Best Practice Analyzer for Hyper-V

This blog post brought to you by eighteen year veteran Microsoft Premier Field Engineer David Morgan.

Goal of this Post

Today I’d like to impart to you how you can collect a few of what Microsoft thinks are important best practices around Hyper-V. (Note: You can use these same methods for all the other Best Practice features in the later Windows Server Products.) This post will contain information only specific to Hyper-V. There is a much more detailed and in-depth TechNet article here about the BPAs: Run Best Practices Analyzer Scans and Manage Scan Results. (Note: I also support Failover Cluster and would have included that here, but, the Failover Cluster feature does not have a set of BPAs like the ones this article speaks to (BPAs are only for Roles). The Failover Cluster feature includes a much more robust set of tests and BP recommendations produced by the Failover Cluster Validation tool. The Cluster Validation tool also includes some tests for Hyper-V Clustering.)

Also, I want to make sure everyone is aware of the Microsoft RAP as a Service offering which in a sense are a larger Best Practice definition engagement between Microsoft Premier Field Engineers and customers where deep-dive Best Practice analysis is performed. The main Services page where all of the RAPs are defined is here and the details for Failover Cluster & Hyper-V RAPaaS are here:

If you are interested in requesting a RAP as a Service for eligible Microsoft products, please see your Technical Account manager (TAM).

Best Practice Analyzers (BPAs)

BPAs first came on the scene with the release of Windows Server 2008 R2. In this post I’m only going to be demonstrating Windows Server 2012 and 2012 R2 BPAs and how to generate a Best Practice list using PowerShell. If you wish to investigate the original BPA version released with 2008 R2 please start here. And, yes, the BPAs exist in the 2016 editions of Windows Server.

BPA GUI outputs are found on the Dashboard page of the Server Manager interface and will show BPA results for any role; for any server listed in the Local Server or All Servers groups in the left Navigation column. These GUI reported BPA notifications are useful but they don’t list all the possible tests the BPA can perform tests for.

There are no master lists of BPA tests for Microsoft Windows Server roles. Also note that not all roles have BPAs. It’s also important to remember that over time as BPA related binaries are updated over the lifetimes of the products, new tests will be added and some older ones may be retired; so repeating the processes below at set intervals is probably wise so as to maintain the latest and greatest BP lists. Finally, these methods will not work unless the BPA model components are installed for a role; a role has to be installed for the BPAs to provide test descriptions and results. Were one to want a reference list of BPAs one could certainly take a temporary server, say a virtual machine, and install all the roles of interest and then use the detail below in a loop to output all the desired BPA lists.

So, let’s generate a Hyper-V BPA list.

Here are the basic steps:

  • Install the Role                Install-WindowsFeature
  • Get the BPA model IDs for the Role    Get-BPAModel
  • Run the BPA                    Invoke-BPAModel
  • Review the results                Get-BPAResults

Here are the steps in detail:

  • Install the role you wish to find BPA test details for:
    • For Windows Server Use:
      • GUI Server Manager Add Roles and Features or
      • PowerShell’s Install-WindowsFeature <role> cmdlet
  • At this point it would also be a good idea to:
    • Install any role Updates and
    • Execute Update-Help to make sure you have the latest PowerShell related files
  • To be able to identify the correct BPAs you’ll need the BPA model ID:
    • Use PowerShell’s Get-BPAModel -ModelID command

And here are the PowerShell commands to do the work:

(Note: One can copy/paste from #region thru #endregion into the Powershell ISE window, press F5, and execute all the commands below at once to produce the output file.)

#region

# First we need to know the Model ID for Hyper-V, (it’s “Microsoft/Windows/Hyper-V”)

# Let’s get it and store it in a variable.
$HyperV = (Get-BpaModel *hyper-v*).id

# Next we need to run the BPA scan.
Invoke-BpaModel $HyperV

# Once the scan is finished we get the results and export it to a CSV list of BPAs.

# The last two lines just remove some text and delete a temp file.
Get-BpaResult -ModelId $HyperV select-object Severity, Title export-csv “c:\Hyper-V-BPA-1.csv”
Get-Content “c:\Hyper-V-BPA-1.csv” Select-Object  -skip 1 out-file “c:\Hyper-V-BPA.csv”
Remove-Item “c:\Hyper-V-BPA-1.csv”

#endregion

An example of the Hyper-V-BPA.csv output: (The full output here was 66 individual test and Best Practice recommendations.)

Information    Domain membership is recommended for servers running Hyper-V

Information    Enable all integration services in virtual machines

Information    Compression is recommended for replication traffic

Warning    The WFP virtual switch extension should be enabled if required by third party extensions

Error        Use RAM that provides error correction

Conclusion:

I’ve always like to tell my customers that their server is exactly that, “their server”, and given that, they are welcome to configure it any way they wish. But one should remember that some ways, although they might be made to work, induce risk into an equation, whereas following best practices found over time by numerous product engineers and other customer experiences (not to dismiss the knowledge of those who designed a product to function a certain way) is generally; a “best practice” J.

So take this opportunity to use the BPA lists for educational purposes, compiling IT policies for your department, or any other productive way you can think of. They cost nothing extra, are free and included in the product; and most of all they can save some serious cash on occasion by preventing configuration mistakes.

Till next time……………