My first book is published! (VMM 2016 Cookbook)

My first book that I have been working day and night on for the last four months is published and globally available! The System Center Virtual Machine Manager 2016 Cookbook (English, 575 pages) includes multiple tips, tricks and techniques to help you make the perfect VMM fabric (see What this book covers  section at the bottom of this post for details)

I have done a complete makeover of the previous edition and,therefore, we have the  chapters written from the scratch, plenty of new recipes and revised old ones to meet changes in VMM 2016.  This book is essentially intended to system engineers, solution architects, administrators and anyone who want to learn and master Virtual Machine Manager 2016 (however, since we have two channels (LTSB/SAC), you will also find references to the latest VMM 1801 release in the semi-annual channel).

The book is available in paperback and ebook formats at Amazon and Packt

Please don’t forget to write your feedback/review on Amazon.


Get the ebook for free! 

I am happy to be giving away 10 copies of the ebook in collaboration with Altaro Software! If you want to get it for free, follow these steps:

  • Download Altaro VM Backup using a business email address
  • Install Altaro VM Backup and add at least 1 virtual machine
  • Send a screenshot of the main dashboard view of your running Altaro VM Backup to win@altaro.com. Make sure that the added VM/s is visible in the screenshot.

The first 10 valid entries, will get a copy of my ebook!


Acknowledgements

I am grateful to all of those with whom I have had the pleasure to work during this project. This book would not be possible without Packt team who found me and offered to take up the writing. I say thank you to Devika Battike, Manish Shanbhag, Heramb Bhavsar and Prateek Bharadwaj for supporting and helping me along the way.

A special thank goes to Edvaldo Alessandro Cardoso, an author of two previous editions, for an active participation and for being a technical reviewer together with Tomica Kaniski. I could not have finished this edition without your help.

In addition, I wish to mention the Microsoft team for helping to make this book as accurate as possible, in particular: Steven Ekren, Elden Christensen Sai Prasanna Vudataneni, Krupesh Dhruva and Sonal Agarwal. I am pretty sure our long discussions and your feedbacks will be appreciated by readers.

I have worked nonstop on the book for the last months and truly couldn’t survive without my family. Nobody has been more important to me than you. Thank you very much for your support, inspiration and love.

What this book covers
  • Chapter 1, VMM 2016 Architecture, provides an understanding of the VMM modular architecture, which is useful when designing VMM and troubleshooting deployment. This chapter also covers all requirements that must be satisfied to make a private cloud.
  • Chapter 2, Upgrading from Previous Versions, walks through all the necessary steps to upgrade the previous version of Virtual Machine Manager to the new VMM 2016, covering its database, highly available configurations and post-upgrade tasks.
  • Chapter 3, Installing VMM 2016, focus on deploying VMM and it’s dependencies. It gives also a plenty of tips and tricks to install and automate VMM and SQL Server deployments in both Windows Server Core and Full environments.
  • Chapter 4, Installing a High Available VMM Server, dives into more advanced VMM configuration, and provides an understanding how VMM has become a critical part of the private cloud infrastructure. You will also learn how to make a highly available library server and VMM configuration database.
  • Chapter 5, Configuring Fabric Resources, discusses building a new fabric in VMM by configuring compute, storage and networking resources. It starts by adding hosts group and ends by creating a hyper-converged cluster with Storage Spaces Direct and Hyper-V. It also covers a deployment of a Network Controller providing a good start point for network virtualization implementation.
  • Chapter 6, Configuring Guarded Fabric, walks you through the recipes to help protect confidential data by deploying new shielded VMs as a part of Guarded Fabric consisting of Guarded Hosts and Host Guardian Service. It also discusses how to convert existing VMs to shielded and manage them through VMM.
  • Chapter 7, Deploying Virtual Machines and Services, provides information to help the administrator to create,deploy and manage private clouds, virtual machines, templates, and services in VMM 2016; it provides recipes to assist you in getting the most our of deployment.
  • Chapter 8, Managing VMware ESXi Hosts, shows you how to manage and make VMware recources available to private cloud deployments. It also covers converting VMware machines to Hyper-V (V2V), deploying virtual machines and templates, all from the VMM console.
  • Chapter 9, Managing Clouds, Fabric Updates, Resources, Clusters and the New Features of 2016, covers other new features of VMM 2016 such as Cluster OS Rolling upgrade and Production Checkpoints. You will also learn how to integrate VMM 2016 with Windows Azure Pack for VM Clouds management.
  • Chapter 10, Integration with System Center Operations Manager 2016, guides you through the steps required to complete integration of SCOM 2016 with VMM in order to enable monitoring of the private cloud infrastructure.

VMM 2016 Cookbook

PS: code files will be uploaded soon (Packt team is still working on it)

Automate SCOM 2016 installation with PowerShell

This blog post demonstrates how to automate installation of SCOM 2016 and its requirements using PowerShell. If you’d like, you can also use it partly to install just software prerequisites or service accounts.

My demo lab is configured in the following way:

  • SCOM Server –  VM with up to 8Gb RAM, 4vCPU, Windows Server 2016
  • SCOM VMs has an Internet Connection (to get Report Viewer/Runtime)
  • SQL Server – VM with up to 4Gb RAM. Windows Server 2016
  • Database Services, Full Text and Reporting Services – Native were installed on the SQL Server VM.
  • These machines are also joined to the same domain
  • SCOM media copied to the <systemdrive>\SCOM2016
  • I checked the script using my domain administrator account
  • Download link is available at the bottom
What does the script do?
  • Downloads and installs Report Viewer Controls and required Runtime
New-Item $env:systemdrive\SCOM2016Reqs -ItemType Directory
Invoke-WebRequest http://download.microsoft.com/download/A/1/2/A129F694-233C-4C7C-860F-F73139CF2E01/ENU/x86/ReportViewer.msi -OutFile $env:systemdrive\SCOM2016Reqs\ReportViewer.msi
Invoke-WebRequest http://download.microsoft.com/download/F/E/E/FEE62C90-E5A9-4746-8478-11980609E5C2/ENU/x64/SQLSysClrTypes.msi -OutFile $env:systemdrive\SCOM2016Reqs\SQLSysClrTypes.msi
Start-Process "$env:systemdrive\SCOM2016Reqs\SQLSysClrTypes.msi" /qn -Wait
Start-Process "$env:systemdrive\SCOM2016Reqs\ReportViewer.msi" /quiet -Wait
Write-Host "The Report Viewer Controls and Runtime have been installed" -ForegroundColor DarkCyan
  • Creates required service accounts, SCOM administrator group in the specified OU and configures required permissions (local admin rights for the SCOM admin group)
Install-WindowsFeature RSAT-AD-PowerShell
$adcn=(Get-ADDomain).DistinguishedName
$dname=(Get-ADDomain).Name
New-AdUser SCOM-AccessAccount -SamAccountName scom.aa -AccountPassword (ConvertTo-SecureString -AsPlainText $svcpass -Force) -PasswordNeverExpires $true -Enabled $true -Path "OU=$ouname,$adcn"
New-AdUser SCOM-DataWareHouse-Reader -SamAccountName scom.dwr -AccountPassword (ConvertTo-SecureString -AsPlainText $svcpass -Force) -PasswordNeverExpires $true -Enabled $true -Path "OU=$ouname,$adcn"
New-AdUser SCOM-DataWareHouse-Write -SamAccountName scom.dww -AccountPassword (ConvertTo-SecureString -AsPlainText $svcpass -Force) -PasswordNeverExpires $true -Enabled $true -Path "OU=$ouname,$adcn"
New-AdUser SCOM-Server-Action -SamAccountName scom.sa -AccountPassword (ConvertTo-SecureString -AsPlainText $svcpass -Force) -PasswordNeverExpires $true -Enabled $true -Path "OU=$ouname,$adcn"
New-AdGroup -Name SCOM-Admins -GroupScope Global -GroupCategory Security -Path "OU=$ouname,$adcn"
Add-AdGroupMember SCOM-Admins scom.aa,scom.dwr,scom.dww,scom.sa
Add-LocalGroupMember -Member $dname\SCOM-Admins -Group Administrators
#SQL Server service accounts (SQLSSRS is a service reporting services account)
New-AdUser SQLSVC -SamAccountName sqlsvc -AccountPassword (ConvertTo-SecureString -AsPlainText $svcpass -Force) -PasswordNeverExpires $true -Enabled $true -Path "OU=$ouname,$adcn"
New-AdUser SQLSSRS -SamAccountName sqlssrs -AccountPassword (ConvertTo-SecureString -AsPlainText $svcpass -Force) -PasswordNeverExpires $true -Enabled $true -Path "OU=$ouname,$adcn"
Write-Host "The service Accounts and SCOM-Admins group have been added to OU=$ouname,$adcn" -ForegroundColor DarkCyan

  • Configures SQL Server by creating required Windows Firewall rules and adding SCOM-Admins group to the administrators on the server
$secpasswd = ConvertTo-SecureString $sqlpass -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("$dname\$sqluser", $secpasswd)
$psrem = New-PSSession -ComputerName $sqlsrv -Credential $cred
Invoke-Command -Session $psrem -ScriptBlock{
Install-WindowsFeature RSAT-AD-Powershell
Set-NetFirewallRule -Name WMI-WINMGMT-In-TCP -Enabled True
New-NetFirewallRule -Name "SQL DB" -DisplayName "SQL Database" -Profile Domain -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow
New-NetFirewallRule -Name "SQL Server Admin Connection" -DisplayName "SQL Admin Connection" -Profile Domain -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow
New-NetFirewallRule -Name "SQL Browser" -DisplayName "SQL Browser" -Profile Domain -Direction Inbound -LocalPort 1434 -Protocol UDP -Action Allow
New-NetFirewallRule -Name "SQL SRRS (HTTP)" -DisplayName "SQL SRRS (HTTP)" -Profile Domain -Direction Inbound -LocalPort 80 -Protocol TCP -Action Allow
New-NetFirewallRule -Name "SQL SRRS (SSL)" -DisplayName "SQL SRRS (SSL)" -Profile Domain -Direction Inbound -LocalPort 443 -Protocol TCP -Action Allow
New-NetFirewallRule -Name "SQL Instance Custom Port" -DisplayName "SQL Instance Custom Port" -Profile Domain -Direction Inbound -LocalPort $sqlserverport -Protocol TCP -Action Allow
New-NetFirewallRule -Name "SQL Server 445" -DisplayName "SQL Server 445" -Profile Domain -Direction Inbound -LocalPort 445 -Protocol TCP -Action Allow
New-NetFirewallRule -Name "SQL Server 135" -DisplayName "SQL Server 135" -Profile Domain -Direction Inbound -LocalPort 135 -Protocol TCP -Action Allow
Add-LocalGroupMember -Member $arg[0]\SCOM-Admins -Group Administrators} -ArgumentList $dname
Write-Host "The SQL Server $sqlsrv has been configured" -ForegroundColor DarkCyan
  • Installs Web Console prerequisites (ISS and so on)
Install-WindowsFeature NET-WCF-HTTP-Activation45,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors, `
Web-Http-Logging,Web-Request-Monitor,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Metabase,Web-Asp-Net,Web-Windows-Auth
Write-Host "The Web Console prerequisites have been installed" -ForegroundColor DarkCyan
  • Installs the SCOM Server (OMServer, OMConsole and OMWebConsole).
$arglist= @("/install /components:OMServer,OMConsole,OMWebConsole /ManagementGroupName:$mgmtgroup /SqlServerInstance:$sqlsrv\$sqlinstancename /SqlInstancePort:$sqlserverport",
"/DatabaseName:OperationsManager /DWSqlServerInstance:$sqlsrv\$sqlinstancename /DWDatabaseName:OperationsManagerDW /ActionAccountUser:$dname\scom.sa",
"/ActionAccountPassword:$svcpass /DASAccountUser:$dname\scom.aa /DASAccountPassword:$svcpass /DataReaderUser:$dname\scom.dwr",
"/DataReaderPassword:$svcpass /DataWriterUser:$dname\scom.dww /DataWriterPassword:$svcpass /WebSiteName:""Default Web Site""",
'/WebConsoleAuthorizationMode:Mixed /EnableErrorReporting:Always /SendCEIPReports:1 /UseMicrosoftUpdate:1 /AcceptEndUserLicenseAgreement:1 /silent')
Start-Process -FilePath $env:systemdrive\SCOM2016\setup.exe -ArgumentList $arglist -Wait
Write-Host "The SCOM has been installed. Don't forget to license SCOM" -ForegroundColor DarkCyan
  • Once SCOM is installed, verify installation logs located at  <username>\AppData\Local\SCOM\LOGS\OpsMgrSetupWizard.txt .
    Additionally, don’t forget to set a valid SCOM 2016 product key by using the  Set-SCOMLicense –ProductId <key>

scom16_installation

That’s it. Just run the script, provide values for SQL Server connection/credentials and etc and wait until the SCOM installation is complete.

I uploaded the script, so feel free to use it (please mention my blog once you shared the script or part of it. Let’s respect each other!)

DOWNLOAD THE SCRIPT