In this blog post I will go through the steps necessary to secure your traffic between Hyper-v servers via SSL, so that your replication traffic cannot be interpreted by a third party if intercepted. This is particularly useful where off-site replication is desirable, and can be achieved on a budget where required with your own internal Certificate Services infrastructure. This avoids the cost of purchasing a certificate from a trusted vendor, which can be quite expensive.
For the purpose of this example, we are going to assume that you already have the certificate services role installed on one of your servers with a GUI, and that if you are using Hyper-V server and not server 2012, that you have the Hyper-v management console installed on a management machine and remote management enabled on the hypervisor. There are of course other ways of generating a certificate and trusting it, but most environments will have these tools to hand. The type of certificate that you will require will not be enabled out of the box in certificate services, so our first job is to go and enable this under templates.
To enable this template, from your CA go to;
- Certificate Services > Right click Templates > Manage > Right click Workstation Authentication > Select Duplicate Template
- Give the new template a name and add client and server authentication as properties to the application policies template.
- Change the subject name option to supply in request
- Spin up an MMC console on the Hyper-v box and make a request
At this point you can go through into Hyper-v Manager and select the transport method for replication to be SSL, and your new certificate should be present in the list of available certificates for this purpose. I hope this has been informative or helpful to someone, feel free to leave me a comment with your thoughts.