×
Community Blog Easy Way to Deploy Windows Server Failover Clustering (WSFC)

Easy Way to Deploy Windows Server Failover Clustering (WSFC)

In this tutorial, you will learn to easily deploy, install and configure Windows Server Failover Clustering (WSFC) and SQL server on Alibaba Cloud ECS.

We recommend you use Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability Groups as your SQL Server high availability solution on Alibaba Cloud's ECS (Elastic Compute Service) Instances.

WSFC is a feature of the Windows Server platform, which is generally used to improve the high availability of applications and services on your network. WSFC is a successor to the Microsoft Cluster Service (MCS).

An Alibaba Cloud ECS Instance provides fast memory and the latest Intel CPUs to help you to power your cloud applications and achieve faster results with low latency. All ECS instances come with Anti-DDoS protection to safeguard your data and applications from DDoS and Trojan attacks.

The Alibaba Cloud ECS allows you to load applications with multiple operating systems and manage network access rights and permissions. Within the user console, you can also access the latest storage features, including auto snapshots, which is perfect for testing new tasks or operating systems as it allows you to make a quick copy and restore later. It offers a variety of configurable CPU, memory, data disk and bandwidth variations allowing you to tailor each Instance to your specific needs.

We recommend the following hardware to deploy this solution:

  1. ECS: 4-core CPU or above with 16GB of memory, or above.
  2. Mount SSD cloud disks as ECS.

We also recommend the following software with the listed specifications:

  1. .NET Framework 4.0 or above
  2. Powershell 5.0 or above
  3. Windows Server 2016 64-bit Data Center Edition
    SQL Server 2016 64-bit Enterprise Edition

1.Set up Your ECS and Remote Cloud

1.1.Modify Your Host Name

Since images produce ECS instances, some of them may share the same name. While this problem is rare with VPCs (Virtual Path Connections), to ensure absolute security, modify the host name to shorter than 15 characters and immediately restart the host.

You can manually alter the name using the following Powershell command:

Rename-Computer -NewName "ServerName" -restart -force  

1.2.Disable UAC Restrictions

You can disable the User Account Control (UAC) remote restrictions using the following Powershell command:

new-itemproperty -path 
HKLM:SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem -Name 
LocalAccountTokenFilterPolicy -Value 1

Related Blogs

Deploying Cross-AZ Windows Server Failover Clustering (WSFC) in Alibaba Cloud

In this tutorial, we will show you how to deploy Cross-Availability Zone (AZ) Windows Server Failover Clustering (WSFC) on an Alibaba Cloud Elastic Compute Service (ECS) instance.

WSFC is a feature of the Windows Server platform, which is generally used to improve the high availability of applications and services on your network. WSFC is a successor to the Microsoft Cluster Service (MCS). We recommend you use Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability Groups as your SQL Server high availability (HA) solution on Alibaba Cloud's Elastic Compute Service (ECS) instances.

An Alibaba Cloud ECS Instance provides fast memory and the latest Intel CPUs to help you to power your cloud applications and achieve faster results with low latency. All ECS instances come with Anti-DDoS protection to safeguard your data and applications from DDoS and Trojan attacks.

The Alibaba Cloud ECS allows you to load applications with multiple operating systems and manage network access rights and permissions. Within the user console, you can also access the latest storage features, including auto snapshots, which is perfect for testing new tasks or operating systems as it allows you to make a quick copy and restore later. It offers a variety of configurable CPU, memory, data disk and bandwidth variations allowing you to tailor each Instance to your specific needs.

When using WSFC in conjunction with Alibaba Cloud ECS, if one cluster node fails, another node can take over. We can configure this failover to happen automatically, which is the usual configuration, or we can manually trigger a failover.

In this tutorial, we deploy a Cross-Availability Zone (AZ) WSFC on an Alibaba Cloud ECS instance. This tutorial assumes a basic understanding of Alibaba Cloud's suite of products and services, the Alibaba Cloud Console, failover clustering, the Active Directory (AD), and the administration of Windows Server.

1. Introduction

1.1 The Architecture

We recommend the following configuration, which contains three servers and runs across the Alibaba Cloud Virtual Private Cloud (VPC) to provide an isolated cloud network to operate your resource in a secure environment:

• A primary ECS instance running Windows Server 2016.
• A secondary ECS instance, configured to match the primary instance, running in another Availability Zone.
• An Active Directory (AD) / domain name server (DNS) instance. This server will serve several roles:

  1. Providing a Windows domain.
  2. Resolving hostnames to IP addresses.
  3. Hosting the file share witness that acts as a third "vote" to achieve the required quorum for the cluster.

Note: the quorum is sometimes referred to as the Disk or File Witness. It is simply a small clustered disk which is in the available cluster storage group.

1.2 Understanding the Network Routing

When the cluster fails, requests must go to the newly active node. This routing is usually handled by the address resolution protocol (ARP), which associates IP addresses with MAC addresses.

However, in Alibaba Cloud, the VPC system uses software-defined networking, which does not provide MAC addresses. This means the changes broadcast by ARP don't affect routing. To make routing work, we need to make use of an Alibaba Cloud product called HAVIP (Highly Available Virtual IP).

In this scenario we need to form a cluster across two different subnets in two availability zones. So, we will need to employ two HAVIPs.

1.3 Understanding a Failover

When a failover happens in the cluster, the following changes take place:

  1. Windows failover clustering changes the status of the active node to indicate that it has failed.
  2. Failover clustering moves any cluster resources and roles from the failing node to the best node, as defined by the quorum. This action includes moving the associated cluster IP addresses.
  3. Failover clustering broadcasts ARP packets to notify the hardware-based network routers that the IP addresses have moved. For this scenario, the HAVIP in the other subnet/availability zone will pick up this change and will promote the corresponding instance to become the new master, and the cluster DNS will now be mapped to the new HAVIP address.

That's it! Let's start the tutorial from the Alibaba Cloud Console.

Windows and SQL Server 2008 Support Expiring in 2020: Threat or Opportunity?

Learn how you will be affected by the end of Windows and SQL Server 2008 support in 2020, and how you can future-proof your infrastructure through containerization.

Microsoft has been reminding their customers, for quite some time now, that Windows Server 2008 and SQL Server 2008 will be out of support as per its lifecycle support schedule. Although there is less than a year remaining for the support to expire, many organizations still have their applications hosted on these platforms.

What Does This Mean to Your Business and Why Should You Act

End of extended support means Microsoft will stop providing any security updates for these products, which means that all apps hosted on these platforms will be vulnerable to security threats. With so many regulations to comply with nowadays, and especially with the GDPR in place from 2018, the last thing any organization want is loss of revenue and reputation resulting from a security breach. Therefore, it is crucial for organizations to act now before it is too late.

What Options Do You Have?

In 2014, when we were facing with a similar risk - for Windows 2003 and SQL 2005 - we did not have many options. You had to either:

  1. Upgrade to Windows 2012 OR
  2. Pay Microsoft to "extend" the extended support OR
  3. Just hope and pray every day that your organization is not in the news for a security breach

Thankfully, it is 2019 and we have made several technological advancements that can provide us with more options. Here is a quick summary of what you can do:

Option 1: Do Nothing

Given the potential for incidents like WannaCry ransomware attack, this is certainly not a reasonable option. Without any commitment from vendors to provide patches for vulnerabilities, you are always at the risk of a security breach when new threats are identified. Time and reputation lost in recovering from a security breach could adversely impact any business.

I still remember that weekend of WannaCry incident, when we had to pull together teams to install the last-minute patch on Windows 2003 servers, for our clients globally. Patches for Win2008 and Win2012 were already released and those servers were updated as part of the patching cycle.

Option 2: Buy More Time

Yes, you can get 3 more years of free security updates from Microsoft, if you can find the money and time to migrate all of those 2008 servers to Microsoft's public cloud - Azure. With this option, all you are doing is postponing the risk as you still have to spend money and effort to migrate those apps at a later date. This option reminds me of how we dumped most of our items in the garage when we moved to our new home. Though we got some sorted on the day we moved, we still had to spend the entire Christmas break sorting and moving things out of the garage and into our new home!

Microsoft does provide some useful tools to help with the migration process, but you still need to evaluate each application and plan the migration to Azure - all this needs to be done by the end of the year!

Windows Networking Troubleshooting 8: Brief Analysis of Windows SynAttackProtection Mechanism

In this article, we'll explore SynAttackProtection in detail to understand how it can cause connection problems for application services built on Windows Server 2008 R2.
Recently, a Syn Flood Attack caused connection problems for some application services on Windows servers, which caused some doubts as to whether Windows could withstand Syn Flood Attacks. Due to the "good" closure of Windows, the official documents were vague and did not give a clear introduction for this issue. Therefore, we have carefully studied the SynAttackProtection Implementation driven by tcpip.sys on Windows Server 2008 R2.

Note: If you do not know much about SynAttackProtection, you are recommended to review the reference materials first.

Analysis

SynAttackProtection is briefly described in the documentation of Microsoft:

  1. From Windows Vista, SynAttackProtection is enabled by default and cannot be turned off.
  2. The threshold of SynAttack is dynamically adjusted based on the CPU/Memory.
  3. The Windows server administrator can only know whether SynAttackProtection is enabled when the server encounters Syn Attack, by opening TCPIP ETL trace in advance, stopping the trace afterwards, and then analyzing it.

Generally, the system that is providing services will not initiatively start the TCPIP ETL trace in advance without knowing it. Once a problem occurs, we can only capture a Memory Dump, and try to find the key information in the Dump through the complete Public Symbol provided by Microsoft.

Memory Dump

The easiest way to find the information is to display the function names and global variables of the relevant drivers through the windbg/kd x command. Through the Syn Attack keyword, we can easily find it.

Live Debug

Furthermore, we can use Live Debug to attach the Windows Debugger to the Kernel Debug virtual machine interface of Windows Server 2008 R2, and use the ba SynRcvdLimit method to set the memory read breakpoint, so that we can easily obtain the entire call stack and the key Kernel functions.

Related Products

Simple Application Server

A single server-based service for application deployment, security management, O&M monitoring, and more

Elastic Compute Service

Elastic and secure virtual cloud servers to cater all your cloud hosting needs.

Related Courses

Using SAS to Publish a Magento E-commerce Website

In this clouder we will discuss the use of a Simple Application Server to deploy an e-commerce website. After the server has been set up, we will run a web server running environment and install a Magento package. Magento is an easy-to-use e-commerce tool that allows you to design and monitor your e-commerce website simply and effiecently. Completing this clouder will give you all the tools necessary to begin your online business!

Using ECS to Construct a Dynamic Website

Want to learn how to construct a dynamic website that can actively update its content? In this Clouder lesson, you will learn how to build a WordPress website on Alibaba Cloud.

Related Documentation

Manage Windows Server Semi-Annual Channel images and instances

This topic describes how to manage an ECS instance that is created from a Windows Server Semi-Annual Channel image.

Background information

Windows Server Semi-Annual Channel runs in Server Core mode and is entirely command-line based. Windows Server Semi-Annual Channel offers some significant advantages, such as support for remote management, lower requirements for hardware, and a reduction in the need for updates. Windows Server Semi-Annual Channel instances exclude Resource Manager, Control Panel, and Windows Explorer. The instances do not support the *.msc command-line option such as devmgmt.msc. You can manage servers by using tools such as Sconfig, Server Manager, PowerShell, and Windows Admin Center.

Use Windows Server Backup to back up data from an ECS instance to Apsara File Storage NAS

This topic describes how to back up data from a Windows ECS instance to Apsara File Storage NAS. You can use a Windows built-in tool named Windows Server Backup to back up data from disks to Apsara File Storage NAS.

Background information

With Windows Server Backup, you can perform a full backup to back up all data at a time. You can also schedule backup tasks to run automatically at regular intervals. You can restore data from these backups at any time.

Apsara File Storage NAS helps you achieve compute-storage separation. You can store temporary data for computing tasks and dynamic memory on ECS instances and store permanent data on Apsara File Storage NAS. If no response is returned from one ECS instance, you can switch to another ECS instance to access data stored on Apsara File Storage NAS. Apsara File Storage NAS allows multiple ECS instances to access a file system.

You can manually synchronize data stored on an ECS instance to Apsara File Storage NAS or schedule synchronization plans on a regular basis. This helps you preserve data and restore data in the event of data loss. Each disk snapshot is a copy of an entire disk. However, Apsara File Storage NAS is more flexible for data storage. Instead of backing up an entire disk, you can back up one or more directories at a time.

Related Market Products

Windows Server 2008 R2 with AMD GPU driver preinstalled

GPU cloud server is a computing service based on GPU application. It is applicable for AI deep learning, video processing, scientific computing, graphic visualization, and other application scenarios. Alibaba Cloud becomes the first cloud provider partnering with NGC GPU Container in China (which provides the best fully optimized deep learning framework for customers).

RealSight APM V1.8 on Windows Server 2012

RealSight APM is a much easy to use and much powerful management platform for monitoring application health state, performance, cloud resources, user experience and relevant resources of applications running in cloud. It can help you to constantly monitoring your applications and release you from the cumbersome operation works.

0 0 0
Share on

Alibaba Clouder

2,094 posts | 487 followers

You may also like

Comments