Perform a Hyper-V Replica Initial Copy Using External Media
An important step in implementing Hyper-V Replica is performing the initial copy. There are three ways to do this. In this post, I will talk about how to perform the Hyper-V Replica initial copy using external media or removable storage. (In a previous post, I showed you how to perform the Hyper-V Replica initial copy over the network.)
Initial Copy Using External Media: How It Works
With this approach, you will use removable storage to physical transport the files of your Hyper-V Replica-protected virtual machines from the primary site to the secondary site. This is done once, just for the initial copy. The files are imported on the host/cluster in the secondary site. Hyper-V Replica will fix up any differences between the production and replica virtual machines since the export was done, and then replication will automatically begin.
Pros and Cons
There is one significant benefit to performing the initial copy using removable storage. You do not need endless amounts of bandwidth to get terabytes (or even petabytes) of virtual machine files from the production site to the secondary site. This means that even a smaller company or a branch office can perform that initial copy without the Internet or WAN connection delaying replication for weeks or even months.
There are three things to consider when thinking about using removable storage to perform your Hyper-V Replica initial copy:
Passwords Haven’t Disappeared Yet
123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?
- Manual effort: Someone has to perform an export of the virtual machines (part of the wizard), transport the removable storage (probably USB disk or NAS), and import the virtual machines before replication can start. This is a process that requires human effort. This implies that there is a cost (even if it is an internal cross-charge) and that this approach does not lend itself to a cloud model with self-service (requiring automation).
- Risk of data loss: Virtual machine files, including all of their data, are being removed from the (hopefully) physically secure computer room or data center, and being transported in the back of a car, van, or even on a courier bike. No security officer or data protection commissioner will dance for joy at that thought! You can offset the risk by encrypting the removable storage; consider using the built-in Bitlocker to Go.
- Service provider friendliness: Some service providers will offer a DR-as-a-Service feature where you can replicate your Hyper-V virtual machines to their multi-tenant public cloud. Those service providers that operate on low margins with high numbers of tenants will be unlikely to allow out-of-band initial copies such as removable storage, and will require the initial copy to be done over the network (Internet). Such hosting companies need to eliminate the risk of connecting “alien” removable storage and the costs of human effort.
Enabling BitLocker to Go
BitLocker to Go is available on Hyper-V Replica capable hosts running Windows Server 2012 or later. You can use this security feature to encrypt your removable storage. You should consider encryption a requirement, not as an option. It is always best to perform best effort security to offset the risk of data loss. Consider this: How many USB drives have you lost over the years? Now imagine one of those has your company’s employees social security numbers or customer private data. Encrypt the disk!
You can make BitLocker to Go available by adding the BitLocker Drive Encryption feature in Server Manager.
Adding the BitLocker Drive Encryption feature.
When the feature is installed, attach your removable storage onto the primary site host that is running the virtual machine. Open Explorer, right-click on the disk, and select Turn On BitLocker. Select the option to secure the disk using a password and enter a strong pass phrase. Save the recovery key somewhere secure.
Implement the Initial Copy
Proceed through the Enable Replication wizard and choose the Send Initial Copy Using External Media option. Browse to select the path where the production virtual machine will be exported to; this is the attached removable media. When you finish the wizard, two things will happen:
- A stub replica virtual machine will be created in the secondary site with no disks.
- A checkpoint (Hyper-V snapshot) will be created of the running production virtual machine and this is used to export the files to the removable media. The files of the virtual machine are stored in a unique sub-folder.
Send initial copy using external media.
Replication has not started yet. Transport the removable media to the secondary site, connect it to the server and enter the BitLocker password to access the media. Launch Hyper-V Manager, browse to the sub replica virtual machine, right-click on it, and select Replication > Import Initial Replica. You will need to enter the path of the subfolder that contains the exported files.
Importing the initial replica.
Once completed, replication will automatically start and your production site virtual machine is protected in the secondary site.