Carsten Rachfahl recorded a bunch of video interviews at the recent E2E conference with some of the other Hyper-V/System Center presenters. This one was with Didier Van Hoye where they talked about Cluster Shared Volume (CSV) and storage design. And this one was with Ronnie Isherwood where they talked about System Center Virtual Machine Manager (SCVMM) 2012.
Tag: Failover Clustering
Some Interesting KB Articles on Failover Clustering
More catch up:
Supported and tested Microsoft iSCSI Software Target 3.3 limits
This topic provides the supported and tested Microsoft iSCSI Software Target 3.3 limits.
Consider the following scenario:
- You have a failover cluster on some computers that are running Windows Server 2008 R2.
- The cluster has many disks.
- You click Add a disk in the Failover Cluster Manager console to add an extra storage disk on one cluster node.
In this scenario, you receive a Stop error message that resembles the following after a while:
0x0000009E ( parameter1 , parameter2 , parameter3 , parameter4 )
USER_MODE_HEALTH_MONITOR
Notes
- The parameters in this Stop error message may vary, depending on the configuration of the computer.
- Not all "0x0000009E" Stop errors are caused by this issue.
Additionally, you may experience the following issues if a cluster has many disks. For example, the cluster has more than 200 hard disks.
- The Cluster service takes a long time to start.
- The failover or shutdown operation of cluster resources takes a long time to complete.
- The operation that adds a new storage disk into the cluster takes a long time to complete.
Timeout Error While Trying To Join Node To Windows Server 2008 R2 Failover Cluster
When attempting to join a new node to an existing Failover Cluster, you receive a time out error at the end of the Add Node Wizard.
Me Being Interviewed About CSV & Backup Design by Carsten Rachfahl
I was at the E2E Virtualisation Conference over the weekend, and had a good time chatting with lots of folks including Ronnie Isherwood (@virtualfat), Jeff Wouters (@JeffWouters), Didier van Hoye (@workinghardinit), and Carsten Rachfahl (@hypervserver).
Carsten was awarded MVP status in Virtual Machine (like myself) by Microsoft earlier this year. He’s a big contributor to the German (and English too) speaking community, tweeting, blogging, podcasting, and creating videos.
After my second session on CSV and backup design, Carsten asked if I would be willing to shoot a video interview on the subject. Absolutely, and it just so happened we had a cool background with the London docklands at sunset – being an amateur photographer I was willing to shiver a little for nice light 
The video was posted this morning by Carsten. He was a busy man; more videos were shot over the weekend with some of the others, and we even did a roundtable video where we talked about our favourite features of Windows 8. Those videos will be posted in the coming weeks.
Event: Hyper-V Immersion Training for IT Pros
My final 2 months of 2011 are nuts and here’s part of the reason why. I’ll be co-presenting 3 * 1 day immersion training events on Windows Server 2008 R2 Hyper-V. The session is the same on each day; it gives you an opportunity to pick one that suits your schedule and means we should have enough seats for all. That means you should only register for 1 day. Do not register for 2 or 3 days.
The day starts with the basics in the morning, and dives deep into all the nuts and bolts, from clustering, to networking, to Linux, to Dynamic Memory, to CSV and backup design. Sign up and attend this, and you’ll be eligible to attend the hands-on training classes we’ll be running in the new year.
Presenters: Aidan Finn (Me) and Dave Northey (DPE, Microsoft Ireland, aka @IEITPRO)
Audience: Infrastructure Specialists, IT Decision Makers, IT Generalists, IT Implementers, Administrators, Consultants, Technical Support.
Location: Microsoft European Development Centre, Building 2 South County Business Park, Leopardstown, Dublin 18
We will run the workshop from 9.30am until 5.00pm on 3 different dates; please choose one date which suits you:
There is no cost for attending this training session. All participants to this 1 Day session will receive a priority invite to the in-depth ITPro training taking place in early 2012, and you will be entered into a fabulous draw in which we have 3 new Nokia Lumia 800 to give away 
High Availability (HA) and Live Migration
With the coming changes in Windows Server 2012 (WS2012), I thought I’d take a few minutes to explain the difference between HA and Live Migration.
High Availability (HA)
HA is when we make a virtual machine highly available by placing it on a cluster of hosts, e.g. a group of Hyper-V hosts in a Windows Server Failover Cluster, or a group of ESXi hosts in a vSphere cluster. If a host has a failure VM can be failed over to a different host. This means that an automated system provides better levels of availability than you get with non-clustered hosts. Typically, the failed host has crashed or powered down, and the VM is booted up on a different host.
Live Migration (aka VMotion)
Live Migration is a system where a running virtual machine can be moved from host A to host B with zero downtime. It is different from HA because it is more proactive than a failover operation. For example, Live Migration will be used by an administrator to move a VM from one host, that is going to have some maintenance operation, to another host with spare capacity.
Windows Server 2012
I have brought up this topic because in Hyper-V, Live Migration and HA went hand in hand, because they both required a Hyper-V cluster. That’s changing.
In Windows Server 2012 the tie between Live Migration and Failover Clustering has been broken. All you will need to do Live Migration is a 1 Gbps network, meaning you can live migrate a VM between two non-clustered hosts, between clusters, and of course, between clustered hosts.
As you now know, Live Migration is not high availability. I’m sure the tech media is going to confuse things – in fact, I believe they already are 
If you want your virtualised workloads to be independent of hardware/host fault then you must still install a Hyper-V cluster … and don’t forget that Windows guests need appropriate clustering (you can move a MSFT license from one hardware to another once every 90 days so you really should license hosts). If you work in a small/medium business, then don’t fret – Windows Server 2012 doesn’t require that expensive SAN any more – have a look at my previous posts on Storage Pools where you can now store HA VMs on active/active clustered file shares using cheaper JBOD.
Don’t get me wrong; Live Migration without clustering is an excellent addition. Many choose not to do HA because they cost of downtime is less than the cost of HA for some applications. They will like the agility and mobility they’ll now get with zero downtime.
Looking Back on Day 3 at Build Windows … Plus More!
Today was storage day at Build for me. I attended 1.5 Hyper-V networking sessions and filled out the rest of the day with clustering and storage (which are pretty much one and the same now). The highlights:
- CSV backup in Windows Server 8 does not use Redirected I/O
- The storage vendors were warned to increase the size of their iSCSI 3 tables (much bigger cluster support now from Microsoft, and more opportunity to use the SAN)
- Storage Pool and File Share Clustering … well let me dig deeper ….
Investing in a virtualisation cluster is a pricey deal, for anyone because of the cost of SAS/iSCSI/FC SANs. Even a start kit with just a few TB of disk will be the biggest investment in IT that most small/medium businesses will ever make. And it requires a bunch of new skills, management systems, and procedures. The operations of LUN deployment can slow down a cloud’s ability to respond to business demands.
Microsoft obviously recognised this several years ago and started working on Storage Pools and Spaces. The idea here is that you can take a JBOD (just a bunch of disks, which can be internal or DAS) or disks on an existing SAN, and create a storage pool. That is an aggregation of disks. You can have many of these for isolation of storage class, administrative delegation, and so on. From the pool, you create Storage Spaces. These are VHDX files AFAIK on the disk, and they can be mounted as volumes by servers.
In this new style of Hyper-V cluster design, you can create a highly available File Server cluster with transparent failover. That means failover is instant, thanks to a Witness (informs the server connecting to the cluster if a node fails and to connect to an alternative). For something like Hyper-V, you can set your cluster up with active-active clustering of the file shares, and this uses CSV (CSV is no longer just for storing Hyper-V VMs). The connecting clients (which are servers) can be load balanced using PowerShell scripting (could be a scheduled task).
Note: active/passive file share clustering (not using CSV) is recommended when there are lots of little files, when implementing end user file shares, and when there is a lot of file metadata activity.
Now you can create a Hyper-V cluster which uses the UNC paths of the file share cluster to store VMs.
This is all made possible by native NIC teaming, SMB 2.2, RDMA, and offloading technologies.
The result is actually a much cheaper storage solution than you could get with a starter kit SAN, and probably would include much more storage space. It is more flexible, and more economic. One of the examples we were shown had the file server cluster also hosting other shares for SQL Server files and end user file shares.
Brian Ehlert (@BrianEh) said it best: file servers are now cool.
Asymmetric Hyper-V Cluster
Elden Christensen briefly mentioned this one in his talk and I asked him about it at Ask The Experts. The idea is that you take the above design, but only a single Windows cluster is used. It is used to cluster the VMs and to cluster the file share(s). This flattens the infrastructure, reduces the number of servers, and thus reduces the cost. This one would be of great interest to small and medium businesses, as well as corporate branch offices.
Self Healing CSV
Myself and Didier van Hoye (@workinghardinit) once had a chat about sizing of CSV. He brought up the point that no one wanted to take a CSV offline for a weekend to chkdsk a multi-terabye CSV volume. True!
Microsoft have now implemented this solution in Windows Server 8:
- Every 60 seconds, the health of the CSV volume is assessed.
- If a fault is found, Windows will target that fault for a fix.
- Windows will dismount the volume, and start caching VM write activity.
- With the CSV offline, Windows will start fixing the fault. It has an 8 second window.
- If the fault is fixed the volume is brought back online and the storage activity cache is pushed out.
- If the fault is not fixed, the volume is brought back online, and Windows will take a later 8 second break at continuing to fix the fault. Eventually the fault is fixed with a one or more 8 second cumulative attempts.
VDI Changes
It seems like the VDI management/broker architecture will be getting much simpler. We’re also getting some performance boosts to deal with the 9am disk storm. Pooled VMs will be based on a single VHD. Each created pooled VM will actually be a differencing disk. When a pooled VM is booted up on a host, a differencing disk is created and cached on the host. The disk is stored on an SSD in the host. Because it’s a differencing disk, it should be tiny, holding probably no more than the user’s state. Using local high IOPS SSD massively improves performance over accessing AVHDs on the SAN, and takes care of the 9am storage storm.
Whitepaper – Planning Hyper-V CSV and Backup
I have just published a guide or document to discus the subject(s) of Hyper-V Cluster Shared Volume (CSV) and backup.
Windows Server 2008 R2 introduced many new features for those of us who use Hyper-V. One of the big ones was something called Cluster Shared Volume (CSV). This allowed us to do something that VMware users take for granted and that we could not do before this release of Windows Server: store many virtual machines, which are running on many hosts in a cluster, on a single storage volume. The benefit of CSV is that it simplifies administration, reduces the possibility of human engineering error, and even makes the private cloud a possibility.
A structure depends on the foundation that it is built upon. The same is true of a virtualisation infrastructure. The foundation of Hyper-V (or XenServer or vSphere) is the storage design and implementation. What appears to be not very well understood is that backup design is intrinsically linked to your storage architecture. One must be considered hand-in-hand with the other in the Hyper-V world. Get that wrong and you’ll have unhappy users, an unhappy boss, and maybe even an unhappy bank manager when you are no longer employed. When you get to grips with the basics you’ll be empowered to implement that ideal virtualisation platform with optimised backup.
This document will cover:
- What is CSV and how does it work?
- How backup works with CSV
- Designing CSV for your compute cluster
- Disaster recovery with multi-site clusters
- “Planning” for the private cloud
The document continues.
Thanks to Altaro for sponsoring this document.
The Great Big Hyper-V Survey of 2011
The survey is now closed and the results can be found here.
As a blogger/author/speaker, it’s very easy to fall into the trap of assuming that everyone works in a similar way and environment as I do. My experiences are based on:
- When I was managing Hyper-V/System Center directly in a hosting environment
- Talking to people online
- Helping people as a consultant, or in my current role as a partner technical advisor
Most of my experiences are in Ireland, and it’s rare to see a virtualisation cluster of more than a few nodes in these parts.
And this is why me, Damian Flynn (another Hyper-V MVP), and Hans Vredevoort (Failover Clustering MVP), have joined forces to bring you the …
GREAT BIG HYPER-V SURVEY of 2011
The goals are:
- We learn a bit more about what everyone is up to
- We can share the findings with everyone so you can learn what everyone else is up to
This survey will run from this morning until 5th of September. We want to publish the results later that week, which just so happens to be the week before the Build Windows conference. We’ll be publishing the percentages breakdowns, and also trying to figure out trends.
In the survey, we ask about:
- Your Hyper-V project/environment
- Your Hyper-V installation
- Systems management
- What you considering to do in 2012
There is no personal information, no company specific information. Microsoft has zero involvement. They’ll see/read the results the same way you do, on the blogs of myself, Damian, and Hans (Hyper-V.nu).
The whole thing will take just 5 minutes; the more people that contribute, the more we will all learn about what people are up to, and the more we’ll be able to tweak blog posts, speaking, training, writing, etc, to what is really being done. If this goes well, we’ll do another one in 2012, 2013, and so on.
So come on …. give the greater community 5 minutes of your time.
EDIT:
Please spread the word of this survey: blog, (re)tweet, Facebook, Google+, LinkedIn, even MySpace/Bebo it!
VMM 2012 Distributed Key Management (DKM)
Virtual Machine Manager 2012 (VMM/SCVMM) 2012 adds something that was lacking in VMM 2007/2008/20008 R2: clustered VMM servers. VMM 2012 is the gateway to the private cloud and you want that gateway to be fault tolerant at the hardware, OS, and service level. If you want to have a clustered VMM server then you will need to get to grips with some new concepts.
The VMM database contains a lot of information. Some of that information can be sensitive, such as product keys or administrator passwords. You don’t want just anyone getting a copy of that database (from offsite stored backup tapes, for example [which should be encrypted anyway]) and figuring out a way into gaining administrative rights to your network. For this reason, VMM uses encryption to protect the contents of this database.
By default the decryption keys for accessing the encrypted data are stored on the VMM server. Now imagine you have set up a clustered VMM server and those keys are stored locally, as seen below.
The first node with the local keys would encrypt the SQL data and access it with no issue at all. But what would happen after a failover of the VMM service from Node 1 to Node 2? The decryption keys are unavailable, on Node 1, and Node 2 has no way to read the encrypted data in clear text. There goes the uptime of your cloud!
That’s why we have a new concept called Distributed Key Management (DKM) in VMM 2012. Instead of storing the decryption keys on the server, they’re stored in a specially created container in Active Directory. This means that the decryption keys can be accessed by both of the VMM cluster nodes, and either node can read the encrypted data in clear text.
You can configure the option to enable DKM when you install the first member of the VMM cluster. You can optionally do this even if you’re setting up a non-clustered VMM server. It’ll mean the keys are safe in AD, and it gives you the flexibility to easily set up a cluster without too much mucking around.
When you enable the option to use DKM, you have two choices:
- Installing as a Domain Administrator: You can enter the LDAP path (e.g. CN = VMMDKM, CN = System, DN = demo, DN = local) and the installer will use your rights to create the VMM container inside of the default System container.
- Not Installing as a Domain Administrator: You can get a domain admin to create the container for you, ensuring that your new user account will have Read, Write, and Create all child objects permissions. You can enter the LDAP path (as above) that is provided by the domain administrator.
I like SystemVMMDKM for two reasons:
- ConfigMgr uses SystemSystemsManagement for its advanced client objects
- VMMDKM is quite descriptive.
Now Node 1 of the VMM server cluster will use the DKM/AD-stored decryption keys and access the secured data in the SQL Server instead of storing them locally.
After a failover, Node 2 can also read those DKM/AD-stored decryption keys to access the encrypted data successfully:
Decryption keys; I bet your security officer is concerned about that! I haven’t mentioned the protection of these keys yet. Note how we didn’t do anything to lock down that container? Normally, Authenticated Users will have read permissions. We sure don’t want them to read those decryption keys! Don’t worry, the VMM group has you covered.
In the new container, you will find an object called DC Manager <unique GUID>. This is a container that DKM has created and contains the protected keys for the VMM server/cluster you just set up.
It is protected using traditional AD permissions. VMM is granted rights based on what account is running VMM. I prefer to install VMM using a domain user account, e.g. demoVMMSvc. That account was granted full control over the container object and all descendent (contained) objects:
Note that Authenticated Users is not present. In fact what you will find is:
- Self: Inherited with apparently no rights
- System: Full Control on the container object only
- Enterprise Domain Controllers: Read tokenGroups (Descendent User Objects), Read tokenGroups (Descendent Group Objects), Read tokenGroups (Descendent Computer Objects)
- Enterprise Admins: Full Control on this and descendent objects
- Domain Admins: Full Control on this and descendent objects
- Administrators: It’s long but basically it’s not Full Control and no delete rights on this and descendent objects
- Administrator: Full Control on this and descendent objects
In other words, VMM 2012 DKM is a pretty sure way to:
- Enable a SQL database to securely store sensitive data for a highly available VMM cluster running across multiple servers
- Allow those nodes of a highly available VMM cluster to share a single set of decryption keys to access the encrypted data in the SQL database
Now you have some very special data in your AD – like you didn’t already! But if you’re “just” a virtualisation administrator/engineer or a consultant, you better make sure that someone is backing up AD. Lose your AD (those DKM keys), and you lose that sensitive data in the SQL database. While you’re verifying the existence of a working AD backup (System State Backup of a few DCs, maybe), make sure that the backup is secure in terms of access rights to data and encryption. You’ve got sensitive encryption keys in there after all.
Another Hyper-V Implementation Mistake –Too Many CSVs
In the PowerPoint that I posted yesterday, I mentioned that you should not go overboard with creating CSVs (Cluster Shared Volumes). In the last two weeks, I’ve heard of several people who have. I’m not going to play blame game. Let’s dig into the technical side of things and figure out what should be done.
In Windows Server 2008 Hyper-V clustering, we did not have a shared disk mechanism like CSV. Every disk in the cluster was single owner/operator. Realistically (and required by VMM 2008) we had to have 1 LUN/cluster disk for each VM.
That went away with CSV in Windows Server 2008 R2. We can size our storage (IOPS from MAP) and plan our storage (DR replication, backup policy, fault tolerance) accordingly. The result is you can have lots of VMs and virtual hard disks (VHDs) on a single LUN. But for some reason, some people are still putting 1 VM, and even 1 VHD, on a CSV.
An example: someone is worried about disk performance and they spread the VHDs of a single VM across 3 CSVs on the SAN. What does that gain them? In reality: nothing. It actually is a negative. Let’s look at the first issue:
SAN Disk Grouping is not like Your Daddy’s Server Storage
If you read some of the product guidance on big software publisher’s support site, you can tell that there is still some confusion out there. I’m going to use HP EVA lingo because it’s what I know.
If I had a server with internal disks, and wanted to create three RAID 10 LUNs, then I would need 6 disks.
The first pair would be grouped together to make LUN1 at a desired RAID level. The second pair would be grouped together to make the second LUN, and so on. This means that LUN1 is on a completely separate set of spindles to LUN2 and LUN3. They may or may not share a storage controller.
A lot of software documentation assumes that this is the sort of storage that you’ll be using. But that’s not the case with a cluster with a hardware SAN. You need to use the storage it provides, and it’s usually nothing like the storage in a server.
By the way, I’m really happy that Hans Vredevoort is away on vacation and probably will miss this post. He’d pick it to shreds 
Things are kind of reversed. You start off by creating a disk group (HP lingo!) This is a set of disks that will work as a team, and there is often a minimum number required.
From there you will create a virtual disk (not a VHD – it’s HP lingo for a LUN in this type of environment). This is the LUN that you want to create your CSV volume on. The interesting thing is that each virtual disk in the disk group spans every disk in the disk group. How that spanning is done depends on the desired RAID level. RAID 10 will stripe using pairs of disks, and RAID5 will stripe using all of the disks. That gives you the usual expected performance hit/benefits of those RAID levels and the expected available amount of data.
In the below, you can see two virtual disks (LUNs) have been created in the disk group. The benefit of this approach is that the virtual disks can benefit by having many more spindles to use. The sales pitch is that you are getting much better performance than the alternative server internal storage. Compare LUN1 from above (2 spindles) with vDisk1 below (6 spindles). More spindles = more speed.
I did say it was sales pitch. You’ve got other factors like SAN latency, controller cache/latency, vDisks competing for disk I/O, etc. But most often, the sales pitch holds fairly true.
If you think about it, a CSV spread across a lot of disk spindles will have a lot of horsepower. It should provide excellent storage performance for a VM with multiple VHDs.
A MAP assessment is critical. I’ve also pointed out in that PowerPoint that customers/implementers are not doing this. This is the only true way to plan storage and decide between VHD or passthrough disk. Gut feeling, “experience”, “knowledge of your network” are a bunch of BS. If I hear someone saying “I just know I need multiple physical disks or passthrough disks” then my BS-ometer starts sending alerts to OpsMgr – can anyone write that management pack for me?
Long story short: a CSV on a SAN with this type of storage offers a lot of I/O horsepower. Don’t think old school because that’s how you’ve always thought. Run a MAP assessment to figure out what you really need.
Persistent Reservations
Windows Server 2008 and 2008 R2 Failover Clustering use iSCSI3 persistent reservations (PRs) to access storage. Each SAN solution has a limit on how many PRs they can support. You can roughly calculate what you need using:
PRs = Number of Hosts * Number of Storage * Channels per Host Number of CSVs
Let’s do an example. We have 2 hosts, with 2 iSCSI connections each, with 4 CSVs. That works out as:
2 [hosts] * 2 [channels] * 4 [CSVs] = 16 PRs
OK; Things get more complicated with some storage solutions, especially modular ones. Here you really need to consult an expert (and I don’t mean Honest Bob who once sold you a couple of PCs at a nice price). The key piece may end up being the number of storage channels. For example, each host may have 2 iSCSI channels, but it maintains connections to each module in the SAN.
Here’s another example. There is an iSCSI SAN with 2 storage modules. Once again, we have 2 hosts, with 2 iSCSI connections each, with 4 CSVs. This now works out as:
2 [hosts] * 4 [channels –> 2 modules * 2 iSCSI connections] * 4 [CSVs] = 32 PRs
Add 2 more storage modules and double the number of CSVs to 8 and suddenly:
2 [hosts] * 8 [channels –> 4 modules * 2 iSCSI connections] * 8 [CSVs] = 128 PRs
Your storage solution may actually calculate PRs using a formula with higher demands. But the question is: how many PRs can your storage solution handle? Deploy too many CSVs and/or storage modules and you may find that you have disks disappearing from your cluster. And that leads to very bad circumstances.
You may find that a storage firmware update increases the number of required PRs. But eventually you reach a limit that is set by the storage manufacturer. They obviously cripple the firmware to create a reason to buy the next higher up model. But that’s not something you want to hear after spending €50K or €100K on a new SAN.
They way to limit your PR requirement is to deploy only the CSVs you need.
Undoing The Damage
If you find yourself in the situation with way too many CSVs then you can use SCVMM Quick Storage Migration to move VMs onto fewer, larger CSVs, and then remove the empty CSVs.
Recommendations
Slow down to hurry up. You MUST run an assessment of your pre-virtual environment to understand what storage you buy. You also use this data as a factor for planning CSV design and virtual machine/VHD placement. Like my old woodwork teacher used to say: “measure twice and cut once”.
Take that performance requirement information and combine it with backup policy (1 CSV backup policy = 1 or more CSVs, 2 CSV backup policies = 2 or more CSVs, etc), fault tolerance (place clustered or load balanced VMs on different CSVs), and DR policy (different storage level VM replication policies requires different CSVs).