VM Mobility with Hyper-VKristian NeseCTOLumagate

Mobility Core to Private Cloud

• Virtualization is the basis of a Microsoft private cloud• Virtual machine mobility is key an efficient and responsive

private cloud deployment

Live Migration

Agenda

Live Migration without Infrastructure

• You can even live migrate virtual machines between two Hyper-V servers with no shared infrastructure• Need to be in the same domain

• Entire virtual machine moved (VHDs + running state) with no downtime

DEMO

LIVE MIGRATION

Hyper-V Server 1 Hyper-V Server 2

VMMS VMMS

Virtual Machine

Virtual Hard Disks

Negotiation

Hyper-V Server 1 Hyper-V Server 2

VMMS VMMS

Virtual Machine

Virtual Hard Disks

LM Connection

Hyper-V Server 1 Hyper-V Server 2

VMMS VMMS

Virtual Machine

Virtual Hard Disks

LM Connection

Storage Migration

Hyper-V Server 1 Hyper-V Server 2

VMMS VMMS

Virtual Machine

Virtual Hard Disks

LM Connection

Virtual Hard DisksStorage Mirror

Hyper-V Server 1 Hyper-V Server 2

VMMS VMMS

Virtual Machine

Virtual Hard Disks

LM Connection

Virtual Hard DisksStorage Mirror

Live Migration

Hyper-V Server 1 Hyper-V Server 2

VMMS VMMS

Virtual Machine

Virtual Hard Disks

LM Connection

Virtual Hard DisksStorage Mirror

Live Migration

Hyper-V Server 1 Hyper-V Server 2

VMMS VMMS

Virtual Machine

Virtual Hard Disks

LM Connection

Virtual Hard Disks

Hyper-V Server 1 Hyper-V Server 2

VMMS VMMS

Virtual Machine

LM Connection

Virtual Hard Disks

Hyper-V Server 1 Hyper-V Server 2

VMMS VMMS

Virtual Machine

Virtual Hard Disks

PowerShell

• Move-VM “VM10" “TOMWAITS" • -IncludeStorage –DestinationStoragePath • “C:\VMS"

AGENDA

LIVE MIGRATION WITH SMB

Live Migration with SMB

• Storage is not moved, just the running virtual machine• Like live migration in a cluster, without high availability

• Requires SMB 3.0

Setting up SMB for Live Migration

• There are a couple of steps involved in getting this right• Both users and computers need access to the share

Setting up the share – Share Permissions

Setting up the share – Share Permissions

Setting up the share – Share Permissions

Setting up the share – File Permissions

Setting up the share – File Permissions

Setting up the share

Setting up the share

PowerShell

• MD X:\VMS• ICACLS.EXE X:\VMS --% /Grant Private\Administrator:(CI)(OI)F• ICACLS.EXE X:\VMS --% /Grant Private\TOMWAITS$:(CI)(OI)F• ICACLS.EXE X:\VMS --% /Grant Private\DAVIDBOWIE$:(CI)(OI)F• ICACLS.EXE X:\VMS /Inheritance:R• New-SmbShare -Name VMS -Path X:\VMS –FullAccess `• Private\Administrator, PRIVATE\DAVIDBOWIE$, PRIVATE\TOMWAITS$

DEMO

LIVE MIGRATION - SMB

PowerShell

• Move-VM “VM20" “THEWHO"

AGENDA

LIVE MIGRATION AND CLUSTERS

Live Migration Improvements

• Live Migration in Windows Server 2008 R2 is great• but how to make it better?

Live Migration Improvements

• Live Migration in Windows Server 2008 R2 is great• but how to make it better?

• Faster• Concurrent live migration• Deeper integration into clustering• Etc…

Live Migration between clusters• You can move a virtual machine between two clusters

• Follow these steps:• Remove the virtual machine from the source cluster• Use Hyper-V Manager to live migrate the virtual machine to a

node in the destination cluster• Join the virtual machine to the destination cluster

• Virtual machine never needs to be turned off• However, it is not protected from hardware failure during the

course of the migration.

DEMO

LIVE MIGRATION BETWEEN CLUSTERS

AGENDA

LIVE MIGRATION SECURITY

Configuring Live Migration

Ensure Live Migration Networks are Secure

• Physically Secure• IPSec / other encryption options

Managing security and authentication

• This gets very complicated once more than two computers are involved• And sometimes even when there are only two computers

involved

Credentials

Understanding credential security

Credentials

Understanding credential security

Credentials

Understanding credential security

Credentials

How this affects Hyper-V

Live Migrate

Live Migrate

How this affects Hyper-V

Live

Migrate

How this affects Hyper-V

Live Migrate a VM to me

Live Migrate

How to make this work?• Two options:

• Allow user credentials to be shared between the Hyper-V servers – just for the purposes of live migration• Enable “Constrained Delegation” in Active Directory

• Make it look like we are actually logged into the Hyper-V server that starts the live migration• PowerShell Remoting• Remote Desktop

Enabling Constrained Delegation• On the domain controller, open Active Directory Users and

Computers.• In the console tree, under DomainName, click Computers.• Right-click the computer running Hyper-V, and then click Properties.• On the Delegation tab, click Trust this computer for delegation to

specified services only.• Click either Use any authentication protocol or Use Kerberos only.• Click Add, and then click Users and Computers.• Type the name of the other computer running Hyper-V, and then click OK.• From the list of available services, select Microsoft Virtual System

Migration Service and CIFS and then click OK.

More Resources

• Taylor Brown’s Blog:• http://blogs.msdn.com/b/taylorb/

• Official Documentation:• http://technet.microsoft.com/en-us/library/jj134199

PowerShell Remoting with CredSSP

• On the server:• Enable-WSManCredSSP Server

• On the client• Enable-WSManCredSSP Client –DelegateComputer <FQDN of the server>

• Establish the session: • New-PSSession <FQDN of the Server> -Authentication CredSSP -Credential <User> |

Enter-PSSession

• Or just run a command:• ICM <FQDN of the Server> {<command to run>} -Authentication CredSSP -Credential

<User>

Remote Desktop

• Hopefully I do not need to tell you how to use this

AGENDA

LIVE STORAGE MIGRATION

Storage Migration

• Move any part of a running virtual machine with no need to turn it off• VHDs• Config files• Snapshots• Etc…

• Perform storage upgrades with no downtime• Respond to I/O bottlenecks with no downtime

Hyper-V

VHD Software

Storage Migration Architecture

Virtual Machine

Source Device Destination DeviceVHD

Hyper-V

VHD Software

Storage Migration Architecture

Virtual Machine

Source Device Destination DeviceVHD VHD

Hyper-V

VHD Software

Storage Migration Architecture

Virtual Machine

Source Device Destination DeviceVHD VHD

Hyper-V

VHD Software

Storage Migration Architecture

Virtual Machine

Source Device Destination DeviceVHD VHD

Hyper-V

VHD Software

Storage Migration Architecture

Virtual Machine

Source Device Destination DeviceVHD

DEMO

LIVE STORAGE MIGRATION

PowerShell

• Move-VMStorage "File Server 3" `• -DestinationStoragePath `• "K:\Virtual Machines\File Server 3"

Storage Migration – Performance• Data is moved with an un-buffered file copy operation

• XCOPY /J

• Causes a lot of I/O churn

Configuring Storage Migration

AGENDA

IMPORTING VIRTUAL MACHINES

Improvements to VM Import

• Basic building block of mobility• Improvements:1. Allow you to import a raw XML file2. Provide ability to “fix up” virtual machine during import

DEMO

IMPORTING A VM

PowerShellPS C:\> Import-VM "C:\Users\benarm\Desktop\Import\76F5DA48-5181-4E75-83ED-FB2F65B56C8F.xml" -Copy -VhdSourcePath "C:\Users\benarm\Desktop\Import"Import-VM : Unable to import virtual machine due to configuration errors. Please use Compare-VM to repair the virtual machine.At line:1 char:1+ import-vm "C:\Users\benarm\Desktop\Import\76F5DA48-5181-4E75-83ED-FB2F65B56C8F.x ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Import-VM], VirtualizationOperationFailedException + FullyQualifiedErrorId : Microsoft.HyperV.PowerShell.Commands.ImportVMCommand

PowerShellPS C:\> $VMCompatReport = Compare-vm "C:\Users\benarm\Desktop\Import\76F5DA48-5181-4E75-83ED-FB2F65B56C8F.xml" -Copy -VhdSourcePath "C:\Users\benarm\Desktop\Import"PS C:\> $VMCompatReport

VM : Microsoft.HyperV.PowerShell.VirtualMachineOperationType : ImportVirtualMachineDestination : BENARM-EPSILONPath : C:\Users\benarm\Desktop\Import\76F5DA48-5181-4E75-83ED-FB2F65B56C8F.xmlSnapshotPath :VhdDestinationPath : C:\Users\Public\Documents\Hyper-V\Virtual Hard DisksVhdSourcePath : C:\Users\benarm\Desktop\ImportIncompatibilities : {33012, 14420}

PowerShellPS C:\> $VMCompatReport.Incompatibilities | ft message

Message-------Could not find Ethernet switch 'Public'.Cannot assign the specified number of processors for virtual machine 'A random virtual machine' is out of range. The range is 1 through 12. (Virtual machine ID 76F5DA48-5181-4E75-83ED-FB2F65B56C8F)

PowerShellPS C:\> Set-VMProcessor -VM $VMCompatReport.VM -count 2PS C:\> get-vmnetworkadapter -VM $VMCompatReport.VM | disconnect-vmnetworkadapterPS C:\> import-vm $VMCompatReport

Name State CPUUsage(%) MemoryAssigned(M) ---- ----- ----------- ----------------- A random virtual machine Off 0 0

AGENDA

COMPARING TECHNOLOGIES

Zero Downtime

Protects against hardware failure

Protects against site failure

Protects against data corruption

Automatic response to failure

Workgroup compatible

Live Migration J L L L L LStorage Migration J L L L L JImport / Export L L L L L JClustering K J K L J LHyper-V Replica L J J K L JBackup L J K J L J

AGENDA

Q&A