Serve r Build Document (Windows & ESX)

[Team or Group], [DEPARTMENT]

Page 1 of 7

[Company, Institution or Organization]

Confidential

P&V Server Build Guideline

This text is to be used and followed when building a new physical or virtual server running Microsoft Windows Operating System or ESX. The intended audience is only for [Define your scope here] personnel.
Please follow the guidelines in this document when building a new Physical Windows server or ESX host, deploying a new VM, or creating a new Virtual Template VT. Check the box next to type of machine you are creating. For every step that is completed for the new host or VM, please tick the box in the last column. Once done, please fill out your information and have your manager or supervisor sign the document.
Virtual Machine Virtual Template Windows Physical Server ESX Server

Physical Server Configurations (Windows)

Item No. 1 2 3 4 5 6 7 8 9 10 Description of Task Minimum Disk Configuration shall be disk mirroring (RAID 1). Backups will be STILL NEEDED even with disk mirror engaged. Run at least 2 CAT5e/6 cables for NIC teaming Run at least 2 power cables for dual power redundancy to the system. Use proper cable management mounting kit and run all cables neatly Connect failure indicator probe at the back of cable management Connect IP-KVM USB/PS2 dongle and register the machine name on the KVM switch via LCD. Update your local IP-KVM client database. Make sure Memory Mirroring or Redundant Memory option is disabled in BIOS Label all network cables and any fiber cables using the scheme defined in OS configuration for NICs (i.e. TeamMember#1). Cabling should be done counter clockwise on the back of the servers. Disable DRAC if IP-KVM is connected Enter the server on the Front Panel LCD if not available place a label on the front. Done

Physical Server Configurations (ESX)

Item No. 1 2 3 4 5 Description of Task Follow all the steps above as described in Physical Server Configurations (Windows) Make sure all Hardware Virtualization features are turned on in BIOS as per KB1003212, http://kb.vmware.com/kb/1003212 (VT, XD) Add FC or iSCSI HBAs as required Check hardware compatibility against HCL at www.vmware.com/go/hcl Disable onboard NICs and install quad ports PCI based NICs. Done

Serve r Build Document (Windows & ESX)

[Team or Group], [DEPARTMENT]

Page 2 of 7

[Company, Institution or Organization]

Confidential

Operating System Installation (Windows Physical)

Item No. 1 2 3 4 5 6 7 8 9 10 Description of Task Partition the RAID enabled virtual disk into at least 2 logical disks one for installing OS and other for applications and Application Data. Use C: for OS binaries and D: for application data. Name the volumes as follows, C: Local System, D: - Local Data Apply all missing Windows Updates and Service Packs Use the Dell System Build CD to install Open Manage software and update drivers Connect the machine to domain (domain.com) Install BackupExec Remote agent & schedule a backup according to appropriate backup template(s) in BackupExec. Choose Best Performance for Visual Effects and Background Services for better performance of the system unless different options are required the application that will be installed on the system. Turn off Shutdown Event Tracker Increase the paging file size by 1.5 times of physical RAM and move it to a different drive (preferably different spindle). Turn off Internet Explorer Enhanced Security Configuration for Administrators Configure at least two NICs team in Active/Active or Active/Standby mode depending on switch topology. Name the team NIC Team#1 and team members TeamMember#1, TeamMember#2 depending on number of NICs present. For servers with more than one NIC team, teams should be numbered according to the scheme defined above. If more than 2 NICs use beacon probing for Network failure detection. Install MacAfee Anti-virus using required AV template Change Local Administrator password to AskYourManager Add the computer name in AD to correct WSUS group depending on its update schedule Enter the server information in Server Inventory System. Enable Remote Desktop Done

11

12 13 14 15 16

Serve r Build Document (Windows & ESX)

[Team or Group], [DEPARTMENT]

Page 3 of 7

[Company, Institution or Organization]

Confidential

Operating System Installation (Windows Virtual Template)

Item No. 1 2 3 4 5 6 7 8 Description of Task Create a new virtual machine and name it vt-w2k[version]-[edition]-[service pack][C: space]. Use GPT if more than 2TB is required on the disks. Assign the minimum system requirements in terms of RAM, CPU, and disk space. Align the disk with 512 KB offsets using diskpart. Follow the this KB article, http://support.microsoft.com/kb/929491 Install appropriate OS Follow steps 2 (DO NOT create D: drive), 3, 7-10, 13, 16 as described above in Operating System Installation (Windows Physical) Release/Remove any IP address(s) using ipconfig /release and connect vNIC(s) to port group that is not routable Follow appropriate Windows guides below in OS Optimization & Performance Tuning (Windows) Disconnect any mounted ISOs Install VMware Tools (Complete with all features). Use host to synchronize Windows time. Set VMware Descheduled Time Accounting service to start automatically and start this service. Disable Windows Time service 9 Convert VM to template Done

Operating System Installation (Windows Virtual Machine)

Use an existing template to deploy a new VM unless a new configuration is required Item No. 1 2 3 4 5 6 7 8 9 Description of Task Deploy a VM from template to cluster A initially for production server. All tests, dev, and staging VMs should be deployed cluster B. VMs for website should be deployed in Web cluster. All tests machine used by individuals should be placed in Lab & Test Machines folder in VC. Customize OS using one of the customization specification from the list If adding additional disks follow step 3 above in Operating System Installation (Windows Virtual Template) for each new disk Assign appropriate VM Network and an IP address from the subnet. Use x.x.x.x and x.x.x.x for DNS servers and x.x.x.1 as default gateway depending on subnet. Follow steps 3, 5 and 6 (only if VM will not be backed up by vRanger Pro), 12, 14,15 above in Operating System Installation (Windows Physical) Schedule Backup using backup software if required Allow appropriate users to manage new VM remotely via RDP and VIC by assigning them appropriate permissions in VM and vCenter. For additional disks, make sure to rename second disk incrementally inside VM folder. Upgrade VM Tools if vCenter reports them to be out of date Done

OS Optimization & Performance Tuning (Windows)

After you are finished installing the OS, follow these steps to optimize performance by disabling unnecessary features and services depending on the version of OS.

Serve r Build Document (Windows & ESX)

[Team or Group], [DEPARTMENT]

Page 4 of 7

[Company, Institution or Organization]

Confidential

Windows Server 2008 (x86 & 64-bit) All Versions (Physical & VT)
Item No. Turn off features 1 2 3 4 5 Turn off hibernation by issuing the following command in command prompt: powercfg -h off Turn off Problem Reports and Solutions (Windows Error Reporting) Turn off IPv6 Turn off UAC Install Remote Administration Tools as required Description of Task Done

Disable Services: Turn off following services unless they are required the by application(s) that will be installed on the system. 1 2 3 4 5 6 7 8 IP Helper Base Filtering Engine (BFE): Depends on following services - IPSec Policy Agent - Windows Firewall - IKE and AuthIP IPSec Keying Modules Distributed Link Tracking Client Human Interface Device Access Print Spooler Remote Registry Windows Error Reporting Service TPM Base Services

Windows Server 2003 (x86 & 64-bit) All Versions (Physical & VT)
Item No. Description of Task Done

Serve r Build Document (Windows & ESX)

[Team or Group], [DEPARTMENT]

Page 5 of 7

[Company, Institution or Organization]

Copy Source Binaries & Tools 1 2 3 Copy the content of i386 folder from CD to D:\i386 folder. Install Windows Support Tools Install Windows Resource Kit

Confidential

Disable Services: Turn off following services unless they are required by application(s) that will be installed on the system. 1 2 3 4 Distributed Link Tracking Client Error Reporting Service Performance Logs and Alerts Remote Registry

Operating System Installation (ESX)

ESX 4.0 (64-bit x86 only)
Item No. 1 Description of Task Gather following information prior to installation: - Static IP address for management - Host Name - Domain Name if any Done

Serve r Build Document (Windows & ESX)

[Team or Group], [DEPARTMENT]

Page 6 of 7

[Company, Institution or Organization]

Confidential

- DNS servers if any - NTP servers if nay - Names & IP addresses of other Hosts if joining a cluster - Virtual Center name and IP address - vRanger Pro server name and IP address if in use - ESX serial key - root Password Use following Disk Partitioning recommendations. Give service console partition maximum recommended size. NOTE: Service Console's partitions are stored in a .vmdk file, esxconsole.vmdk.
Mount Point Partition Type Size

none / /home 2 /tmp /var /usr /vmimages /opt 3 4 5 6 7 8 9 10 11

swap ext3 ext3 ext3 ext3 ext3 ext3 ext3

1600 MB 10 GB 2 GB 3 GB 4 GB 3 GB 512 MB 2 GB

Dont check configure but loader automatically option Dont place GRUB on MBR

If installing on Dell server, download and use the latest Dell System Installation CD to install OS and update drivers (requires Systems Update Utility disks). Change root password to AskYourManager Allow root to connect to console: Change PermitRootLogon to Yes in /etc/ssh/sshd_config file Restart sshd by entering service sshd restart Add all the hosts and machines FQDNs and IP addresses that will communicate to this host to the host file. After installing and configuring host, connect to host using VIC Apply necessary patches and driver updates to the host. Install other software such as Open Manage or Cisco Nexus 1000v Activate licensed features Add appropriate Networking (vSwitches, vdSwitches, port groups, service console etc.). Configure load balancing on teams as follows: - When connecting pNetworks to non-clustered switches: Choose Load balancing type to Route based on the original virtual port id, Choose Network Failover detection to be Beacon probing (only when 3 or more physical networks are present), Notify Switches, and Failback. Use all active adapters. - When connecting pNetworks to clustered switches: All same as

Serve r Build Document (Windows & ESX)

[Team or Group], [DEPARTMENT]

Page 7 of 7

[Company, Institution or Organization]

Confidential

previously except use Route based on ip hash for load balancing type. Modify ESX firewall to allow certain services such vRanger, SCOM, and others as appropriate. Incoming: SSH Server, SNMP Server, CIM Secure Server, CIM Server, CIM SLIP Outgoing: SSH client SNMP Server, VMware vCenter Agent, VMware Update Manager, VMware Consolidated Backup, CIM SLIP, Software iSCSI Client, SMB Client, NTP Client, NFS Client, Give maximum (800 MB) recommended RAM to service console if using backup agents. Read this article for more information, http://kb.vmware.com/kb/1003501 Add storage using either FC or iSCSI HBAs or software iSCSI as appropriate. Format LUNs as VMFS3 Enable and configure NTP client to use ntp.metmusum.org and tick.usno.navy.mil Configure DNS and Routing in VIC Add the host to appropriate cluster and apply cluster policies Test Vmotion, HA, DRS and other enterprise features Enter host information in SMAC

12

13 14 15 16 17 18 19

Machine FQDN Type (Physical/Virtual) Engineer Date Completed Requester

Managers Signature / Initials

-----------------------------------------------------------[Team or Group], [DEPARTMENT] [Company or Organization]