Nested Hyper-V Shared-Nothing Migration

Previously I set up nested Hyper-V environment on ESXi 5.5. Now I will show you how to setup Hyper-V itself to prevent it from causing purple screen of death on ESXi when live migrating vms. I assume you have Hyper-V joined to your domain and followed my previous post about installing nested hyper-v.

  1. When I set up Hyper-V environment I wanted to have separate virtual networks for management and nested vm traffic. So I added second NIC to every Hyper-V virtual machine I had on ESXi and it was VMXNET 3. Both vmnics below are connected to the same switch:
    vmware level network
  2. Now you have to set up proper ip addressess for all interfaces. I use network for Hyper-V management and network for vms and live migration.
  3. Next thing is to create virtual switch inside Hyper-V (if you don`t have it already). Open Hyper-V management tool and connect to your hyper-V host. Then select host and click “Virtual Switch Manager..” on pane on the right. Type of switch you should have is external. I use #2 NIC which is configured to use network. It prevents from reseting connection to hyper-v server when creating a switch:
    Virtual Switch Hyper-v
  4. Now you can open Active Directory Users and Computers and browse to your Hyper-V hosts. Click on the host`s icon and go to delegation tab. Select “Trust this computer for delegation to specified services only” and under that select “Use Kerberos only” and then click “Add” button to include yout trusted for delegation hyper-V hosts. I have 4 nested hyper-v hosts; vhv20, vhv21, vhv22 and vhv23. For each host I have I added 3 remained hosts to delegation tab. You add “CIFS” service and “Microsoft Virtual System Migration Service”. Bad news is that it can`t be done over group policy, so if you have large number of hyper-v hosts it can be time consuming process (but here is the script). After all you should get something similar to this:
    constrained delegation
  5. Last thing is to tell Hyper-V to use Live Migration and how it should do it. Go back to your Hyper-V manager and select hyper-v host you want to configure for live migrations. Click Hyper-V settings on the right and then “Live Migrations”. Check “Enable incoming and outgoing live migrations”. Specify which networks you want to use to perform live migrations otherwise accept defaults settings. In my case it is network. Expand “live migrations” and select “Advanced features” on the left. Select “Kerberos” as authenticating protocol and approve changes. You can use these powershell commands (modify network adress and host names) to achieve this step:
    PS C:\>invoke-command -ComputerName vhv20,vhv21,vhv22 {Enable-VMMigration; Set-VMMigrationNetwork 10.0.0.*; Set-VMHost –VirtualMachineMigrationAuthenticationType Kerberos}
  6. Now you are ready to perform a live migration of a VM.