Tenant Manager Background

How to Manage Hyper-V at Scale for MSPs

Written by Hornetsecurity / 04.04.2019 /
Home » Blog » How to Manage Hyper-V at Scale for MSPs

When it comes to infrastructure management, MSPs really have a rough go of it. Most internal IT Organizations have a flat network or at least multiple networks connected with the proper routing and network translation. These connectivity options make the management and patching burden for those internal IT departments much easier to wrap their hands around. MSPs don’t really have this luxury.

The typical MSP management story looks much like figure 1 below: you have multiple disparate customers, each with networks, subnets, and WANs. Maybe some of them even share the same IP scheme (192.168.1.0/24, anyone?). Some of them may have connected VPNs back to the MSPs. Most will not. 

Some will use a collocated datacenter, and some will use the public cloud. This can make management at scale difficult because not only do MSPs have to reach the endpoints/servers they are looking to manage, but it must be done in a way that makes management of one system easy and does not affect the management of the others. With that said, let’s look at how MSPs can manage Hyper-V at scale.

MSP Managing Multiple Sites with Multiple Similar or Dis-similar network segments
MSP Managing Multiple Sites with Multiple Similar or Dis-similar network segments

How to Manage Hyper-V at Scale

This article will focus on the few available tools that can help MSPs manage Hyper-V at scale specifically. Hyper-V is a core service that many MSPs leverage today. It can become difficult if you can’t manage it effectively at scale, like many solutions. Also, like other solutions, there isn’t a magic “one-size-fits-all” answer to this issue. What works for one MSP’s workflows and processes may not work for a different MSP. You’ll have to review the tools available and make your own judgments.

Before we start listing tools, it is worth noting that you’ll likely only have to do this with your larger customers. Most SMB customers running Hyper-V will be low-touch customers. In those situations, simply RDPing into the customer’s environment and making changes as needed will be enough. The tools mentioned below will likely be needed when you have a larger customer who has customized virtualization needs or makes frequent changes.

Let’s take a look.

Hyper-V Manager and Failover Cluster Manager

This is likely the simplest option. Many are apt to discard these tools in the scope of this discussion, but I would suggest otherwise. I’ve seen many MSPs who make it a common practice to set up VPN tunnels between their larger customers and their management locations. As long as it’s done properly, you can ensure there is no “cross-talk” between customer networks.

Once established, the Hyper-V Manager and Failover Cluster Manager (FCM) can be used just like they normally would if you were on-prem at the customer’s location. You may notice some latency, but nothing that is deal-breaking.

The problem with this option is that the MSP must ensure that their network does not become compromised by an outside attacker. If that happens, an attacker could potentially access all of the customer networks attached via VPN, which would obviously be VERY bad. You could help mitigate this by creating a separate “Management Network” that your engineers must connect to before attempting to manage customers.

The other issue with this approach is that when we’re talking about managing “at scale,” these tools don’t lend themselves well. When managing things at scale, you’ll want to automate certain tasks, and these tools don’t really allow for that.

System Center Virtual Machine Manager

This tool is something of a step up over the above. While I’ll be the first to tell most organizations that you don’t need SCVMM to use Hyper-V and will actively advocate that they don’t use it, my stance is a bit different for MSPs. You’d still use the VPN setup for your customers, as I mentioned above, but SCVMM does a better job of maintaining customer and “cloud” separation. 

In SCVMM, you would define a private cloud for each customer consisting of their Hyper-V deployment and associated infrastructure (Storage, Network…etc). You would then see them as abstracted resources to be consumed within VMM for each customer location. It’s more to manage, but it does a better job managing multiple locations in this fashion.

One question that I’m commonly asked at this point is, what about running SCVMM over WAN? I wouldn’t recommend it. Any management traffic of any kind, I’m opposed to it traversing the public internet. At a bare minimum, it should go through an encrypted VPN tunnel. Even if you only establish said VPN tunnel when there is a management need.

One other thing to note. VMM is not a tool that requires little overhead. There are some fairly significant system requirements and ongoing maintenance. If you want something that provides as good of control but with less overhead, take a look at the next two options.

Your RMM Package

No MSP is complete without an RMM package such as Connectwise Automate or Continuum. Both tools (and others) provide the hooks and mechanisms to provide some management and monitoring overhead of your Hyper-V systems. Many MSPs will opt for this option because it already fits in well with their existing workflows and processes. Additionally, VPNs are often not a requirement here because most RMM platforms have been designed to avoid that requirement.

The capabilities are not uniform across all RMM platforms, and you’ll want to take a look at your own platform’s documentation to see exactly what type of management options there are for Hyper-V.

NOTE: Interested in RMM platforms and other MSP tools? Check out our MSP tool comparison guide!

PowerShell

Regardless of that, one thing all of these platforms have in common is the ability to manage and execute PowerShell scripts against managed endpoints, including Hyper-V Hosts. The Hyper-V PowerShell Module is VERY mature, and anything you can do in the management GUIs (and more) can be done using PowerShell. For example, all the below common tasks can be done using PowerShell:

  • Start/Stop VMs
  • Take Checkpoints
  • Configure Virtual Machine Settings
  • Configure Hyper-V Host Settings
  • Configure vNICs and vSwitches
  • Manage VHD(X)s
  • Deploy new VMs
  • Migrate VMs
  • Etc….etc…..

You can script any Hyper-V task/function you desire and then use your RMM toolkit to deploy and execute said script. Need some ideas on what sort of things to do? Jeff Hicks, one of our Altaro Hyper-V authors, has some amazing articles on using PowerShell to work with Hyper-V.

Wrap-Up

Choosing and standardizing one of the options listed here can make managing customer virtualization infrastructure easier and more effective. You’ll want to research each option and determine which is right for you and your customers. Remember, though, what works for you may be a combination of all these options!

What about you? Do you have any management stories about trying to manage Hyper-V for your customers? What worked? What didn’t?

Thanks for reading!