[...]
GENERAL (HOST):
⎕
Use Server Core, or the Windows Minimal Interface, to reduce OS
overhead, reduce the potential attack surface, and to minimize reboots
(due to fewer software updates).
- Server Core information: http://msdn.microsoft.com/en-us/library/windows/desktop/hh846313(v=vs.85).aspx
- Windows Minimal Interface Information: http://msdn.microsoft.com/en-us/library/windows/desktop/hh846317(v=vs.85).aspx
⎕
Ensure hosts are up-to-date with recommended Microsoft updates, to
ensure critical patches and updates – addressing security concerns or
fixes to the core OS – are applied.
⎕ Ensure all applicable Hyper-V hotfixes and Cluster hotfixes
(if applicable) have been applied. Review the following sites and
compare it to your environment, since not all hotfixes will be
applicable:
- A fellow Microsoft employee, Cristian Edwards, has recently posted a PowerShell script that detects which Hyper-V and Failover Clustering 2012 updates you are missing based on the list updated by the Microsoft Product Group! Check it out here: http://blogs.technet.com/b/cedward/archive/2013/05/24/validating-hyper-v-2012-and-failover-clustering-2012-hotfixes-and-updates-with-powershell.aspx
- Update List for Windows Server 2012 Hyper-V: http://social.technet.microsoft.com/wiki/contents/articles/15576.hyper-v-update-list-for-windows-server-2012.aspx
- List of Failover Cluster Hotfixes: http://social.technet.microsoft.com/wiki/contents/articles/15577.list-of-failover-cluster-hotfixes-for-windows-server-2012.aspx
- Failover Cluster Management snap-in crashes after you install update 2750149 on a Windows Server 2012-based failover cluster:
⎕
Ensure hosts have the latest BIOS version, as well as other hardware
devices (such as Synthetic Fibre Channel, NIC’s, etc.), to address any
known issues/supportability
⎕
Host should be domain joined, unless security standards dictate
otherwise. Doing so makes it possible to centralize the management of
policies for identity, security, and auditing. Additionally, hosts must
be domain joined before you can create a Hyper-V High-Availability
Cluster.
· For more information: http://technet.microsoft.com/en-us/library/ee941123(v=WS.10).aspx
⎕
RDP Printer Mapping should be disabled on hosts, to remove any chance
of a printer driver causing instability issues on the host machine.
- Preferred method: Use Group Policy with host servers in their own separate OU
- Computer Configuration –> Policies –> Administrative Templates –> Windows Components –> Remote Desktop Services –> Remote Desktop Session Host –> Printer Redirection –> Do not allow client printer redirection –> Set to "Enabled
⎕
Do not install any other Roles on a host besides the Hyper-V role and
the Remote Desktop Services roles (if VDI will be used on the host).
- When the Hyper-V role is installed, the host OS becomes the "Parent Partition" (a quasi-virtual machine), and the Hypervisor partition is placed between the parent partition and the hardware. As a result, it is not recommended to install additional (non-Hyper-V and/or VDI related) roles.
⎕ The only Features that should be installed on the host are: Failover Cluster Manager (if host will become part of a cluster), Multipath I/O (if host will be connecting to an iSCSI SAN, Spaces and/or Fibre Channel), or Remote Desktop Services if VDI is being used. (See explanation above for reasons why installing additional features is not recommended.)
[..]
Read the rest from on Technet or from here.
Nincsenek megjegyzések:
Megjegyzés küldése