You are on page 1of 23

Failover Clustering in Windows Server 2008 R2

White Paper
Published: May 2009 For the latest information, please see www.microsoft.com/windowsserver2008/en/us/failoverclustering-main.aspx

Contents
Overview ............................................................................................................................... 3 A Brief Overview of Failover Clustering .............................................................................. 4 Failover Clustering in Windows Server 2008 .......................................................................... 5 Simplified Setup and Migration .......................................................................................... 5 Built-in Cluster Validation Tool ........................................................................................... 7 Multi-Site Clusters ............................................................................................................. 8 Storage Improvements ...................................................................................................... 8 New Backup and Restore Functionality.............................................................................. 9 Enhanced Security Features............................................................................................ 10 Scalability........................................................................................................................ 11 Expanded Networking Functionality ................................................................................. 11 Cluster Troubleshooting................................................................................................... 12 New for Failover Clustering in Windows Server 2008 R2 ...................................................... 13 Enhanced Validation........................................................................................................ 13 Windows PowerShell Cmdlets ......................................................................................... 14 Cluster Management with Reduced Privileges ................................................................. 15 Controllable Network Prioritization ................................................................................... 15 Enhanced Event Logging................................................................................................. 15 Improved Migration of Cluster Workloads ........................................................................ 16 Support for Additional Clustered Services ........................................................................ 16 Failover Clustering and Hyper-V .......................................................................................... 16 Cluster Shared Volumes.................................................................................................. 16 Live Migration .................................................................................................................. 17 Summary............................................................................................................................. 19 Appendix: Failover Clustering Terminology .......................................................................... 20 Related Links....................................................................................................................... 21

databases. and with the Windows Server® 2008 operating system. the name was changed to Windows Server Failover Clustering (WSFC). Service disruptions can also be routine and predictable. failover clustering is included in the enhanced-capability editions of Windows Server 2008 R2²Windows Server® 2008 R2 Enterprise. Failover clustering is a high-availability (HA) feature that can help ensure that an organization¶s critical applications and services. Therefore. Failover clustering has been included in Windows Server for many years. there is the employee time required to manage the solution. However. Windows Server® 2008 R2. and Windows Server® 2008 R2 Itanium²and in Microsoft® Hyper-VŒ Server 2008 R2. In Windows Server 2008. there is much greater flexibility in how the failover cluster is managed in Windows Server 2008. MSCS has been significantly improved. such as planned downtime for server maintenance. such as e-mail. and availability of their server infrastructures. A heavily used e-mail or database server can easily cost a business thousands or even tens of thousands of dollars in lost productivity or lost business for every hour that it is unavailable. A failover cluster expert is no longer required to successfully deploy and maintain a failover cluster²an IT generalist can use the new wizardbased approach. Since then. Failover Clustering in Windows Server 2008 R2 3 . making it an ideal high-availability solution for organizations of all sizes. Windows Server® 2008 R2 Datacenter. The term high availability refers to ensuring that an IT infrastructure is available to users even in the event of a service disruption. from financial services and logistics. expanding existing technology and adding new features to enable IT professionals to increase the reliability. The around-the-clock pace of global commerce makes uninterrupted IT operations vital to an increasing number of industries. the newest Windows Server operating system and the successor to Windows Server 2008.0 Enterprise Edition. in turn. there is nothing else you need to buy. For every benefit and advantage an organization gains by an IT solution. Failover clustering can help build redundancy into an IT infrastructure and eliminate single points of failure.Overview Organizations rely on mission-critical servers to run their businesses. guards against data loss. Microsoft® Cluster Services (MSCS) was first introduced in Windows NT® 4. ranging from the local failure of a network card on a single server to the physical destruction of an entire data center. the challenge for organizations is to determine what level of IT service availability is justified by the potential cost of downtime. builds on the foundation of Windows Server 2008. in terms of both hardware and software. virtually every component of failover clustering has been enhanced. flexibility. Disruptions can be unexpected. and many of the complex details have been simplified. Many of the clustering ³nuts and bolts´ are now hidden behind the new GUI. Server availability is a trade-off between availability and cost. and increases the return on investment (ROI). This means that failover clustering in Windows Server 2008 R2 is a much less expensive alternative to comparable HA options. As a result. In addition. While experts can maintain the same level of control they had in previous versions. This. technical and business decision makers should also consider how to manage the inevitable downtime that accompanies these solutions. achieving the degree of reliability and availability demanded by mission-critical business requirements can be expensive to create and support. to manufacturing and tourism. helps reduce downtime. are available whenever they are needed. While comparable high-availability solutions can cost thousands of dollars. or line-ofbusiness applications. server downtime can be very expensive.

Failover clustering addresses this situation by detecting hardware or software faults and immediately restarting the application on another node without requiring administrative intervention²a process known as failover. The group of nodes is managed as a single system and shares a common namespace. Failover clustering Failover Clustering in Windows Server 2008 R2 4 . that are physically connected by a local-area network (LAN) or a wide-area network (WAN) and that are programmatically connected by cluster software.A Brief Overview of Failover Clustering A failover cluster is a group of independent computers. Users can continue to access the service and may be completely unaware that it is now being provided from a different server (see Figure 1). The group usually includes multiple network connections and data storage connected to the nodes via storage-area networks (SANs). the application will be unavailable until the server is fixed. if a server that is running a particular application crashes. Figure 1. Normally. The failover cluster operates by moving resources between nodes to provide service if system components fail. or nodes.

Failover Clustering in Windows Server 2008 R2 5 . Multi-site failover clusters are easier to deploy and much more technically feasible. and easy to manage. and at enhancing cluster stability. It is also possible to open a blank MMC and then add this snap-in along with any others. easy to create.Failover Clustering in Windows Server 2008 In the past. These improvements combine to make failover clustering a smart business choice. There are numerous enhancements to failover clustering in Windows Server 2008: y y y y y y y y y A new. This new interface is accessible from within Administrative Tools (see Figure 2). Backup and restore functionality has been enhanced. Failover clusters benefit from increased protection through improved authentication and encryption. Windows Server 2008 failover clusters are easy to procure. Windows Server 2008 failover clusters are designed with built-in support for SANs. In Windows Server 2008. New networking capabilities provide more reliable connectivity among the nodes in the failover cluster. and organizations have had to retain expensive administrative resources that are reserved exclusively for maintaining the clusters that they have deployed. at making them more secure. Simplified Setup and Migration Windows Server 2008 includes a new. the Failover Cluster Management snap-in (CluAdmin. and to manage. easy to use.msc). easy-to-use management interface is included. The previous cluster administration interface has been replaced with a Microsoft Management Console (MMC) 3. This has too often resulted in higher-than-necessary costs for organizations²customers have lost opportunities to make more of their applications highly available. the improvements to failover clusters are aimed at simplifying clusters. Windows Server 2008 failover clusters can also support more nodes than previous Windows Server versions. to configure. a major challenge with failover clusters has typically been their complexity: to build. easy-to-use management interface. Troubleshooting is easier with verbose cluster logging and with Event Tracing for Windows (ETW). delivering high availability technology as a part of the operating system.0 snap-in. The new Cluster Validation Wizard lets clusters be qualified more easily.

New management interface The Failover Cluster Management snap-in is designed to be task oriented instead of cluster resource oriented. They are then asked for a client access point name (the network name. High Availability Wizard Multiple failover clusters throughout the organization can be managed from a single MMC. Unlike previous versions of cluster administration. The wizard then does the rest. And since the Failover Cluster Management snap-in is a true MMC (unlike the interface that Failover Clustering in Windows Server 2008 R2 6 . as it was in previous versions of failover clustering. (These terms are defined in the Appendix.) Instead. they do not need to assign an IP address. Administrators can select the clustering task that they want to undertake (such as making a file share highly available) and supply the necessary information by using the wizard. as Windows Server 2008 failover clustering supports Dynamic Host Configuration Protocol (DHCP)²and DHCP addressing for resources is the default in the wizard.Figure 2. Figure 3. Administrators can even ® manage Windows Server 2008 failover clusters remotely from Windows 7-based or Windows ® Vista -based client computers by installing the Remote Server Administration Tools. with Windows Server 2008 failover clustering it is not necessary to deal with resources or dependencies. administrators can start the High Availability Wizard (see Figure 3).

Using Validate as a trouble-shooting tool helps reduce your organization¶s support costs. Moreover. perform network testing. Whenever you experience a problem with an in-production failover cluster. and system configuration. Validate a Configuration Wizard The validation results are HTML based for easy collection and remote analysis. storage.was available in previous versions). Figure 4. Built-in Cluster Validation Tool A built-in validation process is included in Windows Server 2008 failover clustering to make it easier for customers to know whether their cluster configuration is supported. it is possible to create custom management consoles that include the Failover Cluster Management snap-in in addition to other management snap-ins. network. Customers can select their hardware and then run the Validate a Configuration Wizard (also known as Validate).exe command-line tool. The wizard takes just a few minutes to run. Windows Server 2008 failover clusters are fully scriptable with Windows Management Instrumentation (WMI). and validate system configuration. They can fine-tune their failover clusters by using the Cluster. This Failover Clustering in Windows Server 2008 R2 7 . For customers who want assurance that their cluster configuration will be supported before purchasing hardware. Figure 4 shows the expanded network category. Microsoft has created the Failover Cluster Configuration Program (FCCP). Validate is the first thing you will want to run to ensure that everything is functioning as expected. The Validate a Configuration Wizard can also be used as a powerful diagnostic tool to maintain the failover cluster and to identify problems that may arise. If the hardware has the Windows Server 2008 logo and the entire configuration passes all of the validation tests. You can use the wizard to inventory hardware and software. the cluster configuration is fully supported. Experienced cluster server administrators may want to get full access to all of the commands that they had available in the command-line tool. although this is a function of how many nodes are in the failover cluster and how many logical unit numbers (LUNs) are exposed to the servers. This validation process consists of a series of tests that are grouped into four main categories: inventory. a vendor partnership that delivers tested and validated hardware configurations.

The introduction of OR logic allows the use of two IP addresses. the options for deploying failover clusters that were geographically dispersed were limited.com/windowsserver2008/en/us/failover-clustering-programoverview. After the tests are passed. the network latency requirements in Windows Server® 2003 server clustering. Windows Server 2008 affords much more flexibility in implementing multi-site failover clusters. failover cluster nodes can now reside on completely different subnets.microsoft. These options involved very specific prequalified arraybased replication technologies. and put the tagline ³Validated by Microsoft Failover Cluster Configuration Program´ on the solution. Moreover.aspx. Multi-site failover clusters were restricted to certain environments due to the latency requirements and the requirement that the cluster nodes all reside in the same subnet.sys) has been completely rewritten and is now a true Plug and Play (PnP) driver. the cluster disk driver (Clusdisk. Failover Clustering in Windows Server 2008 R2 8 . in Windows Server 2008. Heartbeats are now tunable so that high-latency networks are supported when you deploy multiple-site failover clusters. The failover clustering requirement for the heartbeat²the process by which cluster nodes signal their integrity to one another²has also become fully configurable. This means that the IP addresses can reside in different subnets across a routed network. Storage Improvements In Windows Server 2003. the solution is then considered ³Validated´ and the hardware vendor can list the solution as a qualified Failover Cluster Configuration on their Web site.sys) to interact with storage (see Figure 5). For example. or both. However. have been removed from Windows Server 2008 failover clustering. administrators no longer have to stretch virtual local area networks (VLANs) across the WAN to accommodate geographically distant servers that are on different subnets. The program is meant to ensure that the entire solution has been tested and will support failover clustering. which required a round-trip latency of less than 500 milliseconds (msec). Multi-Site Clusters Prior to Windows Server 2008. visit http://www.program provides customers with an easy way to identify hardware that is already tested for compatibility with Windows Server 2008. the cluster disk driver was in a direct path to the storage. eliminating the need to create VLANs. Before a proposed solution can achieve the Failover Cluster Configuration qualification. For more information about the FCCP. it must first pass a set of stringent tests designed to ensure that all components of the proposed solution will pass the failover cluster validation tests and support failover clustering. Windows Server 2008 R2. The cluster disk driver now communicates with the partition manager driver (Partmgr.

In Windows Server 2008. GUID partition table (GPT) disks are now supported. Storage stack in Windows Server 2008 and in Windows Server 2003 The partition manager has the primary responsibility of protecting cluster disk resources. SCSI-2 Reserve/Release commands were used. the disk signature and the LUN ID are both used when identifying a cluster disk resource. Failover Clustering in Windows Server 2008 R2 9 .exe). the disks show a status of ³Reserved´ in Disk Management. Once storage is added to a failover cluster. which enables VSS backup applications to more easily support failover clusters. the cluster configuration can be restored. Cluster nodes must register before they are allowed to place a reservation on the storage. thus saving time.exe). Backing up the cluster configuration is straightforward²as long as the system state is part of a backup. disks are never left in an unprotected state. Failover clustering in Windows Server 2008 has its own VSS writer. This significantly reduces the possibility of corruption. Additional storage improvements include an improved check disk process (Chkdsk. If either of these has changed. In Windows Server 2008. builtin disk repair functionality that was previously part of the Cluster Server Recovery Utility (ClusterRecovery. In Windows Server 2003. and cluster nodes periodically defend their reservations by using the Registration Defense Protocol. All disks on a shared storage bus are automatically placed in an offline state when they are first mapped to a cluster node. This allows storage to be simultaneously mapped to all the nodes in a failover cluster even before the failover cluster is created.Figure 5. In Windows Server 2008 failover clusters. There is also a change to the SCSI commands. New Backup and Restore Functionality Windows Server 2008 features a closer integration with the Volume Shadow Copy Service (VSS) for easier backups. and self-healing disks. This translates into a reduction in the errors that are simply due to an attribute change on a physical disk resource. and multiple-terabyte storage (larger than 2 terabyte LUNs per partition) is now natively possible. In addition. with the cluster disk driver writing to sectors on the disk itself. the cluster configuration is updated. SCSI SPC-3 Persistent Reservation commands are required (this is verified by the Validate a Configuration Wizard).

a domain user account was required during the configuration process and was used to start the Cluster service. Since a domain user account is no longer used for the Cluster service. Perhaps the most significant is that the Cluster service no longer runs under the context of a domain user account (or the Cluster service account).Enhanced Security Features Windows Server 2008 failover clusters feature several new security enhancements. should an application that is not able to use Kerberos for authentication Failover Clustering in Windows Server 2008 R2 10 . As a domain user account. which are additional computer objects created in the Computers container in Active Directory. VCOs equate to the cluster network name resources that are created as part of client access points (CAPs) in the failover cluster. and these policies could cause the Cluster service to fail. The CNO is responsible for creating all VCOs in a failover cluster and therefore must have the domain-level right to create computer objects on the container where the VCOs are created. the CNO is used for all operations that require security inside the failover cluster. Virtual Computer Objects properties Kerberos is used in Windows Server 2008 failover clustering as the default authentication method. The security context for the failover cluster is now the Cluster Name Object (CNO). The Cluster service in Windows Server 2008 runs under the local system account with a specific set of rights on the local cluster node that allows it to function properly. It was added to the local Administrators group on each node of the cluster and was given the required local user rights to allow the Cluster service to function properly. the computer object that is created by default in the Computers container in Active Directory® when the failover cluster is first created. Figure 6. However. Failover clusters also add Virtual Computer Objects (VCOs). the CNO is added to the system access control list (SACL) for the object in Active Directory (see Figure 6). In Windows Server 2003 and in previous versions of Windows. the Cluster service account was subject to a number of domain-level policies that could be applied to cluster nodes.

) There are now new messaging processes that are internal to the Cluster service itself. Multicast functionality has been discontinued in Windows Server 2008 failover clustering. and cluster communications now use User Datagram Protocol (UDP) unicast. The configuration of a cluster node's network interfaces determines which networks will use static or dynamic IP addresses. the nodes use Transmission Control Protocol (TCP) rather than the less reliable UDP.exe command-line tool. Cluster nodes can also obtain IP address information via DHCP. it can be changed to a static IP address in the Failover Cluster Management snap-in. The cluster network driver has been completely rewritten so that it provides highly reliable and fault-tolerant communication among the nodes in a failover cluster. A GPT disk offers these benefits: y y y It allows up to 128 primary partitions. When nodes transmit and receive heartbeats to confirm that each node is still available. failover clusters still have the ability to use NTLM authentication. It provides greater reliability due to replication and cyclical redundancy check (CRC) protection of the partition table. Additionally. failover clustering supports only IPv6 addresses that allow for dynamic registration in Domain Name System (DNS) (AAAA host records and the IP6. you can change this cluster property so that all communication between the nodes is encrypted to provide an additional level of security. as opposed to the maximum of 8 nodes in Windows Server 2003.) It allows a much larger volume size²greater than 2 terabytes (the limit for MBR disks). (Port 3343 is still the common port that is used by Microsoft failover clusters. Specifically. Expanded Networking Functionality New networking capabilities enable more flexibility when designing high availability and disaster recovery solutions in Windows Server 2008 and provide more reliable connectivity among the nodes in the failover cluster. Currently. (MBR disks can support up to 4 primary partitions and an infinite number of partitions inside an extended partition. Even if an IP address resource in a failover cluster is obtained from a DHCP server. Failover clustering also supports 6-4 and Intra-site Automatic Tunneling Addressing Protocol (ISATAP). there are three types of IPv6 address types: global.ever need to access cluster resources. In addition to support for more cluster nodes. Scalability Windows Server 2008 failover clusters can support more nodes than clusters in previous versions of Windows. x64-based failover clusters support up to 16 nodes in a single failover cluster in Windows Server 2008 Enterprise or in Windows Server 2008 Datacenter. A GPT disk uses the GPT disk partitioning system. By using the Cluster. The combination of an increased number of nodes and support for GPT disks greatly enhances the scalability of larger volumes in failover cluster deployments. and Failover Clustering in Windows Server 2008 R2 11 . all communication between the nodes is now signed by default. Windows Server 2008 failover clusters now support GPT disks. Because Windows Server 2008 supports Internet Protocol version 6 (IPv6). Finally. This includes being able to support IPv6 IP address resources and IPv4 IP address resources either alone or in combination in a failover cluster. site local.ARPA reverse look-up zone). the Cluster service will support this functionality as well. provided that each node is connected to at least two separate and distinctly routed networks.

which aggregates events from all nodes.log).link local. You can click Recent Cluster Events to see all error and warnings cluster-wide from the last 24 hours. manage. there are two types of built-in event queries: application-level queries. critical. Informational events have been moved into an operational channel. and you can build your own event queries. (See Figure 7. Instead. Failover Clustering in Windows Server 2008 R2 12 . related to the specific resource only. event logs are no longer continuously replicated across all nodes. Additionally. Recent Cluster Events page To help simplify troubleshooting.) Figure 7. Cluster Troubleshooting Instead of working with the text-file-based cluster log (cluster. error. an administrator can use Event Tracing for Windows (ETW) to easily gather. and resource-level queries. associated with all of the resources in a group. Dynamic DNS registrations will not occur for link local addresses and therefore cannot be used in a failover cluster. and warning events can be found in the system event log. and report information about the sequence of events that occurred on the failover cluster. you can view events with Failover Cluster Management.

make migration easier. The cluster configuration tests can also be used to review and archive the configuration of the clustered services and applications (including settings for the resources within each clustered service or application) to ensure that best practices are being employed. Windows Server 2008 R2 enables cluster management with reduced privileges. expand cluster validation. and empower Hyper-V virtualization technology for failover clustering. Windows Server 2008 R2 enables improved migration of cluster workloads. and identify potential cluster configuration issues before they cause downtime. such as the settings that affect how the failover cluster communicates across the available networks. not just analysis of the nodes through ³best practices´ tests. Enhanced Validation Windows Server 2008 R2 includes enhancements to the Validate a Configuration Wizard (Validate) which provide analysis of the cluster. (See Figure 8. Windows PowerShellŒ command-line interface is the new scripting language for Windows Server 2008 R2 failover clustering. enables through a new read-only API. the new cluster configuration tests help check settings that are specified within the failover cluster and the cluster resources. Windows Server 2008 R2 enables more granularly configurable network prioritization. improve manageability. These enhanced validation tests let you fine-tune a cluster configuration. For example. track the configuration.) Failover Clustering in Windows Server 2008 R2 13 .New for Failover Clustering in Windows Server 2008 R2 Improvements to failover clustering in Windows Server 2008 R2 aim to continue to simplify failover clustering. New ETW logging channels have been added. y y y y y y New tests have been added to the Validate a Configuration Wizard.

Figure 8. you can perform virtually all the operations that you can perform in the Failover Cluster Management snap-in.exe command-line tool. which will be deprecated in the next Windows Server release. The new cmdlets for failover clusters provide powerful ways to script cluster configuration and management tasks. Through the command line. Cmdlets form the basis of the Windows PowerShell instruction set. Cluster configuration test The enhanced tests offer prescriptive guidance to help you achieve higher availability. By using Windows PowerShell. Windows PowerShell uses consistent syntax and naming patterns across roles and features and provides numerous benefits over standard command-line interfaces. you can now: y y y y Run Validate Create clusters and high-availability roles Manage Hyper-V and cluster shared volumes (CSV) Generate dependency reports Failover Clustering in Windows Server 2008 R2 14 . Windows PowerShell Cmdlets Windows Server 2008 R2 introduces Windows PowerShell as the new scripting language for clustering technologies and begins the move away from the Cluster. including easily customizable scripts and the dynamic use of variables. They also help you collect information about the configuration of your cluster for supportability and documentation.

in addition to the operational channel for the eventing.) Figure 9. Cluster. Event logs Failover Clustering in Windows Server 2008 R2 15 . There is an Admin channel. There are new debug logging channels. and appears in the Event Viewer as well. (See Figure 9.log is converted to an ETW channel. A reduced privilege set management is enabled through the new read-only API. It lets an administrator plan an internal cluster network for efficiency by giving the fastest network the highest priority for internal traffic (such as heartbeat. Enhanced Event Logging With Windows Server 2008 R2. Cluster Shared Volumes." Controllable Network Prioritization Windows Server 2008 R2 enables more controllable network prioritization. also exposed through PowerShell. without being able to perform any actions. This feature is ideal for giving lower-level administrators the ability to perform a first-level triage²to "look. and live migration traffic. which makes it is possible to capture snap-in pop-ups even before cluster creation. cluster access has been based on an ³all or nothing´ model. but not touch. which you can enable for advanced troubleshooting (click on Show Analytic and Debug Logs). This helps you discover what is wrong after the fact. which are discussed later in this paper). there are additional channels to help with troubleshooting. Lower-level administrators or tier-one support staff can now use the PowerShell cmdlets in read-only mode to view and query the status of the failover cluster and its resources.Cluster Management with Reduced Privileges In previous versions. Windows Server 2008 R2 introduces a more granular security model for cluster access.

Provides pre-migration and post-migration reports. This can be helpful if you need to call for support. which is built in to the Failover Cluster Management snap-in. The wizard can migrate settings from the following resource groups: o o o o o o o o File server DHCP Generic Application Generic Script Generic Service Windows Internet Name Service (WINS) Server Distributed File System Namespace (DFS-N) Distributed Transaction Coordinator (DTC) o o o o Internet Storage Name Service (iSNS) Server Message Queuing (also called MSMQ) Network File System (NFS) Other Server (client access point and storage only) Remote Desktop Connection Broker o y Other workloads have their own cluster-aware upgrade processes: o o o DFS-R Exchange Hyper-V o o Print server SQL Server y y y Supports most common network configurations. Support for Additional Clustered Services Windows Server 2008 R2 provides support for two additional clustered services. Lets you reuse storage. DFS-Replication Cluster Support Distributed File System Replication (DFS-R) is an efficient. or copy and use new storage. or Windows Server 2008 R2 to Windows Server 2008 R2 using the Migration Wizard. Every cluster event has been edited with improved descriptive text and error codes to provide more troubleshooting information. Improved Migration of Cluster Workloads Administrators can now migrate cluster workloads that are currently running on Windows Server 2003.You can also capture event queries with Windows Server 2008 R2 as EVTX files for future analysis. failover clusters can be configured to be part of a replication group (RG). Windows Server 2008. The migration process: y Supports every workload that is currently supported on Windows Server 2003 and on Windows Server 2008. In Windows Server 2008 R2. there are fully-featured failover cluster management packs for Microsoft® System Center Operations Manager 2007 and Microsoft® Operations Manager 2005. You can configure member servers in a replication group to be highly available for uninterrupted and failure-resilient replication services. the failover clustering Failover Clustering in Windows Server 2008 R2 16 . multiple-master replication engine that is used to keep folders synchronized between servers across limited bandwidth network connections. For monitoring clusters.

Remote Desktop/Terminal Services Support Windows Server 2008 R2 includes a new role. Sandboxes are also periodically recycled. With Windows Server 2008 R2 failover clustering. Print Server High-Availability Improvements In Windows Server 2008 R2. each print spooler cluster resource runs in its own sandbox. A failure (either hardware or software) on such crucial servers has the potential to bring all replication activity to a standstill. which supports session load balancing and session reconnection in a load-balanced remote desktop server farm. The Remote Desktop Connection Broker is also used to provide access to Windows Server 2008 R2 RemoteApp programs and virtual desktops through a RemoteApp and Desktop Connection. This means that a single bad driver no longer takes down the entire print server. print drivers and processors are isolated and run in a process that is independent from the spooler process. you can make the Connection Broker highly available. and administrators expect high availability from them. the Remote Desktop Connection Broker. Failover Clustering in Windows Server 2008 R2 15 . ensuring that clients can reconnect to their same session or virtual machine within the server farm. and can be enabled for high availability on a failover cluster.technology lets you configure services and applications to be highly available without requiring redundant copies. These servers are critical to the replication infrastructure. helping mitigate leaky drivers. Busy hub servers located in a datacenter that replicate with many branch office servers are perfect candidates for clustered DFS-Replication.

the applications on that CSV disk can run on any node at any time. or Serial Attached SCSI (SAS)²that have a logo for Windows Server 2008 R2 and whose interoperability is verified with Validate can be used. This process incurred some downtime during the failover. it does not matter where a disk is mounted because it will appear local to all the nodes in the failover cluster. If any application that was running on the LUN needed to move to another node. In Windows Server 2008 and in earlier versions of Windows. Windows Server 2008 R2 introduces a new version of Hyper-V. Failover Clustering in Windows Server 2008 R2 16 . Beginning with Windows Server 2008. and this can have a significant negative impact to their business. suppose an organization consolidates ten of their servers into virtual machines (VMs) and places them on a single physical host server. However. This added significant complexity to storage management²clusters with hundreds of resources needed hundreds of LUNs. Windows Server 2008 R2 also enables live migration. For example. which includes the capabilities to run VMs in a high availability configuration without the need for third party software. avoiding corruption of the data on the LUN. the organization loses all ten. Live migration uses the new Cluster Shared Volumes (CSV) feature within the failover clustering role in Windows Server 2008 R2.Failover Clustering and Hyper-V The current economy puts significant pressure on businesses to cut cost. With CSV. Unlike a Clustered File System (CFS). Customers interested in deploying virtualization should consider failover clustering as well. and server consolidation through virtualization is an excellent way to save money and remain agile and responsive. Therefore. Industry standard clustering storage devices²Fibre Channel. all the applications on that LUN would also be failed over. each resource group was required to have a physical disk resource to manage the cluster¶s access to the application data residing on the shared storage device. However. which were then challenging to deploy and manage. ensuring that VMs are configured for HA is critical to achieving business continuity. so it requires nothing additional to purchase or support. the ability to move VMs between hosts with no discernable downtime. In other words. regardless of which node ³owns´ (or manages NTFS on) the storage (see Figure 10). CSV functions as a distributed-access file system that is optimized for Hyper-V. However. the LUN was the smallest unit of failover. This ensured that only one node could access the data at a time. and in Microsoft® HyperVŒ Server 2008 R2. Windows Server 2008 R2 Datacenter. since only one node could own the LUN at any time. For this reason. it can also leave an organization vulnerable. the application becomes the unit of failover. CSV does not use a specialized proprietary file system²it uses the standard NTFS file system. server virtualization using Hyper-V technology has been an integral part of the operating system. customers frequently ran only a single application from each LUN so that only that one application would become unavailable during a failover. Cluster Shared Volumes CSV is a significant architectural innovation incorporated in failover clustering in Windows Server 2008 R2 Enterprise. CSV breaks the dependency between application resources (the virtual machines) and disk resources. iSCSI. If the host fails. instead of losing one server. any node in a failover cluster can access the shared storage and any node can host virtual machines.

including easier storage management. greater resiliency against failures. Single namespace in CSV CSV provides many benefits.Figure 10. From the perspective of the VMs. Live migration and CSV are separate but complimentary technologies²they can work independently. and the ability to store many VMs on a single LUN and have them fail over individually. Cluster Shared Volumes Because CSV provides a consistent file namespace to all the nodes in the failover cluster. The CSV volumes enable multiple nodes in the same failover cluster to concurrently access the same LUN. Live Migration Live migration is enhanced by CSV within failover clustering in Windows Server 2008 R2. each appears to actually own a LUN. CSV provides the infrastructure to support and enhance live migration of Hyper-V virtual machines. Most notably. Failover Clustering in Windows Server 2008 R2 17 . the . however. any files that are stored on CSV have the same name and path from any node in the failover cluster. but CSV enhances the resilience of live migration and is thus recommended for live migration. as illustrated in Figure 11.vhd files for each VM are stored on the same CSV volume. CSV volumes are stored as directories and subdirectories beneath the %SystemDrive%\ClusterStorage root folder. Figure 11.

In the event of a node failure. VMs can be ³live migrated´ at will. With live migration. Live migration makes it possible to keep VMs online. increasing productivity for both users and server administrators. Failover Clustering in Windows Server 2008 R2 18 . Migration operations become virtually invisible to connected users. moves between physical targets happen in milliseconds²without dropped network connections or perceived downtime. even during maintenance.Hyper-V is the enabling technology for live migration. VMs are restarted on another cluster node. Once you establish a failover cluster of physical servers that are running Hyper-V.

Security and networking in failover clusters have been improved. failover clusters help IT departments keep their mission-critical services up and running. and management enhancements help save time. making them more secure. In addition to the enhancements in failover clustering. Windows Server 2008 R2 gives customers greater control. and enhancing their stability. Failover Clustering in Windows Server 2008 R2 19 . the new virtualization tools. increased efficiency.Summary Failover clusters are used by IT professionals who need to provide high availability for services or applications. as has the way a failover cluster communicates with storage. and the high availability that is needed to succeed in today¶s global marketplace. Cluster setup and management are easier. and provide a solid foundation for enterprise workloads. the improvements to failover clusters are aimed at simplifying failover clusters. reduce costs. In Windows Server 2008 R2. Web resources.

Dependency. Each node provides a single vote toward membership. Membership. The cluster¶s health-monitoring mechanism between cluster nodes. Shared storage. a majority of members is required to be active and in communication with each other. This avoids having two subsets of members both servicing a resource and writing to the same disk. One node in the failover cluster typically sits idle until a failover occurs. If a node fails. Cluster registry. To ensure that only one subset of cluster members is functioning at one time. The propagation of cluster configuration changes to all cluster members. or Fibre Channel. a situation which could cause corruption. maintains configuration information (including resources and parameters) for each member of the cluster. a network name. Active/Passive failover cluster model. Resource group. Shared storage can be created with iSCSI. such as an IP address. assuming that the new server has enough capacity to handle the additional workload. A shared view of members (nodes and some resources) in a cluster. After a failover. A combination of configuration information and cluster resources.Appendix: Failover Clustering Terminology The following terms and concepts are used in failover clustering: y y y y Resource. Serial Attached SCSI. A physical disk or a file share may also serve as a quorum resource and contribute a single vote toward membership. stored on each node and on the quorum resource. an IP address. All nodes in the failover cluster must be able to access data on shared storage. y y y y y y y y Failover Clustering in Windows Server 2008 R2 20 . A hardware or software component in a failover cluster (such as a disk. A combination of resources that are managed as a unit of failover. Active/Active failover cluster model. Global update. The cluster database. The orderly addition and removal of nodes to and from the cluster. the resource will move to another node and continue to function normally. this passive node has enough capacity to serve the new application without any performance degradation. An alliance between two or more resources in the cluster architecture. Virtual server. or a network name). Therefore. and application resources. This health checking allows nodes to detect failures of other servers in the failover cluster by sending packets to each other¶s network interfaces. the new node can read the same data from the shared storage that the previous node was accessing. Quorum. if a node fails. The highly available workloads write their data to this shared storage. when the resource is restarted on another node. Heartbeat. All nodes in the failover cluster are functioning and serving clients. provided that it supports persistent reservations.

© 2009 Microsoft Corporation. Windows. trademarks.msdn. patent applications. Hyper-V. and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.aspx For more information about the Windows Server 2008 Failover Cluster Configuration Program. Failover Clustering in Windows Server 2008 R2 21 . Windows Server. visit: http://www. photocopying.com/clustering/default. copyrights. and the Windows logo are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. stored in. recording. without the express written permission of Microsoft Corporation. Because Microsoft must respond to changing market conditions. or for any purpose. Windows Vista. All other trademarks are property of their respective owners. it should not be interpreted to be a commitment on the part of Microsoft. copyrights.aspx For the clustering and high availability blog. the furnishing of this document does not give you any license to these patents. Windows PowerShell. IN THIS DOCUMENT. EXPRESS OR IMPLIED.com/windowsserver2008/en/us/default. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. visit: http://blogs. or other intellectual property. Windows NT. mechanical. Except as expressly provided in any written license agreement from Microsoft. This white paper is for informational purposes only. Active Directory. or transmitted in any form or by any means (electronic. trademarks.aspx For more information about validating a cluster.microsoft.Related Links The following Web pages provide additional information. or introduced into a retrieval system. All rights reserved.microsoft.com/windowsserver2008/en/us/failover-clustering-programoverview. This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. or other intellectual property rights covering subject matter in this document.com/fwlink/?LinkId=139565. or otherwise). see: http://go. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright. Microsoft.microsoft. MICROSOFT MAKES NO WARRANTIES. visit: http://www. For the Windows Server 2008 home page. no part of this document may be reproduced. Microsoft may have patents.