Microsoft Azure AZ-801 — Section 13: Protect virtual machines by using Hyper-V replicas
81. Configuring your Hyper-V host with nested virtualization to support replication
It’s now time for us to learn about installing Hyper-V on a Windows server.
Now, in my little lab environment, I’ve actually got a client machine that is running Hyper-V, which you can have Windows 10, you could have Windows 11 that you’ve installed Hyper-V on. Keep in mind, I don’t provide any support for VirtualBox or any of that. You, if you want to use VirtualBox to set some of this initial stuff up and you’ve done that in the lab, that’s fine. But I can’t really provide a whole lot of instruction that because we’re here to learn Hyper-V. This is Microsoft’s product and this is what they want us to learn here. Ultimately, though, I’ve got a couple of servers that I’ve set up in my practice lab NYC-DC1, NYC-SVR1. And right now if you go into one of the virtual machines, if you right click one of the virtual machines and you go to connect, that’s going to bring you into server. And then at that point, what we ultimately would like to do is install Hyper-V on our server so that we can host virtual machines and learn Hyper-V for the server side of things. Right now though, if I go into a virtual machine. And I go to this is my this is my server. If I go to manage, I go to add roles and features. And I go next, next, next. You’re going to notice that I have Hyper-V right here and I’m going to try to install that and I’m going to get an error. All right.
So, it’s going to attempt to install it. And there you go. You can see that we now get an error when we try to install Hyper-V on this virtual machine.
Now, the reason for this is because I am trying to do what’s called virtual machine nesting. Nesting is where you have Hyper-V running on a host computer and then you try to install Hyper-V onto one of your guest operating systems. And so it’s obviously not going to let me do that.
Now, I can do that, but I’m going to have to run a special command that’s going to let me do it. All right. This is called nesting virtualization. So, to do that, if I jump back over to Hyper-V here, I’m just going to I need to shut down the servers that I’m going to do this on. Right. So, I’m just going to connect back in. I’m going to shut the server down. So, I’m going to say Shut down. All right. I’m going to wait on that server to shut down. And then at that point, we’re going to run a little command against the server. But we want to remember the name of the server, the name of the virtual machine, which as you can see, this is what I’ve named it.
So, it’s shut down. And the next thing I’m going to do is I’m going to open up PowerShell and I’m going to run the following command. This is a command. You’re also going to want to try to remember. It’s very important. You’ve got to also make sure the virtual machine is shut down before you can run this command or you will get an error.
So, here’s the command set -VM processor, -VM name, and then the name of the virtual machine. All right. And then expose virtualization extensions. True $ true. That’s going to activate that. So, we’re going to go ahead and hit Enter. And no news is good news if we don’t get an error. That means that it worked successfully. So, now we’re ready to start this virtual machine backup. So, we’re going to go ahead and right click it and start it. And then I’ll pause the video while that’s restarting.
Now, with the server restarted and I’m connected into the virtual machine, I’m going to open up Server Manager. And go to manage add roles and features. Go to the roles page and click Hyper-V and hopefully we won’t get an error this time. And we did not get an error. So, that means that the nested virtualization feature did get enabled like it was supposed to.
So, we’re going to now click Next, Next, Next. So, all right. Do you want to implement a virtual switch for your network adapter? I’m going to go ahead and say, yes, we’re going to do that. Next, it says, “Are we going to allow for what is known as live migrations,” which I’m not really getting into right now, but I can say, yeah, I would like to allow what is called live migrations on here. Then it says, “Where do you want the default location for your virtual machines and all that to be stored?” As you can see, these are the default. But I’m going to click browse and I’ll expand this out and go to my C drive and was going to create a folder on my C drive that I’m going to called. I’m going to call VDS. And for my virtual machine configuration files, I’m going to create a different folder on my C drive and I’m just going to call it VMs. All right. So, make a new folder VMs just a little easier to get to these two folders and demonstrations, for example. So, I’m going to click Next and then I’m going to click to install till it. If it needs to restart, it can click Install and it’s going to officially install and I’ll go ahead and pause the video while that’s happening. All right.
Now, after a few minutes, the installation rebooted and this popped back up and the installation is complete, so I should be able to now hit Close, go to the tools menu here on Server Manager and you’ll see I have Hyper-V manager and I should be able to load that up and have all the available features that server is going to offer for usage in Hyper-V. So, right over here is my server and want to see Server1. Obviously I don’t have any virtual machines installed on this server yet because my original host, which was a client machine, is what had the virtual machines. This is actually server, which is what the server Hyper-V, which is what we’re trying to learn here.
So, as you can see, I can click to create new virtual machines, virtual hard drives, even floppy disk, all that stuff is available and Hyper-V is officially set up on NYC-SVR1. By the way, while I was waiting on this to get installed on Server1, I went ahead and did all the same process on DC1, so my DC1 machine now has Hyper-V on it as well and I should be able to go Tools and then open up Hyper-V Manager. And so we have the exact same setup over on NYC-DC1. So, I now have Hyper-V installed on both of my servers, NYC-DC1 as well as NYC-SVR1 and Hyper-V is officially setup. We’ve got nested virtualization configured and everything is ready to go.
82. Configure and manage Hyper-V replica’s
Now, one of our considerations with Hyper-V is the concern of failover. Essentially, you’ve got to imagine if you’ve got a couple of virtual machines that you’re working on and these are, maybe, these are high priority virtual machines that are important to your environment and you’re concerned about a virtual machine crashing or something happening to the server. And you need to make sure that we have a way to keep the virtual machines up and running, even when a server could fail.
So, for example, perhaps I’ve got a virtual machine here on n y c Server1 and I want to make it where if NYC-SVR1, which is hosting Hyper-V, if it was to fail, I would, maybe, want it to fail over to my other server, which in this case would be NYC-DC1.
So, I’ve actually got NYC-SVR1, I’ve got NYC-DC1, I’ve got Hyper-V installed on both of the machines. Here’s Hyper-V, let’s just set up a VM here, click new virtual machine. I’m just going to create a VM just to kind of demonstrate here. Next, I’ll just call it VM1. And I’m going to click Finish. It’s just going to generate a VM real quick. There’s nothing in the VM at the moment, right? But let’s say that I wanted that virtual machine to be able to fail over to. If something was to happen to this physical machine, I want users who, maybe, are connected into that VM2 fail over to the other virtual machine.
So, the first thing you can do if this virtual machine is running an actual server operating system. You could actually create another virtual machine on NYC-DC1 and install server on it. And you could, you could do what’s called failover clustering between the two VMs, which I’m not getting into failover clustering right now. I just wanted to point that out that if you were you were on a server, you could actually go to Server Manager. Manage Adderall and features. So, you’d have to do this on the actual server VMs themselves, but you could install failover clustering on the server.
So, here’s failover clustering right here, which again, not getting into that right now, but that would be an option if you were to install failover clustering. Ultimately, though, what I want to show you how to do what we’re kind of focused on here is the ability to use what’s called Hyper-V replicas. So, I want to show you a little bit about Hyper-V replicas now.
So, I’m going to look over to the right here and I’ve got Hyper-V settings. I’m going to click on Hyper-V settings and come down here to its replication configuration. You’ll notice that Hyper-V replication is not turned on by default. So, we’re going to go ahead and turn this on. It’s going to give us two options for the authentication side of replication. So, your Hyper-V on NYC-SVR1 would have to authenticate with your Hyper-V on NYC-DC1.
So, I would want to enable one of these options here. Most people just go with Kerberos, they’ll use a Kerberos, but Kerberos is going to use HTTP so it’s not going to be encrypting everything over it says data sent over the network will not be encrypted. As you can see, it’ll be using Port 80. So, generally speaking, you would want to use a digital certificate with this.
So, you need to set up a certificate authority and you would need to issue a certificate which you can do that through Server Manager, manage, add roles and features and then install Active Directory certificate services, which I’m not getting into all the certificate stuff in this particular video, but you could do that and then you’d have a certificate that would allow you to do HTTPS. The next thing is you have to authorize the storage of where this is going to be. So, specify the servers that are allowed to replicate virtual machines to this.
So, I could say allow replication from any authenticated server or allow replication from a specific from a specified server. And so at that point I could click Add and then I could I could put in the computer and stuff that I want to use there or I’ll just to any which means I’m going to replicate with any.
So, in this case, if you are going to authenticate with any server that supports authentication, you can choose that top option. If you want to choose specific machines, you could choose this second option here. Again, if you choose the second option to specify the primary server. So, as you can use wild card for the fully qualified domain of the primary server.
Maybe, I’m going to be the primary server and then at that point, so specify the default location for the stored replica files. That’s going to be the default location of your virtual hard drive files and then specify the trust group. They tell you the trust group is going to identify a group of primary servers with which, given a primary virtual machine, can move. All right, so I could specify a group name for these servers. In my case, though, I am just going to allow replication from any authenticated server, which means Hyper-V on NYC-DC1 and Hyper-V on NYC-SVR1. They’re part of the same domain. They both support Kerberos, so they should be able to authenticate with each other and replication would be allowed at that point. I can click Okay. All right. And it tells you that you need to configure the firewall to allow inbound traffic. Says ensure inbound TCP exception for port 80. Enable the firewall if you’re using Windows Firewall.
Let’s go take a look at our firewall now. So, going down to Server Manager, going tools, going to Windows Defender Firewall with advanced security, we’re going to go to inbound rules, we’re going to right click email rules, click new rule and go to pre define. And there is a rule called Hyper-V replica HTTP. So, we’re going to select that. We’re going to click Next, select this, we’re going to allow this next and say allow this connection, click, finish. And we’ve now added that rule.
Keep in mind, we’re going to have to do the exact same thing over on our other server. So, we’re just going to go ahead and click, okay, get out of all that and we’re going to jump over to NYC-DC1 now. So, here we are on NYC-DC1 and we’re going to go over here to Hyper-V settings. We’re going to go down here to replication configuration and enable this, set this to enable use Kerberos and allow replication right here. I’m going to go ahead and click This tells you the same thing. So, we’ll click Okay to that. We’ll go into Server Manager Tools Windows Defender Firewall with Advanced Security, Right Click inbound and New Rule. Redefine and we’re going to go with Hyper-V replica. Click Next, select the listener for the rule and next and then allow finish. So, we’ve now allowed that on the firewall.
At that point, we have set up all the prerequisites that are needed in order to support the Hyper-V replica. Now, I’m going to jump back over to NYC-SVR1 and I have my little play VM here that I created and I’m going to right click this VM and I’m going to click to enable replication. From there, we’re going to click Next and we’re going to choose the replica server again. We’re at NYC-SVR1. We’re going to point to NYC-DC1, so I’m going to say NYC-DC1 and we’re going to click check names and it’s contacting Active Directory and it’s going to verify that the name is valid. Once. That’s it. Then I’m going to click OK. NYC-DC1 is there, we’re going to click Next. It’s verifying that configuration is just making sure everything checked out. We’re using Kerberos authentication. It also asks when to compress the data that’s being transmitted over the network. This is going to take a little bit more processing power, but it’s going to speed up network performance. Then we’re going to click Next, says, OK, you’re going to store the virtual hard drive on SQL and /VHD, VHD/VM1 VHD X, that is where we’re going to be. It says if you clear the checkbox of any virtual hard drives that you do not want to replicate, we do want to replicate this.
So, we are going to select this. We’re going to click Next how frequently you want it to replicate. You can have it do it every 30 seconds, every 5 minutes, every 15 minutes. 5 minutes is the default. I’m going to say every 30 seconds. Then we’re going to click Next.
So, all right. You can choose to store only the latest recovery point of the primary virtual machine to the replica server or to add additional recovery points, allowing you to recover to an earlier point in time. This is additional recovery points require more storage and processing so you can figure additional recovery points. So, maintain only the latest recovery points or create additional recovery points. So, this makes it where basically I can have a replica that goes out where basically if I want to have a backup copy from, say, like 24 hours prior, I could do that if I wanted. You also can utilize Volume shadow copy.
So, this is sort of a way of delaying replication of virtual machine for backup purposes. But I’m going to do the latest because I’m using this for high availability, which is what we’re learning. We’re learning high availability for this.
So, I’m going to click Next. And then from there it says before application can start an initial copy of all virtual hard drive, hard disks that you’ve selected must be transmitted to the replica server size of the initial copy of the selected virtual hard disk for megabytes’ initial replication method. Send the initial copy over the internet I’m sorry over the network, or send the initial copy using existing media. So, if I wanted to make it work doesn’t have to replicate this whole virtual hard drive right now. If I want to, just, maybe, I’ve got it stored on a flash drive. I could move it manually., maybe, I just want to conserve bandwidth on the network. That’s what that option is going to do. So, this uses an existing virtual machine on the replica server as the initial copy. If there was already a copy over there somehow of this, then I could go ahead and use that. I could say start replication immediately, or I could schedule it to start on a certain date and time. So, that’s what these options are. Then I’m going to click Next and at that point I’m ready to click Finish. All right.
So, it’s now going through the process of replicating and I’m going to go ahead and let that run through. It’ll take just a bit, as you can see, merging. This is merging and process. By the way, I didn’t start the virtual machine, but the virtual machine could be started. When you do the replication as well, you don’t necessarily have to shut the virtual machine down in order to do replication, just so you know. All right, let’s jump over now to NYC-DC1. Here’s NYC-DC1 and pulling up there it is virtual. VM1 is now set up and we have officially set up replication. We clicked on this replication Tab and you can see the replication is coming from NYC-SVR1 and so all of that is up and running and so now we’ve got the ability to use it. So, what’s interesting about this too is I can have a user who is remotely connected into NYC-SVR1 and if NYC-SVR1 was to fail, this user can be redirected to the NYC-DC1 version of VM1 as well.
So, we have the ability to provide a replica and that replica is now up and running and we’ve provided some high availability for our server. Keep in mind all of this could also be configured through PowerShell as well. There are PowerShell commands for every bit of this.