locked
Server 2012 Hyper V Multi tenant Hyper V Replica Host RRS feed

  • Question

  • I'm wondering if its possible to have a multi tenant replica node.

    By this I mean my clients use server 2012 Hyper V, and setup a replica to a 2012 host in my datacentre, so that should anything happen to their host, we can failover to the replica at my datacentre, but I only want one host to host all of the replicas for my clients who may have more than one VM to replicate but have it in a multi tenancy configuration so that all of my clients networks are separate.

    Is this possible at all? would they need a site to site VPN to replicate to my host?

    Wednesday, March 20, 2013 10:37 AM

Answers

  • Yes, what you are asking for is possible.  In fact, Microsoft documents a similar environment - http://technet.microsoft.com/en-us/library/jj134172.aspx

    Hosted cloud

    In this scenario, the hosting provider sets up a Replica server at their datacenter which receives replication data from a number of primary servers running virtualized workloads on the premises of their various customers. The hosting provider’s Replica server thereby provides disaster recovery capability for the customers who subscribe to it.

    To assure security for the customers, this scenario would involve certificate-based authentication using certificates probably serviced by a separate certificate server owned by the hosting provider. In addition, the Trusted Group feature of Replica allows the hosting provider to segregate the replicated data from each customer, using separate storage locations and tagging to prevent data from various customers from being mixed.

    Certificates may or may not be overkill for your environment, depending on how secure you want to make it.  And, yes, a site to site VPN would ensure security between sites.


    .:|:.:|:. tim

    • Marked as answer by Lawrence, Wednesday, March 27, 2013 5:33 AM
    Wednesday, March 20, 2013 2:16 PM
  • You'll also need to consider how you're going to do tenant isolation and clashing IP address scopes.  You have IP address rewrite in Hyper-V Replica.  There is also Network Virtualization.
    • Marked as answer by Lawrence, Wednesday, March 27, 2013 5:33 AM
    Wednesday, March 20, 2013 3:45 PM

All replies

  • Yes, what you are asking for is possible.  In fact, Microsoft documents a similar environment - http://technet.microsoft.com/en-us/library/jj134172.aspx

    Hosted cloud

    In this scenario, the hosting provider sets up a Replica server at their datacenter which receives replication data from a number of primary servers running virtualized workloads on the premises of their various customers. The hosting provider’s Replica server thereby provides disaster recovery capability for the customers who subscribe to it.

    To assure security for the customers, this scenario would involve certificate-based authentication using certificates probably serviced by a separate certificate server owned by the hosting provider. In addition, the Trusted Group feature of Replica allows the hosting provider to segregate the replicated data from each customer, using separate storage locations and tagging to prevent data from various customers from being mixed.

    Certificates may or may not be overkill for your environment, depending on how secure you want to make it.  And, yes, a site to site VPN would ensure security between sites.


    .:|:.:|:. tim

    • Marked as answer by Lawrence, Wednesday, March 27, 2013 5:33 AM
    Wednesday, March 20, 2013 2:16 PM
  • You'll also need to consider how you're going to do tenant isolation and clashing IP address scopes.  You have IP address rewrite in Hyper-V Replica.  There is also Network Virtualization.
    • Marked as answer by Lawrence, Wednesday, March 27, 2013 5:33 AM
    Wednesday, March 20, 2013 3:45 PM
  • Storage isolation between tenants can be got by setting the right attributes in the authorization table of Hyper-V Replica which is explained here - http://blogs.technet.com/b/virtualization/archive/2012/07/08/hyper-v-replica-authorization-entries-windows-server-2012-rc.aspx. Network isolation can be got from VLAN based techniques or through network virtualization. The latter is covered in a blog article which is available here - http://blogs.technet.com/b/virtualization/archive/2013/04/01/multi-tenant-disaster-recover-solution-using-windows-server-2012.aspx

    Praveen

    Saturday, April 13, 2013 5:49 AM