Windows Server 2008 R2 High Availability Technology OptionsBy Marcin Policht
July 9, 2010
Our constantly growing dependency on computing services drives their development in two somewhat conflicting directions. On the one hand, resource-hungry software requires increasingly powerful and faster systems; on the other, their designers strive to satisfy raising demand for failure-free operations. However, enhancing computational capacity tends to drive up the cost, making it more challenging to accommodate redundancy objectives, since they typically involve some form of hardware duplication. To provide a sufficient level of availability without breaking your budget, it is important to be aware of mechanisms that provide the required level of resiliency.
To help you reach this goal, this article will present a comprehensive overview of high availability technologies present in Windows Server 2008 R2.
High Availability Technologies in Windows Server 2008 R2
Our constantly growing dependency on computing services drives their development in two somewhat conflicting directions. While resource-hungry software requires increasingly powerful and faster systems, their designers strive to satisfy raising demand for failure-free operations. However, enhancing computational capacity tends to drive up the cost, making it more challenging to accommodate redundancy objectives, since they typically involve some form of hardware duplication. To provide a sufficient level of availability without breaking your budget, it is important to be aware of mechanisms that provide the required level of resiliency. This article offers a comprehensive overview of high availability technologies present in Windows Server 2008 R2 to help you reach this goal.
Let's start by pointing out that the term "availability" can be interpreted and consequently implemented in a number of ways, depending primarily on degree of criticality and desired level of uptime. One possible interpretation takes into account recoverability potentials, concentrating features like Windows Server Backup in combination with Volume Shadow Copy Service, and Windows Recovery Environment. Another approach focuses on component-level resiliency, geared to minimize both accidental and planned downtime by leveraging such capabilities as Hot Replace Memory, Hot Replace Processors, Hot Add Memory, or Hot Add Processors, which require a Windows Server 2008 R2 Datacenter operating system and integrate with its Dynamic Hardware Partitioning. These technologies complement redundant hardware, including memory (supported through Fault Tolerant Memory Synchronization and Windows Hardware Network Architecture) and storage (with its RAID configurations and multipath capabilities).
However, the most prevalent interpretation is associated with resiliency to failure on a per-service level in the context of client-server architecture, which is represented by two widely popular features incorporated into the operating system since the release of Windows 2000 Server. The first one, known as Network Load Balancing is designed to distribute TCP/IP connections across several systems, running concurrently with identically configured server-side software (such as Internet Information Server, Remote Desktop Services, Direct Access, Routing and Remote Access Server, or Windows Media Services). The second one, rebranded in Windows Server 2008 to Failover Clustering forgoes load sharing in lieu of high availability, by hosting individual instances of services or applications capable of gracefully moving across cluster nodes. This technology covers much broader spectrum of software, including the most vital elements of Microsoft portfolio (Exchange, SQL, or Hyper-V) as well as the most common network (DHCP and WINS), middleware (DTC and MSMQ) and file and print services (DFS-R, DFS-N, NFS, or ISNS).
Microsoft High Performance Computing solution also deserves the clustering designation. However, due to its focus on scaling out, rather than redundancy, it will not be discussed here. More information about it can be found on the Microsoft HPC Web site.
While the core functionality of Network Load Balancing has not changed drastically in its most recent versions, some improvements introduced in Windows Server 2008 R2 are worth pointing out. In particular, in the manageability area, Microsoft implemented PowerShell support. This is in line with the overall strategy evident in practically every server-based product released in the past few years. The set of cmdlets included in the OS facilitates management of clusters (local and remote), provides a replacement for NLB.exe command line utility. Network Load Balancing Manager still serves as the primary graphical administrative utility. Event Tracing for Windows and Network Load Balancing Management Pack for System Center Operations Manager 2007 assist with monitoring and troubleshooting. Integration with Forefront Threat Management Gateway (FTMG) and Unified Access Gateway (UAG) contributes to increased security. IPv6 support accommodates a transition to the new addressing scheme and implementation of technologies that depend on its features (such as UAG-based DirectAccess). Similarly, extended affinity rules, which determine how incoming requests are distributed across cluster members, ensure that connection persistence (i.e., maintaining association between a client and a specific NLB node) is possible whenever required.
Windows Server 2008 Changes in Failover Clustering
The set of changes introduced in Failover Clustering since the release of Windows Server 2008 is far more impressive. The most relevant are the following:
Entirely Redesigned Administrative Interface Based on Microsoft Management Console 3.0
Windows Server 2008 R2 introduces PowerShell support, which in addition to automation capabilities, allows read-only access to cluster configuration settings, which was not previously possible. A variety of new logging, eventing, and performance monitoring options are among other manageability improvements.
Radical Shift in Hardware Certification Process
In previous clustered implementations, based on Windows Server 2003 or earlier, entire configuration had to be Windows Hardware Quality Lab-certified and listed as a Cluster Solution in the Windows Server Catalog. This drove up the cost, since it required hardware vendors to perform tests of end-to-end clustering solutions, which had to be repeated following individual firmware releases. It also limited flexibility, forcing admins to choose specific set of components. This is no longer the case. Starting with Windows Server 2008, components require only OS-level certification. The suitability of a custom clustering solution is determined by the Cluster Validation Wizard, which is incorporated into the Failover Cluster feature set. The wizard performs a number of tests, which verify whether an existing multiserver setup qualifies for failover clustering.
New Storage Requirements
Due to the dependency on SCSI-3 persistent reservations for clustered storage (replacing inferior SCSI-2 ReserveRelease commands), support for parallel SCSI has been discontinued starting with Windows Server 2008, leaving Serial Attached SCSI (SAS), iSCSI, and Fibre Channel as the viable options.
Resilient Quorum Model
This eliminates the single point of failure present in the earlier design by relying on a multinode quorum and, optionally (to determine majority in a cluster where an even number of nodes is online), on an additional witness resource, implemented as either a Physical Disk cluster resource or a file share.
More Secure Cluster Service Configuration
The service no longer uses a domain account, but instead, relies on the Local System built-in security principal. This eliminates the need for periodic password changes in cases where their expiration is dictated by corporate policies. More importantly, it prevents the possibility of account lockouts. To provide a security context for domain-level operations, the cluster is represented by an Active Directory computer account known as Cluster Name Object. Similarly, clustered Network Name resources take the form of domain-based Virtual Computer Objects. The existence of these objects facilitate a switch to Kerberos as the primary authentication protocol for cluster-bound communication (in place of NTLM, which becomes the secondary option).
Enhanced Multisite Clusters Capabilities
With the release of Windows Server 2008, it became possible to place cluster nodes on different subnets, eliminating the need for stretched VLANs in multi-site clustered implementations. Such designs, however, are subject to several limitations. This functionality is further augmented by the innovations in quorum design mentioned earlier as well as networking efficiency and reliability improvements.
The ability to cluster both Hyper-V hosts and guests is reflected by introduction of VM-specific options within the Failover Cluster Manager interface (and, conversely, availability of cluster-specific tasks within the System Center Virtual Machine Manager). Windows Server 2008 R2 offers support for Live Migration (which provides an alternative to VMware VMotion) and, thanks to Cluster Shared Volumes, removes the need to place individual VMs on dedicated LUNs in order to allow for their independent failover.
Enhanced Network Configuration
Cluster nodes no longer need to have static IP settings (if needed, you can assign them via DHCP). In addition, intra-cluster communication is digitally signed and can be encrypted, if desired. Marcin Policht