Wednesday, May 17, 2017

This week in the Lab

 on  with No comments 
In , ,  
The past couple weeks, I haven't been to productive in my studies, so I'm going to recap the few things that I've done so that I can reference it later. Everything here relates to the MCSA 2016 upgrade. 

I haven't done much reading at all, especially compared to my previous output.  But what I have been reading, slowly, is Mastering Hyper-V 2012 R2 with System Center and Windows Azure by John Savill on Books 24x7.  Hyper-V and the Cloud (ie: Azure) seem to be a big topic on the current exam topics, so I'm reviewing everything that I haven't touched much since doing the MCSA 2012 upgrade exam.  Thankfully I'm not seeing anything that feels completely new, just stuff here and there that I definitely need to knock the rust off on.  I've also started on Software Defined Networks: A Comprehensive Approach by Göransson, Black and Culver.  SDN was talked about heavily in the Introducing Windows Server 2016 book, so I figured I had better get the fundamentals down now.  Books 24x7 also has Mastering Windows Server 2016 Hyper-V, also by John Savill, which I'll start on once I finish the two titles I'm currently working through.

In the basement, I rebuilt both of my Hyper-V servers to Server 2016 Data Center, and put another physical disk in my domain controller and shared it out via iSCSI.  Then over the next few days, I built a Hyper-V Failover cluster with those two hosts and the iSCSI storage.  Rather than follow a step by step guide, I instead did it all from memory and a whole lot of trial and error, only consulting a book or TechNet when I was completely stuck.  Hence it taking a few days rather than a few hours.  But the cluster is up and running.

The first high availability VM that I built was a new IPAM server running on Server 2016.  The nice thing here is, when you use 2016 Data Center edition, you can build an unlimited number of Server 2012r2 and 2016 VMs on those hosts, you just use the AVMA keys to activate them and those VMs will run just fine on any host with 2012r2 or 2016 Data Center.  I started out with an IPAM server because I'm past the point of outgrowing the spreadsheet I use to track everything, especially now that I've started moving to IPv6 in the lab.

Next up, I need to take care of that 2012r2 domain controller so I can raise my DFL/FFL to 2016 before I start running into things that require that.

And for 70-417 study guides, there's the MS Press book, and the Sybex book.  Does anyone have a preference?  With everything else that I have read/am going to read, I don't imagine there being a need to buy both. I just want something comprehensive that goes over all the topics to gauge where I'm at as I get towards the end of this journey.

MCSA Study Progress by Topic:

Install and configure servers - I've installed and configured hundreds of servers on all editions of Windows, both in the lab and on the job.  I need to work with Storage Spaces some more, but overall I'm good here.
Configure server roles and features - Haven't done much with non-domain joined servers, but I'm good here as well.
Configure Hyper-V - I've done a lot of work here, especially recently and I've been trying to pay careful attention to what's new in 2016 as I go along.  But overall, I'm good here.
Install and administer Active Directory - Need to work on IFM and AD IaaS from Azure.
Deploy, manage, and maintain servers - My old nemesis from the 2008 and 2012 exams.  Data Collector Sets, monitoring, perfmon, and all that.  Need a lot of work here.
Configure network services and access - DirectAccess, something I want to setup for practical purposes.  Implementing DirectAccess with Windows Server 2016 is on Books 24x7 and I'll follow along in the lab while reading that.
Configure a network policy server infrastructure - a lot of fun stuff here, and I need to put in some time on all of it.
Configure and manage Active Directory - A lot of newer advanced features of AD.  I need to put in some time on most of it.
Configure and manage Group Policy - Looks like there's not really anything new here and it will focus on topics that have been around in previous versions of Windows.  Just need to knock off the rust here.
Configure and manage high availability - A lot that I've already suffered through with my Hyper-V cluster.  Need to continue practicing.
Configure file and storage solutions -  Looks to be all recent additions to windows and stuff I haven't seen before.
Configure business continuity and disaster recovery - I need to hit the Azure stuff, but it's just more Hyper-V topics for the most part.
Configure network services - IPAM.  Labbing this now.
Configure access and information protection solutions - ADFS.  This is the stuff that I've always avoided getting too deep into because I never had the capacity to really implement it in the lab.  I do now, so I'll be spending time on it. The servers are being provisioned now that the Hyper-V cluster is up. Related topics such as AD RMS will be worked on too even though they're not specifically mentioned in the topics.

Wednesday, May 3, 2017

Moving to IPv6 in the Lab

 on  with No comments 
In ,  
IPv6 is one of those technologies that I've been wanting to dig into further.  I know enough that I can get through the certification exam of the day with a little book time to refresh, but I don't know it well enough.  It's not something I've been avoiding, just something that I've kept putting off because something was more pressing, more interesting, or potentially more useful.  So there's no time like the present. Let's get started.

I began by reconfiguring the network to better align with all the blog posts and docs that I've read to date.  I originally had the 3750 doing the intraVLAN routing, but I decided to simplify and push everything out to the 2821 at the edge for now.  So the 2821 and 3750 are doing router on a stick.  There are 2 VLANs I'll be using (10 and 20 for now, additional VLANs are there but not IPv6 enabled yet), so the /60 Comcast is currently handing out that can be broken down into 16 /64's will suffice.  I think a lot of areas are getting more than a /60, but it's more than enough for now.

On the 2821, we'll start by enabling ipv6 routing.  Naturally, the commands are a bit different here and there.

ipv6 unicast-routing
ipv6 cef

Then on the outside interface, we'll pull our /60.  If your ISP is handing out bigger chunks, adjust your hint accordingly.

interface GigabitEthernet0/1
 ipv6 enable
 ipv6 address autoconfig default
 ipv6 dhcp client pd hint ::/60
 ipv6 dhcp client pd COMCAST

First we enable ipv6 on the interface and then pull a /60 and put it into a pool called COMCAST.  In a lot of other docs online, I see the addition of "ipv6 address dhcp" added on the outside interface as well.  But my router/IOS combination wouldn't take that command and it's working fine without it, so keep this in the back of your mind.

Next, we'll go onto the inside interfaces.  We'll set up the IPv6 addresses and have a little ROAS review here too.

interface GigabitEthernet0/0
 no ip address
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ipv6 address COMCAST ::1/64
 ipv6 dhcp server COMCASTPOOL
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ipv6 address COMCAST ::2:0:0:0:1/64
 ipv6 dhcp server COMCASTPOOL

What we've done here is put the first /64 from the COMCAST pool onto VLAN 10, and the second /64 onto VLAN 20.  The next line on the interface sets up the dhcp options for the two VLANS.  The only options that I've currently configured are the DNS servers.  I'm actually using my own Domain Controllers (which is what you should use if you have them), but for here I'll put in Google's.  There's some timers that may need tweaked in regards to neighbor discovery, but that's a little beyond my understanding at this point.  I'll get into that at a later date.

ipv6 dhcp pool COMCASTPOOL
 dns-server 2001:4860:4860::8888
 dns-server 2001:4860:4860::8844

So now we have full IPv6 connectivity on just about everything in the lab (for some reason, none of my Virtualbox guests can ping past their own Ethernet NIC, but that's a topic for another day).  I've disabled IPv4 completely on a test machine (Server 2008 Enterprise) and loaded up Yahoo.

So far so good.  We've got connectivity.  The NIC settings are shown to demonstrate that IPv4 is indeed disabled.

What's next?  I would like to move intraVLAN routing back down to the 3750 and have a single routed link between it and the 2821. Then I want to move the DHCPv6 functionality for each VLAN down to the domain controllers so I can manage all the IPv6 bits with Windows IPAM as I do now with the IPv4 bits.  And finally, I need to update the IOS on my 3750 to an image that supports IPv6, among other shortcomings I'm currently hampered by.

But first things first, I'm going to move my Hyper-V servers from Server 2012r2 to 2016 and finally get them into a failover cluster.  Between that and getting some shared storage together for the cluster should get me through a good section of the MCSA 2016 topics.