Académique Documents
Professionnel Documents
Culture Documents
Contents
Forefront Threat Management Gateway VM Introducing Microsoft Hyper-V Setup Overview Classroom Requirements Hardware Software Classroom Configuration Instructor Computer Checklist Instructor Computer Setup 1. Add the Hyper-V Server Role 2. Create Private and External Virtual Networks 3. Install MSL-TMG1 virtual machine 4. Create a Setup Share 5. Copy the Virtual Machine Files to the Student Computer 6. Run the VM-Pre-Import script 7. Import the MSL-TMG1 Virtual Machine on the Instructor Computer 8. Configure the MSL-TMG1 Virtual Machine on the Instructor Computer Enable the Web Access Rule Apply All Windows Updates Ensure Malware Definitions Are Updated 9. Configure and Verify Internet Connectivity for Internal Virtual Machines Verify That the TMG-VM Has Internet Connectivity 1 1 2 2 3 3 3 5 6 7 7 7 9 9 10 10 10 10 11 11 11 12
Verifying Internet Connectivity from the Virtual Machines Optional Procedure If an Internet Proxy Server Is Used on the Network Optional Procedure If DNS Resolution Is Restricted to Certain DNS Servers on Your Network Student Computer Checklist Student Computer Setup 1. Install the Hyper-V Server Role 2. Install the Base Image / Virtual Machine Files Appendix A Appendix B Supporting Virtual Server and Virtual PC Labs on Hyper-V Classroom Computers
12 15 15 17 18 18 18 19 20 20
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. 2011 Microsoft Corporation. All rights reserved. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en /us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.
Version 1.2
This learning product is developed using Microsoft Hyper-V running on Windows Server 2008 R2 SP1. Hyper-V is a virtualization technology that allows a single computer to act as a host for one or more virtual machines. The virtual machines use a set of virtual devices that might or might not map to the physical hardware of the host computer. The software that is installed onto the virtual machine is unmodified, full-version, retail software that operates exactly as it does when it is installed onto physical hardware. The following definitions will help you with the remainder of this document: Hyper-V: Hyper-V is a server application that enables users to run a broad range of operating systems simultaneously on a single physical server. Hyper-V is included with some versions of Windows Server 2008 R2 SP1 and other versions of Windows Server. Host Computer: The physical computer onto which an operating system and the Hyper-V server role have been installed.
Host Operating System: The operating system that is running on the physical computer. Windows Server 2008 R2 SP1 is the supported operating system for this learning product Virtual Machine: The computer that is running inside Hyper-V. In this document, Hyper-V refers to the application running on the host, while virtual machine refers to the guest operating system and any software that is running inside the Hyper-V application. Guest Operating System: The operating system that is running inside the virtual machine.
Note: To access the Windows Security dialog box for a guest operating system, press CTRL+ALT+END. Pressing CTRL+ALT+DELETE while working with a virtual machine will display the Windows Security dialog box for the host operating system. To close the dialog box, press ESC. Other than this difference, software on a virtual machine behaves as it would behave on a physical computer.
The setup instructions that you will follow as part of this classroom setup guide configure Hyper-V and the Virtual Machines that run on the host. Changing any of the configuration settings may render the labs for this learning product unusable.
Note: Some legacy courseware from Microsoft Learning requires Virtual Server or Virtual PC. If your classroom computers require running Virtual Server or Virtual PC as well as Hyper-V, please see Supporting Virtual Server and Virtual PC labs on Hyper-V Classroom Computers in Appendix B.
Setup Overview
The host computers must be set up with a 64 bit version of Windows Server 2008 R2 SP1and must be running on 64 bit hardware. For more information on the supported hardware for Hyper-V, please see the follow web site: http://www.microsoft.com/hyper-v. The setup procedures below assume that the host computers can communicate with each other for setup purposes. You should note the administrators user name and password for the host computers and provide this information to the instructor.
Classroom Requirements
This learning product requires a classroom with a minimum of one computer for the instructor and one for each student. Refer to the specific course setup guide for classroom requirements for the course. Before class begins, use the following information and instructions to install and configure the MSL-TMG1 VM.
Hardware
The classroom computers require the following hardware and software configuration. Hardware Level 6 Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor Dual 120 GB hard disks 7200 RM SATA or better* 4 GB RAM expandable to 8GB or higher DVD drive Network adapter Super VGA (SVGA) 17-inch monitor Microsoft Mouse or compatible pointing device Sound card with amplified speakers
*Striped In addition, the instructor computer must be connected to a projection display device that supports SVGA 1024 x 768 pixels, 16 bit colors.
Software
Please note that, unless otherwise indicated, this software is not included in the Trainer Materials disc. This learning product was developed and tested on supported Microsoft software, which is required for the classroom computers.
Classroom Configuration
When the MSL-TMG1 VM is included in the classroom setup, the MSL-TMG1 VM provides a secure gateway for the other virtual machines running on the host machine to the Internet. The other virtual machines must use the MSL-TMG1 VM as their default gateway so that they can connect to the MSL-TMG1 VM for Internet connectivity. After completing the classroom setup for the MSL-TMG1 VM, return to the course specific classroom setup guide.
The following diagram illustrates the virtual machine configuration if the MSL-TMG1 VM is deployed.
1. On the host computer, click Start, point to Administrative Tools, and click Server Manager. 2. In the Server Manager console, click Roles. In the details pane, click Add Roles. 3. On the Before You Begin page, click Next. 4. On the Select Server Roles page, select the Hyper-V check box and click Next. 5. On the Hyper-V page, click Next. 6. On the Create Virtual Networks page, select the Local Area Connection check box, and click Next. 7. On the Confirm Installation Selections page, click Install. When prompted to restart the computer, click Restart now. 8. After the server restarts, logon using administrator credentials. When the installation finishes, click Close.
1. From the source files location, double-click Base11A-WS08R2SP1.part01.exe. 2. In the Official Microsoft Learning Products End-User License Agreement window, click Accept to indicate that you accept the terms in the license agreement. 3. In the WinRAR self-extracting archive window, in the Destination folder text box, ensure that C:\Program Files\Microsoft Learning\Base is listed, and then click Install. Please wait while the base virtual hard disk file is extracted. This might take a few minutes. Extract the MSL TMG1 Virtual Machines: (if required for disk space, you can extract the VM to a different drive as long as the Base and the Middle-Tier images are located in the default path) 1. From the source files location, double-click MSL-TMG1.part01.exe. 2. In the Official Microsoft Learning Products End-User License Agreement window, click Accept to indicate that you accept the terms in the license agreement. 3. In the WinRAR self-extracting archive window, in the Destination folder text box, ensure that C:\Program Files\Microsoft Learning\ is listed, and then click Install. Please wait while the virtual machine is extracted. This might take a few minutes.
Note: After completing the extraction of all of the files, you should have the following files installed:
File Base11A-WS08R2SP1.vhd MT11-MSL-TMG1.vhd MT11-MSL-TMG1-Diff.vhd VM-Pre-Import-MSL-TMG1-.bat Config.xml 069072AD-F5E1-4394-B38A80EDA4A0DF99.exp In Folder C:\Program Files\Microsoft Learning\Base C:\Program Files\Microsoft Learning\Base\Drives C:\Program Files\Microsoft Learning \MSL-GW\MSL-TMG1\Virtual Disks C:\Program Files\Microsoft Learning \MSL-GW\MSL-TMG1 C:\Program Files\Microsoft Learning \MSL-GW\MSL-TMG1 C:\Program Files\Microsoft Learning \MSL-GW\MSL-TMG1\Virtual Machines
1. From the student computer, copy Base11A-WS08R2SP1.VHD from the Base_Drives share on the instructor computer to C:\Program Files\Microsoft Learning\Base. 2. From the student computer, copy MT11-MSL-TMG1.VHD from the Drives folder in the Base_Drives share on the instructor computer to C:\Program Files\Microsoft Learning\Base\Drives. 3. Copy all of the files from the MSL-GW share on the instructor computer to C:\Program Files\Microsoft Learning\MSL-GW.
Note: Ensure that all files are copied. 1. C:\Program Files\Microsoft Learning\MSL-GW and all included folders and files 2. C:\Program Files\Microsoft Learning\Base\Base11A-WS08R2SP1.VHD 3. C:\Program Files\Microsoft Learning\Base\Drives\MT11-MSL-TMG1.VHD 4. Ensure that you have copied the files using a permission retaining software such as RoboCopy or XCopy. 5. Check that all permissions have been retained, by looking at the directories above and making sure they are not Read Only.
10
1. Log on to the MSL-TMG1 VM as Administrator, password Pa$$word. 2. Click Start, All Programs, Microsoft Forefront TMG, click Forefront TMG Management. 3. In the left panel, expand Forefront TMG (MSL-TMG1) and then click Firewall Policy. 4. Right-click the Allow Web Access for All Users rule, and click Enable. 5. Click Apply twice, and then click OK.
Note: In order to complete the next two tasks, the virtual machine must be connected to the Internet. You may need to use the steps listed in the following section Configure and Verify Internet Connectivity for Internal Virtual Machines to connect the virtual machine to the Internet.
11
1. Click Start, All Programs, click Windows Update. 2. Click Check for Updates. 3. If any available updates are listed, click Install Updates. Wait for the updates to install. If required, restart the computer.
1. Log on to the MSL-TMG1 VM as Administrator, with the password of Pa$$w0rd. 2. Click Start, All Programs, Microsoft Forefront TMG, click Forefront TMG Management 3. Click Update Center. 4. In the middle pane, right-click Malware Inspection and, click Check for and Install New Definitions. Click OK. 5. In the middle pane, right-click Network Inspection System and, click Check for and Install New Definitions. Click OK. 6. Verify that the Last Update Status column for both options is listed as Up to date.
12
1. Log on to the MSL-TMG1 VM as Administrator, password Pa$$w0rd. 2. Open Internet Explorer and attempt to connect to www.bing.com. If the connection succeeds, you can continue with verifying Internet connectivity on the other virtual servers. 3. If you cannot connect to the Internet, you may need to assign a static IP address configuration for the MSL-TMG1 VM. This will be the case if the training center requires static IP addresses for all computers that require Internet connectivity. Request a static IP address for each TMG-VM that you are deploying and configure the virtual machine using the following steps: a. Open Server Manager on MSL-TMG1. b. Click View Network Connections. c. Right-click the Public network connection and click Properties. d. Click Internet Protocol Version 4 (TCP/IPv4), and click Properties. e. Configure the appropriate IP address, Subnet mask, Default gateway, and Preferred DNS server. f. Click OK, and then click Close.
g. Test Internet connectivity again using step 2 above. 4. If you cannot connect to the Internet, and the training center does not require static IP addresses, but does use a proxy server for Internet access, you may need to configure a Web Chaining rule. See the Optional Procedure if an Internet Proxy Server is used on the network section below.
13
3. If you cannot connect to the Internet, you may need to reconfigure the network configuration for the MSL-TMG1 VM or the other virtual machines. The MSLTMG1 VM is configured to use the IP address 10.10.0.1 with a subnet mask of 255.255.0.0 on the Private network. The internal virtual machines must be configured to use the IP address assigned to the Private network on the TMG-VM as their default gateway. If this is not the case, you have two options: a. Change the IP address on the Private network on the MSL-TMG1 VM to match the default gateway assigned to the other virtual machines. If you choose this option, change the IP address on the Private network (for example, you can choose an IP address such as 192.168.0.1 network with a subnet mask of 255.255.255.0). Then, open the Forefront TMG management console on MSLTMG1, click Networking, double-click Internal, and on the Addresses tab, remove the existing IP network range, and then click Add Adapter, select Private, and click OK twice. Click Apply twice and click OK. b. Change the IP address configuration for the internal virtual machines to use IP addresses on the 10.10.0.0 network (subnet mask 255.255.0.0) and to use 10.10.0.1 as the default gateway. If you choose this option, you will need to reconfigure all virtual machines. You may also need to configure additional IP address settings. For example, if you change the IP address of a domain controller or DNS server virtual machine, you will need to change all of the other virtual machines to use that domain controller or DNS server for DNS. 4. If you have cloned the host machines to complete the classroom setup, the MAC address assigned to the external network adapter on the TMG server many be the same on all host machines. To address this, you will need to reconfigure the MAC address on the TMG virtual machine on each host machine. To do this, complete the following steps. Note that the MSL-TMG1 server must be shut down while you complete this task. a. In the Hyper-V console, open the Settings dialog box for the MSL-TMG1 virtual machine. b. Click the Legacy Network Adapter that is connected to the External Network. c. Under MAC address, click Static. For each host machine, modify the last box of the MAC address so that the Virtual Machine on each host machine has a unique value. See the following screenshot:
14
5. If you cannot connect to the Internet from the virtual machines, but the IP address configuration is correct, the problem may be related to DNS name resolution. a. To verify that the issue is related to DNS name resolution, open a command prompt and type nslookup www.bing.com. If you receive and error proceed with one of the next two steps. b. If one of the virtual machines is configured as a DNS server, see the Optional procedure if DNS resolution is restricted to certain DNS servers on your network section below. c. If none of the virtual machines are configured as a DNS server, then you will need to configure the virtual machine to use a DNS server that can perform Internet name resolution. Request the IP address of a DNS server at the training center that can perform Internet name resolution, and assign that IP address as the DNS server for the virtual machine. 6. The cloud-based SQL Azure Database service is only available through TCP port 1433. If you are able to connect to Internet Web sites from the virtual machines, but cannot connect to SQL Azure, then ensure that the CPLS firewall allows outgoing TCP communication on TCP port 1433. The Firewall rule on the TMG server allows outbound connectivity for all ports.
15
Configure upstream proxy server in TMG 1. Log on to the MSL-TMG1 VM as Administrator, with the password of Pa$$word. 2. Click Start, All Programs, Microsoft Forefront TMG, click Forefront TMG Management 3. In the left panel, expand Forefront TMG (MSL-TMG1) and then click Networking. 4. On the Web Chaining tab, click the Default rule, then in the right pane, click Edit Selected Rule. 5. On the Action tab select Redirecting them to a specified upstream server 6. Next to Upstream proxy server, click Settings. 7. In the Specify Upstream Server Configuration box type: a. Server: {name of server} example: proxy.contoso.com. b. Port: 80 c. SSL Port: 443 8. Select Automatically poll upstream server for the configuration. 9. Ensure the Server URL is http://{name of server}:80/array.dll. 10. On the Bridging tab, in the Redirect SSL Requests as box, select SSL request, and then click OK. 11. Click Apply, click Apply, and then click OK.
Optional Procedure If DNS Resolution Is Restricted to Certain DNS Servers on Your Network
Note: You will need to obtain the IP address of an appropriate DNS server on your network that can be configured as a forwarder.
Configure DNS forwarder on VM running DNS on Private Network side of MSLTMG1 VM 1. On your host computer open a command prompt and type ipconfig /all. 2. Copy down one of the DNS server IP addresses.
16
3. On the VM running DNS in the lab environment (e.g. MIA-DC1), click Start, Administrative Tools, DNS. 4. Click the server name, and then double-click Forwarders. 5. On the Forwarders tab, click Edit. 6. Type the IP address of an available DNS server from step 2 above. 7. Click OK twice and then close DNS Manager.
Note: After completing the classroom setup for the MSL-TMG1 VM, return to the course specific classroom setup guide and complete the setup for the course.
17
18
1. Check that all permissions have been retained, by looking at the directories above and making sure they are not Read Only. 2. Run the VM-Pre-Import script. For detailed instructions see the instructor computer setup. 3. Add the virtual machines to the Hyper-V management console. For detailed instructions see the instructor computer setup.
19
Appendix A
The virtual machines were developed using the English (United States) layout shown below.
If your physical keyboard doesnt match the above layout, you may need to refer to the above layout for the character positions used to logon. For future logons and usage throughout the labs, you may want to install your keyboard layout in the virtual machine.
20
Appendix B
Supporting Virtual Server and Virtual PC Labs on Hyper-V Classroom Computers
Microsoft Learning has created courseware with virtual labs that have required different virtualization technologies to be running on classroom computers. Legacy courseware from Microsoft Learning requires Virtual Server or Virtual PC, while current courseware requires Hyper-V. It is relatively easy to run courses on Virtual Server and Virtual PC on the same classroom computers. However, switching between legacy courses and courses that require Hyper-V requires significant classroom configuration changes and often involves re-imaging the classroom computers. The following procedure is offered as an option to help facilitate delivery of legacy and current Microsoft Learning courseware on the same classroom computers. If you require Hyper-V based courses as well as Virtual Server and Virtual PC courses on the same classroom computers, follow this optional procedure to set up a dual boot configuration. Virtual Server and Virtual PC can run on a computer that is running Hyper-V, however, the virtual machines will run very slowly. The procedure below creates a second boot entry that starts Windows Server with the hypervisor turned off. Running Virtual Server and Virtual PC VMs with the hypervisor turned off will improve the performance of the virtual machines.
Configure classroom computer to support Hyper-V, Virtual Server and Virtual PC based labs
1. Install Windows Server 2008 R2 SP1. 2. Install Hyper-V Role. 3. Update Hyper-V role if necessary (http://support.microsoft.com/kb/950050). 4. Create a boot entry with the hypervisor turned off. The following procedure provided courtesy of Ben Armstrong http://blogs.msdn.com/virtual_pc_guy/archive/2008/04/14/creating-a-no-hypervisorboot-entry.aspx a. Open an administrative command prompt. b. To view current boot configuration type: bcdedit.exe c. To create a copy of the current active boot entry and provide an appropriate name type: bcdedit.exe /copy {current} /d "Windows Server 2008 R2 SP1 - no hypervisor"
21
e. To turn off the hypervisor in the new boot entry type: bcdedit.exe /set {nnn} hypervisorlaunchtype Off
Note: replace {nnn} with identifier from new boot entry
5. Reboot computer and select the Windows Server 2008 R2 SP1 no hypervisor boot entry. 6. Install Virtual PC 2007 SP1. 7. Install Virtual Server 2005 R2 SP1.
Note: Virtual Server requires IIS components to be installed and will prompt to install the components if not detected.
You are now ready to install Hyper-V as well as Virtual Server and Virtual PC based courses on your classroom computer. To switch between Hyper-V and Virtual Server/Virtual PC based courses, reboot the classroom computer and select the appropriate boot entry.