Coriolis integrates the platform Plugin on the Appliance itself, this way there is no need for agents to be deployed on platforms to establish the communication between the platform and the Coriolis components. Using this type of architecture,
Coriolis guarantees the connection to the supported platform set up to be used as either Source or Destination, as long as the requirements are met.
This section describes the functionality available via Coriolis’ Hyper-V plugin, which enables Coriolis to both migrate (CMaaS) and replicate (DRaaS) instances from Hyper-V.
Deployment requirements and supported Hyper-V instances
Deployment requirements
The Hyper-V plugin strictly supports Windows hosts greater or equal in version to Windows 10/Server 2016.
The worker components of Coriolis need HTTPS-enabled WinRM access to the Hyper-V host (port 5986 by default)
If using Hyper-V as a DRaaS source, a lightweight RCT service must be installed, enabled, and allowed in the Windows firewall. The installation and configuration process for the service is explained later on in this document.
The only supported authentication scheme for WinRM is basic (user/password). The RCT service is securely accessed through x509 certs which are transparent to the user.
Hyper-V connection parameters
In order to connect to Hyper-V to perform a migration/replica from it, the following connection parameters are required:
Make sure that WinRM Basic Authentication is enabled, using the following steps:
- Check if it is enabled: “winrm get winrm/config/Service”
The output will be like :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
…. AllowUnencrypted = false Auth Basic = false Kerberos = true Negotiate = true Certificate = true CredSSP = false CbtHardeningLevel = Relaxed …. |
- Enable the auth Basic authentication: “winrm set winrm/config/Service/auth @{Basic=”true”}”
Now if you check again it should be “Basic = true” and the validation should pass.
Example of connection info JSON to be passed to the Hyper-V plugin
|
1 2 3 4 5 6 7 8 9 |
{ "host": "10.7.200.100", "username": "Administrator", "password": "Passw0rd", "port": 5986, "allow_untrusted": true, "rct_port": 6677, "rct_password": "swordfish" } |
Each parameter represents:
- host (string): resolvable hostname or IPv4/v6 address of the Hyper-V host
- username (string): username for the Windows host. Can include domain as a prefix (with backslashes)
- password (string): password for the above user
- port (integer): port number the Hyper-V server has a WinRM Listener configured to listen on
- allow_untrusted (boolean): whether or not to accept connecting to hosts with a self-signed certificate
- rct_password (string): auth_key used when generating Rocket.toml file as described in the RCT setup section of this document
- rct_port (integer): port number the Hyper-V server has RCT Listener configured as used in Rocket.toml file generation
Hyper-V as a source cloud
Migrating (CMaaS) from Hyper-V
Migrations from Hyper-V operate in the same way Replicas do and thus entail the same requirements and steps described below.
Replicating (DRaaS) from Hyper-V
Input: the name or GUID of the VM.
NOTE please consider reviewing the general steps recommended to be performed before creating migration for a VM from Hyper-V in the dedicated documentation titled “Preparing a VM for migration/replication”.
Steps performed by Coriolis:
- read the configuration of the instance on the source Hyper-V (compute specs, disks, etc…) through PowerShell cmdlets through WinRM
- create an app-consistent snapshot (aka Checkpoint) of the VM
- export the data of the VM’s disk(s) through the lightweight RCT service
After the above steps are completed, the migration process proceeds with the steps that are defined in the selected destination cloud plugin.
Example of source environment JSON to be passed to the Hyper-V plugin
|
1 2 3 4 |
{ "fallback_to_crash_consistent_snapshots": true, "verify_rct_server": false } |
Each parameter represents:
- fallback_to_crash_consistent_snapshots (string) – Use crash-consistent snapshots if Hyper-V enablement is not installed in the guest VM
- verify_rct_server (string) – Verify the SSL certificate for RCT service. Set to No if using a self-signed certificate.
OSMorphing steps taken when migrating from Hyper-V
For exported VMs, Coriolis will take the following OSMorphing steps as part of the migration process from Hyper-V:
Linux:
- refer to the destination cloud for the tools that are being installed
- optionally, the user can remove the LIS components from the destination instance, if no longer required by platform
Windows:
- no OSMorphing steps are taken as the integration services are part of the Windows guest OS itself
For more information regarding the Coriolis Worker template, please check the Coriolis Temporary Migration Worker page.
Configuration Options
Hyper-V Plugin Export Configuration Options
|
1 2 3 4 5 6 7 8 |
[scvmm_migration_provider] # Attempt application consistent snapshots, and if that fails, # fallback to crash consistent snapshots.' fallback_to_crash_consistent_snapshots = true # Verify the SSL certificate of the RTC service. # To be set to false if using a self signed certificate. verify_rct_server = false |
RCT service installation and configuration procedure
The RCT (Resilient Change Tracking) lightweight service (https://github.com/cloudbase/rct-service) is an in-house project by Cloudbase which exposes a REST Service for the Hyper-V RCT in order to obtain the RCT info from a given virtual disk and stream the data remotely over an authenticated HTTPS channel. It allows live and incremental snapshots of VMs running on Hyper-V servers 2016 and above.
As prerequisites, the windows machine must have the Hyper-V features enabled.
Download the binary and extract the .zip file
RCT binary download
|
1 2 3 4 5 6 |
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $cli = New-Object "System.Net.WebClient" $cli.DownloadFile("<a href="https://cloudbase.it/downloads/app/hyper-v/rct-service.zip%22">https://cloudbase.it/downloads/app/hyper-v/rct-service.zip"</a>, "$env:USERPROFILE\rct-service.zip") Expand-Archive $env:USERPROFILE\rct-service.zip -DestinationPath $env:USERPROFILE\rct |
Generating the certs
Generate the X509 certificates for encryption of data transfer and store them in $env:USERPROFILE\rct. Alternative methods of X509 certs generation can be used, in this case, we are using a bundle that generates a CA, server cert, and client cert altogether. The CA allows client certificate verification. By default, local hostname and IPs are added to the certificate, in addition, localhost and 127.0.0.1 are added in the command line.
Download the executable and expand the archive file
Download the generator and extraction
|
1 2 |
$cli.DownloadFile("<a href="http://wiki.cloudbase.it/_media/gen-certs.zip%22">http://wiki.cloudbase.it/_media/gen-certs.zip"</a>, "$env:USERPROFILE\gen-certs.zip") Expand-Archive "$env:USERPROFILE\gen-certs.zip" -DestinationPath "$env:USERPROFILE\rct" |
Generate certificates and store them into $env:USERPROFILE\rct
Generate X509 certificates
|
1 |
& "$env:USERPROFILE\rct\gen-certs.exe" -certificate-hosts "127.0.0.1,localhost" -output-dir "$env:USERPROFILE\rct" |
Generate Rocket.toml file
1) note down the full path to X509 certificates folder
Get certificates full path
|
1 |
ls $env:USERPROFILE\rct |
In our case, it is C:/Users/Administrator/rct/
2) create a config file array variable and replace accordingly the desired auth_key/ port/ certs&key path
Create an array variable
|
1 2 3 4 5 6 7 8 9 10 11 |
$config = @" [global] # Use something else auth_key = "swordfish" address = "0.0.0.0" port = 6677 [global.tls] certs = "C:/Users/Administrator/rct/srv-pub.pem" key = "C:/Users/Administrator/rct/srv-key.pem" "@ |
Generate the config file
Create Rocket.toml file
|
1 |
Set-Content C:\Rocket.toml $config |
We are using forward slashes in the config!
Depending on your client, you may need to concatenate the ca-pub.pem with srv-pub.pem
Allow RCT service and port in Firewall
Enable RCT port in the firewall
|
1 |
New-NetFirewallRule -DisplayName rct -Direction Inbound -LocalPort 6677 -Protocol TCP -Action Allow |
Create the service to start automatically and start it for the first time only
Enable RCT service to start automatically and manually start the service for first-time use
|
1 2 3 4 5 |
New-Service -Name rct-service ` "C:\Users\Administrator\rct\OpenStackService.exe rct-service C:\Users\Administrator\rct\rct-service.exe" ` -DisplayName rct-service -StartupType Automatic Start-Service rct-service |
Hyper-V platform specifics
| Supported Actions: | Migration Source – Replica Source | Comments |
|---|---|---|
| Plugin identifier | hyper-v | Identifies the plugin. Used for the –provider CLI parameter |
| Credentials needed | Admin credentials and WinRM/HTTPS access to the Hyper-V host | Necessary credentials to give to Coriolis |
| Deployment requirements | Only Hyper-V hosts running Windows 10/Server 2016 or later are supported. Coriolis worker component(s) need network access to the Hyper-V host | Coriolis deployment and environment connectivity requirements |
| Source disk export requirements | A lightweight RCT service must be installed and configured on the source Hyper-V host(s) | Requirements to use the replica export (DRaaS source) features |
| Instance identification scheme | Name or GUID | How instances to migrate/replicate are identified on a source cloud handled by this plugin |
| Network identification scheme | Names of Virtual Switches | How networks are identified by the plugin. Required for the network_map field of the –destination-environment |
| Storage identification scheme | IDs of QoS Policies | How storage backends are identified by the plugin. Required for the storage_map field of the –destination-environment |