[Team or Group], [DEPARTMENT]
[Company, Institution or Organization] /
Page 7 of 7
ConfidentialP&V Server Build Guideline
This text is to be used and followed when building a new physical or virtual server running Microsoft Windows Operating System or ESX. The intended audience is only for [Define your scope here] personnel.
Please follow the guidelines in this document when building a new Physical Windows server or ESX host, deploying a new VM, or creating a new Virtual Template – VT. Check the box next to type of machine you are creating.For every step that is completed for the new host or VM, please tick the box in the last column. Once done, please fill out your information and have your manager or supervisor sign the document. / Virtual Machine
Virtual Template
Windows Physical Server
ESX Server
Physical Server Configurations (Windows)
Item No. / Description of Task / Done1 / Minimum Disk Configuration shall be disk mirroring (RAID 1). Backups will be STILL NEEDED even with disk mirror engaged.
2 / Run at least 2 CAT5e/6 cables for NIC teaming
3 / Run at least 2 power cables for dual power redundancy to the system.
4 / Use proper cable management mounting kit and run all cables neatly
5 / Connect failure indicator probe at the back of cable management
6 / Connect IP-KVM USB/PS2 dongle and register the machine name on the KVM switch via LCD. Update your local IP-KVM client database.
7 / Make sure Memory Mirroring or Redundant Memory option is disabled in BIOS
8 / Label all network cables and any fiber cables using the scheme defined in OS configuration for NICs (i.e. TeamMember#1). Cabling should be done counter clockwise on the back of the servers.
9 / Disable DRAC if IP-KVM is connected
10 / Enter the server on the Front Panel LCD if not available place a label on the front.
Physical Server Configurations (ESX)
Item No. / Description of Task / Done1 / Follow all the steps above as described in Physical Server Configurations (Windows)
2 / Make sure all Hardware Virtualization features are turned on in BIOS as per KB1003212, http://kb.vmware.com/kb/1003212 (VT, XD)
3 / Add FC or iSCSI HBAs as required
4 / Check hardware compatibility against HCL at www.vmware.com/go/hcl
5 / Disable onboard NICs and install quad ports PCI based NICs.
Operating System Installation (Windows – Physical)
Item No. / Description of Task / Done1 / Partition the RAID enabled virtual disk into at least 2 logical disks one for installing OS and other for applications and Application Data.
2 / Use C: for OS binaries and D: for application data. Name the volumes as follows, C: - Local System, D: - Local Data
3 / Apply all missing Windows Updates and Service Packs
4 / Use the Dell System Build CD to install Open Manage software and update drivers
5 / Connect the machine to domain (domain.com)
6 / Install BackupExec Remote agent & schedule a backup according to appropriate backup template(s) in BackupExec.
7 / Choose Best Performance for Visual Effects and Background Services for better performance of the system unless different options are required the application that will be installed on the system.
8 / Turn off Shutdown Event Tracker
9 / Increase the paging file size by 1.5 times of physical RAM and move it to a different drive (preferably different spindle).
10 / Turn off Internet Explorer Enhanced Security Configuration for Administrators
11 / Configure at least two NICs team in Active/Active or Active/Standby mode depending on switch topology. Name the team NIC Team#1 and team members TeamMember#1, TeamMember#2 depending on number of NICs present. For servers with more than one NIC team, teams should be numbered according to the scheme defined above. If more than 2 NICs use beacon probing for Network failure detection.
12 / Install MacAfee Anti-virus using required AV template
13 / Change Local Administrator password to ‘AskYourManager’
14 / Add the computer name in AD to correct WSUS group depending on it’s update schedule
15 / Enter the server information in Server Inventory System.
16 / Enable Remote Desktop
Operating System Installation (Windows – Virtual Template)
Item No. / Description of Task / Done1 / Create a new virtual machine and name it vt-w2k[version]-[edition]-[service pack]-[C: space]. Use GPT if more than 2TB is required on the disks.
2 / Assign the minimum system requirements in terms of RAM, CPU, and disk space.
3 / Align the disk with 512 KB offsets using diskpart. Follow the this KB article, http://support.microsoft.com/kb/929491
4 / Install appropriate OS
5 / Follow steps 2 (DO NOT create D: drive), 3, 7-10, 13, 16 as described above in Operating System Installation (Windows – Physical)
6 / Release/Remove any IP address(s) using ipconfig /release and connect vNIC(s) to port group that is not routable
7 / Follow appropriate Windows guides below in OS Optimization & Performance Tuning (Windows)
8 / Disconnect any mounted ISOs
Install VMware Tools (Complete with all features). Use host to synchronize Windows time. Set VMware Descheduled Time Accounting service to start automatically and start this service. Disable Windows Time service
9 / Convert VM to template
Operating System Installation (Windows – Virtual Machine)
Use an existing template to deploy a new VM unless a new configuration is required
Item No. / Description of Task / Done1 / Deploy a VM from template to cluster A initially for production server. All tests, dev, and staging VMs should be deployed cluster B. VMs for website should be deployed in Web cluster. All tests machine used by individuals should be placed in Lab & Test Machines folder in VC.
2 / Customize OS using one of the customization specification from the list
3 / If adding additional disks follow step 3 above in Operating System Installation (Windows – Virtual Template) for each new disk
4 / Assign appropriate VM Network and an IP address from the subnet. Use x.x.x.x and x.x.x.x for DNS servers and x.x.x.1 as default gateway depending on subnet.
5 / Follow steps 3, 5 and 6 (only if VM will not be backed up by vRanger Pro), 12, 14,15 above in Operating System Installation (Windows – Physical)
6 / Schedule Backup using backup software if required
7 / Allow appropriate users to manage new VM remotely via RDP and VIC by assigning them appropriate permissions in VM and vCenter.
8 / For additional disks, make sure to rename second disk incrementally inside VM folder.
9 / Upgrade VM Tools if vCenter reports them to be out of date
OS Optimization & Performance Tuning (Windows)
After you are finished installing the OS, follow these steps to optimize performance by disabling unnecessary features and services depending on the version of OS.
Windows Server 2008 (x86 & 64-bit) – All Versions (Physical & VT)
Item No. / Description of Task / DoneTurn off features
1 / Turn off hibernation by issuing the following command in command prompt:
powercfg -h off
2 / Turn off Problem Reports and Solutions (Windows Error Reporting)
3 / Turn off IPv6
4 / Turn off UAC
5 / Install Remote Administration Tools as required
Disable Services: Turn off following services unless they are required the by application(s) that will be installed on the system.
1 / IP Helper
2 / Base Filtering Engine (BFE): Depends on following services
- IPSec Policy Agent
- Windows Firewall
- IKE and AuthIP IPSec Keying Modules
3 / Distributed Link Tracking Client
4 / Human Interface Device Access
5 / Print Spooler
6 / Remote Registry
7 / Windows Error Reporting Service
8 / TPM Base Services
Windows Server 2003 (x86 & 64-bit) – All Versions (Physical & VT)
Item No. / Description of Task / DoneCopy Source Binaries & Tools
1 / Copy the content of i386 folder from CD to D:\i386 folder.
2 / Install Windows Support Tools
3 / Install Windows Resource Kit
Disable Services: Turn off following services unless they are required by application(s) that will be installed on the system.
1 / Distributed Link Tracking Client
2 / Error Reporting Service
3 / Performance Logs and Alerts
4 / Remote Registry
Operating System Installation (ESX)
ESX 4.0 (64-bit x86 only)
Item No. / Description of Task / Done1 / Gather following information prior to installation:
- Static IP address for management
- Host Name
- Domain Name if any
- DNS servers if any
- NTP servers if nay
- Names & IP addresses of other Hosts if joining a cluster
- Virtual Center name and IP address
- vRanger Pro server name and IP address if in use
- ESX serial key
- root Password
2 / Use following Disk Partitioning recommendations. Give service console partition maximum recommended size.
NOTE: Service Console's partitions are stored in a .vmdk file, esxconsole.vmdk.
Mount Point / Partition Type / Size
none / swap / 1600 MB
/ / ext3 / 10 GB
/home / ext3 / 2 GB
/tmp / ext3 / 3 GB
/var / ext3 / 4 GB
/usr / ext3 / 3 GB
/vmimages / ext3 / 512 MB
/opt / ext3 / 2 GB
- Don’t check “configure but loader automatically…” option
- Don’t place GRUB on MBR
3 / If installing on Dell server, download and use the latest Dell System Installation CD to install OS and update drivers (requires Systems Update Utility disks).
4 / Change root password to ‘AskYourManager’
5 / Allow root to connect to console:
Change PermitRootLogon to Yes in /etc/ssh/sshd_config file
Restart sshd by entering service sshd restart
6 / Add all the hosts’ and machines’ FQDNs and IP addresses that will communicate to this host to the host file.
7 / After installing and configuring host, connect to host using VIC
8 / Apply necessary patches and driver updates to the host.
9 / Install other software such as Open Manage or Cisco Nexus 1000v
10 / Activate licensed features
11 / Add appropriate Networking (vSwitches, vdSwitches, port groups, service console etc.). Configure load balancing on teams as follows:
- When connecting pNetworks to non-clustered switches: Choose Load balancing type to Route based on the original virtual port id, Choose Network Failover detection to be Beacon probing (only when 3 or more physical networks are present), Notify Switches, and Failback. Use all active adapters.
- When connecting pNetworks to clustered switches: All same as previously except use Route based on ip hash for load balancing type.
12 / Modify ESX firewall to allow certain services such vRanger, SCOM, and others as appropriate.
Incoming: SSH Server, SNMP Server, CIM Secure Server, CIM Server, CIM SLIP
Outgoing: SSH client SNMP Server, VMware vCenter Agent, VMware Update Manager, VMware Consolidated Backup, CIM SLIP, Software iSCSI Client, SMB Client, NTP Client, NFS Client,
13 / Give maximum (800 MB) recommended RAM to service console if using backup agents. Read this article for more information, http://kb.vmware.com/kb/1003501
14 / Add storage using either FC or iSCSI HBAs or software iSCSI as appropriate. Format LUNs as VMFS3
15 / Enable and configure NTP client to use ntp.metmusum.org and tick.usno.navy.mil
16 / Configure DNS and Routing in VIC
17 / Add the host to appropriate cluster and apply cluster policies
18 / Test Vmotion, HA, DRS and other enterprise features
19 / Enter host information in SMAC
Machine FQDN
Type (Physical/Virtual)
Engineer
Date Completed
Requester
Manager’s Signature / Initials
------
[Team or Group], [DEPARTMENT]
[Company or Organization]