다음을 통해 공유


Using the Best Practices Analyzer for Hyper-V 2008 R2

**Note: This article is based on Hyper-V2.0, the BPA has changed with Hyper-V 3.0 (Server 2012)

Introduction**

As administrators we must ensure that all servers have the right settings and correct configuration according to best practices established by other administrators and by Microsoft itself. Applying these practices can guarantee more performance, safety and a better administration of services. In a virtualized environment with Hyper-V is no different, in fact there are several best practices for virtual environment. The challenge just knows what are the best practices that should be implemented, the shortfall and the impact of each and the benefits they have. Previously this was a manual labor performed by a specialist. I, for example, have done some consulting that we called "Preventive". We had a list of best practices and verified each server to know what they were or not in accordance with them.

In Windows Server 2008 R2 there is a solution called Best Practices Analyzer (BPA) to do all this procedure in an automated way, showing the best settings according to the service installed. It lies in a database with all best practice in accordance with the installed service, recognizing the features that are not in line with the recommendations and showing the solutions for all of them. Below is the list of BPA for Windows: 

  • Best Practices Analyzer for Active Directory Certificate Services
  • Best Practices Analyzer for Active Directory Domain Services
  • Best Practices Analyzer for Active Directory Rights Management Services
  • Best Practices Analyzer for Application Server
  • Best Practices Analyzer for Domain Name System
  • Best Practices Analyzer for Dynamic Host Configuration Protocol
  • Best Practices Analyzer for File Services
  • Best Practices Analyzer for Hyper-V
  • Best Practices Analyzer for Internet Information Services
  • Best Practices Analyzer for Network Policy and Access Services
  • Best Practices Analyzer for Remote Desktop Services
  • Best Practices Analyzer for Windows Server Update Services

In this article I'll show some details, installation and configuration of BPA for Hyper-V

Installation

To use the BPA for Hyper-V you need to install an update package for Windows, which can be downloaded from the link below: http://www.microsoft.com/downloads/en/details.aspx?FamilyId=89d80c15-0082-4fef-a4fc-fefa463bed08&displaylang=en  

To install it, simply login in as local administrator on the server and run the file from the link above.


Figure 1 - BPA Installation

Prerequisites

Besides the local administrator credentials, the following four prerequisites must be installed and running:  

  • Windows Hypervisor (Hyper-V)
  • Hyper-V Virtual Machine Management Service
  • Hyper-V Networking Management Service
  • Hyper-V Image Management Service

Configuration 

After installation, to use the BPA, open the Server Manager through the start menu, click Roles and Hyper-V. On the right side of the Server Manager you will have the option Best Practices Analyzer. Click Scan This Role, as shown in Figure 2.


Figure 2 – Running BPA for Hyper-V 

All settings on the server with Hyper-V installed will be analyzed and some tips will be presented after this procedure. Some examples that are checked are: Services, virtual and logical processors, network adapters, virtual machines, memory, drivers, storage, guest operating system and several others. In total 30 tests are made ​​only for Hyper-V. For more details in all of them, visit http://technet.microsoft.com/en-us/library/ee941122(WS.10).aspx  

There are four classifications following analysis: Compliant, Noncompliant, Excluded and All. In the first tab you can observe each of them and their severities characterized as errors and warnings.

For each one you can find information such as the problem, the impact and most importantly, how to solve it. In the example in Figure 3 there is a warning about the use of snapshots in virtual machines. 


Figure 3 -  Snapshot Warning

However, in Figure 4 there is a best practice with the severity "error” related to the server network card configuration. The solution here is to add more network cards to the physical computer.


Figure 4 - Error related to network card

By clicking on the Compliant tab are displayed all the best practices already being used. 


Figure 5 - Compliant

Integration with Powershell

BPA can also be used through PowerShell, enabling the creation of scripts and their use in Server Core, a Windows version only with the command line interface.

To use BPA commandlets through Powershell you need to import the BPA and Server Manager modules using the following command lines:

**Import-Module ServerManager *
**Import-Module BestPractices


To scan Hyper-V you must use the commandlet Invoke-BPAModel followed by the Hyper-V ID.

Invoke-BPAModel –BestPracticesModelID Microsoft/Windows/Hyper-V

To view the result, the command Get-BpaResult is used with the following parameter:

Get-BpaResult -BestPracticesModelId Microsoft/Windows/Hyper-V

In Figure 6 the above commands have been run and you can check the results with **Get-BpaResult.


**Figure 6 – BPA Powershell Commands

You can also make a filter using Where-Object parameter in PowerShell. The example below displays BPA errors and warnings only: 

***Get-BpaResult -BestPracticesModelId Microsoft/Windows/Hyper-V | Where-Object {$_.Severity –eq “Warning” –or $_.Severity –eq “Error”}


***Figure 7 - Errors and warnings filter

If the server is using the Server Core version, you need to install PowerShell and the cmdlets with the following three commands: 

dism /online /enable-feature /featurename:MicrosoftWindowsPowerShell*
dism /online /enable-feature /featurename:ServerManager-PSH-Cmdlets
dism /online /enable-feature /featurename:BestPractices-PSH-Cmdlets*

You can export all output to a CSV file or even create a report in HTML format.

See the example below to export all output to an HTML file: 

Get-BpaResult -BestPracticesModelId Microsoft/Windows/Hyper-V | Where-Object {$_.Severity -eq "Error" -or $_.Severity -eq “Warning” } | ConvertTo-Html -Property Severity,Category,Title,Problem,Impact,Resolution,Help -Title "BPA Report for Hyper-V" -Body "BPA Report for Hyper-V <HR>" –Head "<title>BPA Report</title><style type=’text/css’> table { border-collapse: collapse; width: 700px } body { font-family: Arial } td, th { border-width: 2px; border-style: solid; text-align: left; padding: 2px
4px; border-color: black } th { background-color: grey } td.Red { color: Red } </style>" | Out-File "C:\bpa.html"
*


*

Figure 8 - HTML Report***


Leandro Carvalho
MCSA+S+M | MCSE+S | MCTS | MCITP | MCBMSS | MCT | MVP Virtual Machine
MSVirtualization | Wordpress | Winsec.org | LinhadeCodigo | MVP Profile
Twitter: LeandroEduardo | LinkedIn: Leandroesc