Archive for the ‘Hyper-V’ Category
With Windows 2012 the clustering changed. the basic config san connected to the cluster is no longer the best option. using the Scale out file server you get better performance and better redundancy. but more important the cost are less. below are some screen shots from the TEE13 sessions more about this is coming this week.
The session links are also there. Check it out. Windows 2012 R2 is changing your IT designs.
My Birthday gift would be http://www.violin-memory.com/products/velocity-pcie-cards/
http://channel9.msdn.com/Events/TechEd/Europe/2013/MDC-B333#fbid=wfTYzMflrSw
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B333#fbid=I9ghm1Pa9Ih?ocid=aff-n-we-loc–ITPRO40922&WT.mc_id=aff-n-we-loc–ITPRO40922
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B305#fbid=I9ghm1Pa9Ih?ocid=aff-n-we-loc–ITPRO40922&WT.mc_id=aff-n-we-loc—ITPRO40922
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/MDC-B333#fbid=I9ghm1Pa9Ih?ocid=aff-n-we-loc–ITPRO40922&WT.mc_id=aff-n-we-loc—ITPRO40922
This is the way to bypass your san and get an optimized Windows 2012 environment to boost your performance
With the new products that are available end of 2013 ( Windows 2012R2 and the system center R2 ) releases Replication will be important all the way and will be easier to create but also the environment will be more complex. Replication on kerberos is easy to uses even shared nothing is quick and fast but what about certificate based ?
Easy to use click a certificate and use it. It is that easy or not ? well it is almost.
In this case I have My DC that hold a Enterprise Root CA and two clusters and 4 VMM servers,
Well You will only need the Root CA and Two Hyper-v server Clustered in different clusters.
yes we will do Clustered Based Certificate Based Replication ( CBCBR )
Open Certification Authority (certsrv.msc) from Administrative Tools
Right click on Certificate Template and click on Manage then we duplicate the Workstation Authentication template
Give the Certificate a nice name like Hyper-v Replica Authentication
That you know where the certificate is for.
There are a few things we need to change or can change
I choose for 2012 usage only in the compatible settings Certificate recipient and authority can be set to Windows Server 2012
The Security settings Ensure that Authenticated Users are allowed to Read and Enroll.
Edit Application Policies and add Server Authentication
Subject Name Change the option to Supply in the Request
Now that the Certificate template is ready we are going to import this certificate
Open Certification Authority on the server and click on Certificate Templates
Select Action and choose the New option followed by Certificate Template to Issue.
Choose the certificate template name from the pop-up box
Now that the basic is ready on our DC we can deploy the Certificate to the clusters / hyper-v server
If you try to add a cert now in the Hyper-v broker. You will see a nice error wrong or no certificate.
A cool thing in 2012 is that you can do PowerShell in the certificate store.
go to c:windowssystem32
cd cert:
use the :
then
cd .\localmachineroot then a Dir and you will see all the certificates
How cool is that !
Open an MMC and open the localmachine store.Requesting Hyper-V Replica Certificates from an Enterprise CA based on our current template.
Next and see here is our new certificate template
Now check the certificate and click on the blue line more information is required.
Use the CN = Common name / friendly name to identify the certificate. and use the computer names to connect to the certificate but you can also use the *.domain.local for a wildcard certificate
hit apply and the next on enroll
and in the certificate store the certificate should been listed
And that’s the process for customizing and requesting certificates. Your final step in configuring Hyper-V Replica happens back in Cluster Failover Manager.
now check the broker Role in the cluster and do right click
Launch replication Settings and click the Select Certificate button in Replication Configuration. If you’ve done everything correctly, you’ll see your recently installed and customized certificate
and I n my case I have two clusters and won’t to replicate from and to the both clusters.
there for I used the same certificate import and export with private key and put it on all the nodes remember the node name should be in the certificate FQDN !
In the VM you can enable replication and choose the certificate. But you can also mix one VM with Kerberos and the other with a certificate
Once It is done it is keep working unless the certificate is expired !
Next stop will be Hyper-v Replication Manager.
Windows Server 2012 Hyper-V Role introduces a new capability, Hyper-V Replica, as a built-in replication mechanism at a virtual machine (VM) level. Hyper-V Replica can asynchronously replicate a selected VM running at a primary site to a designated replica site across LAN/WAN
there is a great guide for you LAB on this site http://blogs.technet.com/b/yungchou/archive/2013/03/24/hyper-v-replica-broker-explained.aspx
Hyper-V Replica Cluster
To Deploy a Hyper-v failover cluster as a replica site, must use Failover Cluster Manager to perform all Hyper-V Replica configurations and management. And first create a Hyper-V Replica Broker role.
In this case I have two clusters left and right. first go to the FCM and add a role
A Hyper-V Replica Broker is the focal point in this case. It queries the associated cluster database to realize which node is the correct one to redirect VM specific events such as Live Migration requests in a replica cluster.
Windows Active Directory domain is not a requirement for Hyper-V Replica which can also be implemented between workgroups and untrusted domains with a certificate-based authentication. Active Directory is however a requirement if involving a Hyper-v host which is part of a failover cluster, and in such case all Hyper-V hosts of a failover cluster must be in the same Active Directory domain with security enforced at the cluster level. I see sometimes that the broker creations is failing. The resource will not come online.
So During the creation of the cluster resource you will need a Name ( netbios ) and a IP. that is all. But remember as all cluster resources the cluster will create the items and not you Mister Admin. Just make sure Your DNS and cluster resource can create Items.
If you are not sure about this check my old blog post http://robertsmit.wordpress.com/2012/06/26/cluster-network-name-resource-failed-to-create-its-associated-computer-object-in-domain/
Now that my Resource is created and it is in my cluster In both Cluster I want to do Cross Replication
If you know Hyper-v then you would do the settings in the hyper-v settings but as you can see all the options are grayed out.
Go to the Cluster manager and right click on the broker select replication settings.
Same menu and configurable.
First enable the replica server in the first case I use Kerberos ( the easy one )
So don’t check the certificate based box.
here you can do give any server access to this replica easy to do and quick just fill in the path where the VM files need to be stored.
the other option is give only server that I want access. Well in my case I also used a * not that smart well now Only server in my domain can replicate and not every server. If you want to do a point to point connection just fill in the FQDN of the server.
once you have filled in the entry you can’t change the name only the storage path. Well that is fine for now.
Again we add the Resource this time a Virtual machine. Just make sure there is a VM in the Hyper-v
What we do here is make the VM high available and yes you could also replicate the VM right from the Hyper-v console.
but that does not make the VM High Available.
Selecting the VM Now we can start the machine and the VM is HA
We have the broker in place and a VM it is time to replicate.
Don’t use the broker on the current cluster you can’t replicate to your own cluster
All you have to know is the name of your cluster where the VM is placed
So I use the name of the cluster and see if it works, The wizard does see that there is a other broker in the left01 cluster and ask me to change that YES click on update
again Here can I choose Kerberos or certificate Rememeber I checked both boxes on the broker cluster resource If I made a choice there I could no choose here.
I go for……Kerberos
Check what VM disk are needed to replicate If you have a disk that holds stuff that si not needed for replications then unselect the disk here.
You can create multiple recovery points or just one and change the time currently you can set this from 1 hour to 12 hours. It is a wish to get this sooner.
and how to copy the stuff , over the network or with media. and the time to start.
I take the right now option
and If you want to change the settings just go to the settings of the VM and change it
In the Cluster or in the Hyper-v console you can see the status easy quick and fast replication.
In my next blog post I will do the same with a Certificate and you need extra steps for this.