LOGICAL SWITCH
Earlier in this chapter, we created a virtual switch, and as part of that configuration
options were available as well as the ability to enable certain extensions. Although it is
possible to perform a manual configuration on a server-by-server basis, this can lead
to inconsistencies and inhibits automatic deployment of new Hyper-V hosts. SCVMM
has the logical switch component, which acts as the container for all virtual switch
settings and ensures a consistent deployment across all servers using the logical
switch. The automatic configuration using the logical switch is not only useful at
deployment, but SCVMM will continue to track the configuration of the host
compared to the logical switch, and if the configuration deviates from that of the
logical switch, this deviation will be flagged as noncompliant, and that can then be
resolved. This may be important in terms of ensuring compliance enforcement in an
environment. If the logical switch is updated (for example, a new extension is added),
all the Hyper-V hosts using it will automatically be updated.
Logical switches use port profiles, which are another SCVMM architectural construct
that has two types: virtual port profiles and uplink port profiles.
A virtual port profile enables settings to be configured that will be applied to virtual
network adapters attached to virtual machines or created on the management host OS
itself. This can include offload settings such as the settings for VMQ, IPsec task
offloading, and SR-IOV, and security settings such as those for DHCP Guard. It can
also include configurations that may not be considered security related, such as guest
teaming and QoS settings such as minimum and maximum bandwidth. Built-in virtual
port profiles are provided in SCVMM for common network adapter uses, many of
which are aimed at virtual network adapters used in the host OS. Figure 3.15 shows
the inbox virtual port profiles in addition to the Security Settings page. Once a virtual
port profile is used within a logical switch and the logical switch is deployed to a host,
if the virtual port profile configuration is changed, the hosts will be flagged as
noncompliant because their configuration no longer matches that of the virtual port
profile. The administrator can easily remediate the servers to apply the updated
configuration.