Starting with Windows Server 2012 R2, it is possible to re-size a Virtual Hard Disk for a running Virtual Machine on Hyper-V! It was not possible to do so before for an online Virtual Machine running on Windows Server 2012 and earlier Hyper-V versions.
Let’s have a look at some of the benefits this feature offers and requirements before you dive in and use it.
Benefits
The re-sizing feature allows expanding or shrinking a Virtual Machine hard disk while the Virtual Machine is running. Storage administrators can avoid downtime to perform virtual hard disk maintenance tasks and there is no impact to end users. Users can still access Virtual Machine and its volumes. This feature reduces the maintenance costs associated with downtime of critical Virtual Machines.
There is also a Resize-VirtualDisk PowerShell cmdlet available which can be used to script the re size operation on multiple virtual hard disks quickly. There is no need to use or enable any component to use this feature. This functionality is available out of the box using “Edit Virtual Hard Disk” wizard.
Requirements
Since it is a feature of Hyper-V running on Windows Server 2012 R2, make sure to perform this task on a Windows Server 2012 R2 Hyper-V Server. You must also be using a VHDX format and this must be connected to a SCSI controller before you can expand or shrink a Virtual Hard Disk. However, Disk type can be fixed, differencing or dynamic.
In environments with full certificate infrastructures, an organization may decide to leverage certificates on endpoints instead of passing through user credentials. While certificates are considered one of the more secure options, its important to remember that at that point we are authenticating the device, not the user.
When using wireless 802.1X with certificates, you’ll usually select EAP-TLS or a similar vendor-specific EAP type.
Best used for: High security environments with all managed endpoints, a PKI certificate structure and key management.
Pros: Extremely secure authentication method, provided the certificate structure is trusted. Fairly easy to implement if a PKI solution is already in place.
Cons: This method authenticates devices with installed certificates, not users. Organizations with high security requirements and extensive audit and accounting needs will want to layer authentication methods (two factor or more) to validate the machine and user. This is a major undertaking if a certificate system is not already in place.
The majority of enterprise and federal clients are using 802.1x pass thru.
In a pass-through situation, the 802.1X supplicant on the laptop grabs the credentials entered, packages them in EAP (extensible authentication protocol, used in 802.1X) and passes them through to the network for decision-making. Most Microsoft environments using a login pass-thru will use EAP-PEAP (protected EAP) method of EAP to transmit the credentials.
Best used for: Medium to high security environments with homogeneous endpoints and operating systems that support native supplicants (Windows XP SP2 and later have the 802.1X supplicant built-in. Windows XP SP3 and later allow domain admins to manage the properties through group policy in AD.)
Pros: Pretty secure authentication since it’s using user credentials (versus machine logon). Easy to implement in the right environment and does not require a certificate infrastructure for the endpoints. Only the authentication server (RADIUS) needs a certificate to leverage PEAP.
Cons: Can be tricky in mixed environments with a variety of endpoints or in shared resource environments where logins may not be user-specific (ie labs with generic logon).
