In this tutorial, we will show you how to prepare your remote cloud and deploy Windows Server Failover Clustering on an Alibaba Cloud ECS Instance.
We recommend you use Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability Groups as your SQL Server high availability solution on Alibaba Cloud's ECS (Elastic Compute Service) Instances.
WSFC is a feature of the Windows Server platform, which is generally used to improve the high availability of applications and services on your network. WSFC is a successor to the Microsoft Cluster Service (MCS).
An Alibaba Cloud ECS Instance provides fast memory and the latest Intel CPUs to help you to power your cloud applications and achieve faster results with low latency. All ECS instances come with Anti-DDoS protection to safeguard your data and applications from DDoS and Trojan attacks.
The Alibaba Cloud ECS allows you to load applications with multiple operating systems and manage network access rights and permissions. Within the user console, you can also access the latest storage features, including auto snapshots, which is perfect for testing new tasks or operating systems as it allows you to make a quick copy and restore later. It offers a variety of configurable CPU, memory, data disk and bandwidth variations allowing you to tailor each Instance to your specific needs.
We recommend the following hardware to deploy this solution:
We also recommend the following software with the listed specifications:
Since images produce ECS instances, some of them may share the same name. While this problem is rare with VPCs (Virtual Path Connections), to ensure absolute security, modify the host name to shorter than 15 characters and immediately restart the host.
You can manually alter the name using the following Powershell command:
Rename-Computer -NewName "ServerName" -restart -force
You can disable the User Account Control (UAC) remote restrictions using the following Powershell command:
new-itemproperty -path
HKLM:SOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem -Name
LocalAccountTokenFilterPolicy -Value 1
This is a mandatory and basic structure that allows AlwaysOn to grow on the Windows Cluster. Use the Powershell command:
Install -WindowsFeature -Name Failover-Clustering - IncludeManagementTools
This solution involves a stand-alone control. To make the solution successfully run under Windows Cluster, you need to add the uniform suffix to the hostname for identification purposes.
You can modify it through the UI, or use the Powershell command:
$ParentKeyPath = "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"
$DnsSuffix="aliyunrds.com"
New-ItemProperty -Path $ParentKeyPath -Name "NV Domain" -Value $DnsSuffix -PropertyType
Strictly speaking, you can use a DHCP for configuration in Windows Server. However, we suggest you use a static IP address to configure the host's network connection.
You can use the UI or the Powershell command for configuration. However, remember to check the DNS configuration and adjust it as necessary. The Powershell command is as follows:
$IPType = "IPv4"
$Adapter = Get-NetAdapter | Where-Object {$_.Status -eq 'up' -and $_.name -ne 'loopback'}
$IpAddress=((($Adapter | Get-NetIPConfiguration).IPv4Address) | Where InterfaceAlias -ne "loopback").IPAddress
$PrefixLength=((($Adapter | Get-NetIPConfiguration).IPv4Address) | Where InterfaceAlias -ne "loopback").PrefixLength
$Gateway=((Get-NetIPConfiguration).Ipv4DefaultGateway).NextHop
If (($adapter | Get-NetIPConfiguration).IPv4Address.IPAddress)
{
$adapter | Remove-NetIPAddress -AddressFamily $IPType -Confirm:$false
}
If (($adapter | Get-NetIPConfiguration).Ipv4DefaultGateway)
{
$adapter | Remove-NetRoute -AddressFamily $IPType -Confirm:$false
}
# config static ip address
$Adapter | New-NetIPAddress -AddressFamily $IPType -PrefixLength $PrefixLength -IPAddress $IpAddress -DefaultGateway $Gateway
The file is located at hosts under C:WindowsSystem32driversetc. You need to map the name and DNS suffix of every host along with the IP addresses. You can do this with the following cmd command:
copy C:\Windows\System32\drivers\etc\hosts C:\Windows\System32\drivers\etc\hosts_2017033141131
echo 172.16.18.247 iZbp1ehi2dopyqC.aliyunrds.com >> C:\Windows\System32\drivers\etc\hosts
echo 172.16.18.246 iZbp1ehi2dopyqZ.aliyunrds.com >> C:\Windows\System32\drivers\etc\hosts
echo 172.16.18.248 iZbp1ehi2dopyqA.aliyunrds.com >> C:\Windows\System32\drivers\etc\hosts
Next, we'll create the Windows cluster. The latest version of Windows Server 2016 supports cluster creation through the UI, but you can also choose to create the cluster through the Powershell command. You need to specify staticAddress, which is the IP address in the VPC. Be careful not to occupy it:
New-Cluster –Name clus-aliyun0001 -Node
iZbp1ehi2dopyqC.aliyunrds.com,iZbp1ehi2dopyqZ.aliyunrds.com,iZbp1ehi2dopyqA.aliyunrds.com -AdministrativeAccessPoint DNS -StaticAddress 172.16.18.101
Non-domain-control AlwaysOn availability groups only support arbitration through majority nodes or based on Microsoft cloud files. Alibaba Cloud only supports the majority nodes mode. As a result, you must deploy at least three nodes for your Windows Cluster. If you deploy four nodes, make sure to set one of them to zero voting rights. If you only need two database copies, you can use two ECS instances, with one serving as an AlwaysOn node and the other only joining the Windows Cluster.
Set VOTE:
$node = "Always OnSrv1"
(Get-ClusterNode $node).NodeWeight = 0
Set no-witness:
Set-ClusterQuorum -NoWitness
Set majority-node arbitration:
Set-ClusterQuorum –NodeMajority
You may observe in your testing process that after several failovers, automatic failover ceases to function after some time. This is because Windows Cluster imposes a limit on the number of automatic failovers for each resource group within a certain period.
If you want to increase the limit of automatic failovers to, say 30 failovers, use the following command.
(Get-ClusterGroup "Cluster Group").FailoverThreshold = 30
Bind the read-only ECS instance to the Server Load Balancer and specify the weight.
Open the Windows Server UI and click "Add roles and features".
Under Server Roles, click "Active Directory Domain Service" and click "Next".
Make sure the "Include management tools" checkbox is selected and click "Add Features".
Check your installation selection matches the screenshot below. Click "Install".
The installation process will start, and you will see a progress bar:
When the installation is complete, the following line will appear, indicating that you need to configure your installation:
Your installation is complete. Click "Close" and proceed to the next step.
Now, you need to configure your AD Domain Service. A small hazard sign should appear on the Server Manager Dashboard, alerting you to complete your configuration. Click the hazard sign, and then click "Promote this server to a domain controller".
The configuration wizard window will appear:
Check to "Add a new forest" and enter your root domain name.
Next, click the "Domain Controller Options" on the left-hand menu and fill in the password fields, leaving all the other options as the default values:
Click "Next". The prerequisite checks should pass successfully. You can now click "Install" to begin the installation:
After the installation your computer will automatically restart. Use "rwstest.comAdministrator" to log in to Windows Server.
Return to your "Add Roles and Features Wizard" and click "Server Roles". Check "Active Directory Certificate Services:
Go to "Role Services" and check "Certification Authority Web Enrollment":
Click "Next" and the following screen should appear:
The CA Service installation is complete.
Open the AD CS Configuration window, go to "Role Services" and check "Certification Authority Web Enrollment":
Click "Next" and make sure the "Enterprise CA" is selected:
Click "Next". Then, add the details of your CA:
Click "Next" and check your configuration:
Click "Configure" and the following screen should appear:
Open a browser window and type "http://servername/certsrv in the address line (where servername is the name of the server on which the CA certificate is installed).
The following should appear:
That's it! You've installed and configured Windows Server Failover Clustering for Alibaba Cloud ECS.
Hyperconnectivity and Openness in the Digital Age – The Computing Conference 2018
Safeguard Your Blockchain Solution with Chip-Level Security – Alibaba Cloud Blockchain Service
2,599 posts | 762 followers
FollowAlibaba Clouder - August 20, 2020
Alibaba Clouder - February 25, 2020
Alibaba Clouder - September 30, 2018
Alibaba Clouder - September 28, 2018
Alibaba Clouder - August 9, 2019
Alibaba Clouder - September 29, 2018
2,599 posts | 762 followers
FollowElastic and secure virtual cloud servers to cater all your cloud hosting needs.
Learn MoreRespond to sudden traffic spikes and minimize response time with Server Load Balancer
Learn MoreLearn More
More Posts by Alibaba Clouder