windows server 2012系列: 准备hyper-v 复制部署
2012-11-09 15:02
411 查看
task:参考地址http://technet.microsoft.com/zh-cn/library/jj134153
1.1 操作步骤思路
1.1.1设置防火墙,允许主服务器与复制服务器之间的数据复制
1.1.2主服务器与复制服务器必须是故障转移集群的一部分
1.1.3主服务器与复制服务器数据传输必须要加密
1.1.4确定哪些vhds需要复制并记录
1.1.5确定你需要设置多少还原点
1.1.6是否需要程序也保持一致,可能要额外的程序一致性还原点
1.1.7确定好最初的复制方法(假如使用媒体复制,必须先删除其中的快照)
1.2 安装 Hyper-V 角色和配置虚拟机.
windows 2012 hyper-v之(1):添加角色http://isee131.blog.51cto.com/619759/1054796
windows 2012 hyper-v之(2):创建虚拟机http://isee131.blog.51cto.com/619759/1054909
1.3设置防火墙
鼠标悬浮在最右下角(显示桌面)点击设置——控制面板
在控制面板中选中windows 防火墙——高级设置
入站规则启用截图最后2个:hyper-v副本HTTP侦听器(TCP入站)与hyper-v副本HTTPs侦听器(TCP入站)
无论有没有故障转移集群,这一步都是要做的
如果服务器是故障转移集群一部分,那需要在任何你使用Kerberos认证复制的故障转移节点下面利用管理员权限运行Windows PowerShell cmdlets
get-clusternode | ForEach-Object {Invoke-command -computername $_.name -scriptblock {Enable-Netfirewallrule -displayname "Hyper-V Replica HTTP Listener (TCP-In)"}}
如果服务器是故障转移集群一部分,那需要在任何你使用证书认证复制的故障转移节点下面利用管理员权限运行Windows PowerShell cmdlets
get-clusternode | ForEach-Object {Invoke-command -computername $_.name -scriptblock {Enable-Netfirewallrule -displayname "Hyper-V Replica HTTPS Listener (TCP-In)"}}
1.4设置hyper-v复制中介
To configure the Hyper-V Replica Broker
In Server Manager, open Failover Cluster Manager.
In the left pane, connect to the cluster, and while the cluster name is highlighted, click Configure Role in the Actions pane. The High Availability wizard opens
In the Select Role screen, select Hyper-V Replica Broker.
Complete the wizard, providing a NetBIOS name and IP address to be used as the connection point to the cluster (called a “client access point”). The Hyper-V Replica Broker is configured, resulting in a client access point name. Make a note of the client access point name for configuring Replica later on.
Verify that the Hyper-V Replica Broker role comes online successfully and can fail over between all nodes of the cluster. To do this, right-click the role, point to Move, and then click Select Node. Then, select a node, and then click OK.
[b]Windows PowerShell equivalent commands[/b]
The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.
This example sequence of cmdlets will create a Hyper-V Replica Broker names “HVR-Broker” that uses the static IP address 192.168.1.5. All steps must be completed by a user with administrative privileges.
Copy
Copy
Copy
Copy
Copy
1.5. Provide a certificate for encrypted data
If you configure Replica to use Kerberos authentication, the data transmitted from the primary to the Replica server is not encrypted. For the data to be encrypted, you should use certificate-based authentication. You can either provide an existing X.509v3 certificate or create a self-signed certificate.
If you are already using a certificate server or public key infrastructure (PKI) system, you can use an existing certificate, provided that it meets the following criteria:
The certificate must not be expired or revoked.
The certificate must include both client and server authentication extensions for enhanced key usage (EKU) and an associated private key.
The certificate must terminate at a valid root certificate in the Trusted Root Certification Authorities store on the Replica server.
If the virtual machine is hosted by a standalone server, the subject common name (CN) must be equal to (or the subject alternative name—DNS name) should contain the FQDN of the host. If the virtual machine is hosted by a failover cluster, the subject common name (CN) must be equal to (or the subject alternative name—DNS name) should contain the FQDN of the Hyper-V Replica Broker.
For additional information about using certificates with Hyper-V Replica, see http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate-requirements.aspx
You can validate any candidate certificate by running certutil –store my on both the primary and Replica servers. In both cases, the output of the command should indicate that the certificate passed the encryption test.
To create a self-signed certificate with Makecert.exe
On the primary server, copy the Makecert.exe utility locally.
Create a self-signed test root authority certificate by running the following command from an elevated command prompt:
makecert -pe -n "CN=PrimaryTestRootCA" -ss root -sr LocalMachine -sky signature -r "PrimaryTestRootCA.cer"
Create a new certificate signed by the test root authority certificate by running the following command from an elevated command prompt, supplying the FQDN of the primary server:
makecert -pe -n "CN=<FQDN>" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "PrimaryTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 PrimaryTestCert.cer
On the Replica server, copy the Makecert.exe utility locally.
Create a self-signed test root authority certificate by running the following command from an elevated command prompt:
makecert -pe -n "CN=PrimaryTestRootCA" -ss root -sr LocalMachine -sky signature -r "ReplicaTestRootCA.cer"
Create a new certificate signed by the test root authority certificate by running the following command from an elevated command prompt, supplying the FQDN of the Replica server:
makecert -pe -n "CN=<FQDN>" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "ReplicaTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 PrimaryTestCert.cer
Copy the file ReplicaTestRootCA.cer from the Replica server to the primary server, and then import it with the following command:
certutil -addstore -f Root "ReplicaTestRootCA.cer"
Copy the file PrimaryTestRootCA.cer from the primary server to the Replica server, and then import it with the following command:
certutil -addstore -f Root "PrimaryTestRootCA.cer"
By default, a certificate revocation check is required; however, self-signed certificates don’t support revocation checks. Disable the check by editing the registry on both the primary and Replica servers with the following command:
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\FailoverReplication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
1.1 操作步骤思路
1.1.1设置防火墙,允许主服务器与复制服务器之间的数据复制
1.1.2主服务器与复制服务器必须是故障转移集群的一部分
1.1.3主服务器与复制服务器数据传输必须要加密
1.1.4确定哪些vhds需要复制并记录
1.1.5确定你需要设置多少还原点
1.1.6是否需要程序也保持一致,可能要额外的程序一致性还原点
1.1.7确定好最初的复制方法(假如使用媒体复制,必须先删除其中的快照)
1.2 安装 Hyper-V 角色和配置虚拟机.
windows 2012 hyper-v之(1):添加角色http://isee131.blog.51cto.com/619759/1054796
windows 2012 hyper-v之(2):创建虚拟机http://isee131.blog.51cto.com/619759/1054909
1.3设置防火墙
鼠标悬浮在最右下角(显示桌面)点击设置——控制面板
在控制面板中选中windows 防火墙——高级设置
入站规则启用截图最后2个:hyper-v副本HTTP侦听器(TCP入站)与hyper-v副本HTTPs侦听器(TCP入站)
无论有没有故障转移集群,这一步都是要做的
如果服务器是故障转移集群一部分,那需要在任何你使用Kerberos认证复制的故障转移节点下面利用管理员权限运行Windows PowerShell cmdlets
get-clusternode | ForEach-Object {Invoke-command -computername $_.name -scriptblock {Enable-Netfirewallrule -displayname "Hyper-V Replica HTTP Listener (TCP-In)"}}
如果服务器是故障转移集群一部分,那需要在任何你使用证书认证复制的故障转移节点下面利用管理员权限运行Windows PowerShell cmdlets
get-clusternode | ForEach-Object {Invoke-command -computername $_.name -scriptblock {Enable-Netfirewallrule -displayname "Hyper-V Replica HTTPS Listener (TCP-In)"}}
1.4设置hyper-v复制中介
To configure the Hyper-V Replica Broker
In Server Manager, open Failover Cluster Manager.
In the left pane, connect to the cluster, and while the cluster name is highlighted, click Configure Role in the Actions pane. The High Availability wizard opens
In the Select Role screen, select Hyper-V Replica Broker.
Complete the wizard, providing a NetBIOS name and IP address to be used as the connection point to the cluster (called a “client access point”). The Hyper-V Replica Broker is configured, resulting in a client access point name. Make a note of the client access point name for configuring Replica later on.
Verify that the Hyper-V Replica Broker role comes online successfully and can fail over between all nodes of the cluster. To do this, right-click the role, point to Move, and then click Select Node. Then, select a node, and then click OK.
[b]Windows PowerShell equivalent commands[/b]
The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.
This example sequence of cmdlets will create a Hyper-V Replica Broker names “HVR-Broker” that uses the static IP address 192.168.1.5. All steps must be completed by a user with administrative privileges.
Copy
$BrokerName = “HVR-Broker”
Copy
Add-ClusterServerRole -Name $BrokerName –StaticAddress 192.168.1.5
Copy
Add-ClusterResource -Name “Virtual Machine Replication Broker” -Type "Virtual Machine Replication Broker" -Group $BrokerName
Copy
Add-ClusterResourceDependency “Virtual Machine Replication Broker” $BrokerName
Copy
Start-ClusterGroup $BrokerName
1.5. Provide a certificate for encrypted data
If you configure Replica to use Kerberos authentication, the data transmitted from the primary to the Replica server is not encrypted. For the data to be encrypted, you should use certificate-based authentication. You can either provide an existing X.509v3 certificate or create a self-signed certificate.
If you are already using a certificate server or public key infrastructure (PKI) system, you can use an existing certificate, provided that it meets the following criteria:
The certificate must not be expired or revoked.
The certificate must include both client and server authentication extensions for enhanced key usage (EKU) and an associated private key.
The certificate must terminate at a valid root certificate in the Trusted Root Certification Authorities store on the Replica server.
If the virtual machine is hosted by a standalone server, the subject common name (CN) must be equal to (or the subject alternative name—DNS name) should contain the FQDN of the host. If the virtual machine is hosted by a failover cluster, the subject common name (CN) must be equal to (or the subject alternative name—DNS name) should contain the FQDN of the Hyper-V Replica Broker.
For additional information about using certificates with Hyper-V Replica, see http://blogs.technet.com/b/virtualization/archive/2012/03/13/hyper-v-replica-certificate-requirements.aspx
You can validate any candidate certificate by running certutil –store my on both the primary and Replica servers. In both cases, the output of the command should indicate that the certificate passed the encryption test.
To create a self-signed certificate with Makecert.exe
On the primary server, copy the Makecert.exe utility locally.
Create a self-signed test root authority certificate by running the following command from an elevated command prompt:
makecert -pe -n "CN=PrimaryTestRootCA" -ss root -sr LocalMachine -sky signature -r "PrimaryTestRootCA.cer"
Create a new certificate signed by the test root authority certificate by running the following command from an elevated command prompt, supplying the FQDN of the primary server:
makecert -pe -n "CN=<FQDN>" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "PrimaryTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 PrimaryTestCert.cer
On the Replica server, copy the Makecert.exe utility locally.
Create a self-signed test root authority certificate by running the following command from an elevated command prompt:
makecert -pe -n "CN=PrimaryTestRootCA" -ss root -sr LocalMachine -sky signature -r "ReplicaTestRootCA.cer"
Create a new certificate signed by the test root authority certificate by running the following command from an elevated command prompt, supplying the FQDN of the Replica server:
makecert -pe -n "CN=<FQDN>" -ss my -sr LocalMachine -sky exchange -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 -in "ReplicaTestRootCA" -is root -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 PrimaryTestCert.cer
Copy the file ReplicaTestRootCA.cer from the Replica server to the primary server, and then import it with the following command:
certutil -addstore -f Root "ReplicaTestRootCA.cer"
Copy the file PrimaryTestRootCA.cer from the primary server to the Replica server, and then import it with the following command:
certutil -addstore -f Root "PrimaryTestRootCA.cer"
By default, a certificate revocation check is required; however, self-signed certificates don’t support revocation checks. Disable the check by editing the registry on both the primary and Replica servers with the following command:
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\FailoverReplication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- windows server 2012 AD 域和站点部署系列(一)环境准备
- Windows Server 2012 R2部署Hyper-V故障转移群集系列文章
- Windows Server 2012 R2部署Hyper-V故障转移群集(1)
- Windows Server 2012 RDS系列PART1:部署托管共享桌面虚拟化
- Lync Server 2013功能部署系列之三 Lync Server后端SQL2012镜像准备
- Windows Server 2012 Hyper-V复制功能
- Windows Server 2012 R2部署Hyper-V故障转移群集(2)
- windows server 2012 AD 域和站点部署系列(四)创建站点
- windows server 2012 AD 域和站点部署系列(六)在站点中创建林中另一域树
- windows server 2012 AD 活动目录部署系列(五)备份和还原域控制器
- Windows Server 2012 RDS系列PART2:部署非托管共享桌面虚拟化
- Windows Server 2012 ---Hyper-v之虚拟机复制
- Windows Server 2012 从入门到精通系列 之 安装部署
- Windows Server 2012 R2部署(4)---安装Hyper-V
- Windows Server 2012 R2部署Hyper-V故障转移群集(3)
- Windows Server 2012 R2 VDI系列(二)—前提准备
- 文档:Windows Server 2012 配置Hyper-V复制
- Windows Server 2012 R2部署Hyper-V故障转移群集(4)