Windows 2012. Hyper-V Replica. Configurando passo a passo com opcao de Certificado.
Com o lancamento do Windows 2012 em algumas semanas ( primeira semana de agosto 2012 ), comeco esta semana uma serie de posts sobre o Hyper-V.
Comecando por Hyper-V Replica.
Hyper-V Replica. what is ?
Hyper-V replica is a new feature of Windows 2012 that enables you to replicate any Virtual Machine (yes, copy the entire VM: VHD/VHDX and configuration ) from one Hyper-V Server to another, without storage or any special hardware. You only need 2 servers running Windows 2012 Hyper-V.
You can replicate the content over the LAN or WAN (without compromising the link) by using HTTP or HTTPS protocols using SSL certificates inclusive.
Once you enable the Hyper-V Replica on the VM, the source host starts to maintain a HRL (Hyper-V Replica Log file) for the VHDs. Every 1 write by the VM = 1 write to VHD and 1 write to the HRL. Depending on bandwidth availability, the logfiles are sent to the target host every 5 minutes(setting not configurable). On the target the Hyper-V Replica mechanism run asynchronous, processing the log file in reverse order, allowing it only to store the latest writes. It replicates only the changes.
Note: After 5 minutes, if the replay hasn’t happened then you get an alert. The replica log file replication will take up to 30min to complete before going into a failed state where your intervention will be required to look at the issue and fix it.
The configurations at each site do not have to be the same with respect to server or storage hardware. Hyper-V Replica provides the option to restore virtualized workloads to a point in time depending on the Recovery History selections for the virtual machine.
Really easy to deploy and use.
– Between 2 sites (DataCenter replication to small offices)
– Cross premises DR solution
Hyper-V Replica works with clusters. In fact you can do the following replications:
- Standalone host to cluster
- Cluster to cluster
- Cluster to standalone host
NOTE : Hyper-V Replica is NOT an alternative to clustering. It is not intended for High Availability purposes.
• Replication Engine: Manages the replication configuration details and handles initial replication, delta replication, failover, and test-failover operations. It also tracks virtual machine and storage mobility events and takes appropriate actions as needed (i.e. it pauses replication events until migration events complete and then resumes where they left off).
• Change Tracking: Provides a virtual machine level change tracking mechanism on the primary server by keeping track of the write-operations, which happen in the virtual machine.
• Network Module: The Networking Module provides a secure and efficient compressed network channel to transfer virtual machine replicas between Primary and Replica site.
• Hyper-V Replica Broker role: The Hyper-V Replica Broker role is configured in a Windows Server 2012 Failover Cluster. This functionality supports seamless replication even in the event of a migration of a replica virtual machine from one cluster node to another.
• Management Experience: Hyper-V Manager UI; Failover Cluster Manager UI; PowerShell scripting; Hyper-V Replica APIs.
Step by Step – Part I
On the source Hyper-V Server
1. Open the Hyper-V Server Manager and click on the Hyper-V server. Then in the right pane, click on Hyper-V settings
2. On the Hyper-V settings page, click on Replication Configuration on the left pane
3. On the Replication Configuration, click on Enable this computer as a Replica Server
4.You have now the choose how the replication will occur : by using HTc.TP (port 80) or HTTPS (port 443, with encryption).
HTTPS: If you select HTTPS, I recommend you to buy an SSL Certificate from a trusted Certification Authority (CA), then :
a. Create an INF file for an Wildcard certificate request. Use the following example and replace the subject with the hyper-v servers domain name. Save the content in a text file as cert.inf for example.
[Version] Signature=”$Windows NT$” [NewRequest] Subject = “CN=*.YOURDOMAIN.local” Exportable = TRUE ; Private key is exportable KeyLength = 2048 ; Common key sizes: 512, 1024, 2048, 4096, 8192, 16384 KeySpec = 1 ; AT_KEYEXCHANGE KeyUsage = 0xA0 ; Digital Signature, Key Encipherment MachineKeySet = True ; The key belongs to the local computer account ProviderName = “Microsoft RSA SChannel Cryptographic Provider” ProviderType = 12 RequestType = CMC[EnhancedKeyUsageExtension] OID=220.127.116.11.18.104.22.168.1 ;Server Authentication OID=22.214.171.124.126.96.36.199.2 ;Client Authentication
b. Create a request. Open the command prompt with Administrative rights ( run as Administrator ) and type the following:
certreq –new CERT.inf CERT.req
c. Create the CSR to submit the certificate request to an external CA
certutil -encode CERT.req CERT.csr
d.Upload the ENTIRE content of the text file CERT.csr into the external CA webpage. (could be any external trusted CA)
e.After the certificate is issued and you received the email with the certificate, open the command prompt and type the following commands to import and store the certificate on all Hyper-V servers ( source and target )
certreq -accept CERT.cer
certutil –store my
HTTP: Select : Use Kerberos HTTP
5. Configure the Authorization and storage. This includes designating a specific location to store replica virtual machine files if the default location is not to be used. Should you not desire to allow all Primary servers to be serviced, there is an option to allow only specific servers (Primary servers) to send replication requests.
If you want to allow all servers within the domain, a wildcard character can be used (e.g. *.yourdomain.local). When using a wildcard, only one storage location can be specified. If individual server entries are used, different storage locations for replica files can be configured. Complete all entries for the Primary Server, Storage Locations, and Security Tag information.
6. Click Apply or OK when finished.
Next article : configuring the target server