ltstudiooo - Fotolia
There are various Hyper-V templates that IT administrators can create and deploy through System Center Virtual Machine Manager, such as Hyper-V VM templates and VIP templates. The process is fairly easy, but there are a few best practices that admins can employ to prevent errors and failures.
Hyper-V templates provide the ability to create and deploy VMs quickly, bolster VM security with shielded VMs and reduce network congestion through workload balancing. The templates rely on the SCVMM and require specific configurations depending on which template admins decide to create.
Ease Hyper-V VM template creation
Before creating and using Hyper-V templates, admins must install and deploy the SCVMM.
From there, admins should select a base object to create the VM template, which can either be an existing VM template, a virtual hard disk within the library or a VM. Admins can then assign a name to the template and configure the virtual hardware settings and operating settings the VM will use.
Though not every VM is a viable template candidate. The VM's system partition must be the same as the Windows partition. Otherwise, admins can't use the VM as a source to create their templates.
Admins should also Sysprep a VM's virtual hard disk before creating a Hyper-V VM template. This is because the VM's configuration must be generic enough for admins to use it as a template. Admins must also assign an administrative password to VMs. The creation process will fail without a password.
Build a VM template without errors
VM template creation requires specific steps to prevent unnecessary errors. Prior to VM template construction, admins must first ensure they have an existing object to use as a template base. If admins use an existing VM, they should clone the VM to ensure it remains unharmed in the event of a template creation failure.
Admins that create an SCVMM template from a Linux VM must install the SCVMM agent on the VM, clear any network rules and proceed to shut down the VM. Admins should then make a copy of the VM's hard disk and store it in the SCVMM library.
Additionally, admins should check whether the VM they choose is domain-joined. A domain-joined VM connects to an Active Directory domain, which can introduce security risks down the line.
Admins should keep in mind that VM templates aren't designed to include or run preinstalled applications. If admins decide to automate application servers with VM templates, they must have an application profile.
Create a shielded VM in four steps
Hyper-V shielded VMs help protect against a compromised host of fabric through a BitLocker-encrypted virtual Trusted Platform Module. The system only runs a shielded VM on approved virtualization hosts.
The first step to creating a shielded VM is to create and prepare the OS disk. The OS disk must have a globally unique identifier, and the disk type must be basic. The disk needs two or more partitions. Admins must also install a specific version of Windows Server, such as Windows Server 2019, Windows Server 2012, Windows 10, Windows 8.1 or Windows 8, as well as generalize the OS with the Sysprep tool.
In the second step, admins need to run the Shielded Template Disk Creation Wizard, which generates a hash for the OS disk and adds it to the disk volume. Admins must then specify required settings, such as certificate verification, in the wizard and click on the Generate button to generate the template disk.
The third step is to copy the template disk to the SCVMM library, which enables admins to deploy the shielded disk. After the upload, admins must click OK and go to Library Servers > Library Share > MSSCVMMLibrary > VHDs to check that the disk appears with a small shield icon, which signifies that the disk has shielded technology.
The final step is to create the template that includes the shielded VM disk in SCVMM. Admins can go to the library workspace and click on Create VM Template. Next, admins should navigate to the Select Source page and select Use an existing VM Template or Virtual hard disk and follow the steps on screen.
Control load balancing with SCVMM VIP templates
SCVMM provides admins with a virtual IP template that can define load-balancer configuration settings for network traffic. Through the SCVMM management console, admins can define load-balancer configurations inside the fabric workspace.
In this workspace, admins should expand the Networking section and locate the VIP template container where they can then select the Create VIP template command. SCVMM then launches the Load Balancer VIP Template Wizard, but admins must confirm that they have a virtual IP port and back-end port before continuing.
The VIP Template Wizard offers two options: Use a generic load balancer, or specify a specific load balancer for the VIP template. SCVMM only acknowledges the Microsoft Network Load Balancing (NLB) service.
In clicking Next, admins have another list of options. If admins chose the generic option, they must choose either HTTP, HTTPS passthrough or HTTPS terminate. If admins selected the Microsoft NLB service, they can choose TCP, UDP or both.
Once admins make a choice, they will see a Persistence screen. If admins chose the Microsoft NLB service, this is the last screen they will see. But with the generic option, they have a few more choices to make, such as selecting load-balancer health monitoring and load-balancing methods.
Export and back up SCVMM service templates
Admins can create several SCVMM templates, which can make it difficult to keep track and reconfigure these templates. But exporting and backing up SCVMM templates eliminates the need for reconfiguration, saving admins time and effort.
There are multiple ways to back up SCVMM templates. If admins only require exporting SCVMM templates, they can either use PowerShell cmdlets in the SCVMM console, which reduces the amount of time it takes to perform an export.
Admins can use the Export-SCTemplate cmdlet to export SCVMM service templates. In addition, admins can query SCVMM service templates with the Get-SCVMTemplate cmdlet.