Which ports to open for Hyper-V

Question

We have two physical servers on the different area protected by firewalls. We want to build Hyper-V cluster for this servers. We found the article from Microsoft VMM Ports and Protocols, but there are a lot of different notes which says that this article is wrong (for example this one). Does anybody exactly know which ports do we need to open?

Yes. This servers are located on different area protected by firewalls. — Sasha, Jun 22 '11 at 07:18
That usually requires several clusters. I've never heard about anyone using a cluster through a firewall. I'm pretty sure that every support matrix out there will tell you not to.. — pauska, Jun 22 '11 at 07:25
In our case we cannot remove firewall from the scheme... And the main idea was to create cluster using two servers on the different areas. — Sasha, Jun 22 '11 at 07:43
A cluster spanning across a large geographical distance with firewalls and routers between? Are you aware of the implications of losing the cluster link for a long time? Are you familiar with cluster votes, and how they affect your datacenter.. that the site with the least members will shut it self down if it lose connectivity to the main one? I think you need to look at site resilliency, not clusters spanned over several sites. — pauska, Jun 22 '11 at 07:54
Areas are in the same city, so I think no. The channel between this areas is very reliable, so no. — Sasha, Jun 22 '11 at 08:07
@Sasha, couldnt' agree with Pauska more here, bad idea, really bad - I do geographically-disperse clustering but over private/dark-fibre links with nothing above Layer 1 between them - this works but building it like this WILL break quite frequently. — Chopper3, Jun 22 '11 at 08:46
@Chopper3 Thanks. I will look at possibility to do it over private/dark-fibre links — Sasha, Jun 22 '11 at 08:53

score 1 · Answer 1 · answered Jun 28 '11 at 17:39

1

If you must go down this path, have a look here for a third party tool that may get the job done for you:

http://www.visionsolutions.com/Products/DT-Avail.aspx

answered Jun 28 '11 at 17:39

joeqwerty

108,377
6
80
171

As I can understand we will spent less money for DT Availability product then building hardware storage for this two servers? – Sasha Jun 28 '11 at 18:29
Umm... I don't know, will you? – joeqwerty Jun 28 '11 at 19:30
~9600 for DT Product licenses VS hardware storage... I think software win! – Sasha Jun 28 '11 at 20:46
On a side note, the last time I purchased DT they were very open to discounts for multiple license purchases. – joeqwerty Jun 28 '11 at 22:51

score 1 · Answer 2 · answered Jun 28 '11 at 17:41

The core of the problem is that I believe the MS Clustering heartbeat is not a TCP/IP protocol packet, rather an ethernet broadcast of a specific kind. This means that cluster nodes need to be in the same subnet, and your firewall will be a firewall-on-a-bridge rather than a firewall-on-a-router. Because of this, a TCP/IP oriented firewall will not know what to do with this kind of packet and will in all likelihood, drop it.

score 0 · Answer 3 · answered Jun 28 '11 at 17:28

I really don't think this is possible unless you have considerable (resilient) bandwidth between your sites. It's certainly more complicated than just opening up a few firewall ports. Have a look at this presentation that will give you some idea of the requirements then boggle at the budget required.

Which ports to open for Hyper-V

3 Answers3