certificate-based authentication, which enables the primary and replica not to be part
of the same Active Directory forest or even organization and requires a certificate to
be specified for use with an added benefit of using HTTPS, meaning that all data
transferred is now encrypted. Both Kerberos and certificate-based authentication can
be enabled; in that case, when a new replication relationship is established, the
administrator configuring the replication will be given a choice to use either Kerberos
or certificate-based authentication. The option to use certificate-based authentication
would be useful if you wanted to replicate to a Hyper-V server that’s not part of your
organization, such as a host offered by a hosting company as part of an external
disaster-recovery solution.
The only other configuration choice is to specify which servers the replica server will
accept replication requests from and where those replicas will be stored. One option is
to allow replication from any authenticated server, in which case a single location is
selected where all replicas will be stored. The other option is to indicate specific
servers that can replicate to the server; in this case, each server can have a different
storage location. When specifying servers, it is possible to use the wildcard character
within the server name (but only one wildcard is supported in the server name); this
allows the enablement of a group of servers such as *.savilltech.net for all servers
whose fully qualified domain name ends in savilltech.net. The Trust Group setting
is simply a tag to allow VMs to move between Hyper-V hosts with the same trust
group and continue replicating without issue. With Shared Nothing Live Migration,
virtual machines can be moved between Hyper-V hosts that are not clustered with no
downtime. With this new mobility capability, you need to ensure that groups of
servers have the same trust group tag to enable replication to be unaffected if virtual
machines are moved between servers within a trust group.
You can also perform this configuration using PowerShell via the Set-
VMReplicationServer cmdlet. For example, to enable replication with the default
settings (allow replication from any server and use Kerberos), I use the following:
Set-VMReplicationServer -ReplicationEnabled 1 -ComputerName savdalhv24
Further configuration can be performed using Set-VMReplicationServer. The easiest
way to see the options is to view the output of Get-VMReplicationServer, as shown
here:
PS C:> get‐vmreplicationserver ‐computername savdalhv24 | fl
ComputerName : savdalhv24
ReplicationEnabled : True
ReplicationAllowedFromAnyServer : True
AllowedAuthenticationType : Kerberos
CertificateThumbprint :
KerberosAuthenticationPort : 80
CertificateAuthenticationPort : 443
KerberosAuthenticationPortMapping :
CertificateAuthenticationPortMapping: