Jun 12, 2021

Cloud Witness in Azure

 Cloud Witness is a type of Fail-over Cluster quorum witness that uses Microsoft Azure to provide a vote on cluster quorum.

There are significant benefits which this approach:

  • No need for third separate DC for cluster witness.
  • Uses standard available Azure Blob Storage (no extra maintenance overhead of virtual machines hosted in public cloud).
  • Same Azure Storage Account can be used for multiple clusters (one blob file per cluster; cluster unique ID used as blob file name).
  • Low on-going $cost to the Storage Account (small data written per blob file, blob file updated only once when cluster nodes' state changes).
  • Built-in Cloud Witness resource type.

Problem with traditional cluster setup

Lets consider a typical cluster setup which is shown in below diagram. Here we have file share witness in primary DC and unfortunately there is power outage. Because here the setup needed minimum 3 votes to initiate fail-over but the nodes which are up in DR-DC have only 2 votes which is not sufficient to form a quorum and fail over.


Solution 


Cloud Witness is a new type of Fail-over Cluster quorum witness that uses Microsoft Azure as the arbitration point. It uses Azure Blob Storage to read/write a blob file, which is then used as an arbitration point if there is a split-brain resolution.

There are significant benefits with this approach:

  • Uses standard available Azure Blob Storage (no extra maintenance overhead of virtual machines hosted in public cloud).
  • Same Azure Storage Account can be used for multiple clusters (one blob file per cluster; cluster unique ID used as blob file name).
  • Low on-going $cost to the Storage Account (small data written per blob file, blob file updated only once when cluster nodes' state changes).
  • Built-in Cloud Witness resource type.
Solution Set up a Cloud Witness for a cluster
  1. Create an Azure Storage Account to use as a Cloud Witness
  2. Configure the Cloud Witness as a quorum witness for your cluster.

To create an Azure storage account
  1. Sign in to the Azure portal.
  2. On the Hub menu, select New -> Data + Storage -> Storage account.
  3. In the Create a storage account page, do the following:

    1. Enter a name for your storage account.
      Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. The storage account name must also be unique within Azure.

    2. For Account kind, select General purpose.
      You can't use a Blob storage account for a Cloud Witness.

    3. For Performance, select Standard.
      You can't use Azure Premium Storage for a Cloud Witness.

    4. For Replication, select Locally-redundant storage (LRS) .
      Fail-over Clustering uses the blob file as the arbitration point, which requires some consistency guarantees when reading the data. Therefore you must select Locally-redundant storage for Replication type.

View and copy storage access keys for your Azure Storage Account

When you create a Microsoft Azure Storage Account, it is associated with two Access Keys that are automatically generated - Primary Access key and Secondary Access key. For a first-time creation of Cloud Witness, use the Primary Access Key. There is no restriction regarding which key to use for Cloud Witness.

To view and copy storage access keys

In the Azure portal, navigate to your storage account, click All settings and then click Access Keys to view, copy, and regenerate your account access keys. The Access Keys blade also includes pre-configured connection strings using your primary and secondary keys that you can copy to use in your applications (see figure 4).





When you create a Storage Account, the following URLs are generated using the format: https://<Storage Account Name>.<Storage Type>.<Endpoint>

Cloud Witness always uses Blob as the storage type. Azure uses .core.windows.net as the Endpoint. When configuring Cloud Witness, it is possible that you configure it with a different endpoint as per your scenario (for example the Microsoft Azure datacenter in China has a different endpoint).

In the Azure portal, navigate to your storage account, click All settings and then click Properties to view and copy your endpoint URLs


Solution Configure Cloud Witness as a Quorum Witness

  1. Launch Failover Cluster Manager.

  2. Right-click the cluster -> More Actions -> Configure Cluster Quorum Settings (see figure 6). This launches the Configure Cluster Quorum wizard.

  3. On the Select Quorum Configurations page, select Select the quorum witness.

  4. On the Select Quorum Witness page, select Configure a cloud witness.


    5.  On the Configure Cloud Witness page, enter the following information:

  1.   (Required parameter) Azure Storage Account Name.

  2. (Required parameter) Access Key corresponding to the Storage Account.

    1. When creating for the first time, use Primary Access Key (see figure 5)
    2. When rotating the Primary Access Key, use Secondary Access Key (see figure 5)

  3. (Optional parameter) If you intend to use a different Azure service endpoint (for example the Microsoft Azure service in China), then update the endpoint server name.




6.  Upon successful configuration of Cloud Witness, you can view the newly created witness resource in the Fail over Cluster Manager.




Configuring Cloud Witness using PowerShell

You can configure Cloud Witness with the cmdlet Set-ClusterQuorum using the following PowerShell command:

Set-ClusterQuorum -CloudWitness -AccountName <StorageAccountName> -AccessKey <StorageAccountAccessKey>

In case you need to use a different endpoint... 

 Set-ClusterQuorum -CloudWitness -AccountName <StorageAccountName> -AccessKey <StorageAccountAccessKey> -Endpoint <servername>




           Stay Tuned!!!!!

               
--By Abhishek 
Posted by
Labels: , , ,

No comments:

Post a Comment

If you have any doubt or question, please contact us.

Subscribe to: Post Comments (Atom)