MSL-TMG1 Gateway Virtual Machine Microsoft Hyper-V Classroom Setup Guide

Contents
Forefront Threat Management Gateway VM Introducing Microsoft Hyper-V Setup Overview Classroom Requirements Hardware Software Classroom Configuration Instructor Computer Checklist Instructor Computer Setup 1. Add the Hyper-V Server Role 2. Create Private and External Virtual Networks 3. Install MSL-TMG1 virtual machine 4. Create a Setup Share 5. Copy the Virtual Machine Files to the Student Computer 6. Run the VM-Pre-Import script 7. Import the MSL-TMG1 Virtual Machine on the Instructor Computer 8. Configure the MSL-TMG1 Virtual Machine on the Instructor Computer Enable the Web Access Rule Apply All Windows Updates Ensure Malware Definitions Are Updated 9. Configure and Verify Internet Connectivity for Internal Virtual Machines Verify That the TMG-VM Has Internet Connectivity 1 1 2 2 3 3 3 5 6 7 7 7 9 9 10 10 10 10 11 11 11 12

Verifying Internet Connectivity from the Virtual Machines Optional Procedure If an Internet Proxy Server Is Used on the Network Optional Procedure If DNS Resolution Is Restricted to Certain DNS Servers on Your Network Student Computer Checklist Student Computer Setup 1. Install the Hyper-V Server Role 2. Install the Base Image / Virtual Machine Files Appendix A Appendix B Supporting Virtual Server and Virtual PC Labs on Hyper-V Classroom Computers

12 15 15 17 18 18 18 19 20 20

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. 2011 Microsoft Corporation. All rights reserved. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en /us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.

Version 1.2

MSL-TMG1 Gateway Virtual Machine

Forefront Threat Management Gateway VM

Several Microsoft Learning requires Internet connectivity for some or all of the labs. To provide a more secure connection to the Internet, Microsoft Learning has created a VM that is running Forefront Threat Management Gateway (TMG VM). You will need to download and install the TMG VM on each host computer as part of classroom setup. The TMG VM is configured as a secure gateway for Internet access. The TMG VM is configured with two virtual networks, External Network and Private Network. The Private Network is the network that all lab VMs are connected to. The External Network is attached to the network adapter on the host computer, which provides access to the network that the host machine is attached to, and ultimately access to the Internet. Each computer in the lab VMs will be configured with the TMG VM as the default gateway. The TMG VM will be configured with a web access rule that will enable the VMs on the Private Network to access the Internet. To ensure that the environment is secure, this rule is disabled by default, and must be enabled as part of classroom setup.

Introducing Microsoft Hyper-V

Important Note: This setup requires Windows Server 2008 R2 SP1 Hyper-V. To facilitate importing virtual machines in to your Hyper-V server, you must run the VMPre-Import scripts which will create symbolic links to the Base/Middle-Tier images in the C:\Program Files\Microsoft Learning\MSL-GW\MSL-TMG1\Virtual Hard Disks\ folder.

This learning product is developed using Microsoft Hyper-V running on Windows Server 2008 R2 SP1. Hyper-V is a virtualization technology that allows a single computer to act as a host for one or more virtual machines. The virtual machines use a set of virtual devices that might or might not map to the physical hardware of the host computer. The software that is installed onto the virtual machine is unmodified, full-version, retail software that operates exactly as it does when it is installed onto physical hardware. The following definitions will help you with the remainder of this document: Hyper-V: Hyper-V is a server application that enables users to run a broad range of operating systems simultaneously on a single physical server. Hyper-V is included with some versions of Windows Server 2008 R2 SP1 and other versions of Windows Server. Host Computer: The physical computer onto which an operating system and the Hyper-V server role have been installed.

MSL-TMG1 Gateway Virtual Machine

Host Operating System: The operating system that is running on the physical computer. Windows Server 2008 R2 SP1 is the supported operating system for this learning product Virtual Machine: The computer that is running inside Hyper-V. In this document, Hyper-V refers to the application running on the host, while virtual machine refers to the guest operating system and any software that is running inside the Hyper-V application. Guest Operating System: The operating system that is running inside the virtual machine.

Note: To access the Windows Security dialog box for a guest operating system, press CTRL+ALT+END. Pressing CTRL+ALT+DELETE while working with a virtual machine will display the Windows Security dialog box for the host operating system. To close the dialog box, press ESC. Other than this difference, software on a virtual machine behaves as it would behave on a physical computer.

The setup instructions that you will follow as part of this classroom setup guide configure Hyper-V and the Virtual Machines that run on the host. Changing any of the configuration settings may render the labs for this learning product unusable.
Note: Some legacy courseware from Microsoft Learning requires Virtual Server or Virtual PC. If your classroom computers require running Virtual Server or Virtual PC as well as Hyper-V, please see Supporting Virtual Server and Virtual PC labs on Hyper-V Classroom Computers in Appendix B.

Setup Overview
The host computers must be set up with a 64 bit version of Windows Server 2008 R2 SP1and must be running on 64 bit hardware. For more information on the supported hardware for Hyper-V, please see the follow web site: http://www.microsoft.com/hyper-v. The setup procedures below assume that the host computers can communicate with each other for setup purposes. You should note the administrators user name and password for the host computers and provide this information to the instructor.

Classroom Requirements
This learning product requires a classroom with a minimum of one computer for the instructor and one for each student. Refer to the specific course setup guide for classroom requirements for the course. Before class begins, use the following information and instructions to install and configure the MSL-TMG1 VM.

MSL-TMG1 Gateway Virtual Machine

Hardware
The classroom computers require the following hardware and software configuration. Hardware Level 6 Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor Dual 120 GB hard disks 7200 RM SATA or better* 4 GB RAM expandable to 8GB or higher DVD drive Network adapter Super VGA (SVGA) 17-inch monitor Microsoft Mouse or compatible pointing device Sound card with amplified speakers

*Striped In addition, the instructor computer must be connected to a projection display device that supports SVGA 1024 x 768 pixels, 16 bit colors.

Software
Please note that, unless otherwise indicated, this software is not included in the Trainer Materials disc. This learning product was developed and tested on supported Microsoft software, which is required for the classroom computers.

Classroom Configuration
When the MSL-TMG1 VM is included in the classroom setup, the MSL-TMG1 VM provides a secure gateway for the other virtual machines running on the host machine to the Internet. The other virtual machines must use the MSL-TMG1 VM as their default gateway so that they can connect to the MSL-TMG1 VM for Internet connectivity. After completing the classroom setup for the MSL-TMG1 VM, return to the course specific classroom setup guide.

MSL-TMG1 Gateway Virtual Machine

The following diagram illustrates the virtual machine configuration if the MSL-TMG1 VM is deployed.

Estimated Time to Set up the Classroom: 60 Minutes

MSL-TMG1 Gateway Virtual Machine

Instructor Computer Checklist

1. Add the Hyper-V Server Role 2. Create Private and External Virtual Networks 3. Install MSL-TMG1 virtual machine 4. Create a Setup Share 5. Copy the Virtual Machine Files to the Student Computer 6. Run the VM-Pre-Import script 7. Import the MSL-TMG1 Virtual Machine on the Instructor Computer 8. Configure the MSL-TMG1 Virtual Machine on the Instructor Computer 9. Configure and Verify Internet Connectivity for Internal Virtual Machines

MSL-TMG1 Gateway Virtual Machine

Instructor Computer Setup

Use the instructions in the following section to set up the classroom manually. Before starting the installation of the instructor computer, Windows Server 2008 R2 SP1 must be installed on the computer.
Important: The operating systems installed on the virtual machines in this learning product have not been activated. Rearm has been run at the end of development, and the OS in the virtual machine will be in a grace state. This grace state lasts for 30 days for the client and 60 days for the server. If you keep these virtual machines running longer than this, you will either have to run rearm or activate the virtual machines using your own keys. If the operating system has not retained this state, you may have time to run the class before activation is required. Otherwise you can rearm the operating system by running slmgr rearm at the Administrative command prompt. If no additional rearms are available, then the virtual machine will go in to notification mode but will still provide full functionality. You will just have to close the initial messages about activation. You may be prompted to restart the computer when the VM is started for the first time. This is because of the hardware differences on the Host computer. You can just click Restart Later to close the message.

MSL-TMG1 Gateway Virtual Machine

1. Add the Hyper-V Server Role

In this task, you will add the Hyper-V server role on the Windows Server 2008 R2 SP1 host computer.
Important: If the Hyper-V role is already added, you can skip this procedure.

1. On the host computer, click Start, point to Administrative Tools, and click Server Manager. 2. In the Server Manager console, click Roles. In the details pane, click Add Roles. 3. On the Before You Begin page, click Next. 4. On the Select Server Roles page, select the Hyper-V check box and click Next. 5. On the Hyper-V page, click Next. 6. On the Create Virtual Networks page, select the Local Area Connection check box, and click Next. 7. On the Confirm Installation Selections page, click Install. When prompted to restart the computer, click Restart now. 8. After the server restarts, logon using administrator credentials. When the installation finishes, click Close.

2. Create Private and External Virtual Networks

This section lists the networks created for this learning product. If you already have Private and External virtual networks created, this procedure can be skipped. 1. On the host machine, click Start, point to Administrative Tools, and click Hyper-V. 2. In the Hyper-V Manager console, click Virtual Network Manager. 3. In the center pane, click Private, and click Add. 4. In the Name field, type Private Network, click OK. 5. Repeat the above steps to create an External network named External Network.

3. Install MSL-TMG1 virtual machine

The MSL-TMG1 VM can be downloaded from the MCT Download Center in the Base Virtual Hard Disks Mid-Tiers (ENGLISH) folder. The TMG VM requires Base11A-WS08R2SP1.VHD which is also available on the DLC in the Base Virtual Hard Disks (ENGLISH) folder.

MSL-TMG1 Gateway Virtual Machine

Extract the Base Images:

Note: If Base11A-WS08R2SP1.VHD is already installed on the host computer, this procedure can be skipped.

1. From the source files location, double-click Base11A-WS08R2SP1.part01.exe. 2. In the Official Microsoft Learning Products End-User License Agreement window, click Accept to indicate that you accept the terms in the license agreement. 3. In the WinRAR self-extracting archive window, in the Destination folder text box, ensure that C:\Program Files\Microsoft Learning\Base is listed, and then click Install. Please wait while the base virtual hard disk file is extracted. This might take a few minutes. Extract the MSL TMG1 Virtual Machines: (if required for disk space, you can extract the VM to a different drive as long as the Base and the Middle-Tier images are located in the default path) 1. From the source files location, double-click MSL-TMG1.part01.exe. 2. In the Official Microsoft Learning Products End-User License Agreement window, click Accept to indicate that you accept the terms in the license agreement. 3. In the WinRAR self-extracting archive window, in the Destination folder text box, ensure that C:\Program Files\Microsoft Learning\ is listed, and then click Install. Please wait while the virtual machine is extracted. This might take a few minutes.
Note: After completing the extraction of all of the files, you should have the following files installed:
File Base11A-WS08R2SP1.vhd MT11-MSL-TMG1.vhd MT11-MSL-TMG1-Diff.vhd VM-Pre-Import-MSL-TMG1-.bat Config.xml 069072AD-F5E1-4394-B38A80EDA4A0DF99.exp In Folder C:\Program Files\Microsoft Learning\Base C:\Program Files\Microsoft Learning\Base\Drives C:\Program Files\Microsoft Learning \MSL-GW\MSL-TMG1\Virtual Disks C:\Program Files\Microsoft Learning \MSL-GW\MSL-TMG1 C:\Program Files\Microsoft Learning \MSL-GW\MSL-TMG1 C:\Program Files\Microsoft Learning \MSL-GW\MSL-TMG1\Virtual Machines

MSL-TMG1 Gateway Virtual Machine

4. Create a Setup Share

In this task, you will share virtual machine files for copying to student computers. 1. Share the C:\Program Files\Microsoft Learning\Base folder using a share name of Base_Drives. 2. Share the C:\Program Files\Microsoft Learning\MSL-GW folder using a share name of MSL-GW.
Note: For information on how to set up a share in Windows Server 2008 R2 SP1, see the topic Share a Resource in Windows Help and Support.

5. Copy the Virtual Machine Files to the Student Computer

Note: you must perform the file copy prior to importing the virtual machines. Once you import the virtual machines, you will not be able to import them again.

1. From the student computer, copy Base11A-WS08R2SP1.VHD from the Base_Drives share on the instructor computer to C:\Program Files\Microsoft Learning\Base. 2. From the student computer, copy MT11-MSL-TMG1.VHD from the Drives folder in the Base_Drives share on the instructor computer to C:\Program Files\Microsoft Learning\Base\Drives. 3. Copy all of the files from the MSL-GW share on the instructor computer to C:\Program Files\Microsoft Learning\MSL-GW.
Note: Ensure that all files are copied. 1. C:\Program Files\Microsoft Learning\MSL-GW and all included folders and files 2. C:\Program Files\Microsoft Learning\Base\Base11A-WS08R2SP1.VHD 3. C:\Program Files\Microsoft Learning\Base\Drives\MT11-MSL-TMG1.VHD 4. Ensure that you have copied the files using a permission retaining software such as RoboCopy or XCopy. 5. Check that all permissions have been retained, by looking at the directories above and making sure they are not Read Only.

10

MSL-TMG1 Gateway Virtual Machine

6. Run the VM-Pre-Import script

In this task, you will run the VM-Pre-Import-MSL-TMG1.bat file. This script will create links in the import folder to the Mid-Tier images necessary for importing each VM. 1. Double-click C:\Program Files\Microsoft Learning\MSL-GW\MSL-TMG1\VM-PreImport-MSL-TMG1.bat (root of the virtual machine import folder). 2. Verify the links are created in the appropriate C:\Program Files\Microsoft Learning\MSL-GW\MSL-TMG1\Virtual Hard Disks\ folders.

7. Import the MSL-TMG1 Virtual Machine on the Instructor Computer

1. On the Instructor computer, on the host machine, click Start, point to Administrative Tools, and click Hyper-V Manager. 2. In the Actions pane, click Import Virtual Machine. 3. In the Import Virtual Machine dialog box, click Browse. Browse to C:\Program Files\Microsoft Learning\MSL-GW\MSL-TMG1, and then click Select Folder. 4. Click Import.

8. Configure the MSL-TMG1 Virtual Machine on the Instructor Computer

Enable the Web Access Rule
Note: Enabling the Web Access rule on the TMG VM will allow VMs on the Private Network to access the Internet.

1. Log on to the MSL-TMG1 VM as Administrator, password Pa$$word. 2. Click Start, All Programs, Microsoft Forefront TMG, click Forefront TMG Management. 3. In the left panel, expand Forefront TMG (MSL-TMG1) and then click Firewall Policy. 4. Right-click the Allow Web Access for All Users rule, and click Enable. 5. Click Apply twice, and then click OK.
Note: In order to complete the next two tasks, the virtual machine must be connected to the Internet. You may need to use the steps listed in the following section Configure and Verify Internet Connectivity for Internal Virtual Machines to connect the virtual machine to the Internet.

MSL-TMG1 Gateway Virtual Machine

11

Apply All Windows Updates

Note: You should apply all available updates from Windows Update to ensure that the virtual machine is as secure as possible. If you cannot connect to Windows Update after enabling the web access rule, see the next section for suggestions on how to enable Internet access on the TMG server.

1. Click Start, All Programs, click Windows Update. 2. Click Check for Updates. 3. If any available updates are listed, click Install Updates. Wait for the updates to install. If required, restart the computer.

Ensure Malware Definitions Are Updated

Note: TMG is configured to check for updates every 15 minutes. Follow this procedure to ensure that the latest updates have been downloaded on MSL-TMG1.

1. Log on to the MSL-TMG1 VM as Administrator, with the password of Pa$$w0rd. 2. Click Start, All Programs, Microsoft Forefront TMG, click Forefront TMG Management 3. Click Update Center. 4. In the middle pane, right-click Malware Inspection and, click Check for and Install New Definitions. Click OK. 5. In the middle pane, right-click Network Inspection System and, click Check for and Install New Definitions. Click OK. 6. Verify that the Last Update Status column for both options is listed as Up to date.

9. Configure and Verify Internet Connectivity for Internal Virtual Machines

Before configuring Internet connectivity for the virtual machines, you need to understand the network configuration and Internet access requirements for the training center. Organizations can have many different configurations, and you may need to use one or more of the following procedures to ensure that the TMG server and the other virtual machines on the host machine have Internet connectivity.

12

MSL-TMG1 Gateway Virtual Machine

Verify That the TMG-VM Has Internet Connectivity

Note: By default, the MSL-TMG1 virtual machine is configured to use DHCP to obtain an IP address configuration for the network adapter that is connected to the external network. If the training center is using DHCP to assign IP address configurations that enable Internet connectivity, the MSL-TMG1 VM should have Internet connectivity. Use the following steps to verify and, if required, configure Internet connectivity.

1. Log on to the MSL-TMG1 VM as Administrator, password Pa$$w0rd. 2. Open Internet Explorer and attempt to connect to www.bing.com. If the connection succeeds, you can continue with verifying Internet connectivity on the other virtual servers. 3. If you cannot connect to the Internet, you may need to assign a static IP address configuration for the MSL-TMG1 VM. This will be the case if the training center requires static IP addresses for all computers that require Internet connectivity. Request a static IP address for each TMG-VM that you are deploying and configure the virtual machine using the following steps: a. Open Server Manager on MSL-TMG1. b. Click View Network Connections. c. Right-click the Public network connection and click Properties. d. Click Internet Protocol Version 4 (TCP/IPv4), and click Properties. e. Configure the appropriate IP address, Subnet mask, Default gateway, and Preferred DNS server. f. Click OK, and then click Close.

g. Test Internet connectivity again using step 2 above. 4. If you cannot connect to the Internet, and the training center does not require static IP addresses, but does use a proxy server for Internet access, you may need to configure a Web Chaining rule. See the Optional Procedure if an Internet Proxy Server is used on the network section below.

Verifying Internet Connectivity from the Virtual Machines

If the MSL-TMG1 VM has Internet connectivity, the next step is to verify that the virtual machines have Internet connectivity. To do this, use the following procedure: 1. Log on to the virtual machine using appropriate credentials. 2. Open Internet Explorer and attempt to connect to www.bing.com. If the connection succeeds, repeat this step on all other virtual machines that require Internet access.

MSL-TMG1 Gateway Virtual Machine

13

3. If you cannot connect to the Internet, you may need to reconfigure the network configuration for the MSL-TMG1 VM or the other virtual machines. The MSLTMG1 VM is configured to use the IP address 10.10.0.1 with a subnet mask of 255.255.0.0 on the Private network. The internal virtual machines must be configured to use the IP address assigned to the Private network on the TMG-VM as their default gateway. If this is not the case, you have two options: a. Change the IP address on the Private network on the MSL-TMG1 VM to match the default gateway assigned to the other virtual machines. If you choose this option, change the IP address on the Private network (for example, you can choose an IP address such as 192.168.0.1 network with a subnet mask of 255.255.255.0). Then, open the Forefront TMG management console on MSLTMG1, click Networking, double-click Internal, and on the Addresses tab, remove the existing IP network range, and then click Add Adapter, select Private, and click OK twice. Click Apply twice and click OK. b. Change the IP address configuration for the internal virtual machines to use IP addresses on the 10.10.0.0 network (subnet mask 255.255.0.0) and to use 10.10.0.1 as the default gateway. If you choose this option, you will need to reconfigure all virtual machines. You may also need to configure additional IP address settings. For example, if you change the IP address of a domain controller or DNS server virtual machine, you will need to change all of the other virtual machines to use that domain controller or DNS server for DNS. 4. If you have cloned the host machines to complete the classroom setup, the MAC address assigned to the external network adapter on the TMG server many be the same on all host machines. To address this, you will need to reconfigure the MAC address on the TMG virtual machine on each host machine. To do this, complete the following steps. Note that the MSL-TMG1 server must be shut down while you complete this task. a. In the Hyper-V console, open the Settings dialog box for the MSL-TMG1 virtual machine. b. Click the Legacy Network Adapter that is connected to the External Network. c. Under MAC address, click Static. For each host machine, modify the last box of the MAC address so that the Virtual Machine on each host machine has a unique value. See the following screenshot:

14

MSL-TMG1 Gateway Virtual Machine

5. If you cannot connect to the Internet from the virtual machines, but the IP address configuration is correct, the problem may be related to DNS name resolution. a. To verify that the issue is related to DNS name resolution, open a command prompt and type nslookup www.bing.com. If you receive and error proceed with one of the next two steps. b. If one of the virtual machines is configured as a DNS server, see the Optional procedure if DNS resolution is restricted to certain DNS servers on your network section below. c. If none of the virtual machines are configured as a DNS server, then you will need to configure the virtual machine to use a DNS server that can perform Internet name resolution. Request the IP address of a DNS server at the training center that can perform Internet name resolution, and assign that IP address as the DNS server for the virtual machine. 6. The cloud-based SQL Azure Database service is only available through TCP port 1433. If you are able to connect to Internet Web sites from the virtual machines, but cannot connect to SQL Azure, then ensure that the CPLS firewall allows outgoing TCP communication on TCP port 1433. The Firewall rule on the TMG server allows outbound connectivity for all ports.

MSL-TMG1 Gateway Virtual Machine

15

Optional Procedure If an Internet Proxy Server Is Used on the Network

Note: you will need to obtain the name of the proxy server used on your network.

Configure upstream proxy server in TMG 1. Log on to the MSL-TMG1 VM as Administrator, with the password of Pa$$word. 2. Click Start, All Programs, Microsoft Forefront TMG, click Forefront TMG Management 3. In the left panel, expand Forefront TMG (MSL-TMG1) and then click Networking. 4. On the Web Chaining tab, click the Default rule, then in the right pane, click Edit Selected Rule. 5. On the Action tab select Redirecting them to a specified upstream server 6. Next to Upstream proxy server, click Settings. 7. In the Specify Upstream Server Configuration box type: a. Server: {name of server} example: proxy.contoso.com. b. Port: 80 c. SSL Port: 443 8. Select Automatically poll upstream server for the configuration. 9. Ensure the Server URL is http://{name of server}:80/array.dll. 10. On the Bridging tab, in the Redirect SSL Requests as box, select SSL request, and then click OK. 11. Click Apply, click Apply, and then click OK.

Optional Procedure If DNS Resolution Is Restricted to Certain DNS Servers on Your Network
Note: You will need to obtain the IP address of an appropriate DNS server on your network that can be configured as a forwarder.

Configure DNS forwarder on VM running DNS on Private Network side of MSLTMG1 VM 1. On your host computer open a command prompt and type ipconfig /all. 2. Copy down one of the DNS server IP addresses.

16

MSL-TMG1 Gateway Virtual Machine

3. On the VM running DNS in the lab environment (e.g. MIA-DC1), click Start, Administrative Tools, DNS. 4. Click the server name, and then double-click Forwarders. 5. On the Forwarders tab, click Edit. 6. Type the IP address of an available DNS server from step 2 above. 7. Click OK twice and then close DNS Manager.
Note: After completing the classroom setup for the MSL-TMG1 VM, return to the course specific classroom setup guide and complete the setup for the course.

MSL-TMG1 Gateway Virtual Machine

17

Student Computer Checklist

1. Install the Hyper-V Server Role 2. Install the Base Image/ Virtual Machine Files

18

MSL-TMG1 Gateway Virtual Machine

Student Computer Setup

Use the instructions in the following section to set up the classroom manually. Before starting the installation of the student computer, a supported operating system must be installed on the computer. You can check the supported systems list at: http://go.microsoft.com/fwlink/?LinkId=94481
Caution: These instructions assume network connectivity between the instructor computer and the student computers. If you do not have connectivity, Microsoft Learning recommends copying the activated virtual machines to the student computers by means of a manually created DVD or universal serial bus (USB) drive.

1. Install the Hyper-V Server Role

Note: If Hyper-V is already installed, you can skip this procedure. For detailed instructions see the instructor computer setup.

2. Install the Base Image / Virtual Machine Files

Note: Ensure that all extracted courseware virtual machine files were copied from the Instructor computer during the Instructor Computer setup. The following directories and short cuts will be needed to ensure that the student has all necessary files for the MSL-TMG1 VM. 1. C:\Program Files\Microsoft Learning\MSL-GW and all included folders and files 2. C:\Program Files\Microsoft Learning\Base\Base11A-WS08R2SP1.VHD 3. C:\Program Files\Microsoft Learning\Base\Drives\MT11-MSL-TMG1.VHD

1. Check that all permissions have been retained, by looking at the directories above and making sure they are not Read Only. 2. Run the VM-Pre-Import script. For detailed instructions see the instructor computer setup. 3. Add the virtual machines to the Hyper-V management console. For detailed instructions see the instructor computer setup.

MSL-TMG1 Gateway Virtual Machine

19

Appendix A
The virtual machines were developed using the English (United States) layout shown below.

If your physical keyboard doesnt match the above layout, you may need to refer to the above layout for the character positions used to logon. For future logons and usage throughout the labs, you may want to install your keyboard layout in the virtual machine.

20

MSL-TMG1 Gateway Virtual Machine

Appendix B
Supporting Virtual Server and Virtual PC Labs on Hyper-V Classroom Computers
Microsoft Learning has created courseware with virtual labs that have required different virtualization technologies to be running on classroom computers. Legacy courseware from Microsoft Learning requires Virtual Server or Virtual PC, while current courseware requires Hyper-V. It is relatively easy to run courses on Virtual Server and Virtual PC on the same classroom computers. However, switching between legacy courses and courses that require Hyper-V requires significant classroom configuration changes and often involves re-imaging the classroom computers. The following procedure is offered as an option to help facilitate delivery of legacy and current Microsoft Learning courseware on the same classroom computers. If you require Hyper-V based courses as well as Virtual Server and Virtual PC courses on the same classroom computers, follow this optional procedure to set up a dual boot configuration. Virtual Server and Virtual PC can run on a computer that is running Hyper-V, however, the virtual machines will run very slowly. The procedure below creates a second boot entry that starts Windows Server with the hypervisor turned off. Running Virtual Server and Virtual PC VMs with the hypervisor turned off will improve the performance of the virtual machines.

Configure classroom computer to support Hyper-V, Virtual Server and Virtual PC based labs
1. Install Windows Server 2008 R2 SP1. 2. Install Hyper-V Role. 3. Update Hyper-V role if necessary (http://support.microsoft.com/kb/950050). 4. Create a boot entry with the hypervisor turned off. The following procedure provided courtesy of Ben Armstrong http://blogs.msdn.com/virtual_pc_guy/archive/2008/04/14/creating-a-no-hypervisorboot-entry.aspx a. Open an administrative command prompt. b. To view current boot configuration type: bcdedit.exe c. To create a copy of the current active boot entry and provide an appropriate name type: bcdedit.exe /copy {current} /d "Windows Server 2008 R2 SP1 - no hypervisor"

MSL-TMG1 Gateway Virtual Machine

21

d. To see the new boot entry type: bcdedit.exe

Note: hypervisorlaunchtype set to Auto

e. To turn off the hypervisor in the new boot entry type: bcdedit.exe /set {nnn} hypervisorlaunchtype Off
Note: replace {nnn} with identifier from new boot entry

5. Reboot computer and select the Windows Server 2008 R2 SP1 no hypervisor boot entry. 6. Install Virtual PC 2007 SP1. 7. Install Virtual Server 2005 R2 SP1.
Note: Virtual Server requires IIS components to be installed and will prompt to install the components if not detected.

You are now ready to install Hyper-V as well as Virtual Server and Virtual PC based courses on your classroom computer. To switch between Hyper-V and Virtual Server/Virtual PC based courses, reboot the classroom computer and select the appropriate boot entry.