I’ve been running a “security” server for years in different jobs. It’s a server that runs several security roles, for example, SUS and then WSUS, antivirus, certificate services, etc. Very often these are different servers, quite unnecessarily eating up resources and licenses.
In my current job, our security server started life as a x86 Windows Server 2003 1U rack server. Not long after the launch of our Hyper-V based private cloud, I ran a VMM 2008 P2V job to convert that machine to be a virtual machine, freeing up the hardware for other purposes. This was quite appropriate. These sorts of servers are usually very lightweight.
Earlier this year I decided to upgrade the machine to Windows Server 2008. That was easy and safe. I took a snapshot (knowing I had space on the LUN) and performed the upgrade. Now it was running W2008 x86. The upgrade went well. If it hadn’t I could have easily applied and then deleted the snapshot to return the machine back to W2003.
I now faced a challenge now. The next upgrade would be to Windows Server 2008 R2. W2008 R2 is a 64-bit operating system and you cannot upgrade from 32-bit to 64-bit Windows. There was only one choice – a rebuild. Virtualisation made this so easy – and VMM 2008 R2 made it easier.
We have a Hyper-V lab server. I use it to prep new images, test security updates, and to try out scenarios and solutions. I deployed a VM running W2008 R2 Enterprise edition onto the host and configured the VLAN ID for our test network. Enterprise edition would allow me to run customised certificates for OpsMgr usage. Here I could specify the computer name to be the same as the machine I would eventually replace and prepare it identically to the original – excepting the operating system version and architecture. On went SQL Express 2008 SP1, our antivirus and prepare those services. Downloads, approvals, patching, etc were all done. Meanwhile, the production server was still operating away with customers unaware it was to be replaced.
Eventually it was ready. I powered it down. I removed the OpsMgr agent from the original server and then used VMM to move that VM elsewhere. I used VMM to move the new VM onto the desired host. All that was required now was to change the VLAN id, boot it up, join it to our management network domain and deploy the OpsMgr agent. 10 minutes of service downtime in total to completely replace a server. Not bad! I went on to add Certificate Services after the domain join.
I’m leaving the original VM to one side just in case there’s a problem. If so I can bring it back – but that would then require some ADSIEDIT surgery to remove the certificate services configuration. So far, though, so good.