Skip to main content

SQL Server on VMware vSphere Best Practices: Host, Disk, CPU and Memory Considerations

Part 1: SQL Server on VMware vSphere Best Practices: Host, Disk, CPU and Memory Considerations
Part 2: SQL Server on VMware vSphere Best Practices: Availability Group, Licensing and Other Considerations

I realized recently that I never documented my process for designing high-performance Microsoft SQL environments on VMware vSphere. For the most part, what you’re about to read is a brain dump, and is intended to serve as an outline. Please make sure that you research all of the configurations for your specific deployment requirements, rather than take everything I say and dump it in to your shiny new Microsoft SQL environment. In Part 1, we’ll dive into some of the more common settings and configurations that are done in a virtualized SQL environment.

ESXi Host Considerations

Power Management

A good rule of thumb is to set Power Management to High Performance on the ESXi host. This needs to be done both in the BIOS and from within the vSphere Client to take effect.

Second Level Address Transaltion (SLAT)

It’s necessary that the host supports Second Level Address Transaltion. Most 64-bit processors support this technology. When referencing Intel processors, SLAT = Extended Page Tables. When referencing AMD processors, SLAT

Read More

Homelab Considerations: Storage Simulators for Your Homelab

Part 1: Homelab Considerations: Software Licensing for Your Homelab
Part 2: Homelab Considerations: Storage Simulators for Your Homelab

In Part 2 of the Homelab Considerations series, we’ll be talking about storage simulators. Storage simulators will help you familiarize yourself with various enterprise storage offerings that you would typically see attached to a vSphere environment. We’re going to cover each Virtual Storage Appliance (VSA) I’ve been able to find, where and how to download those VSAs, and how to set them up in an environment.

In any virtual environment, you need a few key things:

  • Servers, or compute
  • Networking, or routers and switching
  • Storage, or a centralized box of hard disks to store all of the infrastructure on

If you’re testing an application, OS or the network infrastructure in your environment, you’re probably fine putting the infrastructure on local storage if you have a decently sized hard drive and can thin provision the disk. If you’re in the market to learn how enterprise data centers and cloud technologies work, especially with VMware vSphere, you will need dedicated shared storage for your homelab infrastructure in order to use most of those enterprise features. Not all of us can build out a homelab …

Read More

Homelab Considerations: Software Licensing for Your Homelab

Part 1: Homelab Considerations: Software Licensing for Your Homelab
Part 2: Homelab Considerations: Storage Simulators for Your Homelab

So I’ve been digging into how to license enterprise software for my homelab, and I thought I’d share some of what I’ve found. Some people choose to go the route of getting below-board licensing for enterprise software, but I’m not one of those people. For those of us who want a legitimate software footprint on their network, this post is for you. We are not going to cover how to build your homelab, or what storage you should use. We are going to cover how to license your  homelab at little or no cost to you, including your choices for legally licensing products from VMware, Microsoft, Veeam and more.

VMware Licensing

Let’s start the conversation by talking about VMware, since virtualization is the main focus of this blog. While VMware does offer their ESXi hypervisor for free, that doesn’t include some of the enterprise features like access to APIs, and the rest of the vSphere suite. In terms of licensing, the cheapest way to get a production copy of VMware for an enterprise is vSphere Essentials, which costs $560 at the …

Read More

Group Policy Security Filtering

An administrator can add both computers and users to security groups. Then the administrator can specify which security groups are affected by the GPO by using the Access Control List (ACL) editor. To start the ACL editor, select the Security tab of the property page for the GPO. Then set access permissions using discretionary access control lists (DACLs) to allow or deny access to the GPO by specified groups. By changing the Access Control Entries (ACEs) within the DACL, the effect of any GPO can be modified to exclude or include the members of any security group. For more information about security groups, see How Security Groups are Used in Access Control.

To apply a GPO to a specific group, both the Read and Apply Group Policy ACEs are required. By default, all Authenticated Users have both these permissions set to Allow. Because everyone in an organizational unit is automatically an Authenticated User, the default behavior is for every GPO to apply to every Authenticated User. However, domain administrators, enterprise administrators, and the LocalSystem account already have full control permissions, by default, without the Apply Group Policy ACE. Therefore, because administrators are also …

Read More

Group Policy WMI Filtering

Group Policy WMI Filtering was introduced with Windows XP, and is a great way to add a decision on when to apply a given group policy. WMI Filters, written in WMI Query Language (WQL), allow an administrator to specify a WMI-based query to filter the application of a GPO. WMI Filtering can be very useful when users or computers are located in a relatively flat OU structure in Active Directory, for example. WMI Filters can also allow you to apply specific policies based on server roles, operating system version, network configuration, and other criteria. Windows evaluates these filters in the following order of overall Group Policy Processing:

  1. Policies are located in hierarchy.
  2. The WMI Filters are checked.
  3. The security settings are checked.
  4. A policy is either filtered or applied depending on the results of the previous checks.

Breakdown: We locate all of the policies that exist in the user or computer’s Local, Site, Domain, and OU hierarchy. We then determine if the WMI Filter (if any are defined) returns TRUE. We then verify that the user or computer has both Read and Apply group policy permissions for the GPO. Once all of that is validated, the group policy is …

Read More

Group Policy Best Practices

I thought it might be useful to outline the approach that I take to designing group policy infrastructure in environments that I manage. Architecting group policy can be a daunting and time consuming task, so it’s good to know how it works before you start. All of what you’re about to read was gathered from Microsoft documentation, and should be accurate to the date of this writing. Everything you’re about to read has been compiled over the last 10 years from a combination of Microsoft best practices and real world experiences tweaking GPOs in production environments.

I use the terms functional and monolithic to describe the two possible approaches:

  • Functional GPOs Contain one or more settings from a single policy area and often target a single function (e.g., Browser Security, Workstation Lock)
  • Monolithic GPOs Contain a variety of settings from multiple policy areas (e.g., Administrative Templates, security, Group Policy preferences)

The majority of the corporate environments I’ve managed contain Functional GPOs when I start. Most environments should have a mix of both Monolithic and Functional GPOs. This is driven by factors such as the need for delegating certain GPOs to a particular business unit administrator, the desire to manage …

Read More

VMware Tagging and Why You Should Care

VMware Tags were introduced with vSphere 5.1, and replace the legacy Custom Attributes feature from earlier versions. Tags allow you to add valuable metadata to every object in your inventory, which makes them searchable and sortable by those tags. How can this be used, you ask? Well I’ll tell you how I use tags.

I use tags to control which backup a virtual machine is a part of, to control the settings that should be applied during the backup, to identify the priority of virtual machines for business continuity and disaster recovery purposes, to define the patch group the virtual machine is in, to identify server roles and installed applications, to create dynamic groups of machines in Turbonomic Operations Manager. One of the guys on my team even built a dynamic list of servers on our SharePoint site that allows us to see at a glance every server in our environment and filter it to find the information we need quickly.

What is a Category?
Categories allow you to group related tags together. When you define a category, you can also specify which object types its tags can be applied to and whether more than one tag in the category …

Read More

Configuration Resources for Windows Server 2016

For the most part, I run a Windows shop. Digging around for some information on the latest Windows Server operating system, Windows Server 2016, I’ve come across some useful information that I thing every administrator/engineer should know. I used all of this information to build my Windows Server 2016 VMware Templates.

Resource 1: What’s New in Windows Server 2016 Link
Windows Server 2016 has been out for a while now, but it’s always good to start with learning about what the development team focused on improving with each new release of Windows Server. This guide outlines the changes made to compute, identity and access, administration, networking, security and assurance, storage, failover clustering and more.

Resource 2: Performance Tuning Guidelines for Windows Server 2016 Link
The guide linked above focuses on performance and tuning for server hardware, server roles, and server subsystems. It dives deep into every setting, and the potential effect that setting has. That deep dive will enable you to make more informed decisions about each settings relevance to your system, workload, performance, and energy usage goals which will help you build an optimized platform for your environment.

Note: Download a PDF of the guide by following the Download

Read More

Veeam Backup & Replication Best Practices eBook

I wanted to share a free resource that has really helped me wrap my head around Veeam Backup & Replication. This eBook, written and maintained by a group of Veeam architects, is easily understandable no matter your level of expertise with Veeam and serves as a great resource outlining how to configure Veeam using best practices in your Veeam backup environment.

The eBook was released in conjunction with Veeam Backup & Replication 9.0 Update 2. It’s been updated and maintained and as of this writing, contains the best practices for Veeam Backup & Replication 9.5 Update 1.

Read the book online, or download it in PDF, ePub or Mobi format by following this link.

If you feel like showing the authors love, or just following them on social media, here they are:

Preben Berg (@poulpreben)
Andreas Neufert (@AndyandtheVMs)
Tom Sightler
Pascal di Marco
Stanislav Simakov (@ssimakov)
Paul Szelesi (@PSzelesi)
Luca Dell’Oca (@dellock6)
Edwin Weijdema (@viperian)…

Read More