Safety Net

Most of the new features in Windows Server 2016 relate to Hyper-V. Microsoft has introduced numerous changes to make the product even more interesting for companies that have not used virtualization thus far or are running an older version of Hyper-V. To achieve high availability of virtual machines (VMs) on the Hyper-V platform, Microsoft has – from the outset – used the failover cluster services built in to Windows Server. In each version of Windows, Microsoft has consistently developed the functions to optimize the operation of VMs and to ensure permanent fail-safe behavior.

The following changes to the failover cluster services were integrated into Windows Server 2016:

• Virtual Machine Compute Resiliency with cluster quarantine and isolation.
• Cluster OS Rolling Upgrade.
• Workgroup and Multi-Domain clusters, including Cloud Witness with Azure Storage account.
• Host Guardian Service to isolate VMs for different tenants.
• Site-aware clusters with failover affinity, storage affinity, and cross-site heartbeating.
• An improved cluster log with TimeZone, DiagnosticVerbose event channel, and Active Memory Dump.

Two New Cluster Modes

Nodes in a failover cluster regularly communicate with each other and exchange status and availability information through a heartbeat. If a cluster node is no longer working reliably, cluster failover policies decide what to do with the resources (roles) hosted on that cluster node. Normally, a failover of cluster resources to another cluster node takes place.

In Windows Server 2016, Microsoft has introduced two new cluster modes. The first, cluster quarantine mode, checks the state of the cluster nodes. If irregularities in communication occur on one or more cluster nodes, or if the cluster node leaves the cluster, all virtual machines are moved to other cluster nodes by live migration, and the cluster node is removed from the cluster for two hours. A maximum of 20 percent of the cluster nodes can be switched to isolation mode.

In the second mode, cluster isolation, the cluster node is permanently removed from the cluster until the administrator adds the node back to the cluster. Machines running on the cluster node continue to run, but no cluster resources can be moved to the isolated node by any other cluster node. The cluster administrator can use PowerShell cmdlets to configure this.

Witnesses in the Cloud

The witness is one of the basic functions of a Windows failover cluster. With parity of cluster nodes, the witness determines on which cluster node resources run. A classic witness in a cluster is the disk witness, in which one logical unit (LUN) handles the witness' functionality. In Exchange Server 2007, Microsoft introduced the file share witness.

However, both witness configurations share a problem: They physically need to reside in a data center that is running cluster nodes. An environment with multiple data centers and stretch clusters can have a single point of failure (SPoF) if a data center fails or is not reachable by the other data center. To prevent this, you can configure Windows Server 2016 to use a Cloud Witness in Microsoft Azure (Figure 1). To do so, you will need to set up an active Microsoft Azure subscription and an Azure storage account. The configuration of the Cloud Witness can be handled in PowerShell or in the Failover Cluster Manager.

Figure 1: In Windows Server 2016 failover clusters, the cluster witness now can be provided in Microsoft Azure.

Rolling Cluster Update

To offer a smooth transition for customers with existing Windows Server 2012 R2 failover cluster deployments, Microsoft supports mixed-mode clusters in 2012 R2 and 2016. You can add new cluster nodes with Windows Server 2016 to an existing 2012 R2 failover cluster and move VMs to the new cluster node using live migration. The older cluster nodes then can be removed from the cluster, upgraded to Windows Server 2016, and added back to the cluster.

As soon as all the cluster nodes are running in Windows Server 2016, you can raise the functional level of the cluster with the help of PowerShell. From this point on, you can no longer add cluster nodes running Windows Server 2012 R2. You can raise the VM version with the Update-VmConfigurationVersion PowerShell command to take advantage of new features like production checkpoints (Figure 2) and the modified VM configuration file functions.

Figure 2: Production checkpoints are an important new feature in Windows Server 2016. They replace snapshots and form an important building block of data availability.