다음을 통해 공유


Configure Live Migration and Migrating Virtual Machines without Failover Clustering

 

Applies To: Windows Server 2012 R2, Windows Server 2012

This article shows you how to configure and perform a live migration without using failover clustering. A live migration moves running virtual machines between servers running Hyper-V without any perceived downtime. This topic also includes instructions for configuring constrained delegation if you want to use remote management tools to perform live migrations.

In this document

Note

This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see Using Cmdlets.

Prerequisites

Before you perform the steps in this document, make sure that your environment meets the following prerequisites:

  • The Hyper-V role in Windows Server 2012 or Windows Server 2012 R2 is installed on the source and destination servers, and at least one running virtual machine exists on the source computer. For instructions, see Install Hyper-V and create a virtual machine.

    Warning

    In Windows Server 2012 R2 Hyper-V live migration has been updated to support migrating Hyper-V virtual machines in Windows Server 2012 to Hyper-V in Windows Server 2012 R2. Moving a virtual machine to a down-level server running Hyper-V is not supported.

  • The source and destination computers either belong to the same Active Directory domain, or belong to domains that trust each other.

  • The user account has the appropriate permission to perform the various steps:

    • The account you use to configure constrained delegation must be a member of the Domain Administrators group.

    • The account you use to configure live migration and to perform the live migrations must be a member of the local Hyper-V Administrators group or the Administrators group on both the source and destination computers.

  • You have a computer running Windows® 8 with the Hyper-V management tools installed. For instructions, see https://technet.microsoft.com/library/hh857623.aspx.

In addition to ensuring all prerequisites are met, consider the following planning decisions. These decisions determine how you configure and perform live migrations.

  • Do you plan to sign on to each server to perform the given task (either through a local console session, a Remote Desktop session, or a remote Windows PowerShell session), or do you want perform the tasks with remote management tools? The answer determines whether you should select Kerberos or Credential Security Support Provider (CredSSP) to authenticate live migration traffic. To manage the tasks with remote management tools, configure constrained delegation and select Kerberos as the authentication protocol. Otherwise, you must sign on to the source computer to perform a live migration, and CredSSP is used to authenticate the live migration.

    Note

    The requirement of signing in to the source computer has implications that might not be obvious. For example, if you sign in to TestServer01 to move a virtual machine to TestServer02, and then want to move the virtual machine back to TestServer01, the operation will fail unless you sign in to TestServer02 before you try to move the virtual machine back to TestServer01. If the connection between the source and destination computers cannot be authenticated, an error occurs and the following message is displayed: Virtual machine migration operation failed at migration Source. Failed to establish a connection with host <computer name> : No credentials are available in the security package (0x8009030E).

  • Live migration performance options. Applies to Hyper-V in Windows Server 2012 R2.

    The performance options can reduce overhead on the network and CPU usage in addition to the reducing the amount of time for a live migration. Hyper-V administrators can configure the appropriate live migration performance options based on their environment and requirements.

    The following live migrations performance options are available.

    Option Description
    TCP/IP The memory of the virtual machine is copied to the destination server over a TCP/IP connection. This is the same method that is used in Hyper-V in Windows Server 2012.
    Compression The memory content of the virtual machine that is being migrated is compressed and then copied to the destination server over a TCP/IP connection. Note: This is the default setting in Hyper-V in Windows Server 2012 R2.
    SMB The memory content of the virtual machine is copied to the destination server over a SMB 3.0 connection.

    - SMB Direct is used when the network adapters on the source and destination servers have Remote Direct Memory Access (RDMA) capabilities enabled.
    - SMB Multichannel automatically detects and uses multiple connections when a proper SMB Multichannel configuration is identified.

    For more information, see Improve Performance of a File Server with SMB Direct.
  • Will you allow live migration traffic through any available network, or isolate the traffic to specific networks? As a security best practice, we recommend that you isolate the traffic onto trusted, private networks because live migration traffic is not encrypted when it is sent over the network. Network isolation can be achieved through a physically isolated network or through another trusted networking technology such as VLANs.

Step 1: [Optional] Configure constrained delegation

If you have decided to use Kerberos to authenticate live migration traffic, configure constrained delegation before you proceed to the rest of the steps. As noted in the “Prerequisites” section, you must use an account that is a member of the Domain Administrators group to configure constrained delegation.

To configure constrained delegation

  1. Open the Active Directory Users and Computers snap-in. For example, to do this from Server Manager, select the server if it not already selected. After the server is selected, click Tools, and then click Active Directory Users and Computers. This opens the Active Directory Users and Computers snap-in.

  2. From the navigation pane, select the domain and double-click the Computers folder.

  3. From the Computers folder, right-click the computer account of the source server and then click Properties.

  4. In the Properties dialog box, click the Delegation tab.

  5. On the delegation tab, select Trust this computer for delegation to the specified services only. Under that option, select Use Kerberos only.

  6. Click Add.

  7. In the Add Services dialog box, click Users or Computers.

  8. In the Select Users or Computers dialog box, type the name of the destination server. Click Check Names to verify that you typed the name correctly, and then click OK.

  9. In the Add Services dialog box, in the list of available services, do the following and then click OK.

    • To move virtual machine storage, select cifs. This is required if you want to move the storage along with the virtual machine, as well as if you want to move only a virtual machine’s storage. If the server is configured to use SMB storage for Hyper-V, this should already be selected.

    • To move virtual machines, select Microsoft Virtual System Migration Service.

  10. On the Delegation tab of the Properties dialog box, verify that the services you selected in the previous step are listed as the services to which the destination computer can present delegated credentials. Click OK.

  11. From the Computers folder, select the computer account of the destination server and repeat the process. In the Select Users or Computers dialog box, be sure to specify the name of the source server.

    Note

    The configuration changes do not take effect until the following has occurred:

Step 2: Configure the source and destination computers for live migration

In this step, you will enable live migrations, configure the source and destination servers so they will send and receive live migrations, optionally configure the authentication protocol. When you configure the servers, you choose whether to allow live migration traffic on any available network, or only on specified networks. As a security best practice, we recommend that you select specific networks to use for live migration traffic, as discussed in the “Prerequisites” section.

To configure the source and destination computers for live migration

  1. Open Hyper-V Manager if it is not already open. (From Server Manager, click Tools and then click Hyper-V Manager.)

  2. In the navigation pane, select one of the servers that you want to configure for live migrations. (If none of the servers are listed, click Hyper-V Manager in the navigation pane. Then, in the Action pane, click Connect to Server and specify each server name. After that, select one of the servers in navigation pane.)

  3. In the Action pane, click Hyper-V Settings.

  4. In Hyper-V Settings dialog box, click Live Migrations.

  5. In the Live Migrations pane, check Enable incoming and outgoing live migrations.

  6. Under Simultaneous live migrations, specify a different number if you don’t want to use the default of 2.

  7. Under Incoming live migrations, if you want to use specific network connections to accept live migration traffic, click Add to type the IP address information. Otherwise, click Use any available network for live migration. Click OK.

  8. If you have configured constrained delegation in Step 1: [Optional] Configure constrained delegation, expand Live Migrations and then select Advanced Features.

    In the Advanced Features pane, under Authentication protocol, select Kerberos.

  9. Click OK.

  10. Select the other server in Hyper-V Manager and repeat the remaining steps.

  Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

To use Windows PowerShell to configure a server running Hyper-V for live migration, you can use the Enable-VMMigration, Set-VMMigrationNetwork, and Set-VMHost cmdlets, depending on how you want to configure the host. The following example commands configure live migration on the local host, allow incoming migration traffic only on the specified network, and specify Kerberos as the authentication protocol. Each line represents a separate command.

PS C:\> Enable-VMMigration

PS C:\> Set-VMMigrationNetwork 192.168.10.1

PS C:\> Set-VMHost –VirtualMachineMigrationAuthenticationType Kerberos

Step3: [optional] Configure performance options for live migration

Note

This applies to Hyper-V in Windows Server 2012 R2.

In this step, you configure the live migration performance options. The performance options can reduce overhead on the network and CPU usage in addition to the reducing the amount of time for a live migration. Hyper-V administrators can configure the appropriate live migration performance options based on their environment and requirements.

To configure live migration performance options

  1. From Hyper-V Manager, in the navigation pane, select one of the servers you want to configure for live migrations.

  2. In the Action pane, click Hyper-V Settings.

  3. In the Hyper-V Settings dialog box, expand Live Migrations and then select Advanced Features.

  4. In the Advanced Features pane, under Performance options, select the appropriate option for your environment, and then click OK.

    Note

    When you enable live migration the first time the default setting for Performance options is Compression.

  Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

To use Windows PowerShell to configure a server running Hyper-V for live migration, you can use the Enable-VMMigration, Set-VMMigrationNetwork, and Set-VMHost cmdlets, depending on how you want to configure the host. The following example command sets the live migration performance option to SMB.

PS C:\> Set-VMHost -VirtualMachineMigrationPerformanceOption SMB

Step 4: Move a running virtual machine

In this step, you move a running virtual machine from one server running Hyper-V in Windows Server 2012 to another server running Windows Server 2012 or Windows Server 2012 R2.

To move a running virtual machine

  1. Connect to the source server using one of the following methods (unless you are signed in to the source server):

    • From Server Manager, click All Servers and then click the name of the source server. (For more information about managing multiple servers, see Manage Multiple, Remote Servers with Server Manager.)

    • From Hyper-V Manager, in the navigation pane, click the name of the source server.

  2. From the Virtual Machines section of Hyper-V Manager, right-click the virtual machine and then click Move.

  3. On the Choose Move Type page of the Move Wizard, choose Move the virtual machine.

  4. On the Specify Destination page, type the name or browse to the destination computer.

  5. On the Choose Move Options page, select whether you want to move various items stored for a virtual machine, such as virtual hard disks, snapshots, and paging file.

  6. On the Summary page, review your choices and then click Finish.

  Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

To use Windows PowerShell to move a running virtual machine, you use the Move-VM cmdlet. The following example moves a virtual machine named LMTest to a destination server named TestServer02 and moves the virtual machine’s virtual hard disks and other files (such as any snapshots and Smart Paging files) to the D:\LMTest directory on the destination server.

PS C:\> Move-VM LMTest TestServer02 –IncludeStorage –DestinationStoragePath D:\LMTest

For reference information about the Move-VM cmdlet, see https://go.microsoft.com/fwlink/?LinkID=217784.

Step 5: [Optional] Move a running virtual machine again (back to the original host or to another host)

This step is optional because you might not need to move the virtual machine back again. However, it’s included to mention the fact that, if you haven’t enabled constrained delegation, you must sign in to source server to complete the step. Then, complete this step using the same instructions as given in the preceding section.

Important

If the original source server was Windows Server 2012 and original destination server was Windows Server 2012 R2 you cannot migrate back to the original source server.

See also