With the new products that are available end of 2013 ( Windows 2012R2 and the system center R2 ) releases Replication will be important all the way and will be easier to create but also the environment will be more complex. Replication on Kerberos is easy to uses even shared nothing is quick and fast but what about certificate based ?
Easy to use click a certificate and use it. It is that easy or not ? well it is almost.
In this case I have My DC that hold a Enterprise Root CA and two clusters and 4 VMM servers,
Well You will only need the Root CA and Two Hyper-v server Clustered in different clusters.
yes we will do Clustered Based Certificate Based Replication ( CBCBR )
Open Certification Authority (certsrv.msc) from Administrative Tools
Right click on Certificate Template and click on Manage then we duplicate the Workstation Authentication template
Give the Certificate a nice name like Hyper-v Replica Authentication
That you know where the certificate is for.
There are a few things we need to change or can change
I choose for 2012 usage only in the compatible settings Certificate recipient and authority can be set to Windows Server 2012
The Security settings Ensure that Authenticated Users are allowed to Read and Enroll.
Edit Application Policies and add Server Authentication
Subject Name Change the option to Supply in the Request
Now that the Certificate template is ready we are going to import this certificate
Open Certification Authority on the server and click on Certificate Templates
Select Action and choose the New option followed by Certificate Template to Issue.
Choose the certificate template name from the pop-up box
Now that the basic is ready on our DC we can deploy the Certificate to the clusters / hyper-v server
If you try to add a cert now in the Hyper-v broker. You will see a nice error wrong or no certificate.
A cool thing in 2012 is that you can do PowerShell in the certificate store.
go to c:windowssystem32
cd cert:
use the :
then
cd .\localmachineroot then a Dir and you will see all the certificates
How cool is that !
Open an MMC and open the localmachine store.Requesting Hyper-V Replica Certificates from an Enterprise CA based on our current template.
Next and see here is our new certificate template
Now check the certificate and click on the blue line more information is required.
Use the CN = Common name / friendly name to identify the certificate. and use the computer names to connect to the certificate but you can also use the *.domain.local for a wildcard certificate
hit apply and the next on enroll
and in the certificate store the certificate should been listed
And that’s the process for customizing and requesting certificates. Your final step in configuring Hyper-V Replica happens back in Cluster Failover Manager.
now check the broker Role in the cluster and do right click
Launch replication Settings and click the Select Certificate button in Replication Configuration. If you’ve done everything correctly, you’ll see your recently installed and customized certificate
and I n my case I have two clusters and won’t to replicate from and to the both clusters.
there for I used the same certificate import and export with private key and put it on all the nodes remember the node name should be in the certificate FQDN !
In the VM you can enable replication and choose the certificate. But you can also mix one VM with Kerberos and the other with a certificate
Once It is done it is keep working unless the certificate is expired !
Next stop will be Hyper-v Recovery Manager.