windows server 2012 R2 to windows server 2016 hyper-V replication in workgroup mode , to and from ; over the internet
------
just done a project
the plan was to replicate over the vpn link, unfortunately , the vpn device ( home-made one) can only handle 3~4Mbps through-put
luckily both sites have fibre connection, so opened replication ports ( in this case 443), with the SSL as encryption
it is secure, in the future I will use a difference port as tcp 443 is too popular
the main point in 2016 ~ 2012 R2 replication in work group mode is to use certificate to authenticate
windows 2012 R2 can use windows 7 sdk's make cert to make self-signed certificate
however that got deprecated in windows 2016
windows server 2016 uses powershell to generate self-signed certs
----------
kudos to
http://blog.fedenko.info/2016/06/hyper-v-replica-with-self-signed.html
----------------------
This kind of replication is usefully for a smallbiz with a few VMs ; ie without a big IT infrastructure
----------------
a couple of things noted in the process
New-SelfSignedCertificate -type "Custom"
by default, only valid for 1 year
so if you dont want to generate certs every year, you can do a root cert of 10 years
then other cert bit less than 10 years
------------
in the fail-over process from windows 2012 R2 to windows server 2016, it refused to do live fail-over, I had to shutdown VMs first, then fail-over
----------
VPN device VPN tunnel through-put , what a interesting topic
the inital replication over the vpn link broke after about 15 minutes, the replicate speed was at 6.5Mbps
this issue was attributed to some non-existent broadcast storm as eventually I concluded that device could not handle the high throughput of the fibre connection, the result is that the device reboots every 12~ 15 minutes
un-plug the IMM2+ cable and unplug Lan2~ Lan 3 cable from the IBM/Lenovo server do not help the situation
; luckily I get replication working over the internet without throttling the replication speed
it achieved about 50Mbps over the WAN
------
just done a project
the plan was to replicate over the vpn link, unfortunately , the vpn device ( home-made one) can only handle 3~4Mbps through-put
luckily both sites have fibre connection, so opened replication ports ( in this case 443), with the SSL as encryption
it is secure, in the future I will use a difference port as tcp 443 is too popular
the main point in 2016 ~ 2012 R2 replication in work group mode is to use certificate to authenticate
windows 2012 R2 can use windows 7 sdk's make cert to make self-signed certificate
however that got deprecated in windows 2016
windows server 2016 uses powershell to generate self-signed certs
----------
kudos to
Vyacheslav Fedenko
for her excellent article
----------------------
This kind of replication is usefully for a smallbiz with a few VMs ; ie without a big IT infrastructure
----------------
a couple of things noted in the process
New-SelfSignedCertificate -type "Custom"
by default, only valid for 1 year
so if you dont want to generate certs every year, you can do a root cert of 10 years
then other cert bit less than 10 years
------------
in the fail-over process from windows 2012 R2 to windows server 2016, it refused to do live fail-over, I had to shutdown VMs first, then fail-over
----------
VPN device VPN tunnel through-put , what a interesting topic
the inital replication over the vpn link broke after about 15 minutes, the replicate speed was at 6.5Mbps
this issue was attributed to some non-existent broadcast storm as eventually I concluded that device could not handle the high throughput of the fibre connection, the result is that the device reboots every 12~ 15 minutes
un-plug the IMM2+ cable and unplug Lan2~ Lan 3 cable from the IBM/Lenovo server do not help the situation
; luckily I get replication working over the internet without throttling the replication speed
it achieved about 50Mbps over the WAN
