Skip navigation
Menu
Deploy SDNv2 with SCVMM 2016
Security

Deploy SDNv2 with SCVMM 2016

Q. Tips for using VMM SDN Express to deploy SDNv2.
Dept - SCVMM

A. VMM SDN Express provides a script based deployment of the entire SDNv2 set through a combination of service templates and scripted setup. A huge benefit is the only configuration is a single fabric configuration file and then the entire deployment is automatic and deployed in a consistent fashion. If something goes wrong you can fix the problem and simple rerun.

I created a video walking through many of these concepts at https://youtu.be/0tt04JUtxUQ.

 

 Below are some key tips:

  1. Make sure you download the latest SDN complete set from Github at https://github.com/Microsoft/SDN and restore the complete ZIP file to your local drive. You need the complete structure in its original folder structure on your local hard drive
  2. Ensure VMM 2016 is running the latest Update Rollup
  3. Ensure in VMM if you have a pre-existing management network it is configured correctly including VLAN configuration and that the physical network ports are all configured as trunk/tagged for all VLANs that will be utilized
  4. If using an existing port profile for the management network ensure it is ONLY used by the logical switch that will be used by SDN (this logical switch will be changed to NC managed). If the port profile is also used by another non-NC managed logical switch changes to the management network later on will fail
  5. If using an existing management network ensure it was deployed as "one connected network" with no-isolation on the corresponding VM Network. If this is not the case the conversion of the logical switch and network will fail
  6. Disable all extensions on the logical switch
  7. Make sure the Windows Server 2016 image you use has the latest patches and is Server Core or Server with Desktop Experience (not Nano Server)
  8. Ensure the administrator account you will be using is a member of the NC Management AD group you will pre-create
  9. Ensure the Client Security Group includes at least your administrator and VMM service account
  10. In the fabricconfig.psd1 ensure you have the UNC path of the VMM library share and that your admin account has write access to it. To find the correct URL navigate to Library workspace and then under Library Services expand the VMM service and right click on MSSCVMMLibrary (or whichever you are using) and select Explore. In Explorer right click the address and select Copy address as text, e.g. \\savdalvmm16.savilltech.net\MSSCVMMLibrary
  11. If using HighlyAvailableVMs in the fabricconfig.psd1 file it means it will write the VMs storage to clustered storage, e.g. a CSV
  12. Fill out all values in the fabricconfig.psd1 file and make sure the RestName is fully qualified. The fabricconfig.psd1 file I used in my environment is below. Remember that the management, PA, transit and public VIP need to be valid, routable networks. The public VIP does NOT use a VLAN as it uses BGP to advertise the routes so VLAN is 0.
  13. Sometimes execution fails. View the job status in Jobs workspace for ideas why it failed.

    You can also look in the SDN-master\VMM\scripts\VMMExpresslogfile.log file for information. Additionally if the NC fails you can login to the NC VM and in the C:\NCInstall folder are a number of txt files that give great information especially the InstallNetworkController-AllNodes.txt file. It tries to install many times so you will have plenty of time to look at the file.
  14. If execution fails (don't panic, it happens) and you want to rerun you MUST do the following before rerunning:
    • In the Library workspace select Service Deployment Configurations and ensure the NC is deleted
    • Still in Library workspace under Service Templates ensure the NC deployment service template is deleted
    • In the Library workspace under Library Servers - - delete the 3 certificate files
    • In the Settings workspace delete the NC_LocalAdminRAA and NC_MgmtAdminRAA run as accounts
    • On the domain controller in AD Users and Computers under Computers container delete the 3 computer accounts (if present) for the NC deployments (they will be prefixed with whatever you configured in the fabricconfig.psd1 file, e.g. SDN)
    • On the domain controller in DNS Manager for your domain zone delete the A records for the 3 NC services AND the REST name DNS entry (if it got that far)
  15. To start the install navigate to the SDN-master\VMM\VMM SDN Express folder in an ELEVATED PowerShell session and execute with:
    .\VMMExpress.ps1 -ConfigurationDataFile .\Fabricconfig.psd1
  16. Once install has finished you will have multiple logical networks and services in your environment. The logical switch will also show as NC managed


My example fabricconfig.psd1 file used in my deployment:

# This is the configuration file for VMM Express. All the paremeters should be
# filled in correctly for smooth deployment of VMM Express.

@{

AllNodes = 
    @(
    @{ 
     
			
        ###########################
        #  VM Creation variables  #
        ###########################
              # Name of the VHD or VHDX to use for VM creation. Must Exist in the
        # VMM Library              VHDName="GA2016.vhdx"
              # VMM Library share to be used for keeping the resources.
        VMMLibrary="\\savdalvmm16.savilltech.net\MSSCVMMLibrary"
              # Product key Can be blank if using a volume license VHD or VHDX, or you are
        #deploying in eval mode.  (Don't forget to press "skip" while VM creation).
        ProductKey="CB7KF-BWN84-R7R2Y-793K2-8XDDG" 

     #Generation of VM to be used for deployment, Values are:
        # 1. Gen1 - for Generation 1 VM
        # 2. Gen2 - for Generation 2 VM
        Generation="Gen2"

    #Type of Deployment. The values are :
        #Standalone : For single Node 
        #Production : For 3-node
        DeploymentType="Production"	

     #Higly Available VM. Do you want the infrastructural VMs to be deployed on 
        #Clustered Host and being higly Available ? If yes pass $true else $false 
        HighlyAvailableVMs = $true
              #leave it if you want default IPvAddressType to be taken which is static
        # else change it to "Dynamic"
        IPv4AddressType=""
            
    #Host Group to be Managed by Network Controller. All the Host to be 
        #Managed by Network controller should be part of this Host Group
        NCHostGroupName="NCManaged"
              ######################################################################
        #  Section to be filled if the Logical switch and Logical Network    #
        #  is already deployed for NC. You should do this if SET support is  #
        #  required. If you want VMM express to deploy the           #
        #  Logical switch and Management Network, leave it as it is.     #
        ######################################################################
              #Do you have an existing logical switch and the switch is deployed on all
        #the host you wish to Manage by NC. Values are $true or $false
        IsLogicalSwitchDeployed = $true
              #if above is true give the name of logical switch			
     LogicalSwitch  = "SDN Switch"

    # Do you have existing Management Network that you would like to use.
        # Values are : $true or $false
        IsManagementVMNetworkExisting = $true

    #if above is true give the name of ManagementVMNetwork
        ManagementVMNetwork = "MGMT" 

     #Uplink Port Profile to be used
        UplinkPortProfile = "SDN Trunk Port"               
     #====================================================================================
        #The below set of Parameters are required for creation of Management Logical Network
        #====================================================================================
         LogicalNetworks = @(
		 @{
            Name = "HNVPA"
            Subnets = @(
            @{
                VLANID = 166                        #Example: 11
                AddressPrefix = "10.7.166.0/24"              #Example: "10.0.10.0/24"
                DNS = @("10.7.173.10", "10.7.173.11") #Example: @("10.0.0.7", "10.0.0.8", "10.0.0.9")
                Gateways = "10.7.166.1"                  #Example: "10.0.10.1"
                PoolStart = "10.7.166.100"                #Example: "10.0.10.50"
                PoolEnd = "10.7.166.199"                  #Example: "10.0.10.150"
           }
            )
        },
				@{
            Name = "Transit"
            Subnets = @(
            @{
                VLANID = 167                        #Example: 11
                AddressPrefix = "10.7.167.0/24"              #Example: "10.0.10.0/24"
                DNS = @("10.7.173.10", "10.7.173.11") #Example: @("10.0.0.7", "10.0.0.8", "10.0.0.9")
                Gateways = "10.7.167.1"                  #Example: "10.0.10.1"
                PoolStart = "10.7.167.100"                #Example: "10.0.10.50"
                PoolEnd = "10.7.167.199"                  #Example: "10.0.10.150"
            }  
        )
        }, 
        @{
            #The first IP address (PoolStart) for this logical network is 
            #automatically assigned to the SLB Manager.Other addresses such
            #as the GatewayPublicIPAddress will start after that.
            Name = "PublicVIP"
            Subnets = @(
            @{
                VLANID = 0
                AddressPrefix = "10.7.165.0/24"            #Example: "10.0.20.0/24"
                DNS = @("10.7.173.10", "10.7.173.11")                  #Example: @("10.0.0.7", "10.0.0.8", "10.0.0.9")
                Gateways = "10.7.165.1"                   #Example: "10.0.20.1"
                PoolStart = "10.7.165.10"                  #Example: "10.0.20.5"
                PoolEnd = "10.7.165.99"                #Example: "10.0.20.100"
                IsPublic = $true
            }  
        )
        },
        @{
            #The first IP address (PoolStart) for this logical network is 
            #automatically assigned to the SLB Manager.Other addresses such
            #as the GatewayPublicIPAddress will start after that.
            Name = "PrivateVIP"
            Subnets = @(
            @{
                VLANID = 0
                AddressPrefix = "192.168.2.0/24"            #Example: "10.0.20.0/24"
                DNS = @("10.7.173.10", "10.7.173.11")                  #Example: @("10.0.0.7", "10.0.0.8", "10.0.0.9")
                Gateways = "192.168.2.1"                   #Example: "10.0.20.1"
                PoolStart = "192.168.2.10"                  #Example: "10.0.20.5"
                PoolEnd = "192.168.2.99"                #Example: "10.0.20.100"
                IsPublic = $false
            }  
        )
        },
        @{
            #This is used for onboarding Gateway
            Name = "GREVIP"                # Don't change this. There should be no LN with this name in VMM
            Subnets = @(
            @{
                VLANID = 0
                AddressPrefix = "192.168.3.0/24"            #Example: "10.0.20.0/24"
                DNS = @("10.7.173.10", "10.7.173.11")                  #Example: @("10.0.0.7", "10.0.0.8", "10.0.0.9")
                Gateways = "192.168.3.1"                   #Example: "10.0.20.1"
                PoolStart = "192.168.3.10"                  #Example: "10.0.20.5"
                PoolEnd = "192.168.3.99"                #Example: "10.0.20.100"
                IsPublic = $false
            }  
        )
        }

    )
				
    #=========================================================================================
        # The following set of paremeters are required for importing VMM service Template,
        # configuring the Service Template and Deploying the service Template. The list may change
        # during the develpoment phase
        #==========================================================================================

    # Make this true if self signed certificate is to be used
        # Example : $True , $False
        IsCertSelfSigned = $true  
      #The password for server certificate. This sertificate will be installed on the Host
        ServerCertificatePassword="!!Password"	       
        # The following are service settings required for configuring and
        # deploying the service template imported client security Group Name
        ClientSecurityGroupName= "savilltech\Domain Users"

    # Local Admin credentials
        # The local admin user name will be .\Administrator
        LocalAdminPassword= "password"            # Management Domain Account Which will be used for NC Deployment
        ManagementDomainUser="savilltech\administrator"
        ManagementDomainUserPassword="password"

     # This is the domain which NC VMs will join
        ManagementDomainFDQN="savilltech.net"		
      #Managemet Security Group Name
        ManagementSecurityGroupName="savilltech\NC Management"

    
              # Prefix to be added to infrastructural VMs created. Put the prefix such
        # that it makes VM name unique as this is the machine name of VM and should be unique.
        # Keep it as 2 - 3 characters              ComputerNamePrefix = "SDN"   
       # This will be registered as NC End point
        RestName = "SAVSDNNC.savilltech.net"
              ##################################
        #  Deoloyment Control Switches   #
        ##################################
                          # Do you want to deploy NC
        DeployNC = $true
              #Do you want to Deploy SLB
        DeploySLB = $true

    #Do you want to deploy GW. 
        DeployGW = $true  		       };
          );
}

 

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024