To virtualize or not....

[fencepost]

is the bare metal Windows Server OS still not counting against your available licences if you install other software on it?

I thought the licensing restriction was on Roles, and I don't think that Desktop Experience is actually a role.

 

[trevm999]

I thought the licensing restriction was on Roles, and I don't think that Desktop Experience is actually a role.

I don't think Desktop Experience is a problem, but aside from being restricted to just the Hyper-V role, are you allowed to install third-party software? For example, wouldn't it not seem right to install a MySQL database on the bare metal Windows Server install and not count it against your OS licences? So can you actually install monitoring software without that OS taking up one of your server licences?

 

[fencepost]

So can you actually install monitoring software without that OS taking up one of your server licences?

Isn't the licensing handled on something of an honor system/audit basis anyway, at least post-activation?

In any case I could be wrong but I'd be astonished if installing remote monitoring/management on the Hyper-V host caused it to be considered as one of the full instances you can run. Frankly the ability to easily install monitoring would be a major factor on the question of "Hyper-V or ESXi?" I guess they could require that you not install monitoring software locally but instead jump through hoops to allow SNMP-based monitoring from another system, but that seems asinine even for the most asinine days of Microsoft.

Remember, it's Microsoft not Oracle.

 

[trevm999]

Isn't the licensing handled on something of an honor system/audit basis anyway, at least post-activation?

In any case I could be wrong but I'd be astonished if installing remote monitoring/management on the Hyper-V host caused it to be considered as one of the full instances you can run. Frankly the ability to easily install monitoring would be a major factor on the question of "Hyper-V or ESXi?" I guess they could require that you not install monitoring software locally but instead jump through hoops to allow SNMP-based monitoring from another system, but that seems asinine even for the most asinine days of Microsoft.

Remember, it's Microsoft not Oracle.

It seems like a very Microsoft thing to do to me. Make something easy to do, have it technically against licensing terms, but never enforce it.

 

[Sky-Knight]

If the desktop experience role is a problem, every single licensed server I've ever worked on is screwed. This includes all systems I've supported remotely configured by other vendors. Dell ships machines setup this way.

I took it to mean you cannot have MSSQL installed on a Hyper-V Host, you cannot have IIS, you cannot have other server level roles. No DNS, no DHCP, it's a blasted hypervisor. Install what you need to manage it, but it's not a production environment. If the installation isn't disposable, it's host a proper host!

I'm aware of no enforcement here, just the audits that are little more than filling out a spread sheet.

 

[Moltuae]

While core mode would probably use the least amount of resources on the host, I wonder about maintaining that remotely. I think I'd prefer to do a full Server install so I could put the monitoring agent on it.

I find it best to use core if adding additional host servers, so that there's at least 1 'full' host server to manage the core servers from. However, you can remotely access a core server using RDP and tools like ScreenConnect and there are other software tools available to make life easier, such as 5nine Manager: https://www.5nine.com/5nine-manager-free-edition/

 

[YeOldeStonecat]

I wouldn't install SQL or any other database engine on a Hyper-V host. Or of course any network service or network role. You want to minimize ANYthing else on that Hyper-V host taking up CPU cycles, RAM, and disk I/O...those should be reserved for the guests. And also the chance of other things you might install on the Hyper-V host causing instability. Hyper-V role is supposed to be "lean and mean!" ....best to leave it that way. ONLY thing I'll install on it is my N-Central agent for remote and monitoring.

I always do the GUI....not the core. For some reason, I just prefer to have the visual desktop on it. And also...at many of my clients there is someone who will occasionally touch the servers, be semi-server savvy....so, nice to have a graphic desktop GUI at that console.

 

[HCHTech]

Re the licensing, I didn't see anything at all that referenced software, only roles. So it appears perfectly fine to install the GUI version of Server2016 (and then install the monitoring agent there) on the host as long as the only role is HyperV - then create two server VMs, all with standard licensing (at least 8 cores licensed per CPU, at least 16 cores licensed per physical server).

@Moltuae is correct that I could RDP into the core install, but I think I'm with @YeOldeStonecat that a GUI install is friendlier - both for me and anyone onsite I might be trying to talk through something.

One more comment, since you have to shutdown the VMs to reboot the host, maintenance will have to be carefully planned. Definitely different than when you have mulitple physical servers.

I'm getting excited to do this now - I'll be putting the quote together this week. Thanks everyone for being so willing to share your experiences - another testament to the value of TN.

 

[Markverhyden]

If the desktop experience role is a problem, every single licensed server I've ever worked on is screwed. This includes all systems I've supported remotely configured by other vendors. Dell ships machines setup this way.

I took it to mean you cannot have MSSQL installed on a Hyper-V Host, you cannot have IIS, you cannot have other server level roles. No DNS, no DHCP, it's a blasted hypervisor. Install what you need to manage it, but it's not a production environment. If the installation isn't disposable, it's host a proper host!

I'm aware of no enforcement here, just the audits that are little more than filling out a spread sheet.

My understanding as well. I was going to trying installing some other things, just for testing purposes, but never got around to it.

 

[YeOldeStonecat]

One more comment, since you have to shutdown the VMs to reboot the host, maintenance will have to be carefully planned. Definitely different than when you have mulitple physical servers..

Yes it changes your maintenance...and how you do things. To run maintenance on the host, it takes down the guests? So...plan accordingly. I usually do my clients server maintenance in the early mornings, so on Hyper-V hosts...I gotta leave a bigger window. Or stage it...with downtime sprinkled across a few days. On smaller setups I'll update the guests, and while they're updating I'll kick off the download/install on the H-V host..and then power down the guests..and then bounce the host.

I have the guests set to auto start. Set the DC first...and stage the additional servers like 90 seconds or more after that (adjust accordingly based on performance)..so that they have a DNS server to contact on their bootup.

Some tips when spec'ing a host...you'll have less problems with Intel NICs...so I always quote at least a dual port if not quad port Intel NIC...leaving the default onboard NICs (usually Broadcoms) for just the management..or even disabling those all together. Non-Intel NICs can sometimes lead to odd quirks like virtual switches falling asleep...certain advanced settings within the NIC that have to be tickled...and even then they can act up.

 

[Moltuae]

One more comment, since you have to shutdown the VMs to reboot the host, maintenance will have to be carefully planned. Definitely different than when you have mulitple physical servers.

You can specify how each of the running VMs are handled during shutdown and startup. For example, I prefer to have the host server suspend/save any 'user servers' such as RDSH servers, in order to preserve any open user files, but I have the host fully shutdown any VM that contains a database, such as a DC or an SQL server, to reduce the risk or data corruption. On startup, I have the DCs start immediately, followed 30 seconds or so later by any SQL servers, etc, and lastly the RDSH servers.

If you have more than one host server there's some really cool maintenance features you can make use of, such as live migration. I have a few customers that have multiple host servers which contain multiple DCs and multiple RDSH servers. When I need to reboot a host server, I can live-migrate all the necessary VMs to another host, without the users even noticing. The RDSH servers are grouped into 'collections' so, when I need to take one of those down, I just block new logins to that server and wait until everyone is out of it. Any new logins get redirected to any other available RDSH server. Even though you're only installing a single server in this instance, by virtualising everything in the same way, it makes it possible to take advantage of those features later should you need to add another server later or replace it.

 

[fencepost]

there are other software tools available to make life easier, such as 5nine Manager

I know they have a free version at that link, but sites that insist that I contact and be contacted by their sales team just to find out pricing truly irritate me and invite one-off email addresses like "ihatef*ckingmandatorysalescontacts@example.com"

It's the same kind of thing where I ask "How much does it cost?" "Well, let's talk about your needs." "Oh, so it's more than $10,000 then? OK, I can't afford it." "No, it's less than that." "Ah, $9,999?" "No, can we talk about what your needs are?" "My need is to stop wasting time playing 20 questions just to find out how hard a sell you're going to try to give me."

Edit: Actually, I should have phrased that last sentence differently: "My need is to stop trying to find out just how hard you're going to make it for me to give you money."

 

[Moltuae]

I know they have a free version at that link, but sites that insist that I contact and be contacted by their sales team just to find out pricing truly irritate me and invite one-off email addresses like "ihatef*ckingmandatorysalescontacts@example.com"

It's the same kind of thing where I ask "How much does it cost?" "Well, let's talk about your needs." "Oh, so it's more than $10,000 then? OK, I can't afford it." "No, it's less than that." "Ah, $9,999?" "No, can we talk about what your needs are?" "My need is to stop wasting time playing 20 questions just to find out how hard a sell you're going to try to give me."

I find that irritating too and it puts me off purchasing, no matter how good the product may seem. Had the price been advertised (and was reasonable) I would probably have purchased it because it is a good piece of software. As it is, I've only ever used the free version because it was sufficient for my needs and I couldn't be bothered asking for a quote for the full version.

 

[Sky-Knight]

Hyper-V maintenance on an all SSD based server is trivial.

First of all, set the shutdown action for your guests to SHUTDOWN, not save. This will save you time and drive space. Then you configure auto restart for the VMs. You can use save state as well if you'd like, but I've had intermittent issues with network connectivity problems. And unless you're working with a server that has people on it 24/7, you shouldn't have files open at 2am.

You do updates on the server, because the RMM agent did them for you at 2am, and reboots the server. The VMs shutdown, the host updates, the server restarts, the VMs restart.

I haven't manually updated a Hyper-V host in ages. It does that crap for me.

 

[Sky-Knight]

Systems have to be restarted, and you can use GPOs to schedule all reboots on a server. With server 2016 by default it's actually not set to automatically update! It's set to download, and force the admin to install. It WILL NOT REBOOT OR AUTO INSTALL ANYTHING.

And if you want to change it, you just run sconfig.cmd from an admin command prompt.

There are things to complain about, this isn't one of them.

 

[YeOldeStonecat]

I haven't manually updated a Hyper-V host in ages. It does that crap for me.

Just a "faith" thing for me...RMM does workstations, but I always do servers manually..under control. That way I have no surprises at 0700 or 0800 when staff come in and find their LOB app ain't runnin'. Or while I'm on vacation (was just in Negril Jamaica all last week...I prefer no calls!) Some LOB apps will bite you in the arse...something fails to start cuz some update tickled it the wrong way.

 

[Sky-Knight]

Just a "faith" thing for me...RMM does workstations, but I always do servers manually..under control. That way I have no surprises at 0700 or 0800 when staff come in and find their LOB app ain't runnin'. Or while I'm on vacation (was just in Negril Jamaica all last week...I prefer no calls!) Some LOB apps will bite you in the arse...something fails to start cuz some update tickled it the wrong way.

I'm very similar, which is why I configure exceptions in the reboot schedule on the RMM tool when I'm going out of town. The surprises at 7 or 8am are just part of the job. Better to deal with that than missing critical updates on servers.

 

[YeOldeStonecat]

The surprises at 7 or 8am are just part of the job. Better to deal with that than missing critical updates on servers.

The untimely surprises are only part of the job if you let them be. I'd rather tend to each client a couple at a time, have things done and tested by 0600 or 0700 or 0800...and then I can relax and proceed to other things that morning like projects and onsite installs. And I still don't miss updates on servers.

Actually there's a danger of letting auto updates push in updates too early...believe it or not Microsoft sometimes released a bad patch on a Tuesday...can cause problems. We address that for workstations by having our RMM patcher force out on Thur or Fri depending on client..gives MS 2x days to pull and re-release a patch. Not a risk I'm willing to take and cause myself more volunteer "fix it" time first thing in a morning.

There's a reason we charge a lot for servers on our silver 'n gold MSP plans. It's one thing we still do manually just to avoid more emergencies. I'm up at 0430 getting things rolling.

 

[Sky-Knight]

The untimely surprises are only part of the job if you let them be. I'd rather tend to each client a couple at a time, have things done and tested by 0600 or 0700 or 0800...and then I can relax and proceed to other things that morning like projects and onsite installs. And I still don't miss updates on servers.

Actually there's a danger of letting auto updates push in updates too early...believe it or not Microsoft sometimes released a bad patch on a Tuesday...can cause problems. We address that for workstations by having our RMM patcher force out on Thur or Fri depending on client..gives MS 2x days to pull and re-release a patch. Not a risk I'm willing to take and cause myself more volunteer "fix it" time first thing in a morning.

There's a reason we charge a lot for servers on our silver 'n gold MSP plans. It's one thing we still do manually just to avoid more emergencies. I'm up at 0430 getting things rolling.

The RMM tool I use deploys updates to all Windows stations based on their own internal testing, so all updates are delayed by at least two weeks while they do that for me. I haven't had a bad update hit anything desktop or server since I started using the tool. With one notable exception, and that was a very strange fault that will never repeat. For the rest... Datto.

 

[YeOldeStonecat]

I often see .NET updates tank an LOB app. Not a bad Microsoft update..just... a .NET update. A lot of healthcare software is wicked pissy too of aggressive update schedules..surprisingly..for a niche so hell bent on security thus updates...their apps are often quite behind and twitchy!