Why & What


When I started my journey in IT and before I could easily spin up an environment for myself to test and tinker, I always wanted to see a side by side demonstration (preferrably video) of different products before choosing one over the other. There are many blogs and videos that only cover one product but few, if any, that actually do a side by side demo!

So In this post I’ll do exactly that: a side-by-side video demo for ESXi and Proxmox. Don’t worry I will cover Hyper-V installation and setup as well but in separate videos, and you’ll see why! Keep in mind that managing a Hyper-V server is much easier in an Active Directory domain environment.

We can also manage Hyper-V from a remote PowerShell terminal (Linux & Windows) however I will use a Windows 10 virtual machine with Hyper-V management tools to administer the hypervisor. Windows Admin Centre is another option but that also requires at least a Windows 10 machine.

Only one video has been editted to remove sensitive info. This is 100% me, making mistakes and troubleshooting embarrasing issues (things that only come up during presentations!) as I go along.


Before we get to the videos, let's run through the steps:


The existing Proxmox/KVM environment is used to host the demo installations - HINT: nested virtualization

  1. Create three virtual machines with identical CPU and memory specs.

  2. Set a specific machine type for Hyper-V: qm set <VMID. -machine pc-i440fx-2.11

  3. Add secondary disk to all for storage

  4. Change boot to UEFI mode (not necessary but I do and recommend)

  5. Install each hypervisor

  6. Reboot and connect to each nested hypervisor

  7. Configure storage for virtual machines

  8. Create and run virtual machines from nested hypervisors


Additional Hyper-V Configurations:


Reference: Remotely Manage Hyper-V Hosts with Hyper-V Manager

Server

Hyper-V Server 2019 is a completely free offering from Microsoft and can be downloaded HERE

  1. Set a computer/host name (hyperv) and allow remote desktop connections via SCONFIG utility

  2. Create a firewall rule to allow anything from core and admin VLANs (Windows PC is on admin VLAN). You will notice that I struggle to remember the cmdlet but Get-Command comes to the rescue!

  3. Enable-PSRemoting to allow PowerShell remote commands, explained HERE

  4. Enable-WSManCredSSP -Role Server this will allow the Hyper-V server to accepts remote authentication, explained HERE

  5. Make sure WinRM service is running: Get-Service winrm

  6. Restart hypervisor (mainly for the new hostname to take affect)

  7. Remote desktop to server and create partitions and file system on secondary drive. This can be achieved by RSAT tools (server manager) however it requires more configuration.

Client (Windows 10)

  1. Run PowerShell as administrator

  2. Start WinRM service: Start-Service winrm

  3. Set-Item WSMan:\localhost\Client\TrustedHosts -Value "FDQN-of-Your-Server"

  4. Optionally check DNS resolution, ping and RDP from client

  5. Enable-WSManCredSSP -Role Client -DelegateComputer "FDQN-of-Your-Server" this will allow Windows 10 to send credentials to remote server.

  6. Edit local group policy to allow delegating credentials and run gpupdate /force to apply

  7. Create a remote PowerShell session to hypervisor: Enter-PSSession -ComputerName fqdn-of-server -Credentials (Get-Credentials)

  8. Install Hyper-V Management tools and optionally RSAT tools

  9. Add cmdkey entry so that you don’t have to enter credential every time to connect to the remote host: cmdkey /add:fqdn-of-server /username:hostname\username /pass, explained HERE


Videos


Proxmox and ESXi - Install, Configure and Create VM


Hyper-V Installation


Hyper-V - Remote Management


Hyper-V - Create VM


Other things you may have noticed in the videos:

  • I struggle with uploading an ISO to an ESXi datastore and work around it by adding an NFS datastore that contains ISOs. Because it is a demo I don’t spend time to troubleshoot but of course this should not happen.

  • After creating the Hyper-V VM, I have to manually change the VM’s (QEMU) machine type to pc-i440fx-2.11 otherwise Hyper-V would not start after installation. I encountered the issue after upgrading to Proxmox 5.4 and the work-around above is also discussed HERE.

  • I interact with a Windows 10 desktop from the browser, this is the magic of Apache Guacamole. Guacamole provides a light and open source Virtual Desktop Infrastructure where you can connect to RDP, VNC and SSH sessions and all you need is a browser. There’s even support for text/file copy and paste. More info at guacamole.apache.org.

  • Syspass is the password manager you see in couple of the videos. It is an open source project and I’ve been using it for a few months. More info can be found at syspass.org.

  • I type addresses like: mypass , myvms or mydesktop in the browser to reach different services (i.e. Proxmox cluster, Syspass password manager or Guacamole VDI). These are CNAMEs created in the internal DNS (Bind9) that resolve to an Nginx reverse proxy which will then redirect to the appropriate server (VM). For example mydesktop will redirect to the Apache Guacamole VM interface on port 8443, myvms will load balance from a pool of three Proxmox servers (cluster) and redirect to one (you can see the actual Proxmox server name on the title bar).

  • I ignore PowerShell help when entering Set-Item WSMan cmdlet. It basically tells me what I am trying to achieve is not possible unless WinRM service is started and even offers to do that for me!

  • When Enter-PSSession cmdlet fails at first try, I enable a group policy, however this has nothing to do with remote PowerShell session! My mistake was that I did not use the FQDN (which I had entered in Set-Item WSMan cmdlet) and also failed to provide credentials. Group policy modification is for Hyper-V Manager.

  • I seem to struggle with copying ISOs from NAS to the Hyper-V host! A little embarrassing during a demo but I finally download the ISO directly from NAS and copy to the host. This was a (weird) permission issue that I later resolved by re-assigning permission to the NTFS/NFS share.