuration Diagrams in System Center 2012 SP1
14. Optionally, review the kinds of information that you can gather with Operations Manager
It can be useful to review the kinds of VMM configuration information that are available through Operations Manager:
Using Reporting in VMM
15. Create and configure the Tenant Administrator user role in VMM
The actions that members of the Tenant Administrator user role in VMM can take are controlled by the fabric administrator who creates the Tenant Administrator user role. Typically, tenant administrators can take the following actions. They can manage self-service users and VM networks. They can create, deploy, and manage their own virtual machines and services. They can also specify which tasks the self-service users can perform on their virtual machines and services. Also, tenant administrators can place quotas on computing resources and virtual machines.
When you create the Tenant Administrator user role and select the Actions that are allowed, be sure to include Author VMNetwork.
How to Create a Tenant Administrator User Role in VMM in System Center 2012 SP1
16. Optionally, create a user role in App Controller
You might want self-service users to use App Controller as a portal for deploying virtual machines. If so, perform this step to specify the access that users should have.
How to Create a User Role in App Controller
If instead you want self-service users to use the VMM console, you don’t have to create a user role in App Controller.
17. Create a VM network to which a self-service user can connect a virtual machine
By using network virtualization for your virtual machine networks (VM networks), you can create multiple VM networks on each logical network and configure IP subnets for those VM networks as needed. You do not have to be concerned about whether the IP addresses overlap from one VM network to the next. However, when a VM network connects through a gateway to another network, you do need to pay attention to overlap with the IP addresses in that network.
In the following topic, use the first procedure, which is the one for network virtualization:
How to Create a VM Network in System Center 2012 SP1 You can begin to familiarize yourself with VM networks and how they relate to logical networks by reviewing the diagrams in Networking in VMM Illustrated Overview.
18. Create an IP address pool for the VM network
You must create a static IP address pool for a VM network so that VMM can assign static IP addresses to Windows-based virtual machines (running on any supported hypervisor platform) that use the VM network.
How to Create IP Address Pools for VM networks in System Center 2012 SP1
19. Create and configure an “Application Administrator (Self-Service User)” role
In VMM, self-service users can use the VMM console or the VMM command shell to create and manage their own virtual machines and services. Tenant administrators can specify which tasks the self-service users can perform on their virtual machines and services. Tenant administrators can also place quotas on computing resources and virtual machines.
How to Create a Self-Service User Role in VMM
How to Enable Self-Service Users to Share Resources in VMM
How to Configure the Library to Support Self-Service Users
20. Log on as a self-service user (or if you are an administrator, test your configuration by logging on as a self-service user)
You can log on as a self-service user by using either App Controller as a portal, or by using the VMM console. When you open a connection through the VMM console, you can specify the user role through which you want to log on.
21. Review the permissions and resources available to self-service users
After logging on as a self-service user, you can try a few actions to confirm that the self-service user role under which you logged on provides the appropriate resources and permissions.
If you are an administrator but you’re logged on as a self-service user, it’s also a good idea to confirm that all expected resources are visible. Also, if you want a self-service user to be able to share resources (for example, a new service template) with other self-service users, confirm that the Share and Receive permissions are assigned to the intended self-service users.
Configuring the Library to Support Self-Service Users (background information)
How to Configure the Library to Support Self-Service Users (procedures)
To confirm that you can share a resource while you are logged on as a self-service user, see How to Share Resources as a Self-Service User in VMM.