Hyper-V Replication is a powerful tool that can help protect your data and applications in the event of a disaster. By replicating your virtual machines to a secondary location, you can ensure your business can continue operating even if your primary site is unavailable.
Here are some of the benefits of using Hyper V Replication:
- Data protection: Hyper-V Replication creates a copy of your virtual machines on a secondary location so that you can recover your data in the event of a disaster.
- Business continuity: Hyper-V Replication can help keep your business running even if your primary site is unavailable.
- Cost savings: Hyper-V Replication is a cost-effective way to protect your data and applications.
If you are serious about protecting your data and applications, you should consider setting up Hyper-V Replication. We will show you how to do it in the next sections.
Requirements
You must have two Hyper-V hosts to follow the examples in this post.
This article will use two servers with the following details:
- Hyper-V Host 1
- Computer Name: HPVWEST
- IP Address: 10.1.3.4
- OS: Windows Server 2022
- Domain-joined: No
- Site: Primary / Production
- Hyper-V Host 2
- Computer Name: HPVEAST
- IP Address: 10.0.2.4
- OS: Windows Server 2022
- Domain-joined: No
- Site: Secondary / Replica / Disaster Recovery
Update the Hosts Record
You can skip this step if your Hyper-V host names are resolvable in the DNS. But in this example, the two Hyper-V hosts are not joined to the domain and do not use the same DNS server.
Hyper-V replication relies on proper name resolution to work. As a workaround, let’s set up the host records for each Hyper-V host.
Open the C:\Windows\system32\drivers\etc\hosts file in a text editor like Notepad on both Hyper-V hosts.
Add the following entries to both servers:
# Add to the hosts file in HPVWEST 10.0.2.4 HPVEAST
# Add to the hosts file in HPVEAST 10.1.3.4 HPVWEST
Enable Hyper-V Replica Firewall Rule
The Hyper-V role adds a Windows Firewall rule named Hyper-V Replica HTTPS Listener (TCP-In), which, when enabled, allows the Hyper-V replication traffic through. To enable it, run the PowerShell command below on both Hyper-V hosts:
Enable-Netfirewallrule -DisplayName 'Hyper-V Replica HTTPS Listener (TCP-In)'
To confirm the rule is enabled, run this command:
Get-Netfirewallrule -DisplayName 'Hyper-V Replica HTTPS Listener (TCP-In)'
As you can see in the result below, the rule is now enabled.
Disable Hyper-V Replication Certificate Revocation Check
Hyper-V replication checks the certificate revocation details by default. Since we’re using a self-signed certificate, the revocation check will always fail. As a workaround, we can disable the revocation check in the registry.
Perform this step on the primary and replica server.
Note. Learn how to fix Virtual Machine could not be started because the Hypervisor is not running.
Log in to the server, open PowerShell as admin, and run the below command.
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
Note. You may need to reboot the server for this setting to take effect.
Install a Certificate on the Hyper-V Hosts
On non-domain Hyper-V hosts, digital certificates are the only viable replication authentication. The certificates must be issued by a certificate authority that both Hyper-V hosts trust.
Ideally, you can issue certificates using an internal CA if available. If not, a third-party paid certificate is also an option, but it includes additional costs. So in this example, we’ll use a self-signed certificate instead. It takes a little work but is free and easy to do.
Generate a Self-Signed Certificate
Run the following command on the same PowerShell window to generate a self-signed certificate.
First, store the Hyper-V host names and certificate subject.
$hpvHosts = "HPVWEST","HPVEAST" $subject = "Hyper-V-Replication"
Now, generate the self-signed certificate. This certificate will be valid for five (5) years.
$certificate = New-SelfSignedCertificate ` -DnsName $hpvHosts ` -FriendlyName $subject ` -Subject $subject ` -KeyExportPolicy Exportable ` -CertStoreLocation "Cert:\LocalMachine\My" ` -Signer $CA ` -KeyLength 2048 ` -KeyAlgorithm 'RSA' ` -HashAlgorithm 'SHA256' ` -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" ` -NotAfter (Get-Date).AddYears(5) ` -TestRoot
The above command created two certificates.
- A self-signed certificate with two subject alternative names (HPVWEST and HPVEAST), which you can find in the Personal certificate store.
- A signing certificate called CertReq Test Root that you can find in the Intermediate Certification Authorities store.
- You must copy the CertReq Test Root certificate to the Trusted Root Certification Authorities store.
Next, export the CertReq Test Root certificate to an X.509 format certificate file. The filename is C:\certificate\CertReq_Test_Root.cer.
# Retrieve the Test Root Certificate
$testRoot = Get-ChildItem Cert:\LocalMachine\Root | `
Where-Object {$_.Subject -eq 'CN=CertReq Test Root, OU=For Test Purposes Only'}
# Export the Test Root Certificate
Export-Certificate -Type CERT -Cert $testRoot `
-FilePath C:\certificate\CertReq_Test_Root.cer
Now, export the self-signed certificate by running the command below. The certificate will be exported to C:-V-Replication.pfx. Note that the certificate will be password protected using the $certPassword value.
# Retrieve the Self-Signed Server certificate
$serverCert = Get-ChildItem Cert:\LocalMachine\My | `
Where-Object {$_.Subject -eq "CN=Hyper-V-Replication"}
# Export the Self-Signed Server certificate
$certPassword = "HR3fp7CT#wVWm%77q^6y" | ConvertTo-SecureString -AsPlainText -Force
$serverCert | Export-PfxCertificate -Password $certPassword `
-FilePath C:\certificate\Hyper-V-Replication.pfx -Force
Copy and Install the Certificate to the Replica Hyper-V Host
The same certificate must be copied to the replica Hyper-V host. Here’s how to do it.
Copy the test root and replica server certificate files from the primary to the replica host.
Log in to the replica server and open PowerShell as admin. Change the working directory to the certificate location. In this example, the certificates are in C:\certificate.
cd c:\certificate ls
Run the following commands to import the certificates into the Root and Personal certificates stores.
# Import the root CA certificate Import-Certificate .\CertReq_Test_Root.cer -CertStoreLocation Cert:\LocalMachine\Root # Import the replica server certificate $certPassword = "HR3fp7CT#wVWm%77q^6y" | ConvertTo-SecureString -AsPlainText -Force Import-PfxCertificate .\Hyper-V-Replication.pfx -CertStoreLocation Cert:\LocalMachine\My -Password $certPassword
If you’d like to verify, open the Certificate Management console (certlm.msc) and locate both certificates, as shown below.
That’s it! You’ve prepared the Hyper-V hosts for replication.
Set Up Hyper-V Replication
At this point, the Hyper-V hosts are prepped for replication but are not yet enabled. The replica server is still empty. At the end of this section, the virtual machine will have been replicated from the primary server.
Turn On Hyper-V Replication on the Replica Server
Open the Hyper-V Manager on the replica server. Select the Hyper-V server and click Hyper-V Settings.
Click Replication Configuration. Check the Enable this computer as a Replica server and Use certificate-based Authentication (HTTPS) boxes, and click Select Certificate.
The certificate selection window pops up. Since there’s only one certificate installed, click OK.
Under Authorization and Storage, select the Allow replication from any authenticated server option. Specify the location to store the replication data, and click OK.
Enable Virtual Machine Replication from the Primary Server
The replica server is now ready to accept replication data from the primary server. As you can see below, the replica server has no virtual machines. Once we enable replication, a new virtual machine should be created automatically.
Log in to the primary Hyper-V host and open the Hyper-V Manager. Select the virtual machine you want to replicate and click Enable Replication.
Specify the replica server name. In this example, the replica server is HPVEAST. Click Next.
Select the User certificate-based authentication (HTTPS) option and click Select Certificate.
On the Select certificate pop-up, you should see the self-signed certificate we generated earlier. Click OK to confirm.
Click Next.
Select the virtual hard disks to replicate and click Next.
Select how frequently the changes will be replicated. The default is five (5) minutes. Click Next.
Configure how the replication handles recovery points. The default is only to maintain the latest recovery point. Click Next.
Next, choose the initial replication method. The options are:
- Send the initial copy over the network. — Replicates the whole virtual machine over the network.
- Send initial copy over external media. — Exports the virtual machine to an external media that you can ship and copy to the replica server.
- Use an existing virtual machine on the Replica server as the initial copy. — Used only if you have restored a copy of this virtual machine to the replica server.
In this example, we’ll choose the first method.
Configure whether you want to replicate the VM immediately or at a schedule. In this example, we’ll choose to Start replication immediately.
Review the summary and click Finish.
You will see a confirmation message, as shown below.
According to the message, the replica VM’s network is not connected. This means you must configure the replica VM’s network configuration on the replica server before turning it on.
Confirm the Hyper-V Replication Health
Hyper-V provides a way to view the replication status. This way, you have an overview of the replication health.
Right click the VM → Replication → View Replication Health.
During the initial replication, this is the status you will see. The state will show Initial replication in progress. You can also see the remaining data size to replicate.
After the initial replication, the status will change to Replication enabled.
Conclusion
Setting up Hyper-V replication is a relatively straightforward process that can provide your organization with a high level of disaster recovery protection. Following the steps outlined in this blog post, you can quickly and easily get your Hyper-V replication environment running.
Once your Hyper-V replication environment is configured, you can rest assured that your data is safe during a disaster. With Hyper-V replication, you can quickly and easily recover your data to a secondary location to minimize downtime and get your business back up and running as soon as possible.
Here are some additional tips for using Hyper-V replication:
- Make sure that you have a good understanding of your organization’s disaster recovery requirements. This will help you determine the appropriate level of replication for your environment.
- Test your Hyper-V replication environment regularly to ensure it works properly. This will help you identify any potential problems before they cause a disaster.
- Have a plan in place for how you will recover your data in the event of a disaster. This plan should include steps for identifying the disaster, recovering your data, and restoring your systems.
