Setting Up Hyper-V 2012 R2 Server Core

In the past year or two, I used to have 2 Hyper-V Servers. They are good for hypervisor platform. The best thing I like about having 2 Hyper-V Servers is Replication. I need the replication to make sure my critical virtual machines are available when one of the hosts failed.

Anyway, I decided to shutdown one of the hosts. I still need the replication for my critical virtual machines. My physical host has got a local RAID controller, on which all the virtual machines are running. I decided to create a virtual Hyper-V Server 2012 R2 Core running on this physical host.

Within the virtual Hyper-V server, I initiate iSCSI to my QNAP NAS and set the Hyper-V replication settings to use this iSCSI disk as the target for Hyper-V replication, e.g. all replicated vdisk will be stored in the iSCSI disk

The challenge is to configure Hyper-V server core, which by default has the firewall enabled.
Firstly, I need to enable the firewall for Remote Disk Management. The rules are there, but by default is disabled. We need to find the group on which the rules are specified.

To find the grouping:

Get-NetFirewallRule | Select DisplayGroup -Unique | Sort DisplayGroup

As you can see there is a group called Remote Service Management and Remote Volume Management

 To find the rule within the group:

Get-NetFirewallRule | Where {$_.DisplayGroup -eq "Remote Service Management"} | Select Name

As you can see there are 3 rules associated with the group. To enable them:

Get-NetFirewallRule | Where {$_.DisplayGroup -eq "Remote Service Management"} | Enable-NetFirewallRule

You then need to do the same thing for Remote Volume Management and Hyper-V Replica HTTP

Once you have enabled all the rules, from your physical host, using Server Manager, you can add your Hyper-V Core Server and right click on the server and run Computer Management from the context menu

Now because I would like to run iSCSI initiator from this virtual Hyper-V Core server, I then enable the Microsoft iSCSI Initiator Service and change its startup type to be Automatic

You then need to setup the iSCSI, by running iscsicpl from the command prompt of the Hyper-V Core Server

Enter the details of your iSCSI target and then using the Disk Management you can format and assign a drive letter to the newly created iSCSI disk. Once you have the disk, using Hyper-V Manager, run Hyper-V Settings

Within Hyper-V Settings, select Replication Configuration

Select Enable this computer as a Replica Server, and select either Use Kerberos (HTTP) or Use certificate-based Authentication (HTTPS)

Lastly, specify the default location to store Replica files

You can now start replicating your Virtual Machines!!

NetScaler MAC Based Forwarding

In the situation where you have deployed your NetScaler with 2 NICs, one connected to the DMZ network and the other one is connected to your Internal network, depending on your configuration, you might need to enable the MAC Based Forwarding on NetScaler

You probably assign the NSIP on your Internal Network, MIP on your Intenal Network, SNIP and VIPs on your DMZ Network (for example for publishing CAG/SSL VPN). You then trying to access your NetScaler services from your Internal Network. This means your traffic from the Internal network goes to your default gateway (e.g. the firewall) which then forwarded to the VIP on DMZ Network. NetScaler then accept the traffic, however, the returning traffic will not going back to through the firewall (e.g. NetScaler default gateway), it will be going to the other NetScaler's NIC that connects to Internal network. This will create asymmetric routing, and most router/firewall will drop the packets.

To avoid this, usually enabling the MAC Based Forwarding (MBF) will fix this.

The following is the definition of MBF:

With MAC-based forwarding (MBF) enabled, when a request reaches the NetScaler appliance, the appliance remembers the source MAC address of the frame and uses it as the destination MAC address for the resulting replies. MAC-based forwarding can be used to avoid multiple-route/ARP lookups and to avoid asymmetrical packet flows. MAC-based forwarding may be required when the NetScaler is connected to multiple stateful devices, such as VPNs or firewalls, because it ensures that the return traffic is sent to the same device that the initial traffic came from.

To enable it, from the NetScaler Console:

enable ns mode mbf