In my last post, I briefly covered some of the new features that stood out to me in Windows Server 2012 Hyper-V. This article will look a little more in-depth at Live Migration and Virtual Network Adapter enhancements.
The Windows Server 2012 version of Live Migration makes life even easier for the administrator running Hyper-V without SCVMM. Administrators can now control the number of allowed simultaneous live migrations rather than being restricted to just one at a time.
Host Live Migration settings
To allow migrations from hosts that are not part of your domain, select the option “Use Credential Security Support Provider (CredSSP)”. CredSSP is less secure so for migrations within a domain you may want to instead select “Use Kerberos”.
In the Simultaneous live migrations text box, specify the number of live migrations you wish to allow.
You can also choose to allow all incoming live migrations or only from a specific list of IP addresses or networks. To enable live migration, the host must be joined to a domain.
Error enabling Live Migration in non-domain Host
As you can see from the two authentication protocol options, Server 2012 is built with much more flexibility compared to earlier versions of Hyper-V. You can now migrate between hosts that are not part of a cluster. For SMBs, this is a huge value add where they need the flexibility but not the complexity and also do not need the automated Live Migration that clustering provides. When you combine this with some of the other features such as Storage Migration, you can reduce complexity even further. See the next article in this series for more on Storage Migration.
Additionally, you can also migrate VMs between clusters that are not in the same forest or domain. This easily enables the admin to migrate a VM to wherever the situation dictates. The new Live Migration allows VM moves cluster to cluster, cluster to host, host to cluster, and host to host.
Select move options and location
Error enabling Live Migration in non-domain Host
Summary and monitor Live Migration from Hyper-V Manager
Network Adapter Enhancements
Hyper-V 3.0 includes some really nice enhancements to network adapters that allow for better isolation and troubleshooting.
Added is the ability to set both a minimum and maximum bandwidth. Now, an admin can effectively guarantee a minimum level of resource availability to the VM for processor, memory, and bandwidth providing complete control.
As before, VLAN capabilities can be enabled by virtual switch or virtual adapter.
Enable bandwidth restraints and error attempting to set minimum below 10Mbps
Network Adapter Advanced Features
Virtual machines can be further isolated on the virtual switch by utilizing the network adapter advanced features.
DHCP guard and Router guard
DHCP guard and Router guard prevent the VM from responding to DHCP or router traffic coming from unauthorized virtual machines. These are great features that can improve security and create more isolation assuring DHCP and routing are not provided by rogue VMs. As of the time of this writing, I have not been able to find how to specify authorized virtual machines which would complete the configuration. I’m sure more documentation, and/or more settings will be made available as we draw closer to the Windows Server 2012 release in August.
Port mirroring has been around for a long time but is a first on virtual switches in Hyper-V. Setting this up is really easy. You simply set the mirroring mode to Source for every VM NIC that you want to monitor. On the VM NIC that should receive the traffic, you set the mirroring mode to Destination. Running something like Network Monitor or Wireshark allows you to perform further analysis of the traffic. You no longer have to weed through the traffic on the physical port.
Enable port mirroring and demonstrating packets arriving at destination
An example of this might be when you are setting up Remote Desktop Gateway and you want to make sure all traffic is using SSL port 443 and not the typical RDP port 3389. See Wireshark Capture Filters for more information displaying specific subsets of captured traffic.
Server 2012 now includes NIC Teaming controlled by the operating system. Network adapters can be from multiple vendors. If it is not already configured in the host operating system, NIC Teaming can now be enabled at the virtual machine level. This provides a great deal more flexibility than what is offered in previous versions of Hyper-V. For additional information on configuration of NIC Teaming see NIC Teaming in Windows Server 2012 Brings Simple, Affordable Traffic Reliability and Load Balancing to your Cloud Workloads.
In this article we looked a little deeper into the new features added by Windows Server 2012 Hyper-V for Live Migration and virtual network adapters. In my next article, I will cover Storage Migration.