Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Hyper-V

Performing Out-Of-Band File Copies to Hyper-V Virtual Machines

There are a number of features in Hyper-V that are not immediately obvious because they are not visible in the GUI. One of these features is the Guest Services integration service.

When this feature is enabled you can perform non-network, out-of-band file copies via the Hyper-V VMBus into a running virtual machine. A lot of Hyper-V administrators will be happy as it makes several operational tasks a lot easier. Here is an outline of how you can use Copy-VMFile to do this kind of file copy.

The Need for Out-of-Band File Copies

Multi-tenancy, the need to run lots of isolated networks on an infrastructure, is no longer something restricted to the hosting business. That’s where I first worked in a multi-tenant environment. Using vSphere, and then Hyper-V, I managed farms where many customers used virtual machines that resided on firewall isolated VLANs. Every now and then we had to do maintenance work. Sometimes this was proactive maintenance and sometimes a customer asked us to help out with something. The latter usually required more effort.

If a customer wanted to install a service pack on SQL Server then I had two choices in older versions of Hyper-V. Those two options would be:

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

  1. First, I could log into that virtual machine, open the browser, and download the service pack. This is where security-focused engineers go crazy. No one should ever browse the Internet from a production virtual machine.
  2. Alternatively I could download the zip file from Microsoft to a central library. After that, I’d reach a point where problems began.

If the service pack came as an ISO file I could put it in the System Center Virtual Machine Manager (SCVMM) library and edit the virtual machine settings to mount the ISO. This uses host networking to connect to the SCVMM library so the virtual machine’s isolation was a non-factor.

Unfortunately, SQL service packs, like lots of other software, did not come as ISO files. This meant I had to use a tool to create ISOs. That made more work for me. There’s also the issue of ISOs being accidentally copied to the virtual machine’s storage location (the unfortunate default action) instead of being mounted across the network.

A simple file copy would be easier, if only it was possible.

Copy-VMFile

Microsoft added a new Hyper-V integration service called Guest Services which allows Hyper-V administrators to copy a file into a virtual machine via the VMBus. The virtual machine’s network connection is not used or even required. This out-of-band copy would have solved my issue with making installer files available inside of network-isolated virtual machines.

Copying a file into a virtual machine is fairly simple. There are two steps, with an optional third clean-up step:

  1. Enable the Guest Services integration service
  2. Copy the file into the virtual machine using the Copy-VMFile PowerShell cmdlet
  3. Optionally disable the Guest Services integration service

Guest Services is disabled by default. This was a “play it safe” decision by Microsoft. Not every organization is comfortable with the idea of administrators being able to copy files into guest operating systems, especially in a public cloud.

There are two ways to enable Guest Services. The first is to edit the properties of the virtual machine in Hyper-V Manager and check the box for Guest Services in Integration Services.

Enabling out-of-band file copies to a Hyper-V virtual machine
Enable the Hyper-V Guest Services integration service

The alternative option is to run the following PowerShell cmdlet:

​ Enable-VMIntegrationService “VM01” -Name "Guest Service Interface"

Note that this step should also enable a service in the guest OS of the Windows virtual machine called Hyper-V Guest Service Interface.

You can then copy a file into a virtual machine using Copy-VMFile. The following will copy a file called test.txt from C: on the host to C: in the guest OS of a virtual machine called VM01. There is no GUI alternative for this step.

​ Copy-VMFile VM01 -SourcePath C:test.txt -DestinationPath C: -FileSource Host

Optionally, you can then disable Guest Services in Hyper-V Manager or by using PowerShell. This will disable the guest OS service called Hyper-V Guest Service Interface:

​ Disable-VMIntegrationService “VM01” -Name "Guest Service Interface"

I can imagine a scenario where you need to copy a file into lots of virtual machines. If so, you could script this action using the following code as a starting point:

​ # Populate $VM in some way, for example an array or from a text file
​ $VM = “VM01”
​ Enable-VMIntegrationService $VM -Name "Guest Service Interface"
​ Copy-VMFile $VM -SourcePath C:test.txt -DestinationPath C: -FileSource Host
​ Disable-VMIntegrationService $VM -Name "Guest Service Interface"

#

Some action can now be scripted, automated, or scheduled in the guest OS.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: