How to: Configure your environment to host Hyper-V virtual machines on Shared Storage (SMB 3.0)
How to: Configure your environment to host Hyper-V virtual machines on Shared Storage (SMB 3.0)
Well, as embarrassed as I am, I’ll confess I wish I knew what I know now or found a post like this long ago. When I read you could now host your Hyper-V virtual machines on shared storage I got super excited! You can transfer from host to host in just a few seconds while you can use clustering of the file server to enable some HA goodness. My biggest excitement was when I read about the live migration capabilities (in seconds if not a few minutes you can move a live running virtual machine from one host to another, provided you comply with the requirements like shared storage and similar compatible processors).
I immediately looked around but because it was a new technology all I could find was references to iSCSI. In no time I rushed to set up shared iSCSI disks across all my servers and configure them to share it. It was a painful lesson that unless you have clustered machines sharing storage is a no no. I knew something smelled weird when I was doing it. The good thing is that it was all done in a testing environment so no real production servers suffered from my ignorance.
Now that there are more resource and articles about Hyper-V and shared storage I’ve got myself in learning and playing mode again. Happily I was able to configure shared storage and now I move VMs from host to host with no regards for downtime or bandwidth usage. Need to perform an update to a Hyper-V host and you need no downtime? Either use a replica or move it running with shared storage. All happiness here!
There are just a few things you need to keep in mind when setting this up. Primarily it all revolves around permissions and authentication delegation. I know right? What a pain.
Well, fortunately Microsoft has done a good job this time of making things as simple as possible (well, surely they could allow for a GUI that says “Configure the following servers for shared storage on this share”, but they seem to be moving in the direction of “Let’s let the user figure out what needs to happen in the backend instead of having them in blissful ignorance”). But I digress, here are a few commands to make your life blissfully ignorant, lol:
I. Configure Constrained Delegation
If your managing machine is not your host machine which is not your storage machine you are looking at using Constrained Delegation. Surely the walk around is to execute all commands at the host directly but that seems more of a hassle than a one time configuration.
There is the GUI way which is long and prone to errors, or a shortcut that makes life snappy available for PowerShell. The GUI involves going to the AD Users and Computer, clicking the properties of the host and in the Delegation tab selecting Trust this computer for delegation to the specified services only and Use Kerberos only. You’ll need to click Add, and provide the name of the SMB file server (or the Cluster Access Point for a Scale-Out File Server). You’ll add the Common Internet File System (CIFS) which is the previous name of SMB.
For powershell you need to have the Active Directory module which is available on Domain Controllers or can be installed by this command:
Install-WindowsFeature RSAT-AD-PowerShell
To quickly configure contrained delegation just run the following command:
Enable-SmbDelegation –SmbServer FileServerName –SmbClient Hyper-VServerName
You should do that for every possible combination of File Servers and Hyper-V hosts.
II. Configure SMB share rights
You simply need to give Full Control permissions for the Hyper-V Administrators and Hyper-V hosts to the share. For the Hyper-V hosts you will use the computer account available in active directory ServerName$.
If you are looking for more commands to use when deploying Hyper-V over SMB or goodies like Dat aprotection on remote SMB file shares using VSS you should visit Technet. Here is a good starting point: Deploy Hyper-V over SMB
III. If constrained delegation is not an option
I’m sorry to hear that. Regardless as I mentioned as a workaround you could execute your commands from the Hyper-V host. For examples on Hyper-V commandlets you can visit: Hyper-V Cmdlets in Windows PowerShell
Say you wanted to move a local VM to Shared Storage:
Move-VMStorage "Test VM" –DestinationStoragePath \StorageServer\Hyper-V\
for some reason that command did not work for me, but if you run it without the Destination Storage Path parameter it will ask for it interactively and I was able to provide it. I read the manual and it seems like the syntax is correct and I copied it from a MS example so beats me.