• A
    Adam Gordon

    Dennis,

    I hope all is well. If you go to the OVERVIEW episode, which is the very first one at the top of the listing for the show, and look to the right, you will see "EPISODE FILES". That will allow you to download a .zip file with all of the notes and supporting materials.

    0_1544532204697_VMWARE SHOW NOTES.PNG

    Please let me know if you have any other questions as you go through the show.

    Cheers,

    Adam

    posted in General Discussion read more
  • A
    Adam Gordon

    Adam,

    I hope all is well. Great topic, question is actually not a bad one, although, as you have figured out based on your research, it is not as clear and concise as it could be.

    Let's start with the correct answer, which is technically "B" based on what you have noted above. Your commentary for each of the 5 answers is correct as well,

    As you have surmised, while "B" is the correct answer, it does have a pre-requisite requirement that is not addressed as part of the answer, the DNS SUFFIX. Specifically, you need to ensure that each node to be joined to the cluster has a primary DNS suffix.

    As that is not the case based on the specified information in the question setup, and is not asked about, or addressed as a step in the flow of the question, the only logical assumption would be that you would fix that first, and then execute the New-Cluster cmdlet in answer "B".

    The cluster network name (also known as the administrative access point) is specified in one of three configurations with the New-Cluster -AdministrativeAccessPoint parameter, as noted below:

    -AdministrativeAccessPoint
    Specifies the type of administrative access point that the cmdlet creates for the cluster. The acceptable values for this parameter are:

    ActiveDirectoryAndDns. The cmdlet creates an administrative access point for the cluster. The administrative access point is registered in DNS and enabled in Active Directory Domain Services.

    Dns. The cmdlet creates an administrative access point for the cluster. The administrative access point is registered in DNS but is not enabled in Active Directory Domain Services.

    None. The cmdlet does not create an administrative access point for the cluster. Some clustered roles and functionality might not be available for a cluster that does not have an administrative access point. Also, you cannot use Failover Cluster Manager to manage a cluster that does not have an administrative access point.

    On balance, as I suggested, not a bad question, but not clear, and well thought out.

    Hope that helps.

    Cheers,

    Adam

    posted in Microsoft read more
  • A
    Adam Gordon

    Adam,

    Glad that the info was helpful. Traffic can be passed via HTTP or HTTPS between the WAP and the backend, so it would not be a requirement depending on how things are setup.

    If you want to take a look at some different scenarios and a good overview of the process and supporting elements, take a look at the following (still appropriate even through it is for 2012R2):

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn383650(v=ws.11)

    Cheers,

    Adam

    posted in Microsoft read more
  • A
    Adam Gordon

    Adam,

    I hope all is well. Take a look at the following:

    https://blogs.msdn.microsoft.com/clustering/2015/06/03/virtual-machine-compute-resiliency-in-windows-server-2016/

    Down towards the bottom is the grid that explains the settings, as you have already noted above in your question. The real trick with these settings is to understand the context that will surround the move to an isolated state in the real world when the cluster is experiencing transient failure scenarios. Known reasons are defined as:

    Node disconnected: The cluster service attempts to connect to all active nodes. The disconnected (Isolated) node cannot talk to any node in an active cluster membership.

    Cluster Service crash: The Cluster Service on a node is down. The node is not communicating with any other node.

    Asymmetric disconnect: The Cluster Service is attempting to connect to all active nodes. The isolated node can talk to at least one node in active cluster membership.

    So basically what we have is a situation where if you leave the default setting of 2, then you are setting a broad net that will trigger for ANY reason, known or not.

    If on the other hand, you change the setting to 1, you are casting a constrained, and narrowly defined net that will trigger ONLY IF a known condition is occurring.

    Hope that helps to clarify.

    Cheers,

    Adam

    posted in Microsoft read more
  • A
    Adam Gordon

    Will,

    I hope all is well. Slight correction for the Cloud Design Patterns spreadsheet you see in the show. It became too much work to create the spreadsheet for all of the design patterns, so instead, I have provided something even better for you. If you download the complete show notes bundle from the overview episode landing page, in the zip file there is a pdf that has the entire cloud design pattern library, and will give you everything that you will want to know, and a lot of additional stuff as well.

    Please take a look, and let me know if you have any trouble finding the pdf. If you have any additional questions as you go through the rest of the show. My direct e-mail is here:

    adam@itpro.tv

    Cheers,

    Adam

    posted in Microsoft read more
  • A
    Adam Gordon

    All,
    Excited to be able to get started on CASP-003 early in January of 2019 !!! Looking forward to updating the content for all of our members.

    If you have any questions in the mean time, please feel free to e-mail me to discuss:

    adam@itpro.tv

    :)

    posted in CompTIA read more
  • A
    Adam Gordon

    Adam,

    I hope all is well. Seemingly a bad question, in the sense of how the answers provided are written, as the middle option for the second configuration element is HTTP... not HTTPS, which would not be technically correct given the information from the screen capture above.

    The correct answer should be HTTPS... as you have identified in your question.

    Having said that, just a little bit of real world info that may come in handy for questions like this going forward if you get any more, and have to wrangle the correct path/naming statements:

    There is a quirky little issue with the web application proxy that you need to be aware of, which is as follows:

    Web Application Proxy can translate host names in URLs, but cannot translate path names.

    Therefore, you can enter different host names, but you must enter the same path name.

    For example, you can enter an external URL of https://apps.itpro.tv/app1/ and a backend server URL of https://app-server/app1/.

    However, you cannot enter an external URL of https://apps.itpro.tv/app1/ and a backend server URL of https://apps.itpro.tv/internal-app1/.

    Hope that helps.

    Cheers !!,

    Adam ( the other Adam)

    posted in Microsoft read more
  • A
    Adam Gordon

    Adam,

    I hope all is well. Yes and No.

    Let me clarify for you. The Add-VMNetworkAdapterAcl cmdlet is used to create an ACL to apply to the traffic through a virtual machine network adapter. When a virtual network adapter is created there is no ACL on it. Given a list of IP-based ACL entries to be applied to traffic in the same direction, the longest match rule decides which one of the entries is most appropriate to apply to a specific packet.

    The Add-VMNetworkAdapterExtendedAcl cmdlet is used to create an extended access control list (ACL) for a virtual network adapter. The ACL allows or denies access to a virtual machine network adapter for network packets based on source IP address, destination IP address, protocol, source port, and destination port.

    Both do slightly different things, but are both focused on the Virtual Adapter targeted. This may or may not result in the restriction of access to/from a VM per se, as it would depend on the number of virtual adapters available in the VM and whether or not an ACL or Extended ACL had been applied to all.

    Cheers !!

    Adam

    posted in Microsoft read more
  • A
    Adam Gordon

    Adam,

    I hope all is well. Answer 'B' would be way to go here.

    In terms of whether using Vendor Class to get this done in the real world would also work, that is an interesting approach. The initial answer is "not on the surface", as Vendor Class is designed to ensure that vendor-specific scope options are delivered to just the vendor's devices. The specifics can be read if you look up RFC 2132 https://tools.ietf.org/html/rfc2132

    A good example of what Vendor Class could be extended to be used for via PowerShell is here:

    https://blogs.technet.microsoft.com/poshchap/2015/12/18/use-powershell-to-add-a-vendor-specific-class-to-windows-dhcp/

    However, never accept the initial answer, as it is often not the final answer. In this case the answer is that it actually can be as part of a larger DHCP thought process that starts to be available in Server 2012, which is the use of DHCP Policies, sometimes called Policy based IP address and option assignment or just Policy Based Assignment (PBA) for short. Read about it here:

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn425039(v%3Dws.11)

    Hope that helps

    Cheers,

    Adam

    posted in Microsoft read more
  • A
    Adam Gordon

    Adam,

    One of my MOST FAVORITE topics, and at times a tad confusing... First things first, a quick and simple answer, and then a link to help you get it all sorted out if you want to build it and test it out.

    Short answer is that Switch Embedded Teaming (SET) is used to enable the use of RDMA from the VMs to the Host via the Hyper-V switch. New feature capability for Server 2016, which is why we are able to move away from the need for separate physical NICs as in prior versions.

    Check out the following for a GREAT step by step breakdown of how to walk through building out a sample environment if you wan to, or great just to see the steps and understand what is happening when and why:

    https://www.tech-coffee.net/how-to-deploy-a-converged-network-with-windows-server-2016/

    Keep in mind the following:

    With a SET configuration, the physical NICs in the host are effectively uplinks for the virtual switch.

    A SET configuration also provides the ability for RDMA to be converged. This means that we can:

    1. Deploy two RDMA enabled NICs (rNICs) on the host and enable DCB on them, which is recommended
    2. Converge the two rNICs using a SET switch
    3. Connect virtual machines to the SET switch
    4. Create virtual NICs in the management O/S that are connected to the SET switch and assign QoS rules to them
    5. Enable RDMA on some of the management O/S virtual NICs

    Some of those virtual NICs might be for SMB 3.0 traffic that can now leverage SMB Direct and take advantage of storage, Live Migration, and redirected I/O communication that has a lower latency and impact on the host CPU and virtual machine services.

    For a good general overview of RDMA and SET, in Server 2016, take a look at the following:

    https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v-virtual-switch/rdma-and-switch-embedded-teaming

    Let me know if you have any questions once you take a look.

    Cheers,

    Adam

    posted in Microsoft read more