Real-time migration is the most important feature that Microsoft adds to Windows Server Hyper-V, which, through the real-time migration feature, eliminates the need to move virtual machines (VMS) between Hyper-V hosts, while maintaining the Hyper-V host normally, You can also remove all of the VMS it hosts, and then move back when the maintenance is over, and don't worry about causing business disruption throughout the process.
In addition, the real-time migration capability enables better dynamic adjustment of host resource utilization and the movement of some VMS on busy Hyper-V hosts to relatively idle Hyper-V hosts, ensuring that the end user can deliver good performance even during peak business hours. This article focuses on the real-time migration capabilities of Windows Server-Hyper-V (live migration).
One, two methods of constraint delegation setting
1. Set through GUI interface
Before we make a live migration setup, we first have to configure the constraint delegation, because the hyper-V real-time Transfer provides two authentication communication protocols, the default is CredSSP, and the other is Kerberos delegation. However, relatively secure Kerberos delegation can prevent any unknown enabled server from using delegation, so it is recommended. If you use Kerberos delegation to authenticate a live migration, you must set up a restricted delegation before you can continue with the remaining steps, and you must also use the accounts of Domain Administrators group members in active The Consolidator setting of the directory restricts delegation. If you use CREDSSP, you do not need to set up delegation.
Step 1 Opens the Active Directory users and Computers snap-in. To do this from Server Manager (SM), open the Active Directory users and Computers snap-in. Select a field from the navigation panel, and then double-click the Consolidator folder. In the Consolidator folder, right-click the computer account for the source server, and then select Properties from the shortcut menu that pops up.
Step 2 in the Next pop-up Properties dialog box, click the Delegation tab. Under the Delegation tab, select Trust to delegate to a specific service computer only. Under this option, select Use Kerberos only. Click Add.
Step 3 in the next Pop-up Add Service dialog box, click the User or Computer button.
Step 4 in the Select User or Computer dialog box, type the name of the target server in the Enter object name to select text box, click the Check Name button to verify that the name you entered is correct, and if correct, click OK.
Step 5 in the Add Service dialog box, perform the following steps in the list of available services, and then click OK. To move virtual machine storage, select CIFS. This step is required if you want to migrate both the storage and the virtual machine and migrate only the storage of the virtual machine. If the server is configured to use Hyper-V SMB storage, this option should be selected first. To migrate virtual machines, select Microsoft Virtual System migration services.
Step 6 on the Delegation tab of the Properties dialog box, determine the service column selected in the previous step in the service that the target computer can provide the delegation certificate for, and then click OK.
Delegation to add the appropriate delegation to each hyper-V host in the domain, no error is made during the migration process. In hyper-v02, you need to trust the Kerberos protocol in HYPER-V01 and specify the appropriate service type. The procedure is the same as before. If only one side is set, then the virtual machine can only be migrated, but it cannot be migrated.
2. Set by PowerShell command
The following is a PowerShell way to delegate, but PowerShell delegation is very troublesome, fortunately in teachnet blogs has provided a SET-KCD.PS1 script file, which simplifies the cumbersome delegation steps, the address is: HTTP ://blogs.technet.com/b/matthts/archive/2012/06/10/ Configuring-kerberos-constrained-delegation-for-hyper-v-management.aspx
From the blogs we can download to the SET-KCD script file, after the download after decompression will have two files, one is Set-kcd.ps1 and Set-kcd.zip. In the decompression Set-kcd.zip, will find that there is a set-kcd.ps1, the second set-kcd.ps1 file about 9.2KB, the first set-kcd.ps1 size is 3KB, in fact, both SET-KCD.PS1 can achieve the same effect, the difference is that the file is larger Set-kcd.ps1 file contains The name of the service type.
First I look at the set-kcd.ps1 file size 3KB, whose code is shown in the figure.
Next we look at the size of the 9.2KB set-kcd.ps1 file, because the code is too long, here only a part of the code, you can download the view, the code as shown.
With the set-kcd script file in place, you need to do one more step before you are ready to execute the SET-KCD.PS1 script file, otherwise the file cannot be loaded during execution.
This happens because SET-KCD is not a Windows PowerShell directive, so you have to remove the limit and set it to no limit to execute. Once setup is complete, we can also restore the directive restrictions built into Windows PowerShell. First use the PowerShell command set-executionpolicy Undefined to reduce Windows PowerShell security, when execution is complete, You can use the PowerShell command Set-executionpolicy remotesigned to restore its security.
Here we set up the service type CIFS for the HYPER-V01 Trust delegation hyper-v02 in the mabofeng.com domain. Copy the 9.2KB size Set-kcd.ps1 file to the C disk, using the PowerShell command
. \setkcd.ps1–trustedcomputer Hyper-v01–trustingcomputer Hyper-v02–servicetype Cifs–add
If you want to copy the 3KB sized Set-kcd.ps1 file to the C disk, the PowerShell command used is:
. \setkcd.ps1–addn "cn=hyper-v01,cn=computers,dc=mabofeng,dc=com" –hostfqdn hyper-v02.mabofeng.com–service Cifs–add
Next, set the service type of the HYPER-V01 Trust delegation hyper-v02 in the mabofeng.com domain Microsoft Virtual System Migration Service. Copy the 9.2KB size Set-kcd.ps1 file to the C disk, using the PowerShell command:
. \setkcd.ps1–trustedcomputer hyper-v01–trustingcomputer Hyper-v02–servicetype "Microsoft Virtual System Migration Service "–add
If you want to copy the 3KB sized Set-kcd.ps1 file to the C disk, the PowerShell command used is:
. \setkcd.ps1–addn "cn=hyper-v01.cn=computers,dc=mabofeng,dc=com" –hostfqdn hyper-v02.mabofeng.com–service " Microsoft Virtual System Migration Service "–add
After replication completes, set trust delegation, we can use the following command:
Get-adobject "cn=hyper-v01,cn=computers,dc=mabofeng,dc=com" –properties Msdsallowedtodelegateto
After the domain control is set to complete the delegation, the next step is to set the source and destination Hyper-V host. Set the source and destination servers so that they can transfer and receive live migrations. When setting up a server, there are two options: traffic that allows for real-time migration on any available network or that allows real-time migration only on a specified network. The safest approach is to designate a dedicated network to be responsible for real-time migration of network traffic. To turn on real-time migration on a non-clustered Hyper-V host, set it up in Hyper-V settings for Hyper-V hosts.