What are Hyper-V Virtual Machine Integration Services?
In this post I describe the functions of the Hyper-V Integration Services, most of which are enabled by default. These default enable settings might be helpful or they might create challenges, depending on the role of a virtual machine’s guest operating system (OS) and services. To make this determination, you need to understand the roles of the integration services.
What Are Hyper-V Integration Services?
You can find the Hyper-V Integration Services in the settings of a virtual machine. The integration services provide a way for the management tools and administrators to interact with an otherwise isolated guest OS running inside a virtual machine. You can see how the integration services function by referring to the article, Understanding the Architecture of the Hyper-V Hypervisor.
Integration is enabled within a virtual machine by the integration components. Remember to always keep them up to date in Windows guests. Administrators and the management OS can interact with the guest OS by accessing Virtualization Service Providers (VSPs) that work with related Virtualization Service Clients (CSVs) via the secure VMBus.
A number of integration services are enabled by default as illustrated in the diagram below. You can view and customize these settings in Hyper-V Manager by editing the properties of a virtual machine and browsing to Integration Services.
Say Goodbye to Traditional PC Lifecycle Management
Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.
The integration services of a Hyper-V Virtual Machine (Source: Aidan Finn)
The Hyper-V Integration Services
The following integration services are available to allow integrated management of virtual machines by administrators and the Hyper-V management OS.
Operating System Shutdown (Enabled by Default)
No one enjoys rescuing an operating system or database after a machine has been switched off before being shut down.
The Operating System Shutdown service allows Hyper-V to reach inside of a guest OS, (either Windows or Linux), to perform a clean operating system shutdown in order to shut down a virtual machine. This ensures that both the guest OS and the running services are closed in an orderly manner, enabling logs and caches to be flushed to disk and transactions to be committed.
This integration service makes life easier for administrators. Say you want to shut down all of your virtual machines on a host. You can select them all in Hyper-V Manager, right-click on and select Shutdown. Alternately, you could run a PowerShell script:
Stop-VM -ComputerName Demo-Host2 -Name *
Time Synchronization (Enabled by Default)
Clock synchronization is critical for any services that rely on Kerberos, such as Active Directory authentication and authorization along with many other security services. Hyper-V provides the ability to synchronize your virtual machines’ clocks with those of the host using the Time Synchronization integration service.
This integration service has also worked reliably on Linux for the past two years. Initial releases of the Linux Integration Services required working with scripts to prevent clock drift.
It might appear that this integration service should always be enabled however there are scenarios where it should be disabled. As an example, imagine a virtual machine’s service has its own clock synchronization functionality that should take precedence over the host’s clock.
Microsoft recommends that you disable the Time Synchronization integration service on virtual machines that will be domain controllers. This advice is countered by Ben Armstrong, Senior Program Manager for Hyper-V, who says you should leave this service enabled and configure the PDC Emulator domain controller to synchronize every 15 minutes from an external source. Ben has a FAQ on time synchronization on his blog.
Data Exchange (Enabled by Default)
This integration service is also known as Key Value Pairs. The management OS can share or retrieve information from a guest OS via registry values stored in the virtual machine’s operating system at HKEY_LOCAL_MACHINESOFTWAREMicrosoftVirtual MachineGuestParameters. Microsoft’s Taylor Brown has blogged about how to use KVPs.
This provides useful functionality and is safe however I have disabled it in the past when I worked in the hosting industry.
Heartbeat (Enabled by Default)
Heartbeat is a simple integration service. Hyper-V tests regularly to see if a virtual machine is running. The integration service is found in the guest OS, so it will only be active if the Hyper-V integration components (and thus the guest OS) are running. You can use this integration service yourself by running the follow PowerShell cmdlet. I’ve used this myself to orchestrate Hyper-V failovers using a data file driven script:
Using the Heartbeat integration service with PowerShell (Source: Aidan Finn)
Backup (Enabled by Default)
With the Backup integration service enabled you will get consistent backups of your running virtual machines by performing a backup job on the host. The goal is that your backup jobs should be much simpler; backing-up virtual machines instead of system states, file systems, and applications of each virtual machine.
Guest Services (Disabled by Default)
The Guest Services integration service is disabled by default. This is because it gives the Hyper-V administrator the ability to copy files into a virtual machine without requiring a network connection. This might be an extremely useful feature for administrators, but it could raise security or compliance issues in some environments. This is why Microsoft has left it disabled by default and allows you to choose to enable the integration service and the required guest OS service.