Configuring Hyper-V Live Migration without Failover Clustering

 

Configuring Hyper-V Live Migration without Failover Clustering

Live Migration technology in the Hyper-V virtualization system allows to move a running virtual machine between Hyper-V hosts without stopping it or without any impact on the availability of services. In earlier Hyper-V versions, using Live Migration you could move a virtual machine only between the nodes of the Failover Cluster. This restriction is removed in Hyper-V 3.0 (Windows Server 2012) and higher due to Shared Nothing Live Migration technology. In this article we’ll show how to enable Live Migration and move a running VM between stand-alone Hyper-V hosts running Windows Server 2016.

Shared Nothing Live Migration requirements:

1. Migration is possible between the servers running the following OSs: Windows Server 2012 R2 or Windows Server 2016
2. Virtual machine version has to be 5 or higher
3. Both computers must be located in the same Active Directory domain or in trusted domains
4. A user performing the configuration must have Hyper-V administrator privileges. While configuring Kerberos constrained delegation, a user must have the domain administrator privileges (or server account privileges)

Suppose, we have 2 servers running Windows Server 2016 with the Hyper-V role: Srv01 and Srv03. Both servers are members of the Active Directory domain and are not clustered (Windows Server Failover Clustering). Start Hyper-V Manager console on any of the servers and add both servers to it.

Then enable Live Migration in the settings of both servers. To do it, right-click a Hyper-V server and select Hyper-V Settings. Go to the Live Migration section and check Enable incoming and outgoing live migrations. Restrict the list of migrations to the IP addresses of two Hyper-V hosts.

Then select Use Kerberos as the authentication protocol in the Advanced Features section.

You can do the same things using the following PowerShell commands:

Enable-VMMigration

Set-VMMigrationNetwork 192.168.10.41 192.168.10.21

Set-VMHost -VirtualMachineMigrationAuthenticationType

Note. VM Live Migration is also possible using CredSSP protocol, but in this case the administrator will have to sign in (using RDP) on the server that is a source of migration or connect to it remotely using PowerShell Remoting.

To migrate a VM using Kerberos authentication, the administrator doesn’t need to sign in on the server, but the constrained delegation in Active Directory (KCD — Kerberos constrained delegation) has to be configured.

Start the ADUC snap-in, find the account of the first Hyper-V server, open its properties and go to the Delegation tab.

Check Trust this computer for delegation to specified services only and Use Kerberos only and click Add.

In the next window, click Users and Computers and specify the name of the second Hyper-V server. In the list of available services, select Microsoft Virtual System Migration Service.

Tip. If you also have to migrate the VM storage, select cifs protocol as well.

Save the delegation settings. Configure the same settings for the second Hyper-V server.

It remains to wait for the replication of the changes in AD and re-issue of the Kerberos ticket, then you can perform live migration of the VM. Right-click the virtual machine and select Move.

Select Move the virtual machine as the type of migration.

Specify the name of the Hyper-V host to which you want to migrate VM.

Then select the folder on a target host to move the VM files to (the folder must exist already).

Click Finish and wait till the Live Migration process of the virtual machine to the second Hyper-V server is over.

Tip. You can start the VM migration using the following PowerShell command:

Move-VM srvapp1 Srv01 -IncludeStorage -DestinationStoragePath c:\hyperv\vm

If the processor compatibility isn’t turned on in the VM settings, the migration will be interrupted with the following error:

The virtual machine cannot be moved to the destination computer. The hardware on the destination computer is not compatible with the hardware requirements of this virtual machine.

To solve this problem, you will have to shut down the VM and enable CPU compatibility for it:

Set-VMProcessor srvapp1 -CompatibilityForMigrationEnabled $true

 

From <http://woshub.com/configuring-hyper-v-live-migration-without-failover-clustering/>

 

Hyper-V Virtual Machine Live Migration without Failover Clustering

By Akilesh Ganesh|July 5th, 2019|0 Comments

What is Live Migration?

You are performing Live Migration when you migrate virtual machines from one host to another without powering off the VM. This is especially useful for system administrators when they need to quickly restore operations for critical VMs or when they want to run a maintenance check/update for some VM without downtime for the users.

Load balancing is another benefit of Live Migration, where the load is distributed across different nodes to optimize CPU resource utilization.

Hyper-V Live Migration Types

There are different types of Live Migration in Hyper-V over the years. Initially, migration was possible only among nodes that are part of a Hyper-V Failover Cluster. But after Windows 2012, there are possibilities of migration without failover.

• Quick Migration
• Live Migration
• Quick Storage Migration
• Storage Live Migration
• Shared-Nothing Live Migration
• Hyper-V Replica

The first two technologies involve a failover cluster- a group of servers clustered together to immediately balance loads or migrate VMs to avoid downtime. The difference between Quick/Live Migration and Storage Migration is that in the former, the virtual machines are migrated from one host to another while in the latter the virtual machine’s storage is migrated across hosts.

This blog talks about migrating the virtual machines running on one server to another without Failover Cluster using Windows 2016 server Distributed File System (DFS). This is a part of the Shared-Nothing Live Migration method of migration.

This migration exercise involves two Windows server 2016 hosts, named – NODE1 and NODE2.

Each node has 2 VMs – Windows 10 and Windows Server 2016.

We are going to migrate a Windows 10 VM from NODE2 to NODE1 (DFS Configured).

Setup Hosts for Live Migration

Requirements for Hyper-V Live Migration without Failover clustering

• This Live Migration is possible between the hosts only if they run on OS’s Windows Server 2012 R2 or Windows Server 2016
• Virtual Machines (VMs) running on the host must be with Version 5 or higher
• Both the source and destination servers must be located in the same Active Directory Domain or trusted domains
• Source and Destination Hyper-V hosts must be connected by a reliable network
• Hyper-V management tools must be installed on Windows Server 2016 or Windows 10

Considerations for Live Migration

Authentication

CredSSP and Kerberos authentication protocols are available in Hyper-V for live migration of VMs.

If we enable CredSSP authentication protocol, it avoids configuring constrained delegation, but it is required to sign in the source server. Server sign-in can be done through a console session or a remote desktop session or remote Windows PowerShell session. If you do not login to the source server you will get the error ‘authentication attempt failed’.

Enabling Kerberos authentication protocol avoids signing into the server, but requires constrained delegation (KCD) set up. With constrained delegation, the services are restricted for access by the server on behalf of the user.

Performance

Performance option helps you reduce the Network and CPU usage, which obviously will make the Virtual Machine live migration process faster. Before configuring the performance options consider your requirements and infrastructure, based on which you can test different configurations for better results.

Networking

The Live Migration data is not encrypted while it is transferred over a network. Hence, while performing Live Migration, it is recommended to isolate the migration traffic on a private network or trusted network. This is to increase security when Live Migration is carried out. Network isolation can be achieved through a physically isolated network or through trusted networking technology such as VLANs.

Step 1: Configure constrained delegation (optional)

• Login to the Hyper-V configured server. Then open the Active Directory users and computers
• Select the domain name and click computers
• Inside the computer folder, it will display all the computers which belong to a particular domain (here we use vembublog.com)
• Select the computer account of the source server, right click and then go to properties
• From properties, click delegation tab
• From Delegation tab, choose the option “Trust this computer for delegation to specified services only”, and then click “use any authentication protocol”

• Click add. Then, click the users and computers and type the name of the destination server and click check names. Verify the server details and click ok
• In the add services, select the service and click ok

Example:

• To move the Storage, you can select CIFS service
• To move the Virtual machines, select Microsoft Virtual System Migration Service

• On the delegation tab, verify if the selected services are listed and selected destination computer is present in the delegation credentials.

• These changes are replicated to the domain controllers in which the servers running Hyper-V are logged in
• The domain controller supplies a new Kerberos ticket

Step 2: Set up the source and destination computers for live migration

You can set the source and destination computers in two ways:

• Using Hyper-V Manager
• Using PowerShell

Using Hyper-V Manager:

• Open Hyper-V Manager
• In the navigation pane, select the servers. If servers are not added, right-click Hyper-V Manager and click ‘Connect to server’. Type the server name and click ok. In the same way, add the other servers also. After that select the servers you require
• Click Hyper-V settings and select live migrations
• Now Enable the incoming and outgoing live migration options in the live migration pane
• Under simultaneous live migration, specify the number of simultaneous live migration you want to use. The default number is 2
• In incoming live migrations, you can add the IP address and specify a network connection for live migration traffic else you can select from the available network. Finally, click ok

For Kerberos and performance option, expand live migration and select Advanced features

• For Constrained delegation authentication protocol, you can select Kerberos
• To enable Credssp, you need to login to the destination server to perform the live migration

• Under the performance options, select the performance configurations based on your requirement
• The similar configuration process is carried out for the other servers, that need to be added to Hyper-V manager

Using PowerShell:

There are 3 cmdlets you will be using to setup the source and destination computers.

Configuring live migration on the host machine – PS C:\> Enable-VMMigration

Allowing incoming traffic for specific networks – PS C:\> Set-VMMigrationNetwork

Choosing Kerberos for authentication – PS C:\> Set-VMHost-VirtualMachineMigrationAuthenticationType Kerberos

Step 3: Use Hyper-V Manager to move a running virtual machine

• In the navigation pane select one of the servers, in which you want to move the Virtual machine from one host to another host
• After selecting the server, in the Virtual machine pane, right-click the virtual machine and select move
• Now choose the move type, then specify the destination host machine details and click finish. Below are the screenshots for your reference

 

Finally, you will see a pop-up window showing the virtual machine migration process.

Once virtual machine migration is completed, you can login to the destination host machine and check the machine status. Note: we created DFS (Distributed File System) in NODE1 server to store the Virtual Machines virtual hard disks.

Hyper-V Live Migration is often related to failover clustering technology. But, in this blog, a comprehensive overview of how to set up the Live Migration process without Failover Cluster is briefly narrated.

While these options to migrate without the need for failover cluster exists, most of the Hyper-V infrastructure these days have deployed clustering models for better resource utilization. Migrating VMs across hosts definitely reduces the downtime, but that doesn’t protect the systems from large scale attacks or disasters.

The entire HA model depends on the same AD, reliable network and other conditions, the privileges you will not have when your entire infrastructure is flooded. That is when a good Backup & DR strategy will rescue your business.

By having a backup of your machines in another site, you can quickly resume operations without much downtime by turning on the VMs in that site while the main office recovers from the disaster. This means you need to be able to backup VMs that are migrating from one host to another within a Failover Cluster.

 

 

From <https://www.vembu.com/blog/hyper-v-virtual-machine-live-migration-without-failover-clustering/>