Validating Hybrid Cloud scenarios in the Server 2012 Technology Adoption Program (TAP)

Hi there! In this blog post we highlight some of the early work on hybrid cloud scenarios with Hyper-V Replica and a special project we call Project On-Ramp focused on working with customers during our Windows Server 2012 engineering validation program. Long before we reach RTM dedicated customers deploy in production, test and identify issues during the development phase to help us achieve a high quality release. Pat Fetty a Principal Program Manager in the Customer Engineering team focused on Hosted Cloud technologies will take you thru the details of hybrid cloud configuration using Hyper-V replica.

Natalia Mackevicius
Group Program Manager, Partner and Customer Ecosystem Team

For those of you who are familiar with a Technology Adoption Program (TAP) at Microsoft you are aware of the requirements of having customers put pre-release software into their production environments. This of course helps us shake out any ‘real world’ types of software issues and fix them prior to our Release to Manufacturing (RTM).

In Server 2012, with so many new innovations around the cloud space (Hyper-V, Storage, Networking, Management etc…) we had some unique challenges in validating the Hybrid Cloud scenario. By definition, a Hybrid Cloud is:

Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).

(source: )

To put it in simpler terms, you will have some virtual machines (VM’s) and applications running on your premise, and some at another provider who may or may not be within the realm of your datacenter (i.e a public hosting provider).

Given this very unique requirement, we created a project within the TAP called Project On Ramp, which is coined from the concept of a freeway on ramp whereas you start slowly, then move full speed onto the freeway. Public cloud adoption can be looked at in a similar fashion, so the hybrid cloud scenario is the “on ramp” to customers moving full speed to a public cloud provider for their IaaS (Infrastructure as a Service.)

With this type of setup, we needed an ‘application’ of some kind that could communicate from an on premise host, to a host or VM at a public hosting provider, so we selected Hyper-V Replica (HVR) as that application. This post will go into some of the challenges we faced early on and explain how Hybrid Cloud HVR will be a technology that everyone will fall in love with!

Quick rundown of the Hosted Cloud Platform TAP

During the development and planning of Server 2012, we created several themes that were to be the focus of many of the new scenarios that we have enabled in this release. The term “Hosted Cloud Platform” is one of those themes and it encompasses a wide variety of scenarios, technologies and features.

When we talk to customers about cloud technologies, we try to not distinguish between Private, Public or Hybrid Clouds since the technologies we have built will support any type of cloud that you wish to build!

We had several different customer segments represented in the program, from small to medium sized business, to enterprises whose names are very recognizable as well as hosting providers who are offering, or hope to offer, IAAS services in the future.

For the On Ramp project, we took a handful of our hosting provider customers and our small and medium business customers and ‘partnered’ them together to create Hybrid Cloud environments and validate some scenarios, with the primary scenario being HVR.

So what does this look like?

Below is a simple setup from the hosting provider perspective which was taken from an example of one of our hosting provider customers who participated in the On Ramp project:


Validating Hybrid Cloud Graphic 1


As you can see, one of the key requirements in this scenario is having connectivity to the hoster’s environment. In this diagram, the hoster is using the built in VPN Server in 2012 as the termination point for a VPN tunnel from the client premise.

Another option, which is also quite popular, is utilizing a site to site tunnel which would be an IPsec based tunnel initiated from the customer’s external firewall and would terminate at the hoster’s firewall. During Project On Ramp we did validation of both setups using both third party firewall products as well as our own TMG product with success.

As a side note the Azure team have really gone above and beyond in terms of making this type of setup easier, including giving customers the ability to download a pre-configured script for the type of firewall that they have. Basically, you select your device from a dropdown box, Azure will produce the script for you and give you instructions on which variables to configure.

Check out the list of Azure supported devices Azure networking page and requirements.

OK, I’m connected, so now what!

Doing Hybrid Cloud HVR has some very simple requirements which I won’t go into detail here, but they are:

- Connectivity to the hosting provider (see above)

- A machine certificate issued to the customer’s HVR host

The certificate is the important piece for this scenario. HVR allows you to use 2 different types of authentication methods, Kerberos or a certificate. If you are doing replication within your own domain or forest (intra datacenter), then you could select the Kerberos option, but in the scenario where you are replicating to a public provider, you will need a certificate as the credential to do this.

You have several options in terms of what type of certificate you can use. Most hosting providers today already offer SSL based services and offer what is termed a wildcard certificate which allows you to have a single certificate for multiple sub domains. This type of certificate can now be used for cross site HVR (something that was added due to feedback from Project On Ramp!)

The second option you have is to setup your own Certificate Authority (CA) using the one that is built into Windows Server 2012 and create your own template and certificate to be used with HVR. Some hosters in the program are choosing this option as it is easy and free!

The third option would be to use certificates offered by a third party.

The key requirement of the certificate is that it must have both the Client Authentication EKU and Server Authentication EKU and that is it.

For those who were able to attend Tech Ed North America in June of 2012, see a demo of this exact scenario.

Also, Praveen Vijayaraghavan from the HVR team has done blog posts on HVR, certificate requirements and instructions as well which are very useful

Other hybrid cloud scenarios

As a continuing part of Project On Ramp we will also be validating other scenarios such as something new to Windows Server 2012 called Hyper-V Virtual Networking which allows for multi-tenancy VM’s that can share an overlapping IP range. This technology also allows for cross subnet live migration of VM’s as well which is something that is not feasible today.

Support for this feature is also being built into SP 1 of System Center 2012 and we will have customers and partners validating this feature specifically. In the Hybrid Cloud environment one could see how a technology like this could be very valuable especially for those customers who have complex networks setup today and have very mobile VM’s as well.

Future blog posts will touch on this topic as well as some other lessons learned from the Cloud TAP in general.


Pat Fetty
Principal Program Manager
Partner and Customer Engineering team