Information and announcements from Program Managers, Product Managers, Developers and Testers in the Microsoft Virtualization team.
A frequent question from our customers is on whether there are standard “best practices” when deploying Hyper-V Replica (or any Windows Server role for that matter). These questions come in many avatars - Does the Product Group have any configuration gotchas based on internal testing, is my server properly configured, should I change any replication configuration etc.
Best Practices Analyzer (BPA) is a powerful inbox tool which scans the server for any potential ‘best practice’ violations. The report describes the problem and also provides recommendation to fix the issue. You can use the BPA both from UI as well as PowerShell.
From the Server Manager Dashboard, click on Hyper-V, scroll down to the Best Practices Analyzer option, click on Tasks, followed by Start BPA Run
Once the scan is complete, you can filter the issues based on Warning or Errors, Excluded Results, Compliant Results.
The same can be done through PowerShell by executing the following cmdlets
Invoke-BpaModel -ModelId Microsoft/Windows/Hyper-V
Get-BpaResult -ModelId Microsoft/Windows/Hyper-V
To filter non-compliant rules, issue the following cmdlet
Get-BpaResult -ModelId Microsoft/Windows/Hyper-V -Filter Noncompliant
In a Windows Server 2012 server, the following rules constitute the Hyper-V BPA. The Hyper-V Replica specific rules are between rules 37-54.
3 The Hyper-V Virtual Machine Management Service should be configured to start automatically
4 Hyper-V should be the only enabled role
5 The Server Core installation option is recommended for servers running Hyper-V
6 Domain membership is recommended for servers running Hyper-V
7 Avoid pausing a virtual machine
8 Offer all available integration services to virtual machines
9 Storage controllers should be enabled in virtual machines to provide access to attached storage
10 Display adapters should be enabled in virtual machines to provide video capabilities
11 Run the current version of integration services in all guest operating systems
12 Enable all integration services in virtual machines
13 The number of logical processors in use must not exceed the supported maximum
14 Use RAM that provides error correction
15 The number of running or configured virtual machines must be within supported limits
16 Second-level address translation is required when running virtual machines enabled for RemoteFX
17 At least one GPU on the physical computer should support RemoteFX and meet the minimum requirements for DirectX when virtual machines are configured with a RemoteFX 3D video adapter
18 Avoid installing RemoteFX on a computer that is configured as an Active Directory domain controller
19 Use at least SMB protocol version 3.0 for file shares that store files for virtual machines.
20 Use at least SMB protocol version 3.0 configured for continuous availability on file shares that store files for virtual machines.
37 A Replica server must be configured to accept replication requests
38 Replica servers should be configured to identify specific primary servers authorized to send replication traffic
39 Compression is recommended for replication traffic
40 Configure guest operating systems for VSS-based backups to enable application-consistent snapshots for Hyper-V Replica
41 Integration services must be installed before primary or Replica virtual machines can use an alternate IP address after a failover
42 Authorization entries should have distinct tags for primary servers with virtual machines that are not part of the same security group.
43 To participate in replication, servers in failover clusters must have a Hyper-V Replica Broker configured
44 Certificate-based authentication is recommended for replication.
45 Virtual hard disks with paging files should be excluded from replication
46 Configure a policy to throttle the replication traffic on the network
47 Configure the Failover TCP/IP settings that you want the Replica virtual machine to use in the event of a failover
48 Resynchronization of replication should be scheduled for off-peak hours
49 Certificate-based authentication is configured, but the specified certificate is not installed on the Replica server or failover cluster nodes
50 Replication is paused for one or more virtual machines on this server
51 Test failover should be attempted after initial replication is complete
52 Test failovers should be carried out at least monthly to verify that failover will succeed and that virtual machine workloads will operate as expected after failover
53 VHDX-format virtual hard disks are recommended for virtual machines that have recovery history enabled in replication settings
54 Recovery snapshots should be removed after failover
55 At least one network for live migration traffic should have a link speed of at least 1 Gbps
56 All networks for live migration traffic should have a link speed of at least 1 Gbps
57 Virtual machines should be backed up at least once every week
58 Ensure sufficient physical disk space is available when virtual machines use dynamically expanding virtual hard disks
59 Ensure sufficient physical disk space is available when virtual machines use differencing virtual hard disks
60 Avoid alignment inconsistencies between virtual blocks and physical disk sectors on dynamic virtual hard disks or differencing disks
61 VHD-format dynamic virtual hard disks are not recommended for virtual machines that run server workloads in a production environment
62 Avoid using VHD-format differencing virtual hard disks on virtual machines that run server workloads in a production environment.
63 Use all virtual functions for networking when they are available
64 The number of running virtual machines configured for SR-IOV should not exceed the number of virtual functions available to the virtual machines
65 Configure virtual machines to use SR-IOV only when supported by the guest operating system
66 Ensure that the virtual function driver operates correctly when a virtual machine is configured to use SR-IOV
67 Configure the server with a sufficient amount of dynamic MAC addresses
68 More than one network adapter should be available
69 All virtual network adapters should be enabled
70 Enable all virtual network adapters configured for a virtual machine
72 Avoid using legacy network adapters when the guest operating system supports network adapters
73 Ensure that all mandatory virtual switch extensions are available
74 A team bound to a virtual switch should only have one exposed team interface
75 The team interface bound to a virtual switch should be in default mode
76 VMQ should be enabled on VMQ-capable physical network adapters bound to an external virtual switch
77 One or more network adapters should be configured as the destination for Port Mirroring
78 One or more network adapters should be configured as the source for Port Mirroring
79 PVLAN configuration on a virtual switch must be consistent
80 The WFP virtual switch extension should be enabled if it is required by third party extensions
81 A virtual SAN should be associated with a physical host bus adapter
82 Virtual machines configured with a virtual Fibre Channel adapter should be configured for high availability to the Fibre Channel-based storage
83 Avoid enabling virtual machines configured with virtual Fibre Channel adapters to allow live migrations when there are fewer paths to Fibre Channel logical units (LUNs) on the destination than on the source
106 Avoid using snapshots on a virtual machine that runs a server workload in a production environment
107 Configure a virtual machine with a SCSI controller to be able to hot plug and hot unplug storage
108 Configure SCSI controllers only when supported by the guest operating system
109 Avoid configuring virtual machines to allow unfiltered SCSI commands
110 Avoid using virtual hard disks with a sector size less than the sector size of the physical storage that stores the virtual hard disk file
111 Avoid configuring a child storage resource pool when the directory path of the child is not a subdirectory of the parent
112 Avoid mapping one storage path to multiple resource pools.
Go ahead and run the BPA, you might learn something interesting from the non-compliant rules! Fix the errors which are reported as part of the non-compliant rules and re-run the rules. The BPA scan is non-intrusive and should not impact your production workload.
You did not mention if the rules list you provided is after enabling Hyper-V Replica configuration on the current server?Thanks!