%3CLINGO-SUB%20id%3D%22lingo-sub-382125%22%20slang%3D%22en-US%22%3EHyper-V%20Replica%20BPA%20Rules%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-382125%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3E%20First%20published%20on%20TECHNET%20on%20Oct%2001%2C%202013%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%3CP%3EA%20frequent%20question%20from%20our%20customers%20is%20on%20whether%20there%20are%20standard%20%E2%80%9Cbest%20practices%E2%80%9D%20when%20deploying%20Hyper-V%20Replica%20(or%20any%20Windows%20Server%20role%20for%20that%20matter).%20These%20questions%20come%20in%20many%20avatars%20-%20Does%20the%20Product%20Group%20have%20any%20configuration%20gotchas%20based%20on%20internal%20testing%2C%20is%20my%20server%20properly%20configured%2C%20should%20I%20change%20any%20replication%20configuration%20etc.%3C%2FP%3E%0A%20%20%3CP%3E%3CSTRONG%3EBest%20Practices%20Analyzer%20(BPA)%20%3C%2FSTRONG%3E%20is%20a%20powerful%20inbox%20tool%20which%20scans%20the%20server%20for%20any%20potential%20%E2%80%98best%20practice%E2%80%99%20violations.%20The%20report%20describes%20the%20problem%20and%20also%20provides%20recommendation%20to%20fix%20the%20issue.%20You%20can%20use%20the%20BPA%20both%20from%20UI%20as%20well%20as%20PowerShell.%3C%2FP%3E%0A%20%20%3CP%3EFrom%20the%20Server%20Manager%20Dashboard%2C%20click%20on%20%3CSTRONG%3E%20Hyper-V%2C%20%3C%2FSTRONG%3E%20scroll%20down%20to%20the%20%3CSTRONG%3E%20Best%20Practices%20Analyzer%20%3C%2FSTRONG%3E%20option%2C%20click%20on%20%3CSTRONG%3E%20Tasks%20%3C%2FSTRONG%3E%20%2C%20followed%20by%20%3CSTRONG%3E%20Start%20BPA%20Run%3C%2FSTRONG%3E%3C%2FP%3E%0A%20%20%3CP%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F96940i3E82E281447C349D%22%20%2F%3E%3C%2FP%3E%0A%20%20%3CP%3EOnce%20the%20scan%20is%20complete%2C%20you%20can%20filter%20the%20issues%20based%20on%20Warning%20or%20Errors%2C%20Excluded%20Results%2C%20Compliant%20Results.%3C%2FP%3E%0A%20%20%3CP%3EThe%20same%20can%20be%20done%20through%20PowerShell%20by%20executing%20the%20following%20cmdlets%3C%2FP%3E%0A%20%20%3CDIV%20id%3D%22codeSnippetWrapper%22%3E%0A%20%20%20%3CDIV%20id%3D%22codeSnippet%22%3EInvoke-BpaModel%20-ModelId%20Microsoft%2FWindows%2FHyper-V%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Get-BpaResult%20-ModelId%20Microsoft%2FWindows%2FHyper-V%20%3CBR%20%2F%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3C%2FDIV%3E%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3CP%3ETo%20filter%20non-compliant%20rules%2C%20issue%20the%20following%20cmdlet%3C%2FP%3E%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3CDIV%20id%3D%22codeSnippetWrapper%22%3E%3CBR%20%2F%3E%3CDIV%20id%3D%22codeSnippet%22%3E%3CBR%20%2F%3E%20Get-BpaResult%20-ModelId%20Microsoft%2FWindows%2FHyper-V%20-Filter%20Noncompliant%20%3CBR%20%2F%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3C%2FDIV%3E%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3CP%3EIn%20a%20Windows%20Server%202012%20server%2C%20the%20following%20rules%20constitute%20the%20Hyper-V%20BPA.%20The%20Hyper-V%20Replica%20specific%20rules%20are%20between%20rules%2037-54.%3C%2FP%3E%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3CDIV%20id%3D%22codeSnippetWrapper%22%3E%3CBR%20%2F%3E%3CP%3ERuleId%20Title%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20------%20-----%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%203%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20The%20Hyper-V%20Virtual%20Machine%20Management%20Service%20should%20be%20configured%20to%20start%20automatically%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%204%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Hyper-V%20should%20be%20the%20only%20enabled%20role%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%205%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20The%20Server%20Core%20installation%20option%20is%20recommended%20for%20servers%20running%20Hyper-V%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%206%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Domain%20membership%20is%20recommended%20for%20servers%20running%20Hyper-V%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%207%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Avoid%20pausing%20a%20virtual%20machine%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%208%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Offer%20all%20available%20integration%20services%20to%20virtual%20machines%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%209%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Storage%20controllers%20should%20be%20enabled%20in%20virtual%20machines%20to%20provide%20access%20to%20attached%20storage%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2010%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Display%20adapters%20should%20be%20enabled%20in%20virtual%20machines%20to%20provide%20video%20capabilities%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2011%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Run%20the%20current%20version%20of%20integration%20services%20in%20all%20guest%20operating%20systems%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2012%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Enable%20all%20integration%20services%20in%20virtual%20machines%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2013%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20The%20number%20of%20logical%20processors%20in%20use%20must%20not%20exceed%20the%20supported%20maximum%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2014%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Use%20RAM%20that%20provides%20error%20correction%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2015%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20The%20number%20of%20running%20or%20configured%20virtual%20machines%20must%20be%20within%20supported%20limits%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2016%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Second-level%20address%20translation%20is%20required%20when%20running%20virtual%20machines%20enabled%20for%20RemoteFX%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2017%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20At%20least%20one%20GPU%20on%20the%20physical%20computer%20should%20support%20RemoteFX%20and%20meet%20the%20minimum%20requirements%20for%20DirectX%20when%20virtual%20machines%20are%20configured%20with%20a%20RemoteFX%203D%20video%20adapter%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2018%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Avoid%20installing%20RemoteFX%20on%20a%20computer%20that%20is%20configured%20as%20an%20Active%20Directory%20domain%20controller%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2019%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Use%20at%20least%20SMB%20protocol%20version%203.0%20for%20file%20shares%20that%20store%20files%20for%20virtual%20machines.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2020%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Use%20at%20least%20SMB%20protocol%20version%203.0%20configured%20for%20continuous%20availability%20on%20file%20shares%20that%20store%20files%20for%20virtual%20machines.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2037%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20A%20Replica%20server%20must%20be%20configured%20to%20accept%20replication%20requests%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2038%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Replica%20servers%20should%20be%20configured%20to%20identify%20specific%20primary%20servers%20authorized%20to%20send%20replication%20traffic%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2039%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Compression%20is%20recommended%20for%20replication%20traffic%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2040%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Configure%20guest%20operating%20systems%20for%20VSS-based%20backups%20to%20enable%20application-consistent%20snapshots%20for%20Hyper-V%20Replica%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2041%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Integration%20services%20must%20be%20installed%20before%20primary%20or%20Replica%20virtual%20machines%20can%20use%20an%20alternate%20IP%20address%20after%20a%20failover%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2042%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Authorization%20entries%20should%20have%20distinct%20tags%20for%20primary%20servers%20with%20virtual%20machines%20that%20are%20not%20part%20of%20the%20same%20security%20group.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2043%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20To%20participate%20in%20replication%2C%20servers%20in%20failover%20clusters%20must%20have%20a%20Hyper-V%20Replica%20Broker%20configured%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2044%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Certificate-based%20authentication%20is%20recommended%20for%20replication.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2045%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Virtual%20hard%20disks%20with%20paging%20files%20should%20be%20excluded%20from%20replication%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2046%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Configure%20a%20policy%20to%20throttle%20the%20replication%20traffic%20on%20the%20network%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2047%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Configure%20the%20Failover%20TCP%2FIP%20settings%20that%20you%20want%20the%20Replica%20virtual%20machine%20to%20use%20in%20the%20event%20of%20a%20failover%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2048%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Resynchronization%20of%20replication%20should%20be%20scheduled%20for%20off-peak%20hours%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2049%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Certificate-based%20authentication%20is%20configured%2C%20but%20the%20specified%20certificate%20is%20not%20installed%20on%20the%20Replica%20server%20or%20failover%20cluster%20nodes%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2050%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Replication%20is%20paused%20for%20one%20or%20more%20virtual%20machines%20on%20this%20server%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2051%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Test%20failover%20should%20be%20attempted%20after%20initial%20replication%20is%20complete%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2052%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Test%20failovers%20should%20be%20carried%20out%20at%20least%20monthly%20to%20verify%20that%20failover%20will%20succeed%20and%20that%20virtual%20machine%20workloads%20will%20operate%20as%20expected%20after%20failover%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2053%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20VHDX-format%20virtual%20hard%20disks%20are%20recommended%20for%20virtual%20machines%20that%20have%20recovery%20history%20enabled%20in%20replication%20settings%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2054%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Recovery%20snapshots%20should%20be%20removed%20after%20failover%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2055%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20At%20least%20one%20network%20for%20live%20migration%20traffic%20should%20have%20a%20link%20speed%20of%20at%20least%201%20Gbps%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2056%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20All%20networks%20for%20live%20migration%20traffic%20should%20have%20a%20link%20speed%20of%20at%20least%201%20Gbps%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2057%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Virtual%20machines%20should%20be%20backed%20up%20at%20least%20once%20every%20week%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2058%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Ensure%20sufficient%20physical%20disk%20space%20is%20available%20when%20virtual%20machines%20use%20dynamically%20expanding%20virtual%20hard%20disks%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2059%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Ensure%20sufficient%20physical%20disk%20space%20is%20available%20when%20virtual%20machines%20use%20differencing%20virtual%20hard%20disks%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2060%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Avoid%20alignment%20inconsistencies%20between%20virtual%20blocks%20and%20physical%20disk%20sectors%20on%20dynamic%20virtual%20hard%20disks%20or%20differencing%20disks%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2061%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20VHD-format%20dynamic%20virtual%20hard%20disks%20are%20not%20recommended%20for%20virtual%20machines%20that%20run%20server%20workloads%20in%20a%20production%20environment%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2062%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Avoid%20using%20VHD-format%20differencing%20virtual%20hard%20disks%20on%20virtual%20machines%20that%20run%20server%20workloads%20in%20a%20production%20environment.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2063%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Use%20all%20virtual%20functions%20for%20networking%20when%20they%20are%20available%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2064%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20The%20number%20of%20running%20virtual%20machines%20configured%20for%20SR-IOV%20should%20not%20exceed%20the%20number%20of%20virtual%20functions%20available%20to%20the%20virtual%20machines%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2065%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Configure%20virtual%20machines%20to%20use%20SR-IOV%20only%20when%20supported%20by%20the%20guest%20operating%20system%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2066%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Ensure%20that%20the%20virtual%20function%20driver%20operates%20correctly%20when%20a%20virtual%20machine%20is%20configured%20to%20use%20SR-IOV%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2067%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Configure%20the%20server%20with%20a%20sufficient%20amount%20of%20dynamic%20MAC%20addresses%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2068%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20More%20than%20one%20network%20adapter%20should%20be%20available%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2069%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20All%20virtual%20network%20adapters%20should%20be%20enabled%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2070%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Enable%20all%20virtual%20network%20adapters%20configured%20for%20a%20virtual%20machine%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2072%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Avoid%20using%20legacy%20network%20adapters%20when%20the%20guest%20operating%20system%20supports%20network%20adapters%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2073%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Ensure%20that%20all%20mandatory%20virtual%20switch%20extensions%20are%20available%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2074%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20A%20team%20bound%20to%20a%20virtual%20switch%20should%20only%20have%20one%20exposed%20team%20interface%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2075%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20The%20team%20interface%20bound%20to%20a%20virtual%20switch%20should%20be%20in%20default%20mode%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2076%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20VMQ%20should%20be%20enabled%20on%20VMQ-capable%20physical%20network%20adapters%20bound%20to%20an%20external%20virtual%20switch%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2077%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20One%20or%20more%20network%20adapters%20should%20be%20configured%20as%20the%20destination%20for%20Port%20Mirroring%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2078%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20One%20or%20more%20network%20adapters%20should%20be%20configured%20as%20the%20source%20for%20Port%20Mirroring%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2079%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20PVLAN%20configuration%20on%20a%20virtual%20switch%20must%20be%20consistent%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2080%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20The%20WFP%20virtual%20switch%20extension%20should%20be%20enabled%20if%20it%20is%20required%20by%20third%20party%20extensions%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2081%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20A%20virtual%20SAN%20should%20be%20associated%20with%20a%20physical%20host%20bus%20adapter%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2082%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Virtual%20machines%20configured%20with%20a%20virtual%20Fibre%20Channel%20adapter%20should%20be%20configured%20for%20high%20availability%20to%20the%20Fibre%20Channel-based%20storage%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%2083%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Avoid%20enabling%20virtual%20machines%20configured%20with%20virtual%20Fibre%20Channel%20adapters%20to%20allow%20live%20migrations%20when%20there%20are%20fewer%20paths%20to%20Fibre%20Channel%20logical%20units%20(LUNs)%20on%20the%20destination%20than%20on%20the%20source%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20106%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Avoid%20using%20snapshots%20on%20a%20virtual%20machine%20that%20runs%20a%20server%20workload%20in%20a%20production%20environment%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20107%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Configure%20a%20virtual%20machine%20with%20a%20SCSI%20controller%20to%20be%20able%20to%20hot%20plug%20and%20hot%20unplug%20storage%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20108%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Configure%20SCSI%20controllers%20only%20when%20supported%20by%20the%20guest%20operating%20system%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20109%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Avoid%20configuring%20virtual%20machines%20to%20allow%20unfiltered%20SCSI%20commands%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20110%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Avoid%20using%20virtual%20hard%20disks%20with%20a%20sector%20size%20less%20than%20the%20sector%20size%20of%20the%20physical%20storage%20that%20stores%20the%20virtual%20hard%20disk%20file%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20111%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Avoid%20configuring%20a%20child%20storage%20resource%20pool%20when%20the%20directory%20path%20of%20the%20child%20is%20not%20a%20subdirectory%20of%20the%20parent%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20112%26nbsp%3B%26nbsp%3B%26nbsp%3B%20Avoid%20mapping%20one%20storage%20path%20to%20multiple%20resource%20pools.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3C%2FP%3E%3CBR%20%2F%3E%3C%2FDIV%3E%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3CP%3E%3C%2FP%3E%3CBR%20%2F%3E%20%3CBR%20%2F%3E%3CP%3EGo%20ahead%20and%20run%20the%20BPA%2C%20you%20might%20learn%20something%20interesting%20from%20the%20non-compliant%20rules!%20Fix%20the%20errors%20which%20are%20reported%20as%20part%20of%20the%20non-compliant%20rules%20and%20re-run%20the%20rules.%20The%20BPA%20scan%20is%20non-intrusive%20and%20should%20not%20impact%20your%20production%20workload.%3C%2FP%3E%0A%20%0A%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-382125%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20TECHNET%20on%20Oct%2001%2C%202013%20A%20frequent%20question%20from%20our%20customers%20is%20on%20whether%20there%20are%20standard%20%E2%80%9Cbest%20practices%E2%80%9D%20when%20deploying%20Hyper-V%20Replica%20(or%20any%20Windows%20Server%20role%20for%20that%20matter).%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-382125%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ehvr%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehyper%20v%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ehyper%20v%20replica%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Not applicable
First published on TECHNET on Oct 01, 2013

A frequent question from our customers is on whether there are standard “best practices” when deploying Hyper-V Replica (or any Windows Server role for that matter). These questions come in many avatars - Does the Product Group have any configuration gotchas based on internal testing, is my server properly configured, should I change any replication configuration etc.

Best Practices Analyzer (BPA) is a powerful inbox tool which scans the server for any potential ‘best practice’ violations. The report describes the problem and also provides recommendation to fix the issue. You can use the BPA both from UI as well as PowerShell.

From the Server Manager Dashboard, click on Hyper-V, scroll down to the Best Practices Analyzer option, click on Tasks , followed by Start BPA Run

Once the scan is complete, you can filter the issues based on Warning or Errors, Excluded Results, Compliant Results.

The same can be done through PowerShell by executing the following cmdlets

Invoke-BpaModel -ModelId Microsoft/Windows/Hyper-V





Get-BpaResult -ModelId Microsoft/Windows/Hyper-V



To filter non-compliant rules, issue the following cmdlet





Get-BpaResult -ModelId Microsoft/Windows/Hyper-V -Filter Noncompliant



In a Windows Server 2012 server, the following rules constitute the Hyper-V BPA. The Hyper-V Replica specific rules are between rules 37-54.




RuleId Title

------ -----


3      The Hyper-V Virtual Machine Management Service should be configured to start automatically


4      Hyper-V should be the only enabled role


5      The Server Core installation option is recommended for servers running Hyper-V


6      Domain membership is recommended for servers running Hyper-V


7      Avoid pausing a virtual machine


8      Offer all available integration services to virtual machines


9      Storage controllers should be enabled in virtual machines to provide access to attached storage


10     Display adapters should be enabled in virtual machines to provide video capabilities


11     Run the current version of integration services in all guest operating systems


12     Enable all integration services in virtual machines


13     The number of logical processors in use must not exceed the supported maximum


14     Use RAM that provides error correction


15     The number of running or configured virtual machines must be within supported limits


16     Second-level address translation is required when running virtual machines enabled for RemoteFX


17     At least one GPU on the physical computer should support RemoteFX and meet the minimum requirements for DirectX when virtual machines are configured with a RemoteFX 3D video adapter


18     Avoid installing RemoteFX on a computer that is configured as an Active Directory domain controller


19     Use at least SMB protocol version 3.0 for file shares that store files for virtual machines.


20     Use at least SMB protocol version 3.0 configured for continuous availability on file shares that store files for virtual machines.


37     A Replica server must be configured to accept replication requests


38     Replica servers should be configured to identify specific primary servers authorized to send replication traffic


39     Compression is recommended for replication traffic


40     Configure guest operating systems for VSS-based backups to enable application-consistent snapshots for Hyper-V Replica


41     Integration services must be installed before primary or Replica virtual machines can use an alternate IP address after a failover


42     Authorization entries should have distinct tags for primary servers with virtual machines that are not part of the same security group.


43     To participate in replication, servers in failover clusters must have a Hyper-V Replica Broker configured


44     Certificate-based authentication is recommended for replication.


45     Virtual hard disks with paging files should be excluded from replication


46     Configure a policy to throttle the replication traffic on the network


47     Configure the Failover TCP/IP settings that you want the Replica virtual machine to use in the event of a failover


48     Resynchronization of replication should be scheduled for off-peak hours


49     Certificate-based authentication is configured, but the specified certificate is not installed on the Replica server or failover cluster nodes


50     Replication is paused for one or more virtual machines on this server


51     Test failover should be attempted after initial replication is complete


52     Test failovers should be carried out at least monthly to verify that failover will succeed and that virtual machine workloads will operate as expected after failover


53     VHDX-format virtual hard disks are recommended for virtual machines that have recovery history enabled in replication settings


54     Recovery snapshots should be removed after failover


55     At least one network for live migration traffic should have a link speed of at least 1 Gbps


56     All networks for live migration traffic should have a link speed of at least 1 Gbps


57     Virtual machines should be backed up at least once every week


58     Ensure sufficient physical disk space is available when virtual machines use dynamically expanding virtual hard disks


59     Ensure sufficient physical disk space is available when virtual machines use differencing virtual hard disks


60     Avoid alignment inconsistencies between virtual blocks and physical disk sectors on dynamic virtual hard disks or differencing disks


61     VHD-format dynamic virtual hard disks are not recommended for virtual machines that run server workloads in a production environment


62     Avoid using VHD-format differencing virtual hard disks on virtual machines that run server workloads in a production environment.


63     Use all virtual functions for networking when they are available


64     The number of running virtual machines configured for SR-IOV should not exceed the number of virtual functions available to the virtual machines


65     Configure virtual machines to use SR-IOV only when supported by the guest operating system


66     Ensure that the virtual function driver operates correctly when a virtual machine is configured to use SR-IOV


67     Configure the server with a sufficient amount of dynamic MAC addresses


68     More than one network adapter should be available


69     All virtual network adapters should be enabled


70     Enable all virtual network adapters configured for a virtual machine


72     Avoid using legacy network adapters when the guest operating system supports network adapters


73     Ensure that all mandatory virtual switch extensions are available


74     A team bound to a virtual switch should only have one exposed team interface


75     The team interface bound to a virtual switch should be in default mode


76     VMQ should be enabled on VMQ-capable physical network adapters bound to an external virtual switch


77     One or more network adapters should be configured as the destination for Port Mirroring


78     One or more network adapters should be configured as the source for Port Mirroring


79     PVLAN configuration on a virtual switch must be consistent


80     The WFP virtual switch extension should be enabled if it is required by third party extensions


81     A virtual SAN should be associated with a physical host bus adapter


82     Virtual machines configured with a virtual Fibre Channel adapter should be configured for high availability to the Fibre Channel-based storage


83     Avoid enabling virtual machines configured with virtual Fibre Channel adapters to allow live migrations when there are fewer paths to Fibre Channel logical units (LUNs) on the destination than on the source


106    Avoid using snapshots on a virtual machine that runs a server workload in a production environment


107    Configure a virtual machine with a SCSI controller to be able to hot plug and hot unplug storage


108    Configure SCSI controllers only when supported by the guest operating system


109    Avoid configuring virtual machines to allow unfiltered SCSI commands


110    Avoid using virtual hard disks with a sector size less than the sector size of the physical storage that stores the virtual hard disk file


111    Avoid configuring a child storage resource pool when the directory path of the child is not a subdirectory of the parent


112    Avoid mapping one storage path to multiple resource pools.







Go ahead and run the BPA, you might learn something interesting from the non-compliant rules! Fix the errors which are reported as part of the non-compliant rules and re-run the rules. The BPA scan is non-intrusive and should not impact your production workload.