wintel admin newdocx (2)
TRANSCRIPT
Interview Questions Low Level
http://www.learnmsexchange.com/windows-servers/windows-server-2012/active-directory/606-what-is-data-deduplication-in-windows-server-2012.htmlhttp://websites.dawateislami.net/html/tawizateattaria/index.php/books/https://10.137.2.30:9443/vsphere-client/http://www.acnc.com/raidedu/0http://www.ameer-e-ahlesunnat.net/urdu/http://www.vmwareclassmumbai.com/learning/http://www.vmadmin.co.uk/resources/35-esxserver/274-esxi5install Importanthttp://vmwarelearning.com/http://www.omnisecu.com/windows-2008/index.phphttp://www.slideshare.net/raju8312/windows-server2008interviewquestionsanswersguidehttp://www.youtube.com/watch?v=-92V95F-Hsg(DNS AND DHCP IN HINDI)http://www.3202avew.com/common/FTLabSimulation.swf FT practicalhttp://pubs.vmware.com/vsphere-4-esx vcenter/index.jsp?topic=/com.vmware.vsphere.vmadmin.doc_41/vsp_vm_guide/managing_virtual_machines/c_about_snapshots.htmlhttp://www.petenetlive.com/KB/Article/0000301.htmFor the replicationhttp://resources.infosecinstitute.com/windows-server-update-services/ =>wsushttps://sites.google.com/site/vishnuprasadcb/Home/69-dns-interview-questions-answers IMPhttp://interviewfaq.co.in/windows/active-directory
What is Operating System? Ans: - Operating System works as an interpreter between computer hardware and application. Operating System works as a user interface. Types of Operating System? Ans: - There are two types of Operating System—
1. SOS – Simple Operating System as for example – Windows 95, 98, ME2. NOS – Network Operating System as for example – Windows NT, 2000, 2003
What is RAS Server?Ans: - RAS stands for Remote Access Server. It is basically use for mobile user in the network. This Server provides the remote access connectivity for mobile user. In this way all of the mobile users are connected to server through telephone line. This Server also provides the connectivity between two or more Offices in the Network. What is VPN Server?Ans:-VPN stands for Virtual Private Network. It is basically use for mobile user in the network. This Server provides the remote access connectivity for mobile user. In this way all of the mobile users are connected to server through internet. This Server also provides the connectivity between two or more Offices in the Network. VPN is Cost Effective (No costly). What is IAS Server?Ans: - IAS stands for Internet Authentication Services. IAS Server is also known as RADIUS Server. IAS Server Provides the centralized management of multiple RAS & VPN Servers in the Network. On this Server Remote Access Policy and Remote Access Logging Options are available.
FAT/NTFS?Ans: - There is major differences are available between FAT and NTFS File System such as FAT
· Fat stands for File Allocation Table· There are two categories in Fat File System
O Fat 16O Fat 32
· In Fat up To Folder Level Security is available· Compression Option is not available· Encryption Option is not available· Disk Quota Option is not available· FAT Supported By All ofthe Microsoft Based Operating System
NTFS . NTFS stands for New Technology File System
· There are three categories in NTFS file Systemo NTFS 4.0 – NT O/So NTFS 5.0 – 2000 O/So NTFS 6.0 – 2003O/S
· In NTFS Up-to File Level Security is available· Compression Option is available· Encryption Option is available· Disk Quota Option is Available· NTFS Supported By only Limited Microsoft Based Operating System
What is the benefit of Child Domain?Ans: -There are many benefits of Child Domain Such As—0. Security Boundary1. Administrative Overhead Low2. Network Traffic Low
Difference between Permission, Right and Policy?Ans: - Permission – Permission are basically assigned on network resources as for example – File, Folder, Share Folder, PrinterRight – Right is basically assign to users and groups.Policy – Policy are basically assigned on active directory container i.e. - Site, Domain, OU.
What is ISA Server?Ans: - ISA stands for Internet Security Acceleration. ISA Server Provides the Internet connectivity for all of the users in network ISA server also works as a Proxy Server in the network. With the help of ISA Server Administrator can Filtering a Client request For a Specific Web site in the Network. What is Default Gateway?Ans: - Default Gateway is the IP Address of Router in the network. Whenever any clients want to go to another network that query will forward to Default Gateway. * What is Operation Master Role? Ans: - Operation Master Role is available on Domain controller in the Network. There are five types of Operation Master Role –1. Schema Master
2. Domain Naming Master3. RID Master4. PDC Emulator5. Infrastructure Operation Master Role
Difference between Mixed Mode and Native Mode?Ans: -There are three types of domain mode— Mixed Mode – In this mode NT, win 2k and win 2k3 D.C are available. Win 2k Native Modes – In this mode Win 2k And win 2k3 D.C are available. Win 2k3 Native Mode – In this mode only win 2k3 D.C are available.
Trunk: Trunks are used to interconnect switches to form networks, and to interconnect local area networks (LANs) to form wide area networks (WANs) or virtual LANs (VLANs). A trunk often consists of multiple wires, cables, or fiber optic strands to maximize the available bandwidth and the number of channels that can be accommodated. A trunk can also be a broadband wireless link. The use and management of trunks in a communications system is known as trunking. It minimizes the number of physical signal paths, and thus the total amount of cable hardware, required to serve a given number of subscribers in a network
Supported hardware capabilities across editions of Windows Server
Criteria Web Standard Enterprise Datacenter
Number of physical CPUs 2 1–4 1–8 8–64
Maximum supported RAM
IA-32 2 GB 4 GB 64 GB 64 GBx64 N/A 32 GB 1 TB 1 TBItanium N/A N/A 2 TB 2 TB
What is SCSI?SCSI stands for Small Computer System Interface. In SCSI the rate of data transmission is fast. SCSI Hard Disk Speed—R.P.M is fast In SCSI Data Transmission Speed Is 320 MBPS in the Network. In SCSI Controller We Can connect Maximum 15 physical Devices in the System. What are A-Host Record and PTR Record? Ans: -A record is also called host record. This record is basically created in forward lookup Zone. PTR record is also called pointer record. This record is basically created in reverse lookup Zone. What is telnet?Telnet is a protocol that allows you to connect to remote computers (called hosts) over a TCP/IP network (such as the Internet). Using telnet client software on your computer, you can make a connection to a telnet server (i.e., the remote host). Once your telnet client establishes a connection to the remote host, your client becomes a virtual terminal, allowing you to communicate with the remote host from your computer. In most cases, you'll need to log into the remote host, which requires that you have an account on that system. Occasionally, you can log in as guest or public without having an account.
*What is Reservation?
Ans: - Reservation Is Basically used In DHCP Server. When Ever we want This Computer Is Always received This IP address From DHCP Server in The network, in That Case we create a Reservation in DHCP Server Of that particular Computer in The Network.
Where is the AD database held? What other folders are related to AD?The AD data base is store in c:\windows\ntds\NTDS.DIT.
What is the SYSVOL folder?First, the SYSVOL folder has to be located on a Windows NTFS volume. The information stored in the SYSVOL folder is replicated on all domain controllers’ local disk via the File Replication Service (FRS), which must be installed for the operation to work properly.The sysVOL folder stores the server's copy of the domain's public files. The contents such as group policy, users etc. of the sysvol folder are replicated to all domain controllers in the domain.
Which is service in your windows is responsible for replication of Domain controller to another domain controller.KCC generates the replication topology.Use SMTP / RPC (Remote Procedure Call) to replicate changes.
What System State data contains ? Contains Startup filesRegistryCom + Registration DatabaseMemory Page fileSystem filesAD informationCluster Service informationSYSVOL Folder
Definition - What does Hardening mean? Hardening refers to providing various means of protection in a computer system. Protection is provided in various layers and is often referred to as defense in depth. Protecting in layers means to protect at the host level, the application level, the operating system level, the user level, the physical level and all the sublevels in between. Each level requires a unique method of security.
A hardened computer system is a more secure computer system.
Explains Hardening Hardening’s goal is to eliminate as many risks and threats to a computer system as necessary. Hardening activities for a computer system can include:
Keeping security patches and hot fixes updated Monitoring security bulletins that are applicable to a system’s operating system and applications Installing a firewall Closing certain ports such as server ports Not allowing file sharing among programs Installing virus and spyware protection, including an anti-adware tool so that malicious software
cannot gain access to the computer on which it is installed Keeping a backup, such as a hard drive, of the computer system Disabling cookies Creating strong passwords
Never opening emails or attachments from unknown senders Removing unnecessary programs and user accounts from the computer Using encryption where possible Hardening security policies, such as local policies relating to how often a password should be
changed and how long and in what format a password must be in.
What is difference between Server 2003 vs 2008?1. Virtualization. (Windows Server 2008 introduces Hyper-V (V for Virtualization) but only on 64bit versions. More and more companies are seeing this as a way of reducing hardware costs by running several 'virtual' servers on one physical machine.) 2. Server Core (provides the minimum installation required to carry out a specific server role, such as for a DHCP, DNS or print server)3. Better security. 4. Role-based installation. 10.137.36.213-prod5. Read Only Domain Controllers (RODC). 6. Enhanced terminal services. 7. Network Access Protection - Microsoft's system for ensuring that clients connecting to Server 2008 are patched, running a firewall and in compliance with corporate security policies. 8. PowerShell - Microsoft's command line shell and scripting language has proved popular with some server administrators.9. IIS 7 .10. Bitlocker - System drive encryption can be a sensible security measure for servers located in remote branch offices. >br>the main difference between 2003 and 2008 is Virtualization, management. 2008 has more in-build components and updated third party drivers. 11. Windows Aero.
RODCFirewallWDS instead of RISHyper-V (Only in 64 Bit Version) SMB 2.0 support, default is smb 1.0IIS7Services as Roles - Telnet, TFTP etc.Power Shall - Built-inBitlockerShadow Copy for each & every foldersBoot Sequence - BSDAdvanced Resource MonitorFull Installation & Core InstallationNo need physical media for installation of Roles/FeaturesDisk Quota not for drive only, for folders too.Enhanced Disk ManagementUACUpdated support for Advanced Configuration and Power Interface (ACPI)
What are the logical components of Active Directory? Domains, Organizational Units, trees and forests are logical components of Active Directory.
What are the Active Directory Partitions? Active Directory database is divided into different partitions such as Schema partition, Domain partition, and Configuration partition. Apart from these partitions, we can create Application partition based on the requirement
How do you view replication properties for AD partitions and DCs?By using replication monitor go to start > run > type repadmingo to start > run > type replmon
IP Address Range/Classes?Ans: - There are two types of IP address 1. Class Full IP Address2. Class Less IP AddressClass Full IP Address – There are five classes – 1. Class A – 0 – 126 (127 is reserved for Loop back)2. Class B – 128 – 1913. Class C – 192 – 2234. Class D – 224 – 2395. Class E – 240 – 255 Difference between Hardware Router and Software Router?Ans: - Hardware Router – Hardware Router is a dedicated Router. It’s having a lot of features such as security, dedicated routing in the network. As for example Cisco Router. Software Router – Software Router is not a dedicated Router. It provides the different services also, such as DNS server, DHCP Server. i.e.—Windows Based Router.
Difference between Hardware Firewall and Software Firewall?Ans: -Hardware Firewall – It is a dedicated Firewall. A lots of security features are available on hardware based firewall. As for example— Cisco pix Firewall.Software Firewall – It is not a dedicated Firewall. Its provides the normal security in the network—check point What is Domain Controller? Ans: - D.C stands for domain controller. It provides the centralized management of entire domain in the network. Whenever we will install active directory database on a server side operating system, then after that system becomes a D.C. Domain Controller manages all security related Interaction between users and Computers in The Network.
What is B Router?Ans: - B Router stands for Bridge Router. We can say this is a layer three bridge that provides the communication between two or more different network ID. What is Bridge?
Ans: -Bridge is a layer 2 network device that provides the communication within the same network id. In Bridge Maximum 16 ports are available.
Difference between Gateway and Router?Ans: - Router works on same network architecture but Gateway works on different network architecture. *What is POP Server/SMTP Server?Ans: - POP stands for Post Office Protocol. It is basically use for mail receiving purpose in the network. SMTP stands for Simple Mail Transfer Protocol. It is basically use for sending a mail as well as receiving a mail in the network. *What is Active Directory Partitions?Ans: -Active directory Partition Is a Logical Partition Of active directory. This Partition Is Basically Use for replication from D.C To A.D.C & D.C to G.C.S (Global Catalog server) in the Network. There are three Types Of active Directory partition—1. Schema partition2. Configuration Partition3. Domain Partition
*Types of Active Directory Partitions? Ans: - There are three types of Active Directory partition –1. Schema Partition2. Configuration Partition3. Domain Partition *What is the Function of Ping Command?Ans: -Ping provides to check the Physical/IP Connectivity between two or more devices in the network. Ping sends an ICMP request from source computer to destination computer and destination computer sends an ICMP reply.
*What are Broadcasting, Multicasting and unicasting?Ans: - Broadcasting – One to AllMulticasting – One to many not allUnicasting – One to One *What is Group Nesting? Ans: -When we add two or more Groups within a Single Group, it is called Group Nesting.
*What is FIXMBR? Ans: - FIXMBR Repair the Master boot Record of the Partition Boot Sector. What is FIXBOOT?Ans:FIXBOOT write a new Partition Boot Sector on to the system Partition.
*What is SID?Ans:-SID stands for Security Identifier. Every Object has a unique ID, it is called SID.
*What is RADIUS Serer?Ans: -RADIUS Stands for Remote Authentication Dial-in User Service. RADIUS Server Provides the Centralized management of Multiple RAS & VPN Server in the Network. On this Server Remote Access Policy and Remote Access Logging Options are available. What is Trusting Domain?Ans: In Trusting Domain Resources are available. What is Trusted Domain? Ans: -In Trusted Domain User Accounts are available. What is Microsoft Exchange Server?Ans: - Microsoft Exchange Server is Software that provides the services such as sending & receiving the Mail. What is Domain Controller? Ans: - D.C stands for domain controller. It provides the centralized management of entire domain in the network. Whenever we will install active directory database on a server side operating system, then after that system becomes a D.C. Domain Controller manages all security related Interaction between users and Computers in The Network. What is the booting file Of Windows 2000/2003/xp O/s? Ans:-
1. NTLDR2. NTDETECT.COM3. BOOT.INI4. NTBOOTDD.SYS5. NTOSKRNL.EXE
What is migration?Ans: -It is basically use for converting NT, 2000 network to 2003 network. There are two types of migration—1Upgrading – In upgrading Process maintains current domain model. As for Example—Before Migration three domains are available and after Migration again three domains are Available.2 Restructuring – In restructuring Process no maintain current domain models. As for example- Before Migration three domains are available and after Migration May Be one domain will be Available. What Is Schema?Ans: -Schema basically reads The Attributes and defines The Classes. Such As User class, Printer Class, Computer Class. What is Stub Zone? Ans: - STUB Zone is a pointer Record of Sub Child domain in the network. STUB Zone provides the directly communication Between Parent domain and Sub child domain. If any case middle level DNS Will Down in That case Parent and Sub Child Domain are still communicating with each other in the network. What Is Shadow Copy?Ans: - Shadow Copy provides the automatic Backup Of any particular shared Folder in The Network. Shadow copy provides the No. of previous version Backup of Any particular Shared folder in
the Network. In any time we can View and restore Of Any Previous Version Backup Of that particular Folder. This Is the New features of windows 2003 Operating System.Shadow Copy, is a technology included in Microsoft Windows that allows taking manual or automatic backup copies or snapshots of data, even if it has a lock, on a specific volume at a specific point in time over regular intervals.
Difference between IP V-4 and IP V-6?Ans: -There is major difference between IP V.4 and IP V.6 such as –
1. In IP V.4 is a 32 bits IP Address but IP v.6 128 bits IP Address.2. IP v.4 is a Decimal Format, but IP V.6 is Hexa-Decimal Number.3. IP V.4 has 4 Octets, but IP V.6 has 16 Octets.4. IP V.4 is supported by Operating System, but IP V.6 is supported by only some Operating System.5. In IP V.4 only limited number of IP Address are available, but in IP V.6 a number of IP Addresses are available.
What is group policy in active directory? What are Group Policy objects (GPOs)?Group Policy objects, other than the local Group Policy object, are virtual objects. The policy setting information of a GPO is actually stored in two locations: the Group Policy container and the Group Policy template.The Group Policy container is an Active Directory container that stores GPO properties, including information on version, GPO status, and a list of components that have settings in the GPO.The Group Policy template is a folder structure within the file system that stores Administrative Template-based policies, security settings, script files, and information regarding applications that are available for Group Policy Software Installation.The Group Policy template is located in the system volume folder (Sysvol) in the Policies subfolder for its domain.
What are administrative templates? Administrative Templates are a feature of Group Policy, a Microsoft technology for centralized management of machines and users in an Active Directory environment. Administrative Templates facilitate the management of registry-based policy. An ADM file is used to describe both the user interface presented to the Group Policy administrator and the registry keys that should be updated on the target machines.An ADM file is a text file with a specific syntax which describes both the interface and the registry values which will be changed if the policy is enabled or disabled.
What is a site? What are they used for?One or more well-connected (highly reliable and fast) TCP/IP subnets.A site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network.A Site object in Active Directory represents a physical geographic location that hosts networks. Sites contain objects called Subnets.Sites can be used to Assign Group Policy Objects, facilitate the discovery of resources, manage active directory replication, and manage network link traffic.Sites can bse linked to other Sites. Site-linked objects may be assigned a cost value that represents the speed, reliability, availability, or other real property of a physical resource. Site Links may also be assigned a schedule.
How do you configure a stand-by operation master for any of the roles? # Open Active Directory Sites and Services.# Expand the site name in which the standby operations master is located to display the Servers folder.
# Expand the Servers folder to see a list of the servers in that site.# Expand the name of the server that you want to be the standby operations master to display its NTDS Settings.# Right-click NTDS Settings, click New, and then click Connection.# In the Find Domain Controllers dialog box, select the name of the current role holder, and then click OK.# In the New Object-Connection dialog box, enter an appropriate name for the Connection object or accept the default name, and click OK.
How do I use Registry keys to remove a user from a group?In Windows Server 2003, you can use the dsmod command-line utility with the -delmbr switch to remove a group member from the command line. You should also look into the freeware utilities available from www.joeware.net. ADFind and ADMod are indispensable tools in my arsenal when it comes to searching and modifying Active Directory.
What is the ISTG? Who has that role by default?Windows 2000 Domain controllers each create Active Directory Replication connection objects representing inbound replication from intra-site replication partners. For inter-site replication, one domain controller per site has the responsibility of evaluating the inter-site replication topology and creating Active Directory Replication Connection objects for appropriate bridgehead servers within its site. The domain controller in each site that owns this role is referred to as the Inter-Site Topology Generator (ISTG).
What is difference between Server 2003 vs 2008? asmbng1. Virtualization. (Windows Server 2008 introduces Hyper-V (V for Virtualization) but only on 64bit versions. More and more companies are seeing this as a way of reducing hardware costs by running several ‘virtual’ servers on one physical machine.)2. Server Core (provides the minimum installation required to carry out a specific server role, such as for a DHCP, DNS or print server)3. Better security.4. Role-based installation.5. Read Only Domain Controllers (RODC).6. Enhanced terminal services.7. Network Access Protection – Microsoft’s system for ensuring that clients connecting to Server 2008 are patched, running a firewall and in compliance with corporate security policies.8. PowerShell – Microsoft’s command line shell and scripting language has proved popular with some server administrators.9. IIS 7.10. Bit locker – System drive encryption can be a sensible security measure for servers located in remote branch offices. >br>the main difference between 2003 and 2008 is Virtualization, management. 2008 has more in-build components and updated third party drivers.11. Windows Aero.
Which Windows Server 2008 tools make it easy to manage and configure a server’s roles and features?The Server Manager window enables you to view the roles and features installed on a server and also to quickly access the tools used to manage these various roles and features. The Server Manager can be used to add and remove roles and features as needed.What Windows Server 2008 service is used to install client operating systems over the network?Windows Deployment Services (WDS) enables you to install client and server operating systems over the network to any computer with a PXE-enabled network interface.
What domain services are necessary for you to deploy the Windows Deployment Services on your network?Windows Deployment Services requires that a DHCP server and a DNS server be installed in the domainWhat is the difference between a basic and dynamic drive in the Windows Server 2008 environment?A basic disk embraces the MS-DOS disk structure; a basic disk can be divided into partitions (simple volumes).Dynamic disks consist of a single partition that can be divided into any number of volumes. Dynamic disks also support Windows Server 2008 RAID implementations.What is the Global Catalog?A global catalog server is a domain controller. It is a master searchable database that contains information about every object in every domain in a forest. The global catalog contains a complete replica of all objects in Active Directory for its host domain, and contains a partial replica of all objects in Active Directory for every other domain in the forest.It has two important functions:Provides group membership information during logon and authenticationHelps users locate resources in Active Directory
What are Active Directory sites in Windows Server 2008?Active Directory sites are physical locations on the network’s physical topology. Each regional domain that you create is assigned to a site. Sites typically represent one or more IP subnets that are connected by IP routers. Because sites are separated from each other by a router, the domain controllers on each site periodically replicate the Active Directory to update the Global Catalog on each site segment.
Can servers running Windows Server 2008 provide services to clients when they are not part of a domain?Servers running Windows Server 2008 can be configured to participate in a workgroup. The server can provide some services to the workgroup peers but does not provide the security and management tools provided to domain controllers.What is Active Directory? Active Directory is a Meta Data. Active Directory is a data base which store a data base like your user information, computer information and also other network object info. It has capabilities to manage and administor the complite Network which connect with AD.
I am trying to create a new universal user group. Why can’t I?Universal groups are allowed only in native-mode Windows Server 2003 environments. Native mode requires that all domain controllers be promoted to Windows Server 2003 Active Directory.
What is LSDOU?Its group policy inheritance model, where the policies are applied toLocal machines, Sites, Domains and Organizational Units.
What are the resource records in DNS? A (Address) Maps a host name to an IP address. When a computer has multiple adapter cards and IP addresses, it should have multiple address records.
CNAME (Canonical Name) sets an alias for a host name. For example, using this record, zeta.tvpress.com can have an alias as www.tvpress.com.
MX (Mail Exchange) specifies a mail exchange server for the domain, which allows mail to be delivered to the correct mail servers in the domain.
NS (Name Server) specifies a name server for the domain, which allows DNS lookups within various zones. Each primary and secondary name server should be declared through this record.
PTR (Pointer) creates a pointer that maps an IP address to a host name for reverse lookups. SOA (Start of Authority) declares the host that is the most authoritative for the zone and, as such, is
the best source of DNS information for the zone. Each zone file must have an SOA record (which is created automatically when you add a zone).
What is Aging and Scavenging?DNS servers running Windows Server support aging and scavenging features. These features are provided as a mechanism to perform cleanup and removal of stale resource records from the server and zone. This feature removes the dynamically created records when they are stamped as stale.
By default, the aging and scavenging mechanism for the DNS Server service is disabled. Scavenging and aging must be enabled both at the DNS server and on the zone
What is Forwarding in DNS?A forwarder is a feature in DNS server that is used to forward DNS queries for external DNS names to DNS servers outside of that network. We can configure a DNS server as a forwarder to forward the name query to other DNS servers in the network when they cannot resolve locally to that DNS server.
What is Conditional Forwarding in DNS?We can configure the DNS server to forward queries according to specific domain names using conditional forwarders. In this case query is forward to an IP address against a DNS domain name.
What are Queries types in DNS?Recursive Query: This name queries are generally made by a DNS client to a DNS server or by a DNS server that is configured to pass unresolved name queries to another DNS server, in the case of a DNS server configured to use a forwarder.
Iterative Query: An iterative name query is one in which a DNS client allows the DNS server to return the best answer it can give based on its cache or zone data. If the queried DNS server does not have an exact match for the queried name, the best possible information it can return is a referral. The DNS client can then query the DNS server for which it obtained a referral. It continues this process until it locates a DNS server that is authoritative for the queried name, or until an error or time-out condition is met.
What are Tools for troubleshooting of DNS?DNS Console, NSLOOKUP, DNSCMD, IPCONFIG, DNS Logs. How to check DNS health?Using the DCdiag.i.e. (dcdiag /test:dns /v /e)
Trying to look at the Schema, how can I do that ?register schmmgmt.dll using this commandc:windowssystem32>regsvr32 schmmgmt.dllOpen mmc –> add snapin –> add Active directory schemaname it as schema.mscOpen administrative tool –> schema.msc
What is forests? A collection of one or more domain trees with a common schema and implicit trust relationships between them. This arrangement would be used if you have multiple root DNS addresses.
How to Select the Appropriate Restore Method?You select the appropriate restore method by considering:Circumstances and characteristics of the failure. The two major categories of failure, From an Active Directory perspective, are Active Directory data corruption and hardware failure.Active Directory data corruption occurs when the directory contains corrupt data that has been replicated to all domain controllers or when a large portion of the Active Directory hierarchy has been changed accidentally (such as deletion of an OU) and this change has replicated to other domain controllers.
How do you view replication properties for AD partitions and DCs?By using replication monitorgo to start > run > type repadmingo to start > run > type replmon
1. Features of windows2003ACTIVE DIRECTORYEasier Deployment and Management ADMT version 2.0—migrates password from NT4 to 2000 to 20003 or from 2000 to 2003
Domain Rename--- supports changing Domain Name System and/or NetBIOS name
Schema Redefine--- Allows deactivation of attributes and class definitions in the Active directory sSchema
AD/AM--- Active directory in application mode is a new capability of AD that addresses certain Deployment scenarios related to directory enabled applications
Group Policy Improvements----introduced GPMC tool to manage group policy
UI—Enhanced User Interface Grater SecurityCross-forest AuthenticationCross-forest AuthorizationCross-certification EnhancementsIAS and Cross-forest authenticationCredential ManagerSoftware Restriction PoliciesImproved Performance and DependabilityEasier logon for remote officesGroup Membership replication enhancementsApplication Directory PartitionsInstall Replica from mediaDependability Improvements--- updated Inter-Site Topology Generator (ISTG) that scales better by supporting forests with a greater number of sites than Windows 2000.
FILE AND PRINT SERVICES
Volume shadow copy serviceNTFS journaling file systemEFSImproved CHDSK PerformanceEnhanced DFS and FRSShadow copy of shared foldersEnhanced folder redirectionRemote document sharing (WEBDAV)
IIS Fault-tolerant process architecture----- The IIS 6.0 fault-tolerant process architecture isolates Web sites and Applications into self-contained units called application pools Health Monitoring---- IIS 6.0 periodically checks the status of an application pool with automatic restart on Failure of the Web sites and applications within that application pool, increasing application availability. IIS6.0 protects the server, and other applications, by automatically disabling Web sites and applications thatfail too often within a short amount of timeAutomatic Process Recycling--- IIS 6.0 automatically stops and restarts faulty Web sites and applications Based on a flexible set of criteria, including CPU utilization and memory consumption, while queuing Requests Rapid-fail Protection---- If an application fails too often within a short amount of time, IIS 6.0 will Automatically disable it and return a "503 Service Unavailable" error message to any new or queued Requests to the application Edit-While-Running
What is IIS? IIS is a protocol server. It is implemented as a set of several system services that use the most common Internet protocols
including HTTP, FTP, NTTP and SMTP. The Microsoft IIS is built into the Microsoft Windows NT Server operating system.
Purpose of an IIS The Microsoft Internet Information Server is designed to deliver high speed and secure
information publishing, while also serving as a platform for developers and independent software vendors to extend the Internet’s standard communication capabilities.
2. Difference between NT & 2000 NT SAM database is a flat database. Where as in windows 2000 active directory database is a hierarchical database.In Windows NT only PDC is having writable copy of SAM database but the BDC is only read only database. In case of Windows 2000 both DC and ADC are having write copy of the databaseWindows NT will not support FAT32 file system. Windows 2000 supports FAT32Default authentication protocol in NT is NTLM (NT LAN manager). In windows 2000 default authentication protocol is Kerberos V5.Windows 2000 depends and Integrated with DNS. NT user NetBIOS namesActive Directory can be backed up easily with System state data
Difference between 2000 & 2003 Application Server mode is introduced in windows 2003Possible to configure stub zones in windows 2003 DNSVolume shadow copy services is introducedWindows 2003 gives an option to replicate DNS data b/w all DNS servers in forest or All DNS servers in the domain.
Refer Question 1 for all Enhancements
Difference between PDC & BDC PDC contains a write copy of SAM database where as BDC contains read only copy of SAM database. It is not possible to reset a password or create objects without PDC in Windows NT.
Difference between DC & ADC There is no difference between in DC and ADC both contains write copy of AD. Both can also handles FSMO roles (If transfers from DC to ADC). It is just for identification. Functionality wise there is no difference. ADC just require for load balancing & redundancy. If two physical sites are segregated with WAN link come under same domain, better to keep one ADC in other site, and act as a main domain controller for that site. This will reduce the WAN traffic and also user authentication performance will increase.
What is DNS & WINS? DNS is a Domain Naming System, which resolves Host names to IP addresses. It uses fully qualified domain names. DNS is an Internet standard used to resolve host namesWINS is a Windows Internet Name Service, which resolves NetBIOS names to IP Address. This is proprietary for Windows
Types of DNS Servers We can configure 7 types of DNS servers in windows.Primary DNSSecondary DNSActive Directory Integrated DNSRoot DNSForwarderMasterCaching only DNS
What is KCC? KCC (knowledge consistency checker) is used to generate replication topology for inter site replication and for intrasite replication. Within a site replication traffic is done via remote procedure calls over ip, while between sites it is done through either RPC or SMTP.
What is lost & found folder in ADS? It’s the folder where you can find the objects missed due to conflict. Ex: you created a user in OU which is deleted in other DC & when replication happed ADS didn’t find the OU then it will put that in Lost & Found Folder.
What is Garbage collection? Garbage collection is the process of the online defragmentation of active directory. It happens every 12 Hours.
What is difference between Server 2003 vs. 2008? The main difference between 2003 and 2008 is Visualization, management. 1) 2008 is combination of vista and windows 2003r2. Some new services are introduced in it 1. RODC one new domain controller introduced in it [Read-only Domain controllers.] 2. WDS (windows deployment services) instead of RIS in 2003 server 3. Shadow copy for each and every folders 4. Boot sequence is changed 5. Installation is 32 bit where as 2003 it is 16 as well as 32 bit, that’s why installation of 2008 is faster 6. Services are known as role in it
7. Group policy editor is a separate option in ads2) The main difference between 2003 and 2008 is Virtualization, management. 2008 has more inbuilt components and updated third party drivers Microsoft introduces new feature with 2k8 that are Hyper-V Windows Server 2008 introduces Hyper-V (V for Virtualization) but only on 64bit versions. More and more companies are seeing this as a way of reducing hardware costs by running several ‘virtual’ servers on one physical machine. If you like this exciting technology, make sure that you buy an edition of Windows Server 2008 that includes Hyper-V, then launch the Server Manger, add Roles.How to take backup of AD? For taking backup of active directory you have to do this: first go START -> PROGRAM ->ACCESORIES -> SYSTEM TOOLS -> BACKUP OR Open run window and ntbackup and take system state backup when the backup screen is flash then take the backup of SYSTEM STATE it will take the backup of all the necessary information about the system including AD backup, DNS ETC.
Windows server 2008 new features1. Virtualization with Hyper V2. Server Core3. IIS 74. Role based installation5. Read Only Domain Controllers (RODC)6. Enhanced terminal services7. Network Access Protection8. Windows Power Shell
Where is the AD database held? What other folders are related to AD? The AD data base is store in c:\windows\ntds\NTDS.DIT.
If DHCP is not available what happens to the client Client will not get IP and it cannot be participated in network. If client already got the IP and having lease Duration it use the IP till the lease duration expires.
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway. As needed, and to automate, centralize, and simplify IP address and option configuration and distribution across your network. This protects against common configuration errors that occur when values are entered manually at each computer and helps to prevent address conflicts.Without DHCP, IP addresses for new computers or computers that are moved from one subnet to another must be configured manually; IP addresses for computers that are removed from the network must be manually reclaimed.With DHCP, this entire process is automated and managed centrally. The DHCP server maintains a pool of IP addresses and leases an address to any DHCP-enabled client when it starts up on the network. Because the IP addresses are dynamic (leased) rather than static (permanently assigned), addresses no longer in use are automatically returned to the pool for reallocation.The network administrator establishes DHCP servers that maintain TCP/IP configuration information and provide address configuration to DHCP-enabled clients in the form of a lease offer. The DHCP server stores the configuration information in a database that includes:
In Windows Server 2008, the DHCP Server service provides the following benefits:
Reliable IP address configuration. DHCP minimizes configuration errors caused by manual IP address configuration, such as typographical errors, or address conflicts caused by the assignment of an IP address to more than one computer at the same time.
Reduced network administration. DHCP includes the following features to reduce network administration:
Valid TCP/IP configuration parameters for all clients on the network. Valid IP addresses, maintained in a pool for assignment to clients, as well as excluded addresses. Reserved IP addresses associated with particular DHCP clients. This allows consistent
assignment of a single IP address to a single DHCP client. The lease duration, or the length of time for which the IP address can be used before a lease
renewal is required.
What are the different types of trust relationships? Implicit Trusts Explicit Trusts—NT to Win2k or Forest to Forest
Domain TrustA domain trust is a useful way to allow users from a trusted domain to access services in a trusting domain. If all users and services can be managed in a single enterprise domain, there is no need for trust relationshipsHow Trust Relationships WorkAll domain trust relationships have only two domains in the relationship: the trusting domain and the trusted domain. A domain trust relationship is characterized by whether it is:One-way Two-way Transitive Nontransitive
A one-way trust is a single trust relationship, where domain A trusts domain B. All one-way relationships are nontransitive. Authentication requests can only be passed from the trusting domain to the trusted domain. This means that if domain A has a one-way trust with domain B and domain B has a one-way trust with domain C, domain A does not have a trust relationship with domain C.Each time you create a new domain tree in a forest, a two-way transitive trust relationship is created between the forest root domain and the new domain (the root of the new domain tree). In this way, transitive trust relationships flow through all domains in the forest. Authentication requests follow these trust paths, so accounts from any domain in the forest can be authenticated at any other domain in the forest.A nontransitive trust is bounded by the two domains in the trust relationship and does not flow to any other domains in the forest. You must explicitly create nontransitive trusts. Nontransitive trusts are one-way by default, although you can also create a two-way relationship by creating two one-way trusts. All trust relationships established between domains that are not in the same forest are nontransitive.
Transitive and Nontransitive TrustsTransitivity determines whether a trust can be extended outside of the two domains with which it was formed. A transitive trust can be used to extend trust relationships with other domains; a nontransitive trust can be used to deny trust relationships with other domains.The trust path is implemented by the Net Logon service through an authenticated remote procedure call (RPC) connection to the trusted domain authority, which is the domain controller.
Group Policy: Group Policy is a feature of the Microsoft Windows server operating systems that control the working environment of user accounts and computer accounts. Group Policy provides an infrastructure for centralized configuration management of the operating system and applications that run on the operating system.
What is the process of DHCP for getting the IP address to the client? There is a four way negotiation process b/w client and server. DORA stands for:
D iscovery O ffer R equest A cknowledgement
Difference between FAT, NTFS& NTFS Version5 NTFS Version 5 features Encryption is possibleWe can enable Disk QuotasFile compression is possibleSparse filesIndexing ServiceNTFS change journalIn FAT file system we can apply only share level security. File level protection is not possible. In NTFS we can apply both share level as well as file level securityNTFS supports large partition sizes than FAT file systemsNTFS supports long file names than FAT file systems
What is Bridgehead Server in AD?A bridgehead server is a domain controller in each site, which is used as a contact point to receive and replicate data between sites. For Intersite replication, KCC designates one of the domain controllers as a bridgehead server. In case the server is down, KCC designates another one from the domain controller. When a bridgehead server receives replication updates from another site, it replicates the data to the other domain controllers within its site.
What are the port numbers for FTP, Telnet, HTTP, and DNS? FTP-21, Telnet – 23, HTTP-80, DNS-53, Kerberos-88, LDAP-389, https:443,NNTP:119.
What are the different types of profiles?There are three types of user profiles, which are as followsLocal ProfilesRoaming profilesMandatory Profiles
Local User Profile This profile is automatically created the first time a user logs on to the computer, and it is stored on the computer's local hard drive. Any changes made to the local user profile are specific to the computer where the change was made.
Roaming User Profile You, as the administrator, create this profile, and store it on a network server. This profile is available when a user logs on to any computer on the network. Any changes made to roaming user profiles are automatically updated on the server when the user logs off.Mandatory User Profile Mandatory user profiles are stored on a network server and are downloaded each time the user logs on. This profile does not update when the user logs off. It is useful for situations where consistent or job-specific settings are needed only administrators can make changes to mandatory user profiles. If the mandatory user profile is unavailable, the user cannot log on.
What is the database files used for Active Directory?NTDS.DIT
What is the authentication protocol used in NT NTLM (NT LAN Manager)
What is subnetting and supernetting? Subnetting is the process of borrowing bits from the host portion of an address to provide bits for Identifying additional sub-networks Supernetting merges several smaller blocks of IP addresses (networks) that are continuous into one larger block of addresses. Borrowing network bits to combine several smaller networks into one larger network does supernetting
What is the use of terminal services? Terminal services can be used as Remote Administration mode to administer remotely as well as Application Server Mode to run the application in one server and users can login to that server to use that application.
What is the protocol used for terminal services RDP What is the port number for RDP? 3389 Medium Level Interview Questions
What is the difference between Authorized DHCP and Non Authorized DHCP?To avoid problems in the network causing by mis-configured DHCP servers, server in windows 2000 must be validate by AD before starting service to clients. If an authorized DHCP finds any DHCP server in the network it stops serving the clients
Difference between inter-site and intra-site replication.Protocols using for replication.Intra-site replication can be done between the domain controllers in the same site. Inter-site replication can be done between two different sites over WAN links BHS (Bridge Head Servers) is responsible for initiating replication between the sites. Inter-site replication can be done B/w BHS in one site and BHS in another site. We can use RPC over IP or SMTP as replication protocols where as Domain partition is not possible to replicate using SMTP
How to monitor replication We can use Replmon tool from support tools The Replmon graphical user interface tool was removed from Windows Server 2008 and later. Repadmin is still available for troubleshooting replication. For more information on using Repadmin, Repadmin.exe is a command line tool that is designed to assist administrators in diagnosing, monitoring, and troubleshooting Active Directory replication problems.
Active Directory replication has the following dependencies: Routable IP infrastructure. The replication topology depends on a routable IP infrastructure from
which you can map IP subnet address ranges to site objects. This mapping generates the information that client workstations use to communicate with domain controllers that are close by—when there is a choice—rather than with domain controllers that are located across wide area network (WAN) links.
DNS. The Domain Name System (DNS) that resolves DNS names to IP addresses. Active Directory requires that DNS is properly designed and deployed so that domain controllers can correctly resolve the DNS names of replication partners.
Remote procedure call (RPC). Active Directory replication requires IP connectivity and the remote procedure call (RPC) to transfer updates between replication partners.
Kerberos version 5 (V5) authentications. The authentication protocol for both authentication and encryption that is required for all Active Directory RPC replication.
Lightweight Directory Services Protocol (LDAP). The primary access protocol for Active Directory. Replication of an entire replica of an Active Directory domain, as occurs when Active Directory is installed on an additional domain controller in an existing domain, uses LDAP communication rather than RPC.
NetLogon. NetLogon dynamically registers the globally unique identifier (GUID) CNAME in DNS that a domain controller uses to resolve its partner’s host name and IP address for Active Directory replication.
Intersite Messaging. Intersite Messaging is required for Simple Mail Transfer Protocol (SMTP) intersite replication and for site coverage calculations. If the forest functional level is Windows 2000, Intersite Messaging is also required for intersite topology generation.
Brief explanation of RAID Levels
RAID 0 – Striping Following are the key points to remember for RAID level 0.
Minimum 2 disks. Excellent performance (as blocks are striped ). No redundancy (no mirror, no parity). Don’t use this for any critical system
Difference between Windows Server 2008 R2 and Windows Server 2012 Details
Parent Category: WinServer2012_Section
Created on Tuesday, 23 October 2012 06:15
Written by Administrator
Hits: 18699
Processor/Memory Feature Windows Server 2012 Windows Server 2008 R2
RAM per VM 1TB 64GB
Virtual processors/VM 64 4
# of Active VMs 1,024 384
Virtual processors/VMs 64 4
Virtual processors/hosts 2,048 512
Maximum cluster nodes 64 16
Maximum cluster VMs 8,000 1,000
Physical Memory 4TB 1TB
New Features
Private VLAN Supported Not Supported
DHCP Guard Supported Not Supported
Router Guard Supported Not Supported
Hyper-V Extensible Switch Supported Not Supported
Extension Monitoring Supported Not Supported
IP Address rewrite Supported Not Supported
Generic Routing Encapsulation Supported Not Supported
Non-Uniform Memory Access (NUMA) support inside VMs
Supported Not Supported
Single Root I/O Virtualization (SR-IOV)
Supported Not Supported
Hyper-V Smart Paging Supported Not Supported
Resource Metering Supported Not Supported
Runtime Memory Configuration Supported Not Supported
Virtual Hard Disk format Supported Not Supported
Offload Data Transfer Supported Not Supported
Data Center Bridging Supported Not Supported
Virtual Fibre Channel in Hyper-V Supported Not Supported
QoS Minimum Bandwidth Supported Not Supported
Encrypted cluster volumes Supported Not Supported
Cluster Shared Volume (CSV) 2.0 Supported Not Supported
Application Monitoring Supported Not Supported
Storage Spaces Supported Not Supported
Data Deduplication Supported Not Supported
SMB Direct Supported Not Supported
Multi-terabyte volumes Supported Not Supported
SMB Transparent failover Supported Not Supported
Datacenter Diskless boot Supported Not Supported
SMB 3.0 Supported Not Supported
IPAM Supported Not Supported
Cross-premise connectivity Supported Not Supported
DHCP Failover Supported Not Supported
CPU Throttling Supported Not Supported
Active Directory based Authentication
Supported Not Supported
Cloning virtual domain controllers Supported Not Supported
DirectAccess Supported Not Supported
Hyper-V Replica Supported Not Supported
Live Storage migration Supported Not Supported
Hyper-V Replica in Windows Server 2012 Details
Parent Category: WinServer2012_Section
Created on Tuesday, 16 October 2012 09:48
Written by Sachin Mehandiratta
Hits: 3661
There are many third-party software available in the market that backup and restores the VMs running on Hyper-V hosts, the Hyper-V Replica is an in-box solution being offered in Windows Server 2012.
With this feature, administrators can replicate their Hyper-V virtual machines from their primary site to the replica site during disaster recovery or similar kind of situations. VMs can be replicated between Hyper-V hosts located at different geographical locations periodically and asynchronously over IP-based networks across different storage subsystems. This feature doesn’t require any shared storage or any other replication technologies.
Using Failover Clustering with Hyper-V allows VMs to maintain availability by moving them between nodes in the same datacenter. Hyper-V Replica allows VMs to maintain availability across the datacenter where each node is located at the different physical location.
Hyper-V Replica is an application-agnostic solution as it operates at a VM level irrespective of guest operating system or applications installed in the VMs. It is storage-agnostic solution as backend storage can be of any combination of SAN, DAS or SMB for storing VMs. It also works in both clustered and non-clustered environments which means we can replicate from a host on a shared cluster to a stand-alone replica host.
Hyper-V Replica can be used in different scenarios like replicating VMs from head office to branch office, between two datacenters owned by a hosting provider to provide disaster recovery services etc.
Hyper-V Replica keep on tracking the write operations on the primary site and replicate those changes to the replica site over a WAN by using HTTP protocol. Authentication is supported by Kerberos and Certificates with optional support for encryption.
Also, we can store VHDs in remote locations to assist recovery in the case the datacenter goes down.
Always remember below key points:
· Data that is rapidly changing and not used by the Replica server after failover, such as page file disk, should we excluded from replication to preserve network bandwidth.
· Servers specs of Primary and Replica server (like CPU and RAM) need not be same. Replica server will take the load to its maximum limits if Primary server has more resources. However, if some resources are missing in the Replica server, those resources will not be used during failover.
· Test failover can be conducted at any time. A temporary virtual machine is created on the Replica server during test failover. Any application can be tested without interrupting the ongoing replication. Once test is completed, the temporary virtual machine is deleted.
· These firewall rules must be opened for replication:
o Kerberos authentication: Hyper-V Replica HTTP Listener (TCP-In)
o certificate-based authentication: Hyper-V Replica HTTPS Listener (TCP-In)
DHCP Load Balance mode in Windows Server 2012 Details
Parent Category: WinServer2012_Section
Created on Sunday, 30 September 2012 07:16
Written by Vivek Mehandiratta
Hits: 2471
Windows Server 2012 provides two types of DHCP failover solution:-
Hot Standby: Provides Active-Passive configuration Load Balance: Active-Active configuration
This article will elaborate Load Balance failover mechanism.
As the name implies, in load balance relation, both servers respond to client requests. Let us see how each DHCP server receives client’s request:
As we know, each client has their own unique MAC address. Once DHCP server receives client’s request, it calculate hash on the client’s MAC address as per hashing algorithm specified in the RFS 3074. Each DHCP server can hashes any MAC address to a value between 1 and 256. We can configure the two DHCP servers to equally distribute the load that is 50:50, of default. If this is the scenario, and MAC address hash falls between 1 and 128, the first server will respond to the client request and if the hash is between 129 and 256, the other server responds to the client.
This process ensures that only one DHCP server should respond for a specific client. Administrator can change this load balance proportion as shown below:
How IP Address pool managed in load balanceJust like the load balancing ration, the free IP addresses in each failover scope are distributed in the same proportion. Example, let’s say you have the failover scope- 192.168.0.0/24 with an IP address range of 192.168.0.1 through 192.168.0.250. Suppose first 50 addresses are already leased out and rest of the IPs starting from 192.168.0.51 are free. We have now 200 IP addresses left in the address pool. As load balance ratio is set to 50:50, the first 100 IPs, from 192.168.0.51 through
192.168.0.150 would be assigned to the first server and rest of the range to the second server.
Below figure shows two DHCP servers in load balancing mode sharing lease information.
In load sharing mode, you enable both DHCP servers to respond to IPv4 lease requests and grant leases to devices on connected subnets for which there is a corresponding DHCP scope.
Hyper-V Network Virtualization in Windows Server 2012 Details
Parent Category: WinServer2012_Section
Created on Sunday, 30 September 2012 05:57
Written by Sachin Mehandiratta
Hits: 2142
Before Windows 2012
Traditionally, VLAN was the solution for isolating the networks but VLANs have their own limitations like:
1. It was very complex to manage VLANs on a large network and
2. VLANs scalability limited to only 1,000 VLAN ID (with a maximum of 4,095)3. VLANs scope was limited to single subnet that restricts the nodes in a single VLAN to be
placed based on the physical location.4. Routing not possible if two nodes have the same IP address
With Windows 2012
Hyper-V Network Virtualization is a new feature in Windows Server 2012 that solves all these problems by removing the concept of VLANs and still isolating the networks. It lets you to move your own internal IP addresses when moving your servers into the cloud. Hyper-V Network Virtualization allows you to move virtual machines within your virtual infrastructure while preserving their current IP assignments. It also support deployment of overlapping addresses on the same physical network.
Hyper-V Network Virtualization provides the follow:
Run multiple virtual networks on one physical network without VLANs Use overlapping addresses in separate virtual networks, even same IP address can be
reused VM IP addressing is no longer dependent on the location of the VM VMs and application hosted on them need not to be aware of the network virtualization
Two type of addresses
Hyper-V network virtualization requires assigning two IP addresses to each virtual machine as below:
The Customer Address (CA) is the IP address of virtual machine and reachable by the customer.
The Provider Address (PA) is the IP address of host. This address appears in the packets on the wire and not visible to the virtual machine.
As you can see in the below example, Web and SQL server of each organization, Contoso and Fabrikam, is hosted on different physical hosts. The IP address of SQL and DB server is same on each host. Hyper-V Network Virtualization can be used here so that Contoso servers can talk to each other and so Fabrikam servers.
Contoso and Fabrikam servers are hosted by the service provider that provides cloud services to businesses. Contoso and Fabrikam are two companies that want to move their SQL and Web servers to the Cloud but want to maintain their current IP addresses. Once Contoso servers are moved into the cloud, communication between servers would be the same as it was earlier on the customer’s premises. Customer and VM need not to know the Provider address.
Hyper-V Network Virtualization can use two different mechanisms to virtualize IP addresses:
Network Virtualization Generic Routing Encapsulation (NVGRE): This approach encapsulates the entire VMs packet with a new header before they are transmitted onto the physical network.
IP address rewriting: this approach modifies the customer addresses of packets before they are transmitted onto the physical network.
You can download the Hyper-V Network Virtualization script from this link.
Operational Challenges with Network Virtualization
Difficult to know which datacenter a VM is located in by looking at its IP address Network latency may be introduced when moving the VM from one datacenter to another. Some vendor license their products to a single IP address, hence they have changed their
licensing approach by binding license to the MAC address of the host’s NIC.
Microsoft Azure Online Backup Service for Windows Server 2012 Details
Parent Category: WinServer2012_Section
Created on Monday, 24 September 2012 08:28
Written by Vivek Mehandiratta
Hits: 2257
Windows Azure Online Backup Agent is a new add-on for Windows Server 2012 for cloud based backup solution that allows you to back up your files and folders on Windows Azure Online Backup and restore them from anywhere anytime. Windows Azure Online Backup is a cloud-based storage service offered by the Microsoft that provides off-site protection against data loss during catastrophe.
Consider below points before using Windows Azure Online Backup Agent:-
Volume should only be formatted with NTFS. Other formats are not supported.
Volume should not be locked by BitLocker Encryption. Always unlock the volume before it can be backed up.
Volume should not be read-only. Assign write permissions as well. Volume should be online. Volume should not be a network share.
Perform below steps to start using the Windows Azure Online Backup utility.
1. Sign-up for the Microsoft Online Backup Service2. Install Microsoft Online Backup Service Agent3. Register servers with the Microsoft Online Backup Service4. Schedule backups using the Microsoft Online Backup Service Agent5. Restore files and folders using the Microsoft Online Backup Service Agent6. Manage Microsoft Online Backup Service
Windows Azure Online Backup Agent or the Online Backup cmdlets for Windows PowerShell can be used for transferring data between Windows Server 2012 and Windows Azure Online Backup.
1. Create your ID at http://connect.microsoft.com/onlinebackup. This may take at least one day to get your ID.
2. Install Windows Server Backup feature from Server Manager>Add Roles and Features Wizard.
3. Once Windows Server Backup feature is installed, you would need to
download the agent into your server from http://connect.microsoft.com/onlinebackup and install it.
4. Once you download and execute the binary, you will see the license agreement page, accept the License Agreement and click on Next.
5. Setup will check which prerequisite software is missing. Click Next to proceed.6. Confirm the Installation and Cache location depending upon the space
availability.7. In the Microsoft Update Opt-In page, choose if you wish to download
Windows update or not.8. Click Finish once setup is completed.9. Microsoft Online Backup Service Agent icon will appear in the dashboard.
Click on it to initialize.10. Click on the Register Server option to register the server with the cloud
provider.11. Enter your credentials created on step 1 in the Accounts Credentials page.
12. Enter the Proxy setting if server is behind the Proxy to connect to the internet.
13. Generate passphrase to encrypt all backups from this server.14. Once server is successfully registered, close the wizard.15. Open the Microsoft Online Backup Service admin console to select the files
and folders that needs back up by specifying the backup time.16. Click on Schedule Backup to run the Schedule Backup Wizard and click Next.17. Click on the Add Items box and choose files and folders that need to be
backup and click Next.18. In the Specify Backup Time page, select the days and time when you need to
perform a backup.19. Specify the number of days your backup will be kept.20. Validate the summary and click on Finish to save the configurations.
Cross-premises connectivity in Windows Server 2012 Details
Parent Category: WinServer2012_Section
Created on Sunday, 23 September 2012 12:36
Written by Sachin Mehandiratta
Hits: 1932
Cross-premises connectivity in Windows Server 2012 provides an easy way to set up remote access servers between hosting provider premises and local premises. It allows enterprises to move their workload into the cloud and securely access them through VPN site-to-site and DirectAccess.
Cross-premises connectivity in Windows Server 2012 Remote Access provides connectivity between hosted cloud and between the branch offices. Whereas DirectAccess allows clients to securely connect and access any resources in branch offices and cloud.
The below steps show us the procedures that Contoso and Woodgrove use for the cross-premises deployment shown in the above figure.
1. Two companies, Contoso.com and Woodgrove.com offload some of their enterprise infrastructure in a hosted cloud.
2. Private cloud is provided to each organization by the hosting provider.
3. In the hosted cloud, Remote Access is configured on virtual machines running Windows Server 2012 RC for site-to-site VPN.
4. In each hosted private cloud, a cluster of two or more Remote Access servers is deployed to provide failover and continuous availability.
5. A Windows Server 2012 RC Remote Access server is deployed in each branch office location of Contoso.com to provide a cross-premises connectivity solution between branch offices and to the hosted cloud.
6. DirectAccess role is also configured on Contoso.com branch office Windows Server 2012 RC computers in a multistate deployment. DirectAccess clients can access any resource in the Contoso.com public cloud or Contoso.com branch offices from any location on the Internet.
7. Woodgrove.com can use existing routers to connect to the hosted cloud because cross-premises functionality in Windows Server 2012 RC complies with IKEv2 and IPsec standards.
Offload Data Transfer (ODX) in Windows Server 2012 Details
Parent Category: WinServer2012_Section
Created on Sunday, 23 September 2012 12:31
Written by Vivek Mehandiratta
Hits: 2473
Offload Data Transfer (ODX) is a new Microsoft data transfer technology that release the data transfer work from servers to the storage to improve performance. Before this technology was developed, source and destination servers were responsible for moving data when migrating a VM within or between storage arrays. But now, in ODX technology, servers only exchange a token between them and actual data migration task is performed by the storage array(s) supporting ODX.
ODX uses the backend storage network, thereby traffic on the front end client-server network and CPU usage is nearly zero as it lets a storage device perform a file copy operation without the main processor of the Hyper-V host actually reading the contents from one storage place and writing it to another.
In a token-based copy operation, the steps are as follows (see the following figure):
1. The copy offload application sends an offload read request to the copy manager of the source storage device
2. The application sends a receive offload read result request to the copy manager and returns with a token. The token is a representation of the data to be copied.
3. The application sends an offload write request with the token to the copy manager of the destination storage device.
4. The application sends a receive offload write result request to the copy manager. The copy manager moves the data from the source to the destination and returns the offload write result to the application.
The performance improvement when using ODX-capable storage arrays in cloud environments can be astounding. For example, instead of taking about three minutes to create a new 10 GB fixed VHD, the entire operation can be completed in less than a second!
Feature-level benefits of ODX are:
Greatly reduced time to copy large amounts of data. Copy operations that don’t use processor time. Virtualized workload
Single Root I/O Virtualization (SR-IOV) in Windows Server 2012 Details
Parent Category: WinServer2012_Section
Created on Thursday, 20 September 2012 08:55
Written by Sachin Mehandiratta
Hits: 1971
Single Root I/O Virtualization (SR-IOV) is a standard introduced by the PCI-SIG that owns and manages PCI specifications as open industry standards.
SR-IOV enables network traffic to bypass the software switch layer of the Hyper-V Virtualization stack to reduce the I/O overhead in this layer. It allows an SR-IOV virtual function of a physical network adapter to be assigned directly to a virtual machine to increase network throughput by reducing latency. Host CPU overhead also get reduced for processing network traffic,
Steps:
SR-IOV must be enabled on virtual switch
Install additional network drivers in the guest OS
Enable SR-IOV within the VMs though Hyper-V Manager
Resource Metering in Windows Server 2012 Details
Parent Category: WinServer2012_Section
Created on Thursday, 20 September 2012 05:49
Written by Vivek Mehandiratta
Hits: 1865
Resource metering is a new feature in Windows Server 2012 that allows enterprises to monitor cloud-based applications and services that how they are consumed for
billing purposes. Enterprises offering shared private cloud that is accessed by different business units within the organization, they need some way to track how much each business unit is consuming the cloud resources.
Tracking helps enterprises in billing and also in planning so that each business unit gets sufficient amount of resources they need.
Before Windows Server 2012, hosting providers and enterprises that deployed shared public and private cloud solutions using Hyper-V had to create their own chargeback solution. But Windows Server 2012 provides built-in resource metering capabilities
Enable resource metering
Enable-VMResourceMeteringEnable-VMResourceMetering – VMName SRV-A
Once resource metering is enabled, we can reset it any time. By default, resource metering collection interval is one hour. To change this time interval, run the below command in HH:MM:SS format:
Set-vmhost –computername HV01 –ResourceMeteringSaveInterval 00:01:00
Use Measure-VM cmdlet to report resource utilization data on VM
Measure-VM –Name SRV-A
You also can create resource pools for reporting usage for different types of resources such as Processor, Ethernet, Memory or VHD. For example, you could create a new resource pool named PoolOne using the New-VMResourcePool cmdlet.
New-VMResourcePool “PoolOne” –ResourcePoolType Processor
There are four resources that can be measured through resource metering:
CPU Memory Network Storage utilization
Hyper-V Extensible Switch in Windows Server 2012 Details
Parent Category: WinServer2012_Section
Created on Wednesday, 19 September 2012 06:34
Written by Sachin Mehandiratta
Hits: 2671
The Hyper-V Extensible switch is an open framework in Windows Server 2012 that allows third parties to incorporate new features like filtering, forwarding and monitoring to the virtual switch.
Before Windows Server 2012, privacy and security was limited to only virtual machines but the network layer was not fully isolated. Windows Server 2012 introduces new functionality, called Hyper-V Extensible switch that provides layer-2 layer virtual network switch for security and isolation.
Hyper-V Extensible switch can be managed programmatically and different third-party components can also be added through Extensibility interface.
Hyper-V Extensible switch can be used to create the following types of extensible switches:
Private Extensible switch: Supports ports connecting to one or more VM network adapters. With Private switch, only VMs can connect among themselves.
Internal Extensible switch: Supports ports connecting to one or more internal network adapters as well as one or more VM network adapters. With Internal switch, only the host can connect to the VMs.
External Extensible switch: Supports ports connecting to a single network adapter as well as one or more VM network adapters. If we connect External Switch to the Physical NIC, then the clients will be able to connect to the VMs connecting to the switch.
Below three types of extensions are supported by the Extensible switch interface:
Capturing Extension: This extension captures and monitor packet traffic for reporting purposes, but can’t modify traffic. There can be multiple Capture extensions.
Filtering Extension: Same capabilities as capturing extension provides as well as it inspects and drop, modify and insert new packets based on the policies defined.
Forwarding Extension: Forwarding extensions can capture and filter traffic. Same capabilities as filtering extension but also forward core packets.
Hyper-V Extensible Switch PowerShell Cmdlets
Get-vmSwitch Get-vmSwitchExtension –vmSwitchName <switchName> Enable-vmSwitchExtension –vmSwitchName <switchName> -Name
<extensionName> Disable-vmSwitchExtension –vmSwitchName <switchName> -Name
<extensionName>
NIC Teaming in Windows Server 2012 Details
Parent Category: WinServer2012_Section
Created on Monday, 17 September 2012 09:28
Written by Sachin Mehandiratta
Hits: 2666
NIC Teaming is a new feature in Windows Server 2012 that allows multiple network adapters to work together as a team. NIC Teaming is now part of the operating system, unlike in the past where NIC teaming was handled by the NIC vendor’s driver. Failure of one card will not prevent connectivity loss. NIC Teaming also enables you to aggregate bandwidth from multiple network adapters. Example: four 1-GB network adapters can provide an aggregate of 4 GB/s of throughput.
Network adapters from different vendors are supported. Enables teams of up t0 32 network adapters in one team and up to 32 teams
per server. NIC teaming is not compatible with Single Root I/O Virtualization (SR-IOV),
remote direct memory access (RDMA), or TCP Chimney offloading.
NIC Teaming Options
Windows Server 2012 NIC teaming features offers a choice of teaming mode and load balancing mode.
The following teaming modes are available:-
Switch-Independent Teaming - Switch doesn’t require becoming a member of teaming. The adapters may be connected to different switches.
Active/Standby Teaming - Network adapters can be configured for failover by binding them in Active/Standby Teaming mode without leveraging the benefits of bandwidth aggregation capabilities in NIC Teaming. Set the team in Switch-Independent Teaming to use this feature.
Switch-Dependent Teaming - This configuration require switch to be participating in the teaming. All members of the team should be connected to the same physical switch.
The following load balancing modes are available:-
Below algorithms are supported to distribute the outbound traffic from the available links:
Hyper-V Switch Port - Decision taken on the basis of VM’s MAC address or the port it’s connected on the Hyper-V switch.
Address Hashing - Hash is created on address components of the packets like Source/Destination MAC/IP addresses and port numbers.
o MAC Address hashingo 2-tuple hashing (Source and destination IP address, with or without MAC
addresses)o 4-tuple hashing (Source and destination TCP ports, usually with IP
addresses, this is the default hashing mode).
How to enable NIC Teaming
Configuring NIC Teaming in Windows Server 2012 is pretty easy. Again, use Server Manager to enable this feature as shown below in RED:
In Windows Server 2012, NIC teaming is vendor, hardware, and line-speed agnostic. For example, you can configure a NIC team by using a combination of a one-gigabit Broadcom NIC, a one-gigabit Intel NIC, and a 100-megabit Realtek NIC.
When you create a NIC team, Windows Server 2012 creates a default team NIC (tNIC) to represent the team interface.
What is Data Deduplication in Windows Server 2012? Details
Parent Category: WinServer2012_Section
Created on Tuesday, 14 August 2012 05:06
Written by Vivek Mehandiratta
Hits: 2799
Windows Server 2012 allows us to install and enable Data Duplication on primary data volumes without investing in any deduplication hardware appliances. Microsoft recommends using deduplication feature for data that is not frequently accessed or modified like backup volumes. Data that is quite often accessed by users or applications are not the recommended candidates for deduplication as constant
changes in the data makes it difficult for any optimization gains made by duduplication process.
Tips for deduplication:-
Good candidate for deduplication could be file sharing hosting users documents, software deployment, virtualization files, SQL and Exchange backup volumes.
Poor candidate for deduplication is Hyper-V hosts, VDI, WSUS, SQL and Exchange servers.
Below table shows amount of space saved by using deduplication feature in Windows Server 2012:-
Scenario Content Space savings
Deployments shared Software binaries, symbols files, cab files
70-80%
User documents Photos, docs, music, videos
30-50%
Virtualization libraries Virtual hard disk files 80-95%
General file share All of the above 50-60%
Below conditions must be met for volumes that are candidates for deduplication:
Must not be a system or boot volume. Deduplication is not supported on operating system volumes.
Volumes may be partitioned MBR or GPT and must be formatted using the NTFS file system.
Volumes may reside on shared storage, such as a Fibre Channel or SAS array, or an iSCSI SAN and Microsoft Failover Clustering is fully supported.
Cluster Shared Volumes (CSVs) are not supported. Microsoft’s new Resilient File System (ReFS) is not supported.
Volumes must be exposed to Windows as non-removable drives. Remotely-mapped drives are not supported.
How to install deduplication in Windows Server 2012:
1. From the Add Roles and Features Wizard, under Server Roles, select File and Storage Services.
2. Select the File Services checkbox, and then select the Data Deduplication checkbox.
3. Click Next until the Install button is enabled, and then click Install.
How to install deduplication using Windows PowerShell:
PS C:\>Import-Module ServerManager
PS C:\>Add-WindowsFeature -name FS-Data-Deduplication
PS C:\>Import-Module Deduplication
Once you install the deduplication feature, DDPEval.exe tool is automatically installed to the \Windows\System32\ directory. You can copy this tool from any Windows Server 2012 server to any other system like Windows 7, Windows Server 2008 R2, or Windows Server 2012 to determine the expected savings that you would get if deduplication was enabled on a particular volume.
Note: DDPEval.exe supports local drives and also supports evaluating mapped or unmapped remote shares.
How to enable deduplication on a volume:
To enable data deduplication using Windows PowerShell:
PS C:\>Enable-DedupVolume E:
Optionally, set the minimum number of days that must pass before a file is deduplicated using the following command.
PS C:\> Set-Dedupvolume E: -MinimumFileAgeDays 20
For test environments, you can set the MinimumFileAgeDays to 0 to deduplicate all files, regardless of their age. In a production environment, preferable approach is to set the number of days (the default is 30), due to frequent changes in them.
To return a list of the volumes those have been enabled for data deduplication, in Windows PowerShell:
PS C:\> Get-DedupVolume
PS C:\> Get-DedupVolume | format-list
Before you deploy deduplication on a particular server or volume, you can evaluate the potential space savings by running the DDPEval.exe tool on Windows 7 or later that will evaluate local drives and remote shares as shown below:
==================================================
RAID 1- Mirroring (minimum 2 HDD required)Following are the key points to remember for RAID level 1.
Minimum 2 disks. Good performance (no striping. no parity). Excellent redundancy (as blocks are mirrored ).
RAID 5 – Striping With Parity (Minimum 3 HDD required)Following are the key points to remember for RAID level 5.
Minimum 3 disks. And maximum 32 Good performance (as blocks are striped). Good redundancy (distributedparity). Best cost effective option providing both performance and redundancy. Use this for DB that is
heavily read oriented. Write operations will be slow.RAID levels 1 and 5 only gives redundancy Because of parity, information all data are available in case one of the disks fails. If extra (spare)
disks are available, then reconstruction will begin immediately after the device failure. However if two hard disks fail at same time, all data are LOST. In short RAID 5 can survive one disk failure, but not two or more.
What are the different backup strategies are available Normal BackupDaily BackupCopy Backup Incremental BackupDifferential BackupIncremental BackupIncremental backups also back up only the changed data, but they only back up the data that has changed since the last backup — be it a full or incremental backup. If you do an incremental backup on Tuesday, you only back up the data that changed since the incremental backup on Monday. The result is a much smaller, faster backup.Differential BackupA differential backup backs up only the files that changed since the last full back. For example, suppose you do a full backup on Sunday. On Monday you back up only the files that changed since Sunday, on Tuesday you back up only the files that changed since Sunday, and so on until the next full backup
What is a global catalog? Global catalog is a role, which maintains Indexes about objects. It contains full information of the objects in its own domain and partial information of the objects in other domains. Universal Group membership information will be stored in global catalog servers and replicate to all GC’s in the forest.
A global catalog server is a domain controller that stores a full copy of all objects in the directory for its host domain and a partial, read-only copy of all objects for all other domains in the forest. Global catalog servers respond to global catalog queries.
The Global Catalog authenticates network user logons and fields inquiries about objects across a forest or tree. Every domain has at least one GC that is hosted on a domain controller.
When a new domain is added to the forest, the information about the new domain is stored in the configuration directory partition, which reaches the Global Catalog server (and all domain controllers) through replication of forest-wide information. When a new Global Catalog server is designated, this
information is also stored in the configuration directory partition and replicated to all domain controllers in the forest.Every domain controller in a forest stores three full writable directory partitions: a domain directory partition, a schema directory partition, and a configuration directory partition. A Global Catalog is a domain controller that stores these writable directory partitions, as well as a partial, read-only copy of all other domain directory partitions in the forest.The entire directory partitions on a Global Catalog server, whether full or partial partitions, are stored in a single directory database (Ntds.dit) on that server. There is no separate storage area for Global Catalog attributes; they are treated as additional information in the domain controller directory database.
Administrative TemplatesAdministrative Templates provide policy information for the items that appear under the Administrative Templates folder in the console tree of the Group Policy Object Editor.The Administrative Templates for Group Policy contain all registry-based policy information. The Administrative Templates extension of Group Policy saves information in Registry.pol files. These files contain the customized registry settings that you specify (by using Group Policy) that are to be applied to the computer or user portion of the registry.One of the Registry.pol files contains registry settings that are specific to the HKEY_LOCAL_MACHINE key; it is stored in the GPT\Machine folder.
The other Registry.pol file contains registry settings that are specific to the HKEY_CURRENT_USER key; it is stored in the GPT\User subdirectory.
How do you view all the GCs in the forest?C:\>repadmin /showreps domain_controllerOR You can use Replmon.exe for the same purpose. OR AD Sites and Services and nslookup gc._msdcs.To find the in GC from the command line you can try using DSQUERY command.dsquery server -isgc to find all the GC’s in the forestyou can try dsquery server -forest -isgc.SED-581-97143
What is Active Directory Recycle Bin? Active Directory Recycle bin is a feature of Windows Server 2008 AD. It helps to restore accidentally deleted Active Directory objects without using a backed up AD database, rebooting domain controller or restarting any services.
What is Active Directory and what is the use of it Active directory is a directory service, which maintains the relationship between resources and enabling them to work together. Because of AD hierarchal structure windows 2000 is more scalable, reliable. Active directory is derived from X.500 standards where information is stored is hierarchal tree like structure. Active directory depends on two Internet standards one is DNS and other is LDAP. Information in Active directory can be queried by using LDAP protocol.Active Directory is directory service that stores information about objects on a network and makes this information available to users and network administrators.Active Directory is a Meta Data. Active Directory is a data base which stores a data base like your user information, computer information and also other network object info. It has capabilities to manage and administer the complete Network which connect with AD.
Functions of Active Directory Active Directory provides the following functions:
Centralizes control of network resources By centralizing control of resources such as servers, shared files, and printers, only authorized users can access resources in Active Directory. Centralizes and decentralizes resource management Administrators have Centralized Administration with the ability to delegate administration of subsets of the network to a limited number of individuals giving them greater granularity in resource management. Store objects securely in a logical structure Active Directory stores all of the resources as objects in a secure, hierarchical logical structure. Optimizes network traffic The physical structure of Active Directory enables you to use network bandwidth more efficiently. For example, it ensures that, when users log on to the network, the authentication authority that is nearest to the user, authenticates them reducing the amount of network traffic.
How can you forcibly remove AD from a server, and what do you do later?Ans: - dcpromo /forceremoval forcibly remove AD from a Server. After you use the dcpromo /forceremoval command, all the remaining metadata for the demoted DC is not deleted on the surviving domain controllers, and therefore you must manually remove it by using the NTDSUTIL command.
How will you take Active Directory backup?Active Directory is backed up along with System State data. System state data includes Local registry, COM+, Boot files, NTDS.DIT and SYSVOL folder. System state can be backed up either using Microsoft's default NTBACKUP tool or third party tools such as Symantech NetBackup, IBM Tivoli Storage Manager Etc.
What is the physical and logical structure of AD? Logical StructureForest; Tree; Domain; Organizational Unit; GroupsPhysical StructurePhysical layout of your domain which can determine replicationMultiple sites (remote offices)Multiple domain controllers (DCs)
Active directory is logically divided into 3 partitions1. Configuration partition 2. Schema Partition 3.Domain partition 4. Application Partition (only in windows 2003 not available in windows 2000)Out of these Configuration, Schema partitions can be replicated between the domain controllers in the entire forest. Whereas Domain partition can be replicated between the domain controllers in the same domain
What is the process of user authentication (Kerberos V5) in windows 2000? After giving logon credentials an encryption key will be generated which is used to encrypt the time stamp of the client machine. User name and encrypted timestamp information will be provided to domaincontroller for authentication. Then Domain controller based on the password information stored in AD forthat user it decrypts the encrypted time stamp information. If produces time stamp matches to its timestamp. It will provide logon session key and Ticket granting ticket to client in an encryption format. Again client decrypts and if produced time stamp information is matching then it will use logon session key to logon to the domain. Ticket granting ticket will be used to generate service granting ticket when accessing network resources
What are the port numbers for Kerberos, LDAP and Global Catalog?Kerberos – 88, LDAP – 389, Global Catalog – 3268
What is the use of LDAP (X.500 standard?) LDAP is a directory access protocol, which is used to exchange directory information from server to clients or from server to servers.
What are the problems that are generally come across DHCP? Scope is full with IP addresses no IP’s available for new machinesIf scope options are not configured properly e.g. default gateway, incorrect creation of scopes etc.
What is the default size of ntds.dit?10 MB in Server 2000 and 12 MB in Server 2003.
Where is the AD database held and What are other folders related to AD?AD Database is saved in %systemroot%/ntds. You can see other files also in this folder. These are the main files controlling the AD structure.
ntds.dit edb.log; res1.log res2.log edb.chkWhen a change is made to the Win2K database, triggering a write operation, Win2K records the transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD database. System performance determines how fast the system writes the data to the AD database from the log file. Any time the system is shut down; all transactions are saved to the database. During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is 10MB. These files are used to ensure that changes can be written to disk should the system run out of free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database (ntds.dit). During shutdown, a "shutdown" statement is written to the edb.chk file.
Then, during a reboot, AD determines that all transactions in the edb.log file have been committed to the AD database. If, for some reason, the edb.chk file doesn't exist on reboot or the shutdown statement isn't present, AD will use the edb.log file to update the AD database. The last file in our list of files to know is the AD database itself, ntds.dit. By default, the file is located in\NTDS, along with the other files we've discussed
*What is the role responsible for time synchronization? PDC Emulator is responsible for time synchronization. Time synchronization is important because Kerberos authentication depends on time stamp information.
*What is TTL & how to set TTL time in DNS?TTL is Time to live setting used for the amount of time that the record should remain in cache when name resolution happened. We can set TTL in SOA (start of authority record) of DNS.
*What is OU? Organization Unit is a container object in which you can keep objects such as user accounts, groups, computer, printer, Applications and other (OU).In organization unit you can assign specific permission to the users.
Organization unit can also be used to create departmental limitation.
How to take DNS and WINS, DHCP backup %System root%/system32/dns%System root%/system32/WINS%System root%/system32/DHCP
*What is recovery console? Recovery console is a utility used to recover the system when it is not booting properly or not at all booting. We can perform fallowing operations from recovery consoleWe can copy, rename, or replace operating system files and folders.Enable or disable service or device startup the next time that start computer.Repair the file system boot sector or the Master Boot Record.Create and format partitions on drives.
*What is DFS & its usage?DFS is a distributed file system used to provide common environment for users to access files and folders even when they are shared in different servers physically.There are two types of DFS domain DFS and Stand alone DFS.We cannot provide redundancy for standalone DFS in case of failure. Domain DFS is used in a domain environment which can be accessed by domain name/root1 (root 1 is DFS root name). Stand alone DFS can be used in workgroup environment which can be accessed through /server name/root1 (root 1 is DFS root name). Both the cases we need to create DFS root (Which appears like a shared folder for end users) and DFS links (A logical link which is pointing to the server where the folder is physically shared) The maximum number of Dfs roots per server is 1.The maximum numbers of Dfs root replicas are 31.The maximum number of Dfs roots per domain is unlimited.The maximum number of Dfs links or shared folders in a Dfs root is 1,000
*18. What is RIS and what are its requirements RIS is a remote installation service, which is used to install operation system remotely. Client requirements PXE DHCP-based boot ROM version 1.00 or later NIC, or a network adapter that is supported by the RISboot disk.Should meet minimum operating system requirementsSoftware Requirements Below network services must be active on RIS server or any server in the networkDomain Name System (DNS Service)Dynamic Host Configuration Protocol (DHCP)Active directory “Directory” service
*How many root replicas can be created in DFS? 31
Interview Questions High Level
*Can we establish trust relationship between two forests? In Windows 2000 it is not possible. In Windows 2003 it is possible
What is FSMO ROLES?
Flexible single master operation (FSMO) roll areDomain Naming MasterSchema MasterPDC EmulatorInfrastructure MasterRID Master
Brief all the FSMO Roles Domain Naming master and schema master are forest level roles. PDC emulator, Infrastructure master and RID master are Domain level roles; First server in the forest performs all 5 roles by default. Later we can transfer the roles
Domain Naming Master: 1) Domain naming master is responsible for maintaining the relationship between the domains.2) Without this role it is not possible to add or remove any domain.3) This DC is the only one that can add or remove a domain from the directory.4) There can be only one domain naming master in the whole forest5) A Domain Naming Master failure doesn’t affect the users and will only affect administrators if they are trying to add a domain to or remove a domain from the forest.
Schema Master: 1) Schema contains set of classes and attributes. E.g. User, computer, printer are the objects in AD which are having their own set of attributes. 2) Schema master is responsible for maintaining this Schema. Changes to the schema will affect entire forest. (Schema master: The schema master controls all updates and alteration to schema . Whenever you are extending the schema or are installing an application that does so)
3) When the Schema Master goes down, there won’t be any effect on the users. The administrators will be affected by the failure only if they try to modify the schema or install an application that needs to modify the schema. ORSchema consists information about the object and its attributes. For example: Object is the name of the employee and attributes is the employee ID. In a Forest there can be only one Schema Master
PDC Emulator: 1) Server, which is performing this role, acts as a PDC in a mixed mode to synchronize Directory information between windows 2000 DC to Windows NT BDC. (Is responsible for providing backup compatibility for NT BDCs, in mixed mode it acts like a PDC for BDCs.)2) Server, which is performing this Role, will contain latest password information. 3) This role is also responsible for time synchronization in the Forest.
Infrastructure Master:1) It is responsible for managing group membership information in the domain. 2) This Role is responsible for updating DN when name or location of the object is modified. (Is responsible for updating user and group information and updating Global Catalog)
The infrastructure master's jobs to update objects in its active directory database with object stored in other domains. The infrastructure master performs this task by comparing its data with that of Global Catalog. If the infrastructure master fined data is out of date, it requests the latest active directory information from the Global Catalog. The infrastructure masters the sends the updated data to other domain controller in the domain.
RID Master: Server, which is performing this role, will provide pool of RID to other domain controllers in the domain. SID is the combination of SID and RID SID=SID+RID where SID is Security identifier common for all objects in the domain and RID is relative identifier unique for each object. OR
RID master is a DC which assigns or distributes RIDs to every DC in a Domain. So when an object is created in a domain like user, group, computer, etc. the DC assigns SID to the objectwhich consist of Domain SID and RID. The domain SID is same for every object in the domainwhile the RID is unique to every object created in a domain. There should one only one RIDmaster per domain. So suppose you have 3 domain, then 3 RID is required i.e. one for eachdomain.
How to manually configure FSMO Roles to separate DC’s We can configure manually by two ways Through MMC We can configure Domain Naming Master role through Active directory domains and trustsWe can configure Schema Master Role through Active Directory schemaOther Three roles we can configure by Active directory users and computersThrough command prompt By using command NTDSUTIL—type ROLES—type CONNECTIONS—CONNECT TO SERVERSERVERNAME where server name is the name of the domain controller that you want to assign role----Type transfer role, where role is the role that you want to transfer. For a list of roles that you can transfer,type ?at the fsmo maintenance prompt, and then press ENTER, or see the list of roles at the start of thisarticle. For example, to transfer the RID master role, type transfer rid master. The one exception is for thePDC emulator role, whose syntax is transfer pdc, not transfer pdc emulator.
What is the difference between authoritative and non-authoritative restore In authoritative restore, Objects that are restored will be replicated to all domainsControllers in the domain. This can be used specifically when the entire OU is disturbed in all domain controllers or specifically restore a single object, which is disturbed in all DC’s.In non-authoritative restore, Restored directory information will be updated by other domain controllers based on the latest modification time.
What is Active Directory De-fragmentation? De-fragmentation of AD means separating used space and empty space created by deleted objects and Reduces directory size (only in offline De-fragmentation)
*Trust transitivityTransitivity determines whether a trust can be extended outside the two domains between which the trust was formed. You can use a transitive trust to extend trust relationships with other domains. You can use a nontransitive trust to deny trust relationships with other domains.
Difference between online and offline de-fragmentationOnline De-fragmentation will be performed by garbage collection process, which runs for every 12 hours by default which separate used space and white space (white space is the space created because of object deletion in AD e.g. User) and improves the efficiency of AD when the domain controller up and running. Offline defragmentation can be done manually by taking domain controller into Restoration mode. We can only reduce the file size of directory database where as the efficiency will be same as in online defragmentation.
What is tombstone period? Tombstones are nothing but objects marked for deletion. After deleting an object in AD the objects will not be deleted permanently. It will be remain 60 days by default (which can be configurable) it adds an
entry as marked for deletion on the object and replicates to all DC’s. After 60 days object will be deleted permanently from all Dc’s.
What is white space and Garbage Collection? Online De-fragmentation will be performed by garbage collection process, which runs for every 12 hours by default which separate used space and white space (white space is the space created because of object deletion in AD e.g. User) and improves the efficiency of AD when the domain controller up and running.Offline defragmentation can be done manually by taking domain controller into Restoration mode. We can only reduce the file size of directory database where as the efficiency will be same as in online defragmentation.
Ftp server1. File Transfer Protocol is a standard network protocol used to transfer files from one host to another host
over a TCP-based network, such as the Internet. FTP is built on client-server architecture and uses separate control and data connections between the client and the server. ...FTP (File Transfer Protocol) is the simplest and most secure way to exchange files over the InternetThe most common use for FTP is to download files from the Internet. In addition, the ability to transfer files back-and-forth makes FTP essential for anyone creating a Web page, amateurs and professionals alike. What is the Role of IIS?IIS provides a redesigned WWW architecture that can help you achieve better performance, reliability, scalability, and security for our Web sites. IIS can support following Protocol HTTP/HTTPS, FTP, FTPS,SMTPEtc. We need to host the site on IIS, when request comes from client it first hits the IIS Server, then the server passed it to ASP.NET worker process to execute. Then the response also passes to client via IIS itself.
What are the different version on IIS that you have worked on? IIS 6 (Windows Server 2003 and Windows XP 64 bit only) IIS 7 (Windows Server 2008 and Windows Vista) IIS 7.5 (Windows Server 2008 R2 and Windows 7) IIS 8 (Windows Server 2012 and Windows 8)
What is the Name of Default Application Pool in IIS? (DefaultAppPool)The <application Pools> element contains configuration settings for all application pools running on your Internet Information Services (IIS) 7 server. An application pool defines a group of one or more worker processes, configured with common settings that serve requests to one or more applications that are assigned to that application pool.
IIS having three different Identity. 1. Local System 2. Local Services 3. NetworkServices
Name of default Identity of IIS6.0Default Identity of IIS 6.0 is NetworkServices .Which is having very minimum rights on your system. The user can only have the read access of the site.
What is Recycling of Application Pool?Recycling Application pool means recycle the Worker process (w3wp.exe ) and the memory used for the web application.
There are two types of recycling related with Application pool 1. Recycling Worker Process - Predefined Settings 2. Recycling Worker Process - Based on Memory
What are the main layers of IIS Architecture?IIS having mainly two layers Kernel Mode and User Mode Below are the subsection of both of them. 1. Kernel Mode o HTTP.SYS
2. User Mode o Web Admin Service o Virtual Directory o Application Pool
What is WSUS (Windows Server Update Services)?WSUS or Windows Server Update Services is a free patch management tool available to Windows Server administrators. WSUS allows administrators to authorize/publish and distribute updates within a network.
Why use WSUS within my network?It is increasingly important for administrators to keep their networks safe and secure. Instead of each workstation manually connecting to Microsoft Update, testing updates and then deploying updates using traditional methods, administrators can use WSUS to download updates centrally to an internal server.Once updates are authorized in WSUS, they’re also deployed internally and reporting tools keep administrators informed of patch progress. This is a very efficient way of working, allowing administrators full control of which updates are deployed to workstations.
What are the minimum requirements for WSUS?For WSUS 3.0, Windows Server 2003 SP1 or later and Windows Server 2008 are supported. For Windows 2000 Server, you must download WSUS 2.0 SP1. For detailed hardware requirements
Where can I download WSUS?WSUS 3.0 SP2 or WSUS 2.0 SP1
What can be patched with WSUS?WSUS supports a wide range of operating systems and applications which is constantly updated. However as a reference, Windows 2000 Professional SP3 or later, Microsoft Office XP (2002) or later, Microsoft SQL Server, Exchange Server 2000 or later and Windows Defender are some of the more common platforms supported.
What Classifications are supported?Critical Updates, Definition Updates, Drivers, Feature Packs, Security Updates, Service Packs, Tools, Update Rollups and Updates are available to choose from.
How do I redirect my workstations to communicate with WSUS?WSUS is compatible with Group Policy so you can easily and efficiently direct your workstations to your WSUS server and disallow end users access to Windows Update. This gives administrators full control
How can I view reports with WSUS?You must download and install Microsoft Report Viewer 2005 on the same server you have WSUS installed.
How are updates downloaded?Automatic Updates uses the Background Intelligent Transfer Service (BITS) to download updates. This is a very efficient technology, using idle bandwidth to silently download updates in the background.
Can I administer WSUS from any computer in my network?Yes, however several steps are needed for WSUS 3.0 to work. MMC 3.0 (Microsoft Management Console), .NET Framework 2.0, Report Viewer 2005 and of course the WSUS setup file. During setup, select Administration Console Only when installing WSUS on your workstation.
What is the different between Workgroup and Domain? Domain Server has Centralized Control Where else Workgroup has no Centralized ControlDomain Network has higher level of security when compared to Workgroup.Domain Network Implementation and Maintained cost is very less when compared to that of workgroup.Time constrain is very less when compared to that of a Workgroup.Administrator has overall control on the network where else workgroup has no control.
How will you restrict user logon timing in domain? Navigate to Active Directory Users and Computers, User Properties select logon times and restrict the user logon timing as needed.
What is the purpose of sysvol?The sysvol folder stores the server's copy of the domain's public files. The contents such as group policy, users, and groups of the sysvol folder are replicated to all domain controllers in the domain. The sysvol folder must be located on an NTFS volume.
What is DNS Server?Domain Name System is used to resolve domain name to IP Address and also used to resolve IP Address to Domain Name. It has two zones forward and Reverse Lookup Zone. Forward Lookup Zone resolve Domain name to IP address. Reverse Lookup Zone is used to resolve IP address to Domain Name. Some records associate with DNS
A Record binds Name with IP Address PTR Record binds IP Address to Name
Why DNS server is required for Active Directory?The key reason for integrating DNS with AD is that client server communication takes place with Domain Name. Network needs IP address to reach the destination; In order to resolve Domain Name to IP Address we need DNS Server. If DNS Server is not configured properly the network becomes slow.
What is the Purpose of A and PTR Record? A Record OR Host Record is used to bind a Name with IP Address. PTR Record is used to bind an IP Address with Name.
What is the purpose of DHCP Server?DHCP Server is used to assign IP address automatically to all the clients’ computers. It is useful in large enterprise network, where we may not able track the IP address and also used to avoid IP conflict.
Explain about Group Policy.
Group policies are used by administrators to configure and control user environment settings. Group Policy Objects (GPOs) are used to configure group policies which are applied to sites, domains, and organizational units (OUs) .There is a maximum of 1000 applicable group policies.
Name 3 benefits of using AD-integrated zones.AD Integrated Zones allow Secure Dynamic Updates. I.e. there will not be any duplicate or unwanted records. Since all the information are validated in active directory.By creating AD- integrated zone you can also trace hacker and spammer by creating reverse zone. AD integrated zones are stored as part of the active directory and support domain-wide or forest-wide replication through application partitions in AD.
How can you forcibly remove AD from a server?Using the command dcpromo /forceremoval
What will be the problem if DNS Server fails? If your DNS server fails, No Client will able to reach the Domain Controller, which will create authentication and Control Issues.
How can you restrict running certain applications on a machine?The Group Policy Object Editor and the Software Restriction Policies extension of Group Policy Object Editor are used to restrict running certain applications on a machine. For Windows XP computers that are not participating in a domain, you can use the Local Security Settings snap-in to access Software RestrictionPolicies.
Explain Quotas.Disk Quota is a feature or service of NTFS which helps to restrict or manage the disk usage from the normal user. It can be implemented per user user per volume basis. By default it is disabled. Administrative privilege is required to perform the task. In 2003server we can control only drive but in 2008server we can establish quota in folder level.
Explain how to publish printer through AD.Navigate to Active Directory Users and Computers, Create new printer and add the printer i.e. the printer share name (UNC) Path. Automatically the printer will be published in Active Directory.
Explain the functionality of FTP Server?File Transfer Protocol is used transfer large volume of files and huge number of files simultaneous between different geographic locations.
Specify the Port Number for AD, DNS, DHCP, HTTP, HTTPS, SMTP, POP3& FTP AD - 389 DNS - 53 DHCP - 67,68 HTTP - 80 HTTPS - 443 SMTP – 25
What is Exclusion Range in DHCP Server?Exclusion Range is used to hold a range IP addresses. Those IP Address can be used or may not be used in the network, but DHCP server does not assign those IP to its client.
Explain FRS in detail.File Replication Service is a Microsoft service which replicates folders stored in sysvol shared folders on domain controllers and distributed file system shared folders. This service is a part of Microsoft’s active directory service.
What isLSDOU?Its group policy inheritance model, where the policies are applied toLocal machines, Sites, Domains and Organizational Units.
What are the DS* commands?The following DS commands: the DS family built in utility.DSmod - modify Active Directory attributes.DSrm - to delete Active Directory objects.DSmove - to relocate objectsDSadd - create new accountsDSquery - to find objects that match your query attributes.DSget - list the properties of an object
Explain about Trust in AD?To allow users in one domain to access resources in another, Active Directory uses trusts. Trusts inside a forest are automatically created when domains are created.
The forest sets the default boundaries of trust, not the domain, and implicit, transitive trust is automatic for all domains within a forest. As well as two-way transitive trust, AD trusts can be a shortcut (joins two domains in different trees, transitive, one- or two-way), forest (transitive, one- or two-way), realm (transitive or nontransitive, one- or two-way), or external (nontransitive, one- or two-way) in order to connect to other forests or non-AD domains.
What's the difference between transferring a FSMO role and seizing? Seizing an FSMO can be a destructive process and should only be attempted if the existing server with the FSMO is no longer available.
If you perform a seizure of the FSMO roles from a DC, you need to ensure two things: the current holder is actually dead and offline, and that the old DC will NEVER return to the network. If you do an FSMO role Seize and then bring the previous holder back online, you'll have a problem.
An FSMO role TRANSFER is the graceful movement of the roles from a live, working DC to another live DC during the process, the current DC holding the role(s) is updated, so it becomes aware it is no longer the role holder
I want to look at the RID allocation table for a DC. What do I do?dcdiag /test:ridmanager /s:servername /v (servername is the name of our DC)
Explain the protocol involved in ADC replication.Remote Procedure Call (RPC) is the protocol used in ADC replication.
Explain the difference between Patches and Service pack.Patches are fixes, updates or enhancements for a particular program whereas service packs include a collection of
What is the difference between Dynamic Disk and Basic Disk?Basic disks and dynamic disks are two types of hard disk configurations in Windows. Most personal computers are configured as basic disks, which are the simplest to manage. Advanced users and IT professionals can make use of dynamic disks, which use multiple hard disks within a computer to manage data, usually for increased performance or reliability.A basic disk uses primary partitions, extended partitions, and logical drives to organize data. A formatted partition is also called a volume (the terms volume and partition are often used interchangeably). In this version of Windows, basic disks can have either four primary partitions or three primary and one extended partition. The extended partition can contain multiple logical drives (up to 128 logical drives are supported). The partitions on a basic disk cannot share or split data with other partitions. Each partition on a basic disk is a separate entity on the disk.Dynamic disks can contain a large number of dynamic volumes (approximately 2000) that function like the primary partitions used on basic disks. In some versions of Windows, you can combine separate dynamic hard disks into a single dynamic volume (called spanning), split data among several hard disks (called striping) for increased performance, or duplicate data among several hard disks (called mirroring) for increased reliability.
What is maximum Size of file system NTFS and FAT32?NTFS - 16TBFAT32 - 4GB
What is “hosts” files?The hosts file is a computer file used in an operating system to map hostnames to IP addresses. The hosts file is a plain-text file and is traditionally named hosts.
What is Page File and Virtual Memory? Page File Is Storage Space forthe Virtual Memory, Page File Uses Hard Disk Space as a Memory To Provide Memory Allocation
Where are group policies stored? %SystemRoot%System32\Group Policy
What is the difference between authoritative and non-authoritative restore In authoritative restore, Objects that are restored will be replicated to all domain controllers in the domain. This can be used specifically when the entire OU is disturbed in all domain controllers or specificallyrestore a single object, which is disturbed in all DC’sIn non-authoritative restore, Restored directory information will be updated by other domain controllersbased on the latest modification time.
What is Active Directory De-fragmentationDe-fragmentation of AD means separating used space and empty space created by deleted objects and Reduces directory size (only in offline De-fragmentation)
What are the monitoring tools used for Server and Network Heath. How to define alert mechanism Spot Light, SNMP Need to enable.
Difference between online and offline de-fragmentation Online De-fragmentation will be performed by garbage collection process, which runs for every 12 hours by default which separate used space and white space (white space is the space created because of object deletion in AD e.g. User) and improves the efficiency of AD when the domain controller up and running
Offline defragmentation can be done manually by taking domain controller into Restoration mode. We can only reduce the file size of directory database where as the efficiency will be same as in online defragmentation.
>What is tombstone period?Tombstones are nothing but objects marked for deletion. After deleting an object in AD the objects will not be deleted permanently. It will be remain 60 days by default (which can be configurable) it adds an entry as marked for deletion on the object and replicates to all DC’s. After 60 days object will be deleted permanently from all Dc’s.
Windows Server Update ServicesWindows Server Update Services (WSUS) enables information technology administrators to deploy the latest Microsoft product updates to computers that are running the Windows operating system. By using WSUS, administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network.
How to deploy the patches and what are the software’s used for this process? Using SUS (Software update services) server we can deploy patches to all clients in the network. We need to configure an option called “Synchronize with Microsoft software update server” option and schedule time to synchronize in server. We need to approve new update based on the requirement. Then approved update will be deployed to clients we can configure clients by changing the registry manually or through Group policy by adding WUAUadministrative template in group policy.
What is Clustering? Briefly define & explain it.Clustering is a technology, which is used to provide High Availability for mission critical applications. We can configure cluster by installing MCS (Microsoft cluster service) component from Add remove programs, which can only available in Enterprise Edition and Data center edition. ORA cluster is a set of independent computers that work together to increase the availability of services and applications. The clustered servers (called nodes) are connected by physical cables and by software. If one of the nodes fails, another node begins to provide service through a process known as failover.In Windows we can configure two types of clusters NLB (network load balancing) cluster for balancing load between servers. This cluster will not provide any high availability. Usually preferable at edge servers like web or proxy.Server Cluster: This provides High availability by configuring active-active or active-passive cluster. In 2 Node active-passive cluster one node will be active and one node will be stand by. When active server fails the application will FAILOVER to stand by server automatically. When the original server backs we need to FAILBACK the application Quorum: A shared storage need to provide for all servers which keep information about clustered Application and session state and is useful in FAILOVER situation.This is very important if Quorum disk fails entire cluster will fails.Heartbeat: Heartbeat is a private connectivity between the servers in the cluster, which is used to identify the status of other servers in cluster.
How to configure SNMP SNMP can be configured by installing SNMP from Monitoring and Management tools from Add and Remove programs.For SNMP programs to communicate we need to configure common community name for those machines where SNMP programs (e.g. DELL OPEN MANAGER) running. This can be configured fromservices.msc--- SNMP service -- Security
Is it possible to rename the Domain name & how? In Windows 2000 it is not possible. In windows 2003 it is possible. On Domain controller by going to MYCOMPUTER properties we can change.
What is SOA RECORD? SOA is a Start of Authority record, which is a first record in DNS, which controls the startup behavior of DNS. We can configure TTL, refresh, and retry intervals in this record.
What is a Stub zone and what is the use of it.Stub zones are a new feature of DNS in Windows Server 2003 that can be used to streamline name resolution, especially in a split namespace scenario.They also help reduce the amount of DNS traffic on your network, making DNS more efficient especially over slow WAN links.A stub zone consists of:
The start of authority (SOA) resource record, name server (NS) resource records, and the glue A resource records for the delegated zone.
The IP address of one or more master servers that can be used to update the stub zone.
.com commercial (business) site
.net Internet administrative site
.org nonprofit organization
.gov U.S. government agency
.edu educational institution
What is the DNS cache?When you type a web address into your web browser and press ENTER, you are sending a query to a DNS server. If the query is successful, the website you want opens; if not, you'll see an error message. A record of these successful and unsuccessful queries is stored in a temporary storage location on your computer called the DNS cache. DNS always checks the cache before querying any DNS server, and if arecord is found that matches the query, DNS uses that record instead of querying the server. This makes queries faster and decreases network and Internet traffic.
How can I see the contents of the DNS cache?At the command prompt, type ipconfig /displaydns.
What are the different types of partitions present in AD?Active directory is divided into three partitionsConfiguration Partition—replicates entire forestSchema Partition—replicates entire forestDomain Partition—replicate only in domainApplication Partition (Only in Windows 2003)
What are the (two) services required for replication File Replication Service (FRS) Knowledge Consistency Checker (KCC)
How do you manually create SRV records in DNS? This is on windows servers go to run ---> dnsmgmt.msc right click on the zone you want to add srv record to and choose "other new record" and choose service location (srv).
Can we use a Linux DNS Sever in 2000 Domain?
We can use, but the BIND version should be 8 or greater
What are the different levels that we can apply Group Policy?We can apply group policy at SITE level---Domain Level---OU level
What is ASR (Automated System Recovery) and how to implement it? ASR is a two-part system; it includes ASR backup and ASR restore.The ASR Wizard, located in Backup, does the backup portion.The wizard backs up the system state, system services, and all the disks that are associated with the operating system components.ASR also creates a file that contains information about the backup, the disk configurations (including basic and dynamic volumes), and how to perform a restore. You can access the restore portion by pressing F2 when prompted in the text-mode portion of setup.ASR reads the disk configurations from the file that it creates. It restores all the disk signatures, volumes, and partitions on (at a minimum) the disks that you need to start the computer. ASR will try to restore all the disk configurations, but under some circumstances it might not be able to. ASR then installs a simple installation of Windows and automatically starts a restoration using the backup created by the ASR Wizard.
Storage Craft ImageManagerStorage Craft ImageManager helps you maintain and manage backup image files and storage space used by those files. Based on a policy that you create, ImageManager automatically consolidates incremental backup image files into daily, weekly, and monthly incremental images. ImageManager also provides ongoing verification and replication services for your backup images.
What is storage craft shadowprotect, and does it do?ShadowProtect™ is StorageCraft's backup and disaster recovery solution for Windows. It allows the users to schedule (or manually create) frequent, image-based backups of their local disks and store them on disk-based or network destinations. The backup images include all files, settings, programs and operating system files on the volume, and are an exact representation of the entire volume at the time the backup was created.ShadowProtect® uses Microsoft's VSS framework to create snapshots of local volumes in a way that is both quick, unobtrusive and does not require applications to be closed before the backup. ShadowProtect® creates a clean and usable backup while programs are running, even enterprise applications such as SQL Server and Exchange.
Symantec NetBackupDuring a backup, the client sends data across the network to a NetBackup server, which uses policy to select the correct type of storage media. During a restore, the administrator can browse for which files and directories to recover and the NetBackup server will find them and restore them to the client. NetBackup offers deduplication, replication andsnapshot services and can provide recovery from tape, disk, snapshot or the cloud, in a physical or virtual environment. The product offers support for both VMware and Microsoft Hyper-V. NetBackup is also available as a backup appliance. Launched in September 2010 with the NetBackup 5000 appliance, the current version includes Fibre Channel support, protects virtual and physical systems, removes the need for a separate master or media server and does source and target deduplication. It can protect up to 4,800 virtual machines (VMs) in a single system and integrate with VMware vStorage APIs for Data Protection to perform direct vSphere backups.Today, NetBackup offers a variety of features which are designed to speed backup and recovery and integrate backup with additional processes. Symantec says that the NetBackup Accelerator, for example,
is designed to reduce the time needed to complete a backup by eliminating the scan to determine file change percentages, maximizing client-side deduplication, and then building a full backup image.
What is Domain Policy, Domain controller policy, Local policy and Group policyDomain Policy will apply to all computers in the domain, because by default it will be associated with domain GPO, Where as Domain controller policy will be applied only on domain controller. By default domain controller security policy will be associated with domain controller GPO. Local policy will be applied to that particular machine only and effects to that computer only.
What is the use of SYSVOL FOLDER? Policies and scripts saved in SYSVOL folder will be replicated to all domain controllers in the domain. FRS (File replication service) is responsible for replicating all policies and scripts
What is folder redirection? Folder Redirection is a User group policy. Once you create the group policy and link it to the appropriate folder object, an administrator can designate which folders to redirect and where to do this, the administrator needs to navigate to the following location in the Group Policy Object User Configuration\Windows Settings\Folder RedirectionIn the Properties of the folder, you can choose Basic or Advanced folder redirection and you can designate the server file system path to which the folder should be redirected. The %USERNAME% variable may be used as part of the redirection path, thus allowing the system to dynamically create a newly redirected folder for each user to whom the policy object applies.
Folder RedirectionUser settings and user files are typically stored in the local user profile, under the Users folder. The files in local user profiles can be accessed only from the current computer, which makes it difficult for users who use more than one computer to work with their data and synchronize settings between multiple computers. Two technologies exist to address this problem: Roaming Profiles and Folder Redirection. Both technologies have their advantages, and they can be used separately or together to create a seamless user experience from one computer to another. They also provide additional options for administrators managing user data.Folder Redirection lets administrators redirect the path of a folder to a new location. The location can be a folder on the local computer or a directory on a network file share. Users can work with documents on a server as if the documents were based on a local drive. The documents in the folder are available to the user from any computer on the network. Folder Redirection is located under Windows Settings in the console tree when you edit domain-based Group Policy by using the Group Policy Management Console (GPMC). The path is [Group Policy Object Name]\User Configuration\Policies\Windows Settings\Folder Redirection.Other advantages include:• Data is stored on a server where it can be backed up• If the same redirection is applied to multiple users, all data is stored in the one location• Allows for sharing of data between users
What different modes in windows 2003 (Mixed, native & intrim….etc) Different Active Directory features are available at different functional levels. Raising domain and forest functional levels is required to enable certain new features as domain controllers are upgraded from Windows NT 4.0 and Windows 2000 to Windows Server 2003Domain Functional Levels: Windows 2000 Mixed mode, Windows 2000 Native mode, Windows server 2003 and Windows server 2003 interim ( Only available when upgrades directly from Windows NT 4.0 to Windows 2003) Forest Functional Levels: Windows 2000 and Windows 2003
What is the purpose of having AD?Active directory is a directory service that identifies all resources on network and makes that information available to users and services. The main purpose of AD is to control and authenticates network recourses.
IPSec usage and difference window 2000 & 2003.Microsoft doesn’t recommend Internet Protocol security (IPSec) network address translation (NAT)traversal (NAT-T) for Windows deployments that include VPN servers and that are located behindnetwork address translators. When a server is behind a network address translator, and the server usesIPSec NAT-T, unintended side effects may occur because of the way that network address translatorstranslate network trafficIf you put a server behind a network address translator, you may experience connection problemsbecause clients that connect to the server over the Internet require a public IP address. To reach serversthat are located behind network address translators from the Internet; static mappings must beconfigured on the network address translator. For example, to reach a Windows Server 2003-basedcomputer that is behind a network address translator from the Internet, configure the network addresstranslator with the following static network address translator mappings:• Public IP address/UDP port 500 to the server's private IP address/UDP port 500. • Public IP address/UDP port 4500 to the server's private IP address/UDP port 4500. These mappings are required so that all Internet Key Exchange (IKE) and IPSec NAT-T traffic that is sent to the public address of the network address translator is automatically translated and forwarded to the Windows Server 2003-based computer ipsecWeb definitions
1. Internet Protocol Security is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication How to create application partition windows 2003 and its usage? An application directory partition is a directory partition that is replicated only to specific domain controllers.A domain controller that participates in the replication of a particular application directory partition hosts a replica of that partition. Only domain controllers running Windows Server 2003 can host a replica of an application directory partition.Applications and services can use application directory partitions to store application-specific data.Application directory partitions can contain any type of object, except security principals. TAPI is an example of a service that stores its application-specific data in an application directory partition. Application directory partitions are usually created by the applications that will use them to store and replicate data. For testing and troubleshooting purposes, members of the Enterprise Admins group can manually create or manage application directory partitions using the Ntdsutil command-line tool.
29. Is it possible to do implicit transitive forest to forest trust relationship in windows 2003? Implicit Transitive trust will not be possible in windows 2003. Between forests we can create explicit trustTwo-way trustOne-way: incomingOne-way: Outgoing Minimum hardware requirements for all versions of Windows 2008 Server
Component Minimum Recommended
Processor speed (x86 ) 1 GHz 2 GHzProcessor speed (x64 ) 1.4 GHz 2 GHz
Memory (RAM) 512 MB 2 GBDisk space 10 GB 40 GB
Peripherals DVD-ROM, Super VGA monitor, keyboard, and mouse
DVD-ROM, Super VGA monitor, keyboard, and mouse
Maximum supported hardware for Windows 2008 Server
Edition Platforms Processors Memory Cluster Nodes
Standard x86 4 4 GB N/AStandard x64 4 32 GB N/A
Enterprise x86 8 64 GB 8Enterprise x64 8 2 TB 16Datacenter x86 32 64 GB 8Datacenter x64 64 2 TB 16Web Server x86 4 4 GB N/AWeb Server x64 4 32 GB N/A
Server Manager is a new feature that is included in Windows Server 2008, which is centralized tool to guide system administrators through the process of installing, configuring, and managing server Roles and Features available with Windows 2008 Server.Server Manager is launched automatically after Initial Configuration Tasks (ICT). You can select not to open the Server Manager at start-up by checking “Do not show me this console at logon” check box. If you select Server Manager not to start up automatically, it can still be accessed by the methods listed below.• Open the Start menu, and then click Server Manager at the top of the menu.• Select menu path Start > Administrative Tools > Server Manager.• Right-click Computer, and then choose Manage.• Open Run dialog box from start menu, type "servermanager.msc" and hit enter.Server Manager is available as a Microsoft Management Console (MMC) snap-in and it provides information about server configuration, installed roles, status of installed roles, tools for adding and removing Windows 2008 roles and features. Server Manager contains the following elements.• Initial Configuration Tasks (ICT)• Add Roles Wizard• Add Role Services Wizard• Add Features Wizard• Remove Roles Wizard• Remove Role Services Wizard• Remove Features Wizard• Command-line toolsP-What is universal group membership cache in windows 2003? Universal GroupsUniversal groups allow users (and groups) from multiple domains to have membership in a single group that is available throughout the Active Directory forest. This is useful in a forest with multiple Active Directory domains to simplify resource access permissions. If users or groups from different domains need access to resources that are located in multiple domains, a universal group can be used to allow for that access.Universal membership caching eliminates the dependency on the availability of a global catalog server during logons. When you enable this feature on a domain operating in Windows Server 2003 or higher functional level, any domain controller can resolve logon requests locally without having to go through the global catalog server.
Information is stored locally once this option is enabled and a user attempts to log on for the first time. The domain controller obtains the universal group membership for that user from a global catalog. Once the universal group membership information is obtained, it is cached on the domain controller for that site indefinitely and is periodically refreshed. The next time that user attempts to log on, the authenticating domain controller running Windows Server 2003 will obtain the universal group membership information from its local cache without the need to contact a global catalog. By default, the universal group membership information contained in the cache of each domain controller will be refreshed every 8 hours.
GPMC & RSOP in windows 2003?GPMC is tool which will be used for managing group policies and will display information like how many policies applied, on which OU’s the policies applied, What are the settings enabled in each policy, Who are the users effecting by these polices, who is managing these policies. GPMC will display all the above information.RSoP (Resultant Set of Policy) provides details about all policy settings that are configured by an Administrator, including Administrative Templates, Folder Redirection, Internet Explorer Maintenance, Security Settings, Scripts, and Group Policy Software Installation.When policies are applied on multiple levels (for example, site, domain, domain controller, andOrganizational unit), the results can conflict. RSoP can help you determine a set of applied policies and their precedence (the order in which policies are applied).
32. Assign & Publish the applications in GP & how? Through Group policy you can Assign and publish the applications by creating .msi package for that application With Assign option you can apply policy for both user and computer. If it is applied to computer then the policy will apply to user who logs on to that computer. If it is applied on user it will apply where ever he logs on to the domain. It will be appear in Start menu—Programs. Once user click the shortcut or open any document having that extension then the application install into the local machine. If any application program files missing it will automatically repair. With Publish option you can apply only on users. It will not install automatically when any application program files are corrupted or deleted.
33. DFS in windows 2003? Refer Question 17 on level 2
34. How to use recovery console? The Windows 2000 Recovery Console is a command-line console that you can start from the Windows 2000 Setup program. Using the Recovery Console, you can start and stop services, format drives, read and write data on a local drive (including drives formatted to use NTFS), and perform many other administrative tasks. The Recovery Console is particularly useful if you need to repair your system by copying a file from a floppy disk or CD-ROM to your hard drive, or if you need to reconfigure a service that is preventing your computer from starting properly. Because the Recovery Console is quite powerful, it should only be used by advanced users who have a thorough knowledge of Windows 2000. In addition, you must be an Administrator to use the Recovery Console.There are two ways to start the Recovery Console:If you are unable to start your computer, you can run the Recovery Console from your Windows 2000 Setup disks or from the Windows 2000 Professional CD (if you can start your computer from your CD-ROM drive).As an alternative, you can install the Recovery Console on your computer to make it available in case you are unable to restart Windows 2000. You can then select the Recovery Console option from the list of available operating systems
35. PPTP protocol for VPN in windows 2003? Point-to-Point-Tunneling Protocol (PPTP) is a networking technology that supports multiprotocol virtualprivate networks (VPN), enabling remote users to access corporate networks securely across the Microsoft Windows NT® Workstation, Windows® 95, and Windows 98 operating systems and other point-to-point protocol (PPP)-enabled systems to dial into a local Internet service provider to connect securely to their corporate network through the Internet Netdom.exe is domain management tool to rename domain controller SID history Netdom.exe is domain management tool to rename domain controller
36. What are the different types of trust relationships? Implicit Trusts----- Establish trust relationship automatically.Explicit Trusts----- We have to build manually trust relationship .NT to Win2k orForest to ForestTransitive--- -- If A B C then A CNon-Transitive-- --- If A B C then A is not trusting COne way-- --- One sideTwo way----- two sidesWindows Server 2003 Active Directory supports the following types of trust relationships: Tree-root trust Tree-root trust relationships are automatically established when you add a new tree root Domain to an existing forest. This trust relationship is transitive and two-way.
Parent-child trust Parent-child trust relationships are automatically established when you add a new child Domain to an existing tree. This trust relationship is also transitive and two-way.
Shortcut trust Shortcut trusts are trust relationships that are manually created by systems administrators. These trusts can be defined between any two domains in a forest, generally for the purpose of improvinguser logon and resource access performance. Shortcut trusts can be especially useful in situations whereusers in one domain often need to access resources in another, but a long path of transitive trusts separatesthe two domains. Often referred to as cross-link trusts, shortcut trust relationships are transitive and can beconfigured as one-way or two-way as needs dictate.
Realm trust Realm trusts are manually created by systems administrators between a non–Windows Kerberos realm and a Windows Server 2003 Active Directory domain. This type of trust relationshipprovides cross-platform interoperability with security services in any Kerberos version 5 realm, such as aUNIX implementation. Realm trusts can be either transitive or non-transitive, and one-way or two-way asneeds dictate.
External trust External trusts are manually created by systems administrators between Active Directory domains that are in different forests, or between a Windows Server 2003 Active Directory domain and aWindows NT 4.0 domain. These trust relationships provide backward compatibility with Windows NT 4.0environments, and communication with domains located in other forests that are not con-figured to useforest trusts. External trusts are non transitive and can be configured as either one-way or two-way as needsdictate.
Forest trust Forest trusts are trust relationships that are manually created by systems administrators between forest root domains in two separate forests. If a forest trust relationship is two-way, it effectively allows authentication requests from users in one forest to reach another, and for users in either forest to
access resources in both. Forest trust relationships are transitive between two forests only and can be configured as either one-way or two-way as needs dictate. By default implicit two way transitive trust relationships establish between all domains in the windows 2000/2003 forest.
*Difference between Domain and Domain Controller A domain is a group of connected computers that can be accessed from a central server or servers. All the computers within a specific domain share a common set of security rules. What is domain controller? A Domain controller (DC) is a server that responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.*What is RODC? Why do we configure RODC? Read only domain controller (RODC) is a feature of Windows Server 2008 Operating System. RODC is a read only copy of Active Directory database and it can be deployed in a remote branch office where physical security cannot be guaranteed. RODC provides more improved security and faster log on time for the branch office.The RODC also have copy of the Active Directory (AD) database, but the contents of the replica of the database on the domain controller is read-only and write operations are not supported.It is also important to know that the RODCs do not participate in Active Directory replication in the same way as writable domain controllers.The difference between RODC replication and the multimaster replication model between writable domain controllers is that RODC replication is unidirectional. This means all changes from a writable domain controller are propagated to the RODCs. The result of this is that the RODC receives changes, butdoes not partake in or perform outbound replication with other domain controllers. This provides an extra layer of security as any unauthorized data changes, will not replicate out to other domain controllers.Another new RODC functionality that improves security is the replication that happens between a writable domain controller and a RODC. Here, user account information is replicated, but account passwords are not.
How will you take Active Directory backup?Active Directory is backed up along with System State data. System state data includes Local registry, COM+, Boot files, NTDS.DIT and SYSVOL folder. System state can be backed up either using Microsoft's default NTBACKUP tool or third party tools such as Symantech NetBackup, IBM Tivoli Storage Manager Etc.
What is Lost and Found Container?In multimaster replication method, replication conflicts can happen. Objects with replication conflicts will be stored in a container called 'Lost and Found' container. This container also used to store orphaned user accounts and other objects.
Do we use clustering in Active Directory? Why? No one installs Active Directory in a cluster. There is no need of clustering a domain controller. Because Active Directory provides total redundancy with two or more servers.
What is Active Directory Recycle Bin? Active Directory Recycle bin is a feature of Windows Server 2008 AD. It helps to restore accidentally deleted Active Directory objects without using a backed up AD database, rebooting domain controller or restarting any services
How do you check currently forest and domain functional levels? Say both GUI and Command line. To find out forest and domain functional levels in GUI mode, open ADUC, right click on the domain name and take properties. Both domain and forest functional levels will be listed there. TO find out forest and domain functional levels, you can use DSQUERY command.
Which version of Kerberos is used for Windows 2000/2003 and 2008 Active Directory ? All versions of Windows Server Active Directory use Kerberos 5.
Name few port numbers related to Active Directory? Kerberos 88, LDAP 389, DNS 53, SMB 445
Have you heard of ADAC? ADAC- Active Directory Administrative Center is a new GUI tool came with Windows Server 2008 R2, which provides enhanced data management experience to the admin. ADAC helps administrators to perform common Active Directory object management task across multiple domains with the same ADAC instance. You can use Active Directory Administrative Center to perform the following Active Directory administrative tasks:
Create new user accounts or manage existing user accounts Create new groups or manage existing groups Create new computer accounts or manage existing computer accounts Create new organizational units (OUs) and containers or manage existing OUs Connect to one or several domains or domain controllers in the same Active Directory
Administrative Center instance and view or manage the directory information for those domains or domain controllers
Filter Active Directory data by using query-building search
In Windows Server 2008 R2, in addition to the Active Directory Users and Computers snap-in, administrators can manage their directory service objects by using the new Active Directory Administrative Center.
Active Directory Administrative Center can be installed only on computers running the Windows Server 2008 R2 operating system. Active Directory Administrative Center cannot be installed on computers running Windows 2000, Windows Server 2003, or Windows Server 2008.
Active Directory Administrative Center can be installed on the Windows 7 operating system as part of the Remote Server Administration Tools (RSAT). To download and install RSAT, see Remote Server Administration Tools for Windows 7 (http://go.microsoft.com/fwlink/?LinkID=130862).
In this release of Windows Server 2008 R2, you cannot use Active Directory Administrative Center to manage Active Directory Lightweight Directory Services (AD LDS) instances and configuration sets.
How many objects can be created in Active Directory? (Both 2003 and 2008) As per Microsoft, a single AD domain controller can create around 2.15 billion objects during its lifetime.
Explain the process between a user providing his Domain credential to his workstation and the desktop being loaded? Or how the AD authentication works? When a user enters a user name and password, the computer sends the user name to the KDC. The KDC contains a master database of unique long term keys for every principal in its realm. The KDC looks up
the user's master key (KA), which is based on the user's password. The KDC then creates two items: a session key (SA) to share with the user and a Ticket-Granting Ticket (TGT). The TGT includes a second copy of the SA, the user name, and an expiration time. The KDC encrypts this ticket by using its own master key (KKDC), which only the KDC knows. The client computer receives the information from the KDC and runs the user's password through a one-way hashing function, which converts the password into the user's KA. The client computer now has a session key and a TGT so that it can securely communicate with the KDC. The client is now authenticated to the domain and is ready to access other resources in the domain by using the Kerberos protocol.Which FSMO role directly impacting the consistency of Group Policy? PDC Emulator.
I want to promote a new additional Domain Controller in an existing domain. Which are the groups I should be a member of? You should be a member of Enterprise Admins group or the Domain Admins group. Also you should be member of local Administrators group of the member server which you are going to promote as additional Domain Controller.
Tell me one easiest way to check all the 5 FSMO roles? Use netdom query /domain:YourDomain FSMO command. It will list all the FSMO role handling domain controllers.
You want to standardize the desktop environments (wallpaper, My Documents, Start menu, printers etc.) on the computers in one department. How would you do that? go to Start->programs->Administrative tools->Active Directory Users and Computers Right Click on Domain->click on preoperties On New windows Click on Group Policy Select Default Policy->click on Editon group Policy consolego to User Configuration->Administrative Template->Start menu and Taskbar Select each property you want to modify and do the same.
Windows DHCP Interview Questions and Answers!What is dhcp? Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network.
What is dhcp scope? DHCP scopes are used to define ranges of addresses from which a DHCP server can assign IP addresses to clients.
Types of scopes in windows dhcp? Normal Scope - Allows A, B and C Class IP address ranges to be specified including subnet masks, exclusions and reservations. Each normal scope defined must exist within its own subnet. Multicast Scope - Used to assign IP address ranges for Class D networks. Multicast scopes do not have subnet masks, reservation or other TCP/IP options.
2) How AD Replication Works?Ans: - http://technet.microsoft.com/en-us/library/cc772726(v=ws.10).aspx) Ports Required for Domain Controllers to communicate.
Ans:- http://yourcomputer.in/list-port-numbers-windows/Microsoft Hyper-V Live 6600
DHCPv6 client 546
What is NLB?Ans: - NLB (Network Load Balance) is a Microsoft implementation of clustering and load balancing that is intended to provide high availability and high reliability, as well as high scalability.
Multicast scope address ranges require that a Time To Live (TTL) value be specified (essentially the number of routers a packet can pass through on the way to its destination). Super scope - Essentially a collection of scopes grouped together such that they can be enabled and disabled as a single entity.
9) Difference between Unicast and Multicast
UnicastUnicast is a one-to one connection between the client and the server. Unicast uses IP delivery methods such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), which are session-based protocols. When a Windows Media Player client connects using unicast to a Windows Media server, that client has a direct relationship to the server. Each unicast client that connects to the server takes up additional bandwidth. For example, if you have 10 clients all playing 100-kilobits per second (Kbps) streams, those clients as a group are taking up 1,000 Kbps. If you have only one client playing the 100 Kbps stream, only 100 Kbps is being used.MulticastMulticast is a true broadcast. The multicast source relies on multicast-enabled routers to forward the packets to all client subnets that have clients listening. There is no direct relationship between the clients and Windows Media server. The Windows Media server generates an .nsc (NetShow channel) file when the multicast station is first created. Typically, the .nsc file is delivered to the client from a Web server. This file contains information that the Windows Media Player needs to listen for the multicast. This is similar to tuning into a station on a radio. Each client that listens to the multicast adds no additional overhead on the server. In fact, the server sends out only one stream per multicast station. The same load is experienced on the server whether only one client or 1,000 clients are listening
What is Asuthorizing DHCP Servers in Active Directory? If a DHCP server is to operate within an Active Directory domain (and is not running on a domain controller) it must first be authorized. This can be achieved either as part of the DHCP Server role installation, or subsequently using either DHCP console or at the command prompt using the netsh tool. If the DHCP server was not authorized during installation, invoke the DHCP console (Start -> All Programs -> Administrative Tools -> DHCP), Right click on the DHCP to be authorized and select Authorize. To achieve the same result from the command prompt, enter the following command: netsh dhcp server serverID initiate auth In the above command syntax, serverID is replaced by the IP address or full UNC name of system on which the DHCP server is installed.
What is new in Windows 2008 AD?Read-Only Domain Controllers
Fine-Grained Password PoliciesRestartable Active Directory ServiceBackup and RecoverySYSVOL Replication with DFS-RAuditing ImprovementsUI Improvements
How to configure RODC to replicate password of users?Ans: - You can add users in the PASSWORD REPLICATION POLICY tab of RODC computer properties
Authoritative vs. Non-Authoritative Restoration of Active Directory It is the absolute worst case scenario possible; your domain controller has crashed. So what type of restore do you do?It is any network administrator’s worst nightmare; your domain controller has crashed. So where do you go from here? Well, hopefully you have been doing your backups properly. If that is the case you shouldn’t have too much to worry about. However, during the restoration process you have to make the decision on whether to do an authoritative or non-authoritative restoration. The clock is ticking, which one do you choose?
Non-Authoritative Restoration Used most commonly in cases when a DC because of a hardware or software related reasons, this is the default directory services restore mode selection. In this mode, the operating system restores the domain controller’s contents from the backup. After this, the domain controller then through replication receives all directory changes that have been made since the backup from the other domain controllers in the network.
Authoritative RestorationAn authoritative restore is most commonly used in cases in which a change was made within the directory that must be reversed, such as deleting an organization unit by mistake. This process restores the DC from the backup and then replicates to and overwrites all other domain controllers in the network to match the restored DC. The especially valuable thing about this is that you can choose to only make certain objects within the directory authoritative. For example, if you delete an OU by mistake you can choose to make it authoritative. This will replicate the deleted OU back to all of the other DC’s in the network and then use all of the other information from these other DC’s to update the newly restored server back up to date.
15) What is new in Windows Cluster 2008?Ans: -http://yourcomputer.in/whats-new-windows-server-2008-cluster/
What is Strict Replication?Strict Replication is a mechanism developed by Microsoft developers for Active Directory Replication. If a domain controller has the Strict Replication enabled then that domain controller will not get “Lingering Objects” from a domain controller which was isolated for more than the TombStone Life Time. TSL is 180 days by default on a Forest created with Windows Server 2003 SP1. A domain controller shouldn’t be outof sync for more than this period. Lingering Objects may appear on other domain controllers if replication happens with the outdated domain controllers. These domain controllers will not replicate with the outdated domain controllers if you have set the below mentioned registry key.You must set the following registry setting on all the domain controllers to enable the Strict Replication:
KEY Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Registry Entry: Strict Replication Consistency
Value: 1 (enabled), 0 (disabled) Type: REG_DWORD
17) What is Super Scope in DHCP?Ans:-A superscope is an administrative feature of Dynamic Host Configuration Protocol (DHCP) servers running Windows Server 2008 that you can create and manage by using the DHCP Microsoft Management Console (MMC) snap-in. By using a superscope, you can group multiple scopes as a single administrative entity. With this feature, a DHCP server can:
Support DHCP clients on a single physical network segment (such as a single Ethernet LAN segment) where multiple logical IP networks are used. When more than one logical IP network is used on each physical subnet or network, such configurations are often called multinets.
Support remote DHCP clients located on the far side of DHCP and BOOTP relay agents (where the network on the far side of the relay agent uses multinets).
In multinet configurations, you can use DHCP superscopes to group and activate individual scope ranges of IP addresses used on your network. In this way, the DHCP server can activate and provide leases from more than one scope to clients on a single physical network.Superscopes can resolve specific types of DHCP deployment issues for multinets, including situations in which:
The available address pool for a currently active scope is nearly depleted, and more computers need to be added to the network. The original scope includes the full addressable range for a single IP network of a specified address class. You need to use another range of IP addresses to extend the address space for the same physical network segment.
Clients must be migrated over time to a new scope (such as to renumber the current IP network from an address range used in an existing active scope to a new scope that contains another range of IP addresses).
You want to use two DHCP servers on the same physical network segment to manage separate logical IP networks.
18) What is the requirement to configure Full memory Dump in windows?Ans:-To generate a complete memory dump file:
1. Click Start > right-click Computer and select Properties in the menu.2. Click Advanced > Settings > Startup and Recovery > Settings > Write debugging
information > Complete memory dump.3. Click OK twice.
19) Which DNS record is required for Replication?Ans:- Host A records of replication partners (Domain Controllers), Srv Records to find out the Domain Controllers GUID in _msdcs zone (DC Locator)
20) Tools to analyze Memory Dump?Ans:-Windows Debugger (WinDbg.exe) toolDumpchk,exe21) Tools to troubleshoot Group Policy issues?Ans:- You can use AD inbuilt features to troubleshoot group policy issue like RSOP.msc or can run RSOP by selecting users in Active Directory users and computers, gpresult -v, gpt.ini in sysvol under Group Policy GUID folder can be checked to find out the GPO settings configured22) What AD parameters can be added to enable the Monitoring for AD?23) How to troubleshoot AD replication issues?
Ans:- It can be troubleshooted by repmon command that generates the error result in eventvwr. DNS can be checked between two destination. Network/Firewall issue24) Booting sequence in windows 2008?Here’s the brief description of Windows Server 2008 Boot process.
1. System is powered on2. The CMOS loads the BIOS and then runs POST3. Looks for the MBR on the bootable device4. Through the MBR the boot sector is located and the BOOTMGR is loaded5. BOOTMGR looks for active partition6. BOOTMGR reads the BCD file from the \boot directory on the active partition7. The BCD (boot configuration database) contains various configuration parameters( this
information was previously stored in the boot.ini)8. BOOTMGR transfer control to the Windows Loader (winload.exe) or winresume.exe in case the
system was hibernated.9. Winloader loads drivers that are set to start at boot and then transfers the control to the windows
kernel.
25) How to edit Schema in AD?Ans:- Firstly, schmmgmt.dll has to be register. Then ADSIEdit tool can be used to edit schema.26) Difference between Windows 2003 & Windows 2008 boot processAns:-Windows 2003 Boot Process:1.POST2.The MBR reads the boot sector which is the first sector of the active partition.3.Ntldr looks path of os from boot.ini4.Ntldr to run ntdedetect.com to get information about installed hardware.5.Ntldr reads the registry files then select a hardware profile, control set and loads devicedrivers.6.After that Ntoskrnl.exe takes over and starts winlogon.exe which starts lsass.exeWindows Server 2008 Boot process.
1. System is powered on2. The CMOS loads the BIOS and then runs POST3. Looks for the MBR on the bootable device4. Through the MBR the boot sector is located and the BOOTMGR is loaded5. BOOTMGR looks for active partition6. BOOTMGR reads the BCD file from the \boot directory on the active partition7. The BCD (boot configuration database) contains various configuration parameters( this
information was previously stored in the boot.ini)8. BOOTMGR transfer control to the Windows Loader (winload.exe) or winresume.exe in case the
system was hibernated.9. Winloader loads drivers that are set to start at boot and then transfers the control to the windows
kernel. 27) Name of utilities that is being used to check multipathingAns:- FCInfo utility or Storage Explorer (windows 2008) can be used to check the same.For complete details: http://yourcomputer.in/how-to-check-wwn-on-windows-server/28) How to create Host A record remotely?Ans:- dnscmd command can be used for creating a Resource Record on DNS server. Below is the command:
dnscmd [<ServerName>] /recordadd <ZoneName><NodeName><RRType><RRData>
29) What is glue record?Ans:-Name servers in delegations are identified by name, rather than by IP address. This means that a resolving name server must issue another DNS request to find out the IP address of the server to which it has been referred. If the name given in the delegation is a subdomain of the domain for which the delegation is being provided, there is a circular dependency. In this case the name server providing the delegation must also provide one or more IP addresses for the authoritative name server mentioned in the delegation. This information is called glue. The delegating name server provides this glue in the form of records in the additional section of the DNS response, and provides the delegation in the answer section of the response.For example, if the authoritative name server for example.org is ns1.example.org, a computer trying to resolve www.example.org first resolves ns1.example.org. Since ns1 is contained in example.org, this requires resolving example.org first, which presents a circular dependency. To break the dependency, the name server for the top level domain org includes glue along with the delegation for example.org. The glue records are address records that provide IP addresses for ns1.example.org. The resolver uses one or more of these IP addresses to query one of the domain’s authoritative servers, which allows it to complete the DNS query.30) What is Loopback Group Policy?Ans:- Group Policy applies to the user or computer in a manner that depends on where both the user and the computer objects are located in Active Directory. However, in some cases, users may need policy applied to them based on the location of the computer object alone. You can use the Group Policy loopback feature to apply Group Policy Objects (GPOs) that depend only on which computer the user logs on to.
What ports are used by DHCP and the DHCP clients? Requests are on UDP port 68, Server replies on UDP 67.
*Microsoft's Windows Server 2008 VersionsWindows Server 2008 StandardWindows Server 2008 Enterprise Edition (Recommended)Windows Server 2008 Datacenter.
Hardware Requirements for Windows Server 2008Component Requirement
Processor 1 GHz (x86 CPU) or 1.4 GHz (x64 CPU)
Memory 512MB required; 2GB or higher recommended.
Hard Disk 10 GB required. 40 GB or more recommended.
Video Super VGA or higher video card and monitor.
Hardware Must be on the Windows 2008 Hardware Compatibility List.
What is KCC? KCC?( knowledge consistency checker ) is used to generate replication topology for inter site replication and for intrasite replication.with in a site replication traffic is done via remote procedure calls over ip, while between site it is done through either RPC or SMTP.
>Where is the AD database held? What other folders are related to AD?The AD data base is store in c:\windows\ntds\NTDS.DIT.
Intersite Replication or Replication between sites : Replication between sites is made possible by user-defined site and site link objects that are created in Active Directory to represent the physical LAN and WAN network infrastructure. When Active Directory sites and site links are configured, the KCC creates an intersite topology so that replication flows between domain controllers across WAN links. Intersite replication occurs according to a site link schedule so that WAN usage can be controlled, and is compressed to reduce network bandwidth requirements. Site link settings can be managed to optimize replication routing over WAN links. The connections that are created between sites form a spanning tree for each directory partition in the forest, merging where common directory partitions can be replicated over the same connection.
Last attempt at <date - time> failed with the “Target account name is incorrect.”
This problem can be related to connectivity, DNS, or authentication issues.
Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088)
If this is a DNS error, the local domain controller could not resolve the globally unique identifier (GUID)–based DNS name of its replication partner.
Fixing Replication Security Problems
Fixing Replication Connectivity Problems (Event ID 1925)
Cannot open LDAP connection to local host
The administration tool could not contact Active Directory.
Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088)
Event ID and source
Root cause
Solution
1311 — NTDS KCC
The replication configuration information in Active Directory does not accurately reflect the physical topology of the network.
Fixing Replication Topology Problems (Event ID 1311)
1388 — NTDS Replication
Strict replication consistency is not in effect, and a lingering object has been replicated to the domain controller.
Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)
1925 — NTDS KCC
The attempt to establish a replication link for a writable directory partition failed. This event can have different causes, depending on the error.
Fixing Replication Connectivity Problems (Event ID 1925)
Fixing Replication DNS Lookup Problems (Event
IDs 1925, 2087, 2088)1
988 — NTDS Replication
The local domain controller has attempted to replicate an object from a source domain controller that is not present on the local domain controller because it may have been deleted and already garbage-collected. Replication will not proceed for this directory partition with this partner until the situation is resolved.
Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)
2042 — NTDS Replication
Replication has not occurred with this partner for a tombstone lifetime, and replication cannot proceed.
Fixing Replication Lingering Object Problems (Event IDs 1388, 1988, 2042)
2087 — NTDS Replication
Active Directory could not resolve the DNS host name of the source domain controller to an Internet Protocol (IP) address, and replication failed.
Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088)
2088 — NTDS Replication
Active Directory could not resolve the DNS host name of the source domain controller to an IP address, but replication succeeded.
Fixing Replication DNS Lookup Problems (Event IDs 1925, 2087, 2088)
2095 — NTDS Replication
Update sequence number (USN) rollback has occurred and replication has been stopped. This error indicates an improper Active Directory restore, possibly of a virtual machine file (.vhd).
For an explanation of this problem and recommendations for solutions, see Running Domain Controllers in Virtual Server 2005 on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=38330).
5805 — Net Logon
A machine account failed to authenticate, which is usually caused by either multiple instances of the same computer name or the computer name not replicating to every domain controller.
Fixing Replication Security Problems
Error code Description 1908 Could not find the domain controller for this
domain.5 Access is denied. 1397* Mutual authentication failed. The server's
password is out of date at the domain controller.
1314* A required privilege is not held by the client.
1398* There is a time and/or date difference between the client and server.
1326 Logon failure: unknown user name or bad password.
1722* The remote procedure call (RPC) server is unavailable.
1396 Logon failure: The target account name is incorrect.
2202* The specified username is invalid.
8453 Replication access was denied.
What is FRS?File Replication service (FRS) is related to Active Directory replication because it requires the Active
Directory replication topology. FRS is a multimaster replication service that is used to replicate files and folders in the system volume (SYSVOL) shared folder on domain controllers and in Distributed File System (DFS) shared folders. FRS works by detecting changes to files and folders and then replicating the updated files and folders to other replica members, which are connected in a replication topology.
FRS uses the replication topology that is generated by the KCC to replicate the SYSVOL files to all domain controllers in the domain. SYSVOL files are required by all domain controllers for Active Directory to function.
What are the two protocols that are used in replication? [1]RPC over IP and SMTP over IP.
SMTPSimple Mail Transfer Protocol (SMTP) is a packaging protocol that can be used as an alternative to the remote procedure call (RPC) replication transport. SMTP can be used to transport nondomain replication over IP networks in mail-message format. Where networks are not fully routed, e-mail is sometimes the only transport method availableReplication transports provide the wire protocols that are required for data transfer. There are three levels of connectivity for replication of Active Directory information:
• Uniform high-speed, synchronous RPC over IP within a site.• Point-to-point, synchronous, low-speed RPC over IP between sites.• Low-speed, asynchronous SMTP between sites.
The following rules apply to the replication transports: • Replication within a site always uses RPC over IP.• Replication between sites can use either RPC over IP or SMTP over IP.• Replication between sites over SMTP is supported for only domain controllers of different domains. Domain controllers of the same domain must replicate by using the RPC over IP transport. Therefore, replication between sites over SMTP is supported for only schema, configuration, and global catalog replication, which means that domains can span sites only when point-to-point, synchronous RPC is available between sites.
Synchronous and Asynchronous CommunicationThe RPC intersite and intrasite transport (RCP over IP within sites and between sites) and the SMTP intersite transport (SMTP over IP between sites only) correspond to synchronous and asynchronous communication methods, respectively. Synchronous communication favors fast, available connections, while asynchronous communication is better suited for slow or intermittent connections.
KCC: It creates the replication topology within the site.
ISTG: It creates the topology for the replication between the sites of the same domain.
Bridgehead server : These servers are responsible to receive the receiving the replication data from another site and then replicate to the servers within the site. Any replication originating from its site will be sent to other sites by this server only.
What is FRS?The File Replication service (FRS) is a multi-threaded, multi-master replication engine that replaces
the LMREPL (LanMan Replication) service in the 3.x/4.0 versions of Microsoft Windows NT. Windows 2000 domain controllers and servers use FRS to replicate system policy and logon scripts for Windows 2000 and earlier clients that are located in the System Volume (Sysvol).FRS can also replicate content between Windows 2000 servers hosting the same fault-tolerant Distributed File System (DFS) roots or child node replicas. In Windows 2008 and Windows 2012 Active Directory, FRS has been replaced by DFS.
How many passwords by default are remembered when you check "Enforce Password History Remembered"? User’s last 6 passwords.
Can GC Server and Infrastructure place in single server If not explain why?No, As Infrastructure master does the same job as the GC. It does not work together.
Which is service in your windows is responsible for replication of Domain controller to another domain controller. KCC generates the replication topology. Use SMTP / RPC to replicate changes.
What Intrasite and Intersite Replication? Intrasite is the replication within the same site & intersite the replication between sites.
What is Garbage collection? Garbage collection is the process of the online defragmentation of active directory. It happens every 12 Hours.
What System State data contains? Contains Startup files, Registry Com + Registration Database Memory Page file System files AD information Cluster Service information SYSVOL Folder
General Approach to Fixing Problems of Replication [1]Use the following general approach to fixing replication problems:
1. Monitor replication health daily, or use Repadmin.exe to retrieve replication status daily.2. Attempt to resolve any reported failure in a timely manner by using the methods described in
event messages and this guide. If software might be causing the problem, uninstall the software before you continue with other solutions.
3. If the problem that is causing replication to fail cannot be resolved by any known methods, remove Active Directory from the server and then reinstall Active Directory. For more information about reinstalling Active Directory, see Decommissioning a Domain Controller.
4. If Active Directory cannot be removed normally while connected to the network, use one of the following methods to resolve the problem:
o Force Active Directory removal in Directory Services Restore Mode, clean up server metadata, and then reinstall Active Directory.
o Reinstall the operating system, and rebuild the domain controller.
For more information about forcing Active Directory removal, see Forcing the Removal of a Domain Controller.
Use a monitoring application that you set to capture and report specific errors and events on a daily basis.
Use the Repadmin tool to retrieve replication status daily.
Group typesThere are two types of groups in Active Directory: distribution groups and security groups. You can use distribution groups to create e-mail distribution lists and security groups to assign permissions to shared resources.Distributions groupsDistribution groups can be used only with e-mail applications (such as Exchange) to send e-mail to collections of users. Distribution groups are not security-enabled, which means that they cannot be listed in discretionary access control lists (DACLs). If you need a group for controlling access to shared resources, create a security group.Security groupsUsed with care, security groups provide an efficient way to assign access to resources on your network. Using security groups, you can: Assign user rights to security groups in Active DirectoryAssign permissions to security groups on resources
What is REPLMON? The Microsoft definition of the Replmon tool is as follows; This GUI tool enables administrators to view the low-level status of Active Directory replication, force synchronization between domain controllers, view the topology in a graphical format, and monitor the status and performance of domain controller replication.
>What is ADSIEDIT? ADSIEDIT: ADSIEdit is a Microsoft Management Console (MMC) snap-in that acts as a low-level editor for Active Directory. It is a Graphical User Interface (GUI) tool. Network administrators can use it for common administrative tasks such as adding, deleting, and moving objects with a directory service. The attributes for each object can be edited or deleted by using this tool. ADSIEdit uses the ADSI application programming interfaces (APIs) to access Active Directory. The following are the required files for using this tool: ADSIEDIT.DLL ADSIEDIT.
>What is NETDOM? NETDOM is a command-line tool that allows management of Windows domains and trust relationships. It is used for batch management of trusts, joining computers to domains, verifying trusts, and secure channels.
>What is REPADMIN?This command-line tool assists administrators in diagnosing replication problems between Windows domain controllers. Administrators can use Repadmin to view the replication topology (sometimes referred to as RepsFrom and RepsTo) as seen from the perspective of each domain controller. In addition, Repadmin can be used to manually create the replication topology (although in normal practice this should not be necessary), to force replication events between domain controllers, and to view both the replication metadata and up-to-dateness vectors.
How to take backup of AD?
For taking backup of active directory you have to do this : first go START -> PROGRAM ->ACCESORIES -> SYSTEM TOOLS -> BACKUP OR Open run window and ntbackup and take system state backup when the backup screen is flash then take the backup of SYSTEM STATE it will take the backup of all the necessary information about the system including AD backup , DNS ETC.
What are the requirements for installing AD on a new server? An NTFS partition with enough free space.An Administrator's username and password.The correct operating system version. A NIC Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway).A network connection (to a hub or to another computer via a crossover cable).An operational DNS server (which can be installed on the DC itself).A Domain name that you want to use. The Windows 2000 or Windows Server 2003 CD media (or at least the i386 folder) .
What are application partitions? When do I use them?AN application directory partition is a directory partition that is replicated only to specific domain controller. Only domain controller running windows Server 2003 can host a replica of application directory partition.Using an application directory partition provides redundancy, availability or fault tolerance by replicating data to specific domain controller pr any set of domain controllers anywhere in the forest.
>How do you create a new application partition? Use the DnsCmd command to create an application directory partition. To do this, use the following syntax: DnsCmd ServerName /CreateDirectoryPartition FQDN of partition
>How do you view all the GCs in the forest? C:\>repadmin /showreps domain_controller where domain_controller is the DC you want to query to determine whether it?s a GC. The output will include the text DSA Options: IS_GC if the DC is a GC.
>Can you connect Active Directory to other 3rd-party Directory Services? Name a few options. Yes, you can use dirXML or LDAP to connect to other directories. In Novell you can use E-directory.
>What is IPSec Policy? IPSec provides secure gateway-to-gateway connections across outsourced private wide area network (WAN) or Internet-based connections using L2TP/IPSec tunnels or pure IPSec tunnel mode. IPSec Policy can be deployed via Group policy to the Windows Domain controllers 7 Servers.
>What are the different types of Terminal Services? User Mode & Application Mode.
>What is RsOP? RsOP is the resultant set of policy applied on the object (Group Policy).
>What is BridgeHead Server in AD?A bridgehead server is a domain controller in each site,This is used as a contact point to receive and replicate data between sites.
For intersite replication, KCC designates (mukarrar karna) one of the domain controllers as a bridgehead server. In case the server is down, KCC designates another one from the domain controller. When a bridgehead server receives replication updates from another site, it replicates the data to the other domain controllers within its site.
>What is the default size of ntds.dit?10 MB in Server 2000 and 12 MB in Server 2003.
>What is OU?Organization Unit is a container object in which you can keep objects such as user accounts, groups, computer, printer, Applications and other (OU). In organization unit you can assign specific permission to the users. Organization unit can also be used to create departmental limitation.
>What is site? What are they used for?One or more well-connected (highly reliable and fast) TCP/IP subnets. A site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network.A Site object in Active Directory represents a physical geographic location that hosts networks. Sites contain objects called Subnets. Sites can be used to Assign Group Policy Objects, facilitate the discovery of resources, manage active directory replication, and manage network link traffic.
>Trying to look at the Schema, how can I do that? Register schmmgmt.dll using this command c:\windows\system32>regsvr32 schmmgmt.dll Open mmc --> add snapin --> add Active directory schema name it as schema.msc Open administrative tool --> schema.msc
1. Describe how the DHCP lease is obtained. It’s a four-step process consisting of (a) IP request, (b) IP offer, (c) IP selection and (d) acknowledgement.
> What is group nesting? Adding one group as a member of another group is called 'group nesting'. This will help for easy administration and reduced replication traffic.
> Name few port numbers related to Active Directory? Kerberos 88, LDAP 389, DNS 53, SMB 445
What is an FQDN? A fully qualified domain name, sometimes also referred as an absolute domain name, is a domain name that specifies its exact location in the tree hierarchy of the Domain Name System. It specifies all domain levels, including the top-level domain and the root zone.
What are administrative templates? Administrative Templates are a feature of Group Policy. The Administrative Templates Extension is the largest of all available Group Policy extensions and includes more than 700 policy settings for applications and operating system components. These policy settings are applied by modifying the
registry on target clients. Administrative Templates policy settings is also referred to as registry-based policy or simply registry policy.Administrators need a simple way to configure policy settings and apply those changes to many users and computers throughout the network. You need to be able to modify policy settings quickly and be able to delete policy settings and remove them from all target computers without the risk of old policy settings remaining in the registry. In addition, developers need a way to integrate policy management into new applications. Administrative Templates provides dynamic management capabilities to administrators and an infrastructure for developers to policy-enable their applications.
The administrative templates are actually defined by text files with an .ADM or .ADMX extension. In Windows Server 2003, there were only 5 Admin Templates available for GPOs:Conf.adm, Inetres.adm, System.adm, Wmplayer.adm, and Wuau.adm. However, there is now a huge growth in the number of Administrative Templates available by default in Windows Server 2008 R2. This table highlights the explosion in available Group Policy Administrative Templates in the last few Operating System releases.
OS Version Number of Default Administrative TemplatesWindows 2000 5Windows XP, Server 2003 5Windows Vista, Server 2008 142Windows 7, Server 2008R2 156
DNS Resource RecordsWhat are DNS Records?DNS records or Zone files are used for mapping URLs to an IPs.These records are located in the DNS server. It connects your website with the outside world. When the URL is typed on the browser it is being forwarded to your DNS servers and then gets pointed to webservers.These webservers serve the website mentioned in the URL or the Email server which handles the incoming email.Address Mapping records (A) The record A specifies IP address (IPv4) for given host.A record is used for conversion of domain names to corresponding IP addresses. A record is the Address Record. This assigns an IP address for a domain or a sub domain name.Usually A record will be an IP address.
IP Version 6 Address records (AAAA) The record AAAA (also quad-A record) specifies IPv6 address for given host. So it works the same way as the A record and the difference is the type of IP address.
NS Record:Name server –All the servers that are listed in the NS record are stated as the authoritative name servers for a particular domain.Mail exchanger record (MX) MX records specify the mailing server of the domain. An MX record shows to which computer a mail of a particular domain should be sent. The MX record also includes a priority number, which can be used to determine several computers where the mail for the domain can be sent. The first attempt is to deliver the mail to the computer with the
highest priority (lowest value). If this attempt fails, the mail goes to the next computer (with a higher priority value), and so on.Integrated Services Digital Network records (ISDN) The ISDN resource record specifies ISDN address for a host. An ISDN address is a telephone number that consists of a country code, a national destination code, an ISDN Subscriber number and, optionally, an ISDN subaddress. The function of the record is only variation of the A resource record function. Canonical Name records (CNAME) The CNAME record specifies a domain name that has to be queried in order to resolve the original DNS query. Therefore CNAME records are used for creating aliases of domain names. CNAME records are truly useful when we want to alias our domain to an external domain. In other cases we can remove CNAME records and replace them with A records and even decrease performance overhead. Host Information records (HINFO) HINFO records are used to acquire general information about a host. The record specifies type of CPU and OS. The HINFO record data provides the possibility to use operating system specific protocols when two hosts want to communicate. For security reasons the HINFO records are not typically used on public servers. SOA Record:This State of Authority record specifies the DNS server that provides authoritative information about the domain name, domain administrator email, domain serial number, along with several timers in relation to refreshing the zone.
What is the port no of dns? 53.What is a Forward Lookup?Resolving Host Names to IP Addresses.What is a Resource Record?It is a record provides the information about the resources available in the N/W infrastructure.
What is the diff. DNS Roles?Standard Primary, Standard Secondary, & AD Integrated.
What is a Zone?Zone is a sub tree of DNS database.
SOA records must be included in every zone. What are they used for?SOA records contain a TTL value, used by default in all resource records in the zone SOA records contain the e-mail address of the person who is responsible for maintaining the zone. SOA records contain the current serial number of the zone, which is used in zone transfers.
What is round robin DNS?Round robin DNS is usually used for balancing the load of geographically distributed Web servers. For example, a company has one domain name and three identical home pages residing on three servers with three different IP addresses. When one user accesses the home page it will be sent to the first IP address. The second user who accesses the home page will be sent to the next IP address, and the third user will be sent to the third IP address. In each case, once the IP address is given out, it goes to the end of the list. The fourth user, therefore, will be sent to the first IP address, and so forth.
Round robin DNS is nothing but a simple technique of load balancing various Internet services such as Web server, e-mail server by creating multiple DNS A records with the same name.How Does It Work?You configure DNS server to send a list of IP addresses of several servers with same hostname. For example, foo.dnsknowledge.com may be configured to return two IP address as follows:
foo.dnsknowledge.com – 202.54.1.2 foo.dnsknowledge.com – 202.54.1.3Half of the time when a user make foo.dnsknowledge.com request will go to 202.54.1.2 and rest will go to 202.54.1.3. In other words, all clients would receive service from two different server, thus distributing the overall load among servers.Round Robin DNS UsageYou can use round robin DNS for1. Load distribution.2. Load balancing.3. Fault-tolerance service.
What is primary, Secondary, stub & AD Integrated Zone?Primary Zone: - zone which is saved as normal text file with filename (.dns) in DBS folder. Maintains a read, write copy of zone database.Secondary Zone: - maintains a read only copy of zone database on another DNS server. Provides fault tolerance and load balancing by acting as backup server to primary server.Stub zone: - contains a copy of name server and SOA records used for reducing the DNS search orders. Provides fault tolerance and load balancing.How do you manually create SRV records in DNS? This is on windows servers go to run ---> dnsmgmt.msc right click on the zone you want to add srv record to and choose "other new record" and choose service location (srv).The SRV record is a Domain Name System (DNS) resource record that is used to identify computers that host specific services. SRV resource records are used to locate domain controllers for Active Directory.
What is the main purpose of SRV records? SRV records are used in locating hosts that provide certain network services.
What is Name Server?A name server keeps information for the translation of domain names to IP addresses and IP addresses to domain names. The name server is a program that performs the translation at the request of a resolver or another name server.
> What is Primary name server or primary master server?Primary name server/primary master is the main data source for the zone. It is the authoritative server for the zone. This server acquires data about its zone from databases saved on a local disk. The primary server must be published as an authoritative name server for the domain in the SOA resource record, while the primary master server does not need to be published.
>What is Secondary name server/slave name server?Secondary name server/slave name server acquires data about the zone by copying the data from the primary name server (respectively from the master server) at regular time intervals. It makes no sense to
edit these databases on the secondary name servers, although they are saved on the local server disk because they will be rewritten during further copying.
> Which of the following conditions must be satisfied to configure dynamic DNS updates for legacy clients? to be used for dynamic updates must be configured to allow dynamic updates. The DHCP server must support, and be configured to allow, dynamic updates for legacy clients.
What is Root name server?Root name server is an authoritative name server for the root domain (for the dot). Each root name server is a primary server, which differentiates it from other name servers.
You installed a new AD domain and the new (and first) DC has not registered its SRV records in DNS. Name a few possible causes. The machine cannot be configured with DNS client her own.The DNS service cannot be run.
Explain PTR Records? And What Is A PTR Record? Do I Need To Create One?A Pointer Record (PTR) is used to translate an IP address into a domain name.
PTR records are mainly used to check if the server name is actually associated with the IP address from where the connection was initiated.
IP addresses of all Intermedia mail servers already have PTR records created.
If you are using both Intermedia mail servers and external mail servers (e.g. Dedicated Web Server or Cloud Server) and the external server does not belong to Intermedia infrastructure, you need to create PTR record because it will help your server pass some security tests when connecting to other mail servers. To do that you will need to contact the company which owns the IP address of the server. Usually it is your Internet Service Provider (ISP).
You can check your PTR record in external DNS lookup solutions like MX Toolbox.
What does a zone consist of & why do we require a zone?Zone consists of resource records and we require zone for representing sites.
What is caching Only Server?When we install 2000 & 2003 server it is configured as caching only server where it maintains the frequently accessed sites information and again when we access the same site for next time it is obtain from cached information instead of going to the actual site.
What is forwarder?When one DNS server can’t receive the query it can be forwarded to another DNS once configured as forwarder.
What is secondary DNS Server?It is backup for primary DNS where it maintains a read only copy of DNS database.
How to enable Dynamic updates in DNS?Start>Program>Admin tools> DNS >Zone properties.
Where does a Host File Reside?c:\windows\system32\drivers\etc.
What is SOA?Start of Authority: useful when a zone starts. Provides the zone startup information.
What is a query?A request made by the DNS client to provide the name server information.
What are the diff. types of Queries?Recursion, iteration.
Tools for troubleshooting DNS?DNS Console, NSLOOKUP, DNSCMD, IPCONFIG, Logs.
> What are the types of SRV records?MSDCS:Contains DCs information.TCP:Contains Global Catalog, Kerberos & LDAP information.UDP:Contains Sites information.Sites:Contains Sites information.Domain DNS Zone:Conations domain's DNS specific information.Forest DNS zone:Contains Forest's Specific Information.
Benefits of using DHCP Safe and reliable configuration.1) DHCP minimizes configuration errors caused by manual IP address configuration, such as typographical errors, as well as address conflicts caused by a currently assigned IP address accidentally being reissued to another computer.2) Reduced network administration. TCP/IP configuration is centralized and automated.Network administrators can centrally define global and subnet-specific TCP/IP configurations.Clients can be automatically assigned a full range of additional TCP/IP configuration values by using DHCP options.Address changes for client configurations that must be updated frequently, such as remote access clients that move around constantly, can be made efficiently and automatically when the client restarts in its new location.Most routers can forward DHCP configuration requests, eliminating the requirement of setting up a DHCP server on every subnet, unless there is another reason to do so.
What is the main purpose of a DNS server?DNS servers are used to resolve FQDN hostnames into IP addresses and vice versa.
What is the port no of dns? 53.
What is a Forward Lookup?Resolving Host Names to IP Addresses.
What is a Resource Record? It is a record provides the information about the resources available in the N/W infrastructure.
What is the diff. DNS Roles? Standard Primary, Standard Secondary, & AD Integrated.
What is a Zone? Zone is a sub tree of DNS database.
Windows Server 2008 Editions, Features and System Requirements1. Windows Server 2008 Standard Edition. 2. Windows Server 2008 Enterprise Edition. 3. Windows Server 2008 Datacenter Edition. 4. Windows Web Server 2008. 5. Windows Server 2008 for Itanium Based Systems.
Windows Server 2008 Standard EditionWindows Server 2008 Standard is one of Microsoft's entry level one of the least expensive of the various editions available. Both 32-bit and 64-bit versions are available, and in terms of hardware Standard Edition supports up to 4GB of RAM and 4 processors.Windows Server 2008 is primarily targeted and small and mid-sized businesses (SMBs) and is ideal for providing domain, web, DNS, remote access, print, file and application services. Support for clustering, however, is notably absent from this edition
Windows Server 2008 Enterprise EditionWindows Server 2008 Enterprise Edition provides greater functionality and scalability than the Standard Edition. As with Standard Edition both 32-bit and 64-bit versions are available. Enhancements include support for as many as 8 processors and up to 64GB of RAM on 32-bit systems and 2TB of RAM on 64-bit systems.Additional features of the Enterprise edition include support for clusters of up to 8 nodes and Active Directory Federated Services (AD FS). Windows Server 2000, Windows 2000 Advanced Server, Windows Server 2003 Standard Edition and Windows Server 2003 Enterprise Edition may all be upgraded to Windows Server 2008 Enterprise Edition.
•Windows Server 2008 Datacenter Edition The Datacenter edition represents the top end of the Windows Server 2008 product range and is targeted at mission critical enterprises requiring stability and high uptime levels. Windows Server 2008 Datacenter edition is tied closely to the underlying hardware through the implementation of custom Hardware Abstraction Layers (HAL). As such, it is currently only possible to obtain Datacenter edition as part of a hardware purchase.
As with other versions, the Datacenter edition is available in 32-bit and 64-bit versions and supports 64GB of RAM on 32-bit systems and up to 2TB of RAM on 64-bit systems. In addition, this edition supports a minimum of 8 processors up to a maximum of 64.Upgrade paths to Windows Server 2008 Datacenter Edition are available from the Datacenter editions of Windows 2000 and 2003.
What is PowerShell and why should I use it?Windows PowerShell is an extendable command shell and scripting language which can be used to manage/administer server environments like Windows Server, Exchange and also SharePoint 2010.
Windows Web Server 2008
Windows Web Server 2008 is essentially a version of Windows Server 2008 designed primarily for the purpose of providing web services. It includes Internet Information Services (IIS) 7.0 along with associated services such as Simple Mail Transfer Protocol (SMTP) and Telnet. It is available in 32-bit and 64-bit versions and supports up to 4 processors. RAM is limited to 4GB and 32GB on 32-bit and 64-bit systems respectively.
Windows Web Server 2008 lacks many of the features present in other editions such as clustering, BitLocker drive encryption, multipath I/O, Windows Internet Naming Service (WINS), Removable Storage Management and SAN Management.SALAM, mujhe apni aur sari duniya ke logo ki islah ki koshish karni hai inshallah azzawajal.
Explain Group Types and Group Scopes?Group types are categorized based on its nature. There are two group types: Security Groups and Distribution Groups. Security groups are used to apply permissions to resources. Security groups allow you to manage user and computer access to shared resources. You can also control who receives group policy settings. This simplifies administration by allowing you to set permissions once on multiple computers, then to change the membership of the group as your needs change. The change in group membership automatically takes effect everywhere. You can also use these groups as email distribution lists.
Distribution groups are used to create Exchange server email communication groups. Distribution groups are intended to be used solely as email distribution lists. These lists are for use with email applications such as Microsoft Exchange or Outlook. You can add and remove contacts from the list so that they will or will not receive email sent to the distribution group. You can't use distribution groups to assign permissions on any objects, and you can't use them to filter group policy settings.
WINTEL INTERVIEW QUSTION AND ANSWER
How to Upgrade to Windows Server 2008 from Windows Server 2003
1. Login to your Domain Controller on the server you are upgrading. First we are going to prepare the Domain Controller Database for upgrade.
2. Go ahead and insert the Server 2008 CD in your CD/DVD-ROM drive.
3. Open My Computer and right-click on CD/DVD-ROM. Then select Explore.
4. Double-click on Sources.
5. Right-click on the adprep folder and select Copy.
6. Now go over to your server’s hard drive and paste the folder on your C:\ drive. In this example, we are going to paste it in the root of C.
7. Next, select Command Prompt on your start menu.
If you do not see Command Prompt, select Run, type in cmd and hit the Enter key.
8. When in Command Prompt, type in cd\ and hit Enter.
10. Next, type in cd adprep and hit Enter. This will put you in the adprep folder.
11. Once you are in that folder we are ready to run the two commands. The first command you should type is adprep /forestprep, then hit Enter.
12. Make sure you do not have any Windows Server 2000 machines on your network.
If you do not, type in C and hit Enter.
13. Once the process is done you are going to receive a quick confirmation as shown below.
14. Next we are going to type in the second command which is adprep /domainprep and hit Enter.
15. Domainprep will now run and once it is done you will receive a confirmation.
16. You can now close the Command Prompt.
Now we are finally ready for the upgrade.
1. Make sure your Server 2008 CD is in the CD/DVD-ROM drive. On your machine, go to Windows Explorer and select CD/DVD-ROM. In this example it is the D:\ drive.
2. Double-click on the setup.exe file from inside your Server 2003 machine.
3. When the Install Window opens click the Install Now button.
Contents of System state backupo Registryo COM+ Class Registration databaseo Boot files, including the system fileso System files that are under Windows File Protectiono Active Directory directory service (If it is domain controller)o SYSVOL directory (If it is domain controller)o Cluster service information (If it is a part of a cluster)o IIS Metadirectory (If it is an IIS server)o Certificate Services database (If it is a certificate server)
13. How do you patch microsoft applications? Frequency of patches released by Microsofto The Microsoft applications can be patched using WSUSo In WSUS, we can create several computer groups to manage this patch process. o MS patches are released once in a month
14. What is CPU affinity in VMware? Its impact on DRS?o CPU refers to a logical processor on a hyperthreaded system and refers to a core on a
non-hyperthreaded systemo By setting CPU affinity for each VM, you can restrict the assignment of VMs to a subset
of available processorso The main use of setting CPU affinity is when there are display intensive workloads which
requires additional threads with vCPUs.
o DRS will not work with CPU affinity
What is new in Windows server 2012o Server core improvements: no need of fresh installation, you can add/remove GUI from
server managero Remotely manage servers , add/remove roles etc using Server manager-manage 2008 and
2008 R2 with WMF 3.0 installation, installed by default in Server 2012o Remote server administration tools available for windows 8 to manage Windows server
2012 infrastructureo Powershell v3o Hyper-V 3.0
i. supports upto 64 processors and 1 TB RAM per virtual machineii. upto 320 logical hardware processors and 4 TB RAM per host
iii. Shared nothing live migration, move around VMs without shared storageo ReFS(Resilient file system), upgraded version of NTFS- supports larger file and directory
sizes. Removes the 255 character limitation on long file names and paths, the limit on the path/filename size is now 32K characters!
o Improved CHKDSK utility that will fix disk corruptions in the background without disruption
How does the backup software recognize that a file has changed since last backup?o The files use a bit called archive bit for tracking any change in the file.o The backup softwares normally checks the archive bit of the file to determine whether the
file has to be backed up or not
How can you edit a vm template?o The VM templates cannot be modified as sucho First , the VM template have to be converted to a virtual machineo After making necessary machines in the virtual machine, convert the virtual machine
back to template
What is the major difference between Windows server 2008 and windows server 2012 in terms of AD promotion?
In Win 2012, dcpromo has been depreciated. In order to make a Windows server 2012 to a domain controller, the ADDS service has to be installed from the server manager. After installation, run the post-deployment configuration wizard from server manager to promote the server as AD25. VMware hardware version comparison
ESX vs ESXi
o ESXi has no service console which is a modified version of RHELo ESXi is extremely thin hence results in fast installation + fast booto ESXi can be purchased as an embedded hypervisor on hardwareo ESXi has builtin server health status check
3. ESXi 4.1 vs ESXi 5.0 - Migration
o Local upgrade from CDo VMware update manager (only supports upgrade of ESX/ESXi 4.x to ESXi 5.0)
4. ESXi 4.1 vs ESXi 5.0 - Features
o vSphere Auto deployo Storage DRSo HA - Primary/secondary concept changed to master/slaveo Profile driven storageo VMFS version - 3 → 5o ESXi firewallo VMware hardware version - 7 → 8o VMware tools version - 4.1 → 5o vCPU - 8 → 32o vRAM - 256 → 1 TBo VMs per host - 320 → 512o RAM per host - 1TB → 2TBo USB 3.0 supporto vApp
HA 5.0
o Uses an agent called FDM - Fault domain managero HA now talks directly to hostd instead of using vcenter agent vpxao Master/slave concepto Master
monitors availability of hosts/VMs manages VM restarts after host failure maintains list of all VMs in each host restarting failed VMs exchanging state with vcenter monitor state of slaves
o Slave monitor running VMs and send status to master and performs restart on request
from master monitors master node health if master fails, participates in election
o Two different heartbeat mechanisms - Network heartbeat and datastore heartbeato Network heartbeat
Sends between slave and master per second When slave is not receiving heartbeat from master, checks whether it is isolated
or master is isolated or has failedo Datastore heartbeat
To distinct between isolation and failure Uses ‘Power On’ file in datastore to determine isolation This mechanism is used only when master loses network connectivity with hosts 2 datastores are chosen for this purpose
o Isolation response PowerOff Leave Powered On Shutdown
VMotiono vMotion enables live migration of running virtual machines from one host to another
with zero downtimeo Prerequisites
i. Host must be licensed for vMotionii. Configure host with at least one vMotion n/w interface (vmkernel port group)
iii. Shared storage (this has been compromised in 5.1)iv. Same VLAN and VLAN labelv. GigaBit ethernet network required between hosts
vi. Processor compatibility between hostsvii. vMotion does not support migration of applications clustered using Microsoft
clustering serviceviii. No CD ROM attached
ix. No affinity is enabledx. vmware tools should be installed
OSI layero Application Layero Presentation Layero Sessions Layero Transport Layero Network Layero DataLink layero Physical Layer
Backup typeso Backup types
i. Full backup - Will take the backup of all selected files and reset the archive bitii. Copy backup - Will take the backup of all selected files but does not reset the
archive bitiii. Incremental backup - Will take the backup of files whose archive bits are set and
resets it after backupiv. Differential backup - Will take the backup of files whose archive bits are set but
does not reset it after backup
2003 → 2008 migrationo Can be done only by logging in to Windows 2003 servero Min of Windows 2003 SP1 requiredo Can be migrated only to same version, except for Windows server 2003 standard which
can be migrated to either standard or enterpriseo Extra space of 30 GB required prior migrationo Cannot upgrade to server corePerform forestprep and domainprep to 2008 using 2008 cd
before migrating. (Copy sources/adprep folder for this)
Global Catalogo Global catalog (GC) is a role handled by domain controllers in an Active directory
model. o The global catalog stores a full copy of all objects in the directory for its host domain and
a partial copy of all objects for all other domains in the forest. o ‘Partial copy’ refers to the set of attributes that are most used for searching every object
in every domain.o All domain controllers can be promoted as a GC. o GC helps in faster search of AD objects. o The replicas that are replicated to the global catalog also include the access permissions
for each object and attribute. o If you are searching for an object that you do not have permission to access, you do not
see the object in the list of search results. Users can find only objects to which they are allowed access.
o Global catalog server clients depend on DNS to provide the IP address of global catalog servers. DNS is required to advertise global catalog servers for domain controller location.
o By default, first DC of in a forest will be a global catalog server
RODCo New feature in Windows 2008o Only have the read only copy of directory databaseo RODC will have all the objects of a normal DC in read only mode. But this doesn’t
include passwords. RODC does not store password of accounts.o Updates are replicated to RODC by writable DCo Password caching : A feature which enables RODC to cache password of the logged in
users.o Password Replication Policy: Determines whether the password can be cached or not. o DNS can be integrated with RODC but will not directly register client updates. For any
DNS change, the RODC refers the client to DNS server that hosts a primary or AD integrated zone
NAS vs. SANo Both used as storage solutiono NAS can be used by any device connected using LAN whereas SAN is used only by
server class devices with SCSIo NAS is file based whereas SAN is block based storageo NAS is cheap while SAN is expensiveo SAN is comparatively faster than NAS
What is DRS? Types of DRSo Distributed Resource Schedulero It is a feature of a clustero DRS continuously monitors utilization across the hosts and moves virtual machines to
balance the computing capacityo DRS uses vMotion for its functioningo Types of DRS
i. Fully automated - The VMs are moved across the hosts automatically. No admin intervention required.
ii. Partially automated - The VMs are moved across the hosts automatically during the time of VM bootup. But once up, vCenter will provide DRS recommendations to admin and has to perform it manually.
iii. Manual - Admin has to act according to the DRS recommendations
For Windows Server Core which does not have any UI, you can enable this rule from the command
prompt.
netsh firewall set icmpsetting 8To disable it type
netsh firewall set icmpsetting 8 disable
DRS prerequisiteso Shared storageo Processor compatibility of hosts in the DRS clustero vMotion prerequisites
VMotion is not working. What are the possible reasons?o Ensure vMotion is enabled on all ESX/ESXi hostso Ensure that all VMware pre requisites are meto Verify if the ESXi/ESX host can be reconnected or if reconnecting the ESX/ESXi host
resolves the issueo Verify that time is synchronized across environmento Verify that the required disk space is available
What happens if a host is taken to maintenance modeo Hosts are taken to maintenance mode during the course of maintenanceo In a single ESX/ESXi setup, all the VMs need to be shutdown before getting into
maintenance modeo In a vCenter setup If DRS is enabled, the VMs will be migrated to other hosts
automatically.
How will you clone a VM in an ESXi without vCentero Using vmkftoolso Copy the vmdk file and attach to a new VMo Using VMware converter
What is vSAN ?
o It is a hypervisor-converged storage solution built by aggregating the local storage
attached to the ESXi hosts managed by a vCenter.
Recommended iSCSI configuration?
o A separate vSwitch, and a separate network other than VMtraffic network for iSCSI
traffic. Dedicated physical NICs should be connected to vSwitch configured for iSCSI
traffic.
What is iSCSI port binding?
o Port binding is used in iSCSI when multiple VMkernel ports for iSCSI reside in the
same broadcast domain and IP subnet, to allow multiple paths to an iSCSI array that
broadcasts a single IP address.
2. ISCSI port binding considerations?
o Array Target iSCSI ports must reside in the same broadcast domain and IP subnet as the
VMkernel port.
o All VMkernel ports used for iSCSI connectivity must reside in the same broadcast
domain and IP subnet.
o All VMkernel ports used for iSCSI connectivity must reside in the same vSwitch.
o Currently, port binding does not support network routing.
Recommended iSCSI configuration of a 6 NIC infrastructure? (Answer changes as per the
infrastructure requirements)
o 2 NICs for VM traffic
o 2 NICs for iSCSI traffic
o 1 NIC for vMotion
o 1 NIC for management network
Post conversion steps in P2V
o Adjust the virtual hardware settings as required
o Remove non present device drivers
o Remove all unnecessary devices such as serial ports, USB controllers, floppy drives etc.
o Install VMware tools
Which esxtop metric will you use to confirm latency issue of storage?
o esxtop --> d --> DAVG
What are standby NICs
o These adapters will only become Active if the defined Active adapters have failed.
Path selection policies in ESXi
15. Most Recently Used (MRU)
16. Fixed
17. Round RobinNote: HA uses these ports:
Incoming port: TCP/UDP 8042-8045 Outgoing port: TCP/UDP 2050-2250
Which networking features are recommended while using iSCSI traffic
o iSCSI port binding
o Jumbo Frames
Ports used by vCenter
o 80,443,902
What is 'No Access' role
o Users assigned with the 'No Access' role for an object, cannot view or change the object
in any way
When is a swap file created
o When the guest OS is first installed in the VM
The active directory group, where the members will be ESXi administrators by default.
o ESX Admins
Which is the command used in ESXi to manage and retrieve information from virtual
machines?
o vmware-cmd
Which is the command used in ESXi to view live performance data?
o esxtop
Command line tool used in ESXi to manage virtual disk files?
o vmkfstools
Port used for vMotion
o 8000
Log file location of VMware host
o \var\log\vmware
Can you map a single physical NIC to multiple virtual switches?
o No
Can you map a single virtual switch to multiple physical NICs?
o Yes. This method is called NIC teaming.
VMKernel port group can be used for:
o vMotion
o Fault Tolerance Logging
o Management trafficWhat happens to a VM Machine if VMotion failed?
For vMotion, this question is quite generic and you really need more information. If you have properly setup and configure the share storage for your vCenter/ESX hosts, vMotion just move a VM from one host to another, when the process fails, the VM should be fine without any problem and it should remain where it was on its source host. However, if your both hosts (source and target) have a problem during the vMotion, your VM can be hosed and you will have to do one of two things and likely you will succeed. (1) Detach the VM and reattach it to the host or try to do the same on target host if you cannot find your VM on the source host. (2) Recreate the VM from its existing VM files, the files should be not affected but you may lose data if the failure occurred abruptly
Major difference between ESXi 5.1 and ESXi 5.5 free versions
o Till ESXi 5.1 free version there was a limit to the maximum physical memory to 32 GB.
But from 5.5 onwards this limit has been lifted.
What is IPAM server in Windows server 2012?
o IPAM is IP Address Management server in Windows Server 2012. It enables central
management of both DHCP and DNS servers. It can also be used to discover, monitor,
and audit DHCP and DNS servers.
How to promote a server to domain controller in Windows server 2012?
o DCPROMO was the conventional tool used to promote a normal server to DC. This is
now deprecated in Server 2012.
o In Server 2012, you can convert a server into DC using the server manager console.
Under Server Manager, add a new role "Active Directory Domain Services"
What is Virtualization ?Virtualization is a technique for creating virtual resources (rather than the actual) such as server, storage device, network and Operating system. Virtualization is dis-associating the tight bond between software and hardware.
What are the different types of Virtualization ? Virtualization can be used in different ways and can take many different forms. Some of them are listed below :> Server Virtualization> Network Virtualization> Hardware virtualization> Application virtualization> Desktop virtualization> User virtualization
2) What Is VOIP?VOIP - Short for Voice Over Internet Protocol, a category of hardware and software that enables people to use the Internet as the transmission medium for telephone calls by sending voice data in packets using IP rather than by traditional circuit transmissions.
5) Differentiate between FIREWALL/ANTIVIRUS.
Antivirus: The prime job of an anivirus is protect your system from computer viruses. Your computer may be standalone or part of network or connected to Internet you need an antivirus program. It actively monitors when you are using your system for any virus threat from different sources. if it found one it tries to clean or quarantine the virus ultimately keeping your system and data safe.
Firewall: Firewall is in other hand a program which protects your system from outsider/intruder/hacker attacks. These attacks may not be virus type. In some cases hackers can take control of your system remotely and steal your data or important information from system. If your system is directly connected to internet or a large network than you can install a software firewall in your PC to protect your self from unauthorized access. Firewall is available either in software or in hardware form. For a single PC you may need a software firewall while a large corporate implements hardware firewall to protect all of their systems from such attacks.
6) Differentiate between Frond end & Back End Server.
Backend server:
A back end server is a computer resource that has not been exposed to the internet. In this regard the computing resource does not directly interact with the internet user. It can also be described as a server whose main function is to store and retrieve email messages.
Frontend server:
A frontend server is a computer resources that has exposed to the internet.
6) Differentiate between Frond end & Back End Server.
Backend server:
A back end server is a computer resource that has not been exposed to the internet. In this regard the computing resource does not directly interact with the internet user. It can also be described as a server whose main function is to store and retrieve email messages.
Frontend server:
A frontend server is a computer resources that has exposed to the internet.
7) What is APIPA.
Stands for Automatic Private IP AddressingAPIPA is a DHCP fail over mechanism for local networks. With APIPA, DHCP clients can obtain IP addresses when DHCP servers are non-functional.
APIPA exists in all modern versions of Windows except Windows NT.
When a DHCP server fails, APIPA allocates IP addresses in the private range 169.254.0.1 to 169.254.255.254.
How Release and renew IP address from Command prompt. Ipconfig / releaseipconfig / renew
What is wins server?Windows Internet Name Service (WINS) servers dynamically map IP addresses to computer names (NetBIOS names). This allows users to access resources by computer name instead of by IP address. If you want this computer to keep track of the names and IP addresses of other computers in your network, configure this computer as a WINS server.If you do not use WINS in such a network, you cannot connect to a remote network resource by using its NetBIOS name.
What is the Windows Registry?
The Windows Registry, usually referred to as "the registry," is a collection of databases of configuration settings in Microsoft Windows operating systems.
System Volume Information (SVI) Folder.Windows XP includes a folder named System Volume Information on the root of each drive that remains hidden from view even when you choose to show system files. It remains hidden because it is not a normally hidden folder you can say it is a Super Hidden Folder. Windows does not shows Super Hidden Folders even when you select "Show Hidden Files."
What is MBR?Short form Master Boot Record, a small program that is executed when a computer boots up. Typically, the MBR resides on the first sector of the hard disk. The program begins the boot process by looking up the partition table to determine which partition to use for booting.
What is Bit Locker ? BitLocker is an encryption feature available in Ultimate and Enterprise versions of Windows 7 and Vista,To encrypt an entire drive, simply right-click on the drive and select Turn on BitLocker from the context menu.
Main Difference Between Windows server 2008 and 20121) New Server Manager: Create, Manage Server Groups2) Hyper-V Replication : The Hyper-V Replica feature allows you to replicate a virtual machine from one location to another with Hyper-V and a network connection—and without any shared storage required. This is a big deal in the Microsoft world for disaster recovery, high availability and more. VMware does this, too, but the vendor charges new licensees extra for the capability.3) Expanded PowerShell Capabilities4) IIS 8.0 and IIS 7 in 20085) Hyper-V 3.06) PowerShell 3.0
How Long My Computer Has Been Running? Get to Know My Computer’s Uptime.Start Task manager, and select Performance tab.In performance tab we can see system up timeMethod 2: By typing systeminfo in command prompt we can find out up time of your serverin system boot time.
Event viewer in Windows serverControl panel - Administrative tools - Computer Management - event Viewer
Three type’s eventsError.Warning.Information.
Manage Multiple, Remote Servers with Server Manager.Server Manager is a management console in Windows Server® 2012 R2 Preview and Windows Server® 2012 that helps IT professionals provision and manage both local and remote Windows-based servers from their desktops, without requiring either physical access to servers, or the need to enable Remote Desktop protocol (RDP) connections to each server. Although Server Manager is available in Windows Server 2008 R2 and Windows Server 2008, Server Manager was updated in Windows Server 2012, to
support remote, multi-server management, and help increase the number of servers an administrator can manage.
What happens when we type URL in browser ? First the computer looks up the destination host. If it exists in local DNS cache, it uses that information. Otherwise, DNS querying is performed until the IP address is found.Then, your browser opens a TCP connection to the destination host and sends the request according to HTTP 1.1 (or might use HTTP 1.0, but normal browsers don't do it any more).The server looks up the required resource (if it exists) and responds using HTTP protocol, sends the data to the client (=your browser)The browser then uses HTML parser to re-create document structure which is later presented to you on screen. If it finds references to external resources, such as pictures, css files, javascript files, these are is delivered the same way as the HTML document itself.
How DHCP work?DHCP Stands for Dynamic host configuration protocol.DHCP is a protocol used for automatic configuration IP address in client computers connected to IP networks. DHCP operates on a client server model in four phases.Discover: A client broadcasts DHCP Discover message when it comes alive on the network.Offer: When a DHCP server receives the DHCP Discover message from the client, it reserves an IP address for the client and sends a DHCP Offer message to the client offering the reserved IP address.Request: The client receives the DHCP offer message and broadcasts a DHCP request message to show its consent to accept the offered IP address.Acknowledge: When the DHCP server receives the DHCP Request message from the client, it sends a DHCP Ack packet to the client. At this point the IP configuration process is complete.
What is DHCP Scope?A range of IP address that the DHCP server can assign to clients that are on one subnet.
What protocol and port does DHCP use?UDP protocol and 67 port in client and 68 port in server.
4) What is a DHCP lease?A DHCP lease is the amount of time that the DHCP server grants to the DHCPclient permission to use a particular IP address. A typical server allows itsadministrator to set the lease time. TCP UDP
Connection
TCP is a connection-oriented protocol.
UDP is a connectionless protocol.
Usage
TCP is suited for applications that require high reliability, and transmission time is relatively less critical.
UDP is suitable for applications that need fast, efficient transmission, such as games. UDP's stateless nature is also useful for servers that answer small queries from huge numbers of clients.
Use by other
protocols
HTTP, HTTPs, FTP, SMTP, Telnet
DNS, DHCP, TFTP, SNMP, RIP, VOIP.
Ordering of data
packets
TCP rearranges data packets in the order specified.
UDP has no inherent order as all packets are independent of each other. If ordering is required, it has to be managed by the application layer.
Speed of transfer
The speed for TCP is slower than UDP.
UDP is faster because there is no error-checking for packets.
Reliability
There is absolute guarantee that the data transferred remains intact and arrives in the same order in which it was sent.
There is no guarantee that the messages or packets sent would reach at all.
Header Size
TCP header size is 20 bytes
UDP Header size is 8 bytes.
Checksum
checksum
to detect errors
Handshake
SYN, SYN-ACK, ACK
No handshake (connectionless protocol)
Acknowledgement
Acknowledgement segments
No Acknowledgment
Error Checking
TCP does error checking
UDP does error checking, but no recovery options.
Can DHCP support statically defined addresses?Yes.
Define Dora Process & why it is used. Discover, Offer, request and acknowledgement. It is used to assign ip address automatically to client systems.
What is Authorizing DHCP Servers in Active Directory?If a DHCP server is to operate within an Active Directory domain (and is not running on a domain controller) it must first be authorized to Active directory.
How to Backup and Restore DHCP in Windows Server 2008In Windows Server 2008, backup of DHCP database and settings has gotten simpler. You may want to DHCP server role to a new hardware.
Backup DHCP Server1. Open Server Manager > DHCP role 2. Right click server name, choose Backup..3. Choose a location for backup, click OK
Restore DHCP Server1. Open Server Manager > DHCP role 2. Right Click server name, choose Restore
3. Choose the location of the backup, click OK 4. Restart the DHCP Service
DHCP Databse location: C:\WINDOWS\System32\DHCP directory.
What is NSlookupNslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers. This tool is installed along with the TCP/IP protocol through Control Panel.
What is Active Directory? Why it used. Active Directory is a Directory Service created by Microsoft. It is included with most Windows Server operating systems. Active Directory is primarily used to store directory objects like users and groups and computers printers.Using Active Directory brings a number of advantages to your network,Centralized user account managementCentralized policy management (group policy)Better security management
What is the order in which GPOs are applied? Local Group Policy object Site Domain and Organizational units.
Can I deploy non-MSI software with GPO? Create the fiile in .zap extension.Name some GPO settings in the computer and user parts.Computer Configuration, User Configuration Name
Name a few benefits of using GPMC.Easy administration of all GPOs across the entire Active Directory ForestView of all GPOs in one single listBackup and restore of GPOs Migration of GPOs across different domains and forest.
How frequently is the client policy refreshed?90 minutes give or take.
Where are group policies stored?C:\Windows\System32\GroupPolicy. Group policy backupTo backup a single GPO, right-click the GPO, and then click Back Up. To backup all GPOs in the domain, right-click Group Policy Objects and click back Up All.
Define DSRM Mode? Directory Services Restore Mode (DSRM) is a special boot mode for repairing or recovering Active Directory. It is used to log on to the computer when Active Directory has failed or needs to be restored.To manually boot in Directory Services Restore Mode, press the F8 key repeatedly. Do this immediately after BIOS POST screen, before the Windows logo appears. (Timing can be tricky; if the Windows logo appears you waited too long.) A text menu will appear. Use the up/down arrow keys to select Directory Services Restore Mode or DS Restore Mode. Then press the Enter key.
Where is the AD database held? What other folders are related to AD? The AD data base is stored in c:\windows\ntds\NTDS.DIT
What is the use of SYSVOL FOLDER?All active directory data base security related information store in SYSVOL folder and it’s only created on NTFS partition.
What is the difference between local, global and universal groups? Domain local groups assign access permissions to global domain groups for local domain resources. Global groups provide access to resources in other trusted domains. Universal groups grant access to recourse in all trusted domains.
What is Domain control? A domain controller (DC) is a server that handles all the security requests from other computers and servers within the Windows Server domain There was a primary domain controller and a backup domain controller. The primary DC focused on domain services only to avoid the possibility of a system slow down or crash due to overtasking from managing other functionality and security requests. In the event of a primary DC going down, a backup DC could be promoted and become the primary DC to keep the rest of the server systems functioning correctly
What is domain? A domain is a set of network resources (applications, printers, and so forth) for a group of users. The user needs only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. The ‘domain’ is simply your computer address not to confuse with an URL. A domain address might look something like 211.170.469.
What is Forest?A collection of one or more Active Directory domains that share a common schema, configuration, and global catalog.
What is global catalog?The Active Directory Global Catalog is the central storage of information about objects in an Active Directory forest. A Global Catalog is created automatically on the first domain controller in the first domain in the forest. The Domain Controller which is hosting the Global Catalog is known as a Global catalog server.
Flexable Single Master Operation Roles (FSMO)The 5 FSMO server roles:
Schema Master Forest Level One per forest
Domain Naming Master Forest Level One per forest
PDC Emulator Domain Level One per domain
RID Master Domain Level One per domain
Infrastructure Master Domain Level One per domain
Setting File Permissions on a Folder Using Group Policy
The setting is located under Computer Configuration, Windows Settings, Security Settings, File System. Here's the procedure:Go to the location in the Group Policy listed above.Right-click File System.Click Add File.In the "Add a file or folder" window, select the folder (or file) for which you want the permissions to be set, and click OK.In the security box that pops up, you can add a user or a group that needs permission to the folder.
What is a Hypervisor?You can think of a Hypervisor as the kernel or the core of a virtualization platform. The Hypervisor is also called the Virtual Machine Monitor. The Hypervisor has access to the physical host hardware.
Hyper v Snap shot:How to create Hyper v Snap shot: Just select the Virtual machine in Hyper-V Manager and select Snapshot from the Actions pane. The status of the virtual machine will change to “Taking Snapshot” and show the progress of the action using a percentage value.
File extension = .avhd
Virtual Machine filesThe first thing to know is what files are used to create a virtual machine:.XML filesThese files contain the virtual machine configuration details. There is one of these for each virtual machine and each snapshot of a virtual machine. They are always named with the GUID used to internally identify the virtual machine or snapshot in question..BIN filesThis file contains the memory of a virtual machine or snapshot that is in a saved state..VSV filesThis file contains the saved state from the devices associated with the virtual machine..VHD filesThese are the virtual hard disk files for the virtual machine.AVHD filesThese are the differencing disk files used for virtual machine snapshots
What is the Drawback of DHCP?Benefits:There is no ip conflict in DHCP Server. 1. DHCP minimizes configuration errors caused by manual IP address configurationDHCP minimizes configuration errors caused by manual IP address configuration 2. Reduced network administration.
Disadvantage your machine name does not change when you get a new IP address. The DNS (Domain Name System) name is associated with your IP address and therefore does change. This only presents a problem if other clients try to access your machine by its DNS name
What is Non Authoritative Restore?
A nonauthoritative restore returns the domain controller to its state at the time of backup and then allows normal replication to overwrite that state with any changes that occurred after the backup was taken. After you restore the domain controller from backup, replication partners use the standard replication protocols to update Active Directory and associated information on the restored domain controllerActive Directory ( AD ) is a directory service that Microsoft developed for Windows domain networks and is included in most Windows Server operating systems as a set of processes and services.[1][2]
An AD domain controller authenticates and authorizes all users and computers in a Windows domain type network—assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer that is part of a Windows domain, Active Directory checks the submitted password and determines whether the user is a system administrator or normal user.[3]
Active Directory makes use of Lightweight Directory Access Protocol (LDAP) versions 2 and 3, Microsoft's version of Kerberos, and DNS.
What is the Default state OF the restore mode?A nonauthoritative restore is the default method for restoring Active Directory
When we use nonauthoritative restore?A nonauthoritative restore allows the entire directory to be restored on a domain controller, without reintroducing or changing objects that have been modified since the backup. The most common use of a nonauthoritative restore is to bring an entire domain controller back, often after catastrophic or debilitating hardware failures. It is uncommon for data corruption to drive a nonauthoritative restore, unless the corruption is local and the database cannot be successfully loaded.To restore Active Directory from backup 1. Start the computer in Directory Services Restore Mode.2. To start the Windows Server 2003 backup utility, click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup.This procedure provides steps for restoring from backup in Wizard Mode. By default, the Always Start in Wizard Mode check box is selected in the Backup or Restore Wizard. If the Welcome to the Backup Utility Advanced Mode page appears, click Wizard Mode to open the Backup or Restore Wizard.3. On the Welcome to the Backup or Restore Wizard page, click Next.4. Click Restore files and settings, and then click Next.5. Select System State and then click Next.6. On the Completing the Backup or Restore Wizard page, click Advanced.7. In Restore files to, click Original Location, and then click next.8. Click Leave existing files (Recommended), and then click next.9. In Advanced Restore Options, select the following check boxes, and then click Next:· Restore security settings· Restore junction points, but not the folders and file data they reference· Preserve existing volume mount points10. For a primary restore of SYSVOL, also select the following check box: When restoring replicated data sets, mark the restored data as the primary data for all replicas.Note:A primary restore is required only if the domain controller that you are restoring is the only domain controller in the domain. A primary restore is required on the first domain controller that is being restored in a domain if you are restoring the entire domain or forest.11. Click Finish.12. When the restore process is complete, click Close, and then do one of the following:
· If you do not want to authoritatively restore any objects, click yes to restart the computer. The system will restart and replicate any new information that is received since the last backup with its replication partners.
What is a border server? A border server is an Exchange server that communicates with external servers. In a single server organization, your server is by default a border server. In a multi-server configuration, you may have one or more dedicated servers that communicate directly or indirectly with foreign servers and then pass the mail to other internal Exchange servers.
What is DDNS and why do I need it? Dynamic DNS (described in RFC 2136) allows servers to dynamically update and create records in DNS. Dynamic DNS is used by the Exchange server to create server records and other entries used by the Exchange Servers for things like message routing. In a simple Exchange organization, DDNS is not strictly necessary, but makes administration much easier.
Q:3 What is the difference between full virtualization & para virtualization ?> Ans: Full virtualization & para virtualization both comes under the Hardware virtualization. Some of the difference between them are listed below :Full Virtualization : It is a virtualization in which guest machine(virtual machines) is unware that it is in virtualized environment therefore hardware is virtualized by the host operating system so that the guest can issue commands to what it thinks is actual hardware but really are just simulated hardware devices created by the hostPara Virtualization : It is a virtualization in which guest machine is aware that it is in virtualized environment . If guest machine require resources like memory &cpu , it issues command to guest operating system instead of directly communication with actual hardware.
Q:4 What is hypervisor ?> Ans: Hypervisor is a peace of a software that is being install on the physical machine , which then further creates and run virtual machines. Virtual machine are known as guest machines and host machine is the hypervisor on which different virtual machines are created.Q: 5 What is Type-1 and Type-2 hypervisor ?> Ans: Type-1 hypervisor is bare metal hypervisor runs on bare metal of hardware. Hyper-V and ESXI Server are the examples of type-1 hypervisor. Type-2 hypervisor is hosted by operating system. Examples of type-2 hypervisor are Microsoft Virtual Server & VMware Server.
VMWARE INTERVIEW QUESTIONS & ANSWERS
What is Virtualization?Virtualization is the creation of a virtual (rather than actual) version of something, such as an operating system, a server, a storage device or network resources.
What are the benefits of virtualization?There are some well accepted and inherit benefits to using Virtualization. Here are some of them:*Reduce the number of physical servers*Reduce the infrastructure needed for your data center (power, cooling, battery backup, network switch ports, KVM ports and space)*Reduce administrative overhead because servers can be administered from a single console*Ability to bring up new servers quickly (it could take days or weeks to put in a new physical server but it could take just a few minutes to create a new virtual server from a template)
*Hardware Independence of virtual servers – a virtual server can run on any host server, regardless of the host hardware*Because of hardware independence, you receive reduce your disaster recovery cost, complexity, and recovery time*A “greener” datacenter & server environment due to the consolidationOverall, lower TCO of servers
What is VMware Fault Tolerance?VMware Fault Tolerance is a component of VMware vSphere and it provides continuous availability to applications by preventing downtime and data loss of Virtual machines in the event of ESX server failures.
How Does VMware Fault Tolerance Work?When you enable Fault Tolerance for the virtual machine, a secondary virtual machine will be created to work with the primary virtual machine in which you have enabled FT. The primary and secondary virtual machine resides on a different ESX hosts in the cluster. Whatever the events or actions performed by the primary VM will be transmitted via gigabit Ethernet network to be replayed by the secondary virtual machine using VLockstep technology. Even though both the primary and secondary virtual machines appear as a single entity and access a common disk, both running with the single IP address, MAC address but writes are only performed by the primary virtual machine. The primary and secondary virtual machines send heartbeat between each other frequently with millisecond intervals to the check for the availability. If either of the virtual machine loses the heartbeat, other virtual machine will take over the primary virtual machine role immediately.
How is VMware HA Used?VMware HA allows companies to provide high availability to any application running in a virtual machine. With VMware HA IT organizations can:VMware High Availability (HA) provides easy-to-use, cost-effective high availability for applications running in virtual machines. In the event of physical server failure, affected virtual machines are automatically restarted on other production servers with spare capacity. In the case of operating system failure, VMware HA restarts the affected virtual machine on the same physical server. The combination of VMware HA and the other availability features of the VMware vSphere™ platform provides organizations the ability to select and easily deliver the level of availability required for all of their important applications.
How Does VMware HA Work?VMware HA continuously monitors all virtualized servers in a resource pool and detects physical server and operating system failures. To monitor physical servers, an agent on each server maintains a heartbeat with the other servers in the resource pool such that a loss of heartbeat automatically initiates the restart of all affected virtual machines on other servers in the resource pool. VMware HA leverages shared storage and, for FibreChannel and iSCSI SAN storage, the VMware vStorage Virtual Machine File System (VMFS) to enable the other servers in the resource pool to safely access the virtual machine for failover. When used with VMware Distributed Resource Scheduler (DRS), VMware HA automates the optimal placement of virtual machines on other servers in the resource pool after server failure.
Key features of VMware HA include:• Proactive monitoring of all physical servers and virtual machines• Automatic detection of server failure• Rapid restart of virtual machines affected by server failure• Optimal placement of virtual machines after server failure
• Scalable availability up to 32 nodes across multiple servers
What is VMware DRS?VMware DRS dynamically balances computing capacity across a collection of hardware resources aggregated (majmuee) into logical resource pools, continuously monitoring utilization across resource pools and intelligently allocating available resources among the virtual machines based on pre-defined rules that reflect business needs and changing priorities. When a virtual machine experiences an increased load, VMware DRS automatically allocates additional resources by redistributing virtual machines among the physical servers in the resource • Conduct zero-downtime server maintenance pool. VMware DRS allows IT organizations to:Mware• Optimize (ki islah) hardware utilization automatically and continuously to respond to changing conditions• Provide dedicated (wakf) resources to business units while still profiting from higher hardware utilization through resource pooling.
*What is VMware DPM?VMware Distributed Power Management (DPM) is a pioneering (aeham) new feature of VMware DRS that continuously monitors resource requirements in a VMware DRS cluster. When resource requirements of the cluster decrease during periods of low usage, Virtual machines are migrated onto fewer hosts and the unneeded ESX hosts are powered off. VMware DPM is an optional feature of VMware Distributed Resource Scheduler (DRS). When resource requirements of workloads increase during periods of higher usage, VMware DPM brings powered-down hosts back online to ensure service levels are met.VMware DPM allows IT organizations to:• Cut power and cooling costs in the datacenter• Automate management of energy efficiency in the datacenter
How Can I Purchase VMware DRS?VMware DRS is included with VMware vSphere™ Enterprise and VMware vSphere Enterprise Plus Editions. For more information on how to purchase, visit the VMware vSphere™ Web page athttp://www.vmware.com/go/vsphere/buy.
*How Does VMware DPM Work?VMware DPM is a component of VMware DRS that makes recommendations or decisions to power off or power on hosts to save energy. These recommendations are based on a comparison of the available capacity in a DRS cluster against resource requirements of virtual machines plus some administrator defined buffer capacity requirements. If DPM detects there are too many hosts powered on, it will consolidate virtual machines onto fewer ( kam) hosts and power off the remaining.
Affinity rules.Create rules that govern the allocation of virtual machines to physical servers. For example, certain virtual machines can always run on the same server for performance reasons. Alternatively, specified virtual machines can always run on different servers for increased availability.An affinity rule is a setting that establishes a relationship between two or more VMware virtual machines (VMs) and hosts. Affinity rules and anti-affinity rules tell the vSphere hypervisor platform to keep virtual entities together or separated. Affinity rules and anti-affinity rules can be applied between VMs and hosts as well, and a VM can be subject to VM-VM affinity rules and VM-Host affinity rules at the same time. Create a VM-VM Affinity RuleYou can create VM-VM affinity rules in the Cluster Settings dialog box to specify whether selected individual virtual machines should run on the same host or be kept on separate hosts.
*VM Affinity RulesAffinity rules keep VMs together on the same host. Consider a multitier application where youhave a web application server and a backend database server that frequently communicate witheach other, and you’d like that communication to take advantage of the high-speed bus within asingle server rather than going across the network. In that case, you could define an affinity rule (Keep Virtual Machines Together) that would ensure these two VMs stay together in the cluster.*VM Anti-Affinity RulesConsider an environment with two mail server VMs. In all likelihood, administrators would notwant both mail servers to reside on the same ESXi host. Instead, the administrators would want the mail servers split onto two different ESXi hosts in the cluster, so that the failure of one host would affect only one of the two mail servers. In this sort of situation, a VM anti-affinity rule is the right tool to use.Procedure
1 Right-click the cluster in the inventory and select Edit Settings.2 In the left pane of the Cluster Settings dialog box under VMware DRS, select Rules.3 Click Add.4 In the Virtual Machine Rule dialog box, type a name for the rule.5 From the Type menu, select either Keep Virtual Machines Together or Separate Virtual Machines.6 Click Add.7 Select at least two virtual machines to which the rule will apply and click OK.8 Click OK to save the rule.
How is VMware VMotion used in the Enterprise?VMware VMotion allows users to:• Perform hardware maintenance without scheduled downtime.• Proactively migrate virtual machines away from failing or underperforming servers.• Automatically optimize and allocate entire pools of resources for optimal hardware utilization and alignment with business priorities.
How Does VMware VMotion Work?Live migration of a virtual machine from one physical server to another with VMware VMotion is enabled by three underlying technologies.First, the entire state of a virtual machine is encapsulated (mahfooz) by a set of files stored on shared storage such as Fibre Channel or iSCSI Storage Area Network (SAN) or Network Attached Storage (NAS). VMware vStorage VMFS allows multiple installations of VMware ESX® to access the same virtual machine files concurrently.
Second, the active memory and precise execution state of the virtual machine is rapidly transferred over a high speed network, allowing the virtual machine to instantaneously switch from running on the source ESX host to the destination ESX host. VMotion keeps the transfer period imperceptible to users by keeping track of on-going memory transactions in a bitmap. Once the entire memory and system state has been copied over to the target ESX host, VMotion suspends the source virtual machine, copies the bitmap to the target ESX host, and resumes the virtual machine on the target ESX host. This entire process takes less than two seconds on a Gigabit Ethernet network.
Third, the networks being used by the virtual machine are also virtualized by the underlying ESX host, ensuring that even after the migration, the virtual machine network identity and network connections are preserved. VMotion manages the virtual MAC address as part of the process. Once the destination machine is activated, VMotion pings the network router to ensure that it is aware of the new physical location of the virtual MAC address.
Since the migration of a virtual machine with VMotion preserves the precise execution state, the network identity, and the active network connections, the result is zero downtime and no disruption to users.
How Can I Purchase VMware VMotion?VMware VMotion is included in VMware vSphere™ 4 Advanced, Enterprise and Enterprise Plus editions.For more information on how to purchase, visit the VMware vSphere Web page at: http://www.vmware.com/go/vsphere/buy.
What is VMware Storage VMotion?VMware Storage VMotion is a component of VMware vSphere™ that provides an intuitive interface for live migration of virtual machine disk files within and across storage arrays with no downtime or disruption in service. Storage VMotion relocates virtual machine disk files from one shared storage location to another shared storage location with zero downtime, continuous service availability and complete transaction integrity. Storage VMotion enables organizations to perform proactive storage migrations, simplify array migrations, improve virtual machine storage performance and free up valuable storage capacity. Storage VMotion is fully integrated with VMware vCenter Server to provide easy migration and monitoring.
What are the use cases of SvMotion?Migrating from Old storage to new storage systems or migrating to different vendor storage without downtime to VM’s.Performing Scheduled activity like storage upgrades on the source Lun. Converting VM disk type from Thick to Thin and Thin to Thick.Migrating the critical virtual machines to high performance storage arrays to improve performance of virtual Machine.
VMware® Storage VMotion™ enables live migration for running virtual machine disk files from one storage location to another with no downtime or service disruption.
What are the Limitations of SvMotion?Virtual machines with snapshots cannot be migrated using Storage vMotion.Virtual Machines cannot be migrated while the VMware tools installation is in progress.Virtual Machine should be in powered off state if you want to migrate the VM simultaneously to different host and storage.
BENEFITS• Simplify storage array migrations and storage upgrades.• Dynamically optimize storage I/O performance.• Efficiently utilize storage and manage capacity.
How Does VMware Storage VMotion Work?VMware Storage VMotion allows virtual machine storage disks to be relocated to different data store locations with no downtime, while being completely transparent to the virtual machine or the end user.Before moving a virtual machines disk file, Storage VMotion moves the “home directory” of the virtual machine to the new location. The home directory contains Meta data about the virtual machine (configuration, swap and log files). After relocating the home directory, Storage VMotion copies the contents of the entire virtual machine storage disk file to the destination storage host, once the process is complete, the virtual machine is quickly suspended and resumed so that it can begin using the virtual machine home directory and disk file on the destination data store location. Before VMware ESX allows the virtual machine to start running again, the final changed regions of the source disk are copied over to
the destination and the source home and disks are removed. This approach guarantees complete transactional integrity and is fast enough to be unnoticeable to the end user.
Log files should be used only when you are having trouble with a virtual machine. VMDK files –VMDK files are the actual virtual hard drive for the virtual guest operation system (virtual machine / VM).You can create either dynamic or fixed virtual disks/. With dynamic disks, the disks start small and grow as the disk inside the guest OS grows. With fixed disks, the virtual disk and guest OS disk start out at the same (large) disk. For more information on monolithic vs. split disks see this comparison from sanbarrow.com.VMEM– A VMEM file is a backup of the virtual machine’s paging file. It will only appear if the virtual machine is running, or if it has crashed.VMSN & VMSD files – these files are used for VMware snapshots. A VMSN file is used to store the exact state of the virtual machine when the snapshot was taken. Using this snapshot, you can then restore your machine to the same state as when the snapshot was taken. A VMSD file stores information about snapshots (metadata). You’ll notice that the names of these files match the names of the snapshots. NVRAM files – these files are the BIOS for the virtual machine. The VM must know how many hard drives it has and other common BIOS settings. The NVRAM file is where that BIOS information is stored.VMX files – a VMX file is the primary configuration file for a virtual machine. When you create a new virtual machine and answer questions about the operating system, disk sizes, and networking, those answers are stored in this file, a VMX file is actually a simple text file that can be edited with Notepad. Here is the “Windows XP Professional.vmx” file from the directory listing, above:Vmss: This is the suspended state file, which stores the state of a suspended virtual machineVmtm: This is the configuration file containing team data.Vmxf: This is a supplemental configuration file for virtual machines that are in a team. Note that the .vmxf file remains if a virtual machine is removed from the team.
What is Service Console?The service console is developed based upon Redhat Linux Operating system; it is used to manage the VMKernel.
What are the Vmkernel?The VMkernel is the liaison or contact (raabta) between virtual machines (VMs) and the physical hardware that supports them. VMware calls VMkernel a microkernel because it runs on bare metal, directly on VMware ESX hosts. The VMkernal is responsible for allocating memory, scheduling CPUs and providing other hardware abstraction and operating system (OS) services.
What are the basic commands to troubleshoot connectivity between vSphere Client /vCenter to ESX server?Service mgmt-vmware restart (restarts host agent(vmware-hostd) on vmware esx server)Service vmware-vpxa restrat (restarts Vcenter agent service)Service network restart (restarts management networks on ESX)
What is vCenter Agent?VC agent is an agent installed on ESX server which enables communication between VC and ESX server. This Agent will be installed on ESX/ESXi will be done when you try to add the ESx host in Vcenter.
What are the types of Ports groups in ESX/ESXi?There are 3 types of port groups in ESX1. Service console port group2. VMkernel Port group
3. Virtual machine port groupThere are only 2 types of port group in ESXi1. Vmkernel Port group2. Virtual Machine Port group
What is the use of Service Console port?Service console port group required managing the ESX server and it acts as the management network for the ESX. Vcenter/Vsphere Client uses the service console IP's to communicate with the ESX server.
What is the use of VMKernel Port?Vmkernel port is used by ESX/ESXi for vmotion, ISCSI & NFS communications. ESXi uses Vmkernel as the management network since it don't have service console built with it.
What is the use of Virtual Machine Port Group?Virtual Machine port group is used by Virtual machine communication.
How Virtual Machine communicates to other servers in Network?All the Virtual Machines which are configured in VM Port Group are able to connect to the other machines on the network. So this port group enables communication between vSwitch and Physical Switch by the use of uplink (Physical NIC) associated with the port group.
What is the default number of ports configured with the Virtual Switch?When the time of Virtual switch created, Vswitch is created with 56 ports by default. We can extend the no of ports by editing the vswitch properties.
What are the different types of Partitions in ESX server?/ -rootSwap/var/Var/core/opt/home/tmp
Features Standard Switch Distributed Switch
Management
Standard switch needs to managed at each individualhost level Provides centralized management and
monitoring of the network configurationof
all the ESXi hosts that are associated with the dvswitch.
LicensingStandard Switch is available for all Distributed switch is only available for Licensing Edition enterprise edition of licensing
Creation & configurationStandard switch can be created and
Distributed switch can be created and configured
configured at ESX/ESXi host level at the vCenter server levelLayer 2 Switch Yes, can forward Layer 2 frames Yes, can forward Layer 2 framesVLAN segmentation Yes Yes802.1Q tagging Can use and understand 802.1q Can use and understand 802.1q
VLAN tagging VLAN tagging
NIC teamingYes, can utilize multiple uplink to Yes, can utilize multiple uplink to form form NIC teaming NIC teaming
Outbound Traffic ShapingCan be achieved using standard switch Can be achieved using distributed switch
Inbound Traffic ShapingNot available as part of standard
Only possible at distributed switchswitches
VM port blockingNot available as part of standard
Only possible at distributed switch switches
Private VLAN Not available
PVLAN can be created as part of dvswitch. 3 types of PVLAN(Promiscuous, Community and Isolated)
Load based Teaming Not available Can be achieved using distributed switchNetwork vMotion Not available Can be achieved using distributed switch
Per Port policy settingPolicy can be applied at switch Policy can be applied at switch, port group
and even per port leveland port groupNetFlow Not available YesPort Mirroring Not available Yes
What are the security options available for ESX vswitch?Promiscuous Mode - RejectMAC Address changes - AcceptForged Transmits - AcceptWhat is Promiscuous Mode?If the promiscuous mode set to Accept, all the communication is visible to all the virtual machines, in other words all the packets are sent to all the ports on vSwitch. It can be useful when you are running virtual machines with network sniffers to capture packet in that network.
What is a MAC Address change?All the virtual machines nics are provide with the MAC address at the time of creation and it is stored in .VMX file. If the packet doesn't match with the MAC address as same as in the .VMX file, it does not allow incoming traffic to the VM by setting this option as reject.If it is set as Accept, ESX accepts requests to change the effective MAC address to other than the MAC address saved in the .VMX file.
What is Forged Transmits?Which is same as the Mac Address changes setting but it worked for the outgoing traffic but the MAC address changes setting is for incoming traffic.
VMware resource poolA VMware resource pool is the aggregated (majmuee) physical computer hardware -- CPU and memory, as well as other components -- allocated to virtual machines (VMs) in a VMware virtual infrastructure.A VMware administrator can choose how much of each physical resource to allocate to each new VM and allocate portions of these logical resource groups to various users, add and remove computer resources, or reorganize pools as required.
What is a VLAN?
A VLAN is the Virtual LAN which is used to broken down the Broadcast traffic into many logical groups. Basically, one physical switch comprise (mushtamil) of one broadcast domain. VLAN used to separate the one broadcast domain into many small pieces to separate the networks within the broadcast domain.
Difference between ESX server and ESXI ServerESX Server - Contains Service Console OS, comes all the enterprise level futures like HA,VMotion, DRS which gives highest support for the Virtualization. Now the current version of ESX server is 4.0 ESXi Server – Doesn’t contain service console OS, comes in a 32MB foot print. Now a day the same will be coming shipped with Servers. You can store it on a microchip or an usb drive and you can install it easily. It doesn’t support any enterprise futures like VMotion, HA, DRS Etc.
What are the three port groups present in ESX server networking 1. Virtual Machine Port Group - Used for Virtual Machine Network 2. Service Console Port Group - Used for Service Console Communications 3. VMKernel Port Group - Used for VMotion, iSCSI, NFS Communications
What are the types of communications which requires an IP address for sure? Service Console and VMKernel (VMotion and iSCSI), these communications does not happen without an IP address (Whether it is a single or dedicated)
In the ESX Server licensing features VMotion License is showing as Not used, why?Even though the license box is selected, it shows as "License Not Used" until, you enable the VMotion option for specific vSwitch.
What are the core services of VC? VM provisioning, Task Scheduling and Event Logging
Can we do vMotion between two datacenters? If possible how it will be?Yes we can do vMotion between two datacenters, but the mandatory requirement is the VM should be powered off.
What is VC agent? And what service it is corresponded to? What are the minimum req's for VC agent installation?VC agent is an agent installed on ESX server which enables communication between VC and ESX server.
The daemon associated with it is called vmware-hostd , and the service which corresponds to it is called as mgmt-VMware, in the event of VC agent failure just restart the service by typing the following command at the service console " service mgmt-VMware restart " VC agent installed on the ESX server when we add it to the VC, so at the time of installation if you are getting an error like " VC Agent service failed to install ", check the /Opt size whether it is sufficient or not.
What are the common issues with snapshots? What steps from taking a snapshot and how to fix it? If you configure the VM with Mapped LUN's, then the snapshot failed. If it is mapped as virtual then we can take a snapshot of it. If you configure the VM with Mapped LUN's as physical, you need to remove it to take a snapshot.
What’s is Virtual Center VCenter Used to Manage ESXI servers in a clustered environment, Centralized Administration of multiple ESXI server clusters.
What are the devices that can be added while the virtual Machine runningIn VI 3.5 we can add Hard Disk and NIC's while the machine running.In vSphere 4.0 we can add Memory and Processor along with HDD and NIC's while the machine running
What's the difference between thick-provisioned and thin-provisioned disks in ESX 4.0?Versions of ESX prior to 4.0 were only capable of creating thick-provisioned disks. Disks in this format are created with the entire size of the disk pre-allocated on physical storage at the time the disk is created. This pre-allocation means that creating a 100GB virtual disk actually consumes 100GB of physical disk space on your drives.
How can I convert a thin-provisioned disk to thick, or a thick-provisioned disk to thin?This article provides steps to change the provisioning of a virtual disk from thick to thin, or from thin to thick. The procedure uses the vSphere Client and vCenter Server to perform this task.
ResolutionNote: Before following these procedures, VMware highly recommends that you have a valid backup of the virtual machine and enough space to convert the virtual machine's disk(s) from thin to thick.
To change the provisioning of a virtual machine base disk from thin to thick from the Datastore Browser:1. Power off the virtual machine.2. In vSphere Client, right-click the virtual machine in the inventory.3. Click Edit Settings to display the Virtual Machine Properties dialog box.4. Click the Hardware tab and select the appropriate hard disk in the Hardware list.
Note: The Disk Provisioning Type section on the right displays either Thin Provision or Thick Provision. If the disk provision type is Thick, disk provisioning has already taken place. In this case, the disk provisioning is Thin.
5. Click Cancel to exit out of Virtual Machine Properties dialog box.6. Click the Summary tab of the virtual machine.7. Under Resources, right-click the datastore where the virtual machine resides and click
Browse Datastore.8. Double-click the virtual machine folder to display the .vmdk file.9. Right-click the .vmdk file, and click Inflate. The Inflate option converts the disk to thick
provisioned.Notes:
If the Inflate option is grayed out, this may indicate that the virtual machine is not powered off or that it is not thin provisioned.
There should be no snapshots and the conversion is performed on the base disk.
To convert a virtual machine base disk from thick to thin provisioning by changing the datastore and using offline virtual machine migration:
1. Power off the virtual machine.2. Right-click the virtual machine, and click Migrate.3. Click Change datastore.4. Click Next, and select a datastore that is not the same as the current datastore.
5. From the dropdown, select the Thin Provision virtual disk format.6. Click Next, then Finish.
Understanding Clones A clone is a copy of an existing virtual machine. The existing virtual machine is called the parent of the clone. When the cloning operation is complete, the clone is a separate virtual machine — though it may share virtual disks with the parent virtual machine: see Full and Linked Clones).
•Changes made to a clone do not affect the parent virtual machine. Changes made to the parent virtual machine do not appear in a clone. A clone's MAC address and UUID are different from those of the parent virtual machine. If you want to save the current state of the virtual machine, so you can revert to that state in case you make a mistake, take a snapshot. If you want to make a copy of a virtual machine for separate use, create a clone.
Why Make a Clone? Installing a guest operating system and applications can be time consuming. With clones, you can make many copies of a virtual machine from a single installation and configuration process. Clones are useful when you must deploy many identical virtual machines to a group. For example: •An MIS department can clone a virtual machine for each employee, with a suite of preconfigured office applications. •A virtual machine can be configured with a complete development environment and then cloned repeatedly as a baseline configuration for software testing. •A teacher can clone a virtual machine for each student, with all the lessons and labs required for the term. With clones you can conveniently make complete copies of a virtual machine, without browsing a host file system or worrying if you have located all the configuration files. Full and Linked Clones There are two types of clone: •A full clone is an independent copy of a virtual machine that shares nothing with the parent virtual machine after the cloning operation. Ongoing operation of a full clone is entirely separate from the parent virtual machine. •A linked clone is a copy of a virtual machine that shares virtual disks with the parent virtual machine in an ongoing manner. This conserves disk space, and allows multiple virtual machines to use the same software installation. Full Clones: A full clone is an independent virtual machine, with no need to access the parent. Full clones do not require an ongoing connection to the parent virtual machine. Because a full clone does not share virtual disks with the parent virtual machine, full clones generally perform better than linked clones. However, full clones take longer to create than linked clones. Creating a full clone can take several minutes if the files involved are large.
Linked Clones: A linked clone is made from a snapshot of the parent.(See Understanding Snapshots.) All files available on the parent at the moment of the snapshot continue to remain available to the linked clone. Ongoing changes to the virtual disk of the parent do not affect the linked clone, and changes to the disk of the linked clone do not affect the parent. A linked clone must have access to the parent. Without access to the parent, a linked clone is disabled. See Linked Clones and Access to the Parent Virtual Machine Linked clones are created swiftly, so you can easily create a unique virtual machine for each task you have. You can also easily share a virtual machine with other users by storing the virtual machine on your local network, where other users can quickly make a linked clone. This facilitates collaboration: for
example, a support team can reproduce a bug in a virtual machine, and an engineer can quickly make a linked clone of that virtual machine to work on the bug. Full Clones and Snapshots of the Parent A full clone is a complete and independent copy of a virtual machine. However, the full clone duplicates only the state of the virtual machine at the instant of the cloning operation. Thus the full clone does not have access to any snapshots that may exist of the parent virtual machine.
1. Installing an ESXi to retrieve backup data thru VMFS is much faster than installing Windows to retrieve backup data thru NTFS. 2. If all ESXi hosts are down, you will still need to setup a new ESXi host anyway in order to run the backup VMs.3. Chances of VMFS corruption - never experienced before. Chances of NTFS corruption?Quite often. At least a virus attack to delete files on an VMFS volume is highly unlikely.4. Simultaneous connection (write) in a SAN volume is supported by VMFS but not NTFS which will lead to corruption. (Having 2 backup app writing to the same volume at the same time etc?)Having said the above, someone reminded me about the big difference between using the storage for backup and replication. For replication, it will be VMFS instead of NTFS. However, since backup will be compressed and dedup, we will need Veeam to restore it, or use extract utility provided. Thus, NTFS will provide direct access to restore the backup from any connected Windows computer or even execute the backup VMs to boot up immediately thru vPower. With VMFS, we will add an additional step of mapping the VMDK files into a Windows VM etc to access it. That's the only disadvantages I can agreed upon, apart from the 2TG limits.
What Is Captured by the Snapshot? The snapshot captures the entire state of the virtual machine at the time you take the snapshot. This includes: •The state of all the virtual machine's disks. •The contents of the virtual machine's memory. •The virtual machine settings.Introduction to VMware ConverterVMware Converter is designed to do the following:
convert local and remote physical servers with NO DOWNTIME convert many P2V conversions at the same time with a centralized console Convert third party VMs to VMware. For example- MS Virtual PC, MS Virtual Server, Backup
Exec Live State, & Ghost. Clone and backup physical machines to virtual machines as part of a DR plan.
VMware Converter comes in two flavors. They are: VMware Converter Starter (FREE Edition) VMware Converter Enterprise
Of course not all feature are supported on the free edition. For a comparison chart between these two editions, see this link.Currently, VMware Converter is only supported to convert Windows systems from physical to virtual (for specific versions, see the FAQ). For specific information on VMware Converter, see this data sheet.
Downloading & Installing VMware ConverterTo download VMware Converter, simply go to the download link on the product webpage. This will take you to the download site to download the VMware Converter Starter edition. ClickDownload Now. After filling out the registration form and accepting the license agreement, you will see something like this:
Either Run or Save the download. Once downloaded, click Run, like this:
You'll be taken to the VMware Converter Installation Wizard, like this: Now click Next, accept the license agreement again, take the default installation directory, and take the Typical (Recommended) installation method by clicking Next. Next, click Install. When installation completes, you should see this. Check the checkbox for Run VMware Converter and click Finish.
Finally, after VMware Converter starts, you should see this screen: Now that you have installed this amazing 17Mb program, let's find out what it can do in part 2Summary
In summary, VMware Converter is a very cool application that can speed up your physical server migration and assist in other ways such as disaster recovery. With VMware Converter being available in the FREE Starter Edition, there is no reason not to try out VMware Converter 3.0 and start converting those physical machines to virtual machines today!Using VMware ConverterWhen VMware Converter starts, you will be asked if you want to enter a license (to use the Enterprise version) or move into Starter mode. To go into Starter mode, click Continue in Starter Mode.There are two purposes for VMware Converter:1) Import a Virtual Machine from a physical machine or other type of virtual machine2) Configure Virtual Machine to make an existing image bootableIn our case, we are going to demonstrate how you can import a hard drive from a physical machine (while that machine is running), change the drivers on it to be VMware drivers, and boot it in VMware. The first step of this is importing the virtual machine.Importing Virtual MachinesTo Import a virtual machine, just click on the Import Machine button the top left side of the interface.
Next, you'll see the Import dialog box come up. Click Nexttwice. Select the type of
source to import from: In our case, we selected physical computer but notice all the different sources you can import virtual machines from. You could import an existing virtual machine, a physical machine that this program is running on, or a remote machine over the network.
We filled out the remote IP address and administrator username/password, then clicked Next. The VM Converter will connect to the remote machine over the network at this time. You will get
the message that the VM Converter agent needs to be installed on the remote machine.
Click Yes After the agent install is done, you will see a window that looks like this: Here you need to select the volumes you want to convert and if you want them to be resized. I chose to only convert the C drive and to reduce the size to the smallest size possible. After doing that, click Next.Next you will need to choose a destination, click Next.We will choose to put this physical machine on our standalone VMware Server (as that is all we have installed).
Click Next.
Now you will need to specify a name for this virtual server and a shared folder that is accessible to both virtual machines. To do this, I created a folder called C:\SharedVM and opened it up to full control for everyone (see below).
After you fill out the new name and the share, click Next.Now, take the default to allow the disk space to grow (that is really up to you).
Click Next.
Take the default network options and click Next. Take the default on customizations and click Next.You are now ready to import the virtual machine!
Click Next
Monitoring & Verifying the ImportThe import will now begin. Here is what it looks like:
In my case, because I chose to transfer a physical machine over the LAN (with one device using wireless), it took me 2 hours and 6 minute to transfer the complete 8GB image. When it was done, here were the results:
This guide covers the following components of vSphereVirtual MachinesESXi hostsVirtual NetworkvCenter Server, plus its database and clientsvCenter Update Manager
Everything else is out of scope and hence NOT covered by the guide. This includesvCenter Virtual AppliancevSphere Management Assistant (vMA)any other add-on component
Description of fieldsEach guideline is uniquely identified by the concatenation of Product-Version-Component-ID. Some examples:
vSphere-5.0-esxi-apply-patchesvSphere-5.0-vm-prevent-device-interaction-editvSphere-5.0-vnetwork-reject-mac-change-dvportgroupvSphere-5.0-vcenter-isolated-vum-proxy
When referring to guidelines within a single version, the Product-Version may be omitted and the component-ID used by itself, e.g.esxi-apply-patches
The Profile field indicates the relative increase in security provided by the guidelines. Some guidelines describe an issue with more than one defense, and these will be associated with more than one profileProfile 3: guidelines that should be implemented in all environmentsProfile 2: guidelines that should be implemented for more sensitive environments, e.g. those handling more sensitive data, those subject to stricter compliance rules, etc.Profile 1: guidelines that only be implemented in the highest security environments, e.g. top-secret government or military, extremely sensitive data, etc.
Control Type indicates how the guideline is implementedParameter: A system-level parameter should be set to a particular value, either specified in the guideline or else site-specificConfiguration: A certain hardware and/or software configuration or combination of settings should be usedOperational: Indicates an ongoing check, either monitoring for certain actions or conditions, or else verifying the use of proper procedures
Assessment Procedure: describes how to validate whether or not the guideline is being followed. The remediation procedure is generally not described, but in some cases the remediation steps are available in an external reference.
The following fields are filled in where applicable or determinateConfiguration ParameterConfiguration FileDesired ValueIs Desired Value the Default?
Negative Functional Impact indicates if this guideline has any side effects that reduce or prevent normal functionality
Where possible, CLI commands for assessment and remediation are provided. The commands are provided for the vSphere CLI (vCLI), ESXi Shell, and PowerCLI.Reference to the API which relates to a guideline is also provided if possible.
For the ESXi guidelines, a special column indicates whether or not the guidelines can be configured using Host Profiles
Update ManagerSimplify VMware vSphere management by automating patches and updates. vSphere Update Manager makes it easy to manage tracking and patching of vSphere hosts.Keep machines up to date and in complianceReduce risks of patchingEliminate vSphere downtime related to host patchingKeep Machines Up-to-date and in Compliance Automate patch management and eliminate manual tracking and patching of vSphere hosts and virtual machines. vSphere Update Manager compares the state of vSphere hosts with baselines, then updates and patches to enforce compliance to mandated patch standards.Gain visibility into patch status across the virtual infrastructure with a patch compliance dashboardStage and schedule patching for remote sitesDeploy offline bundles of patches downloaded directly from vendor websites Reduce the Risks of Patching Store snapshots for a user-defined period so administrators can roll back the virtual machine if necessarySecurely patch offline virtual machines without exposing them to the network, reducing the risk of non-compliant virtual machines Make sure the most current version of a patch is applied with automatic notification servicesEliminate vSphere Downtime Related to Patching vSphere Update Manager works in conjunction with vSphere Distributed Resource Scheduler (DRS) to provide non-disruptive host patching when remediating a cluster. vSphere Update Manager works with vSphere DRS to put hosts in maintenance mode one by one and migrates virtual machines live to other hosts while patching.Automatically migrate virtual machines to other hosts during patching Migrate virtual machines back after patchingORVMware Update Manager is a utility that oversees the installation of updates for existing installations of VMware ESX Server and guest operating systems. Update Manager tracks vulnerabilities within the virtual infrastructure and automatically applies user-defined patches to eliminate those vulnerabilities. The utility is part of the virtualization suite called VMware Infrastructure 3.VMware Update Manager works in a manner similar to the automatic update feature found in computer operating systems such as Microsoft Windows. Patch data is gathered at user-defined intervals from the VMware repository as well as from Internet-based sites of third-party application vendors. Once the patch data has been collected, it is used to create updates appropriate for the particular system involved. All existing VMware ESX Server
hosts and guest operating systems are scanned and compared with the update baseline. A snapshot of each virtual machine's current state is taken to obtain a restore point. All necessary updates are then applied to each virtual machine. If any machine requires a reboot, the action can be delayed by up to 60 minutes to minimize disruption of network operations.
Q8 V2VHow to Import a Virtual Machine into ESXi Part 1: P2V Migration, I described cold and hot migrations, the difference between physical-to-virtual (P2V) and virtual-to-virtual (V2V) migrations, and how to perform a P2V migration using VMware vCenter Converter. In the second half of this two-part series, I’ll explain how to import an existing virtual machine (VM) into an ESX/ESXi Server.VMware vCenter Converter supports several different kinds of virtual machines. It can import into ESX/ESXi virtual machines created in a VMware application or in a competing product. It’s important to note, however, that not all virtualization products use the same virtualization method when running guest machines. VMware Workstation, VMware Player, VMware Server, VMware Fusion, Parallels Desktop, Microsoft Virtual PC and Microsoft Virtual Server — all of which are compatible with vCenter Converter — use hosted virtualization. VMware ESX/ESXi Server and Microsoft Hyper-V Server, on the other hand, use bare-metal virtualization to run VMs. The former group of software runs on top of an existing operating system, while the latter group runs on top of the host hardware.These differences mean little once vCenter Converter has completed the conversion process, but virtual machines created in hosted virtualization software require different migration steps from virtual machines created in bare-metal virtualization platforms.Just about all V2V migrations are cold migrations, which require that the source system be powered off during the conversion process. It is, however, possible to perform a hot migration of a virtual machine using the hot migration method as described in How to Import a Virtual Machine into ESXi: Part 1. After installing vCenter Converter Standalone to the virtual machine, launch the Conversion wizard. Select “Powered-On Machine” from the drop-down menu, click “Local Machine,” and then follow the same steps as described in the section P2V: Hot Migration.One thing to keep in mind before performing a hot migration, however, is that, in some instances, vCenter Server can interfere with the migration process. If the source system is inside a Distributed Resource Schedule (DRS) cluster that vCenter Server controls, DRS Power Management (DPM) will turn off the ESX/ESXi host that vCenter Converter is working with. Change DPM to Manual via the cluster’s Settings screen before performing the hot migration. Once the migration is complete, revert Power Management to its previous configuration.Although hot migrations have their purpose, they’re only needed when a virtual machine is too important to be taken offline. In all other instances, you should perform a cold migration. The following steps detail the offline conversion process.V2V: Cold Migration1. Power down the source machine before proceeding. Select “Convert Machine” from the toolbar to launch the Conversion wizard.See steps 2a and 2b to import a VM from a hosted virtualization platform; See steps 3a and 3b to import a VM from a bare-metal virtualization platform.
2a.Hosted Virtualization: Choose “VMware Workstation or Other VMware Virtual Machine” or “Backup Image or Third-Party Virtual Machine” from the Source Type drop-down menu, depending on which platform the source machine is using.
2b.Hosted Virtualization: Enter the full file or network path linking to the virtual machine. Supported third-party platforms include Microsoft Virtual PC and Microsoft Virtual Server (.vmc), and Parallels Desktop (.pvs). Use .vmx for virtual machines created in VMware. Note that if you’re importing a VM from Microsoft Virtual PC, you should remove the Virtual PC Additions from the machine, as they can interfere with the conversion process.Enter the login credentials for the server if accessing a network share, and then click “Next.” Skip to step 4.
3a.Bare-Metal Virtualization: Select “VMware Infrastructure Virtual Machine” or “Hyper-V Server” from the drop-down menu on the Source System screen. If vCenter Converter is not installed to Hyper-V Server, a prompt will appear requesting permission to install the application to the system. Confirm the installation of the software to proceed with the conversion.Enter the server address and login credentials for the ESX/ESXi or Hyper-V Server. Click “Next” to go to the Source Machine screen.
3b.Bare-Metal Virtualization: Search through the inventory to locate the source system. If you’re accessing ESX/ESXi through vCenter Server, choose “Hosts and Clusters” or “VMs and Templates,” depending on where the source machine is housed. Select the virtual machine to import into the ESX/ESXi Server, and then click “Next.”4. Select “VMware Infrastructure Virtual Machine” from the Select Destination Type drop-down menu. Enter the address, user name, and password for ESX/ESXi Server into the required fields. Click “Next” to go to the Destination Virtual Machine screen.
5. Enter a new name for the destination machine or use the default name. Select a destination location for the VM if managing ESX/ESXi through vCenter Server. Click “Next” to go to the Destination Location screen.6. Select a host, resource pool, or cluster to accommodate the virtual machine; select a datastore where the files associated with the virtual machine should be stored (optional); and then select the virtual hardware version from the drop-down menu (optional). Use Version 4 for machines running ESX/ESXi 3.x, Version 7 for machines running ESX/ESXi 4.x, and Version 8 for machines running ESX/ESXi 5.x. Click “Next” to go to the Options screen.7. Click “Edit” to make changes to a hardware device. If you’re importing a virtual machine based on the Microsoft Windows operating system, select “Advanced” from the middle pane to view the Post-
Conversion tab. Uncheck “Remove System Restore Checkpoints on Destination.” Check “Reconfigure Destination Virtual Machine” to personalize the OS (e.g., create a unique name and password, enter a new product license, or change the workgroup or domain settings). Click “Next” after making the desired changes.
8. Review your selections on the Summary screen; then click “Finish” to begin importing the VM.Q9VMware vSphere 5.1 is a minor update, not a new vSphere version, but admins are discovering plenty of features and patches in vSphere 5.1.This VMware’s vSphere 5.1 is a minor version update in name, but with changes to data backup, replication and the default interface, vSphere 5.1 features have garnered a lot of interest. Whether you've already upgraded and want to get more from your virtual infrastructure or want to know what to expect from vSphere 5.1, this guide will introduce features like the default Web client, replication, VMware's controversial single sign-on ID authentication and more. Along with the features' specs, learn about the patches VMware issued for vSphere 5.1, which some admins say came out without proper testing.Table of contents:Single sign-on: Is it the hero or villain of vSphere 5.1?Do you still need Site Recovery Manager?Goodbye, Windows client. Hello, Web client!VMware Data Recovery goes into retirementLicensing evolves with SMBs in mindSingle sign-on: Is it the hero or villain of vSphere 5.1?VMware single sign-on (SSO) made its debut as a much-reviled vSphere 5.1 feature. SSO uses a standalone server as an authentication broker between administrators and various VMware products. It won notoriety quickly for its bugs, and VMware issued patches. Regardless of this stumble, SSO is integral to vSphere, changing the way VMware administrators manage directories. VMware now offers authentication against the corporate directory with a centralized mechanism for VMware applications to use. Learn how vSphere 5.1 SSO breaks your dependence on Microsoft Active Director and vCenterAre you experiencing these problems with VMware SSO?Some claim VMware pushed 5.1 out too soon, leading to SSO and SSL patchesDo you still need Site Recovery Manager?Many VMware admins want to replicate virtual machines (VMs), mirroring them to another location in case the primary storage fails. Before vSphere 5.1, this meant buying VMware Site Recovery Manager (SRM) or a third-party tool. VSphere 5.1 features a limited version of replication -- vSphere Replication
-- that's missing some of SRM's features. VSphere Replication needed its own patch to fix two issues: one with installation and the other with recovering VMs at a secondary site. Shared-nothing live migration, which is a related feature of vSphere 5.1, is part of VMware's roadmap for SRM and Replication. Shared-nothing live migration will play a role in SRM's integration with vCloud Director and disaster recovery to cloud service providers. In the 2013 vSphere update, look for more features around policy-based disaster recovery and integration between vSphere Data Recovery, VMware High Availability and SRM.You might be able to use vSphere Replication instead of SRMGet to know VMware's shared-nothing live migrationFix replication problems with the vSphere 5.1 patchGoodbye, Windows client. Hello, Web client!Get used to working with the Web client. VMware made its Web client the default interface for vSphere in 5.1, and features new to vSphere 5.1 will not be available in the Windows-based client. VMware boasts that in the 5.1 update it improved the Web client's scalability and disaster recovery capabilities. No more white screens of death when you use the vSphere Web clientVMware Data Recovery goes into retirementWhen IT pros complained about backup limitations in VMware Data Recovery (VDR), the company released vSphere Data Protection (VDP) with version 5.1. VDP communicates with VMware vStorage API for Data Protection. VDP eliminated VDR, but hasn't eliminated all of the limitations of its forerunner. It does back up only changed blocks, reducing backup time significantly. Licensing evolves with SMBs in mind Enough with the technical features. VMware shed its virtual RAM (vRAM) licensing scheme with the release of vSphere 5.1, going back to physical CPU-based licensing. The change of heart especially benefits small and medium-sized businesses (SMBs), which can now license an enterprise-class vSphere installation.Q10 Required ports for vcenterThe VMware vCenter Server system must be able to send data to every managed host and receive data from every vSphere Client. To enable migration and provisioning activities between managed hosts, the source and destination hosts must be able to receive data from each other.VMware uses designated ports for communication. Additionally, the managed hosts monitor designated ports for data from the vCenter Server system. If a firewall exists between any of these elements and Windows firewall service is in use, the installer opens the ports during the installation. For custom firewalls, you must manually open the required ports. If you have a firewall between two managed hosts and you want to perform source or target activities, such as migration or cloning, you must configure a means for the managed hosts to receive data.Note: In Microsoft Windows Server 2008, a firewall is enabled by default. This table outlines the ports required for communication between components: Port Description80 vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS
port 443. This redirection is useful if you accidentally use http://server/ instead of https://server/ .Note: Microsoft Internet Information Services (IIS) also use port 80.
389 This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group. The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535.If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389 to an available port from 1025 through 65535.
443 The default port that the vCenter Server system uses to listen for connections from the vSphere
Client. To enable the vCenter Server system to receive data from the vSphere Client, open port 443 in the firewall. The vCenter Server system also uses port 443 to monitor data transfer from SDK clients. If you use another port number for HTTPS, you must use ip-address:port when you log in to the vCenter Server system.
636 For vCenter Server Linked Mode, this is the SSL port of the local instance. If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the SSL service on any port from 1025 through 65535.
902 The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be blocked by firewalls between the server and the hosts or between hosts.
903 Port 903 must not be blocked between the vSphere Client and the hosts. The vSphere Client uses this ports to display virtual machine consoles
8080 Web Services HTTP. Used for the VMware VirtualCenter Management Web Services.
8443 Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services.
10080 vCenter Inventory Service HTTP.
10443 vCenter Inventory Service HTTPS.
10109 vCenter Inventory Service Service Management.
10111 vCenter Inventory Service Linked Mode Communication.
60099 Web Service change service notification port. It is necessary to know different terminology used with VMware, list of those terminology are mentioned as belowESXi - Esxi is a thin, embedded version of the ESX server that does not have a service console. It moves the Server Kernels to a dedicated hardware device.ISO image - A CD or DVD image that can be downloaded and burnt on a CD-ROM or DVD-ROM or, mounted as a loopback device.Cluster - A server group in the virtual environment. Clusters enable a high-availability solution. A cluster is a collection of ESX Server hosts and associated virtual machines that share resources and a management interface.HCL (hardware compatibility list) - The definitive list of hardware that VMware supports.Host - A computer that uses virtualization software to run virtual machines. Also called the host machine or host computer. The physical computer on which the virtualization (or other) software is installed.Guest Operating System - An operating system that runs on a virtual machine.VMware VCenter - A virtual infrastructure management product that manages and provide valuable services for virtual machines and underlying virtualization platforms from a central, secure location.VMware vSphere client - An interface that allows to connect any windows PC remotely to a vCenter Server or ESX/ESXi.SAN (storage area network) - A large-capacity network of storage devices that can be shared among multiple VMware ESX server hosts. A SAN is required for VMotion.Root user - The superuser who has full administrative privileges to log in to an ESX Server host. The root user can manipulate permissions, create users and groups, and work with events.Virtual Machine - A virtual machine is a software computer that, like a physical computer, runs an operating system and applications. Multiple virtual machines can operate on the same host system concurrently.VMFS - A clustered file system that stores virtual disks and other files that are used by virtual machines.Service console - The modified Linux kernel that serves as the management interface to the ESX server.
VMkernel - A kernel that controls the server hardware and schedules virtual machine computations and I/O operations.VMotion — the capability to move a running virtual machine from one ESX host to another and faster than some other editions.Storage VMotion — the capability to move a running virtual machine from one storage device to anotherDRS — Distributed Resource Scheduler — automatic load balancing of an ESX cluster using VMotionHA — High Availability — In case of hardware failure in a cluster, the virtual servers will automatically restart on another host in the cluster.
What’s New in vSphere 4.1 With this release, the VMware virtual datacenter operating system continues to transform x86 IT infrastructure into the most efficient, shared, on-demand utility, with built-in availability, scalability, and security services for all applications and simple, proactive automated management. The new and enhanced features in vSphere 4.1 are listed below.
Installation and Deployment Storage Network Availability Management Platform Enhancements Partner Ecosystem
Installation and Deployment VMware ESX. VMware vSphere 4.1 and its subsequent update and patch releases are the last
releases to include both ESX and ESXi hypervisor architectures. Future major releases of VMware vSphere will include only the VMware ESXi architecture.
o VMware recommends that customers start transitioning to the ESXi architecture when deploying VMware vSphere 4.1.
o VMware will continue to provide technical support for VMware ESX according to the VMware vSphere support policy.
o To learn more about the ESXi architecture and how to migrate from ESX to ESXi, go to the VMware ESX to ESXi Upgrade Center.
Scripted Install for ESXi. Scripted installation of ESXi to local and remote disks allows rapid deployment of ESXi to many machines. You can start the scripted installation with a CD-ROM drive or over the network by using PXE booting. You cannot use scripted installation to install ESXi to a USB device. See the ESX and vCenter Server Installation Guide, the ESXi Installable and vCenter Server Setup Guide, and the ESXi Embedded and vCenter Server Setup Guide.
vSphere Client Removal from ESX/ESXi Builds. For ESX and ESXi, the vSphere Client is available for download from the VMware Web site. It is no longer packaged with builds of ESX and ESXi. After installing ESX and ESXi, users are directed to the download page on the VMware Web site to get the compatible vSphere Client for that release. The vSphere Client is still packaged with builds of vCenter Server. See the ESX and vCenter Server Installation Guide, the ESXi Installable and vCenter Server Setup Guide, and the ESXi Embedded and vCenter Server Setup Guide.
Storage Boot from SAN.vSphere 4.1 enables ESXi boot from SAN (BFN). iSCSI, FCoE, and Fibre
Channel boot are supported. Refer to the Hardware Compatibility Guide for the latest list of NICs and Converged Adapters that are supported with iSCSI boot. See the iSCSI SAN Configuration Guide and the Fibre Channel SAN Configuration Guide.
Hardware Acceleration with vStorage APIs for Array Integration (VAAI). ESX can offload specific storage operations to compliant storage hardware. With storage hardware assistance,
ESX performs these operations faster and consumes less CPU, memory, and storage fabric bandwidth. See the ESX Configuration Guide and the ESXi Configuration Guide.
Storage Performance Statistics.vSphere 4.1 offers enhanced visibility into storage throughput and latency of hosts and virtual machines, and aids in troubleshooting storage performance issues. NFS statistics are now available in vCenter Server performance charts, as well as esxtop. New VMDK and datastore statistics are included. All statistics are available through the vSphere SDK. See the vSphere Datacenter Administration Guide.
Storage I/O Control. This feature provides quality-of-service capabilities for storage I/O in the form of I/O shares and limits that are enforced across all virtual machines accessing a datastore, regardless of which host they are running on. Using Storage I/O Control, vSphere administrators can ensure that the most important virtual machines get adequate I/O resources even in times of congestion. See the vSphere Resource Management Guide.
iSCSI Hardware Offloads.vSphere 4.1 enables 10Gb iSCSI hardware offloads (Broadcom 57711) and 1Gb iSCSI hardware offloads (Broadcom 5709). See the ESX Configuration Guide, the ESXi Configuration Guide, and the iSCSI SAN Configuration Guide.
NFS Performance Enhancements. Networking performance for NFS has been optimized to improve throughput and reduce CPU usage. See the ESX Configuration Guide and the ESXi Configuration Guide.
Network Network I/O Control. Traffic-management controls allow flexible partitioning of physical NIC
bandwidth between different traffic types, including virtual machine, vMotion, FT, and IP storage traffic (vNetwork Distributed Switch only). See the ESX Configuration Guide and the ESXi Configuration Guide.
IPv6 Enhancements. IPv6 in ESX supports Internet Protocol Security (IPsec) with manual keying. See the ESX Configuration Guide and the ESXi Configuration Guide.
Load-Based Teaming.vSphere 4.1 allows dynamic adjustment of the teaming algorithm so that the load is always balanced across a team of physical adapters on a vNetwork Distributed Switch. See the ESX Configuration Guide and the ESXi Configuration Guide.
E1000 vNIC Enhancements. E1000 vNIC supports jumbo frames in vSphere 4.1. See the ESX Configuration Guide and the ESXi Configuration Guide.
Availability Windows Failover Clustering with VMware HA. Clustered Virtual Machines that utilize
Windows Failover Clustering/Microsoft Cluster Service are now fully supported in conjunction with VMware HA. See Setup for Failover Clustering and Microsoft Cluster Service.
VMware HA Scalability Improvements. VMware HA has the same limits for virtual machines per host, hosts per cluster, and virtual machines per cluster as vSphere. See Configuration Maximums for VMware vSphere 4.1 for details about the limitations for this release.
VMware HA Healthcheck and Operational Status. The VMware HA dashboard in the vSphere Client provides a new detailed window called Cluster Operational Status. This window displays more information about the current VMware HA operational status, including the specific status and errors for each host in the VMware HA cluster. See the vSphere Availability Guide.
VMware Fault Tolerance (FT) Enhancements.vSphere 4.1 introduces an FT-specific versioning-control mechanism that allows the Primary and Secondary VMs to run on FT-compatible hosts at different but compatible patch levels. vSphere 4.1 differentiates between events that are logged for a Primary VM and those that are logged for its Secondary VM, and reports why a host might not support FT. In addition, you can disable VMware HA when FT-enabled virtual machines are deployed in a cluster, allowing for cluster maintenance operations without turning off FT. See the vSphere Availability Guide.
DRS Interoperability for VMware HA and Fault Tolerance (FT). FT-enabled virtual machines can take advantage of DRS functionality for load balancing and initial placement. In
addition, VMware HA and DRS are tightly integrated, which allows VMware HA to restart virtual machines in more situations. See the vSphere Availability Guide.
Enhanced Network Logging Performance. Fault Tolerance (FT) network logging performance allows improved throughput and reduced CPU usage. In addition, you can use vmxnet3 vNICs in FT-enabled virtual machines. See the vSphere Availability Guide.
Concurrent VMware Data Recovery Sessions.vSphere 4.1 provides the ability to concurrently manage multiple VMware Data Recovery appliances. See the VMware Data Recovery Administration Guide.
vStorage APIs for Data Protection (VADP) Enhancements. VADP now offers VSS quiescing support for Windows Server 2008 and Windows Server 2008 R2 servers. This enables application-consistent backup and restore operations for Windows Server 2008 and Windows Server 2008 R2 applications.
Management vCLI Enhancements.vCLI adds options for SCSI, VAAI, network, and virtual machine control,
including the ability to terminate an unresponsive virtual machine. In addition, vSphere 4.1 provides controls that allow you to log vCLI activity. See the vSphere Command-Line Interface Installation and Scripting Guide and the vSphere Command-Line Interface Reference.
Lockdown Mode Enhancements. VMware ESXi 4.1 lockdown mode allows the administrator to tightly restrict access to the ESXi Direct Console User Interface (DCUI) and Tech Support Mode (TSM). When lockdown mode is enabled, DCUI access is restricted to the root user, while access to Tech Support Mode is completely disabled for all users. With lockdown mode enabled, access to the host for management or monitoring using CIM is possible only through vCenter Server. Direct access to the host using the vSphere Client is not permitted. See the ESXi Configuration Guide.
Access Virtual Machine Serial Ports Over the Network. You can redirect virtual machine serial ports over a standard network link in vSphere 4.1. This enables solutions such as third-party virtual serial port concentrators for virtual machine serial console management or monitoring. See the vSphere Virtual Machine Administration Guide.
vCenter Converter Hyper-V Import.vCenter Converter allows users to point to a Hyper-V machine. Converter displays the virtual machines running on the Hyper-V system, and users can select a powered-off virtual machine to import to a VMware destination. See the vCenter Converter Installation and Administration Guide.
Enhancements to Host Profiles. You can use Host Profiles to roll out administrator password changes in vSphere 4.1. Enhancements also include improved Cisco Nexus 1000V support and PCI device ordering configuration. See the ESX Configuration Guide and the ESXi Configuration Guide.
Unattended Authentication in vSphere Management Assistant (vMA).vMA 4.1 offers improved authentication capability, including integration with Active Directory and commands to configure the connection. See VMware vSphere Management Assistant.
Updated Deployment Environment in vSphere Management Assistant (vMA). The updated deployment environment in vMA 4.1 is fully compatible with vMA 4.0. A significant change is the transition from RHEL to CentOS. See VMware vSphere Management Assistant.
vCenter Orchestrator 64-bit Support.vCenter Orchestrator 4.1 provides a client and server for 64-bit installations, with an optional 32-bit client. The performance of the Orchestrator server on 64-bit installations is greatly enhanced, as compared to running the server on a 32-bit machine. See the vCenter Orchestrator Installation and Configuration Guide.
Improved Support for Handling Recalled Patches in vCenter Update Manager. Update Manager 4.1 immediately sends critical notifications about recalled ESX and related patches. In addition, Update Manager prevents you from installing a recalled patch that you might have already downloaded. This feature also helps you identify hosts where recalled patches might already be installed. See the vCenter Update Manager Installation and Administration Guide.
License Reporting Manager. The License Reporting Manager provides a centralized interface for all license keys for vSphere 4.1 products in a virtual IT infrastructure and their respective usage. You can view and generate reports on license keys and usage for different time periods with the License Reporting Manager. A historical record of the utilization per license key is maintained in the vCenter Server database. See the vSphere Datacenter Administration Guide.
Power Management Improvements. ESX 4.1 takes advantage of deep sleep states to further reduce power consumption during idle periods. The vSphere Client has a simple user interface that allows you to choose one of four host power management policies. In addition, you can view the history of host power consumption and power cap information on the vSphere Client Performance tab on newer platforms with integrated power meters. See the vSphere Datacenter Administration Guide.
Platform Enhancements Performance and Scalability Improvements.vSphere 4.1 includes numerous enhancements that
increase performance and scalability. o vCenter Server 4.1 can support three times more virtual machines and hosts per system,
as well as more concurrent instances of the vSphere Client and a larger number of virtual machines per cluster than vCenter Server 4.0. The scalability limits of Linked Mode, vMotion, and vNetwork Distributed Switch have also increased.
o New optimizations have been implemented for AMD-V and Intel VT-x architectures, while memory utilization efficiency has been improved still further using Memory Compression. Storage enhancements have led to significant performance improvements in NFS environments. VDI operations, virtual machine provisioning and power operations, and vMotion have enhanced performance as well.
See Configuration Maximums for VMware vSphere 4.1. Reduced Overhead Memory.vSphere 4.1 reduces the amount of overhead memory required,
especially when running large virtual machines on systems with CPUs that provide hardware MMU support (AMD RVI or Intel EPT).
DRS Virtual Machine Host Affinity Rules. DRS provides the ability to set constraints that restrict placement of a virtual machine to a subset of hosts in a cluster. This feature is useful for enforcing host-based ISV licensing models, as well as keeping sets of virtual machines on different racks or blade systems for availability reasons. See the vSphere Resource Management Guide.
Memory Compression. Compressed memory is a new level of the memory hierarchy, between RAM and disk. Slower than memory, but much faster than disk, compressed memory improves the performance of virtual machines when memory is under contention, because less virtual memory is swapped to disk. See the vSphere Resource Management Guide.
vMotion Enhancements. In vSphere 4.1, vMotion enhancements significantly reduce the overall time for host evacuations, with support for more simultaneous virtual machine migrations and faster individual virtual machine migrations. The result is a performance improvement of up to 8x for an individual virtual machine migration, and support for four to eight simultaneous vMotion migrations per host, depending on the vMotion network adapter (1GbE or 10GbE respectively). See the vSphere Datacenter Administration Guide.
ESX/ESXi Active Directory Integration. Integration with Microsoft Active Directory allows seamless user authentication for ESX/ESXi. You can maintain users and groups in Active Directory for centralized user management and you can assign privileges to users or groups on ESX/ESXi hosts. In vSphere 4.1, integration with Active Directory allows you to roll out permission rules to hosts by using Host Profiles. See the ESX Configuration Guide and the ESXi Configuration Guide.
Configuring USB Device Passthrough from an ESX/ESXi Host to a Virtual Machine. You can configure a virtual machine to use USB devices that are connected to an ESX/ESXi host
where the virtual machine is running. The connection is maintained even if you migrate the virtual machine using vMotion. See the vSphere Virtual Machine Administration Guide.
Improvements in Enhanced vMotion Compatibility.vSphere 4.1 includes an AMD Opteron Gen. 3 (no 3DNow!™) EVC mode that prepares clusters for vMotion compatibility with future AMD processors. EVC also provides numerous usability improvements, including the display of EVC modes for virtual machines, more timely error detection, better error messages, and the reduced need to restart virtual machines. See the vSphere Datacenter Administration Guide.
Partner Ecosystem vCenter Update Manager Support for Provisioning, Patching, and Upgrading EMC's ESX
PowerPath Module.vCenter Update Manager can provision, patch, and upgrade third-party modules that you can install on ESX, such as EMC's PowerPath multipathing software. Using the capability of Update Manager to set policies using the Baseline construct and the comprehensive Compliance Dashboard, you can simplify provisioning, patching, and upgrade of the PowerPath module at scale. See the vCenter Update Manager Installation and Administration Guide.
User-configurable Number of Virtual CPUs per Virtual Socket. You can configure virtual machines to have multiple virtual CPUs reside in a single virtual socket, with each virtual CPU appearing to the guest operating system as a single core. Previously, virtual machines were restricted to having only one virtual CPU per virtual socket. See the vSphere Virtual Machine Administration Guide.
Expanded List of Supported Processors. The list of supported processors has been expanded for ESX 4.1. To determine which processors are compatible with this release, use the Hardware Compatibility Guide. Among the supported processors is the Intel Xeon 7500 Series processor, code-named Nehalem-EX (up to 8 sockets).
What are the types of VLAN tagging in Vsphere?There are 3 types of VLAN tagging available in Vsphere.1. Virtual Switch Tagging (VST)2. External Switch Tagging (EST)3. Virtual Guest Tagging (VGT)
What are the Traffic Shaping policies available in the Vswitch?Traffic shaping policies are disabled by default. There are 3 different traffic shaping policy settingAverage Bandwidth (kbps)
Peak Bandwidth (kbps)Burst Size (kbps)
A traffic shaping policy is defined by three characteristics: average bandwidth, peak bandwidth, and burst size. You can establish a traffic shaping policy for each port group and each dvPort or dvPort group.ESXi shapes outbound network traffic on vSwitches and both inbound and outbound traffic on a vNetwork Distributed Switch. Traffic shaping restricts the network bandwidth available on a port, but can also be configured to allow bursts of traffic to flow through at higher speeds.Average BandwidthEstablishes the number of bits per second to allow across a port, averaged over time: the allowed average load.Peak BandwidthThe maximum number of bits per second to allow across a port when it is sending or receiving a burst of traffic. This limits the bandwidth used by a port whenever it is using its burst bonus.Burst SizeThe maximum number of bytes to allow in a burst. If this parameter is set, a port might gain a burst bonus if it does not use all its allocated bandwidth. Whenever the port needs more bandwidth than specified by Average Bandwidth, it might be allowed to temporarily transmit data at a higher speed if a burst bonus is available. This parameter limits the number of bytes that have accumulated in the burst bonus and thus transfers at a higher speed.
What are the Load balancing policies available in vswitch?Route based on the originating virtual switch port IDRoute based on source MAC hashRoute based on IP hash
Virtual LANA logical LAN configured on a virtual or physical switch that providesefficient traffic segmentation, broadcast control, security, and efficient bandwidthutilization by providing traffic only to the ports configured for that particular virtualLAN (VLAN).
What is Host Profile?Host Profiles is a VMware vCenter feature that is available on hosts licensed with Enterprise Plus, and it allows you to take an ESX or ESXi’s configuration profile and apply it to other hosts. It’s a quick and easy way to replicate configurations for hosts in a cluster, and also to monitor a host’s compliance with the selected host profile.
In the ESX Server licensing features VMotion License is showing as Not used, why?Even though the license box is selected, it shows as "License Not Used" until, you enable the VMotion option for specific vSwitch.
What are the core services of VC?VM provisioning, Task Scheduling and Event Logging
Can we do vMotion between two datacenters? If possible how it will be?Yes we can do vMotion between two datacenters, but the mandatory requirement is the VM should be powered off.
What is a template?We can convert a VM into Template, and it cannot be powered on once its changed to template. This is used to quick provisioning of VM's.
What are the common issues with snapshots? What stops from taking a snapshot and how to fix it?
If you configure the VM with Mapped LUN's, then the snapshot failed. If it is mapped as virtual then we can take a snapshot of it. If you configure the VM with Mapped LUN's as physical, you need to remove it to take a snapshot.
What’s is Virtual Center VCenter Used to Manage ESXI servers in a clustered environment, Centralized Administration of multiple ESXI server clusters.
What is a VNIC and vSwitch? A VNIC is a virtual nic which is added when we create a virtual machine. It’s a software based nic (virtualized nic) which enables the communication between vm’s or between a vm or vSwitch. A vSwitch is nothing but the physical nic which is installed on the ESX server. The same physical nic shared to all the virtual machines hosted on that particular ESX server. So it is acting as a Switch in this scenario. We can connect/configure 1016 virtual machines to use a physical nic, in other words we can create a virtual switch that contain 1016 ports. No physical switch provides these many ports in real time. And in other case, we can create the vSwitch without any physical nic also. It’s purely software based vSwitch (the same is used between VM1 and VM2
What is Clone?A clone is a copy of an existing virtual machine. The existing virtual machine is called the parent of the clone. When the cloning operation is complete, the clone is a separate virtual machine — though it may share virtual disks with the parent virtual machine.
What is LUN (Logical unique Number)?A logical unit number (LUN) is a unique identifier used to designate individual or collections of hard disk devices for address by a protocol associated with a SCSI, iSCSI, Fibre Channel (FC) or similar interface. LUNs are central to the management of block storage arrays shared over a storage area network (SAN). 21. What is Storage Area Network?A storage area network (SAN) is a high-speed special-purpose network (or sub network) that interconnects different kinds of data storage devices with associated data servers on behalf of a larger network of users.22. What is Network Area Storage?Network-attached storage (NAS) is a dedicated hard disk storage device that is set up with its own network address and provides file-based data storage services to other devices on the network.23. What is SRM (site Recovery Manager)?VMware vCenter™ Site Recovery Manager makes disaster recovery rapid, reliable and manageable, so that organizations can meet their recovery objectives. Site Recovery Manager delivers centralized management of recovery plans and automates the recovery process. It turns complex paper run books associated with traditional disaster recovery into an integrated element of virtual infrastructure management, allowing organizations to improve recovery plan testing dramatically.
26. What is hot plug in?VMware vSphere's hot-add RAM and hot-plug CPU functions allow you to add additional virtual hardware to running virtual machines. The benefit of being able to do this is the ability to provide more resources to your machines without bringing servers down to add the additional resources. Simply put, this is additional capacity without downtime.
25. What is VMware vSphere distributed virtual switchvSphere distributed virtual switch (also called a vDS, or vNetwork Distributed Switch), you must have a license for vSphere Enterprise plus Edition. From there, you can take advantage of the following features:
Centralized configuration for all network switch ports, across the entire virtual infrastructure. Ethernet port, CDP, and Net flow statistics that go with a virtual machine as it moves from one ESX
Server to another due to VMotion. Network policies that go with a virtual machine during VMotion. Rx rate limiting. Private VLANs. Support for third-party switches (with the only option today being the Cisco Nexus 1000-V).
*VCenter ServerVCenter Server is a Windows-based application that serves as a centralized management tool for ESXi hosts and their respective VMs.VCenter Server acts as a proxy that performs tasks on the individual ESXi hosts that have been added as members of a vCenter Server installation
*What is FT Logging Traffic?FT logging is the one of option in VMkernel port setting which is similar to enable vmotion option in the vmkernel port. when FT is enabled for the virtual machine, all the inputs (disk read.. wirte,etc..) of the primary virtual machine are recorded and sent to the secondary VM over via FT logging enabled VMkernel port.How to Enable FT Logging in VMkernel Port?GO the ESX host -> Configuration-> Networking -> Properties of Virtual switch with the VMkernel port group configuredClick on VMkernel Port -> click on Edit -> General tab -> select the Fault Tolerance Logging -> click on OK.
Difference between ESX and ESXi (ESXi (Elastic sky X Integrated and ESX (Elastic Sky X) )Capability ESX ESXi
Service Console Present Removed
Troubleshooting performed via Service Console ESXi Shell
Active Director Authentication Enabled Enabled
Secure Syslog Not Supported Supported
Management Network Service Console Interface VMKernel Interface
Jumbo Frames Supported Supported
Hardware Montioring 3 rd Party agents installed Via CIM Providers
Capability ESX ESXi
in Service console
Boot from SAN Supported in ESX Supported in ESXi
Software patches and updates
Needed as smilar to linux operation system
Few pacthes because of small footprint and more secure
vSphere web Access Only experimental Full managenet capability via vSPhere web client
Locked Down Mode Not present Present . Lockdown mode prevents remote users to login to the host
Scripted Installtion Supported Supported
vMA Support Yes Yes
Major Administration command-line Command esxcfg- esxcli
Rapid deployment via Auto Deploy Not supported Supported
Custom Image creation Not supported Supported
VMkernel Network Used for
vMotion,Fault Tolarance,Stoarge Connectivity
Management Network , vMotion, Fault Tolarance, Stoarge Connectivity, ISCSI port binding
How do you configure or enable FT for the virtual machine?FT can be enabled only per virtual machine basis not at the cluster or ESX level.Right-click the virtual Machine -> Fault Tolerance -> Turn on Fault Tolerance
How does the FT enabled virtual machine will be differentiated with non FT VM's in vSphere client?FT Enabled Virtual machine will appear in Dark Blue colour as compared to non-protected virtual machines. By default, Only Primary virtual machine will appear under the cluster and ESX host. To take a look at the secondary VM , Go to Virtual Machines tab of the Cluster or Host.
What will happen when the ESX host of primary VM failed?When a failure is detected on the primary VM's ESX host, the secondary virtual machine which is running on another ESX server in the same cluster will takes the place of the first one with the least possible interruption of service.
If vCenter is down, will the FT work?VCenter server is only required to enable FT on the virtual machine. Once it is configured, vCenter is notRequired to be in online for FT to work. FT failover between primary and secondary will occur even if the vCenter is down.
How does VMware FT differs from VMware HA?1. VMware HA is enabled per cluster basis but FT is enabled per VM basis.2. In case of ESX host failure, virtual machines in the failed host are restarted and powered on the other active hosts in HA cluster. So the restart duration of the virtual machine is the downtime for the virtual machine in HA cluster. But in FT enabled virtual machine, there is no downtime. In case of host failure, secondary VM will become primary and continuing the execution from the exact point where the primary VM is left off or failed. It happens automatically without data loss, without downtime and with a little delay. Users will not see any interruption.
What is the name of the technology used by VMware FT? VMware FT using a technology called vLockstep technology.
ESX Host -Infrastrcuture Requirements & Limitations for VMware Fault Tolerance
1. VMware FT is available after versions of vSphere Advanced version (Advanced, Enterprise, Enterprise Plus)2. Hardware Virtualization should be enabled in the BIOS3. CPU should be compatible with FT4. FT enabled virtual machines should be placed in Shared storage (FC, ISCSI or NFS)5. FT virtual machines should be placed in HA enabled cluster.6. Only 4 FT protected virtual machines is allowed per ESX/ESXi host.7. VMotion and FT Logging should be enabled in vmkernel port group of the virtual machine (Separate 8.NIC for vMotion & FT logging is recommeneded along with NIC teaming)9. Host certificate checking should be enabled (enabled by default)10. Dedicated 10 GB ethrenet card between ESX servers will give best performance results.11. FT ports 8100, 8200 (Outgoing TCP, incoming and outgoing UDP) must be open if any firewall exist between ESX hosts
What is the maximum number of hosts per HA cluster? Maximum number of hosts in the HA cluster is 32
What is Host Isolation?VMware HA has a mechanism to detect a host is isolated (ALAG THALAg) from rest of hosts in the cluster. When the ESX host loses its ability to exchange heartbeat via management network between the other hosts in the HA cluster, that ESX host will be considered as a Isolated.
How Host Isolation is detected?In HA cluster, ESX hosts uses heartbeats to communicate among other hosts in the cluster. By default, Heartbeat will be sent every 1 second. If an ESX host in the cluster didn't received heartbeat for 13 seconds from any other hosts in the cluster, the host considered it as isolated and host will ping the configured isolation address (default gateway by default). If the ping fails, VMware HA will execute the Host isolation response.
What is HA Admission control?When you create a new ESX cluster and turn on its VMware HA feature, one of the first configuration wizards deals with admission control. You'll find three settings boxes in its wizard. The first provides a place to enable Host Monitoring. This monitoring is necessary for the rest of HA to function properly. Thus, you'll need to enable it if you want to use HA. The second and third boxes provide locations to enable admission control and select the policy it will use.You can think of admission control as an automated tool to manage what I'll call "cluster reserve." That cluster reserve represents a quantity of resources—processing and memory—that must remain unused in case an ESX host goes down.Once it's enabled, admission control sets aside that amount of resources, spread across all the cluster hosts, so that contention won't happen when a cluster host fails.VCenter Server uses admission control to ensure that sufficient resources are available in a cluster to provide failover protection and to ensure that virtual machine resource reservations are respected.Three types of admission control are available.
Host Ensures that a host has sufficient resources to satisfy the reservations of all virtual machines running on it.
Resource Pool Ensures that a resource pool has sufficient resources to satisfy the reservations, shares, and limits of all virtual machines associated with it.
VMware HA Ensures that sufficient resources in the cluster are reserved for virtual machine recovery in the event of host failure.
What are the 2 types of settings available for admission control?
Enable: Do not power on VMs that violate availability constraints Disable: Power on VMs that violate availability constraints
What are the different types of Admission control policy available with VMware HA?There are 3 different types of Admission control policy available.
Host failures cluster toleratesPercentage of cluster resources reserved as fail over spare capacitySpecify a fail over host
What is SLOT? As per VMWare's Definition, "A slot is a logical representation of the memory and CPU resources that satisfy the requirements for any powered-on virtual machine in the cluster." If you have configured reservations at VM level, It influence the HA slot calculation. Highest memory reservation and highest CPU reservation of the VM in your cluster determines the slot size for the cluster.
What is use of Host monitoring status in HA cluster ?
Let's take an example; you are performing network maintenance activity on your switches which connects your one of the ESX host in HA cluster. What will happen if the switch connected to the ESX host in HA cluster is down? It will not receive heartbeat and also ping to the isolation address also failed. so, host will think itself as isolated and HA will initiate the reboot of virtual machines on the host to other hosts in the cluster. Why do you need this unwanted situation while performing scheduled maintenance window. To avoid the above situation when performing scheduled activity which may cause ESX host to isolate, remove the check box in " Enable Host Monitoring" until you are done with the network maintenance activity.
What are the three port groups present in ESX server networking 1. Virtual Machine Port Group - Used for Virtual Machine Network 2. Service Console Port Group - Used for Service Console Communications 3. VMKernel Port Group - Used for VMotion, iSCSI, NFS Communications
What are the type of communications which requires an IP address for sure? Service Console and VMKernel (VMotion and iSCSI), these communications does not happen without an IP address (Whether it is a single or dedicated)
Can we do vMotion between two datacenters? If possible how it will be?Yes we can do vMotion between two datacenters, but the mandatory requirement is the VM should be powered off.
What is VM Monitoring status? HA will usually monitors ESX hosts and reboot the virtual machine in the failed hosts in the other host in the cluster in case of host isolation but i need the HA to monitors for Virtual machine failures also. Here the feature called VM monitoring status as part of HA settings.VM monitoring restarts the virtual machine if the VMware tools heartbeat didn't received with the specified time using Monitoring sensitivity.
Difference between ESX server and ESXI ServerESX Server - Contains Service Console OS, comes all the enterprise level futures like HA,VMotion,DRS which gives highest support for the Virtualization. Now the current version of ESX server is 4.0 ESXi Server – Doesn’t contain service console OS, comes in a 32MB foot print. Now a days the same will be coming shipped with Servers. You can store it on a microchip or a usb drive and you can install it easily. It doesn’t support any enterprise futures like VMotion, HA, DRS Etc.
What is VC agent? And what service it is corresponded to? What are the minimum req's for VC agent installation? VC agent is an agent installed on ESX server which enables communication between VC and ESX server.
The service which corresponds to it is called as mgmt-VMware, in the event of VC agent failures just restart the service by typing the following command at the service console “Service mgmt-VMware restart” VC agent installed on the ESX server when we add it to the VC, so at the time of installation if you are getting an error like " VC Agent service failed to install ", check the /Opt size whether it is sufficient or not.
What are the files that make a Virtual Machine? .vmx - Virtual Machine Configuration File .nvram - Virtual Machine BIOS .vmdk - Virtual Machine Disk file .vswp - Virtual Machine Swap File .vmsd - Virtual Machine Snapshot Database .vmsn - Virtual Machine Snapshot file .vmss - Virtual Machine Suspended State file .vmware.log - Current Log File .vmware-#.log - Old Log file
What are the devices that can be added while the virtual Machine running
What is a template? We can convert a VM into Template, and it cannot be powered on once it’s changed to template. This is used to quick provisioning of VM's.
What is the use of a Port Group? The port group segregates the type of communication.
In the ESX Server licensing features VMotion License is showing as Not used, why? Even though the license box is selected, it shows as "License Not Used" until, you enable the VMotion option for specific vSwitch.
How the Virtual Machine Port group communication works?All the vm's which are configured in VM Port Group are able to connect to the physical machines on the network. So this port group enables communication between vSwitch and Physical Switch to connect vm's to Physical Machine's.
What is a thin provisioned disk?When creating a virtual disk file, by default VMware ESXi/ESX uses a thick type of virtual disk. The thick disk pre-allocates all of the space specified during the creation of the disk. For example, if you create a 10 megabyte disk, all 10 megabytes are pre-allocated for that virtual disk.
In contrast, a thin virtual disk does not pre-allocate all of the space. Blocks in the VMDK file are not allocated and backed by physical storage until they are written during the normal course of operation. A read to an unallocated block returns zeroes, but the block is not backed with physical storage until it is written.
Thin provisioned disks can grow to the full size specified at the time of virtual disk creation, but do not shrink. Once the blocks have been allocated, they cannot be un-allocated.
By implementing thin provisioned disks, you are able to over-allocate storage. If storage is over-allocated, thin virtual disks can grow to fill an entire datastore if left unchecked.
With NFS datastores, the provisioned disk format will be thin provisioned by default which cannot be changed. With vSphere 5.0, you can specify the provisioned format. For example, you can specify thick provisioning if the storage array or filer supports it via VAAI.
VMware ESX 3.x is not aware of thin provisioning when reporting disk space usage using VMware Infrastructure Client and VirtualCenter.
VMware ESX 4.x is aware of thin provisioning in the form of the storage views plug-in for vCenter Server.
Increase Storage UtilizationVMware vSphere® Thin Provisioning allows over-allocation of storage capacity for increased storage utilization, enhanced application uptime and simplified storage capacity management. Eliminate the need to dedicate full capacity upfront while providing vSphere administrators with the capacity they need for future growth.
Allow administrators to dedicate more capacity to virtual machines than they have. Eliminate the cost of unused, over-allocated storage. Save resources and space by reducing your physical storage needs.
Does the vSwitches support VLAN Tagging? Why? Yes, the vSwitches support VLAN Tagging; otherwise if the virtual machines in an esx host are
connected to different VLANS, we need to install a separate physical nic (vSwitch) for every VLAN. That is the reason VMware included the VLAN tagging for vSwitches. So every vSwitch supports upto 1016 ports, and BTW they can support 1016 VLANS if needed, but an ESX server doesn’t support that many VM’s. :)
What is Promiscuous Mode on vSwitch? What happens if it sets to accept? If the promiscuous mode set to Accept, all the communication is visible to all the virtual machines, in other words all the packets are sent to all the ports on vSwitch. If the promiscuous mode set to Reject, the packets are sent to intended (irada) port, so that the intended virtual machine was able to see the communication.
What are the basic commands to troubleshoot connectivity between vSphere Client / vCenter to ESX server?Servicemgmt-VMware restart (restarts host agent(vmware-hostd) on VMware esx server)servicevmware-vpxa restrat (restarts Vcenter agent service)service network restart (restarts management networks on ESX)
What is the command used to restart SSH, NTP & Vmware Web access? Service sshd restartService ntpd restratService vmware-webaccess restart
What is the use of Service Console port? Service console port group required managing the ESX server and it acts as the management network for the ESX. Vcenter/Vsphere Client uses the service console IP's to communicate with the ESX server.
How Virtual Machine communicates to another servers in Network?All the Virtual Machines which are configured in VM Port Group are able to connect to the other machines on the network. So this port group enables communication between vSwitch and Physical Switch by the use of uplink (Physical NIC) associated with the port group.
How to restart ESX Management AgentTo restart the management agents:1. Connect to the cosole of the ESXi server2. Press F2 to Customize the System3. Login as root4. Select Restart Management Agents5. Press F11 to restart the services6. Press ESC to logout of the ESXi server
SCSI Software initiator port numberPort Number (e.g., 3260);
How to shutdown a VM using command lineStop-VM –vm vm_name
Difference DVS and Std svEsx and esxiP to vSnapshot
Port group
VMware vCenter Server Heartbeat (vCSHB)VMware vCenter Server Heartbeat (vCSHB) is VMware's OEM version of NeverFail, which is designed to ensure the high availability and disaster recovery of vCenter Server on a LAN or a Wireless WAN. vCSHB creates a clone of both the vCenter Server and the SQL server, and then keeps both the primary and secondary vCenter Servers in sync through continuous asynchronous replication. Administrators can use vCSHB in a virtual configuration, physical configuration or a hybrid model.vCSHB can be configured to work solely on a private LAN or stretched across two sites in "DR Mode;" the latter allows administrators to use different IP ranges, and have a user account send DNS updates in the event of failover, redirecting users and services to a functioning vCenter Server.The primary and secondary vCenter Servers each have two NICs: The first handles the primary incoming traffic (Principal Public Network) from the vSphere Client, and the second handles replication and the "heartbeat" signal, referred to as the "VMware Channel." Administrators can also configure vCSHB to monitor and trigger remediation tasks associated with degraded performance issues.
VMware VMFS (Virtual Machine File System)
VMware VMFS (Virtual Machine File System) is a cluster file system that facilitates storage virtualization for multiple installations of VMware ESX Server, a hypervisor that partitions physical servers into multiple virtual machines. VMFS is part of the virtualization suite called VMware Infrastructure 3.
With VMFS, new virtual machines can be created without the oversight of a storage administrator. The size of a volume can be changed as needed without disrupting network operations. Multiple installations of VMware ESX Server can be used to simultaneously write and read data to and from a single storage location. VMware ESX servers can be added or removed from a VMFS volume without affecting other hosts. The file and block sizes can be adjusted to optimize the I/O (input/output) functionality of each virtual machine. In the event of a server failure, a distributed journaling file system allows for rapid system recovery and prevents catastrophic loss of data
VMware vSphere Web Client plug-inVMware vSphere Web Client plug-in is the program that extends the user interface for VMware vSphere Web Client to a browser.
The VMware vSphere Web Client allows an administrator to connect to a vCenter Server system and manage a vSphere environment. VMware allows third-party developers and partners to customize plug-ins with product-specific toolbars and icons. Popular VMware vSphere Web Client plug-ins includes: vCenter Orchestrator - a vCenter feature that helps automate VMware vCloud Suite, vSphere and other virtualization management system processes.
VMware snapshotA VMware snapshot is a copy of the virtual machine's disk file (VMDK) at a given point in time. Snapshots provide a change log for the virtual disk and are used to restore a VM to a particular point in time when a failure or system error occurs. Snapshots alone do not provide backup.Any data that was writable on a VM becomes read-only when the snapshot is taken. VMware administrators can take multiple snapshots of a VM to create multiple possible point-in-time restore points. When a VM reverts to a snapshot, current disk and memory states are deleted and the snapshot becomes the new parent snapshot for that VM. The snapshot file cannot exceed the size of the original
disk file, and it requires some overhead disk space. Snapshots will grow rapidly with high disk-write activity volume. Most snapshots are deleted within an hour and VMware recommends deleting snapshots within 24 hours. Snapshot file formats include *--delta.vmdk file, *.vmsd file and *.vmsn file. Administrators create snapshots in VMware vSphere's Snapshot Manager or with the vmware-cmd command line utility. Deleting, or committing, snapshots merges all of the delta files into the VMDK. If delta files remain in the VM's directory after deletion, the snapshot did not delete properly.VMware recommends the following best practices regarding snapshots:
Do not keep a single snapshot for more than 72 hours. While VMware supports up to 32 snapshots in a chain, try to limit chains to three snapshots.
Do not rely upon snapshots for I/O intensive VMs with rapid data changes, because significant data inconsistencies will occur when the VM is restored.
Command to take a snapshot from the command-line as follows"vmware-cmd createsnapshot "ex: "vmware-cmd winvm1.vmx createsnapshot snapshot1 'before upgrade' 1 1"NOTE: This technology can be utilized in vmware workstation and in ESX servers also.
vSphere hot add
VMware vSphere hot add is a feature that allows an administrator to increase the random access memory (RAM) capacity of a running virtual machine (VM) without downtime.
VSphere hot add can be enabled during the configuration of VMware VMs running hardware version 7 and newer, on compatible OSes and with the use of VMware Tools. Because vSphere hot add is disabled by default, and VMs must be powered off to enable it, administrators should consider enabling hot add from the start if there's a possibility that a VM will need more resources at any point.
VMware Update ManagerVMware Update Manager is a utility that oversees the installation of updates for existing installations of VMware ESX Server and guest operating systems. Update Manager tracks vulnerabilities within the virtual infrastructure and automatically applies user-defined patches to eliminate those vulnerabilities. The utility is part of the virtualization suite called VMware Infrastructure 3.
VMware Update Manager works in a manner similar to the automatic update feature found in computer operating systems such as Microsoft Windows. Patch data is gathered at user-defined intervals from the VMware repository as well as from Internet-based sites of third-party application vendors. Once the patch data has been collected, it is used to create updates appropriate for the particular system involved. All existing VMware ESX Server hosts and guest operating systems are scanned and compared with the update baseline. A snapshot of each virtual machine's current state is taken to obtain a restore point. All necessary updates are then applied to each virtual machine. If any machine requires a reboot, the action can be delayed by up to 60 minutes to minimize disruption of network operations.
VMware DRS (Distributed Resource Scheduler)
VMware DRS (Distributed Resource Scheduler) is a utility that balances computing workloads with available resources in a virtualized environment.
With VMware DRS, users define the rules for allocation of physical resources among virtual machines. The utility can be configured for manual or automatic control. Resource pools can be easily added, removed or reorganized. If desired, resource pools can be isolated between different business units. If the workload on one or more virtual machines drastically changes, VMware DRS redistributes the virtual machines among the physical servers. If the overall workload decreases, some of the physical servers can be temporarily powered-down and the workload consolidated.
Other features of VMware DRS include:
Dedicated infrastructures for individual business units Centralized control of hardware parameters Continuous monitoring of hardware utilization Optimization of the use of hardware resources as conditions change Prioritization of resources according to application importance Downtime-free server maintenance Optimization of energy efficiency Reduction of cooling costs.
Affinity rules
An affinity rule is a setting that establishes a relationship between two or more VMware virtual machines (VMs) and hosts.
Affinity rules and anti-affinity rules tell the vSphere hypervisor platform to keep virtual entities together or separated. The rules, which can be applied as either required or preferred, help reduce traffic across networks and keep the virtual workload balanced on available hosts. If two virtual machines communicate frequently and should share a host, the VMware admin can create a VM-VM affinity rule to keep them together. Conversely, if two resource-hungry VMs would tax a host, an anti-affinity rule will keep those VMs from sharing a host.
Affinity rules and anti-affinity rules can be applied between VMs and hosts as well, and a VM can be subject to VM-VM affinity rules and VM-Host affinity rules at the same time. Affinity and anti-affinity rules in a vSphere environment can conflict with one another. For example, two VMs with an anti-affinity relationship may both be linked to a third VM via an affinity rule, but they cannot share a host. Optional affinity rule violation alarms can alert administrators to these events.
vCenter Site Recovery Manager
VMware® vCenter™ Site Recovery Manager™ is a disaster recovery solution that provides automated orchestration and non-disruptive testing of centralized recovery plans.Centralized Recovery Plans
Create and manage recovery plans directly from VMware® vCenter Server™. Automatically discover and display virtual machines protected by vSphere Replication or array-
based replication. Map virtual machines to appropriate resources on the failover site. Extend recovery plans with custom scripts.
Control access to recovery plans with role-based access controls.
Automated Failover Receive automatic alerts about possible site failure. Initiate recovery plan execution from vCenter Server with a single click. Automated boot of protected virtual machines with pre-specified boot sequence. Automated reconfiguration of virtual machine IP addresses at failover site. Manage and monitor execution of recovery plans from vCenter Server.
Non-Disruptive Testing Automate execution of recovery testing. Use storage snapshot to perform recovery tests without losing replicated data. Connect virtual machines to an existing isolated network to avoid impacting production
applications. Automate cleanup of testing environments after completing tests. Store, view and export results of test and failover execution from VMware vCenter Server.
Planned Migration Automate planned migrations with graceful shutdown of protected virtual machines at the
original site. Ensure complete replication of virtual machine data in an application-consistent state, prior to
initiating migration. Perform data sync to force complete replication of powered-off virtual machines to the failover
site.
Support for vSphere Replication Only true hypervisor-based replication for vSphere. Manage replication directly through vCenter, at a granular virtual-machine level. Storage-agnostic replication that supports use of low-end storage, including direct-attached
storage. Asynchronous replication with flexible RPOs ranging from 15 minutes to 24 hours. Replicate only changed blocks to increase network efficiency. Multiple point-in-time recovery allows reversion to earlier known states.
VMware vSphere App HA
VMware vSphere App HA is virtual appliance introduced with vSphere 5.5. vSphere App HA works with vSphere HA host and virtual machine (VM) monitoring to improve application uptime and provide high availability (HA). The feature can restart an application service if it detects a failure and can reset a VM if the application fails to restart.VSphere App HA uses VMware vFabric Hyperic to monitor applications. Hyperic stores and manages App HA policies, which are configured in the administration section of the vSphere Web Client. Policies define items such as the number of times vSphere App HA will attempt to restart a service, the number of minutes it will wait for the service to start and when to reset a VM if a service is unstable.
VMware vCenter Chargeback ManagerVMware vCenter Chargeback Manager is a tool for calculating the costs of virtual resources for IT chargeback.Chargeback measures the resources that business units use -- including compute cycles, storage consumption and licensing in order to help an organization meet its service-level agreements (SLAs) and make sound business decisions.Chargeback Manager's reports compliment the Waste metrics in vCenter Operations Manager and can help identify how to make the vSphere environment operate more efficiently.
VMware vCenter Operations Management Suite
Device Maximum Number
Virtual Ethernet adapters per virtual machine
4
Virtual switch ports per host 4096
Virtual switch ports per switch 1016
Virtual switches per host 248
Uplinks per virtual switch 32
Uplinks per host 32
Virtual switch port groups per host 512
Physical e1000 Ethernet adapters per host 32(maximum tested)
Physical Broadcom Ethernet adapters per host
20 (maximum tested)
Physical e100 Ethernet adapters per host 26 (maximum tested)
ESXi Virtual Machine MaximumItems Maximum
vSphere
5.0vSphere
5.1vSphere
5.5Virtual CPUs per virtual machine 32 64 64RAM per virtual machine 1 TB 1 TB 1 TB
Virtual SCSI targets per virtual machine 60 60 60Virtual Disks per virtual machine 60 60 60Virtual NIC per virtual machine 10 10 10
Concurrent remote console connection per virtual machine 40 40 40Virtual disk size 2 TB 2 TB 62 TBVideo memory per virtual machine 128 MB 128 MB 512 MB
ESXi Host maximumItems Maximum
vSphere 5.0
vSphere 5.1 vSphere 5.5
Logical CPUs per host 160 160 320Virtual machine per host 512 512 512Virtual CPUS per host 2048 2048 4096Virtual CPUs per core 25 25 32FT Virtual Disks 16 16 16RAM per FT virtual machine 64 64 64FT virtual machine per host 4 4 4FT virtual CPUs per virtual machine 1 1 1
Memory MaximumItems Maximum
vSphere 5.0
vSphere 5.1 vSphere 5.5
RAM per host 2 TB 2 TB 4 TB
No of swap files per virtual machine 1 1 1Swap file size 1 TB 1 TB NA
Storage MaximumItems Maximum
vSphere 5.0
vSphere 5.1 vSphere 5.5
Virtual Disks per host 2048 2048 2048LUNs per server 256 256 256
Broadcom 1Gb iSCSI HBA initiator ports per server 4 4 4
Broadcom 10Gb iSCSI HBA initiator ports per server 4 4 4No. of total paths on a server 1024 1024 1024No. of paths to a LUN 8 8 8Software iSCSI targets 256 256 256LUNs per host 256 256 256LUN size NA 64 TB 64 TBNo. of paths to a LUN 32 32 32No. of total paths on a server 1024 1024 1024No. of HBAs of any type 8 8 8HBA ports 16 16 16Targets per HBA 256 256 256
Concurrent vMotion operations per datastore 128 128 128
Concurrent storage vMotion operations per datastore 8 8 8
Concurrent storage vMotion operations per host 2 2 2
Concurrent vMotion operations per host (1Gb/s network) 4 4 4
Concurrent vMotion operations per host (10Gb/s network) 8 8 8
Cluster and resource pool maximumsItems Maximum
vSphere 5.0
vSphere 5.1 vSphere 5.5
Hosts per cluster 32 32 32Virtual machine per cluster 3000 4000 4000Virtual machines per host 512 512 512
Resource pools per host 1600 1600 1600Children per resource pool 1024 1024 1024Resource pools per cluster 1600 1600 1600
vCenter Server maximumsItems Maximum
vSphere 5.0
vSphere 5.1 vSphere 5.5
Hosts per vCenter Server 1000 1000 1000
Powered‐on virtual machines per vCenter Server 10000 10000 10000
Registered virtual machines per vCenter Server 1500 1500 1500Linked vCenter Servers 10 10 10Hosts in linked vCenter Servers 3000 3000 3000
Concurrent vSphere Client connections to vCenter Server 100 100 100Number of host per datacentre 500 500 500
Registered virtual machines in linked vCenter Servers 50000 50000 50000
Storage DRSItems Maximum
vSphere 5.0
vSphere 5.1 vSphere 5.5
Virtual disks per datastore cluster 9000 9000 9000Datastores per datastore cluster 32 32 32Datastore clusters per vCenter 256 256 256
What is hypervisor?
A hypervisor, also called a virtual machine manager, is a program that allows multiple operating systems to share a single hardware processor.
vCenter Server Appliance – some basic information
But what are the limitations from the vCSA?
If you take a look into the VMware vCenter Server Appliance documentation you will notice, that the vCSA can “only” support a maximum of five hosts/50 virtual machines with the embedded database
One important thing missing is the vCenter Update Manager. If you need this great feature you will have to install it on a windows guest and register the plug-in in your vSphere client.
Some other limitations are:
• no support for IPv6• no support for Linked Mode (because of a dependency to Microsoft ADAM)• no support for Microsoft SQL databases
Some Pro’s of the new vCenter Server Appliance 5.5:
• embedded vPostgres database supports 100 hosts and up to 3000 VMs• you do not need a windows license• you do not need a SQL license• easy to deploy and easy to upgrade (built-in update function)
But there are some Con’s, too:
• it is still not possible to install VMware Update Manager in the vCSA(but you can install it on a Windows VM -> license needed)• no Linked mode support• no support for vCenter Heartbeat• maybe you have to give up some VMware/third party plugins
If you want to replace your Windows vCenter Server with the vCenter Server Appliance you should take care of the following points:
• is there a chance that your environment bursts the limitations in the next time(100 hosts/3000 VMs)?• do you need vCenter Heartbeat or linked mode?• monitoring and backup/restore of the vCenter Server Appliance possible?• are there any vCenter plug-ins you want to use?• you need Update Manager? Then you will still need a Windows Server + SQL Database
What is d command to check d status of a VM?vmware-cmd getstate
What is d default size of the swap partition & SC MEMORY?1600MB SWAP, 400 MB (MAX 800MB)
Licensing ESXi 5.x and vCenter Server 5.x (2014295)
The vSphere 5.5 does not need new license keys. The existing 5.0/ 5.1 licenses will work and enable all the features of the software once upgraded
To determine if you need a new license key for the latest version of VMware product you own, see License key requirements for new version of VMware products (2059926)
All ESXi 5.x and vCenter Server 5.x keys work with ESXi 5.1/5.5 and vCenter Server 5.1/5.5. To update your software from 5.0 to 5.1/ 5.5, see Installing or upgrading to ESXi 5.1 best practices (2032756) and Upgrading to vCenter Server 5.1 best practices (2021193). For information on upgrading license keys, see Upgrading license keys in My VMware (2006974)
The ESXi 5.1/5.5 features are automatically enabled after you upgrade from ESXi 5.0 to 5.1/5.5. This does not need a new license key
You can view and manage your license keys in My VMware. For information on viewing your license keys, and for links to information on managing your license keys, see Viewing license keys in My VMware (2006831)
Virtual Machine Requirements & Limitations for VMware Fault ToleranceFT protected virtual machine’s guest operating system and processor combination must be supported by Fault Tolerance. Please referFT protected virtual machine should be running on the supported Guest operating systemPhysical RDM is not supported for FT protected virtual machines but virtual mode RDM is supported(Raw device mapping (RDM) is an option in the VMware server virtualization environment that enables a storage logical unit number (LUN) to be directly connected to a virtual machine (VM) from the storage area network (SAN).)FT protected virtual machine should have eagerzeroed Thick disks. Virtual machine with thin provisioned disk will be automatically converted to thick disk, while enabling FT for the virtual machine. Make sure enough free space is avaialble in the datastore for this operation.SMP (symmetric multiprocessing) is not supported. Only 1 VCPU per virtual mahcine is allowed.Only 64 GB of maximum RAM is allowed for the FT VM’s.Hot add and remove devices are not allowed for FT protected VM’s.NPIV is not supported for FT VM’s.( N_Port ID virtualization (NPIV) is a technology that defines how multiple virtual servers can share a single physical Fibre Channel port identification (ID). NPIV allows a single host bus adaptor (HBA) or target port on a storage array to register multiple World Wide Port Names (WWPNs) and N_Port identification numbers. This allows each virtual server to present a different world wide name to the storage area network (SAN), which in turn means that each virtual server will see its own storage -- but no other virtual server's storage.)USB Passthough and VMDirectPath should not be enabled for FT VM’s and it is not supported.USB and Sound devices are not supported for FT VM’s..Virtual Machine snapshot is not supported for FT protected VM’s.Virtual machine hardware version should be 7 and aboveFT Protected virtual machines should not be HA disbaled by Virtual Machine level HA settings.IPv6 is not supported by VMware HA so, it is not supported for FT
Fibre ChannelFibre Channel is a technology for transmitting data between computer devices at data rates of up to 4 Gbps (and 10 Gbps in the near future). Fibre Channel is especially suited for connecting computer servers to shared storage devices and for interconnecting storage controllers and drives. Since Fibre Channel is three times as fast, it has begun to replace the Small Computer System Interface (SCSI) as the transmission interface between servers and clustered storage devices.
What is the difference between VMware and Hyper-V?A comparison of certain key features between platforms:
1)ESX supports both 32 & 64-bit hosts, Hyper-V requires a 64-bit host that supports hardware-assisted virtualization. All platforms support 32 or 64-bit guests.
2) Maximum Logical Host CPU’s: ESX = 32, Hyper-V = 16 (can do more, but not supported)3) Maximum Supported Host Memory: ESX = 256 GB, Hyper-V = 2 TB (2008 Enterprise Ed.)
4) Maximum Memory per Guest OS (VM): ESX & Hyper-V = 64 GB5) Maximum Supported Running VM’s: ESX = 128, Hyper-V = limited only by available resources6) RAM Over-Commitment: Supported in ESX, not supported in Hyper-V. (This allows RAM
allocated to VM’s to exceed actual available RAM in host).7) NIC Teaming: Native support in ESX. Hyper-V only supports via 3rd party drivers.8) Maximum # Virtual Switches: ESX = 248, Hyper-V = unlimited
What is VMware Library?VMware Library is known as /vmlib. It is a directory on the ESX hypervisor host. It contains the files to organize the tools and files that require maintaining and managing the virtual Infrastructure.
What is SRM and how it works?VMware vCenter Site Recovery Manager delivers advanced capabilities for disaster recovery management, non-disruptive testing and automated failover. VMware vCenter Site Recovery Manager can manage failover from production datacenters to disaster recovery sites, as well as failover between two sites with active workloads. Multiple sites can even recover into a single shared recovery site. Site Recovery Manager can also help with planned datacenter failovers such as datacenter migrations.Fibre Channel port names
Port Full Name Port Function
N-port network port or node port Node port used to connect a node to a Fibre Channel switchF-port fabric port Switch port used to connect the Fibre Channel fabric to a nodeL-port loop port Node port used to connect a node to a Fibre Channel loopNL-port network + loop port Node port which connects to both loops and switchesFL-port fabric + loop port Switch port which connects to both loops and switchesE-port extender port Used to cascade Fibre Channel switches together
G-port general portGeneral purpose port which can be configured to emulate other port types
EX_port external port
Connection between a fibre channel router and a fibre channel switch; on the switch side, it looks like a normal E_port -- but on the router side, it is a EX_port
TE_port trunking E-port
Povides standard E_port functions and allows for routing of multiple virtual SANs by modifying the standard Fibre Channel frame upon ingress/egress of the VSAN environment
Distributed SwitchVMware vSphere® Distributed Switch™ (VDS) provides a centralized interface from which you can configure, monitor and administer virtual machine access switching for the entire data center. The VDS provides
Simplified virtual machine network configuration Enhanced network monitoring and troubleshooting capabilities Support for advanced VMware vSphere® networking features
Simplified Virtual Machine Network Configuration
Use these VDS features to streamline provisioning, administration and monitoring of virtual networking across multiple hosts:
Central control of virtual switch port configuration, portgroup naming, filter settings, and others Link Aggregation Control Protocol (LACP) that negotiates and automatically configures link
aggregation between vSphere hosts and the access layer physical switch Network health-check capabilities to verify vSphere to physical network configuration
Enhanced Network Monitoring and Troubleshooting Capabilities
The VDS provides monitoring and troubleshooting capabilities: Support for RSPAN and ERSPAN protocols for remote network analysis IPFIX Netflow version 10 SNMPv3 support Rollback and recovery for patching and updating the network configuration Templates to enable backup and restore for virtual networking configuration Network-based coredump (Netdump) to debug hosts without local storage
Support for Advanced vSphere Networking Features
The VDS supplies the building blocks for many networking capabilities in the vSphere environment: Provides the core element for VMware vSphere® Network I/O Control (NIOC) Maintains network runtime state for virtual machines as they move across multiple hosts,
enabling inline monitoring and centralized firewall services Supports third-party virtual switch extensions such as the Cisco Nexus 1000V and IBM 5000v
virtual switches Supports Single Root I/O Virtualization (SR-IOV) to enable low-latency and high-I/O workloads Contains a BPDU filter to prevent virtual machines from sending BPDUs to the physical switch
Technical Details
The VDS extends the features and capabilities of virtual networks while simplifying provisioning and the ongoing configuration, monitoring and management process.vSphere network switches can be divided into two logical sections: the data plane and the management plane. The data plane implements the packet switching, filtering, tagging and so on. The management plane is the control structure used by the operator to configure data plane functionality. Each vSphere Standard Switch (VSS) contains both data and management planes, and the administrator configures and maintains each switch individually.The VDS eases this management burden by treating the network as an aggregated resource. Individual host-level virtual switches are abstracted into one large VDS spanning multiple hosts at the data center-level. In this design, the data plane remains local to each VDS but the management plane is centralized. Each VMware® vCenter Server™ instance can support up to 128 VDSs; each VDS can manage up to 500 hosts.
vSphere 5.5 VDS Enhancements: Network Health Check VDS Configuration Backup and Restore Management Network Rollback and Recovery Link Aggregation Control Protocol Support Single Root (SR) - I/O Virtualization (SR-IOV)
Bridge Protocol Data Unit (BPDU) Filter Scalability Improvements
http://www.globalguideline.com/interview_questions/Questions.php?sc=VMWare
http://www.globalguideline.com/interview_questions/Questions.php?sc=Microsoft_Windows_Interview_Questions_and_Answers_
1. Working with ESXi Hosts
1.1 Installing ESXi 5.1
1.2 Using the DCUI in ESXi 5.1
1.3 Installing the Windows-Based vSphere Client
1.4 Using the Windows vSphere Client with an ESXi Host
2. Working with vCenter
2.1 Installing the Windows Version of vCenter
2.2 Deploying the vCenter Server Appliance
2.3 Configuring the vCenter Server Appliance - Adding an ESXi host to vCenter
2.4 Creating a VM Using the Web-Based vSphere Client
3. Storage and Networking
3.1 Configuring the Software iSCSI Initiator
3.2 Formatting an iSCSI LUN as a VMFS Volume
3.3 Mounting a NFS Datastore
3.4 Installing and Configuring the vSphere Storage Appliance (VSA) Manager
3.5 Working with a Standard vSwitch in the Web-Based vSphere Client
3.6 Working with a Distributed vSwitch in the Web-Based vSphere Client
3.7 Working with a Standard vSwitch in the Windows-Based vSphere Client
3.8 Working with a Distributed vSwitch in the Windows-Based vSphere Client
4. Scalability and Protection
4.1 Configuring High Availability and DRS Clusters
4.2 Deploying and Configuring the vSphere Data Protection (VDP) Appliance
4.3 Testing a Backup and Restore Using the VDP Appliance
4.4 Deploying and Configuring the vSphere Replication Appliance
4.5 Replicating and Testing a VM Using the vSphere Replication Appliance
4.6 Installing and Configuring the vSphere Update Manager (VUM)
4.7 Using the vSphere Update Manager (VUM) to Patch ESXi Hosts1.What are the products included in VMware vSphere 5.5 Bundle ? VMware ESXi VMware vCenter Server VMware vSphere Client and Web Client vSphere Update Manager VMware vCenter Orchestrator
2.What type of Hyper-visor VMware ESXi is ?
VMware ESXi is Bare-metal hypervisor. You can directly install on server hardware.
3.What is the role of VMware vCenter server?
vCenter provides a centralized management platform and framework for all ESXi hosts and their respective VMs. vCenter server allows IT administrators to deploy, manage, monitor, automate, and secure a virtual infrastructure in a centralized fashion. To help provide scalability , vCenter Server
leverages a back-end database (Microsoft SQL Server and Oracle are both supported, among others) that stores all the data about the hosts and VMs.
Is it possible install vCenter server on Linux hosts ?
•No.But Pre-build vCenter appliance is available in VMware portal which is Linux based.You can import the appliance as virtual machine.
5.How to update the VMware ESXi hosts with latest patches ?
•We can update the ESXi hosts using VMware Update Manager(VUM). We can use this VUM add-on package on Windwos based vCenter server and Linux based vCenter server (vCenter appliance)
6.What is the use of VMware vSphere Client and vSphere Web Client ?
•vCenter Server provides a centralized management framework to VMware ESXi hosts.To access vCenter server, you need vSphere client or vSphere Web client service enabled.
4. Is it possible install vCenter server on Linux hosts ?
No.But Pre-build vCenter appliance is available in VMware portal which is Linux based.You can import the appliance as virtual machine.
5.How to update the VMware ESXi hosts with latest patches ?
We can update the ESXi hosts using VMware Update Manager(VUM). We can use this VUM add-on package on Windwos based vCenter server and Linux based vCenter server (vCenter appliance)
6.What is the use of VMware vSphere Client and vSphere Web Client ?
vCenter Server provides a centralized management framework to VMware ESXi hosts.To access vCenter server, you need vSphere client or vSphere Web client service enabled.
What is the difference between vSphere Client and vSphere web client ?
•vSphere Client is traditional utility which provides user interface to vCenter server. But from VMware vSphere 5 onwards,vSphere web client is a primary interface to manage vCenter server.For vSphere client, you need install small utility .But vSphere Web client doen’t require any software. You can directly connect using web browser.But still VUM is managed through vSphere Client .
8.What is the use of VMware vCenter Orchestrator ?
•vCneter Orchestrator is used for automation on various vSphere products.
9.What are the features included in VMware vSphere 5.5 ?
•vSphere High Availabitliy (HA)
•vSphere Fault Tolerance
•vSphere vMotion
•vSphere Storage vMotion
•vSphere Distributed Resource Scheduler (DRS)
•virtual SAN (VSAN)
•Flash Read Cache
•Storage I/O Control
•Network I/O Control
•vSphere Replication
10.What is the use of vSphere High Availability(HA)? Where it can be applied ?
•VMware vSphere HA minimize the VM’s unplanned downtime by restarting the VM guests on next available server ESXi node inacase of failure on current ESXI node. VMware HA must be enabled to reduce the VM unplanned downtime.