Q. Can I encrypt the communication between my Hyper-V cluster hosts?

Absolutely, although where this setting is done is neither obvious nor entirely well-publicized anywhere on the Internet. You can find more information about this nifty feature is in a 2009 Tech Ed presentation by Symon Perriman of Microsoft, "Multi-Site Clustering with Windows Server 2008 Enterprise."

Clusters where every node exists within the same LAN probably don't need intra-cluster traffic encryption, but those that span to multiple sites can. If you intend to stretch your cluster to another site across a Multiprotocol Label Switching (MPLS) network or other shared Internet connection, consider encrypting your cluster communication to protect it against spying eyes.

Setting up encryption requires Windows PowerShell, specifically the Get-Cluster cmdlet. Running

Get-Cluster clusterName | fl *

against your cluster will display the full list of cluster properties. The property you're interested in for this purpose is SecurityLevel.

A SecurityLevel of 0 will use clear text for communication. A SecurityLevel of 1 (the default) will sign the traffic. Setting SecurityLevel to 2 will encrypt it communication.

Use the command

Get-Cluster clusterName | ForEach-Object \\{ $_.SecurityLevel = 2 \\}

to start encrypting.

Want even more answers to your virtualization questions? Click on over to the Greg Shields on Virtualization page, where Greg answers your questions weekly! Also, submit your questions for Greg.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.