Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
BCM
Member Login

Site Notices
4/18/2021 9:59:29 PM
Posted: 4/14/2017 7:31:50 PM EDT
If I'm going to seriously look at using MS time-crippled evaluations of things like Server 2016, I need an easier way to spin up fresh replacements as the older VMs time out. (Domain controllers, DNS/DHCP, etc) This is for a home & lab environment, so options without corporate grade prices are better, and open source/free is best.

I've done some reading and have some ideas. The articles I found were a bit old though, so I'm asking for a reality check. 
Ansible - nice, but doesn't support Windows?
Puppet - nice, but best feaatures are paid
Chef - like Puppet but more goodies in freeware
Powershell DSC - MS-centric, of course, but probably really useful in a Windows only shop
Chocolatey - have come to realize this is a packager, not a configuration manager
SCCM - Can I get away with using a feature of time-crippled software to build replacements of itself?
Link Posted: 4/16/2017 3:54:00 PM EDT
Ansible supports Windows but you probably don't need any of that sort of automation.

The challenge is usually provisioning machines quickly for a variety of purposes. If you're using Hyper-V, just create a new VM and install the OS from the ISO as normal.  Patch it all the way up then run sysprep set for "out of the box" and check the option for generalization.  Finally choose the option to shutdown after it finishes sysprep.  Once the VM is stopped, make a copy of the .vhdx and save it to an "image" directory.

Viola!  VMs already patched and ready to go in a few minutes.  You could create templates if you want to automate some hardware combos but honestly it's so quick to select the options manually that it's arguable whether it's worth creating a variety of templates given the relatively low volume of VM creation that is typical for home labs.

I like to keep it simple and create a baseline .vhdx "gold image" as above and then use it to make another with MS SQL Server installed and patched.  That's another common but time consuming VM to build and patch so I build an image for it right after my baseline server image.  You'll quickly know what images you'll need to create for your areas of interest, needs, and unique circumstances.

You can add roles and features as well as Windows Updates directly to the images if you need to but you rarely get to a point where just letting new VMs update after creation is so time consuming that you have to utilize another process to keep your images updated. This is especially true with 180 day eval servers.

It's hard to beat this kind of simplicity for quick VM deployment.  Of course, YMMV and setting up some additional automation like SCCM, Puppet, Chef, Ansible, or PS scripting might turn out be a better fit for you than working off of a basic "gold" image or two.
Link Posted: 4/17/2017 11:25:41 AM EDT
I completely understand the value of Gold images and pre-patched base installs. There's not a word in your reply that I'd contest. Its what I have at work, and will make sense at home too.

I may have not phrased it clearly - possibly because the overall scheme is still coming together in my head. What I'm thinking of are, for lack of a better term, configuration packs for certain basic services. When I spin up the lab to do something specific and the domain controller or DNS/DHCP or ____ box has expired, I'm more likley to miss something rushing to get it back up so I can get to what I wanted to in the first place. 

It just struck me that there are two sides to this, and I'm only passably familiar with the setup side. BUT, what happens to a 2012r2/2016 server eval instance when it expires? Can I still politely decommission an expired DC? Unregister a DNS/DHCP service on an expired install of the OS? I'm going into this with the assumption that anything I can script with Powershell or Chef, etc can also be undone via script.

I'll admit, part of this desire comes from a recent realization at work. Rebuilding one of my Hyper-V cluster hosts or backup servers from bare metal will not be a happy time. I would really like something I can run on a fresh OS to apply roles, configure NIC teams, and as much of the heavy lifting of a DR recovery as possible. 

We're a pure Windows shop, so Powershell based configuration scripts are an attractive first option. Something like DSC or Chef will be an aspirational goal. Just getting something in place is the near term target. Hmmm... how much licensing am I short to 'legally' do SCVMM... 

Dammit - derailed my own home lab post. 
Link Posted: 4/17/2017 11:32:01 AM EDT
Discussion ForumsJump to Quoted PostQuote History
Quoted:
...

It's hard to beat this kind of simplicity for quick VM deployment. Of course, YMMV and setting up some additional automation like SCCM, Puppet, Chef, Ansible, or PS scripting might turn out be a better fit for you than working off of a basic "gold" image or two.
View Quote
Though.... the more I step back from what I am focused on and look at what you're saying... There's nothing to stop me from keeping a disk image of a 2012r2 server with Hyper-V clustering roles and patches already in place. That would cover a good 50-75% of a new DR build. Add some NIC teams, attach to the right virtual switches, add cluster storage. The annoying parts are still there, but the grunt work is cut down greatly. 

Any idea if NIC teams and Hyper-V switch settings survive an Out Of Box reset?
Link Posted: 4/17/2017 12:23:48 PM EDT
You got to the heart of my reply better than I did.  



It's not the whole solution for work/production environments but you identified the real value which is imaging your most critical server/service/application/back-end builds and eliminating the grunt work so that you can get straight to the real work.  That's the point I was trying to make with the SQL server example although I kind of derailed my own point with digression!  I'm famous for that!

I am honestly not sure but I don't think NIC teams and virtual switches would survive an "OOB/Generalize" sysprep.  I've always just installed all the roles and software but then done that sort of detailed configuration work manually.  

It's worth a try though.  I will build that today and see if it will carry over to a new server.  If we were betting I'd say no!


Discussion ForumsJump to Quoted PostQuote History
Quoted:
Though.... the more I step back from what I am focused on and look at what you're saying... There's nothing to stop me from keeping a disk image of a 2012r2 server with Hyper-V clustering roles and patches already in place. That would cover a good 50-75% of a new DR build. Add some NIC teams, attach to the right virtual switches, add cluster storage. The annoying parts are still there, but the grunt work is cut down greatly. 

Any idea if NIC teams and Hyper-V switch settings survive an Out Of Box reset?
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Quoted:
Quoted:
...

It's hard to beat this kind of simplicity for quick VM deployment. Of course, YMMV and setting up some additional automation like SCCM, Puppet, Chef, Ansible, or PS scripting might turn out be a better fit for you than working off of a basic "gold" image or two.
Though.... the more I step back from what I am focused on and look at what you're saying... There's nothing to stop me from keeping a disk image of a 2012r2 server with Hyper-V clustering roles and patches already in place. That would cover a good 50-75% of a new DR build. Add some NIC teams, attach to the right virtual switches, add cluster storage. The annoying parts are still there, but the grunt work is cut down greatly. 

Any idea if NIC teams and Hyper-V switch settings survive an Out Of Box reset?
Link Posted: 4/17/2017 2:37:19 PM EDT
I appreciate the experiment on my behalf.

I'm stuck in limbo for the near future... My home office is in the middle of a "Well honey, I think _this_ room should be _there_...  ... and my storage server has been temporarily relocated to work as its the only thing available big enough to back up a failing NAS. 
Link Posted: 4/17/2017 7:09:39 PM EDT
You should be able to have most of it in the golden image, then things like NIC teaming/IP address/vSwitch configured with PowerShell DSC.
Link Posted: 4/17/2017 7:54:03 PM EDT
Ahh!  DSC.  There you go, that might be the ticket for that side of the equation.  You could also PS script it into a collection for your most typical configurations.

I dig the DSC idea though.  I don't know very much about it but what little surface level info I've picked up tells me this might be the way.  If nothing else, Enigma just gave me my homework for the month.  Time to get a little hands on with DSC!



To another point Bill, your employer needs to get their shit together and buy the storage they need so you can get your storage back.  I'd be considering charging them for usage and depreciation but I'm kind of a dick when it comes to business.  So, I don't blame you at all if you're just helping them out.  A good employer is worth it.

Tell them they need to lab up so you don't have to "learn in production" and have your back-out plan be crossed fingers because they don't have the resources you need.

Bastards.




Discussion ForumsJump to Quoted PostQuote History
Quoted:
You should be able to have most of it in the golden image, then things like NIC teaming/IP address/vSwitch configured with PowerShell DSC.
View Quote
Link Posted: 4/17/2017 8:07:50 PM EDT
Get your employer to buy you an MSDN sub with dev/testing licenses to everything.

If you have an EDU email and you are a "current student" (for most universities, just an edu email qualifies) you can get a free license from Microsoft Imagine (formerly Dreamspark).

Startups can get BizSpark is hugely discounted as well. Otherwise employer should pony up the $100/mo for a full MSDN lic.

ETA: Don't condone it, but 2012r2 and MOST features of 2016 work fine even when never activated even after trial period
Link Posted: 4/17/2017 8:52:43 PM EDT
I brought up the topic of a lab server early in my tenure. It was flatly denied. So I bought a DL585 g7 off Craigslist. 
Beyond this being a small, privately owned company, my boss hates the idea of spending money on IT. It might have something to do with them spending about a quarter mil on a rip & replace just over a year before I came on board.

I have the go-ahead to buy a new NAS box to replace this one. I'm going to shoot for two so I don't have to worry about this situation again. Or, maybe this can be my first toe in teh waters of cloud backup? It seems many/most of the NAS boxes offer some sort of cloud archive option.

Right now, I'm backing it up purely for my own purposes - it holds configs, disk images and installers that I need. I knew the hardware was starting to go unreliable... I just thought it was failing on a standard curve, not an exponential one.

Hmmm... I wonder... how expensive an MD1200 chassis might be? I already have two servers with MD1200's, and I'm pretty sure each still has a free port on the H800 raid cards... SO much better than a prosumer NAS box if I can get the dollars approved. 
Link Posted: 4/17/2017 9:03:12 PM EDT
Discussion ForumsJump to Quoted PostQuote History
Quoted:
...
If you have an EDU email and you are a "current student" ...
View Quote
I wonder what the cheapest course that would qualify me for an .edu might be...
Link Posted: 4/17/2017 10:44:45 PM EDT
If they don't even have a dev tools budget of a little over a grand a year for a professional, do they even really want you doing "dev" work? Or is this just for personal stuff?


G7s are about EoL by now IIRC as well, serviceable for a lab setup, but that's about it. Do they even have TPMs for all the new isolated process and 2016 Hyper-V stuff (Shielding, VSM, etc)?
Link Posted: 4/17/2017 11:43:53 PM EDT
Its not that they want me doing dev work - its that I'm the only IT resource in the company and I want to make things as easy on myself as possible. If that means providing my own sandbox server or hacking together rudimentary automation or configuration control, then that's what I'll do. 
Link Posted: 4/18/2017 12:17:33 AM EDT
Discussion ForumsJump to Quoted PostQuote History
Quoted:
If they don't even have a dev tools budget of a little over a grand a year for a professional, do they even really want you doing "dev" work? Or is this just for personal stuff?
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Quoted:
If they don't even have a dev tools budget of a little over a grand a year for a professional, do they even really want you doing "dev" work? Or is this just for personal stuff?
I've seen organizations with high reliance on IT and solid profit margins on 9 figure revenue streams that would refuse to purchase any training, lab, or dev subscriptions.  This is usually a mix of ignorance (good old fashioned ignorance as well as willful) about the realities of IT, benign (hopefully) neglect, and the "we aren't paying you to learn how to do the job we pay you to do" attitude.  It tends to get worse in non-IT savvy/centric businesses and as the income levels go down.  If they really KNEW the purpose behind such things they would be more than happy to provide it.

As someone in the enterprise (very large enterprise) and government side of the business, the guy that faces that obstacle and buys his own equipment to learn AND to benefit the company that won't help itself is the guy I will hire every day and twice on Sunday.  I might even buy him an MSDN subscription.  

G7s are about EoL by now IIRC as well, serviceable for a lab setup, but that's about it. Do they even have TPMs for all the new isolated process and 2016 Hyper-V stuff (Shielding, VSM, etc)?
Perhaps, but when you have to buy your own shit you don't typically go for last month's Gen9 production from a VAR.  Shit's expensive yo.  TPMs had to be purchased as an option for Gen7s.  A kit can also be purchased separately.  It's not a problem to get one if 2012R2 or 2016 components utilizing TPMs need to be lab'd out or studied.
Link Posted: 4/18/2017 2:15:30 AM EDT
Don't even get me started on the struggle to convince clients that security is something they should spend money on.

Discussion ForumsJump to Quoted PostQuote History
Quoted:


I've seen organizations with high reliance on IT and solid profit margins on 9 figure revenue streams that would refuse to purchase any training, lab, or dev subscriptions.  This is usually a mix of ignorance (good old fashioned ignorance as well as willful) about the realities of IT, benign (hopefully) neglect, and the "we aren't paying you to learn how to do the job we pay you to do" attitude.  It tends to get worse in non-IT savvy/centric businesses and as the income levels go down.  If they really KNEW the purpose behind such things they would be more than happy to provide it.

As someone in the enterprise (very large enterprise) and government side of the business, the guy that faces that obstacle and buys his own equipment to learn AND to benefit the company that won't help itself is the guy I will hire every day and twice on Sunday.  I might even buy him an MSDN subscription.  



Perhaps, but when you have to buy your own shit you don't typically go for last month's Gen9 production from a VAR.  Shit's expensive yo.  TPMs had to be purchased as an option for Gen7s.  A kit can also be purchased separately.  It's not a problem to get one if 2012R2 or 2016 components utilizing TPMs need to be lab'd out or studied.
View Quote
Link Posted: 4/18/2017 1:32:17 PM EDT
I'd have a hard time working in that environment... Considering a standard server SKU is that much or more for ONE server, I'd be a little pissed if they didn't even want to pay for that for their staff. Might as well make all the employees of a company buy their own Windows licenses too.
Link Posted: 4/18/2017 1:55:24 PM EDT
Discussion ForumsJump to Quoted PostQuote History
Quoted:
I'd have a hard time working in that environment... Considering a standard server SKU is that much or more for ONE server, I'd be a little pissed if they didn't even want to pay for that for their staff. Might as well make all the employees of a company buy their own Windows licenses too.
View Quote
Don't say that too loudly.... It may be the only way I'll get 10 Ent LTSB here, but I don't dislike the staff that much. 

It's a small financial company owned directly by the senior management. My direct boss doesn't like paying for things that don't provide a directly quantifiable and measurable ROI, and as a bonus, is not happy that IT falls under him. The desktop / laptop philosophy is if it still runs, it doesn't get replaced, no matter the age. At first I wondered why the previous holders of my job only stayed about 2 years each... 

BUT... enough of the derail. Short of jumping into Chef or paying for SCVMM, the winning answer seems to be golden images iced with Powershell and topped a dash of DSC. 

SO, my task list, in order:
Build Powershell scripts to do individual configuration steps.
String scripts together to automate major portions of the configuration.
Find out that DSC makes some/most/all of the previous steps invalid or otherwise wrong.
Build master disk images for bare metal DR - (may skip if I can't find similar hardware to build on - wonder how cheap used r720's are now?) 
Update Hyper-V golden VM image with past two+ years of patches, etc.
Link Posted: 4/18/2017 4:47:00 PM EDT
This is what blows my mind, it is a quantifiable ROI if your boss actually invested in implementing some sort of KPIs for tracking IT costs. That's what you need to be doing because then you can get real numbers to show ROI.

As for getting stuff "replaced" when it's end of life....

Well....

Discussion ForumsJump to Quoted PostQuote History
Quoted:
Don't say that too loudly.... It may be the only way I'll get 10 Ent LTSB here, but I don't dislike the staff that much. 

It's a small financial company owned directly by the senior management. My direct boss doesn't like paying for things that don't provide a directly quantifiable and measurable ROI, and as a bonus, is not happy that IT falls under him. The desktop / laptop philosophy is if it still runs, it doesn't get replaced, no matter the age. At first I wondered why the previous holders of my job only stayed about 2 years each... 

BUT... enough of the derail. Short of jumping into Chef or paying for SCVMM, the winning answer seems to be golden images iced with Powershell and topped a dash of DSC. 

SO, my task list, in order:
Build Powershell scripts to do individual configuration steps.
String scripts together to automate major portions of the configuration.
Find out that DSC makes some/most/all of the previous steps invalid or otherwise wrong.
Build master disk images for bare metal DR - (may skip if I can't find similar hardware to build on - wonder how cheap used r720's are now?) 
Update Hyper-V golden VM image with past two+ years of patches, etc.
View Quote
Link Posted: 4/19/2017 9:29:53 AM EDT
Discussion ForumsJump to Quoted PostQuote History
Quoted:
.....
Well....
View Quote
Don't think that path has never tempted me. 
Top Top