Enabling and Using Hyper-V for Standalone and Replication Clusters

Running Hyper-V on a Windows machine to allow virtualisation is quick to set up and allows you to run multiple servers on one piece of hardware, take checkpoints to restore to and assign system resources as necessary.  Due to the nature of the system, it’s advised to run this on Windows Server, though it is possible to do this on consumer versions.  This guide assumes Windows Server 2022 is being used.

It’s best practice to set up Windows Server before installing Hyper-V or running virtual machines.  Although you may not be planning to run replication or failover clusters at this stage, setting things up now will make that process easier if you need to add this functionality.

Set the IP address of the server as you would do normally on Windows.  Open the start menu and search for ‘Workgroup’.  This will open the System Properties where you can click ‘Change’.  Give your computer a new name. Clicking More will allow you to change the domain and the workgroup the server is operating on.  For the rest of this guide it is assumed you are using the following details:

IP: 10.100.3.11
Computer name: HYPERV-MAIN
Workgroup: CT-CLUSTER
Domain: ct-networks.com

You will have to restart the server to get these changes to take effect.

If you are not planning to run a DNS server on your network, you will need to manually add entries to the server host file which will resolve local fully qualified domain names (FQDNs)

Open an Explorer windows and navigate to C:\Windows\System32\driver\hosts and open it with Notepad.

At the bottom of the file add the entry:

10.100.3.11 HYPERV-MAIN.ct-networks.com

Enable Hyper-V by opening Server Manager, clicking Add Roles and Fetures and following the wizard, selecting Hyper-V from the list of roles.  Once installed, Hyper-V and any virtual machines installed on it is managed through the Hyper-V Manager software.

You will want your VM’s available to the rest of the network which means they need to be connected to a virtual switch.  From the right-hand side of the screen, select ‘Virtual Switch Manager’. You should see a virtual switch entry. Click on it, verify that it is set to ‘External Network’ and the network card the host PC is using is selected in the dropdown.

NB: It is important ‘Allow management operating system to use this adapter’ is ticked otherwise the host computer will be unable to use the network card, only the virtual machine.

Right-clicking on the computer name in the left-hand menu will allow you to access to New Virtual Machine wizard which will guide you through installation of a virtual machine, ensuring you connect it to your virtual switch.

Enabling Replication

Replication is a backup, not a failover solution.  This means copies of selected VMs are sent to another server as a backup, but they will not start or take over in the event the primary host fails.  You can however start the backups as VMs on the backup server, so you can manually recover from a hardware failure. 

Replication requires another server running the same version of Windows and Hyper-V, but we need to secure the connection between the two using certificates, otherwise Hyper-V will error.  For this guide we are assuming that the primary server is set up as per the instructions above, and a backup server is set up in the same way but using these settings:

IP: 10.100.3.12
Computer name: HYPERV-BACKUP
Workgroup (match to the one used above): CT-CLUSTER
Domain (match to the one used above): ct-networks.com

We need to update the host file located at C:\Windows\System32\etc\driver\hosts on both servers to contain these two entries:

10.100.3.11 HYPERV-MAIN.ct-networks.com
10.100.3.12HYPERV-BACKUP.ct-networks.com

Open PowerShell as an administrator and run the following.  These commands set some variables that will get used in a moment to generate the certificated required to secure Hyper-V replication.

First we will define some variables which will make the scripts easier to run later. Note that the variable are temporary and will not be saved if you close the PowerShell window for any reason.

$rootCA_Name = 'Hyper-V Root CA'`
$hostname = @(' HYPERV-MAIN.ct-networks.com', 'HYPERV-BACKUP.ct-networks.com')`
$certPassword = 'Creat1ve' | ConvertTo-SecureString -Force -AsPlainText`
$certFolder = 'C:\hvcerts'`
mkdir $certFolder

Now we can create the root certificate authority that will allow us to sign the certificates we create.

$rootCA = New-SelfSignedCertificate ` -Subject $rootCA_Name `
-FriendlyName $rootCA_Name `
-KeyExportPolicy Exportable `
-KeyUsage CertSign `
-KeyLength 2048 `
-KeyUsageProperty All `
-KeyAlgorithm 'RSA' `
-HashAlgorithm 'SHA256' `
-Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" ` -NotAfter (Get-Date).AddYears(10)

$rootCA | Export-PfxCertificate -FilePath "$certFolder\$($rootCA_Name).pfx" -Password $certPassword -Force

Using this root authority we can now generate the certificates for both the main and backup server.

$hostname | ForEach-Object {
$name = $_
New-SelfSignedCertificate `
-FriendlyName $name `
-Subject $name `
-KeyExportPolicy Exportable `
-CertStoreLocation "Cert:\LocalMachine\My" `
-Signer $rootCA `
-KeyLength 2048 `
-KeyAlgorithm 'RSA' `
-HashAlgorithm 'SHA256' `
-Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" `
-NotAfter (Get-Date).AddYears(10) |
Export-PfxCertificate -FilePath "$certFolder\$($name).pfx" -Password $certPassword -Force}

All the certs have now been created and can be found in C:\hvcerts. Copy these onto a USB stick so they can be installed on the backup server too.

We can now install the certificates on the main server.

1. Insert USB Stick with certificates installed and navigate to the folder container the certificates.
2. Double click the Hyper-V Root CA.pfx file, Select Local Machine, when prompted for password enter Creat1ve, Select `Place all certificates in the following store`, Browse and select `Trusted Root Certification Authorities`, Finish.
3. Double click the the Main or Backup pfx file on the relevant machine, Select Local Machine, when prompted for password enter Creat1ve, Select `Place all certificates in the following store` Browse and select `Personal`, Finish.
4. Run the following command in Powershell as Administrator:
   

New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" -Name "DisableCertRevocationCheck" -Value 1 -PropertyType DWORD -Force

Repeat the previous steps numbered 1 to 4 on the backup server (including the final Powershell command!)

All of the certificates have now been installed, now Replication needs enabling within Hyper-V.

1. Open Hyper-V On the Backup server. Right click the server in the left hand pane and select `Hyper-V Settings`.
2. Open Replication Configuration.
3. Select Enable computer as a Replica server.
4. Select Use HTTPS only

5. Press the Select Certificate button a dialog should appear with the found certificate that was just installed, select ok.
6. Select Allow replication from any authenticed server, you can change the location of the virtual harddisks if you wish.

The Backup server is now configured to accept Virtual Machines for replication. Switch to the Main Machine.

1. Select any virtual machines you want to enable replication of, and click Enable Replication on in the right hand pane.
2. When prompted for the replica server enter BACKUP.ct-networks.com
3. Set the replica server port to 443 and select Use HTTPS only.
4. Press the Select Certificate button a dialog should appear with the found certificate that was just installed, select ok.
5. Accept the defaults for the following prompts.