its vulnerability level would be very low. However, I don’t advocate having no
malware protection. Instead, I recommend running a supported malware solution
with the exclusions just mentioned.
Ensure that you have a patching strategy in place, but also remember that a reboot
will bring down all virtual machines unless they are live-migrated to another
server prior to reboot. Patching options range from using Microsoft Update to
using Windows Server Update Services or System Center Configuration Manager,
which both include a local patch repository of approved patches that can be
deployed in a controlled manner, even adhering to configured maintenance
windows. When you’re using clusters of Hyper-V hosts, there are built-in
capabilities (which are discussed in Chapter 7) that allow an entire cluster to be
patched with a single click without any virtual machine downtime. The important
point is to have a patching strategy that will be adhered to and that ensures that
patches are tested prior to implementation in production.
As workloads are running in virtual machines on the Hyper-V host, it is important
that they are backed up. This backup may be performed at the Hyper-V host level
or potentially from within the virtual machine. The decision will depend on the
workload being protected and the desired granularity of restoration. This decision
is discussed later in the book, but it’s important that a backup solution is running.
Virtualization is moving many operating system instances on to a reduced number
of physical hosts, which means that it’s critical that those physical boxes are
healthy and available. Monitoring is a critical element to ensure that you have
insight into the environment. Monitoring should be in place for all of the various
critical components, such as the physical server, operating system, networking,
storage, and services within virtual machines. Additionally, a monitoring solution
that proactively notifies you of problems and nonoptimal configurations is
preferred over a solution that just notifies you after something has failed. Users
will notify you of failures for free.IMPORTANCE OF A PRODUCTION-EQUIVALENT TEST
ENVIRONMENT
A Hyper-V solution has many moving parts, including the servers, operating
system, additional management components, drivers for hardware (such as Fibre
Channel cards and network cards), firmware on servers and cards, and software
versions on other components, such as storage area networks. It’s important to
test any changes you want to make to your production Hyper-V environment
before you make them. That requires a testing/development environment that
accurately reflects the production environment; otherwise, you will not have the
required assurance that when you implement a change in production, it will be
successful and not cause problems. This means that you need to have servers with