Cluster-Aware Updating for Windows Server 2012 R2
In Order
Microsoft introduced Cluster-Aware Updating (CAU) with Windows Server 2012. This service allows you to update the operating system and server applications in clusters without cluster services malfunctioning. A cluster automatically transfers resources to other nodes, so that a server within the cluster can receive an update. In this article, I show you how to use this feature and how to manage the pitfalls.
You can only use CAU in clusters that are running Windows Server 2012 or 2012 R2. Windows Server 2008 R2 does not support this function. CAU works with all applications running on clusters in Windows Server 2012 (R2), as well as the special cluster APIs and PowerShell Cmdlets.
You can also use CAU with System Center Configuration Manager (SCCM) 2012 (R2). Companies that want to use both services in parallel must plan carefully to ensure that everything is working as desired. System Center Virtual Machine Manager (SCVMM) also has a component to update Hyper-V clusters. However, this function can only be used with Hyper-V; you cannot automatically update other cluster services with SCVMM. CAU, on the other hand, supports all cluster roles in Windows Server 2012 (R2), including Hyper-V.
Only the entire cluster can be selected in the CAU configuration for updating; you cannot use CAU if you want to update individual nodes. Also with CAU, you have to control the Windows Update function and move the active cluster roles to other nodes manually using scripts.
If you use SCVMM, you will require additional licenses, whereas CAU is available free of charge as a feature of failover clusters for all editions of Windows Server 2012 (R2). If you are already using SCVMM, you can update Hyper-V clusters in this way, and in this case, you do not have to rely on CAU.
CAU will use the API for the Windows Update Agent by default. Therefore, in addition to configuring CAU, you need to specify how updates should be installed. For this purpose, it is best to use a Windows Server Update Services (WSUS) infrastructure and Group Policy for connecting to WSUS. CAU then uses the appropriate updates and the source that you have specified in the Group Policy for the installation. Without WSUS, CAU uses the Windows Server 2012 (R2) internal update function. It is also important to know that CAU automatically installs only those updates that can also be installed via Windows Update.
Configuring CAU as a New Role
By configuring CAU in a cluster, you create a new role that performs future software updates completely independently. This new server role is the central component for automatically updating cluster nodes. It also takes over the configuration of the maintenance mode on individual cluster nodes and can restart cluster nodes, move cluster roles back to the correct cluster nodes, and more. Moving cluster roles to other nodes equates to a planned failover of the roles. Such failovers can also be conducted manually.
Before setting up CAU, you should check carefully whether individual server services or cluster roles have any problems with a failover (Figure 1). When running Hyper-V clusters, especially, it is important to check in advance whether the individual VMs are compatible with failover. CAU can also only update the cluster nodes. If you are running a Hyper-V cluster, the function will not be able to update individual virtual servers. In this case, you should work with WSUS and Windows Update settings via Group Policy.
The new server service takes care of updating the cluster in the background without affecting its operation. You can start the operating system update manually or define a schedule for the updates.
After a cluster is commissioned, CAU is not yet active, so you first need to set up the function. To create CAU for a new cluster, create a new computer object in the Active Directory Users and Computers snap-in.
This procedure is optional because the CAU wizard can also create the computer object itself later. However, this computer object is the basis for the new cluster role for setting up automatic updates. You do not need to make any adjustments for the object, you just need to create it. You can deal with the configuration later when setting up CAU. As an example, use the cluster name with the addition of cau
, such as cluster-cau
. However, you can use any name. The computer object is connected to the cluster later.
Firewall Settings
You also need to create an inbound firewall rule on all cluster nodes that are supposed to participate in CAU. Use Predefined | Remote Shutdown
as a rule type. You can start the management program for the firewall by entering wf.msc
. If the rule already exists, you can enable it via the context menu. The purpose of the rule is that, if required, the CAU service can also restart the cluster nodes after updates have been installed.
If you have conducted the setup, search for the Cluster-Aware Updating setup program on the homepage and start the tool. You can make the basic adjustments for CAU with this program. As a first step, connect to the cluster for which you want to enable CAU. Then, click on the Analyze cluster updating readiness link. The wizard will then check whether you can enable CAU in the cluster and whether all important conditions are met.
Enabling CAU for the Cluster
If you have connected to the desired cluster and carried out the analysis, you can then start the CAU setup via a wizard. You can access this via the Configure cluster self-updating options link. On the first page of the wizard, you will receive a summary of everything the wizard configures. On the next page, enable the Add the CAU clustered role, with self-updating mode enabled, to this cluster option. Next, enable the I have a prestaged computer object for the CAU clustered role option. Enter the name of the computer object that you created in advance in the field.
The wizard can also create the object automatically, which simplifies the configuration in test environments. However, completing such tasks in advance can be useful in production environments. Often, there are also different administrative groups for Cluster and Active Directory. In this case, you should also create the object in advance.
On the next page, you can specify the schedule for when the cluster and the individual nodes are automatically updated. Of course, the updates will also depend on the availability of updates. On the Advanced Options page, you can make further adjustments to adapt CAU for your environment, but these are optional. Here, for example, the option that ensures that the update will only be started if all cluster nodes are online and available is useful. This is especially important to rule out other maintenance work. CAU must move the resources operating on the cluster nodes to other servers in the cluster during the installation. The other nodes should ideally be available at this point.
Buy this article as PDF
(incl. VAT)