FEDERATION ENTERPRISE HYBRID CLOUD 3.1 Microsoft Applications Solution Guide

FEDERATION ENTERPRISE HYBRID CLOUD 3.1 Microsoft Applications Solution Guide ABSTRACT This solution guide describes how to use the Federation Enterprise Hybrid Cloud 3.1 to provision and manage new and existing Microsoft Exchange Server, Microsoft SQL Server, and Microsoft SharePoint Server applications for onpremises or hosted cloud services. September 2015 Solution Guide

Copyright 2015 EMC Corporation. All rights reserved. Published in the USA. Published September 2015 EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided as is. EMC corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC 2, EMC, Avamar, Data Domain, Data Protection Advisor, Isilon, PowerPath, RecoverPoint, ScaleIO, ViPR, VMAX, VNX, VPLEX, XtremIO, and the EMC logo are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. Federation Enterprise Hybrid Cloud 3.1: Microsoft Applications Solution Guide Part Number H14134 2

Contents Contents Chapter 1 Executive Summary... 6 Federation solutions... 7 Document purpose... 7 Audience... 7 Solution purpose... 7 Business challenge... 8 Technology solution... 8 Essential reading... 9 Terminology... 9 Chapter 2 Microsoft Applications Solution Architecture... 11 Overview...12 VMware vrealize Application Services...13 VMware vrealize Hyperic...13 Key components...14 Software resources...15 Chapter 3 Provisioning Microsoft Applications... 16 Overview...17 VMware vrealize Application Services...17 VMware Cloud Management Marketplace...18 Cloud providers...18 vrealize Automation blueprints...19 Deployment environments...20 Application owners and business groups...20 Logical templates...21 Services in vrealize Application Services...21 Application blueprints...22 Publishing application blueprints...23 Service catalog...25 vrealize Automation services...26 vrealize Automation catalog items...26 vrealize Automation actions...26 vrealize Automation entitlements...27 Approval policies...27 Storage service offerings...28 Provisioning Microsoft Active Directory services...30 Provisioning Microsoft Exchange...30 Exchange Server application blueprints...31 Requesting an Exchange Server virtual machine...32 Verifying an Exchange Server deployment...35 3

Contents Provisioning Microsoft SQL Server...35 SQL Server application blueprints...36 Requesting a SQL Server virtual machine...37 Verifying a SQL Server deployment...39 Provisioning Microsoft SharePoint Server...39 SharePoint Server application blueprints...39 Requesting a SharePoint Server virtual machine...41 Verifying a SharePoint deployment...42 Configuring the SharePoint farm...42 Chapter 4 High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud... 44 Overview...45 vsphere High Availability...45 Microsoft Exchange DAG...45 vsphere HA with Exchange Server DAG...46 vsphere DRS and anti-affinity rules for Exchange Server virtual machines...46 Provisioning an Exchange Server DAG...47 Application blueprints for Exchange Server DAG...48 Verifying the Exchange Server DAG deployment...49 Microsoft SQL Server with AlwaysOn Availability Groups...49 Anti-affinity rules for SQL Server virtual machines...50 Provisioning a SQL Server AAG...50 Application blueprints for SQL Server AAG...50 Verifying the SQL Server 2012 AAG deployment...51 Microsoft SharePoint availability...52 Chapter 5 Monitoring Microsoft Applications... 53 Overview...54 VMware vrealize Hyperic...54 vrealize Hyperic agent...54 Auto-discovery...55 VMware vrealize Operations Manager...56 Integrating Hyperic with vrealize Operations Manager...56 Monitoring Microsoft Exchange Server...58 Exchange Server metrics...58 Microsoft Exchange Server dashboards...59 Monitoring Microsoft SQL Server...60 SQL Server metrics...60 Microsoft SQL Server dashboards...61 Monitoring Microsoft SharePoint Server...63 SharePoint Server metrics...63 Microsoft SharePoint Server dashboards...64 Chapter 6 Elasticity for Microsoft Applications... 65 Overview...66 4

Contents Threshold alerts...66 Elasticity for Microsoft Exchange Server...67 Elasticity for Microsoft SQL Server...69 Elasticity for Microsoft SharePoint Server...71 Chapter 7 Database as a Service with Microsoft SQL Server... 76 Overview...77 Publishing DBaaS resource actions...78 Creating Microsoft SQL Server instances...79 Creating Microsoft SQL Server user databases...81 Deleting a Microsoft SQL Server user database...83 Deleting a Microsoft SQL Server instance...85 Managing Microsoft SQL Server AlwaysOn Availability Groups...86 Adding a database to an AAG...86 Removing a database from an AAG...88 Chapter 8 Conclusion... 91 Summary...92 Findings...92 Chapter 9 References... 93 EMC documentation...94 VMware documentation...94 Microsoft documentation...94 Tables Table 1. Table 2. Table 3. Table 4. Table 5. Terminology... 9 Solution software requirements...15 Exchange 2013 service property values...32 SQL Server service property values...36 SharePoint Server service property values...40 5

Chapter 1: Executive Summary Chapter 1 Executive Summary This chapter presents the following topics: Federation solutions... 7 Document purpose... 7 Audience... 7 Solution purpose... 7 Business challenge... 8 Technology solution... 8 Essential reading... 9 Terminology... 9 6

Federation solutions Chapter 1: Executive Summary Document purpose Audience Solution purpose EMC II, Pivotal, RSA, VCE, Virtustream, and VMware form a unique Federation of strategically aligned businesses that are free to execute individually or together. The EMC Federation businesses collaborate to research, develop, and validate superior, integrated solutions and deliver a seamless experience to their collective customers. The Federation provides customer solutions and choice for the software-defined enterprise and the emerging third platform of mobile, cloud, big data, and social networking. The Federation Enterprise Hybrid Cloud 3.1 solution is a completely virtualized data center, fully automated by software. The solution starts with a foundation that delivers IT-as-a- Service, with options for high availability, backup and recovery, and disaster recovery. It also provides a framework and foundation for add-on modules such as application services, database as a service, platform as a service, and cloud brokering. This Solution Guide describes the Federation Enterprise Hybrid Cloud for Microsoft Applications solution, which enables automated deployment and management of Microsoft applications, such as Microsoft Exchange Server, Microsoft SQL Server, and Microsoft SharePoint Server, within a Federation Enterprise Hybrid Cloud built with VMware vcloud Suite. The guide introduces the architecture, features, and functionality of the solution and demonstrates the use cases enabled by the solution. Data protection for Microsoft applications within the Federation Enterprise Hybrid Cloud is described in a separate Solution Guide. This guide is intended for customers, partners, and EMC personnel who plan to deploy this solution. Users should have the necessary training and background to install and configure Federation Enterprise Hybrid Cloud, Exchange Server, SQL Server, SharePoint Server, and the associated infrastructure. Users should also be familiar with the infrastructure and security policies of the customer installation. This solution provides a reference architecture that integrates all the key components and functionality necessary for deploying, managing, and protecting Microsoft applications in a hybrid cloud. The solution enables customers to leverage the Federation Enterprise Hybrid Cloud 3.1 for: On-demand, self-service provisioning of Microsoft Enterprise applications such as Exchange Server, SQL Server, and SharePoint Server Complete management of the application service lifecycle Provisioning, monitoring, protection, and management of the infrastructure services by line-of-business end users, without IT administrator involvement Provisioning of application blueprints with associated infrastructure resources by lineof-business application owners without IT administrator involvement Provisioning of backup, continuous availability, and disaster recovery services as part of the cloud service provisioning process Database as a service (DBaaS), with rapid, on-demand, self-service provisioning of SQL Server instances and databases on SQL Server virtual machines, post deployment 7

Chapter 1: Executive Summary Business challenge Technology solution While many organizations have successfully introduced virtualization as a core technology within their data center, end users and business units within the organizations have not experienced many of the benefits of cloud computing such as increased agility, mobility, and control. Transforming from the traditional IT model to a cloud-operating model involves overcoming the challenges of legacy infrastructure and processes, such as: Inefficiency and inflexibility Slow, reactive responses to customer requests Inadequate visibility into the cost of the requested infrastructure Limited choice of availability and protection services To meet these challenges, public cloud providers have built technology and business models catering to the requirements of end-user agility and control. Many organizations are under pressure to provide these same service levels within the secure and compliant confines of the on-premises data center. As a result, IT departments need to create cost-effective alternatives to public cloud services, alternatives that do not compromise enterprise features such as data protection, disaster recovery, and guaranteed service levels. Deciding where to deploy Exchange Server, SQL Server, and SharePoint Server can involve trade-offs. Traditional on-premises infrastructure gives IT teams more control, but provisioning can take weeks. Public clouds speed up provisioning, but they do not necessarily meet business requirements for data protection, disaster recovery, and guaranteed service levels. For this Microsoft applications solution, Federation Enterprise Hybrid Cloud 3.1 provides on-premises or hosted cloud services to meet these business requirements. The Federation Enterprise Hybrid Cloud solution integrates the best of EMC and VMware products and services to deliver a fully integrated, enterprise-ready solution across all three data center pillars compute, storage, and network. The solution empowers IT organizations to accelerate the implementation and adoption of a hybrid cloud while still enabling customer choice for the compute and networking infrastructures within the data center. The solution caters to customers who want to preserve their investment and make better use of their existing infrastructure and to customers who want to build new infrastructures dedicated to a hybrid cloud. Developed by EMC and VMware product and services teams, the Federation Enterprise Hybrid Cloud solution takes advantage of the strong integration between EMC technologies and the VMware vcloud Suite. The solution includes EMC scalable storage arrays and integrated EMC and VMware monitoring and data protection to provide the foundation for cloud services within customer environments. This Microsoft Applications solution uses VMware vrealize Application Services and VMware vrealize Hyperic to enable automated deployment, management, and protection of Exchange Server, SQL Server, and SharePoint Server applications, and to enable application monitoring during the application lifecycle. 8

Chapter 1: Executive Summary Essential reading Terminology The following documents describe the architecture, components, features, and functionality of the Federation Enterprise Hybrid Cloud 3.1 solution: Federation Enterprise Hybrid Cloud 3.1: Foundation Infrastructure Reference Architecture Guide Federation Enterprise Hybrid Cloud 3.1: Concepts and Architecture Solution Guide Federation Enterprise Hybrid Cloud 3.1: Operations Solution Guide Federation Enterprise Hybrid Cloud 3.1: Security Management Solution Guide This guide provides external references where applicable. EMC recommends that users implementing this solution are familiar with these documents. For details, refer to Chapter 9: References. Table 1 provides definitions for some of the terms used in this guide. Table 1. Terminology Term Active Directory (AD) AlwaysOn Availability Group (AAG) Application blueprint Business group Database availability group (DAG) High availability (HA) Infrastructure as a service (IaaS) IT as a service (ITaaS) Definition Provided with Microsoft Windows Server as a special-purpose database or directory that is designed to store system-specific data for handling a large number of read and search operations, which are hierarchical, replicated, and extensible. A high-availability and disaster-recovery feature included with SQL Server as an enterprise-level alternative to database mirroring. Logical topology of an application for deployment in a virtual cloud. An application blueprint captures the structure of an application with logical nodes, their corresponding services and operating systems, dependencies, default configurations, and network and storage topology requirements. The blueprint is published as a catalog item in the common service catalog. A set of users, often corresponding to a line of business, department, or other organizational unit, that can be associated with a set of catalog services and infrastructure resources. A set of highly available Microsoft Exchange Server Mailbox servers that host a set of databases and provides automatic database-level recovery from failures that affect individual servers or databases. A mechanism that enables a system or infrastructure to continue providing services in the event of isolated component or resource failures. A standard set of automated resources that include compute, storage, and networking capabilities provided through a hosting company or service provider. Enterprise IT that acts and operates as a competitive service provider for an organization that has many provider options for IT services, including outsourcing companies and public cloud providers. 9

Chapter 1: Executive Summary Term Key performance indicator (KPI) Logical template Pod vra vrealize Application Services properties vrealize Automation Application Services service Web front-end (WFE) Definition A quantifiable measure that compares performance criteria, including strategic and operational goals of an organization. A predefined virtual machine definition in vrealize Application Services that can be mapped to a cloud template (and supporting services) in the cloud catalog enabling an application blueprint to remain cloud-agnostic. A collection of virtual machines that has a specific function within the Federation Enterprise Hybrid Cloud. An abbreviation for vrealize Automation used in diagrams in this guide. vrealize Application Services configuration name-value pairs for services and application components. These are variables used by scripts to set parameters and run various configurations. vrealize Application Services scripted software that can be installed on a virtual machine and reused in multiple applications. A Web-based user interface for a back-end service such as a database. It is a Web server that handles Web page requests from users. A SharePoint farm can use multiple WFE servers and a Network Load Balancer (NLB) to distribute requests for scalability and redundancy. 10

Chapter 2: Microsoft Applications Solution Architecture Chapter 2 Microsoft Applications Solution Architecture This chapter presents the following topics: Overview...12 Key components...14 Software resources...15 11

Chapter 2: Microsoft Applications Solution Architecture Overview This Federation Enterprise Hybrid Cloud for Microsoft Applications solution provides the following application-specific functionality, in addition to the core Federation Enterprise Hybrid Cloud functionality: Automated deployment, management, and protection of Microsoft applications Application monitoring during the application lifecycle Database as a service for Microsoft SQL Server (see Chapter 7) Figure 1 shows the architecture of the solution, which is deployed on a Federation Enterprise Hybrid Cloud platform and uses the Federation Enterprise Hybrid Cloud components outlined in Key components. The solution adds VMware vrealize Hyperic, a component of vrealize Operations, to monitor metrics specifically related to Exchange Server, SQL Server, and SharePoint Server. Figure 1. Federation Enterprise Hybrid Cloud reference architecture 12

Chapter 2: Microsoft Applications Solution Architecture The management, network, and tenant resources for the solution are divided into several pods, as shown in Figure 1, with each pod performing a solution-specific function: Core Pod The Core Pod hosts a core set of resources that must exist before the remainder of the cloud can be deployed. These core resources include VMware vcenter Server, Microsoft SQL Server 2012, and VMware NSX Manager. Automation Pod The Automation Pod hosts the virtual machines that automate and manage the cloud infrastructure that supports the workloads consumed by the clouds tenants. The Automation Pod supports the components responsible for functions such as the user portal and automated provisioning, monitoring, metering, and reporting. NEI Pod The NEI Pod hosts the VMware NSX Edge appliances and VMware NSX Controller nodes and becomes the convergence point at which the physical and virtual networks connect. Workload Pods The Workload Pods are configured and assigned in vrealize Automation as shared resources, to host application virtual machines deployed by the different business groups in the hybrid cloud environment. These Workload Pods are deployed as VMware vsphere clusters in VMware vcenter endpoints. VMware vrealize Application Services vrealize Application Services automates application provisioning in the Federation Enterprise Hybrid Cloud, including deploying, configuring, and updating the application's components and dependent middleware platform services. This simplifies complex deployments of both custom and packaged applications. vrealize Application Services enables you to construct application blueprints for rapid deployment of Microsoft applications on a Federation Enterprise Hybrid Cloud. These application blueprints are created in Application Services and published to the vrealize Automation service catalog. The published blueprints contain virtual machine deployment information, as well as application deployment information and ancillary scripts for deploying services to a virtual machine (Hyperic agents, for example). Virtual machine and application blueprints can apply to single systems or multiple systems, covering both bare-metal server deployments and virtual machine deployments. From predefined blueprints, you can easily deploy multitier enterprise applications that require multiple application, database, and web components, and related services. VMware vrealize Hyperic VMware vrealize Hyperic is a component of the VMware vrealize Operations Management Suite. It monitors operating systems, applications, and services running in physical, virtual, and cloud environments. vrealize Hyperic offers the unique ability to automatically discover, inventory, and monitor servers, regardless of type or location, and enables application operations teams to ensure that business-critical applications run without fail. The integration of vrealize Hyperic with vrealize Operations Manager provides a single UI for monitoring a wide range of metrics relating to the availability and use of Microsoft applications. The Management Pack for vrealize Hyperic provides metrics reports specific to Microsoft applications in vrealize Operations Manager. 13

Chapter 2: Microsoft Applications Solution Architecture Key components This Microsoft applications solution uses the following components of the Federation Enterprise Hybrid Cloud: Note: For an overview of these components, refer to the Federation Enterprise Hybrid Cloud 3.1: Foundation Infrastructure Reference Architecture Guide. Data center virtualization and cloud infrastructure VMware vsphere ESXi and VMware vcenter Server VMware vrealize Suite including: VMware vrealize Automation (vra) VMware vrealize Automation Application Services VMware vrealize Operations Manager VMware vrealize Configuration Manager VMware vrealize Business Standard VMware vrealize Log Insight VMware vcenter Orchestrator VMware NSX for vsphere or VMware vcloud Networking and Security networking EMC storage services EMC ViPR software-defined storage EMC VNX, EMC VMAX, EMC ScaleIO, EMC VPLEX, EMC Isilon, and EMC XtremIO storage platforms this guide discusses VNX and VMAX only EMC ViPR SRM EMC PowerPath /VE Data protection EMC RecoverPoint VMware vcenter Site Recovery Manager EMC Avamar and EMC Data Domain data protection platforms EMC Data Protection Advisor Data protection for Microsoft applications is discussed in a separate document. Figure 2 shows the key components of the Federation Enterprise Hybrid Cloud, with Exchange Server, SQL Server, and SharePoint Server deployed on the IT-as-a-service platform. 14

Chapter 2: Microsoft Applications Solution Architecture Figure 2. Federation Enterprise Hybrid Cloud solution components Software resources Table 2 lists the application software components and supporting services specific to this Federation Enterprise Hybrid Cloud for Microsoft Applications solution. For a complete list of Federation Enterprise Hybrid Cloud 3.1 software requirements, refer to the relevant EMC E- Lab EMC Simple Support Matrix at elabnavigator.emc.com. Table 2. Solution software requirements Software Version Notes Microsoft Windows Server 2008 R2, 2012, and 2012 R2 Supported operating systems Microsoft Exchange Server 2010 and 2013 Versions of Exchange Server supported in this solution Microsoft SharePoint Server 2010 SP2 and 2013 SP1 Versions of SharePoint Server supported in this solution Microsoft SQL Server 2008 R2, 2012, and 2014 Versions of SQL Server supported in this solution VMware vrealize Hyperic 5.8.4 A component of vrealize Operations used in this solution 15

Chapter 3: Provisioning Microsoft Applications Chapter 3 Provisioning Microsoft Applications This chapter presents the following topics: Overview...17 VMware vrealize Application Services...17 Publishing application blueprints...23 Service catalog...25 Approval policies...27 Storage service offerings...28 Provisioning Microsoft Active Directory services...30 Provisioning Microsoft Exchange...30 Provisioning Microsoft SQL Server...35 Provisioning Microsoft SharePoint Server...39 16

Overview Chapter 3: Provisioning Microsoft Applications This chapter describes how to provision Microsoft applications on a Federation Enterprise Hybrid Cloud. The Federation Enterprise Hybrid Cloud provides a foundation for successful and consistent deployments of Microsoft applications. Generic blueprints are available for each application; these can be adapted for specific organizational requirements to guarantee a standard industry level of service. This chapter describes the high-level process and methodology required to successfully deploy the applications by using vrealize Application Services with the vrealize Automation service catalog and the Federation Enterprise Hybrid Cloud selfservice portal. Figure 3 illustrates the workflow used in this solution for each of the Microsoft applications deployed. Figure 3. Workflow for publishing vrealize Application Services blueprints VMware vrealize Application Services In VMware vrealize Application Services, an application blueprint defines the logical topology of an application for deployment in a virtual cloud. The blueprint captures the structure of an application with logical nodes, their corresponding services and operating systems, dependencies, default configurations, and network and storage topology requirements. You can create an application blueprint after certain required elements are established on vrealize Application Services. The required elements include a vrealize Automation blueprint, a cloud provider, a deployment environment, one or more logical templates, and the services that contain the scripts necessary to install, customize, update, and decommission the application. vrealize Application Services provides a drag-and-drop GUI for constructing application blueprints. This enables you to quickly deploy Microsoft applications on a Federation 17

Chapter 3: Provisioning Microsoft Applications Enterprise Hybrid Cloud. The blueprints are easily transportable across Federation Enterprise Hybrid Cloud environments. You can create application blueprints for each application and set of business requirements. You can then either deploy the blueprints directly from vrealize Application Services or publish them to a specific business group in the vrealize Automation service catalog so that users can request them through the Federation Enterprise Hybrid Cloud self-service portal. For Microsoft application deployments, users can request multiple versions of Exchange Server, SQL Server, SharePoint Server, from the self-service portal. Application-related parameters can be modified prior to submitting the request. VMware Cloud Management Marketplace In vrealize Application Services, you can download published application blueprints from the VMware Cloud Management Marketplace on VMware Solution Exchange (VSX) and import them into Application Services. For more information, visit the VMware Cloud Management Marketplace. Microsoft application blueprints imported from the Marketplace provide preconfigured services and scripts for installing and customizing applications in a Federation Enterprise Hybrid Cloud environment. Figure 4 shows some of the available blueprints and services. Blueprints imported from the Marketplace can be customized to meet the requirements of the application and the business. Figure 4. VMware Cloud Management Marketplace blueprints Note: For this solution, we imported and customized some application blueprints from the Marketplace. We designed and created others specifically for the solution. Application blueprints designed for and provided with this solution are not available on the VMware Cloud Management Marketplace. Contact your EMC representative for information. Cloud providers To enable application blueprints to be published to a particular business group in vrealize Automation, a cloud provider must be registered on vrealize Application Services for that business group, as shown in Figure 5. The cloud provider enables vrealize Application Services to communicate with vrealize Automation. 18

Chapter 3: Provisioning Microsoft Applications Figure 5. Adding a cloud provider After a cloud provider is created for a specific business group, vrealize Automation blueprints can be added to that cloud provider and then to a logical template, as shown in Figure 6. Figure 6. Blueprints and logical templates added to a cloud provider in vrealize Application Services vrealize Automation blueprints vrealize Automation blueprints define important parameters such as the minimum and maximum CPU size and memory. They can also specify a reservation policy, though this can alternatively be specified in a deployment environment in vrealize Application Services. vrealize Automation blueprints also identify the virtual machine templates used for application deployments. In the example blueprint in Figure 7, the Clone from field is set to 19

Chapter 3: Provisioning Microsoft Applications use a Windows 2012 virtual machine template, and minimum and maximum values are set for the CPU and Memory parameters. Figure 7. Configuring parameters for a vrealize Automation blueprint Deployment environments Before application blueprints can be published from vrealize Application Services to vrealize Automation, a deployment environment must be configured. A deployment environment maps to one or more reservation policies in vrealize Automation, as shown in Figure 8. Figure 8. Deployment environment Application owners and business groups Application architect roles manage the deployment design in vrealize Application Services. These roles then publish application blueprints to vrealize Automation for deployment to meet business requirements. Specific users within business groups (for example, finance or HR) can be given permission to request application deployments from the vrealize Automation service catalog. These requests are then approved or denied by the application owners. 20

Chapter 3: Provisioning Microsoft Applications Logical templates A logical template is a predefined virtual machine definition in vrealize Application Service. It can be mapped to an actual cloud template and supported services in the cloud library. Logical templates enable application blueprints to remain cloud agnostic. The logical template specifies a supported operating system version to ensure that only supported services can be used when constructing an application blueprint. You can add services to a logical template when building the template. Alternatively, you can add services when designing the application blueprint. Multiple vrealize Automation blueprints can be added to one logical template. This allows application blueprints to be published with different reservation policies. Services in vrealize Application Services In vrealize Application Services, a service is scripted software that runs on a virtual machine during deployment. A service can include scripts created with Windows PowerShell, the Windows Command Prompt, or the Linux Bash shell. Similar to building a logical template, tags and a supported operating system version are required when creating a service. The same service can house multiple scripts for example, an application installation script, an application configuration script, and an application update script. Services are a fundamental element in creating application blueprints with vrealize Application Services. They are available for reuse and selection during the application blueprint creation process, as shown in Figure 9. Administrators can add properties to a service and predefine the property values. They can also mark properties as Overridable so that users can override the property values when deploying a catalog item from the self-service portal. Property values set by the user are specific to the deployed application. Figure 9 shows the Overridable option set for several properties in a service. Figure 9. Example of a service in vrealize Application Services When Microsoft applications are implemented, the scripts contained in associated services run automatically after the virtual machine is deployed. A number of services can be added to a single application blueprint and a service installation order can be specified across multiple virtual machines in the blueprint. 21

Chapter 3: Provisioning Microsoft Applications Application blueprints An application blueprint can be created after the required elements, such as a deployment environment, logical templates, and services, are established on vrealize Application Services, as shown in Figure 10. Tags are added to an application blueprint to indicate the type of service it defines and the category in which to list the service. Figure 10. Creating an application blueprint vrealize Application Services provides a drag-and-drop GUI for creating application blueprints. Users select and position logical templates on a blank canvas and drag services and application components into the logical templates. Depending on the application requirements, multiple logical templates can be added and clustered. Figure 11 shows an example of a completed application blueprint where components have been dragged from the Logical Templates and Services menus to create a reusable Microsoft application blueprint that can be deployed into the Federation Enterprise Hybrid Cloud. Figure 11. Drag-and-drop GUI in vrealize Application Services Figure 11 also shows how you can edit the compute resources and host name for a blueprint in Application Services. Depending on your requirements, the host name can be assigned randomly on each execution of a blueprint by specifying ${random}. After the application blueprint is created, it is ready to be published to the required business unit on vrealize Automation. Users can then request the Microsoft application deployment from the vrealize Automation service catalog via the Federation Enterprise Hybrid Cloud self-service portal. 22

Publishing application blueprints Chapter 3: Provisioning Microsoft Applications After application blueprints are imported or created in vrealize Application Services, they can be published to the vrealize Automation service catalog. Figure 12 shows the Deploy option used to initiate the publishing process. Figure 12. Publishing application blueprints to vrealize Automation During the publishing process, you have several opportunities to customize the application blueprint: You can use the Map Details option to ensure correlation between vrealize Application Services logical templates and vrealize Automation blueprints, as shown in Figure 13. Figure 13. Mapping template details during the blueprint publishing process You can select a default logical network or specify a cloud network for the deployment. You can change the value of service properties that are specified as Overridable in the application blueprint, as shown in Figure 14. 23

Chapter 3: Provisioning Microsoft Applications Figure 14. Editing service properties during blueprint publishing You can modify the compute resources to ensure that the Microsoft application is deployed on virtual machines that meet the performance requirements of a particular business group. The ability to edit the compute resources during publishing enables the same application blueprint to be published with different specifications. You can review the execution plan to ensure that the implementation sequence deploys the correct application services in the correct order, as shown in Figure 15. Figure 15. Reviewing the deployment plan during blueprint publishing As shown in Figure 16, the final step in the publishing process is to review all application related properties and click Publish. The name and description of the item are then published and the item is ready to add to the vrealize Automation service catalog. Figure 16. Reviewing and publishing the application blueprint Application blueprints that are published from Application Services into vrealize Automation are automatically activated. However, they are not visible in the service catalog until they are added to an applicable active service with configured entitlements and actions. 24

Service catalog Chapter 3: Provisioning Microsoft Applications The vrealize Automation service catalog lists the catalog items that an end user, application owner, or business group can request. After a request is approved, the application virtual machine is deployed and the owner is notified. Figure 17 shows examples of published applications in the service catalog for this solution. Figure 17. Viewing the vrealize Automation service catalog Figure 18 shows a subset of the catalog items for SQL Server 2014 these include multiple deployments with varying storage offerings. The SQL Server with AlwaysOn service includes items for SQL Server 2012 and 2014 with AlwaysOn Availability Groups. Figure 18. Viewing the vrealize Automation service catalog for SQL Server 2014 25

Chapter 3: Provisioning Microsoft Applications vrealize Automation services Entitled users or groups can activate and deactivate services in vrealize Automation, as shown in Figure 19. Activated services appear in the service catalog to users with the appropriate entitlements. Selecting a service displays the catalog items associated with that service. Figure 19. Viewing vrealize Automation services vrealize Automation catalog items In this Federation Enterprise Hybrid Cloud for Microsoft Applications solution, all catalog items are published from vrealize Application Services. All catalog items are linked to a service, as shown in Figure 20. Figure 20. Managing vrealize Automation catalog items vrealize Automation actions vrealize Automation actions enable administrators to specify which actions users can perform for a particular catalog item, as shown in Figure 21. This helps to control the level of actions that users can perform. For example, an administrator might want to prevent a user from being able to destroy a virtual machine, as specified by the business unit. 26

Chapter 3: Provisioning Microsoft Applications Figure 21. Viewing vrealize Automation catalog item actions vrealize Automation entitlements Entitlements in vrealize Automation control which users or groups have access to particular catalog items, as shown in Figure 22. They ensure that only specified users can request specific deployments. For example, administrators can specify that only SQL Server application owners can view and select SQL Server catalog items. Figure 22. Viewing vrealize Automation entitlements Approval policies After entitlements have been assigned to users or groups, approval policies can be created and edited in vrealize Automation and applied to particular catalog items. After an approval policy is applied to a catalog item, designated approvers receive an approval email whenever a request is submitted. The approver can then either approve or reject the request, with a justification message. The deployment proceeds after the request has been approved. Implementing approval processes provides essential control over enterprise application deployments and provides important governance over Federation Enterprise Hybrid Cloud environments. A wide range of approval policy types are available. Approvals can be configured so that a single approver or multiple approvers are required for deployments. Figure 23 shows an example of an approval request sent to an approver. 27

Chapter 3: Provisioning Microsoft Applications Figure 23. Storage service offerings Approving or rejecting a request The Microsoft applications deployed in this solution take advantage of the various storage service offerings within the Federation Enterprise Hybrid Cloud. The applications are provisioned on storage services that meet the particular workload requirements of SQL Server, SharePoint Server, and Exchange Server. In vrealize Application Services, separate deployment environments can be created with separate reservations on vrealize Automation, as described in Deployment environments on page 20. When publishing an application blueprint, you can select a deployment environment. The deployment environment ensures that the application is provisioned on the storage service offering with which the deployment environment is associated. Alternatively, as described in VMware vrealize Application Services, you select a vrealize Automation blueprint (as a logical template) when creating an application blueprint. The vrealize Automation blueprint contains multiple storage service offerings, such as SATA, all flash, and mixed storage services, as shown in Figure 24. When publishing the application blueprint, you select the storage service required for the catalog item you are creating. This enables different storage service offerings to be published from the same application blueprint, as shown in Figure 25. Figure 24. Storage service offerings for application blueprints during the publishing process When users request an application from the service catalog, they can select the catalog item that offers the appropriate storage service for the application. Figure 25 shows examples of catalog items for SQL Server 2014 with different storage service offerings. 28

Chapter 3: Provisioning Microsoft Applications Figure 25. Selecting a storage offering for SQL Server In this solution, we implemented storage service offerings by using VMAX and VNX storage arrays. The solution also supports XtremIO storage. Storage service offerings can include a dedicated storage type or mixed storage. We created the following storage service offerings based on the requirements for each Microsoft application: Option 1 Extreme performance tier with all flash drives Option 2 Balanced capacity and performance tier with FC and SAS drives Option 3 Capacity tier with large SATA and NL-SAS drives The ability to request a catalog item with the required storage service offering and compute resources ensures that applications can perform workloads with guaranteed input/output operations per second (IOPS). For example, we used the all-flash storage service for the SQL Server deployment to optimize performance, and we used the capacity storage service for the Exchange Server deployment to provide the required mailbox capacity and performance. With EMC array-based technologies such as EMC FAST Cache and EMC FAST VP, applications of varying I/O profiles can be added to storage services. These EMC storage service offerings can include different disk technologies, and can promote and demote workloads to best serve the operating requirements of an application. EMC ViPR is a key component of the Federation Enterprise Hybrid Cloud that centralizes and automates storage management on a single platform. Through the vrealize Automation service catalog, you can create volumes on ViPR and provision them to the required ESXi servers. The volumes are then used to make up reservations on vrealize Automation. This enables the storage services required for Microsoft applications to be assigned by a fully automated process. Note: For more details on the storage offerings in the Federation Enterprise Hybrid Cloud, refer to the Federation Enterprise Hybrid Cloud 3.1: Concepts and Architecture Solution Guide. 29

Chapter 3: Provisioning Microsoft Applications Provisioning Microsoft Active Directory services Cloud tenants require a Microsoft Active Directory infrastructure for successful deployments of Microsoft applications such as Exchange Server and SQL Server. Users need to provide information about their Active Directory infrastructure if it already exists. This information is necessary because these Microsoft applications are heavily integrated with Active Directory. Alternatively, administrators can deploy a new Active Directory infrastructure as described in this section. Users with the appropriate rights can choose to deploy and customize a Domain Controller to create an Active Directory domain before the application is provisioned. During deployment, the Domain Controller settings can be modified to specify an IP address, Domain Name, and administrator credentials. DNS can also be configured during Domain Controller deployment. Provisioning a new Microsoft Active Directory Domain Controller includes the following tasks: Creating a Domain Controller application blueprint in vrealize Application Services Publishing the Application Services blueprint to vrealize Automation Configuring services and entitlements for the Active Directory service To provision Microsoft Active Directory from the vrealize Automation service catalog: 1. Select a Domain Controller from the catalog and click Request, as shown in Figure 26. Figure 26. Provisioning Microsoft Active Directory from vrealize Automation Provisioning Microsoft Exchange 2. Set the required property values and click Submit. 3. After the Domain Controller is deployed, record the IP address and host name; these values are required when provisioning each Microsoft application. Microsoft Exchange Server application blueprints that are published from vrealize Application Services facilitate the deployment of multiple editions of Exchange Server across any business group within an organization, whether the business group is a highly utilized production environment or a test and development unit. These editions can be provisioned easily and are ready for use within minutes of being requested. The following are prerequisites for deploying Exchange from the Federation Enterprise Hybrid Cloud self-service portal: The Active Directory infrastructure with DNS services must exist before Exchange Server can be installed. 30

Chapter 3: Provisioning Microsoft Applications The account used to perform the Exchange installation must have the rights necessary to make changes to the Active Directory schema. Refer to Microsoft Exchange Server documentation for further information. The following options are currently available for provisioning Microsoft Exchange Server: Option 1 deploys a stand-alone Exchange Server virtual machine, with preconfigured CPU, memory, and storage resources for a specified number of users. Mailbox Server and Client Access roles are combined in this deployment. Option 2 deploys Exchange Server in a high-availability configuration as part of an Exchange database availability group (DAG), with preconfigured CPU, memory, and storage resources for a specified number of users. This option deploys two servers in a DAG with two database copies. Mailbox Server and Client Access roles are combined in this deployment. Option 3 deploys a new Exchange Server instance, with preconfigured CPU, memory, and storage resources, to an existing DAG. Mailbox Server and Client Access roles are combined in this deployment. Note: This section describes Option 1. Option 2 is described in High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud. Option 3 is described in Elasticity for Microsoft Exchange. The following Microsoft Exchange Server deployments are supported in this solution: Exchange Server 2010 Standard and Enterprise Editions on Windows Server 2012 and Windows 2008 R2 Exchange Server 2013 Standard and Enterprise Editions on Windows Server 2012 and Windows Server 2012 R2 Note: If installing a Mailbox Server role as a member of a DAG, you must use Windows Server 2012 or 2012 R2. Windows Server 2008 R2 SP 1 Standard Edition does not support the features needed for DAGs. Exchange Server application blueprints To provision a stand-alone Exchange Server virtual machine on the Federation Enterprise Hybrid Cloud, the application architect must first configure the application blueprint in vrealize Application Services. The application blueprint consists of a virtual machine template with services and custom scripts to automatically provision Exchange Server, as shown in Figure 27. In this solution, the stand-alone deployment option combines the Exchange Mailbox Server and Client Access roles on one server. For larger configurations, you can deploy separate servers to host each role. Figure 27. Exchange Server application blueprint 31

Chapter 3: Provisioning Microsoft Applications For the solution, we created the installation and customization scripts with Microsoft Windows PowerShell. Figure 28 shows the properties we created for services in the application blueprint, including the organization name, the administrator credentials, and the source location for the installation files. Note: You can customize and reuse installation scripts for multiple blueprints. Figure 28. Properties and actions for an Exchange Server 2013 application blueprint Table 3 provides details some of the service properties that can be configured in an application blueprint for Exchange Server. Other properties can be added as required. Table 3. Exchange 2013 service property values Property name Blueprint property value example Description Domain exlab.local The Active Directory domain to which Exchange Server is joined UserName Administrator Domain user account with administrator rights to install Exchange Password Password User account password SetupEXEpath c:\software\exchange Path to the folder containing the setup.exe file for the Exchange Server installation OrganizationName Exchange Exchange organization name After an Exchange Server application blueprint has been created, it can be published to vrealize Automation, as described in Publishing application blueprints. Entitlements and approval policies can then be configured for the catalog item. Implementing an approval process for an Exchange Server deployment helps to guarantee that the application is deployed based on the best practices within an enterprise. Requesting an Exchange Server virtual machine Figure 29 shows an example of a vrealize Automation service catalog that includes various items for deploying Exchange Server. The catalog items that are visible and available to a user depend on the user s assigned permissions. 32

Chapter 3: Provisioning Microsoft Applications Figure 29. Viewing service catalog items for Exchange When users initiate a request, they are prompted for a description and a reason for the deployment. The requester then has the option to modify the compute resources and the Exchange Server virtual machine hostname, as shown in Figure 30. Figure 30. Modifying Exchange Server node properties during deployment The requester can also edit the service properties specific to the Exchange Server instance and domain, as shown in Figure 31, if the properties are specified as Overridable in the application blueprint. 33

Chapter 3: Provisioning Microsoft Applications Figure 31. Viewing application parameters for Exchange Server After the user submits the request, the deployment begins. The user can view the status of the request in the Requests tab in vrealize Automation. When the deployment is complete, the state of the request changes from In Progress to Successful, as shown in Figure 32, and the user also receives a notification email. If the deployment includes an approval process, the request remains in a Pending Approval state until approved. Figure 32. Confirming a successful Exchange Server deployment vrealize Automation provides several ways to view details of the deployment. Figure 33 shows the Items > Application Deployments option. Figure 33. Viewing a provisioned Exchange Server application deployment 34

Chapter 3: Provisioning Microsoft Applications Verifying an Exchange Server deployment To verify that the requested Exchange Server catalog item was deployed correctly, the Exchange Server administrator can log in to the Exchange admin center and view details of the deployed server there, as shown in Figure 34. Figure 34. Verifying an Exchange Server deployment Provisioning Microsoft SQL Server Microsoft SQL Server application blueprints that are published from vrealize Application Services facilitate the deployment of multiple editions of SQL Server across any business group in an organization, whether the business group is a highly utilized production environment or a test and development unit. These editions can be provisioned easily and are ready for use within minutes of being requested. The following options are currently available for provisioning Microsoft SQL Server: Option 1 deploys a stand-alone SQL Server instance, with configurable CPU, memory, and storage resources for a specified number of users. Option 2 deploys SQL Server in a high-availability configuration as part of a SQL Server AlwaysOn Availability Group, with configurable CPU, memory, and storage resources for a specified number of users. Note: This section describes Option 1. Option 2 is described in High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud. The following Microsoft SQL Server deployments are supported in this solution: SQL Server 2008 R2 Enterprise, Standard, and Express Editions on Windows 2008 R2 SQL Server 2012 Enterprise, Standard, and Express Editions on Windows 2012 and Windows 2012 R2 SQL Server 2014 Enterprise, Standard, and Express Editions on Windows 2012 and Windows 2012 R2 35

Chapter 3: Provisioning Microsoft Applications SQL Server application blueprints To provision a stand-alone SQL Server instance on the Federation Enterprise Hybrid Cloud, the application architect must first configure the application blueprint in vrealize Application Services. The application blueprint consists of a virtual machine template with services and custom scripts to automatically provision SQL Server. For the solution, we created the installation and customization scripts with Microsoft Windows PowerShell. Figure 28 shows some of the properties we created for services in the SQL Server application blueprint. The service properties are used to create and build a SQL Server configuration file, which is then used to customize the installation. Figure 35. Viewing properties and actions for a SQL Server application blueprint Table 4 provides details of some of the service properties that can be configured in an application blueprint for SQL Server. Other properties can be added as required. Table 4. SQL Server service property values Property name Blueprint value example Description Domain msapps.com The Windows domain name User Administrator Domain user account with administrator rights to install SQL Server Password Password User account password Install_repository \\IP of Repository Server\Software\SQL2014\Enterprise Location of the SQL Server installation files, which can be automatically downloaded from a central repository during deployment or stored in the virtual machine template SYSADMIN_ACCOUNT SQL The Windows groups or individual accounts to add to the sysadmin fixed server role SA_PWD Password The password for the SQL Server sa account 36

Chapter 3: Provisioning Microsoft Applications Property name Blueprint value example Description Instance name Production The name of SQL Server instance User connections 4 The maximum number of simultaneous user connections that are allowed on an instance of SQL Server REMOTE_LOGIN_TIME OUT 10 The number of seconds to wait before returning from a failed login attempt to a remote server After a SQL Server application blueprint has been created, it can be published to vrealize Automation, as described in Publishing application blueprints. Entitlements and approval policies can then be configured for the catalog item. Implementing an approval process for a SQL Server deployment helps to guarantee that the application is deployed based on the best practices within an enterprise. Requesting a SQL Server virtual machine Figure 36 shows an example of a vrealize Automation service catalog that includes various items for deploying SQL Server. The catalog items that are visible and available to a user depend on the user s assigned permissions. Figure 36. Viewing service catalog items for SQL Server When users initiate a request, they are prompted for a description and a reason for the deployment. The requester then has the option to modify the compute resources and the SQL Server virtual machine hostname, as shown in Figure 37. Figure 37. Modifying SQL Server node properties during deployment 37

Chapter 3: Provisioning Microsoft Applications The requester can also edit the SQL Server service properties, as shown in Figure 38, if the properties are specified as Overridable in the application blueprint. Figure 38. Specifying service properties for SQL Server After the user submits the request, the deployment begins. The user can view the status of the request in the Requests tab in vrealize Automation. When the deployment is complete, the state of the request changes from In Progress to Successful, as shown in Figure 39, and the user also receives a notification email. If the deployment includes an approval process, the request remains in a Pending Approval state until approved, as shown in Figure 40. Figure 39. Confirming a successful SQL Server deployment Figure 40. Viewing the approval status of requests for SQL Server vrealize Automation provides several ways to view details of the deployment. Figure 41 shows the Items > Application Deployments option. Figure 41. Viewing a provisioned SQL Server application deployment 38

Chapter 3: Provisioning Microsoft Applications Verifying a SQL Server deployment To verify that the requested SQL Server catalog item was deployed correctly, a SQL Server user can connect to the virtual machine and use Microsoft SQL Server Management Studio (SSMS) to view details of the SQL Server instance that was created, as shown in Figure 42. (SSMS was installed during the deployment process for this solution.) Figure 42. Verifying a SQL Server deployment Provisioning Microsoft SharePoint Server Microsoft SharePoint Server application blueprints that are published from vrealize Application Services facilitate the deployment of multiple editions of SharePoint Server across any business group within an organization, whether the business group is a highly utilized production environment or a test and development unit. These editions can be provisioned easily and are ready for use within minutes of being requested. The following Microsoft SharePoint deployments are supported for this solution: SharePoint Server 2010 on Windows Server 2008 R2 SharePoint Server 2013 on Windows Server 2012 and Windows Server 2012 R2 SharePoint Server application blueprints To provision a SharePoint Server virtual machine on the Federation Enterprise Hybrid Cloud, the application architect must first configure the application blueprint in vrealize Application Services. The application blueprint consists of a virtual machine template with services and custom scripts to automatically provision and configure new SharePoint Server virtual machines. SharePoint Server is pre-installed on the template virtual machine. Figure 43 shows a SharePoint Server 2010 application blueprint in vrealize Application Services and some of the properties we configured for services in the blueprint. 39

Chapter 3: Provisioning Microsoft Applications Figure 43. SharePoint service properties in the SharePoint blueprint Table 5 provides details of some of the service properties that can be configured in an application blueprint for SharePoint Server. Other properties can be added as required. Table 5. SharePoint Server service property values Property name Blueprint value example Description Domain None Location of the SharePoint installation files Sitename SharePoint site name Site name DomainAccountUsername Domain user Domain account that will administer the SharePoint farm DomainAccountPassword Password SharePoint Administrator (domain account) password Port 7001 SharePoint application connection port After a SharePoint Server application blueprint has been created, it can be published to vrealize Automation, as described in Publishing application blueprints. Entitlements and approval policies can then be configured for the catalog item. Implementing an approval process for a SharePoint Server deployment helps to guarantee that the application is deployed based on the best practices within an enterprise. 40

Chapter 3: Provisioning Microsoft Applications Requesting a SharePoint Server virtual machine Figure 44 shows an example of a vrealize Automation service catalog that includes various items for deploying SharePoint Server. The catalog items that are visible and available to a user depend on the user s assigned permissions. Figure 44. Viewing service catalog items for SharePoint Server When users initiate a request, they are prompted for a description and a reason for the deployment. The requester then has the option to modify the compute resources and the SharePoint Server virtual machine hostname, as shown in Figure 45. Figure 45. Modifying SharePoint Server node properties during deployment The requester can also edit the service properties specific to the SharePoint Server instance and domain, as shown in Figure 46, if the properties are specified as Overridable in the application blueprint. Figure 46. Modifying service options for a SharePoint Server deployment 41

Chapter 3: Provisioning Microsoft Applications Verifying a SharePoint deployment After the user submits the request, the deployment begins. The user can view the status of the request in the Requests tab in vrealize Automation. When the deployment is complete, the state of the request changes from In Progress to Successful, and the user also receives a notification email. If the deployment includes an approval process, the request remains in a Pending Approval state until approved. vrealize Automation provides several ways to view details of the deployment. Figure 47 shows the Items > Machines option. Figure 47. Viewing a provisioned SharePoint application deployment To verify that the requested SharePoint Server catalog item was deployed correctly, the SharePoint administrator can log in to the SharePoint Central Admin on the virtual machine and view details of the SharePoint farm there. Configuring the SharePoint farm After verifying the deployment, the SharePoint Administrator can log in to the newly created SharePoint site to perform final site configuration. For example, the administrator must select the appropriate template for the type of SharePoint site being created. The template determines the type of site and the features that will be available on the site. Figure 48 shows an example of template selection for a Human Resources site. Figure 49 shows the permissions configured for the site. 42

Chapter 3: Provisioning Microsoft Applications Figure 48. Selecting a SharePoint template Figure 49. SharePoint site permissions 43

Chapter 4: High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud Chapter 4 High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud This chapter presents the following topics: Overview...45 vsphere High Availability...45 Microsoft Exchange DAG...45 Microsoft SQL Server with AlwaysOn Availability Groups...49 Microsoft SharePoint availability...52 44

Overview Chapter 4: High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud vsphere High Availability Microsoft Exchange DAG When enterprise applications are deployed in a hybrid cloud, application administrators want to maintain application performance and high availability by following application design best practices. Microsoft applications deployed on the Federation Enterprise Hybrid Cloud are protected at multiple levels with this solution. VMware vsphere High Availability (HA) provides crash-consistent protection at the virtual machine level. Native application features such as Exchange Server DAGs and SQL Server AlwaysOn Availability Groups (AAG) provide consistent application protection. At the infrastructure level, EMC storage automatically protects data and VMware NSX provides network redundancy. This chapter describes how to set up this solution for virtual machine and application protection with high availability. VMware vsphere delivers the high availability required by most applications running in virtual machines, independently of the operating system and application. vsphere HA provides uniform, cost-effective failover protection against hardware and operating system outages within a virtualized IT environment. vsphere HA monitors VMware vsphere hosts and virtual machines to detect hardware and guest operating system failures. It can restart virtual machines on other vsphere hosts in the cluster without manual intervention when a server outage is detected. It can also automatically restart virtual machines when an operating system failure is detected, thereby reducing application downtime. A database availability group (DAG) is a high availability (HA) and data recovery feature introduced in Exchange Server 2010. A DAG is a group of Exchange Mailbox servers (maximum 16) that provides automatic database-level recovery from a database, server, or network failure. A DAG provides a failover cluster solution for non-shared storage and uses asynchronous log shipping technology to distribute and maintain passive copies of each database in the DAG. When a new Mailbox server is added to a DAG, it works with the other servers in the DAG to provide automatic, database-level recovery from database, server, and network failures. DAGs can be extended to multiple sites to provide resilience against data center failures. Figure 50 shows the basic architecture of a DAG. Figure 50. Exchange Server database availability group 45

Chapter 4: High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud A DAG provides the high availability required for most deployments. However, if hardware failures occur, use of the remaining Exchange Client Access servers can increase as new connections are established, and DAG protection is reduced as passive databases are activated. In a vsphere deployment, vsphere HA automatically powers virtual machines back on when a hardware failure occurs, restoring availability levels quickly and maintaining balanced server usage. This section provides recommendations and directions for using vsphere HA with Exchange Server. vsphere HA with Exchange Server DAG In a physical environment, DAGs are often deployed with three or more database copies to provide protection in case of hardware failures. This level of protection introduces the additional overhead of managing multiple database copies. Virtualized Exchange Server environments are typically designed with only two database copies, and use vsphere HA and RAID storage to protect from hardware and storage failures. vsphere HA restarts a DAG member if the host experiences a hardware failure, and RAID protects databases from storage failure. When enabling a vsphere cluster for HA to protect DAG members, consider the following best practices: Members of the same DAG should not reside on the same vsphere host for an extended period when databases are symmetrically distributed between members. Allowing two members to run on the same host for a short period (for instance, after a vsphere HA event) enables database replication to resume. However, DAG members should be separated as soon as the ESXi host has been restored. To adequately protect from an extended server outage, vsphere clusters should be deployed in an N+1 configuration, where N is the number of DAG members. If a hardware failure occurs, causing vsphere HA to power on a failed DAG member, the DAG maintains the same level of protection at all times. Use anti-affinity rules to keep DAG members separated. vsphere HA might violate a rule during a power-on operation caused by a host failure, but VMware vsphere Distributed Resource Scheduler (vsphere DRS) fixes the violation during the next interval, as described in vsphere DRS and anti-affinity rules for Exchange Server virtual machines. Note: For this solution, we used the vsphere Web Client to manually configure anti-affinity rules after the Exchange virtual machines were deployed. vsphere DRS and anti-affinity rules for Exchange Server virtual machines vsphere DRS provides active monitoring and load balancing of virtual machine workloads within a vsphere cluster to deliver a more agile virtualized Exchange Server environment. vsphere DRS provides rules for keeping virtual machines apart or together on the same ESXi host or group of hosts. In an Exchange Server environment, anti-affinity rules are used to ensure that Exchange Server virtual machines with the same roles are installed apart from each other. Client Access servers in a Client Access Server (CAS) array can run on the same ESXi host, but you should use DRS rules to prevent all CAS virtual machines from running on a single ESXi host. Microsoft recommends symmetrically distributing mailbox databases among DAG members. Unlike traditional active/passive configurations, this design enables all DAG members to support active users and also reserves a portion of compute power for failover capacity. If a single DAG member fails, all remaining members might take part in supporting the failed databases. Because of this, VMware recommends that no two members of the same DAG run on the same ESXi host for an extended period. Anti-affinity rules enforce virtual machine separation during power-on operations and vsphere vmotion migrations, including when a host is entering maintenance mode. If a virtual machine is enabled for vsphere HA and a host failure occurs, vsphere HA might power on a virtual machine and, in effect, violate a DRS anti-affinity rule. This occurs 46

Chapter 4: High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud because vsphere HA does not inspect DRS rules during a recovery task. However, during the next DRS evaluation (set by default for every five minutes), vsphere migrates the virtual machine to fix the violation. Figure 51 shows the DRS anti-affinity rule for Exchange Server DAG servers. Figure 51. Anti-affinity rule for Exchange Server DAG servers Provisioning an Exchange Server DAG For this solution, we implemented high availability for Exchange Server by deploying multiple Exchange Mailbox servers in a DAG. Each Mailbox server in the DAG can have a copy of the database deployed on any Exchange Server server that is a member of the DAG. Users can initially deploy a two-member DAG and later deploy additional servers to join the DAG. The vrealize Automation service catalog includes multiple Exchange Server 2010 and Exchange Server 2013 DAG items that users can request, as shown in Figure 52. The process for publishing a DAG application blueprint to the catalog is the same as that for publishing a stand-alone application blueprint. Figure 52. Selecting an Exchange Server blueprint in vrealize Application Services 47

Chapter 4: High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud Application blueprints for Exchange Server DAG Before Exchange Server DAG items are published to the vrealize Automation service catalog, the application architect must configure the application blueprint in vrealize Application Services. Figure 53 shows a selection of Exchange Server blueprints in Application Services, including an Exchange Server DAG blueprint. Figure 53. Exchange Server DAG blueprint in vrealize Application Services Figure 54 shows the blueprint deployment workflow of two Exchange Server virtual machines with interrelated dependencies (depicted by the arrows). The installation of the two servers starts in parallel. Both servers are configured with DNS and join the Active Directory Domain. After that, Exchange Server installation begins on both servers simultaneously. When the installation completes on both servers, the DAG configuration service runs on DAG_NODE2. DAG configuration must complete on this server before DAG_NODE1 can join the DAG. Figure 54. Exchange Server DAG application blueprint Figure 55 shows the server installation portion of the deployment plan (workflow) in vrealize Application Services. This is a different workflow view that shows each active task as it runs and completes. 48

Chapter 4: High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud Figure 55. Task execution workflow for Exchange Server DAG Verifying the Exchange Server DAG deployment After deployment is complete, the Exchange administrator can log in to the Exchange admin center to perform any additional management tasks required, as shown in Figure 56. Figure 56. Viewing deployed servers in Exchange admin center Microsoft SQL Server with AlwaysOn Availability Groups The Microsoft SQL Server AlwaysOn Availability Groups feature is a high-availability and disaster-recovery solution that provides an enterprise-level alternative to database mirroring. Introduced in SQL Server 2012, AAG maximizes the availability of a set of user databases for an enterprise. An availability group supports a failover environment for a discrete set of user databases, known as availability databases, that fail over together. An availability group supports a set of read-write primary databases and one to eight sets of corresponding secondary databases. Optionally, secondary databases can be made available for read-only access and some backup operations. 49

Chapter 4: High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud Anti-affinity rules for SQL Server virtual machines Provisioning a SQL Server AAG For this solution, we manually enabled anti-affinity rules, using the vsphere Web Client, on all SQL Server virtual machines deployed. This ensures that AlwaysOn members are never located on the same ESXi host. The vrealize Automation service catalog includes multiple SQL Server AAG deployments that users can request, as shown in Figure 57. The process for publishing an AAG application blueprint to the catalog is the same as that for publishing a stand-alone application blueprint. Figure 57. Viewing SQL Server AAG catalog items in vrealize Automation Application blueprints for SQL Server AAG Before a SQL Server AAG item is published to the vrealize Automation service catalog, the application architect must configure the application blueprint in vrealize Application Services. Figure 58 shows a selection of SQL Server blueprints in Application Services, including a SQL Server AAG blueprint. Figure 58. Viewing the SQL Server AAG application blueprints 50

Chapter 4: High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud Figure 59 shows the blueprint deployment workflow of two SQL Server virtual machines with interrelated dependencies. The arrows show the first SQL Server virtual machine to join the domain and the second dependent SQL Server virtual machine to join. The installation of SQL Server 2012 and the creation of a failover cluster for AAG occur independently on each virtual machine. Note: The SQL Server virtual machines can be configured to be on the same datastore, or to be on different datastores to improve redundancy. The first SQL Server virtual machine creates a database. The SQL Agent script runs on the first SQL Server virtual machine and the dependent AAG script runs on the second SQL Server virtual machine. This completes the deployment plan required to create a full AAG deployment on two SQL Server virtual machines. Figure 59. Viewing SQL Server AAG service dependencies Figure 60 shows the server installation portion of the deployment plan (workflow) in vrealize Application Services. This is a different workflow view that shows each active task as it runs and completes. Figure 60. Reviewing the task execution workflow for SQL Server AAG Verifying the SQL Server 2012 AAG deployment After deployment, the AAG is listed in SQL Server Management Studio, as shown in Figure 61. The SQL Server application is now protected from node failure, and read-only copies can be used for backup purposes on the secondary copy. 51

Chapter 4: High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud Figure 61. Viewing the deployed availability replicas in SQL Server Management Studio Microsoft SharePoint availability As a federated application, Microsoft SharePoint Server has some built-in redundancy. For example, each SharePoint farm can have multiple web front-ends (WFEs) so that the failure of some WFEs does not lead to a farm outage or downtime for users. SharePoint Search can also be deployed redundantly (at least two copies of the Index and two copies of the Query role) so that the failure of one or more virtual machines in the farm does not cause down time. The SQL Server back end can be split among multiple smaller SQL Server virtual machines, so that at least some of the sites (ContentDBs) remain available when a SQL Server instance is down. SQL Server AlwaysOn availability groups can also be used to protect the SQL Server back end. All the virtual machines are protected at another level by vsphere HA. Figure 62 shows that vsphere HA protection is turned on for the ESX hosts that host the resources and virtual machines for the Federation Enterprise Hybrid Cloud. With this solution, SharePoint farm virtual machines are protected from ESX host failure and the protection is crash-consistent. Figure 62. SharePoint virtual machine protection by vsphere HA 52

Chapter 5: Monitoring Microsoft Applications Chapter 5 Monitoring Microsoft Applications This chapter presents the following topics: Overview...54 VMware vrealize Hyperic...54 VMware vrealize Operations Manager...56 Monitoring Microsoft Exchange Server...58 Monitoring Microsoft SQL Server...60 Monitoring Microsoft SharePoint Server...63 53

Chapter 5: Monitoring Microsoft Applications Overview VMware vrealize Hyperic This solution enables Microsoft applications residing on a Federation Enterprise Hybrid Cloud to be monitored based on the requirements of specific business groups. The solution integrates VMware vrealize Hyperic and VMware vrealize Operations Manager to provide a single UI for monitoring a wide range of metrics relating to the availability and use of Microsoft applications. To ensure that Microsoft applications deployed in a Federation Enterprise Hybrid Cloud have monitoring capabilities, each application virtual machine requires a Hyperic agent to communicate with Hyperic Server, which is the Hyperic central monitoring server. The Hyperic agent is installed seamlessly during the automated provisioning of applications requested from the vrealize Automation service catalog. vrealize Hyperic is a core component in this solution; it collects application metrics and makes them available in vrealize Operations Manager for monitoring. Hyperic is integrated with vrealize Operations Manager through a management pack. You can download the Management Pack for vrealize Hyperic from the VMware Solution Exchange. A wide range of Microsoft application metrics are enabled by default in Hyperic. Additional metrics can be enabled and viewed in vrealize Operations Manager. Custom plug-ins are also available for Microsoft applications, as shown in Figure 63. You can download these plug-ins from the VMware Solutions Exchange Marketplace. Figure 63. vrealize Hyperic Plugin Manager vrealize Hyperic agent The vrealize Hyperic agent is required to enable communications between Microsoft application virtual machines and the vrealize Hyperic Server. vrealize Application Services automates the installation of the agent on virtual machines. In this solution, we enabled automated installation of the agent by creating a Hyperic service for Windows on vrealize Application Services and adding this service to the various application blueprints published to vrealize Automation, as shown in Figure 64. In this way, all application deployments install the Hyperic agent by default. 54

Chapter 5: Monitoring Microsoft Applications Figure 64. The Hyperic service in an application blueprint Auto-discovery After a deployment has completed successfully, applications and server resources are automatically discovered. To enable vrealize Operations Manager to monitor applicationspecific counters, the application resources must be added to the Hyperic Inventory. To do this, use the Add to Inventory option on the Auto-Discovery dashboard in Hyperic, as shown in Figure 65. Figure 65. vrealize Hyperic Auto-Discovery window Resources added to the Hyperic inventory appear under the Resources tab. From there the resources can be added to a group, if required. Groups enable Microsoft assets on a Federation Enterprise Hybrid Cloud to be added as a collection of inventory resources within Hyperic. 55

Chapter 5: Monitoring Microsoft Applications VMware vrealize Operations Manager Although vrealize Hyperic is required to monitor Microsoft applications running on a Federation Enterprise Hybrid Cloud, vrealize Operations Manager provides the portal for monitoring and providing insight into the availability, use, and overall health of Exchange Server, SQL Server, and SharePoint Server deployments. In vrealize Operations Manager, you can create custom dashboards for each of the Microsoft applications to ensure that the correct metrics are being monitored for the applications, as shown in Figure 66. The metrics enabled on vrealize Operations Manager can be selected to best suit the monitoring requirements of the organization or specific business groups. In vrealize Operations Manager, you can also enable alerting based on the specific threshold requirements for each application and set up notifications to email the relevant application teams when alerts are generated. Figure 66. Example of a custom dashboard in vrealize Operations Manager Integrating Hyperic with vrealize Operations Manager To enable metrics to populate from vrealize Hyperic to vrealize Operations Manager, you must install and set up the Management Pack for vrealize Hyperic as follows: 1. Download the Management Pack from the VMware Solutions Exchange Marketplace. 2. In vrealize Operations Manager Administration, select Environment > Solutions and then click Add, as shown in Figure 67. Figure 67. Installing and configuring the Hyperic Management Pack 56

Chapter 5: Monitoring Microsoft Applications 3. Browse to and select the Management Pack. Then click Upload, as shown in Figure 68. Figure 68. Uploading the Management Pack for Hyperic 4. Follow the Add Solution wizard to complete the installation. 5. Under Solutions, click Configure to edit the adapter settings, as shown in Figure 69. Figure 69. Configuring the Management Pack for Hyperic 6. Specify the required Hyperic and vrealize Operations Manager server settings and click Test Connection, as shown in Figure 70. Figure 70. Editing Hyperic Adapter settings 7. After the test successfully completes, click Save Settings. 57

Chapter 5: Monitoring Microsoft Applications Monitoring Microsoft Exchange Server To monitor Exchange Server from vrealize Operations Manager, a custom plug-in is required on Hyperic. This plug-in is available from the VMware Solutions Exchange Marketplace and is installed using the Hyperic Plugin Manager. After the plug-in has been installed, Hyperic can monitor and report Exchange Server metrics. In this solution, when a user requests Exchange Server from the service catalog, the Hyperic agent is installed as part of the deployment. To enable Hyperic to discover and monitor Exchange Server, the Hyperic Agent on Windows must be run as a domain user with an Exchange Organization Management Role. Exchange Server metrics In this solution, you can enable a wide range of Exchange Server metrics in Hyperic to monitor specific Exchange Server deployments across business groups in a Federation Enterprise Hybrid Cloud. Individual components in Exchange Server environments, such as databases, database instances, and counters relating to Exchange Server mailboxes, can be monitored for availability, use, and performance, as shown in Figure 71. After the metrics are enabled on Hyperic, the counters are visible in vrealize Operations Manager and can be added to custom dashboards. Figure 71. Examples of Exchange Server metrics in Hyperic In vrealize Operations Manager, you can configure Exchange Server metrics as key performance indicators (KPIs), and you can configure thresholds to ensure that Exchange administrators are notified if thresholds are exceeded. The ability to monitor Exchangespecific counters, such as failed or pending deliveries, ensures that administrators can resolve potential problems quickly. You configure thresholds by creating symptom definitions and assigning these to alert definitions. KPIs are then modified in a monitoring policy, which is a set of rules that vrealize Operations Manager uses to analyze and display information about objects. Figure 58

Chapter 5: Monitoring Microsoft Applications 72 shows the Override Attributes in a monitoring policy where some KPIs have been set for Exchange Server deployments. Figure 72. Examples of Exchange Server attributes within a policy These are examples of Exchange Server 2013 metrics that you can monitor in vrealize Operations Manager: IO Database Reads/Sec IO Database Writes/Sec Client RPC Failed Failed Deliveries Per Second Pending Deliveries Note: For information about the full range of Exchange Server metrics supported by vrealize Hyperic, refer to VMware vrealize Hyperic Resource Configuration and Metrics. Microsoft Exchange Server dashboards Email is a mission-critical application and it is vital that any delays in delivery or degraded performance are identified early and the cause of the slowdown determined quickly. Custom at-a-glance dashboards for Exchange Server environments enable application teams to view the overall health and performance of Exchange Server servers, services, and mail traffic running on Federation Enterprise Hybrid Cloud. This enables potential problems to be identified before end users experience any decline in the email service. Figure 73 shows a custom dashboard that we created for this solution to monitor Exchange Server 2013 deployments. The dashboard shows the availability of Exchange Server environments as well as Exchange Server alerts and anomalies. You can create dashboards like this to suit the specific monitoring requirements of an organization. 59

Chapter 5: Monitoring Microsoft Applications Figure 73. Exchange Server dashboard Monitoring Microsoft SQL Server To monitor Microsoft SQL Server from vrealize Manager Operations, a custom plug-in is required on Hyperic. This plug-in is available from the VMware Solutions Exchange Marketplace and is installed using the Hyperic Plugin Manager. After the plug-in has been installed, Hyperic can monitor and report SQL Server metrics. When the required metrics have been enabled on Hyperic, they can be viewed in vrealize Operations Manager and added to custom dashboards. SQL Server metrics vrealize Hyperic supports a wide range of SQL Server metrics, enabling SQL Server administrators to ensure that instances and databases are performing within the expected thresholds of a business group on the Federation Enterprise Hybrid Cloud. Some metrics are enabled by default on Hyperic. Additional metrics can be turned on depending on the SQL Server monitoring needs within an organization. This solution enables valuable SQL Server metrics relating to availability, use and performance to be monitored 24x7 so that administrators can prevent potential performance or capacity related problems before they arise. In vrealize Operations Manager, you can configure SQL Server metrics as key performance indicators (KPIs), and you can configure thresholds to ensure that the relevant SQL Server administrators are notified if thresholds are exceeded. You configure thresholds by creating symptom definitions and assigning these to alert definitions. KPIs are then modified in a monitoring policy, which is a set of rules that vrealize Operations Manager uses to analyze and display information about objects. Figure 74 shows the Override Attributes page in a policy where some KPIs have been set for SQL Server metrics. 60

Chapter 5: Monitoring Microsoft Applications Figure 74. Example of SQL Server attributes within a policy These are examples of SQL Server metrics that you can monitor in vrealize Operations Manager: SQL Server Availability User Connections Transactions SQL Server Cache memory Database free percent Log Growth Note: For information about the full range of SQL Server metrics supported by vrealize Hyperic, refer to VMware vrealize Hyperic Resource Configuration and Metrics Guide. Microsoft SQL Server dashboards Custom at-a-glance dashboards for SQL Server enable application teams to monitor SQL Server instance and database metrics and trending and to easily identify and quickly correct potential problems. You can add a wide range of widgets SQL Server dashboards, each with specific metrics. Figure 75 shows the New Dashboard wizard, which you can use to create and customize dashboards to provide unique views of SQL Server instances and databases. 61

Chapter 5: Monitoring Microsoft Applications Figure 75. Creating a custom SQL Server dashboard Figure 76 shows a custom dashboard that we created for this solution to monitor alerts relating to KPIs for SQL Server-specific metrics. Figure 76. Custom SQL Server dashboard In this example, if SQL Server cache memory is underutilized for a specific period, an alert is triggered and appears on the dashboard. An email notification is also sent to the administrators responsible for the SQL Server resource that logged the alert. We included metric charts in the dashboard to monitor counters such as lock-wait times and total queries. Object relationships could also be included to ensure that the underlying virtual environments on which SQL Server instances are deployed are also being monitored. You can create dashboards like this to help plan for future workloads on SQL Server databases. 62

Monitoring Microsoft SharePoint Server Chapter 5: Monitoring Microsoft Applications To monitor Microsoft SharePoint Server from vrealize Operations Manager, a custom plug-in is required on Hyperic. This plug-in is available from the VMware Solutions Exchange Marketplace and is installed using the Hyperic Plugin Manager. After the plug-in has been installed, Hyperic can monitor and report SharePoint metrics. When the required metrics have been enabled on Hyperic, they can be viewed in vrealize Operations Manager and added to custom dashboards. SharePoint Server metrics A wide range of SharePoint Server metrics and counters can be enabled in Hyperic to monitor core SharePoint Server components such as Windows services, web server services, and cache publishing services. These metrics can be enabled for the specific requirements of an organization. Some metrics are enabled by default on Hyperic. Additional metrics can be configured to support custom dashboards for individual SharePoint Server instances or SharePoint farms. In vrealize Operations Manager, you can configure metrics as key performance indicators (KPIs), and you can configure thresholds to ensure that the relevant SharePoint administrators are notified if thresholds are exceeded. You configure thresholds by creating symptom definitions and assigning these to alert definitions. KPIs can then be modified in a monitoring policy, which is a set of rules that vrealize Operations Manager uses to analyze and display information about objects. Figure 77 shows the Override Attributes in a monitoring policy where some KPIs have been set for SharePoint 2013 metrics. Figure 77. Managing attributes within a policy These are examples of SharePoint Server metrics that you can monitor in vrealize Operations Manager: Incoming Page Request Rate Executing SQL Queries Reject Page Request Rate Responded Page Request Rate Executing Time/Page Request Note: For information about the full range of SharePoint Server metrics supported by vrealize Hyperic, refer to VMware vrealize Hyperic Resource Configuration and Metrics. 63

Chapter 5: Monitoring Microsoft Applications Microsoft SharePoint Server dashboards Custom dashboards provide an at-a-glance view of key metrics associated with SharePoint Server, enabling SharePoint administrators to easily identify any anomalies that occur and to quickly take remedial action. Figure 78 shows a custom dashboard that we created for this solution to monitor a number of SharePoint standalone servers. The dashboard includes four widgets for monitoring SharePoint services such as web services and page requests. The Container Overview widget shows the overall health and availability of SharePoint components such as Windows SharePoint Service content database (WSS_Content) and SQL Server resources. The metric charts assist in identifying any anomalies that occur. The Alert List view ensures that SharePoint alerts can be identified quickly. Notification of these alerts can also be sent to the SharePoint administrators responsible for the resources. You can create similar dashboards to monitor SharePoint farms. Figure 78. Custom SharePoint Server dashboard 64

Chapter 6: Elasticity for Microsoft Applications Chapter 6 Elasticity for Microsoft Applications This chapter presents the following topics: Overview...66 Threshold alerts...66 Elasticity for Microsoft Exchange Server...67 Elasticity for Microsoft SQL Server...69 Elasticity for Microsoft SharePoint Server...71 65

Chapter 6: Elasticity for Microsoft Applications Overview Threshold alerts The Federation Enterprise Hybrid Cloud solution enables users to scale virtual machine and application resources on demand. Users can dynamically add or remove resources as needed, based on the current requirements of the application. Multi-server applications and platforms provide another level of elasticity, enabling the addition of virtual machines to expand the service capability. For example, a Web front-end server can be dynamically added to a SharePoint farm to accommodate more users. Servers can also be retired when an application or platform no longer needs them. Federation Enterprise Hybrid Cloud elasticity provides more intelligent control over cloud resources and enables the organization to adapt to constant change and varied demands. In vrealize Operations Manager, you can configure application-specific alerts and thresholds. You can also configure email notification so that the correct application personnel are alerted when thresholds are breached. Alerts and notifications enable administrators to easily identify over- and under-used resources and to quickly scale application resources up or down when required. You can view alerts on the Alerts page in vrealize Operations Manager, as shown in Figure 79. You can also view them in custom dashboards. Figure 79. Alerts overview page You can configure alerts so that they are triggered based on thresholds set in symptom definitions. Different application servers running on Federation Enterprise Hybrid Cloud might have different threshold requirements for application-specific counters. You can create symptom definitions to contain a specific set of attributes. For each of the metrics used to monitor Microsoft applications, you can configure thresholds and KPIs to ensure that essential counters are operating in accordance with the requirements of a business group. 66

Chapter 6: Elasticity for Microsoft Applications Elasticity for Microsoft Exchange Server When an Exchange Server administrator submits a request to add a server to the infrastructure, the request can be fulfilled by deploying a new Mailbox server that will be automatically added to an existing DAG. After the server is deployed, the Exchange administrator has full control of the server and can manually configure database replication options and other properties as needed. The deployment process starts with the configuration of an application blueprint in vrealize Application Services and publication of the blueprint to vrealize Automation. The application blueprint shown in Figure 80 is designed specifically to add a new Exchange Server 2013 instance to an existing DAG. Figure 80. Blueprint for Exchange 2013 DAG expansion Figure 81 shows the blueprint services, each with configuration properties and actions that run a PowerShell script. The scripts add the new Exchange Server virtual machine to an existing Windows Domain and specified DAG. Figure 81. Exchange 2013 DAG expansion blueprint services Figure 82 lists the required property values for the Exchange DAG expansion service that is included in the Exchange DAG expansion application blueprint. Administrators can edit these properties in vrealize Application Services to customize an installation. When requesting the 67

Chapter 6: Elasticity for Microsoft Applications service, users can change the property values, if the properties are specified as Overridable in the application blueprint. Figure 82. Exchange 2013 DAG expansion service properties After the blueprint is published to the vrealize Automation service catalog, users with the correct permissions can request it, as shown in Figure 83. Figure 83. Exchange DAG expansion service catalog item After initiating a request for the Exchange DAG expansion catalog item, the user is prompted for a description and a reason for the deployment, as shown in Figure 84. Figure 84. Exchange DAG expansion catalog item properties The user can then edit the node properties to correctly size the virtual machine and to specify its host name. The service properties provide further control over where and how the new Exchange Server virtual machine is deployed. The user can accept the default values or change the values if they are specified as Overridable in the application blueprint. 68

Chapter 6: Elasticity for Microsoft Applications Figure 85 shows the node and service properties for the Exchange DAG expansion catalog item. Figure 85. Node and service properties for the Exchange DAG expansion blueprint After successful deployment, the new Exchange Server virtual machine is visible to the user in the vrealize Automation Items tab. At this stage, the Exchange administrator can perform any necessary configuration actions for example, configuring database replication to the newly deployed server. Elasticity for Microsoft SQL Server SQL Server application administrators can use vrealize Operations Manager alerting and notification, as shown in Figure 86, to identify when they need to increase or decrease the resources used by a SQL Server deployment. For example, in this solution we implemented alert thresholds to notify the relevant SQL Server administrators when CPU usage drops below 20 percent for a specific number of wait cycles. 69

Chapter 6: Elasticity for Microsoft Applications Figure 86. SQL Server alert When an alert is triggered, the administrator can take remedial action by using vrealize Automation to decrease the amount of CPU resources used by the SQL Server virtual machine and so free up CPU resources in the Federation Enterprise Hybrid Cloud for use by applications that require additional compute assets. Figure 87 shows an example of a request to change the number of CPUs from four to two. The reconfiguration process requires a reboot of the SQL Server virtual machine; this can be set up as a scheduled task in vrealize Automation. The administrator can view the status of the request on the Requests tab in vrealize Automation. Figure 87. Editing CPU resources for SQL Server This example demonstrates how the combination of vrealize Operations monitoring and vrealize Automation self-service provisioning enables SQL Server deployments on the Federation Enterprise Hybrid Cloud to be scaled up or down depending on the requirements of a business group. 70

Chapter 6: Elasticity for Microsoft Applications Elasticity for Microsoft SharePoint Server For a federated platform like SharePoint Server, application administrators can easily add a virtual machine to expand the capacity of a farm to allow more users to connect. Specific SharePoint roles, such as WFE, Excel Services, and Search, can be added as needed so that the farm adapts directly to changing requirements. In this solution, for example, we implemented alert thresholds to notify the relevant SharePoint administrators when CPU usage on a WFE in the SharePoint Intranet farm goes above 80 percent. The custom vrealize Operations Manager dashboard in Figure 88 shows the threshold being exceeded. When an alert is triggered, the administrator can take remedial action by adding one or more WFEs to the SharePoint farm to accommodate more users during the busy period. When the busy period is over, the extra WFE can be removed so that resources are not wasted. Figure 88. Monitoring CPU usage for a SharePoint WFE in vrealize Operations Manager The process for deploying additional SharePoint WFEs starts with the publication of a prepared application blueprint from vrealize Application Services to the vrealize Automation service catalog. The blueprint we created for SharePoint 2010 is designed specifically to add a WFE to the existing, multi-virtual machine SharePoint 2010 Intranet farm, as shown in Figure 89. The blueprint we created for SharePoint 2013 is designed specifically to add a WFE to the existing, multi-virtual machine SharePoint 2013 Intranet farm. The process for creating the blueprints and deploying the virtual machines is the same for both SharePoint versions. 71

Chapter 6: Elasticity for Microsoft Applications Figure 89. SharePoint application blueprint Figure 90 shows the blueprint properties and an Install action that runs a PowerShell script to add the new virtual machine as a WFE to the farm. If required, the blueprint script could be also set up to add the WFE to DNS or a load balancer so that user traffic is intelligently redirected to the new WFE as part of the WFE group. This can also be done manually after deployment. Figure 90. SharePoint Application blueprint properties and actions After the blueprint is published to the vrealize Automation service catalog, users with the correct permissions can request it to add a WFE, as shown in Figure 91. 72

Chapter 6: Elasticity for Microsoft Applications Figure 91. Selecting the Add WFE to SharePoint 2010 item from the service catalog After initiating a request for the Add WFE catalog item, the user is prompted for a description and a reason for the deployment, as shown in Figure 92. The user can then edit the node properties to correctly size the virtual machine being deployed, as shown in Figure 93. Figure 92. SharePoint 2010 request information Figure 93. SharePoint 2010 node properties The service properties provide further control over where and how the new virtual machine is deployed, as shown in Figure 94. The user can accept the default values or change the values if they are specified as Overridable in the application blueprint. 73

Chapter 6: Elasticity for Microsoft Applications Figure 94. SharePoint 2010 service properties After successful deployment, the new virtual machine is visible to the user in the Machines tab, as shown in Figure 95. Figure 95. Provisioned SharePoint 2010 virtual machines in vrealize Automation The blueprint script automatically adds the new virtual machine to the SharePoint farm and sets it up as a WFE, as shown in Figure 96. Within a few minutes, the new WFE is ready to service user requests. 74

Chapter 6: Elasticity for Microsoft Applications Figure 96. SharePoint 2010 Farm information After the new WFE has completed its task and accommodated the user load during the busy period, it might not be used again until the situation reoccurs. In this case, the administrator can retire the additional WFE and allow its resources to be used for other cloud services. The WFE must first be removed from the SharePoint farm and DNS/load balancers, so that it is no longer servicing requests. The administrator or user can then choose to destroy the virtual machine in vrealize Automation, as shown in Figure 97. Figure 97. Options for virtual machines in vrealize Automation The Destroy action shuts down and deletes the virtual machine and returns all its reservations to the reservation pool. During the next busy period, the same catalog item and properties can be used to add a WFE to the farm again. 75

Chapter 7: Database as a Service with Microsoft SQL Server Chapter 7 Database as a Service with Microsoft SQL Server This chapter presents the following topics: Overview...77 Publishing DBaaS resource actions...78 Creating Microsoft SQL Server instances...79 Creating Microsoft SQL Server user databases...81 Deleting a Microsoft SQL Server user database...83 Deleting a Microsoft SQL Server instance...85 Managing Microsoft SQL Server AlwaysOn Availability Groups...86 76

Overview Chapter 7: Database as a Service with Microsoft SQL Server This Microsoft applications solution includes Database as a service (DBaaS) for Microsoft SQL Server, which is enabled by installing SQL Server DBaaS vrealize Orchestrator workflows. DBaaS enables rapid, on-demand provisioning of SQL Server instances and databases on virtual machines that are deployed on the Federation Enterprise Hybrid Cloud. Users perform these operations from the vrealize Automation service catalog, which also provides a centralized location to manage instances and databases for individual business groups. The DBaaS functionality extends to the SQL Server AlwaysOn Availability Groups feature used for high availability and disaster recovery. Databases can be added to or removed from existing availability groups through the self-service portal. DBaaS offers many advantages for SQL Server deployments, including faster provisioning of new databases and instances and automated administration processes for delivering databases and instances. Also, by using approval polices, the provisioning of SQL Server instances and databases can be outsourced to non-database administrators. In this case, a request does not progress until it has been approved by the assigned database administrator or group of administrators. Approval policies provide greater change control over instances and databases provisioned on a Federation Enterprise Hybrid Cloud. Figure 98 shows the relationship between virtual machines, SQL Server instances, and SQL Server user databases. Figure 98. SQL Server virtual machines, instances, and user databases The following DBaaS tasks can be performed on a Federation Enterprise Hybrid Cloud after a SQL Server virtual machine has been provisioned: Creating a Microsoft SQL Server database Creating a Microsoft SQL Server instance Deleting a Microsoft SQL Server database Deleting a Microsoft SQL Server instance Adding a database to an AlwaysOn Availability Group Removing a database from an AlwaysOn Availability Group The following Microsoft SQL Server versions are supported in this DBaaS solution: Microsoft SQL Server 2014 Enterprise, Standard, and Express Microsoft SQL Server 2012 Enterprise, Standard, and Express Microsoft SQL Server 2008 R2 Enterprise, Standard, and Express Note: For Microsoft SQL Server 2008 R2, DBaaS actions are supported with Windows Server 2008 R2 only. Also, Microsoft SQL Server 2008 R2 does not support AlwaysOn Availability Group functionality; this feature was introduced in Microsoft SQL Server 2012. 77

Chapter 7: Database as a Service with Microsoft SQL Server Publishing DBaaS resource actions For this solution, we developed vcenter Orchestrator workflows for all the supported postprovisioning DBaaS operations. These workflows are added to vrealize Automation as resource actions, which are then published to the vrealize Automation service catalog. Entitlements and approval policies can then be configured for the catalog items. Entitlements provide access control over machine and service blueprint actions, enabling access to be restricted to DBaaS (SQL Server) actions. Approval polices enable DBaaS actions to be performed by non-database administrators. To publish resource actions: 1. Log in to vrealize Automation as a user with service architect privileges. 2. Select Advanced Services > Resource Actions. 3. Select the resource actions identified as Draft, as shown in Figure 99. 4. Click Publish. Figure 99. Publishing a resource action To entitle DBaaS (SQL Server) resource actions: 1. Select Advanced Services > Catalog Management > Entitlements. 2. Select the entitlement to which you want to assign the resource actions. 3. Click Items & Approvals. 4. Click the Add icon for Entitled Actions, as shown in Figure 100. This displays a list of resource actions. Figure 100. Assigning resource actions to an entitlement 5. Select the DBaaS (SQL Server) resource actions. 78

Chapter 7: Database as a Service with Microsoft SQL Server 6. If required, select an approval policy. In this solution, we assigned approval polices to all DBaaS (SQL Server) resource actions. As a result, requests remain in a pending approval state until all approvers have approved them. 7. Click OK. The resource actions are now entitled to the user or group of users identified in the entitlement and are included in the service catalog for those users. After a SQL Server machine is provisioned, entitled users can request any of the DBaaS (SQL Server) actions. Creating Microsoft SQL Server instances Users can provision SQL Server instances on a virtual machine after the machine is deployed. The functionality developed for this solution enables users to provision multiple instances within a single request. This significantly speeds up the provisioning process. Note: To create an additional SQL Server instance, the requester must know the location of the SQL Server installation binaries. This property is used to identify the SQL Server version of the new instance. To create one or more Microsoft SQL Server instances from vrealize Automation: 1. Under Machines, select a SQL Server virtual machine and then select Create SQL Server Instance from the Actions menu, as shown in Figure 101. Figure 101. Selecting the Create SQL Server Instance action 2. Under Request Information, specify a description and a reason for the request. If an approval policy is associated with the Create SQL Server Instance action, these details provide important information to the assigned approvers. 3. Under SQL Server Information, specify a username and password. The user credentials must have login privileges on the SQL Server virtual machine. 4. The Create SQL Server Instance tab lists all existing SQL Server instances to which the requester has login rights, and includes the name and SQL Server version of each instance. To create a new instance: a. Type the name of the instance and click the Add icon, as shown Figure 102. Repeat this action to request multiple instances. b. Specify the location of the SQL Server binaries. 79

Chapter 7: Database as a Service with Microsoft SQL Server Figure 102. Creating a SQL Server instance 5. Click Submit to complete the request. The requester can view the status of the request on the Requests tab in vrealize Automation, as shown in Figure 103. If an approval policy is associated with the DBaaS action, the request remains in a Pending Approval state until all approvers have approved the request. Figure 103. Request completed successfully When the request has completed successfully, details of the new instances can be viewed in Microsoft SQL Server Management Studio, as shown in Figure 104. Figure 104. Viewing SQL Server instances in Microsoft SQL Server Management Studio 80

Creating Microsoft SQL Server user databases Chapter 7: Database as a Service with Microsoft SQL Server Users can provision SQL Server user databases on the default SQL Server instance created during the initial deployment of a SQL Server virtual machine or on any instance created during the lifecycle of the virtual machine. To create one or more SQL Server databases from vrealize Automation: 1. Under Machines, select a SQL Server virtual machine and then select Create SQL Server Database from the Actions menu, as shown in Figure 105. Figure 105. Selecting the Create SQL Server Database action 2. Under Request Information, specify a description and a reason for the request. If an approval policy is associated with the Create SQL Server Database action, these details provide important information to the assigned approvers. 3. Under SQL Server Information, specify a username and password. The user credentials must have login privileges on the SQL Server virtual machine. 4. Under Create SQL Server Database, from the Instance Name list, select the instance on which you want to create the new databases. The list includes all existing SQL Server instances to which the requester has login rights on the selected virtual machine, as shown in Figure 106. Figure 106. Selecting a SQL Server instance 5. Type a name for the database you are creating and click the Add icon, as shown in Figure 107. 81

Chapter 7: Database as a Service with Microsoft SQL Server Figure 107. Creating a SQL Server database 6. Click Submit to complete the request. The requester can view the status of the request on the Request tab in vrealize Automation, as shown in Figure 108. If an approval policy is associated with the DBaaS action, the request remains in a Pending Approval state until all approvers have approved the request. Figure 108. Create SQL Server Database Request in progress When the request has completed successfully, details of the new database can be viewed in Microsoft SQL Server Management Studio, as shown Figure 109. Figure 109. Viewing SQL Server databases in Microsoft SQL Server Management Studio 82

Deleting a Microsoft SQL Server user database Chapter 7: Database as a Service with Microsoft SQL Server Users can delete SQL Server user databases deployed on the Federation Enterprise Hybrid Cloud via the self-service portal. EMC recommends that you take a full backup of a database before deleting it. To delete a SQL Server database: 1. Under Machines, select the relevant SQL Server virtual machine and select Delete SQL Server Database from the Actions menu, as shown in Figure 110. Figure 110. Selecting the Delete SQL Server Database action 2. Under Request Information, specify a description and a reason for the request. If an approval policy is associated with the Delete SQL Server Database action, these details provide important information to the assigned approvers. 3. Under SQL Server Information, specify a username and password. The user credentials must have login privileges on the selected SQL Server virtual machine. 4. Under Delete SQL Server Database, from the Instance Name list, select the instance from which you want to delete the database. The list includes all existing SQL Server instances to which the requester has login rights on the selected virtual machine, as shown in Figure 111. Figure 111. Selecting a SQL Server instance 5. After you select an instance, the Database field lists all the existing user databases on the instance, as shown in Figure 112. 6. Select the database you want to delete. 83

Chapter 7: Database as a Service with Microsoft SQL Server Figure 112. Selecting a database for deletion 7. On the Summary tab, review the details of the request to confirm that you are deleting the correct database, and then click Submit. The requester can view the status of the request on the Requests tab in vrealize Automation, as shown in Figure 113. If an approval policy is associated with the DBaaS action, the request remains in a Pending Approval state until all approvers have approved the request. Figure 113. Delete SQL Server Database request pending approval Figure 114 shows an example of the request notification to approvers for approval or rejection. When the request has been approved by all approvers, the request proceeds to completion. Figure 114. Approving a request 84

Deleting a Microsoft SQL Server instance Chapter 7: Database as a Service with Microsoft SQL Server In this solution, users can delete Microsoft SQL Server instances deployed on the Federation Enterprise Hybrid Cloud via the self-service portal. EMC recommends that you take a full backup of an instance and associated files prior to deleting the instance. Note: To delete a SQL Server instance, the requester must know the location of the SQL Server installation binaries that correspond to the version of SQL Server that the instance is running for example, Microsoft SQL Server 2014 Enterprise Edition. To delete a SQL Server instance: 1. Under Machines, select the relevant SQL Server virtual machine and then select Delete SQL Server Instance from the Actions menu, as shown in Figure 115. Figure 115. Selecting the Delete SQL Server Instance action 2. Under Request Information, specify a description and a reason for the request. If an approval policy is associated with the Delete SQL Server Instance action, these details provide important information to the assigned approvers. 3. Under SQL Server Information, specify a username and password. The user credentials must have login privileges on the selected SQL Server virtual machine. 4. Under Delete SQL Server Database, from the Instance Name list, select the instance you want to delete, as shown in Figure 116. The list includes all existing SQL Server instances to which the requester has login rights on the selected virtual machine. Figure 116. Selecting a SQL Server instance for deletion 5. In the Setup.exe box, type the location of the SQL Server binary files, as shown in Figure 117. In this solution, the binary files are stored on a network share. 85

Chapter 7: Database as a Service with Microsoft SQL Server Figure 117. Specifying the location of the SQL Server setup files 6. On the Summary tab, review the details of the request to confirm that you are deleting the correct instance, as shown in Figure 118, and then click Submit. Figure 118. Summary tab for deleting a SQL Server instance The requester can view the status of the request on the Requests tab in vrealize Automation. If an approval policy is associated with the DBaaS action, the request remains in a Pending Approval state until all approvers have approved the request. Managing Microsoft SQL Server AlwaysOn Availability Groups This solution supports the automated provisioning of Microsoft SQL Server AlwaysOn Availability Groups through the self-service portal, as outlined in Chapter 4: High Availability for Microsoft Applications on Federation Enterprise Hybrid Cloud. With the solution s DBaaS functionality, users can add databases to and remove databases from an AAG. This greatly simplifies and speeds up these operations, providing greater protection for SQL Server databases deployed within business groups. Adding a database to an AAG To add a database to a SQL Server AAG: 1. Under Machines, select the primary node of the SQL Server AAG and select Add Database to SQL Server AAG from the Actions menu, as shown in Figure 119. Figure 119. Selecting the Add Database to SQL Server AAG action 86

Chapter 7: Database as a Service with Microsoft SQL Server 2. As for the other DBaaS (SQL Server) resource actions, specify a description and reason for the request and a username and password. The user credentials used must have login privileges on the SQL Server virtual machine. 3. Under Add Database to SQL Server AAG, as shown in Figure 120: a. Specify the Backup Location for the SQL Server database. This is a network share to which the database will be backed up when it is added to the selected AAG. b. From the Instance Name list, select the relevant SQL Server instance. c. From the Availability Group list, select the availability group to which you want to add the database. The list includes all the availability groups on the selected instance. d. From the Database list, select the database to add to the availability group. The list includes all existing databases to which the requester has login rights on the selected instance. Figure 120. Adding a database to a SQL Server AAG 4. Click Submit to complete the request. The requester can view the status of the request on the Requests tab in vrealize Automation, as shown in Figure 121. If an approval policy is associated with the DBaaS action, the request remains in a Pending Approval state until all approvers have approved the request. Otherwise, the status of the request is displayed as In Progress. Figure 121. Add database to SQL Server AAG request status When the request has completed successfully, details of the database added to the AAG can be viewed in Microsoft SQL Server Management Studio, as shown in Figure 122. The synchronization state is Synchronized. 87

Chapter 7: Database as a Service with Microsoft SQL Server Figure 122. Synchronization state of a database added to an AAG Removing a database from an AAG To remove a database from a SQL Server AAG: 1. Under Machines, select the primary node of the SQL Server AAG and select Remove Database from SQL Server AAG from the Actions menu, as shown in Figure 123. Figure 123. Selecting the Remove Database from SQL Server AAG action 2. As for the other DBaaS (SQL Server) resource actions, specify a description and reason for the request and a username and password. 88

Chapter 7: Database as a Service with Microsoft SQL Server 3. Under Remove Database from SQL Server AAG, as shown in Figure 124: a. From the Instance Name list, select the relevant SQL Server instance. The list includes all existing SQL Server instances to which the requester has login rights on the selected virtual machine. b. From the Availability Group list, select the availability group from which you want to remove the database. The list includes all the availability groups to which the requester has login rights on the selected instance. c. From the Database list, select the database to remove from the availability group. Figure 124. Removing a database from a SQL Server AAG 4. On the Summary tab, review the details of the request to confirm that you are removing the correct database. The details include the state of the secondary replicas when the request completes, as shown in Figure 125. Figure 125. Summary tab for removing a database from a SQL Server AAG 5. Click Submit to complete the request. The requester can view the status of the request on the Requests tab in vrealize Automation. If an approval policy is associated with the DBaaS action, the request remains in a Pending Approval state until all approvers have approved the request, as shown in Figure 126. Figure 126. Request in a pending approval state 89

Chapter 7: Database as a Service with Microsoft SQL Server Figure 127 shows an example of the request notification to approvers. When the request has been approved by all approvers, the Remove Database from a SQL Server AAG action proceeds to completion. Figure 127. Approving a request 90

Chapter 8: Conclusion Chapter 8 Conclusion This chapter presents the following topics: Summary...92 Findings...92 91

Chapter 8: Conclusion Summary This Federation Enterprise Hybrid Cloud solution for Microsoft Applications solution supports on-demand provisioning and management of Microsoft applications, including Exchange Server, SQL Server, and SharePoint Server, from a self-service portal. vrealize Application Services are used to configure application blueprints that contain the necessary scripts to install and customize the application deployments. These scripts can be modified to suit the needs of the application and the business. Application administrators can deploy applications on storage services and virtual resources that optimize the performance needs of the application. They can also use the solution s monitoring capabilities to ensure consistent service levels for the applications and their underlying virtual infrastructure. Alerts and email notification enable administrators to easily identify over- and under-used resources and to quickly scale application resources up or down when specific thresholds are breached. This offers a truly elastic solution for the cloud. The solution includes DBaaS functionality that enables rapid, on-demand provisioning of new SQL Server instances and databases, including adding databases to AlwaysOn Availability Groups. Findings This solution enables Microsoft applications to be deployed across any business group running on the Federation Enterprise Hybrid Cloud. The following are key findings of this solution: Accelerated and automated provisioning The solution s self-service portal enables users to provision Microsoft applications on selectable infrastructure resources, on demand. High availability vsphere HA clusters and vsphere DRS, in combination with Exchange DAG and SQL Server AAG, protect Microsoft applications running on the Federation Enterprise Hybrid Cloud. Monitoring vrealize Hyperic, in combination with vrealize Operations Manager, enables administrators to monitor the realtime health, performance, and usage of Microsoft applications through custom dashboards. Notifications Automatic email notification ensures that application administrators are alerted when resource or performance thresholds are breached so that potential problems can be quickly resolved. Elasticity Users can add resources on demand to meet the requirements of an application, including adding a DAG copy to an Exchange Server virtual machine and a WFE to a SharePoint farm. These operations are fully automated. When no longer needed, application resources can be retired and freed up for use by other cloud services. Database as a service The solution s SQL Server DBaaS functionality enables database administrators to rapidly create and delete SQL Server instances and databases on demand, and to add databases to or remove databases from existing AAG availability groups. 92

Chapter 9: References Chapter 9 References This chapter presents the following topics: EMC documentation...94 VMware documentation...94 Microsoft documentation...94 93

Chapter 9: References EMC documentation VMware documentation Microsoft documentation The following documents, located on the EMC Online Support or EMC.com websites, provide additional and relevant information. Access to these documents depends on your login credentials. If you do not have access to a document, contact your EMC representative. Federation Enterprise Hybrid Cloud Solution documentation (see Essential reading) Microsoft Exchange Server Best Practices and Design Guidelines for EMC Storage Microsoft SQL Server Best Practices and Design Guidelines for EMC Storage Microsoft SharePoint Best Practices and Design Guidelines for EMC Storage Refer to the following documentation on the VMware website: VMware vrealize Automation documentation VMware vrealize Operations Manager documentation VMware vrealize Application Services documentation VMware vrealize Hyperic documentation VMware vcenter Hyperic Resource Configuration and Metrics Microsoft Exchange 2013 on VMware Best Practices Guide Microsoft Exchange 2013 on VMware Design and Sizing Guide Microsoft Exchange 2013 on VMware Availability and Recovery Options Guide Best Practices for Virtualizing and Managing SharePoint 2013 SharePoint 2010 on VMware Best Practices Guide (PDF) SQL Server on VMware Best Practices Guide (PDF) Refer to the following documentation on the Microsoft TechNet website: Microsoft Windows Server documentation Microsoft Active Directory documentation Microsoft SQL Server documentation Microsoft Exchange Server documentation Microsoft SharePoint documentation 94