Поделиться через


Deploy Hyper-V over SMB

 

Applies To: Windows Server 2012 R2, Windows Server 2012

SMB 3.0 file shares can be used as shared storage for Hyper-V in Windows Server 2012 R2 and Windows Server 2012. With this capability, Hyper-V can store virtual machine files, which includes configuration, virtual hard disk (VHD) files, and snapshots, on SMB file shares. Listed below are the main advantages of storing application data for Hyper-V on SMB file shares:

  • Ease of provisioning and management. You can manage file shares instead of storage fabric and logical unit numbers (LUNs).

  • Increased flexibility. You can dynamically migrate virtual machines or databases in the data center.

  • Ability to take advantage of existing investment in a converged network. You can use your existing converged network with no specialized storage networking hardware.

  • Reduced capital expenditures. Capital expenses (acquisition costs) are reduced.

  • Reduced operating expenditures. You can reduce operating costs because there is no need for specialized storage expertise.

Note

Some Hyper-V features in Windows Server 2012 R2 and Windows Server 2012 now rely on using SMB file shares, such as some types of live migration.

In this guide

Note

This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see Using Cmdlets.

Prerequisites

Using Hyper-V with SMB has the following requirements:

  • One or more computers running Windows Server 2012 R2 or Windows Server 2012 with the Hyper-V role installed. You can also use non-Microsoft file servers that implement the SMB 3.0 protocol.

  • One or more computers running Windows Server 2012 R2 or Windows Server 2012 with the File and Storage Services role installed.

  • A common Active Directory infrastructure. The servers running Active Directory Domain Services (AD DS) do not need to run Windows Server 2012 R2 or Windows Server 2012.

The three most common file server configurations for Hyper-V over SMB are a single-node file server, a dual-node file server, and a multi-node file server, as shown in the following figure.

Figure 1   Common configurations for Hyper-V over SMB2

The two supported Hyper-V configurations for Hyper-V over SMB are:

  • Standalone Hyper-V servers (not a high availability solution)

  • Hyper-V servers configured in a failover cluster

Note

The Hyper-V host must have Windows Server 2012 R2 or Windows Server 2012 installed.

Considerations when using Hyper-V with SMB

  • An Active Directory infrastructure is required, so you can grant permissions to the computer account of the Hyper-V hosts.

  • The file server must have Windows Server 2012 R2 or Windows Server 2012 installed, so the new SMB 3.0 protocol is available. You can also use non-Microsoft file servers that implement the SMB 3.0 protocol. Hyper-V does not block older versions of SMB, however, the Hyper-V Best Practice Analyzer issues an alert when an older version of SMB is detected.

  • Loopback configurations (where the computer that is running Hyper-V is used as the file server for virtual machine storage) are not supported.

  • You must have separate failover clusters for Hyper-V and for the file server.

Step 1: Configuring file server clusters

To deploy Hyper-V over SMB, use one of the following procedures for your file server configuration. All servers in your file server configuration must have Windows Server 2012 R2 or Windows Server 2012 installed.

To configure a standalone file server

  1. Log on to the server as a member of the local Administrators group.

  2. Server Manager will start automatically. If it does not automatically start, click Start, type servermanager.exe, and then click Server Manager.

  3. In the QUICK START section, click Add roles and features.

  4. On the Select installation type page, click Role-based or feature-based installation, and then click Next.

  5. On the Select destination server page, select the appropriate server, and then click Next. The local server is selected by default.

  6. On the Select server roles page, click File and Storage Services, and then click Next.

  7. On the Confirm installation selections page, click Install.

Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

To add the File and Storage Services role, type:

Install-WindowsFeature File-Services, FS-FileServer

If you are using SMB Multichannel, ensure there are two network adapters with identical type and speed available. To view the list of network adapters, type:

Get-NetAdapter
Get-SmbServerNetworkInterface

To configure a clustered file server

  1. With Windows Server 2012 R2 or Windows Server 2012 installed on two servers, add the File and Storage Services role and the Failover Clustering feature on each server by typing:

    Install-WindowsFeature File-Services, FS-FileServer, Failover-Clustering
    Install-WindowsFeature RSAT-Clustering -IncludeAllSubFeature
    
  2. If you are using SMB Multichannel, ensure there are two network adapters with identical type and speed available and that they are configured on different subnets. To view the list of network adapters, type:

    Get-NetAdapter
    Get-SmbServerNetworkInterface
    
  3. To create a failover cluster using the two servers, type:

    New-Cluster –Name ClusterName -Node FileServer1, FileServer2
    
  4. To create a file server cluster to host continuously available SMB file shares, where FST is the name of the file server cluster and Cluster Disk 1 is the storage, type:

    Add-ClusterFileServerRole -Name FST -Storage “Cluster Disk 1” –StaticAddress 192.168.101.22/24, 192.168.102.22/24
    

    The above example assumes you are using two networks with addresses, 192.168.101.22/24 and 192.168.102.22/24, for SMB network traffic. Two networks are recommended for network fault tolerance.

To configure a failover cluster with a scale-out file server

  1. Follow steps 1-3 in the previous procedure, To configure a clustered file server.

  2. To create a scale-out file server on the failover cluster to host continuously available SMB file shares, where FSO is the name of the scale-out file server cluster and Cluster Disk 2 is the name of the storage, type:

    Add-ClusterSharedVolume “Cluster Disk 2”
    Add-ClusterScaleOutFileServerRole -Name FSO
    

Step 2: Install Hyper-V

To continue deploying Hyper-V over SMB, install the Hyper-V role on a separate server.

To install the Hyper-V role

  1. To install the Hyper-V role on a separate server, follow steps 1-5 from To configure a standalone file server.

  2. On the Select server roles page, click Hyper-V, and then click Next.

  3. On the Confirm installation selections page, click Install.

Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

To install the Hyper-V role and Hyper-V Windows PowerShell cmdlets and tools, type:

Install-WindowsFeature Hyper-V, Hyper-V-PowerShell, Hyper-V-Tools

If you are using SMB Multichannel, ensure there are two network adapters with identical type and speed available, and they are not connected to the virtual switch. To view the list of network adapters, type:

Get-NetAdapter
Get-SmbClientNetworkInterface

Step 3: Create an SMB file share

The folder used by Hyper-V to store virtual machine data requires specific permissions to access the SMB file share. You need to make sure that the Hyper-V computer accounts, the SYSTEM account, the cluster computer account for any Hyper-V clusters, and all Hyper-V administrators have full control permissions.

To create an SMB file share by using Server Manager

  1. Log on to the server as a member of the local Administrators group.

  2. Server Manager will start automatically. If it does not automatically start, click Start, type servermanager.exe, and then click Server Manager.

  3. On the left, click File and Storage Services.

  4. Click Tasks, and then click New Share to open the New Share Wizard.

  5. On the Select Profile page, select SMB Share – Applications, and click Next.

  6. On the Share Location page, select a server and a volume, and click Next.

  7. On the Share Name page, specify a name for the new share, and click Next.

  8. On the Permissions page, click Customize Permissions.

  9. Click Add, click Select a Principal, and then click Object Types.

  10. In Object Types, click to select Computers, and click OK.

  11. Enter the name of the computer, and click OK.

  12. In Permissions Entry, select Full Control, and click OK.

  13. Repeat the previous three steps for the second Hyper-V server. Click OK when finished.

  14. On the Permissions page, click Next.

  15. Click Create to create the SMB file share.

Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

For a standalone file server or a clustered file server, type the following to configure an SMB file share (where HV1 and HV2 are servers running Hyper-V, HVC is the Hyper-V cluster account, and HVadmin is the Hyper-V administrator account):

# Create folder
MD X:\VMS
# Create file share
New-SmbShare -Name VMS1 -Path X:\VMS -FullAccess Domain\HVAdmin, Domain\HV1$, Domain\HV2$, Domain\HVC$
# Set NTFS permissions from the file share permissions
Set-SmbPathAcl –Name VMS1

For a scale-out file server cluster, type the following to configure an SMB file share (where HV1 and HV2 are servers running Hyper-V and HVadmin is the Hyper-V administrator account):

# Create folder
MD X:\VMS
# Create file share
New-SmbShare -Name VMS1 -Path X:\VMS -FullAccess Domain\HVAdmin, Domain\HV1$, Domain\HV2$, Domain\HVC$
apply permissions
# Set NTFS permissions from the file share permissions
Set-SmbPathAcl –Name VMS1

Step 4: Create a virtual machine and virtual hard disk file on the file share

To create a virtual hard disk (VHD) and virtual machine on an SMB file share, use Hyper-V Manager or Hyper-V Windows PowerShell cmdlets. You will also need to specify a Universal Naming Convention (UNC) path (for example, \\servername\sharename).

To create a virtual machine

  1. Open Hyper-V Manager. From the Server Manager Tools menu, click Hyper-V Manager.

  2. From the navigation pane of Hyper-V Manager, select the computer running Hyper-V.

  3. From the Actions pane, click New and then click Virtual Machine.

  4. The New Virtual Machine wizard opens. Click Next.

  5. On the Specify Name and Location page, type an appropriate name and location (using a UNC path). To configure Hyper-V over SMB, you must use a UNC path.

  6. On the Assign Memory page, specify enough memory to start the guest operating system.

  7. On the Configure Networking page, connect the virtual machine to the switch you created when you installed Hyper-V.

  8. On the Connect Virtual Hard Disk and Installation Options pages, choose Create a virtual hard disk. Click Next, and then click the option that describes the type of media you will use. For example, to use an .iso file, click Install an operating system from a boot CD/DVD and then specify the path to the .iso file.

  9. On the Summary page, verify your selections and then click Finish.

Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

For a file server named FS1 and a file share named VMS, to create a virtual machine named VM1, type:

New-VHD -Path \\FS1\VMS\VM1.VHDX -VHDType Dynamic -SizeBytes 127GB
New-VM -Name VM1 -Path \\FS1\VMS -Memory 1GB -VHDPath \\FS1\VMS\VM1.VHDX

Step 5: Migrate virtual machine storage to an SMB file share

You can migrate virtual machine storage from both direct-attached storage (DAS) to an SMB file share and from a SMB file share to another SMB file share.

To migrate virtual machine storage from local storage to an SMB file share

  1. To confirm that there is a virtual machine using local storage, type:

    Get-VM VM1 | FT Name, Path, State
    Get-VMHardDiskDrive VM1 | FT VMName, Path
    

    To migrate virtual machine storage from an SMB file share to another SMB file share, specify the SMB file share in this step.

  2. Start a prolonged process, such as running a file copy workload, inside of the guest operating system.

  3. To migrate the virtual machine storage to an SMB file share, type:

    Move-VMStorage –VMName VM1 –DestinationStoragePath \\FST\VMS
    
  4. To confirm that a virtual machine is using an SMB file share and the workload is not interrupted, type:

    Get-VM VM1 | FT Name, Path, State
    Get-VMHardDiskDrive VM1 | FT VMName, Path
    

Step 6: Initiate a live migration of a virtual machine to another cluster node

You can transparently move running virtual machines from one cluster node to another node in the same cluster without a dropped network connection or perceived downtime.

To initiate a live migration of a virtual machine to another cluster node

  1. To confirm that a virtual machine is running in a cluster node and is using an SMB file share, type:

    Get-VM VM1 | FT Name, Path, State
    Get-VMHardDiskDrive VM1 | FT VMName, Path
    Get-ClusterGroup VM1 | FT Name, OwnerNode, State
    
  2. Start a prolonged process, such as running a file copy workload, inside of the guest operating system.

  3. To perform a live migration of a virtual machine to another cluster node, type:

    Move-ClusterVirtualMachineRole -Name VM1 -Node HV2 –VmMigrationType Live
    
  4. To confirm that the virtual machine moved to another cluster node and the workload is not interrupted, type:

    Get-ClusterGroup VM1 | FT Name, OwnerNode, State
    

Step 7: Move virtual machines to another Hyper-V host and migrate virtual machine storage

To move running virtual machines from one cluster node to another node in the same cluster and migrate virtual machine storage, use one of the following procedures:

To move a virtual machine to another Hyper-V host

  1. To confirm that a virtual machine is running on the Hyper-V host, type:

    Get-VM VM1 | FT Name, Path, State
    
  2. Start a prolonged process, such as running a file copy workload, inside of the guest operating system.

  3. To perform a live migration of a virtual machine to another Hyper-V host, type:

    Move-VM –Name VM1 –DestinationHost HV2
    
  4. To confirm that the virtual machine moved to another Hyper-V host and the workload is not interrupted, type:

    Get-VM VM1 | FT Name, Path, State
    

To move a virtual machine with direct-attached storage and migrate its virtual machine storage to an SMB file share

  1. To confirm that a virtual machine with local storage is running on the Hyper-V host, type:

    Get-VM VM1 | FT Name, Path, State
    Get-VMHardDiskDrive VM1 | FT VMName, Path
    

    To migrate virtual machine storage from an SMB file share to another SMB file share, specify the SMB file share in this step.

  2. Start a prolonged process, such as running a file copy workload, inside of the guest operating system.

  3. To move the virtual machine to another Hyper-V host and the storage to an SMB file share, type:

    Move-VM –Name VM1 -DestinationHost HV2 –DestinationStoragePath \\FST\VMS
    
  4. To confirm that the virtual machine moved to another Hyper-V host using the SMB file share, and the workload is not interrupted, type:

    Get-VM VM1 | FT Name, Path, State
    Get-VMHardDiskDrive VM1 | FT VMName, Path
    

Troubleshooting

This section covers some common issues that you might encounter when using Hyper-V over SMB.

Check and fix issues with permissions

You may experience issues with permissions that are related to accessing an SMB file share or the NTFS folder on which the share was created. To check permissions on an SMB file share (where VMS1 is the share and X:\VMS is the NTFS folder), type the following:

Get-SmbShareAccess -Name VMS1 -Path X:\VMS

If you determine that a specific computer account is missing from permissions, you can add the account to both the file share and the folder to fix the issue. To fix the permissions, type the following:

Grant-SmbShareAccess –Name VMS1 –AccountName Domain\HV3$ -AccessRight Full
Set-SmbPathAcl –Name VMS1

Using constrained delegation

When using Hyper-V Manager from a computer running Windows Server 2012 R2 or Windows Server 2012 to manage virtual machines on another computer running Windows Server 2012 R2 or Windows Server 2012, you may experience an error that says access to an SMB file share is denied. Typically, this is because you need delegation rights to use your credentials to access the remote share on another computer. This is a security feature that prevents a user from gaining access to a computer in your network for the purpose of performing actions on other computers in your network. To address this issue, you have two choices:

Option 1: Use Remote Desktop. Use Remote Desktop to access the computer and run Hyper-V Manager directly on that computer.

Option 2: Configure constrained delegation. You can change the properties of the computer account in Active Directory Users and Computers to allow delegation. When enabled, constrained delegation gives you the ability to use a specific SMB remote file share without requiring you to perform an action on any computer. Constrained delegation tells Active Directory Users and Computers that between two computers, (in this case, the Hyper-V server and the SMB file server), and for specific services, (in this case, SMB), it is allowed to re-issue access to the resources.

To configure constrained delegation, for each server running Hyper-V, perform one of the following procedures.

Note

In Windows Server 2012 R2, you can perform this procedure using a new set of Windows PowerShell SMB cmdlets that simplifies the configuration of constrained delegation.

To configure constrained delegation

  1. In Active Directory Users and Computers, click to open Properties for the computer account, and then click to open the Delegation tab.

  2. Select both Trust this computer for delegation to the specified services only and Use Kerberos only.

  3. Click Add, and provide the name of the SMB file server (or the Cluster Access Point for a Scale-Out File Server).

  4. Select the CIFS service. Note that Common Internet File System (CIFS) is the previous name for SMB.

  5. On the SMB file share created for virtual machines, add Full Control permissions for the Hyper-V Administrators.

Windows PowerShell equivalent commands

The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints.

Before you perform this procedure using the Windows PowerShell SMB cmdlets, the Active Directory module for Windows PowerShell must be available. To install the Active Directory cmdlets, type:

Install-WindowsFeature RSAT-AD-PowerShell

To configure constrained delegation (where FileServer1 and FileServer2 are the servers running Hyper-V and HV1 and HV2 are the SMB clients), type:

Enable-SmbDelegation –SmbServer FileServer1 –SmbClient HV1
Enable-SmbDelegation –SmbServer FileServer1 –SmbClient HV2
Enable-SmbDelegation –SmbServer FileServer2 –SmbClient HV1
Enable-SmbDelegation –SmbServer FileServer2 –SmbClient HV2

Note

This procedure works only with the resource-based constrained delegation available starting in Windows Server 2012, therefore, the Active Directory forest must be at the Windows Server 2012 functional level.

See also