locked
Networking & Hyper-V Replication Through VPN Tunnel - Disaster Recovery RRS feed

  • Question

  • Want to setup a DR site. Here is my setup. Different WANs

    Site 1:
    Sonicwall VPN tunnel to site 2
    Hyper-V replicating following 3 VM servers; DC, FSRV, SQL.
    192.168.82.0/24

    DC does DHCP and DNS. DNS is used through vpn tunnel

    Site 2:
    Sonicwall VPN tunnel to site 1
    Replication is currently working from servers from site 1.
    192.168.70.0/24
    Sonicwall runs DHCP for this site and subnet. DNS is from DC through VPN tunnel.
    If site 1 goes down, how can I make site 2 the primary in regards to networking?
    Monday, June 22, 2020 8:41 PM

Answers

All replies

  • Something here may help.

    https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts

    and other services are listed here.

    https://support.microsoft.com/en-us/help/832017/service-overview-and-network-port-requirements-for-windows

     

    (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, June 22, 2020 9:11 PM
  • Hello Dan732,

    Yes but it would not be a transparent failover, it's going to take some modifications for it to work. Before you crank up the DC and the other servers @ the DR site, you will need to make sure that you have either created a virtual network OR physical LAN segment with the same IP address  as the main site and set the virtual switch to use that network segment.

    The other thing to consider is how users will access the server. If the users in site 1 are local, they will have to go to site 2 to have access or connect via VPN.


    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     


    • Edited by Miguel Fra Monday, June 22, 2020 9:27 PM
    Monday, June 22, 2020 9:27 PM
  • So i understand the best way would to use hyper-v failover settings to inject the failover IP.

    How would the change in IP address affect the DC? I would inject new IP settings for IP address, gateway, and DNS.

    What is the outcome for DNS server and DHCP server on the DC once these new injected IP settings are done?

    • Edited by Dan732 Tuesday, June 23, 2020 12:44 AM edit
    Tuesday, June 23, 2020 12:42 AM
  • Just do an ipconfig /flushdns, ipconfig /registerdns, restart the netlogon services after changes are made. If the subnet changes then recreate the reverse lookup zone.

     

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, June 23, 2020 12:46 AM
  • So i understand the best way would to use hyper-v failover settings to inject the failover IP.

    How would the change in IP address affect the DC? I would inject new IP settings for IP address, gateway, and DNS.

    What is the outcome for DNS server and DHCP server on the DC once these new injected IP settings are done?

    Keep the DC and other servers as they are. The thing you want to do is create a virtual switch at the DR site that has the same subnet IP's as the main site and make sure you start the servers using that virtual switch. This way the server will not know that anything has changed. You want to have an off line subnet on your DR site with the same IP's as you main site and just bring it on-line when necessary. This is a lot easier than changing IP's on the servers, DNS, DHCP, etc. to accommodate the different subnet from the DR site.

    Then register the DNS and flush the cache using the commands indicated below to make sure there is no bad juju with the IP addresses.


    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     


    • Edited by Miguel Fra Tuesday, June 23, 2020 1:12 AM
    Tuesday, June 23, 2020 1:09 AM
  • I like your idea.

    How would I go about creating it?
    At DR site server, create external Hyper-V Switch that is attached to one of the adapters? Assign that adapter a IP from the main site subnet?

    Tuesday, June 23, 2020 7:51 PM
  • Correct,

    Your server should have another NIC, add an IP address from the subnet range of site 1 with no gateway IP and bind it to the VSwitch.

    Details are beyond what I can expatiate, but in summary: you will need to recreate the main site LAN settings in a virtual environment that can be enabled and used in case of DR.

    Hyper-V over VPN is great for off-site DR but it's not a flip-the-switch scenario like it is when the replica is in the same LAN subnet.

    You also have to think about how the users will access the services which are now at a different site.


    Miguel Fra
    Falcon IT Services
    https://www.falconitservices.com

     


    • Edited by Miguel Fra Tuesday, June 23, 2020 8:46 PM
    Tuesday, June 23, 2020 8:43 PM
  • Using Hyper-V Replica to replicate and fail over domain controllers almost always results in disaster. If you combine Hyper-V Replica with multiple domain controllers, then there is a possibility of split brain and USN rollback, which requires a restore to recover from.

    Build an always-on domain controller with DNS and DHCP at the remote site. Use AD Sites and Services to separate the sites logically by subnet. Remove the replica of your DC. Allow AD's native replication do its work over the VPN.

    Somewhat off-topic, but SQL's native replication usually does more for it than Hyper-V Replica can do for it as well. Hyper-V Replica should only be used for guest technologies that do not have their own replication mechanisms.

    Setup failover IPs for Hyper-V Replica systems. Replica failover naturally involves downtime even in the best case, so as long as you have your DNS environment configured correctly in both subnets, everything should more or less sort itself out within a few minutes of failover.


    Eric Siron
    Altaro Hyper-V Blog
    I am an independent contributor, not an Altaro employee. I accept all responsibility for the content of my posts. You accept all responsibility for any actions that you take based on the content of my posts.

    Wednesday, June 24, 2020 3:10 AM
  • Hi Dan,

    As far as I'm concerned, it's not recommended to use Hyper V replication to replicate DC, FSRV and SQL, especially for DC. Hyper V replication is mainly for standalone servers.

    For DC disaster recovery, it's recommended to turn to DS forum:

    https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS

    For SQL disaster recovery, it's recommended to turn to SQL forum:

    https://social.msdn.microsoft.com/Forums/sqlserver/en-US/home?forum=sqldisasterrecovery

    Besides, you may also turn to Network forum to learn about DNS, VPN or IP address issues:

    https://social.technet.microsoft.com/Forums/en-US/home?forum=winserveripamdhcpdns

    I think you may get a more proper plan after learning the disaster recovery plan for special servers.

    Thanks for your time!

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 29, 2020 3:46 AM