Microsoft Hyper-V: Setup

From wiki.jacobjohns.com


⬅ Hyper-V

Pre-flight

Before deploying ensure the selected host is ready for Hyper-V.

  • Configure remote management (iDrac, ILO, etc...)
  • Dedicated OS drive
  • Create raids, and VHDs for VM storage if applicable
  • UEFI + Secure Boot is recommended
  • Enable virtualization

OS Installation

Use the latest Windows Server you are licensed for and ensure to install the OS to the dedicated SSD drive. Core is recommended, however Desktop experience can be used as well if one is unfamiliar with Windows Server Core. This Wiki is for Core edition only.

OS Configuration

Now time for some configuration. We are skipping the initial setting a password for the admin account and such. To get started with the commands exit sconfig with option 15.

IP/NIC Configuration and Remote Access

  • Set a static IP
    • Don't use DHCP. Don't leave host in your server network as host should be in management network.
Get-NetAdapter #List to get alias

New-NetIPAddress -InterfaceAlias "Ethernet" -IPAddress 10.10.10.43 -PrefixLength 24 -DefaultGateway 10.10.10.100
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddress 1.1.1.3,1.0.0.3 #If you have DNS use yours of
  • Disable WLAN, and power saving features
    • These will vary from NIC to NIC. View the below comments on how to identify features on your NIC. The goal is to disable any feature that may inadvertently affect network performance.
Set-NetAdapterPowerManagement -Name Ethernet -SelectiveSuspend Disabled -DeviceSleepOnDisconnect Disabled -WakeOnMagicPacket Disabled -WakeOnPattern Disabled

#View NIC features
Get-NetAdapterPowerManagement -Name Ethernet
  • Enable Remote Desktop (Optional)
    • Remote access can vary here depending on security practices. RDP is an easy solution if Hyper-V is the first host of an environment, iDrac is too clunky, and domain auth is not setup to allow Enter-PSSession. SSH can also be a viable solution.

To enable RDP, enter sconfig, and enter option 7. Configure per your requirements.

Name, Time, Domain

  • Set the hostname
Rename-Computer -NewName "HV-Host01" -Restart
  • List Zones and Set
    • Of course, you may not need set a zone if you domain join and have proper GPO
tzutil /l | ?{ $_ -match "Central" } #If needed, use this to show all zones and match your zone so you can set it next
tzutil /s "Central Standard Time"
  • Join Domain
    • Depending on your environment you may want to take updates before joining your domain
Add-Computer -DomainName "contoso.com" -Restart

Install Updates

Before we continue, take all optional and feature updates.

  • Enter sconfig
  • Enter option 6 for Updates menu
  • Option 3 first for Feature Updates
  • Followed by option 1
  • Repeat until no updates available in either option

Hyper-V Storage

Storage needs to be setup before Hyper-V can be installed and configured. This Wiki assumes VHD is configured and attached via raid card, and not using Windows Storage Spaces though Storage Spaces is viable in a single host setup with no raid controller.

  • Identify your disk's number
Get-Disk | Sort-Object Number | Format-Table Number, FriendlyName, Size, PartitionStyle, OperationalStatus
  • Bring disk online, and partition to GPT
Get-Disk -Number 0 | Set-Disk -IsOffline $false -IsReadOnly $false
Get-Disk -Number 0 | Clear-Disk -RemoveData -Confirm:$false
Get-Disk -Number 0 | Initialize-Disk -PartitionStyle GPT
  • Create partition and format to ReFS at 64kb
Get-Disk -Number 0 | New-Partition -UseMaximumSize -AssignDriveLetter | Format-Volume -FileSystem ReFS -NewFileSystemLabel "HyperV_Data" -AllocationUnitSize 65536 -Confirm:$false
  • Get drive letter
(Get-Partition -DiskNumber 0 | Get-Volume).DriveLetter
  • Create directories to new drive
New-Item -ItemType Directory -Path "D:\Hyper-V", "D:\Hyper-V\VMs", "D:\Hyper-V\VHDX", "D:\Hyper-V\ISOs", "D:\Hyper-V\Backups" -Force

Install Hyper-V

Lets get started

Install Hyper-V and management tools

Install-WindowsFeature -Name Hyper-V -IncludeManagementTools -Restart

#Verify after reboot
Get-WindowsFeature Hyper-V
Get-VMHost

Set Defaults

  • Set the default storage for VMs and VHDX
Set-VMHost -VirtualMachinePath "D:\Hyper-V\VMs" -VirtualHardDiskPath "D:\Hyper-V\VHDX"
  • Verify
Get-VMHost | Select VirtualMachinePath, VirtualHardDiskPath
  • Default checkpoints should be production
Set-VMHost -EnableEnhancedSessionMode $true
  • Or when creating a VM
Set-VM -Name <VMName> -CheckpointType Production

Live Migration

Configure if host needs to accept migrations. Standalone setups support live migration, and it is recommended to use dedicated/private networks for migration traffic much like VSAN or VMotion. 

Enable-VMMigration
Set-VMHost -VirtualMachineMigrationEnabled $true -VirtualMachineMigrationAuthenticationType CredSSP #Use kerberos based auth instead if on domain
Set-VMHost -MaximumVirtualMachineMigrations 4 #Depends on your host/network configuration

Otherwise disable 

Get-VMHost | Select VirtualMachineMigrationEnabled
Disable-VMMigration

Production vSwitch (External)

Hyper‑V Virtual Switch is the standard for connecting VMs to external networks

Single NIC
  • Find NIC Name
Get-NetAdapter | Sort-Object -Property Status,Name
  • Create External vSwitch and allow the host OS to share it
New-VMSwitch -Name "vSwitch-External" -NetAdapterName "Ethernet" -AllowManagementOS $true
  • Verify
Get-VMSwitch
Get-VMNetworkAdapter -ManagementOS
Switch Embedded Teaming (Multi-NIC)
  • Identify NICs
Get-NetAdapter | ?{ $_.Status -eq "Up" }
  • Create SET with uplinks (eg. two)
New-VMSwitch -Name "vSwitch-SET" -NetAdapterName "Ethernet1","Ethernet2" -EnableEmbeddedTeaming $true -AllowManagementOS $true
  • Verify
Get-VMSwitch
Get-VMSwitchTeam -Name "vSwitch-SET"
VLANs

If you use SET with one vSwitch, you can still create management OS vNICs and VLAN them for separation 

# Create additional management OS vNICs bound to the vSwitch
Add-VMNetworkAdapter -ManagementOS -Name "vNIC-Mgmt"     -SwitchName "vSwitch-SET"
Add-VMNetworkAdapter -ManagementOS -Name "vNIC-LiveMig"  -SwitchName "vSwitch-SET"

# Apply VLANs
Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName "vNIC-Mgmt"    -Access -VlanId 50
Set-VMNetworkAdapterVlan -ManagementOS -VMNetworkAdapterName "vNIC-LiveMig" -Access -VlanId 80

# Get Aliases
Get-NetAdapter | Where-Object Name -like "vEthernet*"

New-NetIPAddress -InterfaceAlias "vEthernet (vNIC-Mgmt)"    -IPAddress 10.10.10.43 -PrefixLength 24 -DefaultGateway 10.10.10.100
New-NetIPAddress -InterfaceAlias "vEthernet (vNIC-LiveMig)" -IPAddress 10.1.1.43 -PrefixLength 24

Windows Defender Exclusions

Exclude Hyper‑V paths, or we will get unnecessary I/O latency. 

Add-MpPreference -ExclusionPath "D:\Hyper-V", "C:\ProgramData\Microsoft\Windows\Hyper-V", "C:\Windows\System32\vmms.exe", "C:\Windows\System32\vmwp.exe"

Security Hardening

Keep host minimal, patched, don't use as a workstation, and manage over a secure remote connection.

Retrieved from "https://wiki.jacobjohns.com/index.php?title=Microsoft_Hyper-V:_Setup&oldid=543"