Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Windows Server 2012

Windows Server 2012 R2 Hyper-V Automatic Virtual Machine Activation

Today I will discuss how you can use a new feature in Windows Server 2012 R2 Hyper-V called Automatic Virtual Machine Activation (AVMA) to automatically activate the guest OS installations of Hyper-V virtual machines.

Why Automatic Virtual Machine Activation Is Required

Imagine a Hyper-V installation that is large or complex. There might be many isolated networks. Those networks could be isolated using either VLANs or Hyper-V Network Virtualization (HNV). There might be many Active Directory forests that have no external trusts. These are very real designs that must be implemented by large enterprises and hosting companies that are building multi-tenant clouds.

Anyone who has legally deployed Windows (hopefully that is all of you) since the days of Windows XP has had to activate their product key. There are three ways to do an activation:

  • Online: Your machine connects directly to a Microsoft service on the Internet and activates. This is okay for a few installations, but it’s not scalable.
  • Offline: If your activation fails or the machine is offline then you can call the Microsoft clearing house to perform the activation over the phone. This method is intended for rare occasions. I hope this isn’t what you plan for a network with dozens, hundreds, or even thousands of virtual machines.
  • Key Management Service: A Key Management Service (KMS) installed, activated using a special KMS key, and advertised on the network. New machines are directed to the KMS instead of the Microsoft online service to activate. This is more scalable and removes the dependency for machines to have Internet access.

Initially it sounds like KMS activation is the perfect approach to use in a large-scale virtualization environment. In fact, it will work pretty well for a flat network where all virtual machines are in the same network or Active Directory as the hosting infrastructure where the KMS will likely reside.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

But think about a true cloud for a moment, with its multi-tenancy, self-service, and broad network access. Lots of non-IT staff (I don’t mean the receptionist, but delegated IT outside of central infrastructure management) will be deploying virtual machines for themselves. Tenants, be they internal or external, must be isolated from the hosting infrastructure and each other. And how are the Windows Server operating systems of those virtual machines going to activate against a centrally deployed KMS server with which they cannot communicate?

Guest OS activation is blocked by network isolation
Tenant VMs are isolated from Windows activation.

What Is AVMA?

You may have heard the line that “every Hyper-V feature of Windows Server Datacenter edition is in Windows Server Standard.” That was true in WS2012 and it is very nearly true in WS2012 R2. The one exception is related to licensing.

When you license a physical server with Windows Server Datacenter edition you are entitled to install it:

  • On the physical server if you want to deploy Hyper-V
  • In as many virtual machines as you can/want on that physical server

That makes licensing hosts (including vSphere) using the Datacenter edition the cheapest option for deploying hosts with lots of Windows Server virtual machines – you basically get unlimited installs of Windows Server on that host for the cost of licensing just the physical server for Window Server.

And this is why Microsoft added AVMA to just the Datacenter edition. AVMA provides a solution in which:

  • You deploy Hyper-V on hosts using Window Server 2012 R2 Datacenter edition.
  • WS2012 R2 virtual machine are deployed with a special AVMA key.
  • The virtual machines detect the host is activated and they automatically activate without requiring external services such as KMS.

In short, AVMA simplifies Windows Server activation for larger deployments and for networks that must feature virtual machine isolation. The OS requirements are:

  • The host must be running WS2012 R2 Datacenter edition
  • The virtual machines must be running WS2012 R2 Essentials, Standard, or Datacenter edition

Installing the AVMA Key

There are two ways to deploy the AVMA key. The first is a more manual process in which you run the following command in the guest OS of a new virtual machine:

slmgr /ipk <AVMA_product_key>

Note: You can get the public (yes, they are public and intended to be used by everyone) AVMA product keys from TechNet.

The guest OS will communicate with the host via the Hyper-V integration components to attempt an activation. This process is repeated every seven days to ensure that mobile VMs are indeed running on activated hosts.

If you want to build lots of virtual machines, such as in a self-service cloud, then you should consider the alternative approach in which you include the AVMA product key in the unattended installation. This will remove the manual aspect of running SLMGR.

Related Topics:

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: