Netapp Deployment Guidelines and Storage Best Practices for Windows

Technical Report NetApp Deployment Guidelines and Storage Best Practices for Windows Server 2016 Best Practice Guide Brahmanna Chowdary Kodavali and Shashanka SR, NetApp November 2016 | TR-4568

NetApp Deployment Guidelines and Storage Best Practices for Windows Server 2016 Best Practice Guide Brahmanna Chowdary Kodavali and Shashanka SR, NetApp October 2016 | TR-XXXX

Abstract This technical report discusses the value of NetApp® storage for Windows Server 2016. This report also provides best practices and deployment guidance for NetApp storage in Windows Server 2016 environments. Important features offered by NetApp to complement Windows Server 2016 are also covered.

Abstract This technical report provides insight into the NetApp storage value proposition for Windows TABLE OF CONTENTS

1 Overview ...... 4 1.1 Purpose and Scope ...... 4 1.2 Intended Audience ...... 4

2 NetApp Storage and Windows Server 2016 Environment ...... 4 2.1 ONTAP 9.0 Overview ...... 5 2.2 Storage Virtual Machines ...... 6

3 Windows Server 2016 Enhancements ...... 7 3.1 Hyper-V Improvements ...... 7 3.2 Guarded Fabric and Shielded Virtual Machines ...... 11 3.3 Network Controller ...... 13 3.4 Failover Clustering Improvements ...... 14 3.5 Nano Server ...... 15 3.6 Containers ...... 16

4 Provisioning NetApp Storage for Windows Server 2016 ...... 17 4.1 Managing NetApp Storage ...... 17 4.2 NetApp PowerShell Toolkit ...... 17 4.3 NetApp SMI-S Provider ...... 18 4.4 Networking Best Practices ...... 18

5 Provisioning in SAN Environments ...... 19 5.1 Provisioning NetApp LUN on Windows Server 2016 ...... 19 5.2 Provisioning NetApp LUNs on Nano Server ...... 22 5.3 Boot from SAN ...... 24

6 Provisioning in SMB Environments ...... 26 6.1 Provisioning SMB Share on Windows Server 2016 ...... 26 6.2 Provisioning SMB Share on Nano Server ...... 28

7 Hyper-V Storage Infrastructure on NetApp ...... 29 7.1 Hyper-V Clustering: High Availability and Scalability for Virtual Machines ...... 32 7.2 Hyper-V Live Migration: Migration of VMs ...... 33 7.3 Hyper-V Replica: Disaster Recovery for Virtual Machines ...... 37 7.4 Hyper-V Centralized Management: Microsoft System Center Virtual Machine Manager ...... 39 7.5 Azure Site Recovery: Cloud Orchestrated Disaster Recovery for Hyper-V Assets ...... 39

8 Storage Efficiency ...... 40

8.1 NetApp Deduplication ...... 40 8.2 Thin Provisioning ...... 41 8.3 Quality of Service ...... 41

9 Security ...... 42 9.1 Windows Defender ...... 42 9.2 BitLocker ...... 42

Appendix A: Deploy Nested Virtualization ...... 42 Prerequisites ...... 42 Deployment ...... 43

Appendix B: Deploy Nano Server ...... 43 Deployment ...... 43 Connect to Nano Server ...... 44

Appendix C: Deploy Hyper-V Cluster ...... 45 Prerequisites ...... 45 Deployment ...... 45

Appendix D: Deploy Hyper-V Live Migration in a Clustered Environment ...... 47 Prerequisites ...... 47 Deployment ...... 47

Appendix E: Deploy Hyper-V Live Migration Outside a Clustered Environment ...... 47 Prerequisites ...... 47 Deployment ...... 47

10 Appendix F: Deploy Hyper-V Storage Live Migration ...... 48 Prerequisites ...... 48 Deployment ...... 48

Appendix G: Deploy Hyper-V Replica Outside a Clustered Environment ...... 49 Prerequisites ...... 49 Deployment ...... 49 Replication ...... 50

Appendix H: Deploy Hyper-V Replica in a Clustered Environment ...... 50 Prerequisites ...... 50 Deployment ...... 50 Replication ...... 51

References ...... 51

Version History ...... 52

LIST OF TABLES Table 1) Virtual machine file types...... 10 Table 2) Virtual machine configuration versions...... 10

LIST OF FIGURES Figure 1) NetApp storage deployment in Windows Server 2016 environment...... 6 Figure 2) ONTAP storage virtual machine...... 7 Figure 3) Hyper-V nested virtualization and NetApp...... 9 Figure 4) Guarded fabric with shielded virtual machines...... 12 Figure 5) Network controller...... 13 Figure 6) Containers...... 16 Figure 7) Multiple paths in SAN environment...... 20 Figure 8) Boot LUNs using NetApp FlexClone...... 24 Figure 9) Hyper-V storage infrastructure on NetApp...... 29 Figure 10) Hyper-V failover cluster and NetApp...... 32 Figure 11) Live migration in a clustered environment...... 33 Figure 12) Shared live migration in a nonclustered environment...... 34 Figure 13) Shared nothing live migration in a nonclustered environment to SMB shares...... 35 Figure 14) Shared nothing live migration in a nonclustered environment to LUNs...... 35 Figure 15) Hyper-V storage live migration...... 37 Figure 16) Hyper-V Replica...... 38 Figure 17) Azure Site Recovery...... 40 Figure 18) Storage virtual machine with its own QoS policy...... 41

1 Overview

Microsoft Windows Server 2016 is an enterprise-class operating system (OS) that covers networking, security, virtualization, private cloud, hybrid cloud, virtual desktop infrastructure, access protection, information protection, web services, application platform infrastructure, and much more. This OS also introduces many new features, including a minimal-footprint headless version called Nano Server, guarded fabric, shielded virtual machines (VMs), containers, and improvements in Hyper-V. Other new features include failover clustering, identity and access, management and automation, networking, security, and storage areas. NetApp ONTAP® 9.0 management software runs on NetApp storage controllers. It is a unified architecture supporting both file and block protocols, which enables the storage controllers to act as both NAS and SAN devices. ONTAP 9.0 provides NetApp storage efficiency features such as NetApp Snapshot® technology, cloning, deduplication, thin provisioning, thin replication, compression, virtual storage tiering, and much more with enhanced performance and efficiency. Together, Windows Server 2016 and ONTAP 9.0 can operate in large environments and bring immense value to data center consolidation and private or hybrid cloud deployments. This combination also provides nondisruptive workloads efficiently and supports seamless scalability.

1.1 Purpose and Scope This document provides technical insight into the NetApp storage value proposition for Windows Server 2016. The document discusses best practices and deployment guidance for NetApp storage in Windows Server 2016 environments. It also discusses important features provided by NetApp to complement Windows Server 2016 and to help reduce costs and increase efficiency, storage utilization, and fault tolerance.

1.2 Intended Audience This document is intended for system and storage architects who design NetApp storage solutions for the Windows Server 2016 OS. We make the following assumptions in this document:  The reader has general knowledge of NetApp hardware and software solutions. See the System Administration Guide for Cluster Administrators for details.  The reader has general knowledge of block-access protocols, such as iSCSI, FC, and FCoE, and the file-access protocol SMB/CIFS. See the Clustered Data ONTAP SAN Administration Guide and the Clustered Data ONTAP SAN Configuration Guide for SAN-related information. See the Best Practices Guide for Windows File Services and the CIFS/SMB Configuration Express Guide for CIFS/SMB- related information.  The reader has general knowledge of the Windows Server 2016 OS and Hyper-V. For a complete, regularly updated matrix of tested and supported SAN and NAS configurations, see the Interoperability Matrix Tool (IMT) on the NetApp Support site. With the IMT, you can determine the exact product and feature versions that are supported for your specific environment. The NetApp IMT defines the product components and versions that are compatible with NetApp supported configurations. Specific results depend on each customer's installation in accordance with published specifications.

2 NetApp Storage and Windows Server 2016 Environment

NetApp storage controllers provide a truly unified architecture that supports both file and block protocols, including CIFS, iSCSI, FC, FCoE, and NFS, and they create unified client and host access. The same storage controller can concurrently deliver block storage service in the form of SAN LUNs and file service

4 NetApp Deployment Guidelines and Storage Best Practices for Windows Server 2016 © 2016 NetApp, Inc. All Rights Reserved. as NFS and SMB/CIFS. A NetApp storage controller running ONTAP software can support the following workloads in a Windows Server 2016 environment:  VMs hosted on continuously available SMB 3.0 shares  VMs hosted on Cluster Shared Volume (CSV) LUNs running on iSCSI or FC  SQL Server databases on SMB 3.0 shares  SQL Server databases on iSCSI or FC  Other application workloads In addition, NetApp storage efficiency features such as deduplication, NetApp FlexClone® copies, NetApp Snapshot technology, thin provisioning, compression, and storage tiering provide significant value for workloads running on Windows Server 2016.

2.1 ONTAP 9.0 Overview ONTAP 9.0 is management software that runs on a NetApp storage controller. Referred to as a node, a NetApp storage controller is a hardware device with a processor, RAM, and NVRAM. The node can be connected to SATA, SAS, or SSD disk drives or a combination of those drives. Multiple nodes are aggregated into a clustered system. The nodes in the cluster communicate with each other continuously to coordinate cluster activities. The nodes can also move data transparently from node to node by using redundant paths to a dedicated cluster network consisting of two 10Gb Ethernet switches. The nodes in the cluster can take over one another to provide high availability during any failover scenarios. Clusters are administered on a whole-cluster rather than a per-node basis, and data is served from one or more storage virtual machines (SVMs). A cluster must have at least one SVM to serve data. The basic unit of a cluster is the node, and nodes are added to the cluster as part of a high-availability (HA) pair. HA pairs enable high availability by communicating with each other over an HA interconnect (separate from the dedicated cluster network) and by maintaining redundant connections to the HA pair’s disks. Disks are not shared between HA pairs, although shelves might contain disks that belong to either member of an HA pair. Figure 1 depicts a NetApp storage deployment in a Windows Server 2016 environment.

Figure 1) NetApp storage deployment in Windows Server 2016 environment.

2.2 Storage Virtual Machines An ONTAP SVM (formerly known as a Vserver) is a logical storage server that provides data access to LUNs and/or a NAS namespace from one or more logical interfaces (LIFs). Each SVM is configured to own storage volumes provisioned from a physical aggregate and logical interfaces (LIFs) assigned either to a physical Ethernet network or to FC target ports. Logical disks (LUNs) or CIFS shares are created inside an SVM’s volumes and are mapped to Windows hosts and clusters to provide them with storage space, as shown in Figure 2. SVMs are node independent and cluster based; they can use physical resources such as volumes or network ports anywhere in the cluster.

Figure 2) ONTAP storage virtual machine.

Best Practice

NetApp recommends creating at least four LIFs per SVM: two data LIFs, one management LIF, and one intercluster LIF (for intercluster replication) per node.

Further Reading

For information about SVMs, see the ONTAP System Administration Guide.

3 Windows Server 2016 Enhancements

3.1 Hyper-V Improvements

Connected Standby Connected standby mode provides a connected standby power state for Hyper-V servers by using the Always On/Always Connected power model.

Discrete Device Assignment Discrete device assignment provides a VM with direct access to some PCIe hardware devices, bypassing the Hyper-V virtualization stack, which results in faster access to the devices.

Host Resource Protection Host resource protection prevents a VM from using more than its share of system resources by monitoring the VM for excessive activity. Doing so helps prevent performance degradation for the host or other VMs. This feature is turned off by default. To enable this feature for a VM, run the following PowerShell cmdlet on a Hyper-V server:

Set-VMProcessor -EnableHostResourceProtection $true

Hot Add/Remove Network Adapters and Memory This feature allows you to add or remove a network adapter to the VM while the VM is running. This feature is applicable only to generation-2 VMs. The feature also enables you to adjust the amount of memory assigned to the VM while the VM is running, which is applicable to both generation-1 and generation-2 VMs.

Hyper-V Manager Improvements These improvements enable you to use an alternate set of credentials to connect to other Hyper-V hosts. You can also manage Hyper-V servers running Windows Server 2102, 2012 R2, and Windows 8 and 8.1. In addition, these improvements allow a Web Services Management protocol to communicate with a remote Hyper-V server.

Linux Secure Boot This feature enables Linux VMs to boot by using the Secure Boot option. This feature is applicable only to generation-2 VMs. To enable secure boot for a Linux VM, run the following PowerShell cmdlet on a Hyper-V server:

Set-VMFirmware vmname -SecureBootTemplate MicrosoftUEFICertificateAuthority

Nested Virtualization Nested virtualization enables a VM to act as a virtualized Hyper-V host on top of which other VMs can be hosted. Storage infrastructure for the Hyper-V physical host and the virtualized hosts can be hosted on NetApp storage systems. Storage for the VM’s files and disks can be provided by NetApp LUNs or NetApp CIFS shares, as shown in Figure 3. Configuring NetApp storage infrastructure for nested Hyper-V hosts is similar to configuration on a physical host.

Further Reading  For information about deploying nested virtualization, see Appendix A: “Deploy Nested Virtualization.”  For information on provisioning storage for a Hyper-V infrastructure, refer to the section “Hyper-V Storage Infrastructure on NetApp.”  For further details and instructions, see the Microsoft Nested Virtualization page.

Figure 3) Hyper-V nested virtualization and NetApp.

Production Checkpoints Production checkpoints provide point-in-time images of a VM based on backup technology inside the guest VM instead of a saved state. Windows VMs use the Volume Snapshot Service (VSS) to create a checkpoint, whereas Linux VMs use file system buffers.

Shielded Virtual Machines This feature protects VMs from unauthorized access by encrypting the virtual disks. Protection is extended even to the Hyper-V administrators. This feature is provided by a new role called the host guardian service in Windows Server 2016.

Further Reading For further information, refer to the section “Guarded Fabric and Shielded Virtual Machines.”

Storage Quality of Service This feature allows you to monitor and manage storage performance for VMs using Hyper-V and the scale-out file server role. The feature improves storage-resource balance between multiple VMs that are sharing storage. It also allows policy-based minimum and maximum IOPS for the VMs. Storage quality of service (QoS) supports the following two deployment scenarios:  Hyper-V using a scale-out file server. This scenario is beyond the scope of this document. For more information about this scenario, see Storage Quality of Service.  Hyper-V using a CSV. This feature requires a Hyper-V failover cluster with CSV as the shared storage. When a new failover cluster and a CSV are configured, the storage QoS feature is set up automatically.

A storage QoS can be verified by using Failover Cluster Manager. Click the cluster and verify that the status of the storage QoS resource is shown as online in Cluster Core Resources. The cluster can also be verified by running the following PowerShell cmdlet: Get-ClusterResource -Name "Storage Qos Resource" To view the storage performance metrics, use the Get-StorageQoSFlow and Get- StorageQoSVolume cmdlets. To create and monitor the storage QoS policies, use the New- StorageQosPolicy cmdlet. To learn more about viewing performance metrics and creating storage QoS policies using these cmdlets, see the Microsoft Storage Quality of Service site.

Virtual Machine Configuration File Format VM configuration files use a new format in Windows Server 2016. VM configuration data files use the .vmcx file name extension and the VM run-time state data files use the .vmrs file extension. These new file formats read and write the configuration data more efficiently. Also, these file formats are binary in nature and cannot be edited. Table 1 shows the files used by a Hyper-V VM.

Table 1) Virtual machine file types.

VM File Type Description File Name Extension

Configuration VM configuration information stored in .vmcx binary format

Run-time state VM run-time state information stored in .vmrs binary file format

Virtual hard disk Virtual hard disks of the VM .vhd or .vhdx

Automatic virtual hard disk Differencing disk files of the VM .avhdx

Checkpoint Each checkpoint creates a configuration .vmrs and .vmcx file and run-time state file

VM Configuration Version The VM configuration version provides compatibility information for VMs with other versions of Hyper-V. The configuration version for the VMs created on Hyper-V 2016 is 7.1. Table 2 shows the supported VM configuration versions for the various Hyper-V hosts.

Table 2) Virtual machine configuration versions.

Hyper-V Host Supported VM Configuration versions

Windows Server 2016 5.0, 6.2, 7.0, 7.1

Windows 10 build 10565 or later 5.0, 6.2, 7.0

Windows 10 builds earlier than 10565 5.0, 6.2

Windows Server 2012 R2 5.0

Windows 8.1 5.0

To query the VM configuration versions supported by the Hyper-V host, run the following PowerShell cmdlet:

Get-VMHostSupportedVersion

To query the configuration version of all the VMs on a Hyper-V host, run the following PowerShell cmdlet:

Get-VM * | Format-Table Name, Version

As shown in Table 2, VMs created on Windows Server 2016 cannot be run on earlier versions of Hyper- V, whereas the reverse is true. When a VM from an earlier Hyper-V version is moved or imported to Hyper-V 2016, the VM retains its old VM configuration version and is not eligible to use the new features of Hyper-V 2016. For the VM to use the new features, it must be manually upgraded to the new VM configuration version 7.1 in Hyper-V Manager. Right-click the VM and click Upgrade Configuration Version. The VM configuration version can be updated but cannot be downgraded.

PowerShell Direct PowerShell Direct enables a Hyper-V host to run PowerShell commands on a VM without a remote management configuration or networking or firewall exceptions. A PowerShell direct session can be established from the Hyper-V host to its VM using the VM name alone and the Enter-PSSession or Invoke-Command cmdlets.

Enter-PSSession -VMName #or Enter-PSSession -VMGUID

Invoke-Command -VMName -FilePath