System Center Virtual Machine Manager 2016 (SCVMM 2016)
1.1.1 System Center Virtual Machine Manager High Level Design
1.1.2 Hardware Prerequisites
Server | Processor (minimum) | RAM (minimum) | Hard drive (minimum) | Operating system | SQL Database Server | Virtualization | High Availability |
VMM Mgt Server | 8 core Pentium 4, 2GHx (x64) | 4 GB | 4 GB | Server 2016 | – | Supported | Failover Cluster |
Vmm Console | 4 core Pentium 4, 1 GHx (x64) | 4 GB | 10 GB | Win10 Ent
Server 2016 |
– | Supported | – |
SQl Server | 8 core Pentium 4, 2.8GHx | 8 GB | 50 GB | Server 12 R2
Server 2016 |
2012 R2
2014 2016 |
Supported | SQL Always ON |
Library Server | 4 core Pentium 4, 2.8GHz | 2 GB | Based on size/amount of stored files | Server 2016 | – | Supported | File Server Cluster |
1.1.3 Software Prerequisites
Server | .Net | PowerShell | Other Software |
VMM Mgt Server | 4.6 | PowerShell 5.0 | · Windows ADK for Win 10. (Deployment Tools & Windows Preinstallation Environment)
· SQL Server Feature “command-line utilities” 14
|
Vmm Console | 4,5, 4.5.1, 4.5.2, 4.6 | PowerShell 4.0,5.0 | – |
1.1.4 Accounts and Permissions
Create the following accounts in Active Directory
Account Name | Description |
scvmmsvc | VMM Service Account |
scvmmadmin | VMM RunAs account for managing hosts |
sqlsvc | SQL service account |
SCVMMAdmins | VMM Administrators security group |
-
- Add the “scvmmsvc” and “scvmmadmin” account to the “SCVMMAdmins” global group.
- Add the “DOMAIN\SCVMMAdmins” domain global group and the “DOMAIN\scvmmsvc” domain account explicitly to the Local Administrators group on each SCVMM role server.
- register the SPN (VMM Service Account) as a domain administrator before you install VMM
- db_owner permissions for the database (VirtualManagerDB) to the VMM service account.
- VMM installation Account needs Full Control permissions to the VMMDKM container in AD DS with permissions to “this object, and to all descendant objects.”
1.1.5 Additional prerequisites
- Active Directory:
- Creating distributed key management container in AD with Name: VMMDKM, with full permission to VMM installation Account
- SQL Server
- must allow for case-insensitive database objects.
- Limit SQL Memory
- VMware Supported versions
- vCenter 5.1, 5.5, 5.8, 6.0
- ESX 5.5, ESX 6.0
1.1.6 Network and Firewall Ports and Protocols
1.1.6.1 Port and protocol exceptions
Connect | Port/protocol | Details | Configure |
VMM server to VMM agent on Windows Server-based hosts/remote library server | 443:HTTPS | BITS data channel for file transfers
Inbound rule on hosts |
Modify in VMM setup |
VMM server to VMM agent on Windows Server-based hosts/remote library server | 5985:WinRM | Control channel
Inbound rule on hosts |
Modify in VMM setup |
VMM server to VMM agent on Windows Server-based hosts/remote library server | 5986:WinRM | Control channel (SSL)
Inbound rule on hosts |
Can’t modify |
VMM server to VMM guest agent (VM data channel) | 443:HTTPS | BITS data channel for file transfers
Inbound rule on machines running the agent The VMM guest agent is a special version of the VMM agent. It’s is installed on VMs that are part of a service template, and on Linux VMs (with or without a service template). |
Can’t modify |
VMM server to VMM guest agent (VM control channel) | 5985:WinRM | Control channel
Inbound rule on machines running the agent |
Can’t modify |
VMM host to host | 443:HTTPS | BITS data channel for file transfers
Inbound rule on hosts |
Modify in VMM setup |
VMM server to VWware ESXi servers/Web Services | 22:SFTP
Inbound rule on hosts |
Can’t modify | |
VMM server to load balancer | 80:HTTP; 443:HTTPS | Channel used for load balancer management | Modify in load balancer provider |
VMM server to remote SQL Server database | 1433:TDS | SQL Server listener
Inbound rule on SQL Server |
Modify in VMM setup |
VMM server to WSUS update servers | 80/8530:HTTP; 443/8531:HTTPS | Data and control channels
Inbound rule on WSUS server |
Can’t modify from VMM |
VMM library server to Hyper-V hosts | 443:HTTPS | BITS data channel for file transfers
Inbound rule on hosts – 443 |
Modify in VMM setup |
VMM console to VMM | WCF:8100 (HTTP); WCF:8101 (HTTPS); Net.TCP: 8102 | Inbound rule on VMM console machine | Modify in VMM setup |
VMM server to storage management service | WMI | Local call | |
Storage management service to SMI-S provider | CIM-XML | Provider-specific | |
VMM server to Baseboard Management Controller (BMC) | 443: HTTP (SMASH over WS-Management) | Inbound rule on BMC device | Modify on BMC device |
VMM server to Baseboard Management Controller (BMC) | 623: IPMI | Inbound rule on BMC device | Modify on BMC device |
VMM server to Windows PE agent | 8101:WCF; 8103:WCF | 8101 is used for control channel, 8103 is used for time sync | Modify in VMM setup |
VMM server to WDS PXE provider | 8102: WCF | Inbound rule on PXE server | |
VMM server to Hyper-V host in untrusted/perimeter domain | 443:HTTPS (BITS) | BITS data channel for file transfers
Inbound rule on VMM server |
|
Library server to Hyper-V host in untrusted/perimeter domain | 443:HTTPS | BITS data channel for file transfers
Inbound rule on VMM library |
|
VMM server to Windows file server | 80: WinRM; 135: RPC; 139: NetBIOS; 445: SMB (over TCP) | Used by the VMM agent
Inbound rule on file server |
|
VMM server to Windows file server | 443:HTTPS | BITS used for file transfer
Inbound rule on file server |
|
VMM server to Windows file server | 5985/5986:WinRM | Control channel
Inbound rule on file server |
Add a Comment