ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Migrate and/or replace old cert server?

    Scheduled Pinned Locked Moved IT Discussion
    121 Posts 13 Posters 19.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      I think that you had four guest VMs from the description. Just one was being perceived as the host, even though it was a VM like the others.

      S 1 Reply Last reply Reply Quote 2
      • S
        Shuey @scottalanmiller
        last edited by

        @scottalanmiller said in Migrate and/or replace old cert server?:

        @Shuey said in Migrate and/or replace old cert server?:

        @scottalanmiller said in Migrate and/or replace old cert server?:

        @Shuey said in Migrate and/or replace old cert server?:

        @Dashrender said in Migrate and/or replace old cert server?:

        @Shuey said in Migrate and/or replace old cert server?:

        @scottalanmiller said in Migrate and/or replace old cert server?:

        @Shuey said in Migrate and/or replace old cert server?:

        @Dashrender said in Migrate and/or replace old cert server?:

        @scottalanmiller said in Migrate and/or replace old cert server?:

        @Dashrender said in Migrate and/or replace old cert server?:

        @scottalanmiller said in Migrate and/or replace old cert server?:

        @Shuey said in Migrate and/or replace old cert server?:

        First let me say that I know nothing about certificate services, IIS or SQL (all three of which are currently configured and running on this server).

        Why are those together? That's not generally a best practice. I realize that Windows licensing causes some decisions that would otherwise be poor, but this seems an odd combination.

        I'm betting it's mainly because the company didn't want to buy 2-3 physical servers. If they would have gone virtualized back then, they might be on different OSEs.

        Right.... so assuming one bad decision leading to another.

        I know you've been using virtualization since the day VMWare rolled out their first internal only beta (yes I'm kidding), but I don't feel that the SMB really started using virtualization until 2010 or later. It's likely whoever setup this server was unfamiliar with virtualization and they were working with what they knew.

        I guess you could say that the bad decision was that the business had a one man/very small IT internal staff. If they had a good MSP or consulting business partner, they might have have gone another route.

        The ONLY "virtualization" infrastructure that was in place when I got here was a Hyper-V console (on the same server that I referenced in my original post in this thread; the server that also has SharePoint! This server used to also be a print server and a file server on top of everything else I've already mentioned).

        I deployed the VMware infrastructure about a year or so after I started working here.

        Assuming that the servers were commodity and post 2005, that means that someone was slacking. Why was Hyper-V console installed but nothing else? That's weird. Did you ever figure out why?

        It wasn't "Hyper-V and nothing else". It was a "DC, SharePoint, File Server, Cert Server, AND a Hyper-V host"!

        That's not what he means - he means, why was the console for Hyper-V installed and VMs not created - OR - ARE there VMs and Sharepoint is running in a VM? etc...

        Nope, SharePoint is running natively in the host OS (not in a VM inside the Hyper-V host which was also installed/running on this server in the past)

        Wait, this statement doesn't make sense. There is no "host" with virtualization. EIther it is on the Hyper-V machine or it is not. Everything on a Hyper-V machine is a VM.

        Sorry if I confused things. I meant that this server had the Hyper-V role installed, and they had three guest VMs running inside that virtual infrastructure (meaning, it wasn't a dedicated host like an ESXi host is).

        That additional "host" is a VM. It's exactly how VMware was until recently. But it is another VM that requires all the same licensing as any other VM (except in very specific cases where it is completely useless.) In both cases, it should not exist.

        I'm getting more confused now... you lost me on that last comment Scott :-S (others: please feel free to chime in on Scott's comment to help alleviate the confusion if possible)

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • S
          Shuey @scottalanmiller
          last edited by

          @scottalanmiller said in Migrate and/or replace old cert server?:

          I think that you had four guest VMs from the description. Just one was being perceived as the host, even though it was a VM like the others.

          I'll try to layout how this main server was setup:
          -A single ProLiant DL360 G6 with 24GB of RAM and a 1TB raid array (4 drives, 7200rpm SATA; yeah, major lame sauce!). I'll refer to this server as the "primary server"; it's the main physical box that everything is "hosted" on/in
          -The server has Windows Server 2008 R2 installed and promoted it to a domain controller
          -They installed the Hyper-V role which runs as a console (much like VMware Workstation; type 2 hypervisor)
          -They built three VMs inside this Hyper-V console
          -They installed SharePoint in the primary server (not as a VM) and they configured it so that staff could access it from outside the network
          -They installed the Cert Services roles in the primary server and configured it to talk with a separate physical server that acted as the radius host

          Does this help?

          DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
          • DashrenderD
            Dashrender @Shuey
            last edited by Dashrender

            @Shuey said in Migrate and/or replace old cert server?:

            -They installed the Hyper-V role which runs as a console (much like VMware Workstation; type 2 hypervisor)

            No actually it doesn't. When you install Hyper-V role, Hyper-V is installed Under that current install, making that install the first VM on the platform. This is typically referred to as Dom0.

            This new VM is generally only supposed to be used to mange all additional VMs you add to the host. But you can choose to ignore that and install whatever other services, AD, Sharepoint, etc into it. If you do, you just need to make sure you include the correct licensing for it.

            Now you mentioned three other VMs. So assuming you had two Windows Server licenses assigned to this box, you were covered since each license allows for two OSEs.

            S 1 Reply Last reply Reply Quote 1
            • S
              Shuey @Dashrender
              last edited by

              @Dashrender said in Migrate and/or replace old cert server?:

              @Shuey said in Migrate and/or replace old cert server?:

              -They installed the Hyper-V role which runs as a console (much like VMware Workstation; type 2 hypervisor)
              No actually it doesn't.

              You lost me here... a Type 1 hypervisor is a "on hardware" hypervisor (exclusively running as the OS, like ESXi). A Type 2 hypervisor is an "on software" hypervisor (like VMware Workstation).

              scottalanmillerS 2 Replies Last reply Reply Quote 0
              • DashrenderD
                Dashrender
                last edited by

                See my updated previous post.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Shuey
                  last edited by

                  @Shuey said in Migrate and/or replace old cert server?:

                  @scottalanmiller said in Migrate and/or replace old cert server?:

                  @Shuey said in Migrate and/or replace old cert server?:

                  @scottalanmiller said in Migrate and/or replace old cert server?:

                  @Shuey said in Migrate and/or replace old cert server?:

                  @Dashrender said in Migrate and/or replace old cert server?:

                  @Shuey said in Migrate and/or replace old cert server?:

                  @scottalanmiller said in Migrate and/or replace old cert server?:

                  @Shuey said in Migrate and/or replace old cert server?:

                  @Dashrender said in Migrate and/or replace old cert server?:

                  @scottalanmiller said in Migrate and/or replace old cert server?:

                  @Dashrender said in Migrate and/or replace old cert server?:

                  @scottalanmiller said in Migrate and/or replace old cert server?:

                  @Shuey said in Migrate and/or replace old cert server?:

                  First let me say that I know nothing about certificate services, IIS or SQL (all three of which are currently configured and running on this server).

                  Why are those together? That's not generally a best practice. I realize that Windows licensing causes some decisions that would otherwise be poor, but this seems an odd combination.

                  I'm betting it's mainly because the company didn't want to buy 2-3 physical servers. If they would have gone virtualized back then, they might be on different OSEs.

                  Right.... so assuming one bad decision leading to another.

                  I know you've been using virtualization since the day VMWare rolled out their first internal only beta (yes I'm kidding), but I don't feel that the SMB really started using virtualization until 2010 or later. It's likely whoever setup this server was unfamiliar with virtualization and they were working with what they knew.

                  I guess you could say that the bad decision was that the business had a one man/very small IT internal staff. If they had a good MSP or consulting business partner, they might have have gone another route.

                  The ONLY "virtualization" infrastructure that was in place when I got here was a Hyper-V console (on the same server that I referenced in my original post in this thread; the server that also has SharePoint! This server used to also be a print server and a file server on top of everything else I've already mentioned).

                  I deployed the VMware infrastructure about a year or so after I started working here.

                  Assuming that the servers were commodity and post 2005, that means that someone was slacking. Why was Hyper-V console installed but nothing else? That's weird. Did you ever figure out why?

                  It wasn't "Hyper-V and nothing else". It was a "DC, SharePoint, File Server, Cert Server, AND a Hyper-V host"!

                  That's not what he means - he means, why was the console for Hyper-V installed and VMs not created - OR - ARE there VMs and Sharepoint is running in a VM? etc...

                  Nope, SharePoint is running natively in the host OS (not in a VM inside the Hyper-V host which was also installed/running on this server in the past)

                  Wait, this statement doesn't make sense. There is no "host" with virtualization. EIther it is on the Hyper-V machine or it is not. Everything on a Hyper-V machine is a VM.

                  Sorry if I confused things. I meant that this server had the Hyper-V role installed, and they had three guest VMs running inside that virtual infrastructure (meaning, it wasn't a dedicated host like an ESXi host is).

                  That additional "host" is a VM. It's exactly how VMware was until recently. But it is another VM that requires all the same licensing as any other VM (except in very specific cases where it is completely useless.) In both cases, it should not exist.

                  I'm getting more confused now... you lost me on that last comment Scott :-S (others: please feel free to chime in on Scott's comment to help alleviate the confusion if possible)

                  Hyper-V has no host, only VMs. Hyper-V goes on the bare metal like VMware does. Hyper-V CAN in some cases (but never should) have what is called the "physical VM", the dumbest name ever for something virtual, that CAN be used to do some management of the Hyper-V system... but should never be used for that. Many people confuse this with not being a VM, but it is a VM. Once you have Hyper-V, that's the only thing that there can be on the bare metal. Everything you can interact with is a VM.

                  1 Reply Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller @Shuey
                    last edited by

                    @Shuey said in Migrate and/or replace old cert server?:

                    @Dashrender said in Migrate and/or replace old cert server?:

                    @Shuey said in Migrate and/or replace old cert server?:

                    -They installed the Hyper-V role which runs as a console (much like VMware Workstation; type 2 hypervisor)
                    No actually it doesn't.

                    You lost me here... a Type 1 hypervisor is a "on hardware" hypervisor (exclusively running as the OS, like ESXi). A Type 2 hypervisor is an "on software" hypervisor (like VMware Workstation).

                    Right. Hyper-V is a Type 1 with KVM, Xen and ESXi.

                    DashrenderD 1 Reply Last reply Reply Quote 1
                    • scottalanmillerS
                      scottalanmiller @Shuey
                      last edited by

                      @Shuey said in Migrate and/or replace old cert server?:

                      -They installed the Hyper-V role which runs as a console (much like VMware Workstation; type 2 hypervisor)

                      That's incorrect. There is one and only one thing called Hyper-V and it is only a Type 1 hypervisor. This is why you are getting confused when I keep describing why there is no host, because there is truly no host. YOu are assuming that there is an OS on the bare metal, which there is not.

                      S 1 Reply Last reply Reply Quote 1
                      • DashrenderD
                        Dashrender @scottalanmiller
                        last edited by Dashrender

                        @scottalanmiller said in Migrate and/or replace old cert server?:

                        @Shuey said in Migrate and/or replace old cert server?:

                        @Dashrender said in Migrate and/or replace old cert server?:

                        @Shuey said in Migrate and/or replace old cert server?:

                        -They installed the Hyper-V role which runs as a console (much like VMware Workstation; type 2 hypervisor)
                        No actually it doesn't.

                        You lost me here... a Type 1 hypervisor is a "on hardware" hypervisor (exclusively running as the OS, like ESXi). A Type 2 hypervisor is an "on software" hypervisor (like VMware Workstation).

                        Right. Hyper-V is a Type 1 with KVM, Xen and ESXi.

                        Microsoft confuses people through the method that you use to get to the Type 1 from a standard installed Windows Server, i.e. installing the Hyper-V service. This isn't just installing a service like installing FTP or IIS. It in fact creates a shim under the current OS that is the Hyper-V OS running directly on the hardware, with the previous Windows Server OS now being the first VM.

                        scottalanmillerS 1 Reply Last reply Reply Quote 2
                        • scottalanmillerS
                          scottalanmiller @Shuey
                          last edited by

                          @Shuey said in Migrate and/or replace old cert server?:

                          @Dashrender said in Migrate and/or replace old cert server?:

                          @Shuey said in Migrate and/or replace old cert server?:

                          -They installed the Hyper-V role which runs as a console (much like VMware Workstation; type 2 hypervisor)
                          No actually it doesn't.

                          You lost me here... a Type 1 hypervisor is a "on hardware" hypervisor (exclusively running as the OS, like ESXi). A Type 2 hypervisor is an "on software" hypervisor (like VMware Workstation).

                          https://mangolassi.it/topic/5272/somethings-you-need-to-know-about-hyperv

                          1 Reply Last reply Reply Quote 1
                          • S
                            Shuey @scottalanmiller
                            last edited by

                            @scottalanmiller said in Migrate and/or replace old cert server?:

                            @Shuey said in Migrate and/or replace old cert server?:

                            -They installed the Hyper-V role which runs as a console (much like VMware Workstation; type 2 hypervisor)

                            That's incorrect. There is one and only one thing called Hyper-V and it is only a Type 1 hypervisor. This is why you are getting confused when I keep describing why there is no host, because there is truly no host. YOu are assuming that there is an OS on the bare metal, which there is not.

                            Before Hyper-V was ever introduced on this server, it was and still is a Windows Server 2008 R2 server. They installed Windows Server 2008 R2 on a bare-metal ProLiant. Then, after several months of having the server running as a DC, SharePoint, a cert server and a file server, they decided that they wanted to make it a VM host as well, so they installed the Hyper-V role and built some VMs inside the Hyper-V console.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Dashrender
                              last edited by

                              @Dashrender said in Migrate and/or replace old cert server?:

                              @scottalanmiller said in Migrate and/or replace old cert server?:

                              @Shuey said in Migrate and/or replace old cert server?:

                              @Dashrender said in Migrate and/or replace old cert server?:

                              @Shuey said in Migrate and/or replace old cert server?:

                              -They installed the Hyper-V role which runs as a console (much like VMware Workstation; type 2 hypervisor)
                              No actually it doesn't.

                              You lost me here... a Type 1 hypervisor is a "on hardware" hypervisor (exclusively running as the OS, like ESXi). A Type 2 hypervisor is an "on software" hypervisor (like VMware Workstation).

                              Right. Hyper-V is a Type 1 with KVM, Xen and ESXi.

                              Microsoft confuses people though the method that you use to get to the Type 1 from a standard installed Windows Server, i.e. installing the Hyper-V service. This isn't just installing a service like installing FTP or IIS. It in fact creates a shim under the current OS that is the Hyper-V OS running directly on the hardware, with the previous Windows Server OS now being the first VM.

                              Although to be fair, that's how VMware used to install and how Xen still does. It IS confusing, but they copied it from everyone else that existed at the time. To this day, only ESXi has changed this and only KVM never had it by default (and still does something kind of like it anyway.)

                              DashrenderD 2 Replies Last reply Reply Quote 1
                              • scottalanmillerS
                                scottalanmiller @Shuey
                                last edited by

                                @Shuey said in Migrate and/or replace old cert server?:

                                Before Hyper-V was ever introduced on this server, it was and still is a Windows Server 2008 R2 server. They installed Windows Server 2008 R2 on a bare-metal ProLiant. Then, after several months of having the server running as a DC, SharePoint, a cert server and a file server, they decided that they wanted to make it a VM host as well, so they installed the Hyper-V role and built some VMs inside the Hyper-V console.

                                What you are calling the "Hyper-V Console" is a VM. You are describing the standard "poor" way to install Hyper-V. It doesn't matter how Hyper-V gets installed, a type 1 hypervisor is a type 1 hypervisor. That "console" is a VM on top of Hyper-V. Hyper-V cannot run on top of Windows, it's physically impossible. This is the most common myth around Hyper-V and there are hundreds of posts on SW correcting this.

                                It's also often listed as the #2 reason (after licensing) that people are confused about Hyper-V and why we used to say that all Hyper-V deployments were caused by confusion.

                                When you install the "role" of Hyper-V, it takes the previous bare metal Windows install, packages it into a VM, installs Hyper-V beneath it.

                                S 1 Reply Last reply Reply Quote 3
                                • DashrenderD
                                  Dashrender @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Migrate and/or replace old cert server?:

                                  @Dashrender said in Migrate and/or replace old cert server?:

                                  @scottalanmiller said in Migrate and/or replace old cert server?:

                                  @Shuey said in Migrate and/or replace old cert server?:

                                  @Dashrender said in Migrate and/or replace old cert server?:

                                  @Shuey said in Migrate and/or replace old cert server?:

                                  -They installed the Hyper-V role which runs as a console (much like VMware Workstation; type 2 hypervisor)
                                  No actually it doesn't.

                                  You lost me here... a Type 1 hypervisor is a "on hardware" hypervisor (exclusively running as the OS, like ESXi). A Type 2 hypervisor is an "on software" hypervisor (like VMware Workstation).

                                  Right. Hyper-V is a Type 1 with KVM, Xen and ESXi.

                                  Microsoft confuses people though the method that you use to get to the Type 1 from a standard installed Windows Server, i.e. installing the Hyper-V service. This isn't just installing a service like installing FTP or IIS. It in fact creates a shim under the current OS that is the Hyper-V OS running directly on the hardware, with the previous Windows Server OS now being the first VM.

                                  Although to be fair, that's how VMware used to install and how Xen still does. It IS confusing, but they copied it from everyone else that existed at the time. To this day, only ESXi has changed this and only KVM never had it by default (and still does something kind of like it anyway.)

                                  I agree that that's how the others did it, and how Xen still does, but I wonder if their Linux (or Linux like) environment leads to a better understanding that it's a control only environment. With Windows, unless you read the licensing you might have no clue that a server is a Hyper-V enabled install.

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • S
                                    Shuey @scottalanmiller
                                    last edited by Shuey

                                    @scottalanmiller said in Migrate and/or replace old cert server?:

                                    @Shuey said in Migrate and/or replace old cert server?:

                                    Before Hyper-V was ever introduced on this server, it was and still is a Windows Server 2008 R2 server. They installed Windows Server 2008 R2 on a bare-metal ProLiant. Then, after several months of having the server running as a DC, SharePoint, a cert server and a file server, they decided that they wanted to make it a VM host as well, so they installed the Hyper-V role and built some VMs inside the Hyper-V console.

                                    What you are calling the "Hyper-V Console" is a VM. You are describing the standard "poor" way to install Hyper-V. It doesn't matter how Hyper-V gets installed, a type 1 hypervisor is a type 1 hypervisor. That "console" is a VM on top of Hyper-V. Hyper-V cannot run on top of Windows, it's physically impossible. This is the most common myth around Hyper-V and there are hundreds of posts on SW correcting this.

                                    It's also often listed as the #2 reason (after licensing) that people are confused about Hyper-V and why we used to say that all Hyper-V deployments were caused by confusion.

                                    When you install the "role" of Hyper-V, it takes the previous bare metal Windows install, packages it into a VM, installs Hyper-V beneath it.

                                    Oh snap! I had no idea! I'm still trying to wrap my head around it.... So there's never an instance where someone installs Server 2008 on a physical box, and then later adds the Hyper-V role? You HAVE to build a bare-metal Hyper-V box first and install your server OS in it BEFORE you can then add the Hyper-V role?

                                    update Oh, I just re-read your post. It takes the previous bare-metal WINDOWS install, and turns THAT into a VM!

                                    scottalanmillerS 1 Reply Last reply Reply Quote 2
                                    • scottalanmillerS
                                      scottalanmiller @Dashrender
                                      last edited by

                                      @Dashrender said in Migrate and/or replace old cert server?:

                                      @scottalanmiller said in Migrate and/or replace old cert server?:

                                      @Dashrender said in Migrate and/or replace old cert server?:

                                      @scottalanmiller said in Migrate and/or replace old cert server?:

                                      @Shuey said in Migrate and/or replace old cert server?:

                                      @Dashrender said in Migrate and/or replace old cert server?:

                                      @Shuey said in Migrate and/or replace old cert server?:

                                      -They installed the Hyper-V role which runs as a console (much like VMware Workstation; type 2 hypervisor)
                                      No actually it doesn't.

                                      You lost me here... a Type 1 hypervisor is a "on hardware" hypervisor (exclusively running as the OS, like ESXi). A Type 2 hypervisor is an "on software" hypervisor (like VMware Workstation).

                                      Right. Hyper-V is a Type 1 with KVM, Xen and ESXi.

                                      Microsoft confuses people though the method that you use to get to the Type 1 from a standard installed Windows Server, i.e. installing the Hyper-V service. This isn't just installing a service like installing FTP or IIS. It in fact creates a shim under the current OS that is the Hyper-V OS running directly on the hardware, with the previous Windows Server OS now being the first VM.

                                      Although to be fair, that's how VMware used to install and how Xen still does. It IS confusing, but they copied it from everyone else that existed at the time. To this day, only ESXi has changed this and only KVM never had it by default (and still does something kind of like it anyway.)

                                      I agree that that's how the others did it, and how Xen still does, but I wonder if their Linux (or Linux like) environment leads to a better understanding that it's a control only environment. With Windows, unless you read the licensing you might have no clue that a server is a Hyper-V enabled install.

                                      If you mean to say "people using Linux are more likely to know their OS than people using Windows", then yes. That's the same logic that I use for why running Linux and getting support is so much easier than running Windows and getting support is... because the average Windows support person doesn't know Windows that well, even if that is their focus. Whereas the average Linux person tends to know quite about more (about both.) So hence, even though there are fewer Linux support people out there, it is generally far easier to get Linux support than Windows.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Shuey
                                        last edited by

                                        @Shuey said in Migrate and/or replace old cert server?:

                                        Oh snap! I had no idea! I'm still trying to wrap my head around it.... So there's never an instance where someone installs Server 2008 on a physical box, and then later adds the Hyper-V role? You HAVE to build a bare-metal Hyper-V box first and install your server OS in it BEFORE you can then add the Hyper-V role?

                                        You are getting closer. But not quite. You DO add the Hyper-V role, but it is not a role. It lifts Windows up and replaces it. It LOOKS like it is adding a role, it does this in the interface to make it all seem "easy" to the end user. But it is replacing your entire system under the hood.

                                        So you don't have to install Hyper-V first, just like you don't have to install Xen first. You install Windows (or Linux) and then tell Hyper-V (or Xen) to install under the OS that you put there. That OS that you installed becomes the first VM on your system and the hypervisor goes onto the bare metal.

                                        S 1 Reply Last reply Reply Quote 1
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by scottalanmiller

                                          In both cases, Hyper-V and Xen, the hypervisor has no interface AT ALL. What you see on the box is always the first VM. ESXi was like this until recently. It used to only show you the first VM (which it installed itself and was a Linux VM.) Today ESXi and KVM have both opted for local consoles on the hypervisor itself so they can do this. While Hyper-V and Xen maintain the "console from a VM" design.

                                          1 Reply Last reply Reply Quote 1
                                          • S
                                            Shuey @scottalanmiller
                                            last edited by

                                            @scottalanmiller Thanks for the enlightenment Scott! I can't believe I JUST NOW found out how Hyper-V really works, lol. Better late than never :D.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 3 / 7
                                            • First post
                                              Last post