Implementing Failover Clustering with Windows Server 2016 Hyper-V

In the previous article, you have configured Configuring iSCSI Storage and Initiator in Windows Server 2016. Here you can configure Implementing Failover Clustering with Windows Server 2016 Hyper-V. A failover cluster is a group of two or more computers working together to increase the availability of a clustered services or applications. To make virtual machines highly available in Hyper-V environment, we must implement failover clustering on the Hyper-V host servers. Windows Server 2016 Hyper-V comes with a number of new features and improvements for Hyper-V high availability and virtual machine mobility. In this article, I will walk you through everything we need to do to build Hyper-V failover cluster including how to validate, create, manage and test our high availability VMs via Failover Cluster Manager. You can build a two-node failover cluster using iSCSI Target Windows Server, using five Networks for failover cluster network.

To implement failover clustering for Hyper-V, you should do the following steps:

1. Configure shared storage
2. Install the Hyper-V and Failover Clustering features on both physical computers
3. Validate the Cluster Configuration
4. Create the cluster
5. Configure Disks for a Failover Cluster
6. Create a highly available virtual machine in one of the cluster nodes
7. Make the virtual machine highly available ( for an existing virtual machine)
8. Simulating an Unplanned Failover
9. Simulating a Planned Failover

1. Configure Shared Storage:

Please refer my previous article, http://www.msserverpro.com/configuring-iscsi-storage-initiator-windows-server-2016/

2. Install the Hyper-V and Failover Clustering features on both physical computers:

Please refer my previous article, http://www.msserverpro.com/implementing-windows-server-2012-hyper-v-failover-clustering/

3. Validate the Cluster Configuration:

1. On KTM-HOST1, in Server Manager, click Tools, and then click Failover Cluster Manager. In Failover Cluster Manager, in the center pane, under Management, click Validate Configuration….

2. On the Before You Begin page of the Validate a Configuration Wizard, read the information, and then click Next.

3. On the Select Servers or a Cluster page, in the Enter name text box, type KTM-HOST1 and KTM-HOST2, and then click Add.

4. Verify the Selected servers: entries, and click Next.

5. On the Testing Options page, select the Run only tests I selected and click Next.

6. On the Test Selection page, verify that all Test Selection options are selected and click Next.

7. On the Confirmation page, click Next.

8. Validating Test is currently running…

9. On the Summary page, click on View Report to view the Failover Cluster Validation Report..

10. On the Summary page, after viewing the Failover Cluster Validation Report click Finish.

4. Create the Cluster:

1. In Failover Cluster Manager, there is no cluster created. To create a new cluster, select one of the three Create Clusteroptions in Failover Cluster Manager as shown in the figure.

2. On the Before You Begin page of the Create Cluster Wizard, read the information, and then click Next.

3. On the Select Servers page, in the Enter server name text box, type the servers you want to add into your cluster, and then click Add. Verify the Selected servers entries, and click Next.

4. On the Access Point for Administering the Cluster page, in the Cluster Name text box, type KTMHVCLUSTER. A Cluster name object will be created in AD. In the Address text box, type 168.0.110, and then click Next.

5. On the Confirmation page, check the Add all eligible storage to the cluster checkbox, if you want to automatically add all available storage in the nodes, and click on Next. Creating New Cluster start…

6. When the new cluster creation finishes, click on View Report to see detailed information about the creation, and click on Finish.

Cluster Verification:

In Failover Cluster Manager Console, expand KTMHVCLUSTER.msserverpro.com, click on Nodes, in the center pane, verify that Nodes status are Up.

5. Configure Disks for a Failover Cluster:

1. In Failover Cluster Manager Console, expand msserverpro.com, expand Storage click Disks. Verify that all disks display as available for cluster storage in Failover Cluster Manager. Click Cluster Disk 1. Right-click that disk, and click Add to Cluster Shared Volumes.

2. Cluster Disk 1 will now be listed and accessed in the path C:\ClusterStorage\Volume1 as shown given below. To see the available disks within the CSV, open Windows Explorer and navigate to the folder C:\ClusterStorage.

3. Right-click msserverpro.com, click More Actions, click Configure Cluster Quorum Settings.

4. On the Before You Begin Configure Cluster Quorum Wizard, click Next.

5. On the Select Quorum Configuration Option page, click Use default quorum configuration, and then click Next.

6. On the Confirmation page, click Next.

7. On the Summary page, click Finish.

6.Configuring a highly available virtual machine:

1. In Failover Cluster Manager, right-click on Roles, select Virtual Machines.. and click New Virtual Machines..

2. Select KTM-HOST1 as the cluster node, and click OK.

3. In the New Virtual Machine Wizard, on the Before You Begin page, click Next.

4. On the Specify Name and Location page, in the Name text box, type KTM-TESTVM, click Store the virtual machine in a different location, and then click Browse. Browse to and select C:\ClusterStorage\Volume1, and click Select Folder. Click Next.

5. On the Specify Generation page, click Generation 2, and then click Next.

6. On the Assign Memory page, type 2048, select Use Dynamic Memory for this virtual machine and then click Next.

7. On the Configure Networking page, click Service Network, and then click Next.

8. On the Connect Virtual Hard Disk page, click Create a virtual hard disk, and verify the virtual hard disk location and click Next.

9. On the Installation Options page, select Install an operating system later and click Next.

10. On the Completing the New Virtual Machine Wizard page, click Finish.

11. On the Summary page of the High Availability Wizard, click Finish.

12. Ensure that the machine creates successfully.

8.Simulating an Unplanned Failover:

To test an unplanned failover of the highly available (HA) virtual machine, you can stop the Cluster service on the node that owns the HA virtual machines.

1. In the Failover Cluster Manager console, expand Nodes, Right-click on one of the node to test Unplanned Failover, point to More Actions and then click Stop Cluster Service.

2. Verify that the virtual machine moves to the next node. This might take a short delay while this process.

3. After finished the testing of an unplanned failover, start the Start Cluster Service of KTM-HOST1..

9. Simulating a Planned Failover:

To simulate a planned failover, you can move the clustered virtual machine to another node. You have the following options to move a clustered virtual machine: Live Migration, Quick Migration and Storage Migration. For more details on simulating a planned failover, you will get upcoming article.

Summary:

Failover clustering with Hyper-V is essential to high availability and resilient systems that are at the heart of your business. Windows Server 2016 Hyper-V provides interesting and friendly options for adding Hyper-V high availability and virtual machine mobility to your virtual machines. This exercise will help IT professionals get their experience for the failover scenario that they may encounter during their career.

Configuring an anti-virus protection and exclusions on Server Virtualization Hyper-V Host

This is one of the most common discussions on the Internet (blogs and communities) about whether a Hyper-V Host really needs to have antivirus software installed. According to the book “Windows Server 2012 Hyper-V: Deploying Hyper-V Enterprise Server Virtualization Platform” by Zahir Hussain Shah, the author highly recommends installing antivirus software with exclusions on Hyper-V Host.

Image copy from Windows Server 2012 Hyper-V: Deploying Hyper-V Enterprise Server Virtualization Platform book

“Hyper-V as a server role also needs to be protected against malicious viruses and attacks. In fact, a Hyper-V role becomes more critical than any other server role. For example, if your IIS web server gets infected by a virus, and as a first precautionary step, you need to remove the IIS web server from the network for maintenance purposes; only your web services will be affected for some time, in this case. But if your Hyper-V server role gets infected with a virus and you have to take down the Hyper-V machine for maintenance, it might affect the virtual machine running on it.”

According to the book “Windows Server 2012 Hyper-V Cookbook” by Leandro Carvalho, the author recommends installing antivirus software on the Hyper-V Hosts and Virtual Machines with exceptions.

“Security is the prime concern in all scenarios and as a Hyper-V administrator and you need to make sure that there are no compromises on your servers, either physical or virtual.”

According to the book “Windows Server 2012 Hyper-V Installation and Configuration” by Aidan Finn, Patrick Lownds, Michel Luescher and Damian Flynn, the authors have noted:

“We highly recommend that you check the Microsoft knowledge base for recommendations and correct configurations. Also the Microsoft Support KB article 961804 is not yet updated for Windows Server 2012. Do not assume that your product will work on Windows Server 2012 just because it did on Windows Server 2008 R2.”

According to the book “Mastering Hyper-V 2012 R2 with System Center and Windows Azure” by John Savill, the author has noted:

“The Microsoft best practice is to run no additional applications on the Hyper-V host, and strictly speaking, this would include malware protection.”

“I personally lean a little more toward defense in depth. I prefer to have many layers of protection, which means malware support on the host. However, it’s critical that any malware solution does not interfere with the Hyper-V processes or the resources of virtual machines.”

“Failure to correctly exclude Hyper-V resources will result in problems with virtual machines starting and functioning correctly, as documented at http://support.microsoft.com/kb/961804/en-us.”

“While the risk of infection is low, if an infection did hit your Hyper-V server, the impact would be large. There may also be audit problems for hosts with no malware protection.”

In the book “Hyper-V Best Practices” by Benedict Berger, the author has noted:

“I have seen antivirus engines on Hyper-V hosts doing bad things such as breaking a virtual hard disk, deleting an essential system file, or just producing a very intense amount of storage IOs. Excluding all relevant files and folders regarding Hyper-V and its VMs, there is nothing left worth scanning on a Hyper-V host. If you are not bound by a compliance policy, I highly recommend that you do not install antivirus products on Hyper-V.”

With all these recommendations on whether or not we should install antivirus software on Hyper-V Host, my personal view is that even if we have to exclude much of the configuration and virtual machine files related to Hyper-V role, having a malware solution will be beneficial in protecting the remaining Windows system files and folders if configured properly. For the past 2 years, I have been using Microsoft System Center Endpoint Protection 2012 on the Windows Server 2012 Hyper-V Hosts in production environment and so far I have not faced any problem on the Hyper-V Hosts because of the antivirus software. Make sure that your antivirus software supports Windows Server 2012/ 2012 R2 Hyper-V. I would leave the audience to make their own decision. Here, I am sharing the configuration that I have done in my production Hyper-V environment.

Perform the following steps configuring an anti-virus protection and exclusions on Hyper-V Host:

Before configuring the anti-virus exceptions, we need to identify the default Virtual Hard Disks and Virtual Machines folder location paths. Note: Make use that antivirus software supports Windows Server 2012 Hyper-V.

1. Open Hyper-V Manager, select Hyper-V Host, and click on Hyper-V Settings. The Hyper-V Settings windows will open as given below.

2.  In Hyper-V failover cluster environments, C:\ClusterStorage as shown in figure.

3. Open System Center Endpoint Protection antivirus software on the Hyper-V Host computer, click Settings tab, select Excluded files and locations, add the followings in File locations:

4. In Hyper-V failover cluster environments, in File locations: add C:\ClusterStorage.

5. In the System Center Endpoint Protection dialog box, select Excluded file types and add following in File extensions:

6. In the System Center Endpoint Protection dialog box, select Excluded processes under settings, add Virtual Machine Management Services (VMMS.exe) and VM worker process (VMWP.exe) in the Process names and Save changes.

Summary:

I hope this article will help those who decide to install antivirus solution on their Hyper-V hosts.

Upgrading the VM configuration version in Windows Server 2016 Hyper-V

In the earlier versions of Hyper-V host, after you have upgraded your Hyper-V host to a new operating system, VMs configuration version will be upgraded automatically as the Hyper-V host as soon as you moved the virtual machine. With Windows Server 2016, Hyper-V host will not automatically upgrade VMs configuration version. Instead, upgrading is now a manual process. With rolling upgrades, Windows Server 2012 R2 version 5.0 will run on both Windows server 2012 R2 and Windows server 2016 Hyper-V host. This help us to leave VMs unchanged until the upgrade of all failover cluster node is completed.

With rolling upgrades, when you feel that you will not require to move the VMs to legacy Hyper-V host, Windows Server 2012 R2, then upgrade all the Hyper-V host with Windows Server 2016. After all the Hyper-V hosts are upgraded, then shut down VMs and upgrade the configuration version to get new features of Windows Server 2016 Hyper-V such as hot add/remove of memory, production checkpoints, and resizing of live shared drives.

Check the current virtual machine configuration version:

Open Windows PowerShell with Run as Administrator. Use the Get-VM cmdlet to run the following command to get the VMs versions.
Get-VM * | Format-Table Name,Version

As a figure, version 5.0 is the configuration version of Windows Server 2012 R2.

Update a single virtual machine configuration version with GUI:

In the Hyper-V Manager, shut down the virtual machine you want to Upgrade Configuration Version. Right click the virtual machine, KTM-DB1, select Upgrade Configuration Version..

In the Upgrade Configuration Version Windows, click Upgrade and verify the Configuration Version of virtual machine. The Configuration Version must be 8.0 because Windows Server 2016 Hyper-V version is 8.0.

 

Update a single virtual machine configuration version with PowerShell:

To upgrade the virtual machine configuration version by Windows PowerShell, use the
Update-VMVersion cmdlet. Run the following command from an elevated Windows PowerShell command prompt:

Update-VMVersion <vmname>

Update all virtual machines configuration version on all cluster nodes:

To update all virtual machines version on all cluster nodes, run the following command from an elevated Windows PowerShell command prompt:

First, use Get-VM –ComputerName (Get-ClusterNode) to verify the current configuration version. As a figure, version 5.0 is the configuration version of Windows Server 2012 R2 and version 8.0 is the configuration version of Windows Server 2016.

Secondly, Use Get-VM –ComputerName (Get-ClusterNode) | Stop-VM to shut down all the VMs in the cluster. Then Press A to Yess to All to stop VMs.

In the Failover Cluster Manager Windows, verify that all the VMs are shut down state.

Using Windows PowerShell command to verify the VMs are in shutdown state.

Thirdly, run the following command from an elevated Windows PowerShell command prompt:
Get-VM –ComputerName (Get-ClusterNode) | Update-VMVersion

Press A to Yess to All.

Use Get-VM –ComputerName (Get-ClusterNode) to verify the current configuration version is 8.0.

Lastly, start the virtual machines run the following command from an elevated Windows PowerShell command prompt:

Get-VM –ComputerName (Get-ClusterNode) | Start-VM

 

Summary:

Upgrading the VM configuration version from 5.0 to 8.0 is very important to get the new feature of Windows Server 2016 Hyper-V. In Windows Server 2016, Hyper-V version is 8.0. This includes hot add/ remove of memory, production checkpoints and resizing of live shared drives. I hope this article help you to get the new features of Windows Server 2016 Hyper-V.