Professional Documents
Culture Documents
b0700hc D
b0700hc D
b0700hc D
User’s Guide
*B0700HC* *D*
B0700HC, Rev D
July 2022
https://www.se.com
Legal Information
The Schneider Electric brand and any trademarks of Schneider Electric SE and its
subsidiaries referred to in this guide are the property of Schneider Electric SE or its
subsidiaries. All other brands may be trademarks of their respective owners.
This guide and its content are protected under applicable copyright laws and furnished
for informational use only. No part of this guide may be reproduced or transmitted in
any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), for any purpose, without the prior written permission of Schneider Electric.
Schneider Electric does not grant any right or license for commercial use of the guide
or its content, except for a non-exclusive and personal license to consult it on an "as is"
basis. Schneider Electric products and equipment should be installed, operated,
serviced, and maintained only by qualified personnel.
As standards, specifications, and designs change from time to time, information
contained in this guide may be subject to change without notice.
To the extent permitted by applicable law, no responsibility or liability is assumed by
Schneider Electric and its subsidiaries for any errors or omissions in the informational
content of this material or consequences arising out of or resulting from the use of the
information contained herein.
Centralized Virtualization Management for Windows Server 2016
User’s Guide
Table of Contents
Preface ...............................................................................................................9
Revision Information.........................................................................................9
Related Documents..........................................................................................9
Schneider Electric Products Mentioned in this Document ..................................10
Global Customer Support ...............................................................................10
We Welcome Your Comments......................................................................... 11
Chapter 1: Overview of Virtualization ..........................................................12
Typical Virtualized System with CVM Functionality............................................12
Introduction to Central Virtualization Management (CVM)..................................12
Two Server Configuration..........................................................................13
Three Server Configuration .......................................................................13
Virtualization Host Network (VHN) ...................................................................13
Foxboro DCS Hyper-V Host Domain................................................................14
Chapter 2: Physical V91 Server Setup ........................................................16
Best Practices for Virtualization of Domain Controllers on Windows Server
2008-2016 .....................................................................................................16
Set Up the Physical V91 Server.......................................................................16
Configuring CVM Functionality ..................................................................17
Install McAfee Endpoint Security (Self-Managed) .............................................19
Chapter 3: Virtualization Host Network Connection Configuration on
a V91 Server ...................................................................................................20
Virtualization Host Network on the V91 Server..................................................20
Creating NIC Teaming When Using More Than on Network NIC...................20
Creating the Virtual Switch for the Virtualization Host ..................................22
Chapter 4: User Interface for the Installation/Configuration of the
CVM Active Directory Domain ......................................................................28
Configuration Services for Active Directory in Your Virtualized System ...............28
CVM Primary Domain Controller (PDC) Installation and Configuration on a
Virtual Windows Server 2016 ..........................................................................28
Prerequisites for Using the CVM User Interface ..........................................28
Installing and Configuring a CVM Primary Domain Controller .......................28
Verifying Successful Primary Domain Controller Installation and
Configuration ...........................................................................................40
Adding CVM Active Directory Structures to an Existing Windows Server 2016
Domain .........................................................................................................43
Verify Successful Active Directory Domain Structures Addition.....................45
Details of the Organizational Unit (OU) Structure and the Group Policy
Linkage for CVM Domain ................................................................................50
Schneider Electric ....................................................................................51
SE VM Host Accounts...............................................................................52
SE VM Hyper-V Servers............................................................................52
Remote Desktop Enabled Hyper-V Servers ................................................53
Secondary Domain Controller (SDC) Installation and Configuration on Virtual
Windows Server 2016 ....................................................................................54
B0700HC, Rev D 3
Centralized Virtualization Management for Windows Server 2016
User’s Guide
4 B0700HC, Rev D
Centralized Virtualization Management for Windows Server 2016
User’s Guide
B0700HC, Rev D 5
Centralized Virtualization Management for Windows Server 2016
User’s Guide
6 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
2016 User’s Guide
This safety alert symbol that lets you know about potential personal
injury hazards. Obey all safety messages with this symbol to avoid
possible injury or death.
DANGER
DANGER indicates a hazardous situation which, if not avoided, will result in death
or serious injury.
Failure to follow these instructions will result in death or serious injury.
WARNING
WARNING indicates a hazardous situation that, if not avoided, could result in
death or serious injury.
Failure to follow these instructions can result in death, serious injury, or
equipment damage.
CAUTION
CAUTION indicates a hazardous situation that, if not avoided, could result in
minor or moderate injury.
Failure to follow these instructions can result in injury or equipment damage.
NOTICE
NOTICE is used to address practices not related to physical injury.
Failure to follow these instructions can result in equipment damage.
Please Note
Electrical equipment should only be installed, operated, serviced, and maintained by
qualified personnel. No responsibility is assumed by Schneider Electric for any
consequences arising out of the use of this material.
A qualified person is one who has skills and knowledge related to the construction,
installation, and operation of electrical equipment and has received safety training to
recognize and avoid the hazards involved.
B0700HC, Rev D 7
n k
Bla
ef t
y L
all
io n
n t
Inte
ge
P a
h i s
T
Centralized Virtualization Management for Windows Server
Preface 2016 User’s Guide
Preface
EcoStruxure™ Foxboro DCS™ systems with Windows Server® 2016 allow you to run
Hyper-V virtual machines with EcoStruxure™ Foxboro™ DCS Control Core Services
v9.4 or later software and connect to them using thin clients.
The virtualization of the Control Core Services and EcoStruxure™ Foxboro™ DCS
Control Software (Control Software) is supported on the Microsoft® Hyper-V™
hypervisor on the V91 EcoStruxure™ Foxboro™ DCS Virtualization Server. The
number of virtual machines able to run on a single V91 have been optimized to
maintain that the virtual machines behave logically on Foxboro DCS systems the
same as physical stations.
NOTE: Virtualization is not supported on Magelis servers.
This user document is written for experienced Foxboro DCS system users. It focuses
on what is different for a virtualized Foxboro DCS system in comparison to our
standard physical Foxboro DCS system. This user document assumes that the reader
is already familiar with Control Core Services v9.4 and Foxboro DCS Control Software
v7.1 or later, the Foxboro DCS Control Network (Control Network), and Windows
Server® 2016 Standard functionality (including Remote Desktop Services
capabilities). If you are not already knowledgeable with these subject areas, review
the documents listed in Related Documents, page 9. The intent of this user document
is to not repeat functionality that is already documented in other locations.
For information regarding the Model V91 Server Virtualization Host, see the
document: Hardware and Software Specific Instructions for Model V91 Server
Virtualization Host (HP DL380 Gen9) Windows Server 2016 Operating System
(B0700HE).
Revision Information
This revision of the document includes these changes:
Related Documents
• Alarm and Display Manager Configurator (ADMC) Guide (B0700AM)
• Control Core Services v9.4 Software Installation Guide (B0700SX)
• Control Core Services v9.4 Release Notes (B0700SY)
• Control Core Services v9.5 Software Installation Guide (B0700TC)
• Control Core Services v9.5 Release Notes (B0700TD)
• Control Core Services v9.6 Software Installation Guide (B0700TK)
• Control Core Services v9.6 Release Notes (B0700TL)
• Control Software v7.2 Installation Guide (B0750RA)
• I/A Series Configuration Component (IACC) User's Guide (B0700FE)
• I/A Series Configuration Component (IACC) V2.6.4 Release Notes (B0700SM)
• Integrated Control Configurator (B0193AV)
• Control Database Deployment User's Guide (B0750AJ)
• Flat Panel Monitor Software Setup for UNIX® and Windows® Workstations
(B0193PL)
B0700HC, Rev D 9
Centralized Virtualization Management for Windows Server 2016
User’s Guide Preface
10 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Preface 2016 User’s Guide
B0700HC, Rev D 11
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 1: Overview of Virtualization
Figure 1 - Typical Virtualized System Using Standalone V91 with the Virtual Host
Network
TC TC TC TC TC TC TC TC TC TC TC TC TC TC TC
100Mbps 100Mbps
1Gbps 1Gbps
FDCN
100Mbps
12 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 1: Overview of Virtualization 2016 User’s Guide
Control Network
Control Network
Replica 1 1 VM-10
1 2 No
VMs 4 5 Replication NIC
Primary VM-10 TEAM
6 7 8 9 No
VMs Replication
B0700HC, Rev D 13
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 1: Overview of Virtualization
See VHN Dedicated Network - No Switch Needed for Two Servers, page 13 for an
example of two V91 servers on the Virtualization Host Network.
When connecting more than two V91 Servers, use a suitable switch/or pair of
switches for redundancy. The switch must be able to support connections to the 1Gb
Copper or 1Gb Fiber NICs available with the V91 server. For a full list of NICs
available with V91, see Appendix A: NIC Teaming in Combination with Various NIC
Selections Available with V91, page 199. See VHN Dedicated Network - Switches
Needed for Three Servers, page 13 for an example of three V91 servers on the
Virtualization Host Network.
The resulting network created with the switches must be able to handle bandwidth
and latency requirements as indicated in these tables.
The next table provides maximum network latency that can be tolerated for successful
ongoing replication. These results are based on a historian VM with 5K points
changing every second.
For the test setup, two V91 servers with a direct connect cable for Virtualization Host
Network was used. Network latency was introduced using “Microsoft's Network
Emulator for Windows Toolkit (NEWT)”.
14 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 1: Overview of Virtualization 2016 User’s Guide
B0700HC, Rev D 15
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 2: Physical V91 Server Setup
NOTICE
POTENTIAL DATA LOSS
• Do not pause or stop a virtual machine that is running a domain controller. To
stop it, always shut down a domain controller from within Windows.
• Do not copy or clone VHD files of a virtual machine that is running a domain
controller. Always perform proper backup/restore operations using the supported
backup software.
• Do not use the Snapshot/Checkpoint feature or store the saved state as a
backup of a virtual machine domain controller.
• Do not use the Export feature on a virtual machine that is running a domain
controller (except for lab testing).
• Do not restore a domain controller or attempt to roll back the contents of an
Active Directory database by any means other than using the supported backup
software.
• Do not use Hyper-V replication for any domain controller (PDC, SDC) VMs.
• Performing any of these actions might result in Active Directory corruption, which
might require restoring from backup or rebuilding one or all the active directory
domain controllers.
Failure to follow these instructions can result in data loss.
NOTICE
POTENTIAL SECURITY VULNERABILITY
The default factory-shipped Administrator account name and the password for the
account in the V91 server virtualization host are:
• Account Name: Account1
• Account As-Shipped Password: Password1
We strongly advise that you change the default password after receiving the V91.
Verify that any new passwords are documented in a secured location.
Failure to follow these instructions will leave the system accessible to
unauthorized users.
16 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 2: Physical V91 Server Setup 2016 User’s Guide
• The manual steps required to set up the physical server, with references to more
detailed information
◦ Before installing the Antivirus software, you must install the Local Group
Policies.
◦ We strongly recommend that you install approved security patches. The latest
security patches are available on the Global Customer Support at https://
pasupport.schneider-electric.com (registration required)
Need to create a
No Setup V91
Virtual Machine
Yes
B0700HC, Rev D 17
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 2: Physical V91 Server Setup
2. On any V91 Server, create a Virtual Machine (VM) for the Server 2016 CVM
Primary Domain Controller (PDC). On another V91 Server, create a VM for the
Server 2016 CVM Secondary Domain Controller (SDC). See Virtualization for
Windows Server 2016 User's Guide (B0700HD).
3. Install the Windows Server 2016 VM image (K0177BD) on the CVM PDC VM and
the CVM SDC VM. After reboot, set the CVM PDC and SDC computer names.
See Virtualization for Windows Server 2016 User's Guide (B0700HD).
4. On the CVM PDC and SDC VMs, install a preferred virus scanner. See Related
Documents, page 9 for the latest McAfee ENS and ePO Installation Guide.
5. On the CVM PDC and SDC VMs, activate Windows Server 2016 OS. For more
information., see Hardware and Software Specific Instructions for Model V91
Server Virtualization Host (HP DL380 Gen9) Windows Server 2016 Operating
System (B0700HE).
6. On each V91 Host Server, assign IP addresses for the CVM PDC and SDC into
the DNS Server entries. See Chapter 3: Virtualization Host Network Connection
Configuration on a V91 Server, page 20.
7. Install Active Directory on the CVM PDC and SDC VMs. See Chapter 4: User
Interface for the Installation/Configuration of the CVM Active Directory Domain,
page 28.
8. Add the physical V91 Host Servers to the domain. See Addition of a V91
Windows Server 2016 to a CVM Domain, page 60.
9. To install the remaining (non CVM PDC and SDC) VM images, see Virtualization
for Windows Server 2016 User's Guide (B0700HD).
18 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 2: Physical V91 Server Setup 2016 User’s Guide
10. For more information, see Chapter 3: Virtualization Host Network Connection
Configuration on a V91 Server, page 20, Chapter 6: Replication Setup and
Enabling Process, page 66, and Chapter 7: Live Migration Configuration, page
115.
Configure replication
Re-enable Threat
and live migration on
Preventions (ENS)
hosts
B0700HC, Rev D 19
Centralized Virtualization Management for Windows Server 2016 Chapter 3: Virtualization Host Network Connection
User’s Guide Configuration on a V91 Server
20 B0700HC, Rev D
Chapter 3: Virtualization Host Network Connection Configuration Centralized Virtualization Management for Windows Server
on a V91 Server 2016 User’s Guide
3. Select the checkbox for each of the selected NICS to be used for the NIC
teaming. Enter a Team Name. In the example image, the Virtualization Host
Network Team uses two NICS.
The configured team name with related information appears in the NIC Teaming
window.
B0700HC, Rev D 21
Centralized Virtualization Management for Windows Server 2016 Chapter 3: Virtualization Host Network Connection
User’s Guide Configuration on a V91 Server
22 B0700HC, Rev D
Chapter 3: Virtualization Host Network Connection Configuration Centralized Virtualization Management for Windows Server
on a V91 Server 2016 User’s Guide
2. On the Virtual Switch Manager window, select New virtual network switch and
in the Create Virtual Switch panel, select External. Click Create Virtual Switch.
3. In the Virtual Switch Manager window, enter the Virtual Switch Properties
information. For example:
a. For the name, enter Virtualization Host Network Connection.
b. Select Microsoft Network Adapter Multiplexor Driver from the external
network list.
c. Select Allow Management operating system to share this network
adapter.
d. Click Apply.
B0700HC, Rev D 23
Centralized Virtualization Management for Windows Server 2016 Chapter 3: Virtualization Host Network Connection
User’s Guide Configuration on a V91 Server
24 B0700HC, Rev D
Chapter 3: Virtualization Host Network Connection Configuration Centralized Virtualization Management for Windows Server
on a V91 Server 2016 User’s Guide
5. On the Network Connections screen, the newly created connection appears as:
• Device Name: Hyper-V Virtual Ethernet Adapter
• Network Name: vEthernet (Virtualization Host Network Connection)
B0700HC, Rev D 25
Centralized Virtualization Management for Windows Server 2016 Chapter 3: Virtualization Host Network Connection
User’s Guide Configuration on a V91 Server
26 B0700HC, Rev D
Chapter 3: Virtualization Host Network Connection Configuration Centralized Virtualization Management for Windows Server
on a V91 Server 2016 User’s Guide
9. Enter the IP address for this host and click OK. See Appendix B: IP Address
Schemes, page 202 for IP address suggestions.
B0700HC, Rev D 27
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
28 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
2. When the CVM VM starts, the system should automatically logon with Account1
user. If it does not, log in as Account1 using default Password1 as the password.
Open Hyper-V and start the PDC VM.
NOTE: This Account1 will be deleted after the Active Directory is configured.
B0700HC, Rev D 29
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
b. From the View Your Active Networks field, click the adapter that will be
configured for CVM Domain. The adapter (Ethernet) Status appears.
30 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
B0700HC, Rev D 31
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
4. Install Local Group Policy Object for Server 2016. For more information, see
the Local Group Policy Installation Guide (B0799FA).
5. Install Self Managed ENS. See Related Documents, page 9 for the latest McAfee
ENS and ePO Installation Guide.
6. Disable Threat Prevention of the ENS. See Related Documents, page 9 for the
latest McAfee ENS and ePO Installation Guide.
7. Insert the V91 Virtualization Configuration Setup Media DVD into the DVD drive
on the V91 host machine.
8. Copy the ISO image from the DVD drive to either the host v91's hard drive or an
external hard drive.
9. On the CVM VM, from the main menu bar, Click Media > DVD Drive > Insert
Disk to browse for the ISO image from the host’s hard drive or external hard
drive.
32 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
10. Browse to the location where you have copied the CVM ISO media and double-
click CVMGui.exe to start the PDC installation and configuration.
NOTE: When system reboot is pending and you try to install the CVMGUI.
exe, the system message will display. Click OK to reboot the machine. The
CVMGUI.exe installation will start automatically after reboot.
NOTE:
• Verify that only one instance of the CVMGui.exe is running.
• These common steps (Step 1 through Step 9) are also repeated for
Secondary Domain Controller (SDC) Installation and Configuration on
Virtual Windows Server 2016, page 54.
B0700HC, Rev D 33
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
11. Select Create New Server 2016 Primary Domain Controller. Click Next to start
the PDC installation.
34 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
12. Enter the password for the built-in administrator in the Create Built-in
Administrator Password fields and click Set. After successfully configured, the
password fields will be disabled and the Domain Information group of fields will
be enabled.
13. The NetBIOS domain name is the name that you see when you log into the
domain. It is generated by the installation application and appears in the text box
NetBIOS Name. The generated NETBIOS name is based on the domain name
specified. The rules for generating a NETBIOS name are:
• The maximum length of the name should be 15 characters.
• The minimum length of the name should be 2 characters.
• It can contain any combination of upper and lower case letters and numbers
as well as special characters.
• It allows only -(Hyphen) and _(underscore) special characters.
• If the generated name does not conform with these rules or is not suitable to
your requirements, you are free to change it in the textbox. Generally, this
value is set to the same name as the last segment of the domain name.
14. Under Domain Information enter the DSRM password. The DSRM password
must have a minimum of 14 characters with at least one upper case letter, at least
one lower case letter and at least one numeric digit.
B0700HC, Rev D 35
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
16. When the Confirmation dialog box for the Active Directory installation process
appears, click Yes to proceed.
This usually takes a few minutes to complete. Wait while Active Directory is being
installed.
36 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
17. When the Active Directory installation has successfully completed, the Active
Directory Installation dialog box appears indicating you can restart the server.
Click Yes to reboot the server. If you click No, you must reboot the server
manually.
NOTICE
POTENTIAL INSTALLATION FAILURE
It is inadvisable to make changes to the computer time between reboots.
Failure to follow these instructions can result in an installation failure.
18. As the server is rebooting, you are notified, click Close to continue.
19. When the Server restarts, it prompts for unlock, press Ctrl+Alt+Del. The login
screen appears. Login with the Built-in administrator user.
B0700HC, Rev D 37
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
20. When you log in to the server, the User Account Control (UAC) dialog box
appears. Click Yes to continue with the installation.
21. The installation resumes and the Groups and Users Configuration appears
filled with default usernames for the CVM domain. If you want to change the
default usernames, enter the desired username for each of the user accounts as
well as the associated passwords. Click Apply.
NOTE:
• If you cannot see the Groups and Users Configuration window,
browse to the location on the virtual server where the CVM ISO media is
copied and open CVMGui.exe to proceed with the installation.
• VMDomainAdmin and VMHostAdmin users require a minimum 14
character length password with at least one upper case letter, at least
one lower case letter, and at least one numeric digit.
38 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
22. When creating users and installing group policies, this message appears.
23. In the Reboot request window, click Reboot to complete the Primary Domain
Controller installation.
B0700HC, Rev D 39
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
40 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
B0700HC, Rev D 41
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
42 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
6. In Organizational Units on the new Primary Domain Controller, confirm that these
group policy objects were created.
B0700HC, Rev D 43
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
structures does not have any impact on the functionality of the users/computers/
policies of the existing domain. The “Schneider Electric” OU has an inheritance block
in order to help prevent the policies of the existing domain being applied on the CVM
V91 hosts.
NOTE: As a standard supported solution, we do not recommend adding the CVM
Active Directory Structures to an existing Foxboro DCS Windows Server 2016
Active Directory. For other Engineered Solutions available, see Configuration
Services for Active Directory in Your Virtualized System, page 28.
After installing, a V91 virtualization host can be joined to the domain. In this scenario,
a V91 host will be under the “SE VM Hyper-V Servers” OU to help ensure that only the
CVM group polices are applied on to the V91 host.
1. Log on to the enterprise domain controller as domain administrator.
2. Browse to the DVD-ROM location and open the CVMGui.exe file.
3. Click Add AD Structures to Existing Server 2016 Domain. Click Next.
44 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
4. After the completion of the install process, the Group Policy Settings Applied
Successfully confirmation dialog box appears. Click OK. The installation is
complete.
5. To verify the CVM Security Configuration settings for this existing domain, see
Verifying Successful Primary Domain Controller Installation and Configuration,
page 40.
NOTE:
• The Group policies and Organization Unit (OU) structure are imported to
an existing domain. SE VM Host Users are not created.
• After completion of this step, add a user of VMHostAdmin. Use this user
account to log on to the V91 domain clients that will be a part of the CVM
system. See Appendix H: Creating VMHostAdmin Users in the Active
Directory, page 254 for the procedure.
B0700HC, Rev D 45
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
Schneider Electric
This is the top level OU. The Virt IE 11 Merged Baseline 2.0 policy is linked to this
OU. The policy is applicable to all the entities underneath this OU. There are two more
OUs under it: SE VM Host Accounts and SE VM Host Computers.
NOTE: For Schneider Electric OU the Block Inheritance flag is applied which
means that the policies above the Schneider Electric OU will not be applied to
Schneider Electric OU.
46 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
This image shows the details of the Group Policy Inheritance for the Schneider
Electric OU.
SE VM Host Accounts
This OU is under Schneider Electric and there are two OUs under SE VM Host
Accounts.
There are no additional policies applied to this OU or the ones under it. This image
shows the details of the Group Policy Inheritance for the SE VM Host Accounts
OU.
B0700HC, Rev D 47
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
This image shows the details of Group Policy Inheritance for the SE VM Host
Groups OU.
This image shows the details of Group Policy Inheritance for the SE VM Host Users
OU.
SE VM Host Computers
This OU is under Schneider Electric and there is one OU under SE VM Host
Computers.
There are no additional policies applied to this example OU. This image shows details
of Group Policy Inheritance for the SE VM Host Computers OU.
48 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
SE VM Hyper-V Servers
SE Server 2016 Member Server Security Compliance v1.0, Virt Hyper-V Merged
Baseline 2.0, Virt Hyper-V Security Services 2.0, Virt non-SE Restricted Group
Policy for SE CVM Domain v1.0, and VM Host Security Compliance v1.0 policies
are linked to this OU.
This image shows the details of Group Policy Inheritance for SE VM Hyper-V
Servers OU.
B0700HC, Rev D 49
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
This image shows the details of Group Policy Inheritance for Remote Desktop
Enabled Hyper-V Servers OU.
NOTE: By default, the remote desktop services are disabled on the CVM Domain
Controllers and the V91 domain hosts. See Appendix G: Enabling Remote
Desktop Services, page 249 for the procedure to enable the remote desktop
services on PDC/SDC and V91 CVM domain clients.
50 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
Schneider Electric
This is the top level OU. The Virt Domain Security Compliance 2.0 and the Virt IE
11 Merged Baseline 2.0 policies are linked to this OU. These policies are applicable
to all the entities underneath this OU. There are two more OUs under it: SE VM Host
Accounts and SE VM Host Computers.
This image shows the details of the Group Policy Inheritance for the Schneider
Electric OU.
B0700HC, Rev D 51
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
SE VM Host Accounts
This OU is under Schneider Electric and there are two OUs under SE VM Host
Accounts.
There are no additional policies applied to this OU or the ones under it. This image
shows the details of the Group Policy Inheritance for the SE VM Host Accounts
OU.
The previous image shows the details for all three OUs.
SE VM Hyper-V Servers
SE Server 2016 Member Server Security Compliance v1.0, Virt Hyper-V Merged
Baseline 2.0, Virt Hyper-V Security Services 2.0, Virt SE Restricted Group Policy
for SE CVM Domain v1.0, and VM Host Security Compliance v1.0 policies are
linked to this OU.
52 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
This image shows the details of Group Policy Inheritance for SE VM Hyper-V
Servers OU.
This OU is under SE VM Hyper-V Servers. Virt Hyper-V Security RDP Enabled 2.0
and Virt Remote Access Settings For V91 Host Enabled 2.0 policies are linked to
this OU.
This image shows the details of Group Policy Inheritance for Remote Desktop
Enabled Hyper-V Servers OU.
NOTE: By default, the remote desktop services are disabled on the CVM Domain
Controllers and the V91 domain hosts. See Appendix G: Enabling Remote
Desktop Services, page 249 for the procedure to enable the remote desktop
services on PDC/SDC and V91 CVM domain clients.
B0700HC, Rev D 53
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
54 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
4. Install Local Group Policy Object for Server 2016, see Local Group Policy
Installation Guide (B0799FA) for more information.
5. Install Self Managed ENS. See Related Documents, page 9 for the latest
McAfee ENS and ePO Installation Guide.
6. Disable Threat Prevention of the ENS. See Related Documents, page 9 for the
latest McAfee ENS and ePO Installation Guide.
7. Insert the V91 Virtualization Configuration Setup Media DVD into the DVD drive
on the V91 host machine.
8. Copy the ISO image from the DVD drive to either the host V91's hard drive or an
external hard drive.
9. On the CVM VM, from the main menu bar, Click Media > DVD Drive > Insert
Disk to browse for the ISO image from the host’s hard drive or external hard
drive.
10. Browse to the location where you have copied the CVM ISO media and double-
click CVMGui.exe to start the SDC installation and configuration.
NOTE:
• When system reboot is pending and you try to install the CVMGUI.exe, a
message appears. Click OK to reboot the machine. The CVMGUI.exe
installation will start automatically after reboot.
• Verify that only one instance of the CVMGui.exe is running.
B0700HC, Rev D 55
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
56 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
3. Select Create Server 2016 Secondary Domain Controller and click Next to
start the SDC installation.
NOTICE
POTENTIAL DATA LOSS
Before proceeding, make sure the computer time matches the time and time
zone on the PDC.
Failure to follow these instructions can result in data loss.
B0700HC, Rev D 57
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
NOTE: You might receive the CVM Installation message. Click OK in the
SecondaryDomainController window again and click Apply. If you receive
the same CVM Installation message continuously even after clicking OK,
verify that you performed the steps correctly.
58 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
5. When the CVM Installation dialog box regarding the SDC installation process
appears, click Yes to proceed.
NOTICE
POTENTIAL INSTALLATION FAILURE
It is inadvisable to make changes to the computer time between reboots.
Failure to follow these instructions can result in an installation failure.
B0700HC, Rev D 59
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
9. When the Server restarts, log in using the Domain Admin privileged user account.
60 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
2. From the View Your Active Networks field, click the adapter that will be
configured for the CVM Domain.
The adapter (Ethernet) Status window appears.
3. Click Properties.
The adapter (Ethernet) Properties window appears.
4. Select the Internet Protocol Version 4 (TCP/IPv4) checkbox and click
Properties.
The Internet Protocol Version 4 (TCP/IPv4) Properties window appears.
5. Select Use the Following DNS Server Address, enter the PDC IP address in
the Preferred DNS Server field and SDC IP address in the Alternate DNS
Server field. Click OK.
B0700HC, Rev D 61
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
Installation and Configuration on Virtual Windows Server 2016, page 54. Perform
these additional steps to add the Windows Server 2016 server to a domain:
1. Browse the DVD-ROM location and double-click CVMGui.exe to start the
application.
NOTICE
POTENTIAL DATA LOSS
Before proceeding, confirm the computer time matches the time and time zone
on the PDC.
Failure to follow these instructions can result in data loss.
62 B0700HC, Rev D
Chapter 4: User Interface for the Installation/Configuration of the Centralized Virtualization Management for Windows Server
CVM Active Directory Domain 2016 User’s Guide
3. The fields in the Domain Controller Information group are populated with the
default names. Verify that you provide the correct domain name that might have
been specified while installing the PDC: Primary Domain Name, Domain
Administrator User Name, and Password.
4. In the Domain User Name field, specify the user with domain administrator
privileges.
5. Click Apply. It takes a few minutes.
NOTE: The GUI program automatically checks for the time difference
between the Host server and the Domain controller. A system message
appears in the case of a time mismatch. When the time difference is
corrected, click Apply to connect the join.
B0700HC, Rev D 63
Centralized Virtualization Management for Windows Server 2016 Chapter 4: User Interface for the Installation/Configuration of
User’s Guide the CVM Active Directory Domain
6. When the confirmation dialog box appears indicating that the Server 2016
Virtualization Host was joined to the Server 2016 domain successfully, click OK to
complete the installation.
NOTE:
• After a V91 host is joined as a member of the CVM active directory, the
security policy applied on the V91 host restricts the access of untrusted
network devices such as network file servers to help prevent possible
vulnerability. In circumstances where accessing those network drives is
required, the security can be relaxed. See Appendix E: Network Drive
Access, page 243 for the procedure.
• By default, the Performance Counters feature has been disabled on the
V91 hosts. See Appendix F: Performance Counters, page 246 to enable
the Performance Counters feature.
• By default, the Remote Desktop Services are disabled on the CVM
Domain Controllers and the V91 domain hosts. See Appendix G:
Enabling Remote Desktop Services, page 249 for the procedure to
enable the Remote Desktop Services on PDC/SDC and V91 CVM
domain clients.
64 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 5: Virtual Machines on Windows Server 2016 Hyper-V 2016 User’s Guide
B0700HC, Rev D 65
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
66 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
2. From the list of virtual machines related to the server, select Hyper-V settings
using one of these methods:
• With the server selected, right-click and select Hyper-V Settings from the
menu.
• On the right panel, select Hyper-V Settings.
B0700HC, Rev D 67
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
68 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
B0700HC, Rev D 69
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
4. With the computer enabled as a Replica server, begin the configuration steps
according to your security requirements:
• See Kerberos (HTTP) Usage, page 70 for non-encrypted network custom or
default port data.
• See Certificate-based Authorization (HTTPS) Usage, page 87 for encrypted
network data.
70 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
2. In the Specify Port field, the default port is: 80. Change to the desired port
number, for example, 18777.
NOTICE
POTENTIAL SECURITY VULNERABILITY
Port 80 is a well-known port for use with Internet (HTTP) protocols. From an
enhanced security point of view, it is advisable to avoid use of port 80
whenever possible.
Failure to follow these instructions will leave the system accessible to
unauthorized users.
B0700HC, Rev D 71
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
72 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
A system message dialog box appears indicating that the firewall must be
configured to allow inbound traffic.
7. You must configure a rule to check if the inbound TCP exception for your desired
(custom or default) port is enabled in the firewall. See Firewall Inbound Traffic
Rule Configuration, page 74 for how to configure the firewall inbound traffic rule.
B0700HC, Rev D 73
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
2. In the Windows Firewall screen, click Advanced settings in the left panel.
74 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
5. With Inbound Rules selected, click New Rule on the right panel.
B0700HC, Rev D 75
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
6. The New Inbound Rule Wizard starts. In the left panel, observe the steps related
to the new inbound firewall rule configuration: Rule Type, Program and Ports
(when Port is selected), Action, Profile, and Name.
7. If creating an Inbound Port Rule for a custom port (for example, 18777), see
Custom Port - New Inbound Rule Wizard, page 78 and complete the steps. Then
go to Step 8.
If creating the rule for the default port (port 80), see Default Port - New Inbound
Rule Wizard, page 84 and complete the steps. Then continue to Step 8.
76 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
8. Close all Firewall Setup windows. In the Configure Firewall Settings dialog
box, click OK.
The Hyper-V Settings are now complete for using Kerberos (custom port or
default port).
Repeat the steps in Hyper-V Server Selection for Replication, page 67 to this
point for each Hyper-V Server with virtual machines that need replication with
these settings.
B0700HC, Rev D 77
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
2. Enter the custom/desired port number you entered during Authentication and
Ports configuration.
For reference, this image shows an example with the “18777” port being used.
• Click TCP.
• Click Specific local ports and enter 18777 in the text box.
• Click Next.
78 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
3. Verify that the Allow the connection checkbox is selected and click Next.
B0700HC, Rev D 79
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
4. Selcect all checkboxes (Domain, Private, and Public) and click Next.
5. In the Name field, enter a name for the Inbound Port rule created and a short
description in the Description field.
80 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
6. When the newly created Port Rule appears in the Inbound rules, right-click the
custom port rule and select Properties.
Under the General tab, the configured name and description for the Custom Port
Rule appears as well as the action setting.
B0700HC, Rev D 81
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
82 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
8. The modified Inbound Rule for the custom port is now visible in the Inbound
Rules window and provides the rule Name, Group, Profile, Enabled, Action,
Override, and Program information.
Skip Default Port - New Inbound Rule Wizard, page 84.
B0700HC, Rev D 83
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
3. On the Predefined Rules screen, select Hyper-V Replica HTTP Listener (TCP-
In) and click Next.
84 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
B0700HC, Rev D 85
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
4. Select Allow the connection and click Finish. If necessary, click Finish again
and close the dialog box.
The newly created rule is now visible under the Inbound Rules.
The pre-defined Inbound Rule for the default port is now visible in the Inbound
Rules window and provides the rule Name, Group, Profile, Enabled, Action,
Override, and Program information.
86 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
Security Certificates
Workgroup Security Model requires a certificate for authentication. If you plan to use
certificate-based authentication (required for the replicated data to be encrypted
during transmission), you will need an appropriate certificate, which can either be local
and self-signed or supplied by a certificate server in your deployment.
NOTE: See Appendix C: Certificate Creation Using the Makecert Tool, page 203
for instructions on how to create and configure certificates using the makecert.
exe utility. See Appendix D: Certificate Creation Using the OpenSSL Tool, page
230 for instructions on how to create and configure certificates using the
OpenSSL utility.
B0700HC, Rev D 87
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
• Set the Subject field or the Subject Alternative Name using one of these methods:
◦ Set the Subject field to the primary server name (for example: primary1.
contoso.com). If the primary server is part of a cluster, check that the subject
field is set to the FQDN of the HVR Broker (install this certificate on all the
nodes of the cluster)
◦ Subject field can contain a wildcard (for example: *.department.contoso.com)
◦ For a SAN certificate, set the Subject Alternative Name's DNS Name to the
primary server name (for example, primary1.contoso.com). If the primary
server is part of a cluster, the Subject Alternative Name of the certificate
should contain the FQDN of the HVR Broker (install this certificate on all the
nodes of the cluster).
• Check to see if the root of this certificate is present in the “Trusted Root
Certification Authorities” of the replica server certificate store. See Importing
Certificate to Target Hyper-V Replica Servers, page 219.
certutil Validation
After the certificate is installed, run this command from the command prompt on both
the primary and replica server: certutil -store my
At least one of the certificates in your output should resemble sample output as shown
in this image, such that, the Encryption test (not just Signature) has passed.
88 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
B0700HC, Rev D 89
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
90 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
NOTE: When you click Select Certificate, you immediately see this
window with the Certificate details. If you see any detected error
messages, close the wizard and verify whether the correct certificate was
imported. If not, restart the wizard and start again.
B0700HC, Rev D 91
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
8. On the Configure Firewall Settings dialog box, click OK to close the dialog box.
92 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
3. Right-click Hyper-V Replica HTTPS Listener (TCP-In) and then select Enable
Rule. Make sure the rule is enabled for the proper network.
B0700HC, Rev D 93
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
2. In the Task Pane (right pane), select Enable Replication. This is available from
the right-click menu.
94 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
4. From the Specify Replica Server screen, enter the Replica server and click
Next.
NOTE: This image shows an example of the name of the destination server
that will receive the replica information from the network.
B0700HC, Rev D 95
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
96 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
7. Confirm the Compress the data that is transmitted over the network
checkbox is selected regardless of authentication type selected. Click Next.
8. On the Choose Replication VHDs screen, read the screen information regarding
the use of the checkboxes and enable the desired VHDs that you want to
replicate. Click Next.
B0700HC, Rev D 97
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
98 B0700HC, Rev D
Centralized Virtualization Management for Windows Server
Chapter 6: Replication Setup and Enabling Process 2016 User’s Guide
11. On the Choose Initial Replication Method screen, the settings for replication
enabling are:
a. For network enabling, confirm the defaults, Send initial copy over the
network and Start replication immediately, are selected.
b. For external drive enabling, select Send initial copy using external media
and use Browse to locate the USB storage location to export the initial
replication copy.
Click Next.
B0700HC, Rev D 99
Centralized Virtualization Management for Windows Server 2016
User’s Guide Chapter 6: Replication Setup and Enabling Process
12. On the Completing the Enable Replication screen, review the replication
configuration information for the Replica server.
To enable the replication (via the network or external media) and close the
wizard, click Finish.
14. If you selected the external drive replication, open Hyper-V Manger in the Replica
server. Right-click the Replica VM instance and select Import Initial Replica
from the Replication menu.
15. On the Import Initial Replication dialog box, browse to the replication files in the
USB drive. Click Complete Initial Replication.
16. Check that the Network Adapter settings are set manually in the Replica Server.
Planned Failover
Before proceeding with the planned failover, verify that both the primary VM and the
Replica VM have identical NIC settings and that they are connected to the correct
networks.
For more information on NIC settings, see these sections in Virtualization for Windows
Server 2016 User's Guide (B0700HD):
• “Configuring Additional Network Interface Cards for Use in Foxboro DCS for a
Virtual Machine Using Hyper-V Manager”
• “Configuring Foxboro DCS Virtual Machine Foxboro DCS Control Network
Connections to be Static”
1. Start the Hyper-V Manager on the primary server and select the virtual machine
to failover. See this image for the primary server and selected virtual machine.
2. Shut down the selected virtual machine in order to schedule the failover by
performing one of these actions:
• Select the virtual machine name in Hyper-V Manager, right-click to access
the menu, and select Shut Down.
• Select Shut Down on the right panel.
• Select Shut Down from the Action menu main menu in the virtual machine
window.
• Select the Power (Shutdown) under the main menu in the virtual machine
window.
3. In the list of virtual machines associated with the primary server, right-click the
virtual machine to failover, select Replication, and then select Planned Failover.
5. After selecting Failover, the prerequisite check and actions are completed and a
confirmation dialog box appears.
Planned failover has successfully completed when you see the success dialog
box.
NOTICE
POTENTIAL DATA LOSS
When you are planning to bring your virtual machines back online after an
unplanned hardware unavailability, be sure to consider whether the primary server
is to be brought back online and reverse replication performed.
Failure to follow these instructions can result in data loss.
2. In the resulting dialog box, select the recovery snapshot that you want the virtual
machine to recover.
The Replication Status changes to Failed over - waiting completion and the
virtual machine starts using the network parameters you previously configured for
it. This image indicates that the Failover task is in progress.
4. Failover is complete when the VM state is shown as running and this information
is shown in the lower left of the screen.
For each virtual machine you want to bring back online, repeat Step 1 through
Step 4.
NOTICE
POTENTIAL DATA LOSS
You must shut down the primary VM after it comes back online in order to reverse
the replication.
Failure to follow these instructions can result in data loss.
1. When the previously unavailable server is back online, if the old primary virtual
machine is still running, shut the primary virtual machine down immediately using
one of these methods.
• Click the virtual machine name in Hyper-V Manager and select Shut Down.
3. When you are sure that the original (previously unavailable) primary virtual
machine has been shut down, proceed with these steps on the Replica virtual
machine which has undergone the failover process. The status shows that it is
still Replica and failover is complete.
6. To perform the reverse replication steps that are similar to those in the Enable
Replication Wizard, perform Step 4 through Step 11 in the procedure Initial
Virtual Machine Replication over the Network or via an External Drive, page 93.
NOTE: The Reverse Replication Wizard for <server name> appears on
the title screens in the current Reverse Replication Wizard being used.
7. Review the selections on the Summary screen. Click Finish.
• When the initial replication is complete the replication tab indicates this:
3. With the server selected, right-click and select Hyper-V Settings from the menu
or on the right side panel, select Hyper-V Settings.
5. Select the Enable incoming and outgoing live migrations checkbox and select
Use these IP addresses for live migration.
6. Click Add to access the IP Address dialog box. Enter the IP address for the VM
Host network in use on this server. Click OK.
3. Click Apply to apply the Live Migration configuration for the CredSSP
authentication protocol and the compression performance. Click OK.
NOTICE
POTENTIAL MIGRATION FAILURE
The Authentication protocol in use on both the source and destination servers
must match.
Failure to follow these instructions will result in Live Migration failure.
4. Perform the previous steps in this section on both the source and destination
Hyper-V Host.
3. Click Apply to apply the Live Migration configuration for the Kerberos
authentication protocol and the compression performance. Click OK.
NOTICE
POTENTIAL MIGRATION FAILURE
The Authentication protocol in use on both the source and destination servers
must match.
Failure to follow these instructions will result in Live Migration failure.
4. Perform the previous steps in this section on both the source and destination
Hyper-V Host.
2. In the Active Directory Users and Computers window, double-click the Domain
name in the left panel.
3. When the Domain selection expands, double-click the Schneider Electric folder to
view the contents: SE VM Host Accounts and SE VM HostComputers.
6. If the Host you need is under the Remote Desktop Enabled Hyper-V servers
folder expand the SE VM Hyper-V Servers folder and select Remote Desktop
Enabled Hyper-V Servers.
7. Select the computer name of the Hyper-V Host in the right panel.
8. From the selected Host, right-click and select Properties from the menu.
10. On the Delegation screen, change the default selection to Trust this computer
for delegation to specified services only as highlighted in this image.
14. In the Select Users or Computers dialog box, click Object Types.
15. In the Object Types dialog box, confirm only Computers is selected. Click OK.
16. In the Select Users or Computers dialog box, click Find Now.
17. Select the Destination Hyper-V Host Server name and click OK.
18. In the Select Users or Computers dialog box, verify that the selected computer
name is listed. Click OK.
19. In the Add Services dialog box, scroll down and select the cifs service for the
previously selected computer name.
Multiple services can be selected for the computer.
NOTE: If selecting more than one user or computer name, click Users or
Computers.
20. Select the Microsoft Virtual System Migration service. Click OK.
NOTE: To select both services together, press Ctrl.
21. In the Delegation tab, verify that both cifs and the Microsoft Virtual System
Migration services are listed for the target server. Click Apply.
23. Repeat Step 17 through Step 22 for all target (destination) servers, if applicable,
so that the constraint delegation properties looks similar to the example in this
image.
NOTICE
POTENTIAL DATA LOSS
If Replication is enabled for the VM where Live migration is to be performed,
Replication must be disabled for that VM to perform Live migration. Simultaneous
operations of Replication and Live migration cannot be performed for the same VM.
Failure to follow these instructions can result in data loss.
2. Select the server name in the left panel and then select the VM on that server that
you want to move.
3. Right-click the VM name and select Move or from the right panel select Move.
4. When the Move VM Wizard starts, on the Before You Begin screen, click Next.
5. On the Choose Move Options screen, select Move the virtual machine’s data
to a single location. Click Next.
6. On the Specify Destination Computer screen, enter the name of the destination
Hyper-V Host server or use Browse to select the destination server. Click Next.
7. On the Choose Move Options screen, select Move the virtual machine’s data
to a single location. Click Next.
8. On the Choose a New Location for Virtual Machine screen, do one of these:
• Enter the hard drive folder location (on the destination server) where the
virtual machine data must be stored.
• Select a new location for virtual machine data using Browse.
Click Next.
NOTE: This image shows an example of the location of the virtual machine
data on the destination server: X:\LiveMigration\VM97AW
9. On the Completing Move Wizard screen, verify the summary of the selections.
Click Finish.
10. The progress of the move appears on the Hyper-V Manager VM listing screen.
11. To review network utilization during the move operation, view the Ethernet
performance on the Task Manager screen.
12. If the Move Wizard displays a detected error message during the move
operation, one of these scenarios might have occurred.
b. If using the Kerberos Authentication Protocol, confirm the additional steps for
using Kerberos to set up constrained delegation were performed. See
Additional Steps for Kerberos Authorization Protocol, page 124.
Starting the VM
To start a virtual machine, there are different methods:
1. Open the Hyper-V Manager.
1. Open the Hyper-V Manager and under the Hyper-V Manager in the left panel,
select the server name that you want to observe.
The Name column appears with the list of all the VMs associated with the
selected server and the State column appears indicating the current state of the
virtual machines.
Be advised that these scenarios might occur:
• If the state of the virtual machine is dormant, not active, the VM is in the
shutdown (off) state.
When you click the desired virtual machine (for example, VDHS61) to view
the details for that VM currently in the Off state, no information is available/
shown in the bottom checkpoint and detail areas.
• If the state of the virtual machine is running or active, the VM will have
information in the Checkpoint and/or Detail areas.
When you click the desired virtual machine (for example, VDRCH9) to view
the details for that VM (currently in the Running state), the bottom checkpoint
and detail panels indicate information.
2. Within the detail panel, there are folder tabs across the bottom of the screen. To
access additional information regarding the selected VM, select one or more of
these tabs:
• Summary
• Memory
• Networking
• Replication
The Server Manager available selections and information are shown in this image.
The HP Home Page available selections and information are shown in these images.
However, the replication health is shown with a system message in this image.
For more information about this system message, you can access the Replication
dialog box.
Right-click the VM name and select Replication > View Replication Health....
2. On Task Manager, click More details (lower left) to access these tabs:
Processes, Performance, Users, Details, and Services.
a. The Task Manager view changes to the Detailed view. Under Processes, for
example, CPU and Memory utilization for applications and background
processes is displayed.
b. For additional column information details related to the present view, right-
click and select the additional information columns required.
1. To access the Resource Monitor application, click the icon at the bottom of the
Performance tab.
The Resource Monitor appears with the folder tabs.
This image indicates an overview of these screens: CPU, Memory, Disk and
Network. Each of these screens can be expanded for additional resource
utilization information.
• Disk showing Processes with Disk Activity also expands to provide Disk
Activity and Storage information.
The virtual machines associated with the physical V91 Server host appear in the
middle panel. The information regarding the selected VM is displayed in these
areas: Virtual Machines, Checkpoints, VM basic identification information.
2. To expand the view, maximize the window and look at the window marked Virtual
Machines.
The columns in this expanded view provide information about resource utilization
for each of the individual VMs. See this table and image.
3. If necessary, you can add or remove columns in the VM view. Select View > Add/
Remove Columns....
4. From the Add/Remove Columns screen, select the desired column(s) to add or
remove from the screen. Click OK.
4. Right-click the target remote server where a reboot is desired and select Restart
Server.
5. On the Server Manager dialog box, select OK. The remote server restarts.
6. After resolving either of these detected issues, repeat Step 1 through Step 5
again to reboot/re-initialize the server remotely.
• If you see a detected error message that WinRM is not running, for a
resolution.
Chapter 9: Troubleshooting
WinRM Is Not Running
Server Manager display shows a detected error message indicating that refresh/
automatic refresh did not succeed because WinRM was not running and could not be
started.
To resolve this condition temporarily, perform Modifying the WinRM Service, page
173.
To resolve this condition permanently, perform Modifying the Group Policy on the
Domain, page 177.
Alternately, click Control Panel > All Control Panel Items > Administrative
Tools and then select Services.
5. In the General tab, in the Startup Type: menu, select Automatic. Click Apply.
7. Repeat each of these steps for each of the Servers to resolve the condition
(temporarily).
• Select Tools on the Server Manager and then select Group Policy
Management.
b. When the Select GPO window opens, select Virt Windows Remote
Management Service enabled 2.0. Click OK.
d. To change the order of the linked policy, you can click the Up/Down arrow
icons. Go directly to Step 6 to move the Server computer object to the
modified OU.
5. To create your own custom Organizational Unit and link a policy to it, review these
steps in this example:
a. Right-click SE VM Hyper-V Servers OU or where ever the new OU must be
created. Select New Organizational Unit.
c. When the new OU is created, right-click the name of the OU. Then select
Link an Existing GPO....
d. When the Select GPO window opens, select Virt Windows Remote
Management Service enabled 2.0. Click OK.
e. You can link multiple policies to this custom OU. To change the order of the
linked policy, you can click the Up/Down arrow icons.
6. After the policy link is created, you must move the Server computer object to the
modified OU. This example indicates how to move Computer objects from the SE
VM Hyper-V Servers OU to the Remote Desktop Enabled Hyper-V Servers OU.
Open Active Directory Users and Computers by performing one of these actions:
• In Administrative Tools, select Active Directory Users and Computers
• In the Tools menu on Server Manager, select Active Directory Users and
Computers.
8. Select the computer you want to move and perform one of these actions:
• Drag and drop that computer to the destination OU. If, for example, you are
moving to Remote Desktop Enabled Hosts, you might see a dialog box
informing you regarding the move. Click Yes.
• Alternately, select the computer to move and right-click to access the menu.
Select Move.
9. Verify the moved computers are under the Remote Desktop Enabled Hyper-V
Servers OU.
10. After the computers are in the correct OU, you must update the Group Policy for
these computers. Using the Administrator command prompt, run gpupdate /force
to update the group policy.
11. Check the WinRM service to verify it is running and set to automatic.
To resolve the issue, see Creating Custom Firewall Rule, page 189.
4. On the Windows Firewall with Advanced Security screen, in the left panel,
click Inbound Rules.
5. With Inbound Rules selected in the left panel and the current rules listed as
shown in this image, click New Rule... in the right panel.
6. The New Inbound Rule Wizard starts. The wizard provides the steps required in
the left-panel which correspond to the screens.
9. Protocol and Ports: On the Protocol and Ports screen, expand the Protocol
type menu.
12. Action: With the Allow the connection selected, click Next.
13. Profile: With all the profiles selected to indicate when the rule applies, click Next.
14. Name: For the Name field, enter Allow_Ping and for the Description field enter
This custom rule allows ICMPv4 protocol communication so that Ping
command can work. Click Finish.
Graphics Card
On Board NICs
1 2 3 4
Figure 7 - Two Single Port FDCN NICs + Four RJ-45 Cu Integrated NICs
An additional NIC teaming example shows DCS ACN NIC Team with onboard RJ-45
Cu Integrated NIC 1 and 2 and Virtualization Host Network Team with onboard RJ-45
Cu Integrated NIC 3 and 4.
Figure 8 - DCS ACN NIC Team with Onboard RJ-45 Cu Integrated NIC 1 & 2 and
Virtualization Host Network Team with Onboard RJ-45 Cu Integrated NIC 3 & 4
4th Position Foxboro Control Network Ethernet Interfaces selection 2 or 3 and
5th Position Additional Ethernet Interfaces with Second Riser selection 1
Two Single Port RJ-45 Cu/ PCIe NICs + Four RJ-45 Cu Integrated NICs
or Two Single Port Fiber LC Multi-mode Fiber PCIe NICs + Four RJ-45 Integrated NICs
Graphics Card
1 2 3 4
Figure 9 - Two Dual Port Control Network NICs + Four RJ-45 Cu Integrated NICs
Graphics Card
2P RH103AQ or RH103AS
2P RH103AQ or RH103AS
1 2 3 4
On Board NICs
On Board NICs are not to be used
for Control Network Connections
• Virtualization Host Network Team with one single port RJ-45 PCIe NIC and one
on board RJ-45 Cu Integrated NIC.
Optionally, onboard RJ-45 Cu Integrated NICs 2 and 3 can be used as additional NICs
for Virtualization Host Network Team to provide additional network bandwidth.
Figure 10 - Two Single Port Control Network NICs + Two Single Port RJ-45 PCIe
NIC + 4 RJ-45 Integrated NICs
4th Position FOXBORO CONTROL NETWORK ETHERNET INTERFACES selection 2 or 3
and 5th Position ADDITIONAL ETHERNET INTERFACES WITH SECOND RISER selection 2 or 3
Two single port RJ-45 PCIe NICs + Two single port RJ-45 PCIe NIC + 4 RJ-45 Integrated NICs
Or
Two single port fiber LC Multi-mode Fiber PCIe NICs + two single port fiber LC Multi-mode Fiber PCIe NICs + Four RJ-45 Integrated NICs
2nd CPU Required
1 2 3 4
On Board NICs are not to be used On Board NICs
for Control Network Connecons
Figure 11 - Two Dual Port Control Network NICs + Two Dual Port Additional NICs
+ 4 RJ-45 Cu Integrated NICs
4th Position FOXBORO CONTROL NETWORK ETHERNET INTERFACES selection 4 or 5
and 5th Position ADDITIONAL ETHERNET INTERFACES WITH SECOND RISER selection 4 5 or 6
Two dual port RJ-45 PCIe NICs + Two dual port RJ-45 PCIe NIC + 4 RJ-45 Integrated NICs
Or
Two dual port fiber LC Multi-mode Fiber PCIe NICs + two dual port fiber LC Multi-mode Fiber PCIe NICs + Four RJ-45 Integrated NICs
Two dual port fiber LC Multi-mode Fiber PCIe NICs + two dual port fiber LC Single-mode Fiber PCIe NICs + Four RJ-45 Integrated NICs
2nd CPU Required
1 2 3 4
On Board NICs are not to be used On Board NICs
for Control Network Connecons
2. After downloading the ISO file or the web installer, double-click the ISO file to
install Microsoft Windows SDK for Windows 10 and .NET Framework 4 on a
Windows computer with 64-bit operating system.
NOTICE
POTENTIAL DATA LOSS
This Microsoft Windows SDK installation should be done on any of the
Windows 10, and Windows Server 2016 operating system machines and
targeting .Net Framework version 4 and lower to version 2.0. Perform steps for
the procedure Installing Microsoft Windows SDK for Windows 10 and .NET
Framework 4, page 204 to install Microsoft Windows SDK on any of the
aforementioned operating systems. After the installation of SDK, follow the
procedure Creating Certificates Using makecert.exe, page 208 to create the
certificate on the “Required “server using “makecert.exe”.
Failure to follow these instructions can result in data loss.
6. After installation, the Windows Software Development Kit window appears with
a message. Click Close.
7. After installation, locate the makecert.exe file in the C:\Program Files (x86)
\Windows Kits\10\bin\10.0.17134.0\x64. This makecert.exe file must
be copied and used on the primary server where the certificates are made.
Continue to the next section Creating Certificates Using makecert.exe, page 208
to create the certificates.
2. Open the command prompt with Run As Administrator. Change the path to C:
\MakeCert.
3. To create the test root certificate, run this command, which creates a self-signed
root authority certificate. The command also installs a test certificate in the root
store of the local machine and is saved as a file locally.
<makecert -pe -n "CN=MyMSCRTRootCA" -ss root -sr
LocalMachine -sky signature -r "MyMSCRTRootCA.cer">
e. Confirm the Local computer (the computer this console is running on)
default is selected. Click Finish.
6. The Personal certificate (with the machine names) and the Root certificate
(MyMSCRTRootCA) are in the highlighted folders.
7. Export the ReplicaServer certificate with the private key. From the console, right-
click the certificate associated with the replica server All Tasks > Export... to
access the Certificate Export Wizard.
2. In the Export Private Key screen, select Yes, export the private key. Click
Next.
4. On the Security screen, select the Password: checkbox and enter the private
key password to be used and confirm the password. Click Next.
f. Confirm the Local computer (the computer this console is running on)
default is selected. Click Finish.
g. Select Certificates on the left panel and verify the Console Root certificates.
When the Add or Remove Snap-ins Wizard returns, click OK.
h. Under Certificates in the left panel, right-click Personal and select All tasks
and then Import....
j. From the File to Import window, select Browse... to locate the MakeCert
folder.
k. Click All Files in the file list. Select the private key (.pfx file) and click Open.
l. With the File path/name to import shown under File name:, click Next.
m. On the Private Key Protection screen, enter the password for the private
key. Then click Next.
4. Create this registry key on both Primary as well as Replica servers using the
Administrator command prompt:
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\Virtualization\Replication" /v DisableCertRevocationCheck
/d 1 /t REG_DWORD /f
6. Perform the certutil Validation. For more information, see certutil Validation, page
88.
3. Select I accept the agreement on the License Agreement screen. Click Next.
commonName = MyOSSLRootCA
default_bits = 2048
default_days = 3650
default_md = sha1
encrypt_key = no
extendedKeyUsage = serverAuth, clientAuth
prompt = no
distinguished_name = root_ca_distinguished_name
[ root_ca_distinguished_name ]
commonName = MyOSSLRootCA
[ device_cert_extensions ]
extendedKeyUsage = serverAuth, clientAuth
[ device_cert_policy ]
commonName = supplied
stateOrProvinceName = optional
countryName = optional
emailAddress = optional
organizationName = optional
organizationalUnitName = optional
"
This image shows one example root certificate configuration file/parameters. The
highlighted sections must be reviewed.
Device Certificate - one possible example configuration file/ parameters needed for
the Device certificate is as shown here and in the image.
NOTE: For each Hyper-V Host Server, you need a separate configuration file.
"
[ ca ]
default_ca = root_ca
[ root_ca ]
copy_extensions = copy
private_key = OSSLRootCA.key
certificate = OSSLRootCA.crt
new_certs_dir = .
database = ./index.txt
default_md = sha1
policy = device_cert_policy
serial = ./serial.txt
default_days = 3600
x509_extensions = device_cert_extensions
[ req ]
commonName = DEVS12CVMHVHS1.CVMPDC.Local
default_bits = 2048
default_days = 3600
default_md = sha1
encrypt_key = no
extendedKeyUsage = serverAuth, clientAuth
prompt = no
distinguished_name = device_cert_distinguished_
name
x509_extensions = device_cert_extensions
[ device_cert_distinguished_name ]
commonName = DEVS12CVMHVHS1.CVMPDC.Local
[ device_cert_extensions ]
extendedKeyUsage = serverAuth, clientAuth
[ device_cert_policy ]
commonName = supplied
stateOrProvinceName = optional
countryName = optional
emailAddress = optional
organizationName = optional
organizationalUnitName = optional
"
Device Certificate - one possible example batch file/ parameters needed for the
Device certificate is shown here and in the image:
NOTE: S12CVMHVHS1.CVMPDC.Local and S12CVMHVHS2.CVMPDC.Local
are the machine names used for example only.
“
@echo off
echo Creating Server 1 OSSL device certificate.
set OPENSSL_CONF=.\Server_1_OSSL_device.cnf
openssl genrsa -out S12CVMHVHS1.CVMPDC.Local_OSSL_device.key
2048
openssl req -new -key S12CVMHVHS1.CVMPDC.Local_OSSL_device.key
-out S12CVMHVHS1.CVMPDC.Local_OSSL_device.csr
openssl ca -key S12CVMHVHS1.CVMPDC.Local_OSSL_device.key -in
S12CVMHVHS1.CVMPDC.Local_OSSL_device.csr
RENAME *.pem S122CVMHVHS1.CVMPDC.Local_OSSL_device.crt
openssl pkcs12 -export -in S12CVMHVHS1.CVMPDC.Local_OSSL_
device.crt -inkey S12CVMHVHS1.CVMPDC.Local_OSSL_device.key
-name "OSSL S12CVMHVHS2.CVMPDC.Local Cert" -out S12CVMHVHS1.
CVMPDC.Local_OSSL_device.pfx -rand 1.rnd -passout pass:Passw0rd
“
To simplify certificate creation, a common top level batch file can also be created
which calls the Root certificate batch file and then all Device certificate batch files. An
example of such a batch file is shown here and in the image.
"
@echo off
echo Create OSSL root certificate.
call .\Make_OSSL_root_cert.bat
echo Create Server 1 OSSL device certificate.
call .\Make_Server_1_OSSL_device_cert.bat
echo Create Server 2 OSSL device certificate.
call .\Make_Server_2_OSSL_device_cert.bat
"
After the batch script execution is successful, you can see the RootCA.key and
the RootCA.CRT files in the configuration files folder.
3. Run the Top Level Batch file script. See these images for the procedure.
4. When you press Enter to execute the batch file command, a Yes / No prompt
appears. Enter Y and press Enter. This must be repeated once for each client
certificate.
5. After you begin certificate creation and the script executes successfully, you can
see the ‘.pfx’ files.
NOTE: Each .pfx file should have the Key icon if the certificate is successfully
created. If the Key icon does not exist, you must rerun the script after
resolving the issues.
• Using the Certificates Management console, install the Root CA into the Hyper-V
servers Trusted Root Certificate Authorities folder and install client certificate
to the Personal Certificates folder.
c. In the right pane, double-click the Microsoft network client: Digitally sign
communication (Always) setting and select Disabled. Click OK.
d. Close the Group Policy Management Editor.
7. To edit the SE Server 2016 Member Server Security Compliance v1.0 GPO:
a. Right-click the SE Server 2016 Member Server Security Compliance 1.0
GPO and select Edit....
c. In the right pane, double-click the Enable insecure guest logons setting,
and select Enabled. Click OK.
d. Close the Group Policy Management Editor.
6. Right-click the Virt Hyper-V Security Services 2.0 GPO and select Edit….
8. In the right pane, right-click the Performance Logs & Alerts setting and select
Manual, click OK.
9. Close the Group Policy Management Editor.
3. Right-click the PDC computers and click Properties. The Properties dialog box
appears.
4. Click Member of and then click Add. The Select Groups dialog box appears.
5. Under the Enter the Object Names to Select field, enter RDP and click Check
Names.
6. Click OK.
10. Click Start > Run . Enter services.msc and then click OK.
NOTE: If the services are Disabled, change Startup Type to Manual and
start the services.
13. Now configure the Remote desktop connection from the client or host, and log in
as VMDomainAdmin user.
3. The New Object - User dialog box appears. Enter the First name, Full name,
and User logon name (for example, VMHostuser).
NOTE: All three values you enter must be identical. See this image for an
example.
4. Click Next.
5. In the New Object User window, enter a password and confirm the new
password. Clear the User Must Change Password at Next Logon checkbox.
Verify that the User Cannot Change Password, Password Never Expires, and
Account is Disabled checkboxes are also cleared. Click Next.
7. Right-click the new username in the Active Directory Users and Computers
dialog box to open the Properties dialog box.
9. Under the Enter the Object Name to Select field, enter VMHost and click
Check Names.
11. The newly created user is now added to the VMHostAdmins group. Click OK to
close the Properties dialog box.
Glossary
A
AD: Active Domain
C
CAL: Client Access License
Control Core Services (CCS): Core software environment, formerly known as “I/A
(Intelligent Automation) Series software”.
Control Editors (CE): Control software engineering and configuration tools built on
the ArchestrA® Integrated Development Environment in Foxboro DCS. Formerly
known as “FCS Configuration Tools”, “InFusion Engineering Environment”, and “IEE”.
Control HMI (CHMI): The collection of windows and related configuration files that
make up the HMI as viewed within InTouch software in Foxboro DCS. Formerly
known as the “FCS InTouch Application”.
D
DCS ACN: DCS Auxiliary Communications Network. 1Gb network that cannot share
any of the same network hardware (switches) with the control network. Foxboro DCS
control communication cannot occur over the DCS ACN.
DCS: Distributed Control System. Overall term used to refer to a control system in
which the safety control components are distributed, with each component controlled
by one or more controllers.
F
FDCN: Foxboro DCS Control Network
G
Gb: Gigabit
GB: Gigabyte
H
HTTP: HyperText Transfer Protocol
Hyper-V Host Domain: Foxboro DCS Hyper-V Host Domain (for example,
FEHVHOST), a dedicated Server 2016-based client for V91 servers only.
I
ISO: the International Organization for Standardization (ISO), a worldwide federation
of national standards bodies (ISO members) that promulgates standards affecting
international commerce and communications.
L
LGPO: Local Group Policy Object
N
NIC: Network Interface Card
O
OU: Organizational Unit
P
PDC: Primary Domain Controller
R
RDP: Remote Desktop Protocol. Provides remote display and input capabilities over
network connections for Windows-based applications running on a server.
S
SDC: Secondary Domain Controller
System Manager (SM): Current user interface for equipment status and change
actions.
T
TCP/IP: Transport Control Protocol/Internet Protocol, the global standard
communication protocol for the Internet. Can also be used for private networks such
as corporate intranets and distributed control systems.
TCP/IP is a routable protocol, which means that all messages contain not only the
address of the destination station, but the address of a destination network. This
allows TCP/IP messages to be sent to multiple networks in an organization or around
the world, hence its use in the Internet.
TC: Thin Client. A physical hardware terminal with a compact form factor which
operates software via a remote session to a remote server.
V
V91: Model V91 Server Virtualization Host. The only hardware supported by Schneider
Electric for Control Core Services and/or the Control Software virtual machines. V91
hardware is described in Model V91 Virtualization Host Server (HP DL380 Gen10) for
Windows Server 2016 User’s Guide (B0700HQ).
Index J
join to domain ..........................................................60
A
AD structures
K
add to existing Server 2012 R2 domain ..................60 Kerberos .................................................................70
add to existing Server 2012 R2 domain......................60 Kerberos (HTTP)......................................................74
Kerberos (HTTP) usage............................................70
C
Central Virtualization Management
L
features ............................................................. 146 live migration ......................................................... 137
introduction ..........................................................12 configuration ...................................................... 115
certificate requirements for replica server...................88
certificate-based Authorization (HTTPS) Usage..........87
certification tool...................................................... 203 M
certutil validation ......................................................88
configuration.......................................................... 115 move VM between Hyper-V hosts
configuration tasks ...................................................67 live migration ...................................................... 137
create......................................................................20
N
E network ...................................................................93
enable.....................................................................89 server configuration ..............................................13
enable VM replication NIC teaming ............................................................20
network................................................................93 create ..................................................................20
V91 NIC Selections............................................. 199
F O
failover
planned.............................................................. 102 OpenSSL certification tool .........230, 243, 246, 249, 254
unplanned .......................................................... 106 Organizational Unit (OU)...........................................50
features................................................................. 146
firewall inbound traffic rule
Kerberos (HTTP) ..................................................74 P
firewall rules ............................................................92 planned ................................................................. 102
Foxboro DCS Hyper-V host domain...........................14 port configuration (custom or default)
Kerberos ..............................................................70
Primary Domain Controller
G verification............................................................40
group policy linkage............................................ 45, 50
R
H remote reboot of server .......................................... 169
health alerts........................................................... 154 replica vm file folder setup ........................................66
Hyper-V...................................................................65 replication
install ...................................................................65 configuration tasks................................................67
Hyper-V installation ..................................................65 firewall rules .........................................................92
Hyper-V Manager Hyper-V server configuration .................................67
VM start and stop................................................ 146 replica vm file folder setup .....................................66
Hyper-V server 2012 replication configuration............................................67
enable .................................................................89 replication testing
replication configuration ........................................67 certification tool .................................................. 203
Hyper-V server configuration.....................................67 resource utilization ................................................. 166
V91 host server .................................................. 157
virtual machines.................................................. 166
I
install ......................................................................65 S
Hyper-V ...............................................................65
introduction..............................................................12 server configuration..................................................13
state, detailed information ....................................... 149
B0700HC, Rev D 265
Centralized Virtualization Management for Windows Server 2016
User’s Guide
T
troubleshooting ...................................................... 172
U
unplanned ............................................................. 106
V
V91 host server...................................................... 157
V91 NIC Selections ................................................ 199
verification ...............................................................40
Virtual Host Network (VHN)
NIC teaming .........................................................20
virtual machine
health alerts ....................................................... 154
resource utilization.............................................. 166
state, detailed information.................................... 149
virtual machines ..................................................... 166
virtualized system
with CVM functionality ...........................................12
VM start and stop ................................................... 146
W
Windows Server 2016 Standard Server host
join to domain .......................................................60
with CVM functionality ..............................................12