Setting up Shared Nothing Live Migration
Windows Server 2012 now lets you Live Migrate virtual machines even if the Hyper-V host isn’t part of a Windows Cluster. I showed you the video of Shared Nothing Live Migration here, but you need to configure your servers before you can successfully Live Migrate without a Windows Cluster. This article talks about how to configure your servers, but it basically comes down to either choosing Kerberos or Credential Security Support Provider (CredSSP) to authenticate the Live Migration. The problem is that one server is actually moving the VM to another host and requires authentication, and you need to make sure the move can be authenticated by the other server. Are you OK logging into the servers to perform the Live Migration? Or do you want to be able to move a VM using the remote management tools from another server or workstation? To be able to trigger a Shared Nothing Live Migration remotely, you need to enable Kerberos constrained delegation. My preference is Kerberos constrained delegation because it is the most flexible configuration.
Constrained delegation is configured via Active Directory Users and Computers under the Delegation tab for each computer participating in the Shared Nothing Live Migration. Here’s a screen shot of what needs to be added:
cifs and the Microsoft Virtual System Migration Service both need Kerberos only delegation.
Until next time,