Jeff Woolsey, Principal Program Manager at Microsoft for Windows Server answers the question:
Can USB devices (like smart cards and storage devices) be accessed within a Hyper-V virtual machine?
The answer is “Yes” and here are two possible scenarios:
Scenario #1 (Primary): Centralized Desktop (VDI) Deployment
In this scenario, an end user logs into virtual machine which is running in a locked datacenter/closet etc. In this case, the end user is using a remote client (either thin or thick client) and wants to plug the USB device into the thin client and doesn’t have physical access to the virtualization host.
Solution: In this scenario, the answer is to use Remote Desktop Connection to provide the USB device with the VM. The advantages to this solution are twofold:
- The end user doesn’t have or need access to the host server to obtain USB connectivity. This is good for both the end user and the system administrator who wants to keep the server physical locked away and isolated for security and compliance reasons.
- Because USB is being provided through the RDP, the virtual machine can still be Live Migrated without restriction or limitation. This last point is very important as our customers who wish to load balance or provide no downtime servicing. Quite simply, our customers have told us to not introduce features that preclude Live Migration so we have taken this requirement as a core Engineering tenet. (BTW, VMware doesn’t follow this tenet and includes many features that prevent vMotion such as DirectPath, SR-IOV and more…)
Here are the step-by-step instructions.
1.Launch the Remote Desktop Connection Client.
2. Click on the Local Resources tab.
3. Note the third group that states Local devices and resources. This allows you to share devices attached to your physical computer with the machine that you’re remoting into, regardless of whether it’s a physical or virtual machine.
4. Click on the More… button.
5. Notice that you can now select which devices you’d like to share through the Remote Desktop Connection. You can see that both Smart cards and any storage device can be connected.
Scenario #2 (Secondary): Server Workload Accessing a USB Dongle
In this secondary (and relatively uncommon) scenario, you have a server workload that requires access to a USB device such as a dongle for licensing purposes. In this scenario, using Remote Desktop Connection doesn’t satisfy a production workload requirement because the server workload needs access to the USB dongle without requiring someone to log in.
However, there’s another challenge.
By virtue of the fact that the application is employing a dongle in the first place, the application is likely an expensive and valuable asset they want to protect and minimize any downtime. While customers want the server workload to have access to the USB dongle so the workload can run within the virtual machine, they also require that virtual machines still have the ability to Live Migrate for load balancing, no downtime servicing and failover if needed.
Solution: For this scenario, the solution is to use a USB over IP solution. There are a number of options on the market which provide transparent access to USB devices over TCP/IP and can cost as little as $45 per device. Here are two such examples:
With this solution our customers achieve both USB dongle access within a VM without sacrificing VM Mobility.