25 Feb 2013

Microsoft Hyper-V 2012 Live Migration and Constrained Delegation

One feature with any good virtualization solution should have the ability to make your VMs mobile. With VMware the feature is called vMotion and with Hyper-V it's Live Migration. When your just using the Hyper-V manager and you need to do a live migration from one system to the next you would have to log into the actual host (hyper-v server) that's running the VM that you wanted to move. This is unless you configured constrained delegation in Active Directory on the hyper-v host objects and configured hyper-v to use the kerberos authentication protocol with live migration. This is somewhat of a pain but it's not necessary when using System Center Virtual Machine Manager which is Microsofts somewhat equivalent to VMware's vCenter. But that's another topic. Here is how you would configure the hyper-v systems so you can do a live migration when using the Hyper-V manager without having to do it from the source host of the VM that needs to be moved.

Configure Hyper-V Live Migration:

1. From Server Manager, click Tools and then click Hyper-V Manager.
2. In the navigation pane, select one of the servers that you want to configure for live migrations.
3. In the Action pane, click Hyper-V Settings.
4. In Hyper-V Settings dialog box, click Live Migrations.
5. In the Live Migrations pane, check Enable incoming and outgoing live migrations.
6. Under Authentication protocol, select Kerberos if you have configured constrained delegation.

microsoft hyper-v 2012 with constrained delegations for live migration

microsoft hyper-v 2012 with constrained delegations for live migration

Setting up Constrained Delegation:

1. From Server Manager, select the server if it not already selected. After the server is selected, click Tools, and then click Active Directory Users and Computers. Note: If the AD management tools are not installed you will either have to install them or log into a domain controller.
2. From the navigation pane, select the domain and double-click the Computers folder.

microsoft hyper-v 2012 with constrained delegations for live migration

microsoft hyper-v 2012 with constrained delegations for live migration

3. From the Computers folder, right-click the computer account of the source server and then click Properties.

microsoft hyper-v 2012 with constrained delegations for live migration

microsoft hyper-v 2012 with constrained delegations for live migration

4. In the Properties dialog box, click the Delegation tab.
5. On the delegation tab, select Trust this computer for delegation to the specified services only. Then select Use Kerberos only.
6. Click Add.

microsoft hyper-v 2012 with constrained delegations for live migration

microsoft hyper-v 2012 with constrained delegations for live migration

7. In the Add Services dialog box, click Users or Computers.

microsoft hyper-v 2012 with constrained delegations for live migration

microsoft hyper-v 2012 with constrained delegations for live migration

8. In the Select Users or Computers dialog box, type the name of the destination server. Click Check Names to verify that you typed the name correctly, and then click OK.

microsoft hyper-v 2012 with constrained delegations for live migration

microsoft hyper-v 2012 with constrained delegations for live migration

microsoft hyper-v 2012 with constrained delegations for live migration

microsoft hyper-v 2012 with constrained delegations for live migration

9. To move virtual machine storage, select cifs. This is required if you want to move the storage along with the virtual machine, as well as if you want to move only a virtual machine's storage. If the server is configured to use SMB storage for Hyper-V, this should already be selected.

microsoft hyper-v 2012 with constrained delegations for live migration

microsoft hyper-v 2012 with constrained delegations for live migration

10. To move virtual machines, select Microsoft Virtual System Migration Service

microsoft hyper-v 2012 with constrained delegations for live migration

microsoft hyper-v 2012 with constrained delegations for live migration

11. On the Delegation tab of the Properties dialog box, verify that the services you selected in the previous step are listed as the services to which the destination computer can present delegated credentials. Click OK.
12. From the Computers folder, select the computer account of the destination server and repeat the process. In the Select Users or Computers dialog box, be sure to specify the name of the source server.

No comments:

Post a Comment