alphaspirit - Fotolia
Although the benefits of live migrations are well-documented, the issue of actually initiating the migration is often overlooked or ignored until it's required. Administrators then must grapple with the dynamics of signing onto the servers to perform the migration. Think about system sign-on and authentication requirements before wrestling with live migrations. And there are two ways to authenticate a sign-on for Hyper-V live migration -- Kerberos or Credential Security Support Provider.
Kerberos, which can work remotely, is typically used when remote management tools are trusted to initiate live migrations, such as through System Center. In this case, select constrained delegation through the Active Directory Users and Computers console or via PowerShell and then choose Kerberos as the preferred authentication protocol. Kerberos can provide mutual authentication, ensuring that both ends of the connection are correct.
To initiate a live migration manually using Windows PowerShell scripts, remote desktop sessions or local console management, sign on to the originating server and use Credential Security Support Provider (CredSSP) to authenticate the migration process. CredSSP is simple and easy to use, but it requires a local login to the server originating the migration. This requirement works for most small- or midsize businesses, but it might not be practical for large enterprises with multiple remote facilities that require live migrations.
The local sign-on requirement for CredSSP can pose unexpected problems when the destination server is remote. If an admin signs onto a local server A and migrates a VM to remote server B, the sign-on works without issues because server A is local. But if IT teams need to move the VM from remote server B back to local server A, it may not be possible because they'd need to sign onto server B locally to initiate the migration back to server A. This is a common oversight that has come back to trouble many overworked administrators; the migration attempt will fail -- citing that no credentials are available.
Dig Deeper on Microsoft Hyper-V management
Related Q&A from Stephen J. Bigelow
Containers have rapidly come into focus as a popular option for deploying applications, but they have limitations and are fundamentally different ... Continue Reading
ALM and SDLC both cover much of the same ground, such as development, testing and deployment. Where these lifecycle concepts differ is the scope of ... Continue Reading
Eliciting performance requirements from business end users necessitates a clearly defined scope and the right set of questions. Expert Mary Gorman ... Continue Reading