Hyper-V 3.0 (WS 2012 R2) - Automatically replicate virtual machines securely (HTTPS)

Page 2 / 2

3. Enabling secure replication (HTTPS)

To enable replication over HTTPS (port 443), open the server manager on your 2nd Hyper-V server (the one that will serve as the Hyper-V replica server) and click : Hyper-V Settings.

Check the "Enable this computer as a Replica server" and "Use certificate-based Authentication (HTTPS)" boxes.
Then, click on "Select Certificate".

Select your certificate.
In our case, the "hyper-v-s2.informatiweb.lan" certificate which comes from our "InformatiWeb CA" certification authority.

If you click on the link "Click here to view certificate properties", you will see that this certificate :

  • ensures the identity of a remote computer
  • proves your identity to a remote computer.

In other words, it matches the "Client Authentication" and "Server Authentication" policies that we had previously seen.

Then, you will find them in the "Details" tab of the certificate.

Click OK.

Click OK to save the changes.

For replication to work, Windows Server warns you that you must first allow the Hyper-V Replica HTTPS Listener (TCP-In) rule in the firewall of your Hyper-V server.

Go to Control Panel -> System and Security -> Windows Firewall -> Advanced Settings.
In the "Inbound Rules" section, enable the rule : Hyper-V Replica HTTPS Listener (TCP-In).

And for security reasons, disable the "Hyper-V Replica HTTP Server (TCP-In)" rule if you previously enabled it.

4. Replicating a virtual machine via the HTTPS protocol

To replicate a virtual machine over HTTPS instead of HTTP, almost nothing changes.

Launch the Replication wizard for the desired virtual machine and select the authentication type "Use certificate-based authentication (HTTPS)" instead of "Use Kerberos authentication (HTTP)".
Then, click on "Select Certificate".

Select the certificate of your 1st Hyper-V server and click OK.

The certificate information is displayed.
Click Next.

In the summary, you will see that the authentication type will be "Certificate-based authentication" and that the port used will be port 443 (HTTPS).